Weekly Cyber News Roundup

January 2nd to 6th 2023

Under
Attack?

Content

01. This week’s observation from our Incident Response Team 
02. Vulnerabilities
03. News Bites

  • New report shows the NHS is the most impersonated government organisation

  • Guardian newspaper offices still closed due to Ransomware attack fallout

  • LockBit ransomware gang apologises, blames partner group for attack on SickKids children’s hospital 

  • Twitter breach exposes the information of 235 million users 

04. Conclusion

A Note From The Cyber Threat Response Team

As the New Year gets under we thought it’d be a good idea to list the most likely possible targets for criminal activity in 2023.  

Targets will include the Internet of Things (IoT) and the growing number of devices and systems it controls, as well as mobile devices, which are increasingly targeted by malicious apps, phishing, and other types of attacks.  

Supply chain attacks, where criminals exploit flaws in vendor’ systems to gain access to their clients networks, will also continue to be a threat. Remote work and the blending of personal and corporate devices on domestic networks will also provide opportunities for attackers to use social engineering or other tactics to gain a foothold in networks.  

Finally, with AI and machine learning tools being increasingly available to the masses we may see criminals begin to use AI and machine learning to inform their attacks.  

Phishing, ransomware, and other common forms of cyber-attacks will continue to be a threat in 2023. While employee training and awareness is important, it is not enough to protect organisations from these cyber threats. Businesses should try to drive behavioural change alongside implementing robust security measures.  

Vulnerabilities 

It is likely that in the coming year, we will see some significant cyber incidents and data breaches resulting from unpatched Citrix vulnerabilities that were only addressed late in 2022. Specifically, thousands of unpatched Citrix ADC and Gateway deployments are at risk from the authentication bypass vulnerability CVE-2022-27510 and the remote command execution vulnerability CVE-2022027518. These vulnerabilities can allow attackers to gain unauthorised access, bypass login protections, and take control of devices. It is crucial that organisations apply the patches released to address these vulnerabilities as soon as possible in order to protect their systems. 

 

Quick News Bites

New report shows the NHS is the most impersonated government organisation  

A new report released by the National Cyber Security Centre (NCSC) this week revealed that the National Health Service (NHS) is the most impersonated government organisation in the UK. Following on from the Covid-19 pandemic and current headlines regarding the NHS it’s little surprise that cyber criminals choose to impersonate the organisation in phishing campaigns.  

The NCSC also revealed that TV Licensing, Gov.uk, Driver and Vehicle Licence Agency (DVLA) HM Revenue & Customs and the energy regulator Ofgem were all highly impersonated. As the cost of living crisis bites we can expect to see an increase in malicious emails, texts and other phishing attempts utilising these agencies. With energy bills and financial concerns high threat actors will seek to take advantage. You can read our guide on Phishing HERE  

Guardian newspaper offices still closed due to Ransomware attack fallout 

During the holiday season, while many were taking time off, cyber criminals were hard at work. One notable example was the suspected ransomware attack on the Guardian newspaper. The attack, which was reported on December 21st had a significant impact on the company’s technology infrastructure and led to staff being told to work from home. The restoration of all IT systems is expected to take several weeks. This incident highlights the ongoing threat of ransomware and the need for organisations to have robust security measures in place to protect against these types of attacks.  

LockBit ransomware gang apologises, blames partner group for attack on SickKids children’s hospital 

The notorious LockBit ransomware group, known for its extortion attacks, issued a formal apology for an attack on Canada’s largest children hospital. In a message that highlights just how large and how well organised the gang is, the group claimed that the attack was carried out by a now-blocked affiliate and released a decryptor for the victim to use to recover their encrypted files. This rare apology may suggest that there’s some dissent among the groups members over what organisations are ‘valid’ targets. Healthcare organisations have been increasingly targeted by ransomware attacks with several high profile incidents occurring in 2022 including attacks against the NHS and the ongoing fallout of the 2021 ransomware attack against the Health Service Executive of Ireland (HSE).  

Twitter breach exposes the information of 235 million users 

Wednesday saw a significant data leak being revealed in the media. According to cyber intelligence company Hudson Rock, the details of approximately 235 million Twitter users was discovered on an online hacker forum. The data dump includes user names, email addresses, screen names, follower numbers and some phone number. Such a leak could see a significant rise in targeted phishing and further highlights the importance of organisations needing to better protect the personal information of their users.  

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

LONDON | 28 April 2022
DUBLIN | 11 May 2022

Join us in Dublin or London for the Security First 2022 conference.  We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.

Register Now

Latest Threat Insights

Advisory: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway

Advisory: CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway

Read More
The Top Reported Cyber Security Incidents of 2023

The Top Reported Cyber Security Incidents of 2023

Read More
Get to grips with Threat Exposure Management this Computer Security Day

Get to grips with Threat Exposure Management this Computer Security Day

Read More