Weekly Cyber News Roundup

January 23rd to 27th 2023


01. This week’s observation from our Incident Response Team 
02. Vulnerabilities
03. News Bites
  • Arnold Clark threatened by hackers after cyber attack 

  • Increasing number of Ransomware victims refusing to pay according to new reports 

  • Cyber-attack on Riot Games delays video game patch rollout 

  • North Korean Hacking groups responsible for $100 million crypto currency hack

04. Conclusion

A Note From The Cyber Threat Response Team

Payments to ransomware actors dropped in 2022 compared to the higher profits seen in 2020 and 2021. This is due to a number of factors; firstly, the increase in remote working seen during the Covid-19 Pandemic exposed organisations to more frequent attacks. This was combined with the economic disruption of 2021-22 causing an increase in the demand for profit, and an increase in potential threat actors. It now appears that this demand has dropped slightly, potentially caused by organisations security postures catching up to the threat faced and making ransomware attacks more complex and less profitable. 

In 2022, Economic sanctions imposed by the West in response to the war in Ukraine meant that payments to Ransomware actors based in the Russian Federation could not legally be made.  

Cyber security and risk management experts have rightly continued to push for a ‘no-pay’ approach to Ransomware, and the reduction in profits may be a sign that organisations are beginning to adopt this approach. If this trend continues, Ransomware will become less profitable as time goes on, which will benefit all organisations worldwide.


Citrix has recently disclosed two critical security vulnerabilities, CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), in its Application Delivery Controller (ADC) and Gateway endpoints. Thousands of endpoints are at risk and patching these vulnerabilities is strongly advised.  

The first vulnerability, CVE-2022-27510, allows for unauthorized access to Gateway user capabilities through an authentication bypass. The second, CVE-2022-27518, is a remote code execution bug that could lead to takeover of affected systems. Citrix addressed these vulnerabilities on November 8 and December 13, 2022 respectively. 

Quick News Bites

Arnold Clark threatened by hackers after cyber-attack 

The fallout from a cyber-attack over the Christmas period on the Arnold Clark car dealership continues after it was revealed that customers had their national insurance numbers, passports and addresses leaked on the dark web. 

An international hacking group known as Play is now threatening to release a large amount of customer data onto the dark web unless a multi-million-pound ransom is paid in cryptocurrency. The group has already leaked 15 gigabytes of data and intends to upload an additional 467 gigabytes. This incident follows a similar attack on another car retail company, Pendragon, which refused to pay a $60 million ransom demand three months ago. 

The leaking of sensitive data to put pressure on a victim is now a common tactic utilised by ransomware gangs. The Play group first appeared on security experts radars last year after a series of attacks on government websites in Latin America in 2022. 

Increasing number of Ransomware victims refusing to pay according to new reports 

Two studies indicate that ransomware is not as profitable as it once was. Chainalysis, a blockchain analysis firm, reports in a blog post that payments to attackers fell from $766 million in 2021 to $457 million in 2022. They also note that their data does not provide a comprehensive study of ransomware and that payments are down from their peak during the pandemic. Another study also shows a decline in profits for ransomware attackers and a decrease in the percentage of victims who pay.  

One of the key reasons why the number of companies refusing to cough up a ransom was due to Conti, a prominent ransomware strain, being linked with coordination with the Kremlin and Russia's Federal Security Service (FSB). This revelation provided additional reason, in the form of government sanctions, for victims to not pay a ransom. 

Cyber-attack on Riot Games delays video game patch rollout 

On Tuesday, Riot Games revealed that the source code for two of its biggest video games, League of Legends and Team Fight Tactics had been stolen and that it would not be paying the ransom demanded by the hackers for its return. This is just the latest data breach to occur at large game companies and it means that both games may be more susceptible to cheating in the upcoming months as patch roll outs are delayed.  

Riot Games has yet to provide additional details, but stated that the company would release a comprehensive retrospective on the breach at a later time, including the methodologies employed by the hackers. 

North Korean hacking groups responsible for $100 million crypto currency hack 

The FBI has confirmed that the North Korean state-sponsored hacking groups, Lazarus and APT38, were responsible for stealing $100 million worth of Ethereum from Harmony Horizon, a cross-chain bridge for Ethereum.  

The breach, which occurred in June 2022, enabled the hackers to take control of a MultiSigWallet contract and transfer large amounts of tokens to their own addresses. According to the FBI, these hacking groups steal and launder virtual currency to fund the country's ballistic missile and weapons of mass destruction programs. 

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 


The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.


Cyber Security Conference

LONDON | 28 April 2022
DUBLIN | 11 May 2022

Join us in Dublin or London for the Security First 2022 conference.  We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.