Cyber Threat Intelligence Report - September 2024

Welcome to our latest edition of the Monthly Cyber Threat Intelligence Report.?

Autumn is a changing time of year, with striking colours appearing in nature and a return to normal after all the fun of the summer slowdown. For cyber security, however, there’s no such luxury—with new breaches and vulnerabilities reported daily, there’s plenty for us to keep up to date with and watch out for in the future.?

We’ll update you on existing breaches and investigate some notable stories. Then, in our regular monthly ‘deep dive’, we’ll examine APT29, also known as ‘Cozy Bear’.??

Breach of the Month: A Wake-Up Call for Security Testing?

In August 2024, Ronin Networks, an Ethereum blockchain virtual machine developed for gaming, experienced a breach orchestrated by white-hat hackers. The hackers breached Ronin's network to expose vulnerabilities that criminal actors could have otherwise exploited.?

The attackers accessed Ronin Networks’ internal systems, and vulnerabilities across the company’s infrastructure were identified, including outdated software, weak access controls, and unpatched security flaws. The attackers withdrew 4000 ETH and $2m USDC with a value of around $12m – the maximum withdrawal in a single transaction, highlighting the potential impact had this been a malicious attack.??

Impact of the Breach on Ronin Networks?

The breach forced Ronin to temporarily shut down several systems, review its security policies, and bolster its defences. In their post-breach report, the white-hat hackers revealed how easily attackers could have compromised sensitive data or disrupted operations without proper mitigations.?

Regular penetration testing, vulnerability scanning, and red-teaming exercises are critical to identifying and remediating security gaps before malicious actors exploit them. White-hat hacking engagements are valuable because they simulate real-world attacks, revealing weaknesses that may not be apparent through automated tools alone.??

In Ronin’s case, the ethical hackers provided a detailed roadmap for improving network security, allowing the company to strengthen its defences and prevent future attacks. This attack was not malicious but carried out by a group who wanted to pre-warn, with their reward being a $500k bounty rather than illegal gains.?

Best Practice Recommendations?

Only some companies will be lucky enough to benefit from a White-Hat attack; more are breached by groups looking to steal data, ransom information, or disrupt business. Adopting best practices in cyber security is essential to ensure cyber resilience:?

?

• Regular patch management and system updates are essential for reducing the attack surfaces available to attackers.??

• Implementing strict access control policies, such as multi-factor authentication (MFA) and the principle of least privilege (POLP), can limit exposure during a breach.??

• Routine network monitoring, anomaly detection, and intrusion prevention systems (IPS) can help identify suspicious behaviour before an attacker gains a foothold.?

• Invest in training staff to recognise and respond correctly to phishing and social engineering attacks.??

• Leveraging ethical hacking services and conducting periodic security audits can identify vulnerabilities before they become a liability.??

The breach at Ronin Networks reminds us that cyber security is not a one-time investment but an ongoing process requiring constant vigilance and testing.?

Continue reading: September Cyber Threat Intelligence.pdf