Cyber Round-up for 1st July
Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
A non-state-affiliated Russian hacker group called killnet has claimed responsibility for an attack on Lithuanian transport and media websites as well as state institutions such as the Lithuanian tax service causing it to pause its operations. The locations were hit with a DDoS attack that caused the services to be overwhelmed with network traffic most likely originating from a botnet. Killnet has declared within their Telegram channel that the attack was in retaliation to Lithuania limiting the transport of goods between Russia and Kaliningrad, a piece of Russian-owned land situated between Lithuania and Poland with no border touching Russia’s. Lithuania has stated that they are only enforcing European Union sanctions on goods coming from Russia.
Clarion, which owns and manages 125,000 houses across the UK, was targeted by cybercriminals. That attack has affected some email, IT systems and phones lines for the company and stated “We rapidly engaged the help of our cyber security partner and they have been helping us to investigate what happened and get us back up and running, but we can’t say for sure when this will be.” An investigation is ongoing to state if customer information and banking details have been stolen during the attack, but Clarion has said “We take data protection very seriously and once we have established what has happened, we will advise if you need to do anything.”
Apetito and its subsidiary Wiltshire farm food are the most recent UK organisations to be at the mercy of cybercriminals. The sophisticated attack on the 26th of June evaded Apetito security systems and disrupted its IT systems. Apetito has reported that it is working with law enforcement to investigate and resolve the attack. The aftermath of the attack has caused disruption to deliveries and was unable to contact customers due to not having access to customer telephone numbers. Wiltshire Farm Foods reassured customers that their payment details are safe as they are not stored on their systems.
Things change extremely quickly in the cybersecurity world, but one thing that has been guaranteed in recent times is the huge impact of ransomware attacks. The CEO of the NCSC commented on this, stating that “Even with a war raging in Ukraine – the biggest global cyber threat we still face is ransomware”. This shows how severe the problem is becoming, with attack numbers growing every year. Ransomware techniques are rapidly becoming more advanced and difficult to prevent, but the NCSC’s Active Cyber Defence Program has been working hard to actively disrupt cyberattacks.
The Evilnum hacker group appears to be showing signs of life after a short break and has quickly returned with a new APT operation. The timing of their return is no coincidence as it began targeting migration organisations as Russia’s invasion of Ukraine began; the victims seem to be receiving “malicious emails containing macro-laden documents”. This operation has incorporated new tactics and techniques that have not been used by Evilnum in the past; details of their updated attack techniques can be found here.
A Japanese worker has accidentally caused a massive breach in confidentiality, after misplacing a USB stick containing the personal details of almost half a million Amagasaki residents. The USB stick was stolen, along with the man’s bag, while he was drinking in a local restaurant. The stolen details includes names, birth dates, addresses of all city residents, tax details, bank account numbers and social security information. Fortunately, the stolen USB is reportedly encrypted and requires a password, and although it has been claimed that the data has not been accessed, it is unclear how they could known this. Apologies have been issued by city officials after they “profoundly harmed the public’s trust in the administration of the city.”.
Vulnerabilities & Updates
A vulnerability labelled as PwnKit has been reported to be exploited in the wild. The vulnerability is tracked as CVE-2021-4034 and has been known since January 2022 and poses a serious threat to users of Linux machines. The vulnerability resides in a service called PolKit which controls privileges on the system. Successful exploitation of this vulnerability would allow a hacker to run arbitrary code with administrative rights and compromise the host.
CWE have compiled a list of the top 25 dangerous software weaknesses for 2022. This acts as an informative resource for software users to understand and mitigate risks. This list is updated every year, and the biggest flaws that have moved up the list are Race Condition, Code Injection, Uncontrolled Resource Consumption, Command Injection, and NULL Pointer Dereference flaws. Some of these are new additions this year, while others have simply moved their way up the list. We advise any software developers, architects or security researchers to utilise this resource and take advantage of its guidance.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #195 – 1st July 2022
Why not follow us on social media:
Ironshare – Security Simplified