Top news stories this week
- Spinning the web. Scattered Spider targets the aviation and transportation industries.
- Reporting required. Municipal entities in New York required to report cyber incidents.
- Attack on the court. International Criminal Court targeted in cyberattack.
- Penetrable. US OFAC sanctions bulletproof services provider for facilitating cybercriminal activity.
- Uncharitable. Ransomware gang target German food aid charity.
- Bad leaver. Disgruntled IT worker sentenced to seven months following IT system sabotage.
- Not to be trusted. Ransomware gang Hunters International announce shutdown of operations.
1. Scattered Spider targets the aviation and transportation industries
Cybercriminal gang Scattered Spider has shifted the focus of its attacks to the aviation and transportation industries. Several airline companies recently suffered cyberattacks attributed to the crime group and now Australia's largest airline, Qantas, has disclosed a data breach closely resembling operations of Scattered Spider. The group allegedly targeted the Qantas call centre and gained access to a customer servicing platform operated by a Qantas supplier.
So what?
Scattered Spider is known for social engineering attacks which exploit IT helpdesk staff to reset user credentials. Read the S-RM’s briefing Threat Actor In Focus: Scattered Spider to learn more about their operations and to learn how to protect your organisation.
[Researcher: Milda Petraityte]
2. Municipal entities in New York required to report cyber incidents
On 26 June, New York Governor Kathy Hochul has signed legislation requiring all municipal corporations to report cyber security incidents to the US Department of Homeland Security. This new legislation requires ransomware payments to be reported within 24 hours of a ransomware payment, post-incident reviews and cyber security awareness training, updates definitions for cybersecurity terms, and establishes standards for information systems in municipal organisations.
So what?
Government interventions such as mandated reporting requirements by victims of ransom incidents and payments, aims to improve the intelligence available to law enforcement agencies to investigate ransomware attacks and apprehend criminals. Not without criticism, other jurisdictions will be watching closely to see if this policy delivers positive outcomes.
[Researcher: Stephen Ross ]
3. International Criminal Court targeted in cyberattack
The International Criminal Court (ICC) has announced it experienced a “sophisticated and targeted” cyberattack, potentially compromising sensitive information. In response, the ICC launched an investigation to determine the scope and origin of the attack, while implementing heightened cyber security measures. This incident is the second of this nature against the ICC within the last two years.
So what?
A second sophisticated cyberattack on the ICC underscores that even top-tier international institutions remain vulnerable.
[Researcher: Tlhalefo Dikolomela]
4. Bulletproof hosting provider and its key personnel sanctioned by the US Treasury
The US Treasury has enforced sanctions on a global bulletproof services provider, Aeza Group, including two affiliated companies and four key staff members. The group supplied cyber criminals with computer infrastructure, including servers and domains to help them evade law enforcement, support ransomware attacks, and host dark web markets. The company has allegedly supported Bian Lian ransomware group and other operators of infostealer malware.
SO WHAT?
Targeting both the operators of ransomware groups and the service providers that support them is crucial for law enforcement to effectively disrupt the broader cybercriminal business model.
[Researcher: Adelaide Parker]
5. Ransomware gang target German food aid charity
A ransomware gang recently attacked Deutsche Welthungerhilfe (WHH), a German charity providing food and aid to impoverished regions. The attackers are demanding 20 bitcoin (approximately USD 2.1 million) for stolen data, but WHH has refused to pay and has taken steps to secure their systems while involving authorities.
So What?
Whilst not overly comprehensive, charitable organisations can leverage free cyber security advice from government agencies such as the British NCSC and German BSI. Some tech companies including Google and Microsoft also offer support to charities with a number of free and discounted resources.
[Researcher: Nor Liana Kamaruzzaman]
6. Rogue IT worker handed seven month sentence following act of sabotage
A British IT worker has been sentenced to seven months in prison having been found guilty of causing significant IT disruption following his suspension by his employer in July 2022. The former employee had changed credentials and altered multi-factor authentication settings, halting business operations and causing approximately GBP 200,000 in business and reputational damages.
SO WHAT?
Organisations should adhere to and enforce secure IT offboarding measures to avoid potential malicious actions by disgruntled ex-employees.
[Researcher: Lawrence Copson]
7. Ransomware gang Hunters International announce shutdown
Ransomware group Hunters International has declared it will close its criminal business and give away decryption keys to their victims for free. However, it is possible that the team of criminals have only rebranded to the group known as World Leaks, shifting from encryption-based attacks to purely data theft and extortion.
SO WHAT?
The possible change of operations shows how cyber criminals adapt quickly to a changing global environment, pivoting tactics and infrastructure to continue criminal undertakings.
[Researcher: Milda Petraityte]
