10 October 2023

12 min read

Red Cross issues cyber warfare rules | Cyber Intelligence Briefing: 10 October

October 2023
Cyber Security News


Top news stories this week

  1. Rules of engagement. Red Cross publishes rules for hackers to follow during conflict. 
  2. Target. Hacktivist group SiegedSec leaks NATO data. 
  3. EvilProxy on the rise. Researchers have uncovered a sophisticated mass phishing campaign. 
  4. Patch now. New fixes available for vulnerabilities in Atlassian and Apple products. 
  5. Costly consequence. Blackbaud agrees a USD 49.5 million payout following 2020 data breach.
  6. Malware threats. New BunnyLoader malware emerges as the Qakbot operation persists.


       Spotify            Apple Podcasts        Google Podcasts


1. Red Cross issues cyber warfare rules

The International Committee of the Red Cross has published rules for civilian hackers to follow during conflict. The eight rules, issued amid the ongoing Ukraine war, include banning cyber attacks against medical and humanitarian facilities, and generally avoiding harm to civilians, as well as a ban on using malware that spreads automatically 

So what?

The increased role of cyber during conflict demonstrates the need for such rules. However, whether hackers will adhere to them remains to be seen. 

2. Hacktivists leak NATO data

NATO has confirmed it is responding to claims of a breach affecting its unclassified websites. The hacktivist group SiegedSec leaked 9GB of data on a Telegram chat, and claimed that it was their second successful breach of NATO. Information from several NATO portals and training platforms were allegedly included in the breach.  

So what?

Knowing what data you hold, and where it is located, is critical to understand the extent of a potential data breach. Conduct data discovery exercises to identify and classify data and reduce risk by applying relevant and appropriate data protection policies and controls

3. EvilProxy phishing campaign uncovered

Researchers have exposed a sophisticated and widespread EvilProxy phishing campaign targeting top executives in US-based organisations. The threat actors exploited an open redirect vulnerability on the Indeed employment website to take users to a malicious phishing site and used advanced techniques to steal multi-factor authentication (MFA) session tokens. Because the link originated from a trusted site, it circumvented email security measures. 

So what?

Some MFA implementations are better than others. If possible, use a FIDO2-certified authenticator like Windows Hello for Business or a Yubi hardware key. Furthermore, combine best-practice MFA with conditional access policies.

4. Time to patch

Atlassian has released an urgent security update to patch a critical zero-day vulnerability in its Confluence Data Center and Server software. The vulnerability (CVE-2023-22515), which is being actively exploited, allows threat actors to easily obtain administrative access or privileges using a standard user account.  

At the same time, Apple has also published a fix for a privilege escalation vulnerability (CVE-2023-42824), affecting iPhone and iPad devices

So what?

Patch vulnerable Atlassian instances immediately and conduct checks for indicators of compromise, including newly created user accounts.

5. Ransomware breach leads to multi-million dollar settlement

Blackbaud, a cloud software provider, has agreed to a USD 49.5 million settlement following a 2020 data breach as a result of a ransomware attack. The company was accused of violating several laws and regulations for failing to implement fundamental cyber security controls. Blackbaud was also accused of failing to appropriately notify data subjects of the breach. The settlement will compensate affected clients across 49 US states.

Separately, MGM Resorts revealed a loss of USD 100 million in revenue after its cyber incident last month. This did not include an additional USD 10 million paid in risk remediation, third party advisory, incident response and legal fees.

So what?

Cyber insurance is an effective risk transfer mechanism. In addition, it also typically offers robust incident response support and early notification will significantly reduce the costs of an incident.

6. Latest malware news


So what?

Affordable tools lower the barrier to entry for cybercriminals, potentially leading to a surge in cyber attacks.


Cyber Intelligence Briefing

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


Kyle Schwaeble
Kyle Schwaeble
Senior Associate, Cyber Security

Kyle Schwaeble is a senior associate on S-RM’s cyber security team, bringing expertise in incident response management and, particularly, the secure restoration and recovery from cyber incidents such as ransomware attacks and business email compromises. In addition to his incident response work, Kyle has also supported multinational clients with their security transformation programmes, advising on the development and implementation of new technological, procedural, and cultural security controls.  

Kyle joined S-RM in 2019, initially working as an analyst in the Corporate Intelligence team, where he supported various corporate and diligence investigations. He holds a BCom(LLB) from Stellenbosch University in South Africa and is GSEC certified. 

James Tytler
James Tytler
Associate, Cyber Security

James Tytler is a cyber security associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Kyle Schwaeble
Kyle Schwaeble

Senior Associate, Cyber Security

James Tytler
James Tytler

Associate, Cyber Security

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.