The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Security failings. Recent reports and incidents suggest cyber security is not being taken seriously by all.
- Hacked and fined. Greek technology firm OTE faces data protection fines totalling over EUR 9 million.
- Job recruitment scams. The FBI warns of phishing attempts on recruitment platforms
- I spy with my little eye. Spyware is being deployed across the globe.
- Put a patch on it. An overview of some new security vulnerabilities that need patching.
- Fuel shortages. Two German fuel suppliers fall victim to a cyber attack.
- Apple bug bounty. Apple awards USD 100,500 bug bounty to researcher.
1. Security failings
Recent reports and incidents suggest cyber security is not being taken seriously by all.
- According to research published by Ensono, many organisations are failing to employ basic security features built into Microsoft 365. Of those organisations surveyed that use the suite, 38% did not enforce multi-factor authentication (MFA), only 43% had set up conditional access controls, and 46% did not have data loss prevention tools configured.
- Security management company Securitas inappropriately configured an AWS S3 bucket, a type of cloud storage container. This resulted in the public exposure of 3TB of data, including certain airport employee records.
SO WHAT?An organisation’s security programme must include adequate protocols on authentication, access control, and data protection, alongside an appropriate cyber security awareness programme for employees.
2. Data protection fines
OTE, the largest technology company in Greece, faces fines totalling more than EUR 9 million for breaching data protection regulations. The penalties follow a cyber attack against Cosmote, an OTE subsidiary, in which threat actors were able to access a file containing the call histories of thousands of customers. In total, there were eight GDPR infringements, including a failure to inform affected customers of the impact of the attack.
SO WHAT?To minimise the risk of data breaches, organisations should conduct regular risk assessments, train employees, and ensure third-party vendors are compliant with applicable standards. Further, organisations should include a communication strategy for informing regulators and customers of breaches in their incident response plans.
3. Fraudulent adverts on recruitment websites
The FBI warned of threat actors using recruitment websites to harvest job seekers’ personal information. Taking advantage of lax security checks by certain recruitment websites, actors imitate job adverts for legitimate companies in the hopes of luring individuals into divulging information, which the actor then sells or abuses in subsequent scams.
SO WHAT?Alongside posing a threat to job searchers, this new tactic poses a serious reputational threat to legitimate organisations. Organisations must ensure that they have an adequate anti-spoofing programme in place to detect and respond to this fraudulent activity.
4. The rise of spyware
- A Finnish government investigation concluded that the infamous Pegasus spyware was covertly deployed on machines owned by Finnish diplomats to harvest state secrets. The announcement follows reports in December 2021 of Pegasus being installed on machines owned by US officials connected to the US embassy in Kampala, Uganda.
- Another spyware strain named DazzleSpy has been discovered on macOS machines owned by certain politically-active, pro-democracy individuals in Hong Kong.
SO WHAT?With the use of covert malware on the rise, it is critical that organisations and individuals have appropriate malware detection systems in place.
5. New vulnerabilities to patch
- The US Cybersecurity and Infrastructure Security Agency (CISA) updated its list of known vulnerabilities that are frequently exploited by threat actors to compromise federal agencies. Agencies have until 11 February 2022 to patch the newly added vulnerabilities (CVE-2022-22587 and CVE-2021-20038) affecting Apple iOS and SonicWall SMA, respectively, and until 28 July 2022 to patch the others.
- Developers behind Samba, software that provides file sharing and printing services, identified and patched several vulnerabilities that allow for remote code execution (RCE) with root privileges on affected machines.
SO WHAT?Organisations should review whether any affected operating system or software is employed in their estate, and implement available patches as soon as possible.
6. Cyber attack impacts German fuel supplies
German fuel suppliers Oiltanking and Mabanaft, subsidiaries of the same parent company, were targeted by a cyber attack that significantly disrupted their IT systems. These included automated systems responsible for filling and emptying fuel storage tanks. As a result, contractual agreements on fuel delivery have not been met. The attack contains echoes of the May 2021 ransomware attack on the US fuel supplier Colonial Pipeline.
SO WHAT?Organisations that provide critical infrastructure are increasingly being targeted by cybercriminals. It is vital that businesses that operate in these industries proactively invest in their cyber security.
7. Apple bug bounty
Security researcher Ryan Pickren discovered a series of vulnerabilities in Apple’s iCloud Sharing and Safari 15 software. The vulnerabilities had the potential to allow malicious actors to access microphones and webcams of a victim, alongside “full access to every website ever visited by the victim” from the Safari browser. Alongside creating patches for the vulnerabilities, Apple awarded a USD 100,500 bug bounty to Pickren for his efforts.
SO WHAT?Implementing a bug bounty programme is a valuable proactive measure to identify and evaluate vulnerabilities affecting an organisation.