Toro-Blog-listing

November Security News Round-Up

Written by HQ | Nov 27, 2023 5:10:33 PM

November has been a busy month in the world of security, we’ve rounded up a few of the top stories in our Security News Round-up.  

Increase in Cyber Attacks  

The Israel-Hamas conflict has led to a notable increase in cyberattacks in Israel, with a 20% overall rise and over 50% increase in attacks on the government sector. Initially focused on DDoS and defacements, these attacks have evolved to include more sophisticated methods like malware, ransomware, and wipers. Cyber Toufan, a threat actor targeting Israeli entities, is believed to be linked to Iranian state-sponsored threat actors. The group has targeted businesses and organisations, leaking large databases and affecting prominent cybersecurity firms. The cyberattacks are not confined to Israel, as Bahrain and India have also experienced cyber incidents related to their stance on the conflict. The retaliatory cyberattacks are expected to escalate as the conflict intensifies. 

British Library Ransomware Attack  

The British Library recently fell victim to a ransomware attack, leading to the compromise of employee data and a month-long downtime for the library's website. The Rhysida ransomware group, claiming responsibility, is auctioning off the stolen data, including passport scans, for 20 Bitcoin (£596,459). If you have a British Library login and use the same password elsewhere, we’d recommend that you change it everywhere it is used as a precaution. 

NCSC Annual Review  

The National Cyber Security Centre's (NCSC) seventh Annual Review warned of a persistent and significant threat to the UK's critical infrastructure. The report highlighted the increasing unpredictability of the threat landscape, attributing it to state-aligned groups, rising aggressive cyber activity, and evolving geopolitical challenges. The review emphasizes the need for enhanced cyber resilience in critical sectors such as water, electricity, communications, transport, and finance. The emergence of state-aligned actors sympathetic to Russia's actions in Ukraine is noted, with ongoing concerns about the enduring threat posed by these groups to national assets. The review also addressed the targeting of personal email accounts of high-profile individuals in politics, emphasising the persistent efforts of attackers. It acknowledged the use of advanced artificial intelligence (AI) in influencing elections, foreseeing challenges such as large language models generating fabricated content, hyper-realistic bots spreading disinformation, and the increasing sophistication of deepfake campaigns.  

AI's Influence on Security Operations: G4S's World Security Report Insights  

Nine in ten (90%) Chief Security Officers (CSOs) at large, global businesses operating in the UK agree that Artificial Intelligence (AI) will have the biggest impact on physical security operations over the next five years, according to research from G4S. The finding comes from G4S’s ‘World Security Report’ – a survey of 1,775 Chief Security Officers with total revenue of more than $20 trillion USD. A third (33%) of UK CSOs said AI and machine learning is the technological advancement that their company is most likely to invest in over the next five years to improve its physical and cyber security operations. 

Royal Mail Ransomware attack 

Royal Mail's parent company, International Distribution Services, has disclosed a £10 million expense for improving the Heathrow Worldwide Distribution Centre following the January ransomware attack by LockBit. The cyber incident resulted in a 6.5% YoY decline in international revenue, amounting to £22 million ($27 million), with a 5% drop in parcel volume. Overall, the half-year losses for the group are £319 million ($395.8 million), partly attributed to a pay rise agreement with the Communication Workers Union.  

Microsoft's Warning on Social Engineering Tactics 

The well-known hacking group Lazarus, also named ‘Sapphire Sleet’, has changed its tactics. Instead of using the usual tricks, they've set up fake skill assessment websites to trick people. This group, also known as APT38, BlueNoroff, CageyChameleon, and CryptoCore, is famous for stealing cryptocurrency using tricky methods. 

Recently, Jamf Threat Labs found that Sapphire Sleet is linked to a new kind of macOS malware called ObjCShellz, associated with RustBucket. This malware acts as a final attack stage.   

In the past, this hacking group used to send harmful files or links through places like GitHub. However, they have now switched to creating their websites for spreading malware. These sites look like places where recruiters register, and they're password-protected to keep their activities hidden. Microsoft's Threat Intelligence team has discovered that Sapphire Sleet is targeting people on LinkedIn. They use fake skill assessment offers to get attention and then move the conversation to other platforms.  

WhatsApp's Privacy Response Amid Digital Complexities  

Meta-owned WhatsApp has responded to the evolving threat landscape by introducing the "Protect IP Address in Calls" feature. Whatsapp users will now be able to enable the "Protect IP address in calls" feature in their settings so all calls go through WhatsApp's relay servers instead of being a direct peer-to-peer connection. This feature will mean that the callers cannot see each other's IP address and figure out their geographical location. 

Zoom Vulnerabilities: Challenges in Digital Communication Security 

Despite technological advancements, the popular video messaging platform Zoom discovered multiple vulnerabilities, exposing users to risks ranging from denial-of-service to privilege escalation. This highlights the persistent challenges in securing digital communication channels and emphasises the need for constant vigilance in the face of evolving cyber threats. 

Rise in QR Phishing

A concerning trend in November is the rise in QR phishing attacks, where cybercriminals are exploiting the popularity of QR codes for contactless interactions. In a recent attack, a woman fell victim to fraudsters in a £13,000 railway station QR code scam. Fraudsters are thought to have covered a genuine code with one of their own in Thornaby Station's car park. The victim, 71, used the code and, after a string of fraudulent payments were blocked by her bank, the fraudsters called her posing as bank staff. Referencing genuine transactions, they convinced her they were legitimate and obtained enough information to run up debts of thousands in her name, including a loan of £7,500 they took out in minutes. The criminals also set up online banking and changed their addresses before asking for new cards to be sent out. According to figures exclusively obtained by the BBC, Action Fraud receives hundreds of crime reports every year linked to QR codes and this is massively on the increase. To find out how you can protect yourself from these scams read our latest blog here. 

If you have any questions on any of the above news stories, or you want to speak to Toro about your security, please get in touch with the team.