Cyber Round-up

Cyber Round-up for 21st January

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Red Cross Cyber Attack Compromises Data of Highly Vulnerable People

“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data,” – The Red Cross.

The Red Cross program known as Restoring Family Links was recently hit by a cyber-attack, which has reportedly compromised the personal information of over 515,000 people; most of which are considered “highly vulnerable”. Many of these individuals have been separated from their families due to natural disasters, conflict, and migration; due to the situation of these people, Red Cross are pleading with the currently unknown attackers to keep their data secure. On average, this Red Cross program reunites 12 people with their families per day. The work they do is remarkable, and their director is hoping the attackers show some sign of humanity.


New Laws Proposed To Improve UK Cybersecurity

New laws are being discussed to help protect UK businesses from cyber-attacks. The proposed laws are reported to create a set of certifications and qualifications that are aimed to help improve the skills of cybersecurity professionals within the UK. New laws surrounding how cyberattacks are reported are also proposed to allow flexibility with new and future technologies, as well as futureproofing the laws by allowing easier changes and including a wider scope of organisations in the future – not just MSPs. Other legislation is said to increase the security of Managed Service Providers, as increasingly cyberattacks are occurring at third parties resulting in compromise of the desired target / end customer.


New ‘White Rabbit’ Ransomware Being Used by FIN8

FIN8, a well known financially motivated hacker group, has recently been seen launching attacks using a brand-new ransomware strain. The new strain, which has been called “White Rabbit”, was first spotted in December 2021, when it was used to attack a local bank in the US. Research suggests that White Rabbit shares some similarities with the Egregor malware, which hasn’t been seen since it was shut down in February 2021. This is another addition to the recent double extortion trend, which is becoming increasingly popular among threat actors. We will keep you up to date with this new strain and FIN8 as more activity is seen.


Moncler Hit by Ransomware Attack

Italian Fashion Brand, Moncler, has been hit by a cyber-attack, in which the stolen data was published on the dark web. This attack was carried out by the AlphV/BlackCat ransomware operators, and compromised the data of “employees, former employees, suppliers, consultants, business partners and some customers.”. Investigations into the attack are still ongoing and Moncler announced that they are working to mitigate the situation.


DHL Most Impersonated Organisation In Phishing Attacks

During the last quarter of 2021, DHL, the largest courier and delivery provider was reported to be the most imitated organisation by hackers, trying to steal information through phishing attacks. DHL have overtaken the previous leader Microsoft, dropping them to 2nd place in the most phished list. It is believed the increase is due to Christmas, Black Friday and Cyber Monday all being within the 4th quarter when there was an increased likelihood for the target to have a delivery with DHL currently in progress. The report by Check Point noted that the top 5 most impersonated organisations are:

  • 23% – DHL
  • 20% – Microsoft
  • 11% – WhatsApp
  • 10% – Google
  • 8% – LinkedIn


Europol shuts down VPNLab service

The European Union Agency for Law Enforcement Cooperation has seized the servers of the virtual private network provider VPNLab. Although the usage of a VPN service isn’t illegal and is generally considered good cyber practice, VPNLab was specifically advertising its services to cyber criminals such as ransomware gangs. Due to this, Europol has seized 15 servers in connection to VPNLab and its website making the company inoperable. No arrests have been made but customer data has been seized and is currently being investigated.


Vulnerabilities & Updates

WordPress Plugin XSS Vulnerability

Yet another vulnerability has been found in a WordPress plugin. This time the plugin called “Email Template Designer – WP HTML EMAIL” could allow an unauthenticated user to inject JavaScript into a website, which would execute when an admin accessed the template editor. Furthermore, this vulnerability could allow a hacker to inject arbitrary code into the email template which would turn a legitimate email from the site into a convincing phishing email. A patch is available for the vulnerability and we recommend that any website admins running this plugin update to the newest version.


And that is it for this year’s round-up, please do not forget to tune in for new instalments every week.

Stay Safe, Secure and Healthy!

Edition #175 – 21st January 2022

Why not follow us on social media:

Ironshare – Security Simplified