19 December 2023

8 min read

Organisational failings to blame for MoD and PSNI data breaches | Cyber Intelligence Briefing: 19 December

December 2023
Cyber Briefing News

 

Top news stories this week

  1. Delete after reading. Organisational failings to blame for Ministry of Defence and PSNI data breaches. 
  2. Turncoat. LockBit recruits new affiliates after BlackCat disruption and NoEscape exit scam.  
  3. Crackdown. Microsoft obtains court order to seize Storm-1152 infrastructure; France and Spain make further cybercrime arrests.
  4. Security slam. UK at heightened risk of cyber attack according to parliamentary report.
  5. Shutdown. Russian hackers leave millions of Ukrainians without phone or internet access.
  6. Time delay. Kraft Heinz investigates August cyber breach while US dental insurer confirms millions impacted in May MOVEit breach. 
  7. Patch Tuesday. Microsoft addresses vulnerabilities, meanwhile Apache identifies vulnerability in its Struts 2 framework. 

Listen to the Cyber Intelligence Briefing

New call-to-action New call-to-action New call-to-action New call-to-action

1. Organisational failings in data security caused Ministry of Defence and PSNI breaches

The Information Commissioner’s Office (ICO) has fined the UK Ministry of Defence (MoD)GBP 350,000 over a 2021 data breach in which details of Afghan nationals who worked with the UK government were revealed over email. The ICO criticised lax data security practices at the MoD but reduced the fine in light of its cooperation and the fact it is a public body.

Separately, an independent report into a data leak last August which saw details of all employees of the Police Service of Northern Ireland (PSNI) published online found widespread organisational failings contributed to the breach.

So what?

A culture of security needs clear policies, processes, and procedures, including staff education around the importance of safeguarding sensitive data.

[Researcher: David Broome] 


2. LockBit recruits new affiliates after BlackCat disruption and NoEscape exit scam  

Prolific ransomware group LockBit is recruiting disillusioned affiliates after BlackCat’s infrastructure unexpectedly became unavailable amid rumours of a law enforcement operation. Separately, NoEscape affiliates have been poached after the group was accused of performing an exit scam and stealing ransom payouts.

So what?

Turbulence and uncertainty in the ransomware ecosystem means that accurate threat intelligence is vital to successfully navigating an incident.

[Researcher: David Broome]


3. Microsoft obtains court order to seize Storm-1152 infrastructure; Spanish and French authorities make further cyber criminal arrests

In a major clampdown, Microsoft obtained a court order to seize the infrastructure of the cybercrime group Storm-1152, responsible for creating around 750 million fraudulent Microsoft accounts. The group is part of a cybercrime-as-a-service ecosystem, supplying fraudulent accounts to cyber criminals worldwide.

Separately, a leader of 'Kelvin Security', the group behind 300 cyber attacks including breaches at Vodafone Italia and Frost & Sullivan, has been arrested in Spain. Additionally, French authorities and international law enforcement arrested a Russian based in Paris, suspected of laundering funds for the global Hive ransomware gang.

So what?

Legal action against threat actors can be effective if they lead to domain seizures. However, the success of prosecution largely depends on the criminals' geographical location, potentially limiting law enforcement capabilities.

[Researcher: Amy Gregan]

 

Download now

 

4. Parliamentary report reveals UK is at risk of ‘major cyber incident’

According to a report by the UK's parliamentary committee, the country is at high risk of a 'catastrophic ransomware attack' due to ineffective planning and inadequate investment into cyber security. The report warns that the UK's critical national infrastructure, including energy, water supply and health services, are particularly susceptible to a cyber attack due to outdated IT systems.

So what?

Cyber security should be a priority for all organisations due to its impact on business operations, finances, and reputation. Having an advocate for cyber security helps create a solid defence and a proactive culture to face evolving cyber threats.

[Researcher: Amy Gregan]


5. Russian hackers claim attack on Ukraine mobile network 

Russia-linked hacking groups, KillNet and Solntsepek, have separately claimed responsibility for an attack on Ukraine’s largest mobile network operator Kyivstar in a cyber attack that left millions without phone or internet access and disrupted air raid alert systems in Kyiv. Security researchers have previously linked Solntsepek to the Russian military intelligence unit known as Sandworm.

So what?

Network segmentation and strong backup practices can significantly reduce the impact of a supply chain cyber attack.     

[Researcher: Waithera Junghae]


6. Kraft Heinz investigates cyber breach while US dental insurer confirms millions impacted in MOVEit breach

US food giant Kraft Heinz is investigating the potential impact of a cyber attack that took place in August after its name recently appeared on the leak site of the data extortion group Snatch. The company said that it had not seen any evidence to suggest it was a victim of an attack.

Separately, Dental insurance company Delta Dental of California has confirmed that seven million of its customers were impacted in a MOVEit Transfer software breach in May.

So what?

Organisations should remain vigilant as data can take a long time to surface on a leak site and the true impact of a cyber attack can take months to be felt.

[Researcher: Waithera Junghae]


7. Patch Tuesday

Microsoft has patched 34 vulnerabilities, including four critical vulnerabilities allowing for remote code execution, and one zero-day vulnerability.

Meanwhile, Apache has identified a new vulnerability in its Struts 2 framework, which can be used for remote code execution.

So what?

Apply the latest patches and upgrade to Struts 2.5.33, 6.3.0.2 or greater.

[Researcher: Waithera Junghae]

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Kyle Schwaeble
Kyle Schwaeble
Senior Associate, Cyber Security

Kyle Schwaeble is a senior associate on S-RM’s cyber security team, bringing expertise in incident response management and, particularly, the secure restoration and recovery from cyber incidents such as ransomware attacks and business email compromises. In addition to his incident response work, Kyle has also supported multinational clients with their security transformation programmes, advising on the development and implementation of new technological, procedural, and cultural security controls.  

Kyle joined S-RM in 2019, initially working as an analyst in the Corporate Intelligence team, where he supported various corporate and diligence investigations. He holds a BCom(LLB) from Stellenbosch University in South Africa and is GSEC certified. 

Miles Arkwright
Miles Arkwright
Associate, Cyber Advisory
James Tytler
James Tytler
Associate, Incident Response

James Tytler is an associate in S-RM’s incident response team. In addition to responding to a wide range of cyber security incidents, he also supports clients with cyber threat intelligence services.

Before joining S-RM’s cyber security team, James worked at a London-based corporate intelligence firm, where he specialised in Middle Eastern subjects.

James has a BA in Arabic and Persian from the University of Cambridge, and an MA in International Security from Sciences Po Paris. He speaks fluent French.

Kyle Schwaeble
Kyle Schwaeble

Senior Associate, Cyber Security

Miles Arkwright
Miles Arkwright

Associate, Cyber Advisory

James Tytler
James Tytler

Associate, Incident Response

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.