Top news stories this week
- Let’s get critical. UK and Singapore ramp up efforts to improve cyber resilience in critical sectors.
- Clop strikes again. The Washington Post and GlobalLogic are latest victims of Clop campaign.
- Insure up . Sharp rise in insurance payouts for cyber claims in the UK.
- Qilin like a villain. Prominent ransomware group continuing to target small businesses.
- Poison diary. Surge in attacks exploiting iCalendar files
- Check out. Large-scale phishing campaigns targets hotels and customers.
1. UK and Singapore ramp up efforts to improve cyber resilience in critical sectors
The UK Parliament has introduced a new Cyber Security and Resilience Bill aimed at improving the resilience of Britain’s critical services, which include healthcare, transport, and providers of drinking water and energy.
Separately, Singapore now requires board members of critical service operators to undergo cyber security training as part of the updated Cybersecurity Code of Practice.
So what?
Governments codifying best practice into law is an encouraging development. Companies in critical sectors should actively understand and adopt these legal requirements to ensure security and compliance.
[Researcher: Lester Lim]
2. The Washington Post and a Hitachi subsidiary become Clop’s latest victims
GlobalLogic, a subsidiary of Hitachi, confirmed that a recent Clop campaign exposed HR data for about 10,500 current and former employees. Meanwhile, The Washington Post revealed that nearly 10,000 staff and contractors had names, bank details, tax identifiers, and Social Security numbers stolen via the ongoing Oracle EBS exploit.
So what?
As the Clop saga continues, organizations should strengthen the resilience of their software vendor supply chains and ensure incident response plans account for third-party system compromises.
[Researcher: Lawrence Copson ]
3. Sharp rise in insurance payouts for cyber claims in the UK
The Association of British Insurers (ABI) reported that insurers paid out almost GBP 200 million in cyber claims to UK businesses in 2024, marking a 230 percent year on year increase from 2023. While the figures exclude recent major incidents, such as the breach at Marks & Spencer, they highlight an increase in attacks during that period. Notably, 51 percent of claims were related to ransomware and malware infections.
So what?
Cyber insurance is a critical component of an organization’s cyber risk management strategy. A comprehensive cyber insurance policy not only supports businesses during attacks but also helps prevent them by offering access to proactive services such as maturity assessments, threat monitoring, and incident response planning.
[Researcher: Rosie McKeown ]
S-RM has reported an increase in attacks on small and medium sized businesses globally by the threat group known as Qilin. Qilin operates a ransomware-as-a-service (RaaS) model, and S-RM has recently observed affiliates of the Scattered Spider group deploying Qilin’s ransomware. These attacks typically target unpatched VPNs or single-factor remote access tools to gain initial access.
SO WHAT?
Threat actors and RaaS groups continue to collaborate and innovate. Cybersecurity and IT professionals should immediately alert their insurers and incident response providers if they suspect being targeted by Qilin. Learn more about Qilin here.
[Researcher: Steve Ross]
5. Surge in phishing attacks exploiting iCalendar files
While email phishing campaigns are well known, attacks have found a new threat vector by abusing .ics calendar files, which can bypass regular security controls. This new technique has been visible in the Google Calendar spoofing campaign. The threat is especially critical in scenarios where calendar invites are automatically accepted as tentative by default.
So What?
Organizations should review Outlook and Google Calendar default settings, as well as educate users on new phishing techniques.
[Researcher: Jenny Eysert]
6. Large-scale phishing “I paid twice” campaigns targeting hotels and customers
Cyber criminals are targeting hotel managers with fake landing pages to steal their credentials by deploying remote access trojan (RAT) malware. Once obtained, these credentials are used to send fraudulent emails to hotel customers, exploiting legitimate reservation details. As a result, some customers are tricked into paying twice to falsely secure their reservation and prevent cancellations.
SO WHAT?
The travel industry can be heavily targeted close to the holiday season. Companies in this sector or related fields should remain vigilant to ensure the consumer travel experience isn’t further complicated by security threats.
[Researcher: Mark Farley]
