Weekly Cyber News Roundup

January 30th to February 3rd 2023

Content

01. This week’s observation from our Incident Response Team 
02. Vulnerabilities
03. News Bites
  • 10M JD Sports customers impacted by cyber-attack

  • Russian hacktivist gang Killnet attacks multiple Ukrainian allies

  • Cyber-attack on financial data group impacts trading

04. Conclusion

A Note From The Cyber Threat Response Team

The introduction of ChatGPT's AI technology in November 2022, while revolutionary, is also susceptible to exploitation.

This may attract novice cybercriminals and increase cyber risks. The potential for abuse has been a hot topic among cybercriminal forums, where discussions on using ChatGPT to enhance various cyber threats such as phishing emails, faster malware deployment, and more effective Business Email Compromise (BEC) are taking place.

As a result, organisations and individuals should be aware of the potential risks associated with this technology and take appropriate measures to protect themselves. This can include educating employees on how to identify phishing attempts, implementing strong security measures such as firewalls and antivirus software, and regularly backing up important data. Additionally, staying informed about the latest developments in the world of cybercrime (such as by reading these weekly reports) can help organisations and individuals stay ahead of potential threats and mitigate their impact.

Vulnerabilities 

Something a bit different this week as we share the list of the top 10 most exploited vulnerabilities of 2022. There’s a high chance some of these will make it into the 2023 list too as organisations fail to patch them. We recommend that organisations patch for each of the below as soon as possible.

  1. Log4Shell (CVE-2021-44228)
  2. Follina (CVE-2022-30190)
  3. Spring4Shell (CVE-2022-22965)
  4. Google Chrome Zero-Day (CVE-2022-0609)
  5. F5 BIG-IP (CVE-2022-1388)
  6. Microsoft Office Bug (CVE-2017-11882)
  7. ProxyNotShell (CVE-2022-41082, CVE-2022-41040)
  8. Zimbra Collaboration Suite Bugs (CVE-2022-27925, CVE-2022-41352)
  9. Atlassian Confluence RCE Flaw (CVE-2022-26134)
  10. Zyxel RCE Vulnerability (CVE-2022-30525)

Quick News Bites

10 million JD Sports customers impacted by cyber-attack

JD Sports, a sportswear chain, announced a possible data breach that may have put information of 10 million customers at risk. The hackers may have accessed names, addresses, email accounts, phone numbers, order details, and the last four digits of bank cards for online orders from November 2018 to October 2020.

The company said it was reaching out to affected customers and stated the impacted data is "limited". It further noted that it does not hold full payment card information and does not believe that hackers gained access to account passwords.

Retailers are often targets of cyber-crime due to the collecting and storing of a vast array of personal and financial information including names, addresses, credit card numbers, and purchase histories, making them a valuable target for cyber criminals. In addition, retailers often handle a large volume of transactions, making them an attractive target for financial fraud.

Additionally, many retailers have outdated or insufficient cyber security measures, making them vulnerable to attacks. As a result, retailers must prioritise protecting their customers' data and investing in strong cyber security measures to stay ahead of potential cyber threats.

The amount of customer records potentially accessed as a result of the JD Sports incident is shockingly high and pertains to a two-year period of online orders.

While passwords and payment information were not disclosed, Personal Identifiable Information (PII) such as contact information were. This exposes users to targeted phishing attacks for the purpose of fraud. The scope of the attack was extended to subsidiary brands of the JD sports group. Anyone who has made an online order from the JD Sports group over the time period in question should be extra vigilant of phishing emails and fraud.

Russian cyber hacktivist gang Killnet attacks multiple Ukrainian allies

A pro-Russia hacking group, Killnet, has claimed responsibility for a cyber-attack that disabled the websites of over a dozen US hospitals this week.

The group, known for launching DDoS attacks, stated it took down the websites of 14 US hospitals, including Stanford Healthcare, Duke University Hospital, and Cedars-Sinai. Killnet also launched DDoS attacks against several medical facilities in the Netherlands with the University Medical Centre Gröningen being the largest.

Killnet has been conducting DDoS attacks against government agencies and firms since the start of the war in Ukraine. Targets have included British, Spanish, and Norwegian hospitals.

Further highlighting the geopolitical risks The UK’s National Cyber Security Center (NCSC) last week warned of increased targeted attacks from Iran or Russia, mainly in the form of phishing attacks aiming to steal sensitive information.

Cyber-attack on financial data group impacts trading

Ion Markets, a financial data group, has suffered a cyber-attack that impacted its cleared derivatives unit. The Dublin-based firm said the attack was contained to a specific environment, and services are being remediated. The Futures Industry Association is working with clearing houses, trading platforms, and regulators to evaluate the extent of the attack's impact on trading, processing, and clearing. This comes a week after a glitch at the New York Stock Exchange caused market chaos.

A client alert stated that all emails from ION or affiliates were being investigated by security staff. Fidessa, acquired by ION in 2018, notified that a cyber incident involving LockBit and VMware servers was the cause of the issue preventing access to certain systems. LockBit is ransomware that blocks access to computer systems and often demands a ransom payment. Fidessa stated that the spread was limited to cleared derivatives front, middle, and back office services for clients and no other products or business lines were affected.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

LONDON | 28 April 2022
DUBLIN | 11 May 2022

Join us in Dublin or London for the Security First 2022 conference.  We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.