The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Stuff up. General Motors and Zola suffer credential stuffing attacks.
- London stalling. Port of London hit by politically motivated DDoS attack.
- Attacks from the inside. Over two thirds of legal sector data breaches attributed to insiders.
- Nikkei attack. Asian unit of financial news outlet hit with ransomware.
- Gone phishing. New chatbot phishing technique.
- Patch now! Trend Micro and VMware release patches for critical vulnerabilities.
1. GENERAL MOTORS AND ZOLA CREDENTIAL STUFFING
- US car manufacturing giant General Motors (GM) suffered a credential stuffing attack last month. In this type of attack, previously exposed credentials are used to log into another unrelated service. The threat actors redeemed customer reward points for gift cards and accessed the personal information of GM customers, including names, home addresses, location information, and email addresses.
- Separately, the wedding planning start-up Zola fell victim to a similar attack. Customers reported that funds held in their Zola accounts and on their credit cards had been spent by threat actors.
SO WHAT?Enforce multi-factor authentication (MFA) on your accounts to defend against credential stuffing attacks.
2. LONDON STALLING
The website of the Port of London Authority, a public trust which supervises the tidal section of the River Thames, was taken offline on Tuesday by a distributed denial of service (DDoS) attack. The pro-Iran hacking group ALtahrea Team, who recently conducted similar politically motivated attacks in Israel and Turkey, claimed responsibility for the attack on their Telegram channel.
SO WHAT?State-backed threat groups regularly conduct politically-motivated attacks to cause disruption and attract widespread attention. There are several providers who offer services to protect websites from DDoS attacks.
3. ATTACKS FROM THE INSIDE
According to official figures from the Information Commissioner’s Office (ICO), insider threats were responsible for 68 percent of data breaches affecting UK law firms in Q3 2021. These were largely attributed to the high employee turnover rate during the COVID-19 pandemic, with employees taking valuable data with them after resigning from their jobs. The report also found that over half of all the data breaches during this period were attributed to human error, such as hardware misconfiguration or emailing documents to the wrong recipients.
SO WHAT?Insider data breaches, regardless of whether they are malicious or accidental, continue to rise. Data Loss Prevention (DLP) solutions and cyber awareness training are just two ways organisations can mitigate this risk.
4. NIKKEI SUFFERS RANSOMWARE ATTACK
Asian media giant Nikkei, with around 4 million subscribers, disclosed that the group's Singapore headquarters suffered a ransomware attack. Ongoing investigations confirmed that the compromised server likely contained customer data, however they are yet to identify evidence of data exfiltration.
Nikkei also fell victim to a business email compromise attack in 2019 that led to the loss of USD 29 million in a single wire transfer.
SO WHAT?The fear of a repeat incident can reenergise companies’ commitments towards enhancing their cyber resilience or leave teams feeling overwhelmed by the scale and complexity of the problem. Regular incident simulation exercises and conducting readiness assessments can help organisations feel more prepared for the next incident, and tangibly improve their response if and when the time comes. Read our full report: “Cyber Incidents: What Can You Learn From Being Burned?”.
5. GONE PHISHING
Phishing attacks are increasingly using chatbots that convince victims to share sensitive data. Threat actors are using chatbots to automate the phishing process. They also offer a sense of legitimacy because chatbots are commonly found on legitimate websites.
SO WHAT?Phishing attacks are becoming increasingly sophisticated. Always inspect the URL for links included in emails, and be particularly suspicious of unsolicited emails requesting your immediate action.
6. SECURITY PATCHES
- VMWare, the cloud computing and virtualisation software vendor, has issued a warning to customers to patch a critical vulnerability (CVE-2022-22972) that allows administrative access without authentication in several VMware products. The vulnerability is likely to be actively exploited by threat actors in the near future.
- Security software provider Trend Micro has also reported that it has patched a DLL hijacking flaw in Trend Micro Security that was exploited by Moshen Dragon, an Asia-based threat group. All users of the product should have automatically received the update.
SO WHAT?Organisations should maintain a robust patch management system and ensure they patch their products as soon as possible.