Ireland logged over 700 cyber security incidents last year, annual report shows

The National Cyber Security Centre (NCSC) shared its 2023 Annual Cyber Security Update this week, revealing that it received 5,276 reports over the past year, with 721 confirmed cybersecurity incidents. The Centre launched 309 investigations based on these cases, though most incidents were classified as low severity, and none reached the highest threat categories. This reflects NCSC’s success in preventing severe impacts on national infrastructure.

The update comes halfway through the National Cyber Security Strategy and showcases collaborative efforts from the Department of Communications, An Garda Síochána, and the Defence Forces. Minister of State Ossian Smyth emphasised the report’s role in increasing public transparency around government cybersecurity measures.

In further developments, the government launched a €2 million cybersecurity fund for small and medium enterprises (SMEs). Co-funded by the EU’s Digital Europe Programme, this grant scheme will cover up to 80% of cybersecurity project costs, capped at €60,000. The initiative aims to help SMEs enhance their IT security, test systems, and receive expert guidance to boost digital resilience.

Nokia probes third-party breach claims after hacker posts alleged source code for sale

Nokia is investigating claims that source code was stolen from a third-party vendor after hacker "IntelBroker" advertised it for sale. In a statement to BleepingComputer, Nokia confirmed it’s aware of "unauthorised access" reports and is conducting a thorough review. "To date, our investigation has found no evidence of impact to our systems or data," the company stated, while closely monitoring developments.

IntelBroker claims the data includes SSH keys, RSA keys, BitBucket credentials, and other sensitive elements, allegedly acquired from a vendor’s SonarQube server accessed via default credentials. The hacker claims Nokia’s source code was among the data obtained from Python projects on the server.

IntelBroker, who previously breached organisations like DC Health Link, Hewlett Packard Enterprise, and Weee!, recently leaked data from firms including T-Mobile and AMD, obtained through third-party SaaS breaches, adding to their growing track record of high-profile incidents.

AI-Driven attacks top list of executive concerns

For the third quarter in a row, AI-powered cyber attacks have topped Gartner’s list of executive concerns, with 80% of surveyed risk leaders citing AI-enhanced threats as their primary worry. This surge is fuelled by growing evidence of AI misuse, from crafting sophisticated phishing emails to generating malicious code. HP recently intercepted AI-generated malware in a phishing campaign, while Vipre reported a 20% rise in AI-driven business email compromise attacks this year, particularly targeting CEOs and HR staff.

Retailers, too, are under siege, with Imperva noting an average of 569,884 AI-driven attacks daily. Tools like ChatGPT are being used for business logic abuse and DDoS.

In addition to AI risks, IT vendor over-reliance emerged as a new executive concern. July’s CrowdStrike incident, which disrupted critical services worldwide, underscored the risks of software supply chain dependencies. Gartner forecasts that nearly half of global firms may face supply chain attacks by 2025, amplifying the need for diversified vendor strategies.

LameDuck Botnet and Anonymous Sudan’s DDoS Onslaught

Cyber security experts have reported a surge in DDoS attacks by LameDuck’s Skynet Botnet, with over 35,000 attacks targeting critical infrastructure worldwide. These DDoS attacks disrupt services by overwhelming targeted servers with high traffic from compromised devices, posing serious financial and operational threats.

LameDuck, or “Anonymous Sudan,” emerged in January 2023, reportedly run by two Sudanese brothers. Their DDoS assaults have affected vital services such as airports, hospitals, telecommunications, and financial institutions. Operating on a dual motive of hacktivism and profit, they launched attacks for ransom payments (from $3,500 to $3 million) and sold DDoS-for-hire services to over 100 clients.

Collaborating with groups like Killnet, LameDuck targets via coordinated campaigns like #OpIsrael and #OpAustralia. The botnet’s tactics include Layer 7 attacks, leveraging free and paid proxies for anonymity, and strategically timing attacks during peak usage periods to maximise impact.

Interpol’s Operation Synergia II nets 41 arrests in global cyber crime crackdown

Interpol has announced a major victory in the fight against cybercrime with Operation Synergia II, which led to 41 arrests across 95 countries, targeting online criminals like phishers, ransomware groups, and data thieves. Coordinated with industry partners such as Group-IB, Trend Micro, Kaspersky, and Team Cymru, this operation follows the initial Synergia raids in February.

Alongside the arrests, 65 suspects remain under investigation, while authorities seized 59 servers, 43 computing devices, and shuttered 22,000 IP addresses used for criminal activity. Neal Jetton, head of Interpol's Cybercrime Directorate, praised the operation’s global collaboration, noting it prevented hundreds of thousands of potential victims from falling prey to cybercrime.

In notable actions, Hong Kong police shut down 1,037 servers, Macao disconnected another 291, and Mongolian authorities uncovered 93 cybercrime-linked individuals. With its expansive network of 196 member countries, Interpol’s operations are crucial in combatting the international nature of online threats.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.