Weekly Cyber News Roundup

August 21st to August 25th 2023

Content 

01. News Bites
  • Ivanti Grapples with New Zero-Day Vulnerability
  • UK Utility Infrastructure Faces Potential Cyber Threat from Energy One Incident
  • Seiko hit by cyber security Breach; BlackCat Ransomware Gang Claims Responsibility
  • Interpol's Africa Cyber Surge II hailed a success following 14 arrests


02. Conclusion

Quick News Bites

Ivanti Grapples with New Zero-Day Vulnerability

Ivanti, has urgently addressed a zero-day vulnerability in its Sentry product. The flaw, dubbed CVE-2023-38035, received a severity rating of 9.8/10 and allows unauthorised attackers to access crucial APIs meant for configuring Ivanti Sentry's admin portal. Malicious use could let hackers modify system configurations or introduce files onto the platform.

Despite its high severity, Ivanti asserted that clients who haven't exposed port 8443 online are at a low risk. Nonetheless, some adversaries have already exploited this gap against several Ivanti clients. Ivanti has yet to disclose the exact number of compromised customers.

This vulnerability, affects all current Sentry software versions, with older versions also under threat. As a preventative measure, Ivanti advises customers to disconnect servers from the internet and narrow down access to internal managerial networks.

This incident marks the third significant Ivanti vulnerability exploited in recent times, with past breaches potentially tied to state-sponsored cyber-attacks. The identity of the current attackers, however, remains unknown.

UK Utility Infrastructure Faces Potential Cyber Threat from Energy One Incident

A cyber attack on Energy One, an Australian energy software and services provider, might have impacted critical utility infrastructure operators in the UK. Energy One disclosed the incident to the Australian Securities Exchange (ASX) on Monday 21 August, hinting at its initiation on Friday 18 August.

Board chairman Andrew Bonwick commented on the breach affecting "certain corporate systems" in both Australia and the UK. Immediate measures were taken by Energy One, including engagement with cyber security specialists and notifying the Australian Cyber Security Centre and relevant UK authorities. The priority, Bonwick emphasized, lies in ensuring the security of their staff, customers, and systems. Efforts are ongoing to gauge the extent of the attack and to determine if personal data or customer systems have been compromised.

To mitigate potential downstream spread, Energy One has severed specific links between corporate and user-centric systems. Some notable UK clientele of Energy One includes Good Energy, SSE, and Yorkshire Gas and Power. As the time of writing, there's no concrete evidence suggesting these firms are impacted.

Seiko hit by cyber security Breach; BlackCat Ransomware Gang Claims Responsibility

Watch manufacturer Seiko, recently fell victim to a data breach. On August 10th, 2023, Seiko issued an official statement acknowledging unauthorized access to its IT systems. The breach, suspected to have occurred on July 28, led Seiko to engage external cybersecurity experts on August 2nd. Their preliminary findings indicated a compromise of some stored data. Seiko promptly alerted its business affiliates and customers about the breach, emphasizing caution against deceptive emails or communications masquerading as Seiko.

This week, the notorious BlackCat ransomware gang has publicly taken credit for the cyberattack. They uploaded purportedly stolen data samples, mockingly highlighting Seiko's cyber security vulnerabilities. These samples include employee identification, release plans for new models, lab test outcomes, and most alarmingly, technical blueprints of Seiko watch designs. Such revelations could be catastrophic for Seiko if competitors and replicators gain access to their patented technologies.

BlackCat remains one of the most formidable ransomware entities, pioneering novel extortion methodologies, like clearweb data leak sites and a dedicated data leak API.

Intriguingly Curated Intel hinted at a potential initial access broker marketing entry to a Japanese manufacturer closely resembling Seiko, a day before the company's stated breach date.

Interpol's Africa Cyber Surge II hailed a success following 14 arrests

This week, Interpol announced the outcomes of its cyber crime fighting operation, Africa Cyber Surge II. 14 arrests, and the detection of over 20,000 dubious cyber networks associated with financial damages exceeding $40 million were made.

The operation's revelations encompassed 3,786 malevolent command and control servers, 14,134 IP addresses linked to data theft incidents, 1,415 phishing domains and links, and 939 scam IPs. Interpol emphasized the interrelation between cybercrime and financial fraud, endorsing a "follow the money" approach for law enforcement.

In Cameroon, three individuals were apprehended over an online scam tied to fraudulent art sales totaling approximately $850,000. Mauritius saw arrests related to scams on messaging platforms. Meanwhile, Kenya witnessed the shutdown of 615 malware operators, and two Darknet sites were neutralized in Cameroon.

Jürgen Stock, Interpol's Secretary-General, highlighted the operation's success and acknowledged the enhancements in the cybercrime departments of member nations. "This is a significant step towards reducing global cybercrime and safeguarding regional communities," he stated.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

LONDON | 28 April 2022
DUBLIN | 11 May 2022

Join us in Dublin or London for the Security First 2022 conference.  We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.