Weekly Cyber News Roundup

January 16th to 20th 2023

Content

01. This week’s observation from our Incident Response Team 
02. Vulnerabilities
03. News Bites
  • Ransomware attack against the maritime software supplier DNV impacted 1,000 vessels 

  • Royal Mail tells customers not to send overseas packages as it struggles with ransomware fallout 

  • Cyber Incidents top concern for business says new Allianz report

  • Hackers steal $415 million from collapsed cryptocurrency broker FTX 

04. Conclusion

A Note From The Cyber Threat Response Team

The Integrity 360 IR team has observed an increase in incidents where clients report their mouse moving and clicking on its own. These incidents vary in terms of whether they are actual compromises cases or false positives.  

For example, in one instance, the event occurred at 2am following a Christmas party and a few drinks, indicating it was a false positive. However, real instances of compromise have also been reported. One instance involved an employee falling for a spoofed email from the company's service desk, downloading LogMeIn, and giving attackers access. The attackers then escalated privileges and deployed Ransomware. Despite many instances turning out to be false positives, it's important to take them seriously due to the effectiveness of social engineering tactics.  

Vulnerabilities 

Microsoft released the last patches for Windows 7 and 8.1 in a historic Patch Tuesday. Despite their age, outdated operating systems were still used with at least 100 million known Windows 7 installations being used as recently as 2021. While it goes without saying that users should update operating systems to the latest version where possible, it also highlights the need for secure, modern operating systems which can run on legacy hardware. 

Quick News Bites

Ransomware attack against the maritime software supplier DNV impacted 1,000 vessels 

DNV, a Norwegian shipping classification society, announced that its systems were affected by a ransomware attack on January 7, impacting approximately 1,000 ships that use its technology. Its ShipManager software, a fleet management tool used by more than 7,000 vessels owned by 300 customers, was targeted by file-encrypting malware, resulting in the organisation shutting down its servers. DNV stated that 70 customers, operating nearly 15% of its total fleet, were affected by the attack. 

The attack highlights the increasing vulnerability of shipping companies to cyber-attacks and the importance of implementing robust security measures to protect against such incidents. 

Royal Mail tells customers not to send overseas packages as it struggles with ransomware fallout 

Royal Mail CEO Simon Thompson confirmed that a cyber-attack is responsible for the ongoing disruption at the company. He revealed this during a U.K. parliamentary committee session on Tuesday, almost a week after the company first announced that it had been hit by an "unspecified cyber incident" that caused the British mail service to be unable to dispatch items to overseas destinations.  

Thompson stated that while the company believes that no customer data was compromised in the attack, they are prepared for that situation to change and have already notified the U.K. data protection regulator, the Information Commissioner's Office, as a precaution. He declined to provide further details of the attack, citing it would be detrimental to the ongoing investigation. 

Cyber incidents top concern for business says new Allianz report 

According to a new report by Allianz, cyber incidents and business interruption risk remained the top concerns for companies for the second consecutive year. The Allianz survey found that 34% of respondents rated both cyber incidents and business interruption as their top concern. 

IT outages, ransomware attacks and data breaches, were ranked as the most significant risk worldwide for the second year in a row. It also was the top concern in 19 different countries including Canada, the UK, France, Japan and India. Additionally, it is the risk that small companies (with less than $250 million in annual revenue) are most concerned about. 

Hackers steal $415 million from collapsed cryptocurrency broker FTX 

FTX announced that it has recovered more than $5 billion in crypto, cash, and liquid securities, however, significant shortfalls still exist at both its international and U.S. crypto exchanges. The company attributed some of the shortfall to hacks, stating that $323 million worth of crypto was stolen from its international exchange, and $90 million was stolen from its U.S. exchange since it filed for bankruptcy on November 11. 

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

LONDON | 28 April 2022
DUBLIN | 11 May 2022

Join us in Dublin or London for the Security First 2022 conference.  We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.