Cyber Round-up for 19^th August

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security. 

In this week’s round-up:

Security News

Brazilian Police Investigate Lapsus$ Group

The Brazilian Federal Police have launched a new investigation into attacks linked to the Lapsus$ Group, with eight total search and seizure warrants being carried out on Tuesday alone. This investigation was authorised as a response to the attacks on the country’s Ministry of Health late last year; an official police statement claims that “the attacker infiltrated nine other local entities – including the Ministry of the Economy and the National Electric Energy Agency.”. Some Lapsus$ Group members were found to be as young as 16, with seven members being arrested in the UK back in March. The group has remained active since these arrests with consistent posts regarding a recent data breach at Globant.

By TheRecord.media

Cyber Attack On South Staffordshire Water, Hacking Group Asks For Ransom

The ransomware group known as CIOp is the latest group to stir up a storm. The group managed to gain access to the South Staffordshire water network although the group claimed to have hacked a different water company. It is unclear how the group wrongly identified the network they hacked into. Although the group's usual attacks include ransomware this time they stole identification documents to use as leverage over South Staffordshire Water to pay the ransom, preventing release of the documents as well as steps to access their network. South Staffordshire Water has assured customers that they are still supplying safe water, “this is thanks to the robust systems and controls over water supply and quality we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis.". This is a big bullet dodged for part of the UK's Critical National Infrastructure.

By News.Sky.com

Chinese Children Scammed in Attempt to Bypass Gaming Restrictions

Last year, China announced that under-18s would be limited to three hours of video games a week; this sparked a lot of controversy, with children desperate to overcome the restrictions. It is no surprise that cybercriminals were eager to capitalise on this opportunity to exploit a young audience, with some scammers offering these kids extended access in exchange for money. One case saw a 15-year-old pay the scammers 3,800 yuan (about 560 USD) which was taken from their parent’s mobile phone. This has become increasingly common in China, as parents are warned to keep an eye on their children’s access to payment information.

By Bitdefender.com

New BugDrop Malware Designed to Bypass Android Security

Cybercriminals continue to find new ways to exploit Android devices and have developed a new dropper app known as BugDrop to do so. BugDrop was specifically designed to bypass the new Android security features introduced in the newest version of the OS. The features included in the latest version supposedly make it harder for malicious software to request Accessibility Services privileges, however malicious actors appear to have already found a way around this.

By TheHackerNews.com

Government Strategy Launched To Improve Maritime Security

A new 5-year strategy has been launched by the UK Government to “enhance maritime technology, innovation and security and reduce environmental damage”. The strategy's cyber enhancement focuses on:

• support organisations to build their resilience by continuing to provide advice and guidance on cyber best practices.
• DfT will continue to work with organisations to improve their cyber security post-CAF. The government will use the NIS Regulations 2018 to drive up standards of cyber security and help the sector become more resilient.
• National Cyber Strategy: A key objective of the Strategy is to ensure that government, Critical National Infrastructure (CNI), organisations and citizens understand the cyber risks they face and their responsibilities to manage them.
• NCSC provides advice and guidance on risks through information-sharing platforms and technical assistance in the event of a cyber incident. Organisations can access a range of free cyber security tools and services that NCSC provides as part of their Active Cyber Defence programme.
• NCSC offers a range of services to support risk and threat management which are available to the sector.
• UK Government will update the 2017 Cyber Security Code of Practice for Ships and work with the International Maritime Organization (IMO) to agree on international standards and agreements. The Cyber and Information Security section contained within the Port Facility Security Instructions will also be updated and will include links to NCSC guidance, including how to report cyber incidents.
• Increased cyber incident reporting by the maritime industry will help the NCSC and government advise the sector on how to mitigate against existing and new threats and improve their resilience.

By Gov.uk

Microsoft Disrupts SEABORGIUM’s Phishing Campaigns

SEABORGIUM, a Russian-originating hacking group Microsoft has tracked since 2017, is now firmly in the sights of Microsoft Threat Intelligence Center (MSTIC). SEABORGIUM’s campaigns involve persistent phishing and credential theft leading to intrusion and data theft. Their objectives strongly align with Russia’s interests and are often seen to be espionage and information collection driven rather than financial which is more widely seen in this environment. Microsoft has reported they are actively disrupting SEABORGIUM’s efforts through raising awareness, detecting and tracking their abuse of Microsoft services, notifying impacted customers and partnering with abuse teams in Microsoft to disable compromised accounts. Microsoft has issued customer action to help protect themselves stating:

• Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware.
• Configure Office 365 to disable email auto-forwarding.
• Use the included indicators of compromise to investigate whether they exist in your environment and assess for potential intrusion.
• Review all authentication activity for remote access infrastructure, with a particular focus on accounts configured with single-factor authentication, to confirm authenticity and investigate any anomalous activity.
• Require multifactor authentication (MFA) for all users coming from all locations including perceived trusted environments, and all internet-facing infrastructure–even those coming from on-premises systems.
• Leverage more secure implementations such as FIDO Tokens, or Microsoft Authenticator with number matching. Avoid telephony-based MFA methods to avoid risks associated with SIM-jacking.”

By Microsoft.com

Vulnerabilities & Updates

Exploit Code for RealTek Flaw Released, Could Affect Millions

A critical vulnerability has been discovered in Realtek’s RTL819x system on a chip, which are used in millions of networking devices worldwide. This flaw, identified as CVE-2022-27255, is a stack-based buffer overflow flaw with a CVSS score of 9.8. While this vulnerability was identified and patched back in March, there are still millions of devices still vulnerable, and with exploit code now being released it is vital that affected devices are updated immediately.

By BleepingComputer.com

Palo Alto Networks Denial Of Service Vulnerability Exploited

Palo Alto, a company offering cybersecurity solutions, has identified a vulnerability allowing a denial-of-service attack to be conducted. The vulnerability tracked as CVE-2022-0028 scored an 8.6 out of 10 CVSS and is known to affect PAN-OS, Palo Alto’s bespoke operating system for their security products. The vulnerability is an issue with the URL filtering that could allow an attacker to conduct a denial-of-service attack connected to the network. Panorama M-Series or Panorama virtual appliances, and Palo Alto Networks have issued a fix for cloud-based firewalls and Prism Access customers. PAN-OS 10.1.6-H6 and all later versions for its PA-Series, VM-Series and CN-Series are available to patch while PAN-OS 8.1.23-h1, PAN-OS 9.0.16-h3, PAN-OS 9.1.14-h4, PAN-OS 10.0.11-h1, and PAN-OS 10.2.2-h2 will have just received a fix for the vulnerability.

By TheRegister.com

And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.

Stay Safe, Secure and Healthy!

Edition #202 – 19^th August 2022   

Why not follow us on social media: