header image

Cyber Intelligence Briefing: 4 June 2021

Billy Gouveia, Kyle Schwaeble 4 June 2021
4 June 2021    Billy Gouveia, Kyle Schwaeble

CHALLENGING INSECURITY: A ROADMAP TO CYBER CONFIDENCE

In our latest report, we demystify the drivers of insecurity among cyber security professionals, in so doing, mapping a path to cyber confidence.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.


World’s largest meat producer suffers ransomware attack

 SO WHAT?  Companies that play a critical role in supply chains are increasingly being targeted by ransomware groups for various reasons, including larger and quicker ransom payments due to the critical nature of their victims’ operations.


US Department of Justice (DOJ) tackles cyberespionage

  • The DOJ has seized two web domains used in a cyberespionage spear-phishing campaign. The hackers impersonated the US Agency for International Development (USAID) to distribute emails containing malicious URLs.
  • The hackers, aligned to the Russian-backed group Nobelium, used the domains to receive exfiltrated data and execute malware commands. Over 3,000 email accounts at more than 150 organisations have been targeted – victims include government agencies, think tanks, and NGOs.
  • The two seized domains are theyardservice[.]com and worldhomeoutlet[.]com. Further domain indicators of compromise can be found here

 SO WHAT?  The DOJ’s actions offer interesting and encouraging insight into the US government’s increasingly proactive approach to disrupting and responding to cyberespionage and cybercriminal campaigns.


Have I Been Pwned database expands with participation of the FBI

  • Have I Been Pwned (HIBP) is a popular resource for checking if emails or passwords have been involved in a data breach. HIBP data has been incorporated into password managers and helps users know when to change login details or avoid certain passwords.
  • The FBI will now expand the database by uploading compromised password data it has identified during its own investigations. The uploaded data will not include personal user details.

 SO WHAT?  Attackers routinely use lists of compromised passwords to further their attacks. The more comprehensive the HIBP database, the more effective it will be in preventing the use of compromised passwords.


WhatsApp backtracks on privacy policy

  • WhatsApp will not limit its app’s functionality for users who disagree with it sharing their data with other Facebook companies. This follows the instant messaging giant initially claiming it would delete accounts and, subsequently, that it would limit features for users who disagreed with its new privacy policy.
  • WhatsApp’s change of course follows the decision in early May by Hamburg’s data protection commissioner to ban the company from processing WhatsApp user data for three months. It notes that most users have already accepted the new data sharing terms.

 SO WHAT?  WhatsApp collects extensive data about its users. There are several less-invasive instant messaging apps available to users who are concerned about their privacy.


French authorities seize the dark web marketplace Le Monde ParallèlE (LMP) 

  • Thousands of users and criminals used LMP as both a marketplace and discussion forum. In addition to selling carding data and weapons, LMP helped criminals identify partners for committing crimes across France and Europe.
  • The French authorities arrested two LMP administrators and seized several thousand euros in cryptocurrency. The LMP take-down follows the seizure of other large French-speaking criminal platforms in 2018 and 2019.

 SO WHAT?  Organisational crime continues to flourish online, resulting in a cat-and-mouse game with authorities. Unfortunately, when one site is taken down, users quickly move on to another.


Epsilon Red: New ransomware strain identified

  • A new strain of ransomware, Epsilon Red, has been identified targeting a US-based hospitality company. The ransomware strain threatens business disruption as there are no restrictions on encrypting file types and folders.
  • The ransomware’s initial point of entry appears to be an unpatched on-premise enterprise Microsoft Exchange server, possibly leveraging the ProxyLogon vulnerabilities which were disclosed by Microsoft in March 2021.

 SO WHAT?  While 92% of all internet-connected on premises Microsoft Exchange servers have now been patched, ensure your organisation does not fall within the 8% by following Microsoft’s guidance.

 

Cyber Threat Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Billy Gouveia
Billy gouveia Senior Managing Director Email Billy
Kyle Schwaeble
Kyle schwaeble Analyst Email Kyle

CYBER INCIDENT RESPONSE: PERSPECTIVES FROM INSIDE THE RISK ECOSYSTEM

In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download Report