header image

Cyber Intelligence Briefing: 9 September 2022

Miles Arkwright, Kyle Schwaeble 9 September 2022
9 September 2022    Miles Arkwright, Kyle Schwaeble

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. No rest for cyber espionage. Montenegro hit with ransomware while Albania strikes back at Iran. 

  2. Samsung and TikTok respond. Tech giants deny threat actor claims about severity of breaches. 

  3. Advanced phishing attacks for sale. EvilProxy tool allows attackers to bypass MFA.  

  4. Energy scams heating up. Rise in phishing related to energy bills amid cost-of-living crisis.

  5. School’s out! US school district hit with ransomware. 

  6. New York regulators toughen up on cyber security. Strict regulations proposed for financial services 


1. ALBANIA AND MONTENEGRO RESPOND TO CYBER INCIDENTS 

In an unprecedented move, Albania cut diplomatic ties with Iran this week, after investigators concluded that threat actors sponsored by the Iranian government were responsible for the cyber attack that shut down Albanian government digital services in July 

Separately, the Cuba ransomware group has claimed responsibility for last week’s attack on Montenegro’s critical infrastructure. The attack forced multiple government websites to be taken offline, with the threat group reportedly demanding USD 10 million in ransom payment.     

 

SO WHAT?

Multiple governments have been hit by cyber attacks in recent months. Individual responses have been mixed, but Albania’s response shows an increasing willingness for more extreme measures if the attackers can be identified.

 

 

2. SAMSUNG AND TIKTOK DISPUTE HACKER CLAIMS 

Technology giants Samsung and TikTok are in the news for alleged data breaches, but both deny the hackers’ claims: 

  • Samsung confirmed that it suffered a security incident in August 2022 which impacted personal information. A hacker claims to have stolen 190 GB of data, including Social Security Numbers.  Samsung has explicitly denied the claims.  
  • TikTok has denied reports it was breached after a hacking group posted images of what looked like its source code and user information.  

 

          

SO WHAT?

Threat actors may often exaggerate the severity of cyber incidents to make victims feel more vulnerable. Veracity of these claims must be checked thoroughly before action is taken. The same may also be true of initial media reports.  

 

 

3. ADVANCED PHISHING ATTACKS FOR SALE 

Cyber criminals can now purchase EvilProxy, a tool that runs phishing campaigns and can steal authentication tokens and bypass multi-factor authentication on various platforms, including Apple and Microsoft. EvilProxy has a user-friendly interface, which allows for deployment and access to a selection of phishing pages, with prices ranging from USD 150 for ten days to USD 400 for a month-long campaign.  

   

 

SO WHAT?

The sale of EvilProxy will significantly lower the barrier to entry for sophisticated phishing attacks. Organisations should check that their mail security solutions are effective, and consider internal phishing campaigns to raise staff awareness.

 

 

4. ENERGY BILL PHISHING SCAMS ON THE RISE 

As the season changes, there has been a spike in phishing campaigns that are leveraging the rising energy prices to deceive victims. One email purported to be from the UK energy regulator, Ofgem, and claimed victims were due a payment under a new government scheme to help with price rises. Another scam impersonated British Gas and offered a refund of £315.  

 

SO WHAT?

Fraudsters will seek to provoke an emotional response, in this case playing on fears about rising energy prices. It is important to remain vigilant and treat any emails regarding payments with caution, even if they initially seem genuine.  

 

 

5. SCHOOL’S OUT! 

Los Angeles Unified, the second largest school district in the US, suffered a ransomware attack on Monday, coinciding with the Labor Day public holiday. Whilst investigations are ongoing, the attack has disrupted access to computer systems, including emails. The identity of the threat actor has not been revealed and no group has claimed responsibility for the attack. 

 

SO WHAT?

The education sector has become a frequent target of ransomware groups. While phishing and exploitation of remote access services have been popular entry methods, a rising number of attacks are exploiting public-facing applications. Conduct regular external scans of your infrastructure to identify public-facing services and limit these where possible. 

 

 

6. REGULATOR IN NEW YORK GETS TOUGH ON CYBER SECURITY 

The New York Department of Financial Services (NYDFS) has proposed significant new amendments to its cyber security regulations. If passed into law, businesses will be required to conduct annual cyber audits and risk assessments. The new law would also mandate new technology requirements, mandatory 24-hour reporting of ransom payments, new restrictions on privileged accounts, and greater board engagement across all cyber issues.   

 

SO WHAT?

Cyber regulations are advancing at a rapid pace, particularly in industries that are most vulnerable to attack. Business leaders should continue to monitor these developments and budget-in these added operational costs, which can add up quickly. 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Miles Arkwright
Miles arkwright Senior Analyst, Cyber Security Email Miles
Kyle Schwaeble
Kyle schwaeble Associate, Cyber Security Email Kyle

Intelligent Business 2022 Strategic Intelligence Report

The evolution of strategic intelligence in the corporate world. Read S-RM's latest report.

Download Report