As we approach the end of 2023, the cybersecurity landscape continues to evolve with notable incidents and developments.
Here's a more detailed recap of the top cybersecurity news for December:
1. Ukraine's Largest Mobile Operator Targeted by Russian Cyber Attack:
Kyivstar, Ukraine's largest mobile network operator, found itself at the center of a significant cyber attack with far-reaching consequences. The attack, attributed to the ongoing conflict with Russia, struck at the heart of Kyivstar's infrastructure, disrupting internet access, mobile communications, and even air raid alert systems in parts of Kyiv. CEO Oleksandr Komarov, attributing the attack to the broader cyber warfare associated with the war, revealed that the company had to physically shut down Kyivstar to limit the enemy's access. The situation escalated as the Russian hacktivist group Killnet claimed responsibility via a statement on the Telegram messaging app. Despite the attack, Kyivstar assured subscribers that personal data remained uncompromised, and efforts were underway to restore services. This incident serves as a stark reminder of the vulnerabilities faced by critical infrastructure during geopolitical conflicts and the broader implications of cyber warfare.
2. HTC Global Services Confirms Cyber Attack by BlackCat Ransomware Group:
HTC Global Services, an IT services and business consulting company, confirmed falling victim to a cyber attack orchestrated by the BlackCat ransomware group. The group, also known as ALPHV, demonstrated the severity of the attack by leaking sensitive data, including passports, contact lists, and confidential documents. While HTC acknowledged the cyber security incident, details surrounding the attack's nature and extent were limited. Cybersecurity researcher Kevin Beaumont suggested a potential vulnerability in Citrix Bleed as the attack vector. The incident underscores the persistent threat of ransomware groups and the imperative for organizations to bolster their cybersecurity measures to safeguard user data and protect against evolving attack vectors.
3. Star Blizzard Spear-Phishing Campaign Linked to Russian FSB:
The cyber threat landscape saw the continuation of targeted spear-phishing campaigns, with the Star Blizzard group taking center stage. International cybersecurity advisories from multiple governments pointed to Star Blizzard's involvement in successful spear-phishing attacks against organizations and individuals in the UK and US. The advisory suggested that Star Blizzard, formerly known as SEABORGIUM, is almost certainly subordinate to the Russian Federal Security Service (FSB) Centre 18. The threat actor, active since 2019, has been particularly focused on academia, governmental organizations, NGOs, think tanks, and politicians. The UK Foreign Office responded by summoning the Russian ambassador and imposing sanctions on a Russian intelligence officer and a Star Blizzard group member. The complex tactics employed by Star Blizzard, including reconnaissance, impersonation, and the use of open-source frameworks, highlight the evolving nature of state-sponsored cyber threats.
4. Phishing Surge Exploiting Adobe InDesign:
A surge in phishing attacks leveraging Adobe InDesign raised concerns among cybersecurity experts. Barracuda researchers reported a nearly 30-fold increase in malicious emails carrying Adobe InDesign prompts since October. The attackers, using the top-level domain ".ru," strategically hosted their content behind a content delivery network (CDN) to obscure the source and evade security technologies. The emails, adorned with legitimate brand logos likely scraped from websites, aimed to trick recipients into clicking on malicious links. The attacks employed tactics such as using known and trusted domains, creating convincing social engineering attacks, and redirecting recipients to another web page to avoid detection. The surge in phishing attacks emphasizes the need for organizations to enhance their cybersecurity measures and educate employees on recognizing and reporting phishing attempts.
5. Surge in Business Email Compromise (BEC) Attacks on Law Firms:
Law firms found themselves facing a surge in targeted Business Email Compromise (BEC) attacks, with threat actors evolving their tactics to bypass multi-factor authentication (MFA). S-RM, a cybersecurity risk consultancy, highlighted the increasing sophistication of threat actors in recent BEC cases targeting legal organizations. The attackers successfully circumvented MFA through methods like stealing session cookies and utilizing advanced phishing techniques. Notably, threat actors pursued persistent access, allowing for long-term exploitation following a single MFA breach. The advancements in phishing techniques, including manipulating IP addresses, geolocation data, and targeting remote-working platforms like Microsoft Teams, pose significant challenges for law firms. The implications of successful BEC attacks extend beyond financial loss, encompassing reputational damage, increased regulatory scrutiny, and impacts on insurance and professional indemnity premiums.
6. Business Communication Risks in Popular Messaging Apps:
The 2023 Business Communication Risk Report from SafeGuard Cyber shed light on the growing risks associated with popular messaging tools such as WhatsApp, Telegram, Teams, and Slack. Organizations reported a surge in security incidents linked to employees using messaging apps, particularly in bring your own device (BYOD) environments. The report revealed that 66 percent of threat indicators were found in transient messages associated with cloud-based collaboration tools. The proliferation of cloud-based collaboration tools has given rise to a new attack category: business communication compromise (BCC). Threat actors are exploiting these tools to compromise login credentials, financial reports, and other proprietary data. The report highlighted the need for organizations to adjust their security strategies, focusing on greater visibility over business communication channels and adapting to human behavioral patterns. As employees increasingly use messaging apps for business purposes, the report emphasized the importance of unified visibility and contextual analysis to counteract potential threats.
