The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Breakdown at Sixt. The car rental giant suffers system outage.
- DNS bug impacts millions of IoT devices. Unpatched DNS bug found in over 200 networking vendors.
- M&A targeting. New cyber espionage group targets corporate mergers and acquisitions.
- Phish of the day. Chinese state-sponsored group returns and verified Twitter accounts at risk from new phishing campaigns.
- Cyber attacks foiled. Ethiopian network security agency prevents attempted attacks.
1. CYBER ATTACK ON SIXT
German car rental giant Sixt fell victim to a cyber attack that caused disruption to its global operations. The system outage forced bookings to be made via pen and paper, and the telephone hotline to be shut down.
There is speculation that the attack is a consequence of the German government’s pro-Ukraine stance, which has put domestic businesses at risk of targeting by pro-Russia cyber groups. However, with a revenue of over GBP 2 billion in 2021, the attack is likely to be financially motivated.
SO WHAT?Organisations reliant on constant availability of systems should explore redundancy and recovery measures to reduce the financial and reputational impact that system downtime could have on business operations.
2. DNS BUG AFFECTS MILLIONS
Researchers have discovered that uClibc, a library commonly found in IoT products, contains a vulnerability that can lead to DNS poisoning attacks. This is a form of attack whereby a threat actor is able to reroute traffic to servers under its control. Vendors such as Netgear, Axis, and Linux distributions all use this library. The affected devices are undisclosed to minimise the vulnerability’s exploitation.
SO WHAT FOR SECURITY TEAMS?Due to the absence of a patch, organisations should increase network visibility and security for all IT and operational environments, and stay alert for firmware updates from respective vendors.
3. FINANCIAL TRANSACTIONS TARGETED
A new cyber espionage group dubbed UNC3524 is targeting corporate networks to steal emails from employees involved in corporate transactions and mergers and acquisitions. Although the nature of the sector implies the attacks are financially motivated, the group’s ability to remain undetected in their victims’ systems for up to 18 months indicates these attacks could be for intelligence gathering purposes.
SO WHAT?Organisations should have a heightened security awareness when approaching significant financial events. Penetration tests and thorough assessments of information security controls are recommended. S-RM can assist deal makers as they approach these financial landmarks. For further detail, please see here.
4. PHISH OF THE DAY
The Chinese advanced persistent threat (APT) group Override Panda has allegedly returned with a new phishing campaign aimed at stealing sensitive information. The email-based campaign aims to lure its victims with a fake tender attachment. South-east Asian telecom companies have previously been targeted by the group.
Separately, verified Twitter users have become the latest victims of phishing attacks. Verified accounts are receiving emails notifying them of an account problem, urging them to follow a URL link to rectify the issue. A sense of urgency is conveyed by warning the victim that account suspension will occur unless swift action is taken.
SO WHAT?Phishing tools are getting simpler to deploy, more sophisticated, and are continuing to leverage ‘legitimate’ systems to deceive victims. Train your employees to spot phishing attempts, no matter how personalised.
5. CYBER ATTACKS FOILED
The Ethiopian Information Network Security Agency (INSA) has reported that it successfully prevented a series of cyber attacks that aimed to impede the construction of the Grand Ethiopian Renaissance Dam (GERD). The construction of GERD has created long drawn out controversy between Ethiopia, Egypt, and Sudan, with Egypt particularly opposed to how the GERD will redistribute the Blue Nile’s waters.
The INSA accused Egypt-based hackers Cyber Horus Group, AnuBis.Hacker, and Security By Passed of being responsible for the attempted attacks.
These attacks demonstrate how real life protests are no longer the only medium for individuals or groups to express feelings of discontent or disapproval. Organisations must be aware of how their alignment to political groups, governments, or environmental projects may impact their risk profile.