Top news stories this week
- Rules of engagement. Red Cross publishes rules for hackers to follow during conflict.
- Target. Hacktivist group SiegedSec leaks NATO data.
- EvilProxy on the rise. Researchers have uncovered a sophisticated mass phishing campaign.
- Patch now. New fixes available for vulnerabilities in Atlassian and Apple products.
- Costly consequence. Blackbaud agrees a USD 49.5 million payout following 2020 data breach.
- Malware threats. New BunnyLoader malware emerges as the Qakbot operation persists.
1. Red Cross issues cyber warfare rules
The International Committee of the Red Cross has published rules for civilian hackers to follow during conflict. The eight rules, issued amid the ongoing Ukraine war, include banning cyber attacks against medical and humanitarian facilities, and generally avoiding harm to civilians, as well as a ban on using malware that spreads automatically.
The increased role of cyber during conflict demonstrates the need for such rules. However, whether hackers will adhere to them remains to be seen.
2. Hacktivists leak NATO data
NATO has confirmed it is responding to claims of a breach affecting its unclassified websites. The hacktivist group SiegedSec leaked 9GB of data on a Telegram chat, and claimed that it was their second successful breach of NATO. Information from several NATO portals and training platforms were allegedly included in the breach.
Knowing what data you hold, and where it is located, is critical to understand the extent of a potential data breach. Conduct data discovery exercises to identify and classify data and reduce risk by applying relevant and appropriate data protection policies and controls.
3. EvilProxy phishing campaign uncovered
Researchers have exposed a sophisticated and widespread EvilProxy phishing campaign targeting top executives in US-based organisations. The threat actors exploited an open redirect vulnerability on the Indeed employment website to take users to a malicious phishing site and used advanced techniques to steal multi-factor authentication (MFA) session tokens. Because the link originated from a trusted site, it circumvented email security measures.
Some MFA implementations are better than others. If possible, use a FIDO2-certified authenticator like Windows Hello for Business or a Yubi hardware key. Furthermore, combine best-practice MFA with conditional access policies.
4. Time to patch
Atlassian has released an urgent security update to patch a critical zero-day vulnerability in its Confluence Data Center and Server software. The vulnerability (CVE-2023-22515), which is being actively exploited, allows threat actors to easily obtain administrative access or privileges using a standard user account.
At the same time, Apple has also published a fix for a privilege escalation vulnerability (CVE-2023-42824), affecting iPhone and iPad devices
Patch vulnerable Atlassian instances immediately and conduct checks for indicators of compromise, including newly created user accounts.
5. Ransomware breach leads to multi-million dollar settlement
Blackbaud, a cloud software provider, has agreed to a USD 49.5 million settlement following a 2020 data breach as a result of a ransomware attack. The company was accused of violating several laws and regulations for failing to implement fundamental cyber security controls. Blackbaud was also accused of failing to appropriately notify data subjects of the breach. The settlement will compensate affected clients across 49 US states.
Separately, MGM Resorts revealed a loss of USD 100 million in revenue after its cyber incident last month. This did not include an additional USD 10 million paid in risk remediation, third party advisory, incident response and legal fees.
Cyber insurance is an effective risk transfer mechanism. In addition, it also typically offers robust incident response support and early notification will significantly reduce the costs of an incident.
6. Latest malware news
- Despite recent law enforcement efforts, cybercriminals behind the Qakbot botnet, are reportedly continuing their malicious operations, now distributing ransomware and backdoors via phishing emails.
- Separately security researchers have uncovered 'BunnyLoader’, a new malware service on hacker forums that can steal credentials and execute remote commands. The tool is priced at USD 250, appealing to cost-conscious threat actors.
Affordable tools lower the barrier to entry for cybercriminals, potentially leading to a surge in cyber attacks.