The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- UK Conservative Party leadership vote delayed. NCSC warns of cyber fraud.
- Taiwan targeted. Threat actors launch widespread DDoS attacks.
- Ransomware attacks in Europe. Luxemburg energy firm and German power electronics manufacturer hit by ransomware attacks.
- USD 2 billion crypto hacking spree. Cross-Chain bridge hacks total USD 2 billion in 2022.
- Impersonated software used in malware attacks. Threat actors mimic legitimate applications to infect devices with malware.
1. FEARS OF CYBER FRAUD DELAYS CONSERVATIVE LEADERSHIP ELECTION
The UK’s National Cyber Security Centre (NCSC) warned that online ballots in the upcoming Conservative Party leadership election were vulnerable to being changed by threat actors. The vote has been delayed with the Conservative Party confirming that postal ballots, containing instructions for an online voting option, would arrive later than initially planned to allow for additional security measures to be added.
SO WHAT?While evidence of a coordinated attack on the election has not been confirmed, state-backed threat groups are known to conduct politically-motivated attacks to either interfere in western democratic processes, or simply attract widespread attention.
2. TAIWAN HIT BY ‘OVERSEAS CYBER ATTACK’
Coinciding with US House of Representatives Speaker Nancy Pelosi’s visit to Taiwan, several Taiwanese government websites were taken offline by distributed denial of service (DDoS) attacks, with digital displays also hacked to show anti-Pelosi images. The low sophistication of the attacks suggests they were orchestrated by hacktivists, rather than the Chinese government.
Ensure your organisation has suitable protection against a DDoS attack, particularly if your critical systems require constant availability, or if you have a low tolerance for service downtime.
3. RANSOMWARE ATTACK ON EUROPEAN GAS PIPELINE
Ransomware group BlackCat have attacked the Luxemburg-based energy supplier Creos (part of Encevo Group). The threat group claims to have stolen 150GB of Creos data, and is threatening to publish it on their searchable leak site. Samples of stolen data that is already published includes passport details and email addresses of Creos customers.
Elsewhere in Europe, German power electronics manufacturer Semikron have also been targeted by a ransomware attack. The incident led to partial encryption of their critical IT systems and files, with nearly 2TB of data allegedly stolen.
Organisations operating within critical infrastructure have long been attractive targets for ransomware groups. It remains vital that organisations have strong password security, multi-factor authentication enforced, and backups stored in a secure and isolated location.
4. 2bn USD Crypto hacking spree
Blockchain analysis firm Chainalysis reports a total USD 2 billion in stolen assets for 2022, detailing a sharp increase in attacks against cryptocurrency firms. Most notably, the US-based crypto firm Nomad have lost USD 150 million of users’ crypto assets this year.
SO WHAT?Organisations should be aware of methods for storing cryptoassets in a safe and responsible manner.
5. IMPERSONATED SOFTWARE AND MALWARE ATTACKS
Threat actors are mimicking popular applications such as Skype, Adobe and VLC Player to increase the likelihood of a successful social engineering attack. Users are being tricked into downloading these applications which then subsequently run malicious executables.
SO WHAT?Employees wanting to download applications or software onto enterprise devices should first seek approval from the company’s IT department.