Cyber Security News Roundup – 13th February 2023

It's the beginning of a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

LockBit Ransomware Gang Claims Royal Mail Cyber Attack 07/02

The infamous LockBit ransomware operation has claimed responsibility for the recently cyber attack that caused major disruption to the Royal Mail’s international shipping operations. This development comes a surprise, as the group previously claimed that the attack was not theirs and that the culprits were a different group using their LockBit 3.0 ransomware. The Royal Mail first detected the attack on the 10^th January, and was forced to halt all exports. Despite reporting the cyber incident to the NCSC and restoring some of the impacted services, the Royal Mail is still yet to acknowledge that it is dealing with a ransomware attack, with the LockBit group infamous for stealing and leaking data when their ransom demands are not met. (Bleeping Computer)

Third-Party Data Breach Victims Double, Healthcare Most Targeted 08/02

Despite a slight drop in the number of third-party related cyber breaches in 2022, successful attacks impacted almost twice as many victims, with the healthcare industry the most impacted according to a new study from Black Kite. 4.73 companies were affected per vendor breach last year, rising from 2.46 the year before. Unauthorised network access was the primary cause of third party data breaches, accounting for 40% of cases, whilst ransomware came in second at 29% - a slight drop off. (Health IT Security)

Malicious Google Ads Sneak AWS Phishing Sites Into Search Results 09/02

Google ads, already currently under widespread abuse, are now playing host to a new phishing campaign designed to harvest Amazon Web Services login credentials. “Bad ads” actually containing phishing sites ranked second when searching for ‘aws’, and the threat actors have added a redirection step to the link in order to avoid Google’s ad fraud detection. The fake AWS login page asks users to select whether they are a Root or IAM User, allowing the threat actor to categorise their victims into value and utility, and also contains scripts to disable right clicks and keyboard shortcuts in an attempt to prevent users from leaving the page. (Bleeping Computer)

Reddit Hacked: Criminals Steal Source Data and Internal Info in Cyber Attack 10/02

Social news and discussion site Reddit has suffered from a significant cyber attack which has seen cyber criminals steal sensitive company data. During the “sophisticated and highly-targeted” attack, the threat actors constructed a fake intranet page designed to steal employees’ login credentials and multi-factor authentication tokens, with no malware used. Only one employee fell for the phishing attempt but this was enough for the threat actors to gain access to Reddit’s internal systems, giving the criminals access to sensitive data and source code. User accounts and passwords are safe, however company contacts and advertisers have had information stolen. (TechRadar)

US and UK Sanction Conti, Ryuk, and Trickbot Developers 10/02

Seven Russian nationals believed to be behind a number of malware strains including Ryuk, Conti and TrickBot have been sanctioned in a coordinated action by Washington and London. The UK Foreign Office stated that they were responsible for developing and deploying a large number of ransomware strains that targeted the US and the UK, including “some of the most prolific and damaging forms of ransomware.” The TrickBot malware in particular is linked to the Russian Intelligence Agencies, with the operations of the criminal croup aligning with those of the Russian State. According to Graeme Biggar, Director-General of the National Crime Agency, these sanctions are “the first of their kind for the UK and signal the continuing campaign targeting those responsible for some of the most sophisticated and damaging ransomware that has impacted the UK and our allies”. (Cyber News)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!