header image

Cyber Intelligence Briefing: 4 February 2022

Joseph Tarraf, Kyle Schwaeble 4 February 2022
4 February 2022    Joseph Tarraf, Kyle Schwaeble

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. Security failings. Recent reports and incidents suggest cyber security is not being taken seriously by all.
  2. Hacked and fined. Greek technology firm OTE faces data protection fines totalling over EUR 9 million.
  3. Job recruitment scams. The FBI warns of phishing attempts on recruitment platforms
  4. I spy with my little eye. Spyware is being deployed across the globe.
  5. Put a patch on it. An overview of some new security vulnerabilities that need patching.
  6. Fuel shortages. Two German fuel suppliers fall victim to a cyber attack.
  7. Apple bug bounty. Apple awards USD 100,500 bug bounty to researcher.

1. Security failings

Recent reports and incidents suggest cyber security is not being taken seriously by all.

  • According to research published by Ensono, many organisations are failing to employ basic security features built into Microsoft 365. Of those organisations surveyed that use the suite, 38% did not enforce multi-factor authentication (MFA), only 43% had set up conditional access controls, and 46% did not have data loss prevention tools configured.
  • Security management company Securitas inappropriately configured an AWS S3 bucket, a type of cloud storage container. This resulted in the public exposure of 3TB of data, including certain airport employee records.
  • According to research published by security company Expel, 83% of ransomware attacks it responded to in 2021 involved an attacker gaining initial access to a Windows machine after malware was unintentionally installed on the device by the user. In most of these cases, malware was installed via the opening of a compressed or zipped JavaScript file.

 

SO WHAT?

An organisation’s security programme must include adequate protocols on authentication, access control, and data protection, alongside an appropriate cyber security awareness programme for employees.

 

2. Data protection fines

OTE, the largest technology company in Greece, faces fines totalling more than EUR 9 million for breaching data protection regulations. The penalties follow a cyber attack against Cosmote, an OTE subsidiary, in which threat actors were able to access a file containing the call histories of thousands of customers. In total, there were eight GDPR infringements, including a failure to inform affected customers of the impact of the attack.

 

SO WHAT?

To minimise the risk of data breaches, organisations should conduct regular risk assessments, train employees, and ensure third-party vendors are compliant with applicable standards. Further, organisations should include a communication strategy for informing regulators and customers of breaches in their incident response plans.

 

3. Fraudulent adverts on recruitment websites

The FBI warned of threat actors using recruitment websites to harvest job seekers’ personal information. Taking advantage of lax security checks by certain recruitment websites, actors imitate job adverts for legitimate companies in the hopes of luring individuals into divulging information, which the actor then sells or abuses in subsequent scams.

 

SO WHAT?

Alongside posing a threat to job searchers, this new tactic poses a serious reputational threat to legitimate organisations. Organisations must ensure that they have an adequate anti-spoofing programme in place to detect and respond to this fraudulent activity.

 

4. The rise of spyware

  • A Finnish government investigation concluded that the infamous Pegasus spyware was covertly deployed on machines owned by Finnish diplomats to harvest state secrets. The announcement follows reports in December 2021 of Pegasus being installed on machines owned by US officials connected to the US embassy in Kampala, Uganda.
  • Another spyware strain named DazzleSpy has been discovered on macOS machines owned by certain politically-active, pro-democracy individuals in Hong Kong.

SO WHAT?

With the use of covert malware on the rise, it is critical that organisations and individuals have appropriate malware detection systems in place.

 

5. New vulnerabilities to patch

  • The US Cybersecurity and Infrastructure Security Agency (CISA) updated its list of known vulnerabilities that are frequently exploited by threat actors to compromise federal agencies. Agencies have until 11 February 2022 to patch the newly added vulnerabilities (CVE-2022-22587 and CVE-2021-20038) affecting Apple iOS and SonicWall SMA, respectively, and until 28 July 2022 to patch the others.

 

SO WHAT?

Organisations should review whether any affected operating system or software is employed in their estate, and implement available patches as soon as possible.

 

6. Cyber attack impacts German fuel supplies

German fuel suppliers Oiltanking and Mabanaft, subsidiaries of the same parent company, were targeted by a cyber attack that significantly disrupted their IT systems. These included automated systems responsible for filling and emptying fuel storage tanks. As a result, contractual agreements on fuel delivery have not been met. The attack contains echoes of the May 2021 ransomware attack on the US fuel supplier Colonial Pipeline.


SO WHAT?

Organisations that provide critical infrastructure are increasingly being targeted by cybercriminals. It is vital that businesses that operate in these industries proactively invest in their cyber security.
 
 

7. Apple bug bounty

Security researcher Ryan Pickren discovered a series of vulnerabilities in Apple’s iCloud Sharing and Safari 15 software. The vulnerabilities had the potential to allow malicious actors to access microphones and webcams of a victim, alongside “full access to every website ever visited by the victim” from the Safari browser. Alongside creating patches for the vulnerabilities, Apple awarded a USD 100,500 bug bounty to Pickren for his efforts.

 

SO WHAT?

Implementing a bug bounty programme is a valuable proactive measure to identify and evaluate vulnerabilities affecting an organisation.

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Joseph Tarraf
Joseph tarraf Managing Director, Cyber Security Email Joseph
Kyle Schwaeble
Kyle schwaeble Senior Analyst, Cyber Security Email Kyle

Intelligent Business 2022 Strategic Intelligence Report

The evolution of strategic intelligence in the corporate world. Read S-RM's latest report.

Download Report