Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Microsoft has warned users of a recent increase in detections of credential stealing attacks, and it appears that the Russian state-affiliated group, Midnight Blizzard, are responsible. Midnight Blizzard, previously known as Nobelium, are most famous for their involvement in the 2020 SolarWinds supply chain compromise, and, since their exposure, have shown no signs of slowing down. Microsoft stated that “These credential attacks use a variety of password spray, brute-force, and token theft techniques,”. This isn’t the only ongoing campaign from Russian hacker groups, and only emphasises their persistence.
8Base is a highly active ransomware group, who primarily targets small businesses with their double extortion tactics. June 2023 has been the groups most active period since their arrival in March 2022, with approximately 30 victims this month alone. VMware investigated these attacks and found that 8Base’s attacks share a lot of similarities with RansomHouse, sparking conversation around them potentially being a copycat. This is difficult to determine due to the large number of tools and variants used, and lack of signature ransomware. 8Base has made their mark as the second most active group of the summer, with attacks on a variety of sectors including automotive, business, construction, finance, healthcare and more.
The UK Cyber Essentials scheme has sparked concerns from many companies, due to its current ‘one-size-fits-all’ approach to certification. These concerns are largely coming from small to medium businesses, who feel that some of the required controls are unrealistic, or irrelevant to organisations of their size. These thoughts appear to be shared by many, and it would be nice to see more flexibility for companies of different types, sizes, and sectors. A DSIT evaluation of the cyber essentials scheme highlights the “different challenges to implementing cyber security measures”, and how these vary based on organisation type, size, and sector. These thoughts appear to be shared by many, and it would be nice to see improvements to the tailoring, flexibility, and scalability of the Cyber Essentials Scheme.
Less than a month after Diablo IV was released to PlayStation, Xbox, and PC that game suffered a DDoS attack on its servers hosted by the developer Blizzard. The attack caused outages for close to 12 hours as some gamers were prevented from connecting to the servers. This attack was only made worse by the fact that the game's Single Player mode also relies on the user connecting to these servers, increasing frustrations. It remains unknown who conducted the attack and whether the attack stopped because mitigation methods were put in place by Blizzard, or the attackers ceased their attack.
A bug with File Explorer on machines running Windows 11 and Windows Server would cause it to freeze. The bug occurs when a user views an item's effective access permissions by clicking the "View effective access" button under Properties > Security > Advanced to check a shared file or folder's effective permissions, they may see a message stating "Computing effective access...." without displaying the query results. The process explorer.exe will continue to run even after closing the advanced security settings dialogue causing it to freeze. This bug is unlikely to affect customer environments and individuals using Windows 11. For Windows 11 22H2 users the latest update has patched this bug however for Windows 11 21H2 and Windows Server 2022 users impacted by this known issue, advising them to reboot their systems or sign out. "If you have attempted to view effective access, you can mitigate the CPU usage issue by restarting your device or by signing out for the affected user," Microsoft said.
MOVEit, a product used to transfer data, as well as provide automation services, analytics, and failover options was discovered to have a zero-day used by Russia-linked Cl0p ransomware gang to steal data from tens of organisations. New York City Department of Education was one of the organisations to be targeted by the group which exposed the personal details of 45,000 of the city’s students. The department patched the flaw within hours of being aware of it and took its servers offline like many other organisations. “Roughly 19,000 documents were accessed without authorization. The types of data impacted include Social Security Numbers and employee ID numbers […] The FBI is investigating the broader breach that has impacted hundreds of entities; we are currently cooperating with both the NYPD and FBI as they investigate,” the DOE said.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #241 – 30th June 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.