17 October 2023

9 min read

BEC scams resurge | Cyber Intelligence Briefing: 17 October

October 2023
Cyber Briefing News


Top news stories this week

  1. BEC scams resurge. Cybercriminals take aim at law firms in sophisticated email deception. 
  2. War games. Hacktivists behind massive spike in cyber attacks amid Israel-Hamas war. 
  3. Discredited. Financial Conduct Authority fines Equifax GBP 11 million for data breach. 
  4. Data turbulence. Air Europa and Air Canada experience significant data breaches.
  5. Broken negotiations. LockBit leaks CDW data after USD 80 million ransom demand goes unmet.
  6. DNA data leak. Sensitive data of 23andMe customers stolen in credential-stuffing attack. 
  7. Patch Tuesday. Microsoft addresses vulnerabilities and Windows Server 2012 reaches end of support. 


       Spotify            Apple Podcasts        Google Podcasts


1. Law firms under siege in resurgence of email compromise scams

S-RM has recently observed a sharp increase in Business Email Compromise (BEC) incidents. Law firms have been the most targeted, likely due to the sensitive information in email threads they’re party to. Threat actors often compromise email accounts to trick individuals into fraudulently diverting payments, including invoices and legal bills. 

Many of the techniques used by threat actors in the campaign are circumventing traditional forms of multi-factor authentication (MFA). 

So what?

Read our full briefing for further information regarding the campaign, including the sophisticated techniques used by the threat actors, as well as how you can defend against them.

2. Israel-Hamas war prompts spike in hacktivist activity

The ongoing Israel-Hamas war has prompted a dramatic increase in malicious cyber activity from supporters of both sides. Hackers have defaced websites and public billboards, pushed out a fake version of a rocket alert app, and claim to have targeted the missile defence system. The websites of non-profit aid groups providing relief to Israel and Gaza have also been hit with DDoS attacks.

So what?

As civilian hacktivists increasingly become involved in modern conflicts, it is important to be vigilant for malicious activity and strengthen your cyber security posture if your organisation could be targeted for political reasons.

3. Equifax fined for data breach that exposed 13.8 million UK customer records

The Financial Conduct Authority (FCA) has fined Equifax GBP 11 million for its infamous 2017 data breach. The financial watchdog found that Equifax did not conduct the necessary due diligence on their holding company’s data security and management practices. They also cited Equifax’s poor handling of the breach in their statement.

So what?

Organisations have a responsibility as a data controller under the GDPR to safeguard personal data, including by ensuring that third party data processors implement appropriate security controls.

4. Air Europa and Air Canada experience data breaches

In response to a data breach that exposed credit card information, Air Europa has advised customers to cancel their credit cards. The airline has since reportedly secured its systems, but critical details including the extent of the incident and its timeline are undisclosed.

Separately, ransomware gang BianLian claims to have stolen 210GB of data from Air Canada, including technical and operational information. Air Canada has not disclosed specifics of the breach or verified the threat actor's involvement.

So what?

Understanding when and what information to communicate to customers and the public is a critical aspect of an incident response. Defining a communications strategy and testing it as part of a simulated response will help prepare your organisation to handle the reputational risks presented by an incident.

5. LockBit demands USD 80 million ransom to CDW

The IT solutions giant, CDW, is investigating a data breach after negotiations with LockBit broke down. LockBit demanded a USD 80 million ransom, while CDW allegedly offered USD one million, leading to the termination of discussions. This is the third largest publicly disclosed ransom demand.

So what?

Organisations must prepare for the reputational risk of their negotiations becoming public when dealing with cyber criminals.

6. 23andMe users have DNA data leaked in credential-stuffing attack 

The genetic data of seven million users has been put up for sale on the dark web after US genomics company 23andMe suffered a data breach. The threat actor gained access to the platform and the users’ genetic data using credentials exposed by other online platform breaches.

So what?

It is critical that company passwords are not used to sign up to online subscription platforms. This should be mandated in your organisation’s password policy.

7. Patch Tuesday

Microsoft has patched 104 vulnerabilities, including 12 critical vulnerabilities allowing for remote code execution. Furthermore, three zero-day vulnerabilities that were being actively exploited in the wild were also patched.

The company also announced that Windows Server 2012 and editions of Windows 11 21H2 have reached end of support and will no longer receive security updates.

So what?

Apply the latest patches and upgrade to the supported versions of Windows. 


Cyber Intelligence Briefing

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.


Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.