Top news stories this week
- Taking stock. LockBit 3.0 attacks UK-based trading software provider.
- Class dismissed. Ransomware attack shuts down US public schools.
- Certified con. Hackers steal GitHub certificates.
- Serious operation. Killnet claims responsibility for DDoS attacks on US hospitals.
- Trust no one. Threat actors exploit Microsoft’s verified publisher badge.
- Keyless entry. Password manager KeePass receives warning for vulnerability.
1. Taking stock
UK financial data firm ION Group suffered a ransomware attack that impacted its derivatives section. The group that provides software used for trading and market analytics has forced UK- and US-based clients to trade derivatives manually. The prolific ransomware group LockBit 3.0 claimed responsibility for the attack and has listed ION on their leak site, threatening to leak stolen data unless a ransom is paid. ION disclosed that 42 of their clients have been affected.
Network segmentation and strong backup practices can significantly reduce the impact of a ransomware attack.
2. Ransomware attack on US public schools
A ransomware attack on Nantucket Public Schools forced four public schools in Massachusetts to close on Tuesday. The cyber attack shut down the devices of all staff and students, as well as safety and security systems. No group has claimed responsibility for the attack and it is uncertain when the schools’ operations will resume.
Schools generally have limited cyber security budgets that make them attractive targets for cyber attacks. However, basic security controls that require little investment, such as strong password policies, multi-factor authentication (MFA), and cyber awareness training, can go a long way towards reducing the likelihood of a cyber incident.
3. Hacker steal GitHub certificates
GitHub has confirmed that unknown threat actors stole encrypted code-signing certificates for its Desktop and Atom applications. Once decrypted, the certificates could be used to sign unofficial applications that will appear to be created by GitHub. GitHub is expected to revoke the stolen certificates soon, rendering applications signed with those certificates invalid.
Verify that newly integrated software and applications with GitHub certificates are not signed with the stolen certificates.
4. DDoS attacks on US hospitals
The Russia-linked threat group Killnet has claimed responsibility for distributed denial of service (DDoS) attacks on eight hospitals across the United States. The University of Michigan Hospital and Stanford Health Care are amongst those that have reportedly had their operations impacted. The attacks are ongoing.
DDoS attacks are often overshadowed by ransomware attacks as a significant threat to business operations. Simple content delivery and perimeter protection measures exist to mitigate the risk of DDoS attacks.
5. Microsoft's verified publisher badge exploited
Microsoft has taken steps to disable fraudulent Microsoft Partner Network accounts. Threat actors used the fake accounts to create malicious OAuth applications. A phishing campaign was designed to trick users into granting permissions to these malicious OAuth applications and ultimately compromise Microsoft 365 estates.
The ability to grant permissions to applications in Cloud environments should be restricted to a subset of authorised users. Conduct regular audits of applications and their respective permissions.
6. KeePass vulnerability
The Federal Cyber Emergency Team of Belgium has issued a warning regarding a vulnerability in the local password management utility KeePass. The warning states that threat actors with write access to the KeePass' configuration file may maliciously configure it to export the passwords in cleartext. KeePass has refuted the claim.
MFA is a critical security control to prevent unauthorised access but should also be supplemented with robust privileged access management policies and procedures.