Cyber Security Threat Report - June Digest

Welcome back to Riela Cyber’s monthly Threat Report. June has seen an influx of global cyber attacks, most notably caused by the MOVEit ransomware. Let’s dive in.

News

Technology... Trust, but Verify First

At Riela, we are the biggest supporters of modern technology. However, that is not to say that it comes without bugs and flaws, (even though it could be human error from time to time). This was made very obvious earlier this month when tourists in Hawaii blindly followed their GPS straight into the sea. Immersed in their technology, the tourists didn’t notice the imperative danger until it was too late. This serves as a reminder to always be sceptical about new technology; use it to help inform your decisions and streamline your processes but don’t rely on it entirely. That is why we are AI-driven, but human-led.?

100,000+ ChatGPT Accounts Stolen Via Info-Stealing Malware?

Over the past year, information from more than 100,000 user accounts has been stolen by ‘information-stealing’ malware. Theft peaked in May, correlating with the breach on Open AI’s subscription-based model. Stolen personal data includes but is not limited to chat history, credit card details and personal account information. It stands to say that one should be wary of what information is provided to any site that asks for a subscription or personal details. Never be too eager to jump on the latest trend until it has been proven and tested.???

?

This is a warning for all ChatGPT users to take additional care when using the platform by ensuring no confidential information is shared (for example editing a company-confidential email, client work or drafting an internal email are some examples of what to avoid). In addition, we recommend using pseudonyms in copy and following password best-practices for increased anonymity.??

?

University of Manchester Cyber Attack?

The Russell Group’s University of Manchester fell victim to a cyber attack on the 6th of June after systems were accessed by an unauthorised party. The unauthorised access led to some of the students and alumni’s data being copied off the universities systems. After refusing to meet the hackers demands, threats have been circulated to both students and staff giving them a “last warning” before data is leaked. The University has promised that they have experts working on the matter and have released the following statement.??

"We understand that this will create concern for some, but we would like to assure our community that our internal and external experts are working around the clock to continue to address this and our investigations are continuing.?

We are asking all staff and students to remain vigilant of any suspicious emails, including those that appear to come from those responsible for this

Do not engage with or reply to these emails in any way.”?

?

New Skimmer Attack on Websites?

Website development is not for everyone, thus outsourcing this to providers have always been a valid market choice. But how is this website being protected? A new data skimmer has reached the wild and we can only hope that current systems will prevent data loss. This skimmer is said to be active in the United States, the U.K., Brazil, Spain, Australia, Estonia, and Peru. This skimmer is embedding itself in websites looking for credit card details with purchases. Be wary and keep your systems up to date.?

?

Switzerland Under Attack?

The Switzerland Federal Office of Police and the Swiss Customs and Border Security were both the unwilling victims in a data theft incident. A third-party marketing company had a breach in security that led to the data breach. The third party has come forth stating that the data was purely simulated and anonymous, however, there are reports that some of the data was correspondence between the customs agencies and their clients.?

?

$425 Million Fine Proposal by Ireland?

A new fine has been proposed by Ireland’s Data Protection Commission for violating EU General Data Protection Regulation in targeted LinkedIn adds.?

?

Alerts?

MOVEit Ransomware?

Dozens of large profile organisations have fallen victim to the new MOVEit ransomware. Produced by the notorious CLOP, the ransomware gang attacked the MOVEit platform leading to various implications for users of the system. The MOVEit system is a big data transfer company that was working with Health Service Ireland (HSE) and payroll services provider Zellis. The breach of Zellis has also led to further breaches of their clients, which include the BBC, British Airways and large retailer Boots. PwC has also released a statement confirming that they have also been affected by the breach.?

Microsoft?

Patch Tuesday?

In this month’s Patch Tuesday, Microsoft has fixed 78 flaws and 38 remote-code execution bugs (attacks that remotely run malicious code on a computer).??

Azure, Outlook Outages Caused by DDoS Attacks

The threat actor “Anonymous Sudan” has struck a vicious blow to Microsoft by bringing most of the Microsoft Office 365 services to a halt. They used a Distributed Denial of Service attack to render OneDrive, Outlook, and various other services useless for a while.?Microsoft writes:?

“Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.?

These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.”?

?

Google Chrome Zero-Day?

A newly discovered Google vulnerability which has been actively exploited in the wild and has now been fixed. As per usual, Google is withholding the information about this exploit until they are certain that most Chrome users have updated to the newest version. This is to keep as much information about how to exploit the system private until they are sure their clients are safe. However, CVE-2023-3079 has been assessed to be a high-severity issue and it was discovered by Google's researcher Clément Lecigne on June 1, 2023, and is a type confusion in V8, Chrome's JavaScript engine tasked with executing code within the browser.?

?

Highlights?

Cyber Dictionary:?What Is Cloud Storage??

Believe it or not cloud storage has nothing to do with actual clouds. Rather, it is a convenient and flexible way to store your data, as it allows you to access your files from any device with an internet connection, and easily share them with others.?

?

Anti-Phishing Quiz?

Can you spot the suspicious text message? Test your cyber security skills and see if you can identify the telltale signs of phishing attempts in our short quiz here. ??????

?

Cyber Security for Law Firms?

On Thursday the 22nd of June, the NCSC released a new document for law firms explaining the growing risk of cyber threats in the industry, with practical advice on how to reduce this risk. Read it here.?

?

Thank you for taking the time to read the June Cyber Security Threat Report. We look forward to sharing more with you over the next month. In the meantime, keep up to date with the latest news by checking out our Cyber Blog here.?