Weekly Cyber News Roundup

July 24th to July 28th 2023

Content 

01. Vulnerabilities
02. News Bites
  • Twelve Norwegian Ministries fall victim to cyber attack

  • SiegedSec group leaks 1GB of NATO data

  • Yamaha confirms cyber attack

  • Cost of a Data Breach hits highest ever level according to new report

03. Conclusion

Vulnerabilities 

Apple releases several security updates to address actively exploited zero day

Apple has released updates to address multiple security vulnerabilities across its operating systems and Safari, including an actively exploited zero-day flaw, CVE-2023-38606. This flaw, found in the kernel, potentially allows rogue apps to change sensitive kernel states. Apple fixed the issue with enhanced state management and confirmed that pre-iOS 15.7.1 versions were vulnerable.

CVE-2023-38606 is part of a trio of vulnerabilities linked to Operation Triangulation, a major mobile cyber espionage campaign exploiting iOS devices since 2019 via zero-click mechanisms. The previous two vulnerabilities, CVE-2023-32434 and CVE-2023-32435, were patched by Apple last month.

The corresponding updates are now available for several Apple devices and operating systems, including iOS 16.6, iPadOS 16.6, iOS 15.7.8, iPadOS 15.7.8, macOS Ventura 13.5, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, tvOS 16.6, and watchOS 9.6.

So far in 2023, Apple has addressed 11 zero-day vulnerabilities, including a recently patched remote code execution bug in WebKit (CVE-2023-37450).

Quick News Bites

Twelve Norwegian Ministries fall victim to cyber attack

Norway's government reported a cyber-attack on twelve of its ministries. Erik Hope, the head of the agency servicing these ministries, announced that a vulnerability in a government third party supplier's platform enabled the attack. He reassured that the loophole was quickly closed and detection was made possible by observing unusual traffic activity on the platform.

The details of the attack remain under wraps as investigations continue since its discovery on July 12. It's too early to determine the perpetrators and the full impact of the breach. Jamie Akhtar, CEO of CyberSmart, suggests the attack's traits hint at state-sponsored involvement.

He remarked, “Given Norway’s geopolitical stance and the rise in attacks on state infrastructure in Ukraine-supportive countries, this appears to be a state-backed act.”

Key government entities, including the Prime Minister's office and the foreign, defense and justice ministries, remained unaffected, thanks to their separate IT platform.

Previous cyber-threats have plagued Norway’s state sector. Elliott Wilkes, CTO at ACDS, reminded that the Norwegian Parliament's email systems were attacked by China-affiliated groups in 2021, and pro-Russian group Killnet launched a DDoS attack against public websites in 2022.

He stressed the importance of timely evaluation and mitigation of supplier-related security vulnerabilities, linking the current attack to such a weakness.

SiegedSec group leaks 1GB of NATO data

The hacktivist group SiegedSec, has reportedly attacked NATO, claiming a breach in the organisation's COI portal and subsequently leaking an array of sensitive documents intended for NATO nations and associates. The leaked data allegedly includes comprehensive personal information of around 70 NATO officials, including names, email addresses, phone numbers, office locations, and ranks.

This latest cyber attack reflects the group's increasing audacity and ability to infiltrate high profile targets. SiegedSec has evolved into a substantial cyber threat, fuelled by a combination of hacktivism motives and personal profit objectives.

SiegedSec cites NATO's supposed violation of human rights as the motive behind the hack and denied it being linked to Russia’s incursion into Ukraine and the subsequent proliferation of such threat groups. However, SiegedSec maintains that its assault on NATO is a response to the perceived assaults on human rights by NATO nations.

Yamaha confirms cyber attack

Yamaha's Canadian music division this week disclosed a cyberattack that led to unauthorised data access. In response, they quickly initiated countermeasures, engaged external cyber security specialists, and strengthened their IT team to minimize the potential impact. The company did not confirm if the incident was ransomware-related, but it adds to a growing list of corporations experiencing cyber threats.

According to cyber security experts Yamaha Canada Music was listed as a victim by two separate ransomware groups, Black Byte and Akira, marking an increase in the number of double postings.

Multiple listings have emerged this year, and while the exact reasons remain uncertain, experts theorise that it may involve affiliates operating with dual groups to enhance victim visibility and leverage ransom negotiations.

Allan Liska, a ransomware researcher, commented that these double listings seem to be gaining prevalence and are advantageous for both the affiliate and the ransomware-as-a-service group in terms of attention and clout. Questions have been raised concerning the payment structure under such circumstances. It's also speculated that cybercriminal groups might operate multiple ransomware brands and rotate between them.

Cost of a Data Breach hits highest ever level according to new report

IBM's annual Cost of a Data Breach Report indicates that the worldwide average cost of a data breach in 2023 escalated to a record $4.45 million, reflecting a 15% rise over the past three years. The detection and escalation costs, constituting the major share of breach costs, surged 42% during the same period, denoting the shift towards intricate breach investigations.

The study disclosed that 40% of the examined breaches resulted in data losses across multiple environments, such as public and private clouds, and on-premise systems, implying successful compromises by attackers while bypassing detection. The breaches influencing multiple environments correspondingly led to elevated breach costs, averaging $4.75 million.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

LONDON | 28 April 2022
DUBLIN | 11 May 2022

Join us in Dublin or London for the Security First 2022 conference.  We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.