Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
North Korean hacker group, Lazarus, has claimed its latest victim in Alphapo: a crypto payment provider for online platforms such as gambling and e-commerce sites. The attack occurred on Sunday, 23rd July, and Alphapo saw an initial loss of approximately $23 million; following investigation, the stolen amount was found to be close to $60 million. This total was made up of various cryptocurrencies, including 2.5K ETH, 5 million USDT, and more. While the group has not claimed responsibility for this attack, the techniques and characteristics of the theft align very closely with Lazarus’ typical style.
By bleepingcomputer.com
Eurostar, the UK to Europe rail service, is introducing a new facial recognition biometric system, provided by iProov. This solution, known as SmartCheck, will be first implemented at London St. Pancras Station to “automate gate check-in processes and UK exit checks.” This solution is aimed to simplify the check-in process for passengers, by allowing them to register their tickets, passports, and faces using their mobile; this allows for a simple, quick checkpoint where your face can be verified before admission.
While this sounds like a good step in the interest of efficiency, it does raise some security concerns, and the solution will of course have to comply with GDPR. In compliance with GDPR, biometric and other personal data is required to be deleted within 48 hours of usage and cannot be shared with third parties. Details on the potential security risks of SmartCheck can be found here.
By cybernews.com
Police in Norway are currently investigating a cyberattack that has impacted the IT systems of multiple Norwegian government ministries. A total of 12 ministries were affected by the attack, however it was confirmed that the following were unaffected: Norway’s Office of the Prime Minister, foreign ministry, defense ministry, and justice ministry. This attack was made possible by a now-patched vulnerability in a government supplier; government security specialist’s have however refused to provide more details on this.
By therecord.media
The U.S. Securities and Exchange Commission plan to introduce a new rule that would require all U.S. publicly traded companies to disclose details of a cyber attack within 4 days of discovery. While this disclosure law will be mandatory, it was stated that the disclosure may be “delayed by an additional period of up to 60 days should it be determined that giving out such specifics would pose a substantial risk to national security or public safety.”. These changes aim to benefit companies and investors, and will make the cyberattack announcement process more consistent for all involved.
By thehackernews.com
The founder of one of Russia’s largest cybersecurity firms, Iyla Sachkov, has been jailed by the Russian government; the CEO has reportedly been sentenced to 14 years with charges of treason. It was revealed that Sachkov was detained two years ago and has been in custody ever since. His detention was classified until recently, and the public was not made aware until this week. This news was confusing for many, due to his positive work in bringing down many large-scale cybercriminal operations, however multiple actions since this work have put him in the bad books of the Russian government. These actions include criticism of the Kremlin, sharing information on Russian operations with the US, and more.
By krebsonsecurity.com
Decoy Dog emerged recently as the latest Remote Access Trojan to gain visibility, and quite a few threat actors have utilised it in attacks over the last few months. We have recently seen a new version of Decoy Dog get released, with new built-up persistence features; the Infoblox threat intelligence team has revealed that “at least three different cybercrime groups are using this new and improved version”, and it is believed that hundreds of devices have already been compromised. It is unclear if there is a pattern in the targets of these attacks, but it is believed that a nation-state actor is behind the production of this RAT; this could indicate a stronger focus on critical infrastructure of value to these nation-state actors.
By darkreading.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #244 – 28th July 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.