Hackers target Cyprus' critical infrastructure in politically motivated cyberattacks

Cyprus' critical infrastructure and government websites were targeted in a wave of cyberattacks by pro-Palestine hacker groups, including LulzSec Black, Moroccan Soldiers, and Anonymous Syria. The attacks, largely unsuccessful, caused brief disruptions to banks, airports, and government websites. The hackers claimed they targeted Cyprus for its perceived support of Israel and threatened further attacks unless the country changed its stance.

Cypriot officials had been on high alert following online warnings from the groups. Despite the disruptions, operations at vital services like airports remained mostly unaffected. The country’s cybersecurity minister, George Michaelides, emphasised that no major damage occurred and reassured the public that there was no need for panic.

Cyprus has historically maintained a neutral position in the Israel-Palestine conflict, though its territory has been used for Israeli military training. The attacks appear to be politically motivated, but it's unclear if any state-sponsored actors are involved.

Record-breaking surge in cyberattacks hits third quarter of 2024, with Africa and education sector hardest hit

New data has revealed a significant surge in cyberattacks during the third quarter of 2024, with a record-breaking 1,876 attacks per organisation, according to threat intelligence from Check Point. This represents a 75% increase compared to the same period in 2023, and a 15% rise from the previous quarter, marking an all-time high in the volume of virtual threats.

Geopolitical unrest, economic instability, and the misuse of generative AI systems have contributed to the sustained rise in cyber threats.

The education sector was hardest hit, followed by government and healthcare. Africa experienced the most dramatic increase, with a 90% rise in attacks year-on-year. Check Point highlighted the continent as bearing the “brunt” of cyberattacks, as threat actors increasingly target African organisations before expanding operations globally.

WordPress sites targeted by new ClickFix campaign that installs malware through fake update alerts

WordPress sites are increasingly being hacked to install malicious plugins that push information-stealing malware by displaying fake software updates and error messages. The latest campaign, called ClickFix, follows the earlier ClearFake attack and uses PowerShell scripts disguised as fixes for common software errors. These scripts download malware once executed.

Threat actors are exploiting stolen admin credentials to automate the installation of these malicious plugins, which impersonate legitimate ones like Wordfence Security and LiteSpeed Cache. Once installed, the plugins inject harmful JavaScript into the website’s HTML, triggering fake update prompts to visitors.

GoDaddy recently reported over 6,000 compromised WordPress sites linked to the ClearFake/ClickFix campaign. Site owners are urged to inspect installed plugins, remove any suspicious ones, and reset admin passwords to protect their sites. Malicious plugins identified in this campaign include SEO Optimizer Pro, Rank Booster Pro, and Custom Login Styler, among others. The attacks highlight the ongoing threat of malware targeting WordPress sites.

Dutch central bank warns of rising cyber threats to financial institutions, urges preparedness for payment disruptions

The Dutch central bank has warned that a quarter of all cyberattacks globally are targeting financial institutions, which could, in extreme cases, prevent people from accessing their money. The bank's report highlighted the increasing complexity of the cyber landscape, partly due to the rise of artificial intelligence (AI). While AI can help combat cyber threats, hackers are also using it to launch more frequent and sophisticated attacks.

The report also noted the financial sector's vulnerability to incidents involving third-party services like cloud storage and telecom providers. The bank urged financial institutions to better understand these risks, share information, and prepare for crises. Olaf Sleijpen, the bank’s monetary affairs chief, advised that people should be prepared for temporary disruptions in payment systems, suggesting keeping cash or alternatives like QR code payments ready.

UK Government hails Cyber Essentials as it reaches 10 year anniversary, urges more uptake

The UK government is urging more organisations to become Cyber Essentials Certified, emphasising the scheme's success in preventing cyberattacks. Launched in 2014, Cyber Essentials provides basic cyber security controls to help organisations mitigate common internet-based threats.

A 2023 evaluation revealed that 82% of users felt confident the scheme protects against these threats, and 85% believed it improved their understanding of cyber risks. The two certification levels, Cyber Essentials and Cyber Essentials Plus, address key control areas, including firewalls and malware protection.

Since its introduction, only 190,000 certificates have been issued. The government highlights the scheme's role in strengthening both internal cyber security and supply chain security, as many users now require their suppliers to be certified.

The National Cyber Security Centre continues to encourage wider adoption, noting that implementing these controls can lower the risk of cyber incidents.

Critical Zero-Day Vulnerability in Fortinet’s FortiManager Platform

A critical zero-day vulnerability (CVE-2024-47575) affecting Fortinet’s FortiManager platform has been identified, with a CVSS score of 9.8. This flaw has been actively exploited since June 2024, enabling attackers to remotely execute commands and steal sensitive configuration data, including information on FortiGate devices, such as IP addresses and credentials.

Fortinet has released patches for affected versions, and it is crucial to upgrade immediately to safeguard your systems. If patching isn’t possible right away, temporary workarounds include blocking unknown devices, implementing certificate-based authentication, and allow-listing specific IPs for FortiGate connections.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.