The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
- Internal phishing attack. IKEA corporate emails under internal phishing attack.
- Secure your fridge. Proposed new UK law for Internet of Things devices.
- SIM swapping attacks. Hacker jailed for stealing millions of dollars in SIM swapping campaign.
- Lights nearly out. Australian energy generator hit by ransomware.
- Do the crime, do the time. Law enforcement agencies seize illicit funds and make over a thousand arrests.
- Foul play. 300,000 Android users infected with malware downloaded from Google Play Store.
1. IKEA hit by email reply-chain cyber-attack
Threat actors have been targeting IKEA employees with internal phishing attacks. The campaign involves attackers compromising a user’s mailbox and responding to legitimate internal email threads with links that, if followed, download malware to a user’s device. It’s unclear how the threat actors gained access to IKEA’s email systems in the first place. Because the phishing emails are sent from the mailboxes of other IKEA users, recipients have a higher chance of trusting them and clicking on the malicious links.
SO WHAT? Organisations should adopt a multi-layered approach to defend against phishing attacks. Ensuring all enterprise email accounts are secure (with multi-factor authentication in place for remote access), endpoints are protected with an endpoint detection and response solution, and providing phishing awareness training to employees.
2. UK introduces new restrictions on internet-connected devices
In a move to tighten security standards for Internet of Things (IoT) devices, the UK government introduced the Product Security and Telecommunications Infrastructure (PSTI) Bill to Parliament this week, which aims to ban default passwords for devices and compel manufacturers to patch vulnerabilities quickly and provide regular security updates to customers. Proposed fines for non-compliance could reach GBP 10 million or 4% of the manufacturer’s global turnover.
Internet-connected devices are increasingly being targeted by threat actors and, once compromised, could provide an attacker with access to an entire network, as well as any sensitive personal and financial information stored thereon.
SO WHAT? The new legislation will go a long way towards securing IoT devices. However, it remains important for users to ensure their IoT devices are updated regularly and use strong passwords and multi-factor authentication (MFA) where possible. Further, a segmented network, where IoT devices are separated from the rest of your network, could limit the damage a threat actor can cause after compromising an IoT device.
3. Hacker jailed for stealing millions of dollars by SIM swapping
A member of an international hacking group known as The Community has been sentenced to ten months in prison for his role in a SIM swapping campaign that resulted in the theft of millions of dollars’ worth of cryptocurrency. SIM swapping entails a threat actor gaining control of a victim’s mobile number and receiving messages and MFA codes. These can then be used to access various accounts, including on banking or cryptocurrency applications, social media, or email.
SO WHAT? SIM swapping scams have been on the rise in the past year, and this trend is likely to continue. Use an app-based MFA solution instead of SMS wherever possible.
4. Australian energy generator hit by ransomware
CS Energy, a Queensland government-owned energy generator, has suffered a ransomware attack. CS Energy’s rapid response reportedly prevented the ransomware from spreading to its operational systems and, as such, electricity supply was not significantly impacted.
SO WHAT? Ransomware attacks against critical infrastructure are becoming increasingly common. Organisations operating in critical sectors, or those that cannot afford any operational downtime, should ensure their operational systems are isolated from their corporate networks, which is where initial infection typically occurs.
5. Law enforcement agencies cracking down on cybercrime
- Law enforcement agencies arrested 1,003 cybercriminals across 22 countries between June and September 2021 in an Interpol-led operation. The operation, which also resulted in the seizure of almost USD 27 million in illicit funds, targeted individuals operating online fraud scams and cyber-enabled financial criminal activities.
- Separately, in August 2021, the FBI seized approximately USD 2.3 million from a REvil and GandCrab ransomware affiliate. The funds reportedly comprised REvil ransom payments belonging to a ransomware affiliate identified as Aleksandr Sikerin.
SO WHAT? Collaborative operations involving law enforcement agencies from multiple countries have been increasingly successful in disrupting cybercrime. This makes sense, especially given that cybercrime often transcends national borders.
6. 300,000 devices infected with malware through apps downloaded from Google Play Store
Over 300,000 Android devices have reportedly been infected with malware downloaded from the Google Play Store. The malware has been disguised as legitimate applications, including document or QR code scanners, fitness, or cryptocurrency applications. Threat actors are evading security controls by only dropping malicious code after prompting a victim to initiate a fake update of the app. Their ultimate goal is to steal victims’ banking credentials.
SO WHAT? Cyber security researchers at ThreatFabric have shared a comprehensive list of the malicious applications. If you have any installed on your mobile, remove them immediately.