header image

Cyber Intelligence Briefing: 29 July 2022

James Tytler, Roddy Priestley 29 July 2022
29 July 2022    James Tytler, Roddy Priestley

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. Microsoft denounces commercial cyber weapons. Austrian company blamed for Subzero spyware. 

  2. Nothing is certain but leaks and taxes. LockBit claims to have hacked Italian Tax Agency.

  3. T-Mobile pays up. US-based mobile carrier agrees to USD 500 million class-action settlement.  

  4. Cyber security company hacked. Security-vendor Entrust confirms network breach and stolen data. 

  5. Messaging platforms under attack. Discord and Telegram used for credential harvesting. 

  6. Data bonanza on BreachForums. Emails and phone numbers of 5.4 million Twitter users for sale.  


1. MICROSOFT FIGHTS BACK AGAINST ‘PRIVATE SECTOR CYBERWEAPONS’ 

Coinciding with a testimony to the US House Intelligence Committee on the dangers of commercialised cyberweapons’, Microsoft has disclosed research linking an Austrian firm called DSIRF, codenamed Knotweed, to the development and sale of surveillance software called Subzero. DSIRF’s customers have used the spyware to target banks, law firms, and strategic consultancies in the UK, Austria, and Panama. 

 

SO WHAT?

Unscrupulous private companies use spyware for corporate espionage, and repressive regimes use it to target human rights advocates and political opponents. Microsoft has patched the vulnerabilities exploited by Subzero, but there is a thriving underground market for new tools like it. 

 

 

2. LOCKBIT CLAIMS ATTACK ON ITALIAN TAX AGENCY  

In perhaps its most brazen attack to date, LockBit 3.0 has listed L’Agenzia delle Entrate, the Italian tax agency, on its dedicated leak site. The group claims to have stolen 78 GB of sensitive data, including company documents, scans, financial reports, and contracts and has threatened to leak the data if a ransom is not paid.  

Italian authorities downplayed the reports, but an investigation is still ongoing. 

 

      

SO WHAT?

Ransomware-as-a-Service groups are increasingly resorting to data theft and extortion without encrypting their victims’ systems. Such attacks are easier to execute, and can still cause massive damage particularly from a reputational point of view.

 

 

3. T-MOBILE AGREES TO SETTLEMENT IN CLASS-ACTION LAWSUIT OVER DATA BREACH  

The US-based mobile carrier agreed to pay USD 500 million to settle a class-action lawsuit filed in the wake of a massive cyber attack that took place last August. The attack led to the potential exposure of sensitive personal information belonging to over 76 million people 

 

SO WHAT?

The financial impact of a cyber attack doesn’t stop with remediation and containment. Companies that fail to put in adequate cyber security protections run the risk of being hit with large regulatory fines or expensive legal action further down the line if they suffer a breach

 

 

4. ENTRUST CONFIRMS CYBER ATTACK ON INTERNAL SYSTEMS 

The Minneapolis-based digital security firm Entrust, which is focused on online trust and identity management, has confirmed that attackers breached its network and stole data from its internal systems. Entrust, whose clients include various US government agencies and large healthcare and financial services organisations, has denied that the attack had any impact on its products and services.  

 

SO WHAT?

Organisations must carry out due diligence when engaging digital security vendors, and ensure that they employ cyber security best practices like reviewing third-party access regularly.

 

 

5. MESSAGING PLATFORMS under attack 

Security researchers have observed cyber criminals exploiting functionality on the popular messaging platforms Discord and Telegram to spread malware and steal information such as passwords, credit card details, VPN credentials, and one-time passwords.  

 

SO WHAT?

While Telegram and Discord are not often used for business operations, organisations should make sure they are aware of shadow IT in use on corporate devices. One compromised app on an employee’s phone could be the first step in a more targeted attack.

 

 

6. TWITTER USERS’ DATA LEAKED ON PROMINENT HACKER FORUM  

The phone numbers and email addresses of an alleged 5.4 million Twitter users have been listed for sale on the popular hacking forum BreachForums. Independent security researchers verified a sample of the stolen data, which is reported to be of a global nature and include information about celebrities and organisations.

Separately, BreachForums has deleted the listing of 1 billion Chinese residents’ data allegedly exfiltrated from the Shanghai Police department earlier this month 


SO WHAT?

Data leaks are a common source of unwanted phone calls and spam emails for affected data subjects, and can be used to commit identity theft and other forms of fraud. Organisations that have experienced cyber incidents should monitor deep and dark web forums for evidence of their data being sold.

 

 

 

Cyber Intelligence Briefing

 

To discuss this article or other industry developments, please reach out to one of our experts.

James Tytler
James tytler Senior Analyst, Cyber Security Email James
Roddy Priestley
Roddy priestley Director, Cyber Security Email Roddy

Intelligent Business 2022 Strategic Intelligence Report

The evolution of strategic intelligence in the corporate world. Read S-RM's latest report.

Download Report