Cyber Round-up

Cyber Round-up for 8th July

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security. 

In this week’s round-up:

Security News

Hacking Groups Switch Over to Brute Ratel Toolkit

Cobalt Strike has been widely used by red team penetration testers for years and has become one of the most popular toolkits for both testers and ransomware actors. A new post-exploitation toolkit known as Brute Ratel has emerged and has been picked up by many red team testers as their preferred option over Cobalt Strike. To prevent malicious use of the toolkit, the creator has limited its availability to legitimate licensed businesses. Unsurprisingly, ransomware groups have begun creating fake businesses to slyly get their hands on the new tool. This has generated some concern around the verification process for buyers, however Brute Ratel’s creator is yet to comment on the situation.


Preparing to Face Russian Cyber Threat

The Russian invasion of Ukraine included some severe cyber attacks, and while these attacks have not impacted the UK, proactivity in bolstering cyber defenses is highly recommended. There is currently no signs of an immediate threat to UK organisations, but being prepared for the possibility of cyber warfare is a top priority. The NCSC has published new guidelines for strengthening security posture in response to the recent attacks launched against Ukraine, which we recommend all UK businesses follow and act on. This guidance provides steps that can be taken to heighten your security in a “sustainable way”.

This advisory can be found here.


Billion-Record Database Leaked on Breach Forum

A threat actor known as HackerDan has emerged on a news and discussion forum, claiming to be in possession of a database containing billions of records of Chinese civilians. The database reportedly contains the names, national ID number addresses and more, as well as police records and delivery instructions and addresses for drivers. The validity of this stolen information has been verified by various media outlets, and HackerDan is looking to sell the database for 10 bitcoin (approximately $200,000). The Shanghai government and police department have remained quiet about this leak, but sources suggest that this could be one of the “largest cybersecurity breaches ever recorded”.


Apple Lockdown Mode Blocks Spyware Attacks

A new Apple security feature protects users from spyware attacks by blocking some functions and preventing calls from unknown users. The new “Lockdown Mode” is designed to protect high-risk users, following the recent spyware attacks on some politicians, activists, and journalists. The feature is expected to be available for iPhones, iPads, and Macs, and will arrive in the autumn of 2022. Apple are constantly impressing us with constant security updates and features, and we are excited to see where they go next.


HackerOne Employee Steals Bug Reports

A HackerOne employee has gone rogue, stealing vulnerability reports from their bug bounty platform with intentions to sell them for personal profit. The employee was discovered to be contacting affected customers about vulnerabilities that were already listed on the HackerOne platform, in an attempt to claim the bounties. After a short investigation, the threat actor was identified and their access privileges were revoked. HackerOne have also sent out an email notifying all customers of the rogue employee’s actions; this included a list of all vulnerability disclosures accessed by the employee.


Marriott International Suffers Another Data Breach

The well-known hotel group, Marriott International, has reported yet another data breach. It has not been long since they were last hit, but news has quickly spread of a recent attack that saw 20 gigabytes of sensitive guest data stolen. The database reportedly included confidential guest and employee information, including payment card details. It appears this attack was initiated through social engineering targeting an employee of a Marriott hotel in Maryland. The attacker was not able to gain access to Marriott’s core network in this attack.


AMD Hit by Ransomware Attack

AMD are currently investigating a data breach, after receiving a ransom note from a group claiming to have stolen 450gb of data. The attackers claim that they exploited weak password practices to access AMD networks, with passwords such as “password” And “123456” being used by employees. The culprits, RansomHouse, are currently holding AMD ransom, but the amount they are demanding has not been revealed.


British Army YouTube & Twitter Accounts Hacked

The Twitter and YouTube accounts of the British Army has been compromised, with suspicious behaviour displayed on both. Cryptocurrency related videos were recently posted on YouTube, while Twitter users noticed posts from the Army relating to NFTs. An investigation has been launched into this incident and an army spokesperson has stated it would be “inappropriate to comment further”. We do not currently know who is responsible for this attack and not much else is known, but we surmise it is likely the result of poor password hygiene, reuse/credential stuffing or a lack of multi-factor authentication .


And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.

Stay Safe, Secure and Healthy!

Edition #196 – 8th July 2022          

Why not follow us on social media:

Ironshare – Security Simplified