Boeing investigates LockBit’s claims of zero-day exploit and data theft | Cyber Intelligence Briefing: 31 October

Top news stories this week

1. Skyjacked. Boeing investigates LockBit’s claims of zero-day exploit and data theft.
2. Disconnected. Chilean telecommunication company Grupo GTD hit by Rorschach ransomware.
3. Dirty tactics. Hunters International ransomware group exposes sensitive patient images during negotiations.
4. From Russia with love. Russian nation state hackers compromise French critical networks.
5. September surge. Ransomware groups claim 462 attacks in September.
   
6. Shut it down. Spanish and Nigerian police make arrests and dismantle cyber criminal organisations.
   
   

1. LockBit claims ransomware attack on aviation giant Boeing

American aerospace giant Boeing has been posted on the leak site of prolific ransomware group LockBit 3.0. The group claims an unspecified zero-day exploit was used to breach the company and has set 2 November for Boeing to respond. Boeing stated on Friday that it was investigating the claims.

So what?

Companies should have a well-rehearsed response plan in place in case of an attack by ransomware gangs to avoid falling victim to aggressive pressure tactics.

2. Chile’s Grupo GTD hit by Rorschach/BabLock ransomware

The multinational telecommunications company Grupo GTD confirmed it suffered a Rorschach/BabLock ransomware attack last week. The incident impacted various systems, including Grupo GTD’s Infrastructure-as-a-Service (IaaS) platform, as well as its IP telephony and internet television services. Grupo GTD publicly disclosed the incident within two days of it occurring, citing the importance of proactive and clear communication with stakeholders during a cyber incident.

So what?

Preparing for a cyber incident should go beyond implementing technical controls and drafting incident response plans. Public relations communication planning is also vital to manage the potential reputational impact a cyber incident can cause.

3. Hunters International leaks pre-op surgery photos as pressure tactic 

Ransomware group Hunters International has uploaded pre-operation photos from a US-based plastic surgery clinic on their dark web leak site as a pressure tactic. The group is believed to be a rebranding of the prolific ransomware gang Hive, which was taken down by a coordinated law enforcement operation in January this year.

So what?

Sensitive data should be encrypted and subject to appropriate data retention policies to mitigate the impact of a data breach.

4. Russian nation state hackers target French organisations  

The French cyber security agency ANSSI has reported that Russian nation state hacking group APT28, also known as Fancy Bear, has been targeting sensitive French organisations including government entities, businesses, and think tanks since 2021. The group has used various tactics to gain access and avoid detection, including compromising routers which are not actively monitored.

So what?

Devices on the edge of your network can be used by malicious actors to compromise and maintain access to your environment. Regularly monitoring these devices as well as keeping them patched is critical.

5. September surge in ransomware attacks

September saw a 20% surge in claimed ransomware attacks, with 462 victims named on dark web leak sites compared to 390 the previous month. This was partly driven by the new group LostTrust, who leaked data from 52 victims on their site in one day and has not posted any new victims since. Ransomware veterans LockBit have consistently been the most active group, with other groups varying considerably in their activity from month to month.

So what?

The true scale of ransomware attacks is difficult to gauge, as many more victims reach settlements with threat actors and therefore go unreported.

6. Police arrest cyber criminals in Spain and Nigeria  

The Spanish National Police have shut down a cyber criminal organisation, arresting 34 scammers who were collectively responsible for stealing data belonging to four million people. The scammers’ tactics included email and SMS phishing attacks as well as fake emergency calls to steal money from victims.

The Nigerian Police Force has also dismantled a cyber crime recruitment and training centre linked to business email compromise attacks, investment fraud, and romance scams. The police arrested six suspects following a raid of their premises.

So what?

International police have become more vigilant when it comes to identifying and punishing cyber criminals for their activities. Nevertheless, organisations must continue to educate their employees on the variety and sophistication of cyber criminal groups and how different tactics are employed to achieve their objectives.