Cyber Bytes banner RPC law

Cyber_Bytes - Issue 54

Published on 04 July 2023

Welcome to Cyber_Bytes, our regular round-up of key developments in cyber, tech and evolving risks.

NCSC's Cyber Threat Report on the UK Legal Sector

The UK's National Cyber Security Centre (NCSC) partnered with the Solicitors Regulation Authority (SRA), Action Fraud, and the National Crime Agency (NCA) to produce a report analysing current cyber security threats faced by the legal community. The report provides practical guidance on how organisations can remain alert to these growing threats.

Legal practices and lawyers have become an increasingly attractive target for cyber criminals. This is due to the essential role they play in the UK economy and wider society, as organisations in the legal sector routinely handle large amounts of money and highly sensitive client information.

The most common forms of attack which the report warns against include phishing, business email compromise and ransomware. Supply chain attacks have also been identified as a key threat against which organisations must remain alert. Many smaller firms outsource their IT and data responsibilities to specialist support companies. As recently highlighted by the MOVEit compromise (click here for our previous coverage on this), this can potentially have far-reaching ramifications on companies if a data breach occurs.

The report places an emphasis on organisations reporting cyber-attacks. This will allow the NCSC to provide support and incident response to mitigate harm and protect an organisation from future attacks.

Click here to read the full NCSC report.

Clop ransomware claims responsibility for MOVEit extortion attacks

The Clop ransomware group has claimed responsibility for the recent ransomware attack which exploited a zero-day vulnerability in the MOVEit Transfer tool designed to securely transfer sensitive files. The attack is estimated to have affected hundreds of companies globally which used this software.

The group began its attacks on 27 May, taking advantage of low staff presence at MOVEit over the US Memorial Day weekend. Servers belonging to corporations utilising the software were ultimately breached. The Clop group claims to have deleted all stolen data relating to governmental, military and hospital bodies, however these claims cannot be verified.

Zellis, a UK-based HR and payroll solutions provider has confirmed that a small number of its customer base has been affected by the data breach. This includes airline company Aer Lingus, who has however confirmed that no financial or bank details relating to current or former employees were stolen.

British Airways also confirmed that some of its data had been stolen as part of the Zellis breach. However, the British airline provider is yet to disclose any further details as to the nature of the affected data.

The Clop group stated on 6 June that it would begin to publish stolen data from 'hundreds of companies' on 14 June if a ransom was not paid, encouraging affected corporations to contact them to commence negotiations.

Click here to read the Bleeping Computer article.

Cyber risk firm, Resilience, evaluates the recent wave of attacks

A recent report from cyber risk firm Resilience has found that despite an increasing number of ransomware attacks, 80% of affected organisations are able to recover data and systems without giving in to ransom payment demands. Over the last quarter of 2022 and the start of the first quarter of 2023, the number of attacks is reported to have doubled.

However, new approaches to cyber risk such as balancing risk acceptance, mitigation and transfer, have prevented ransom payments from increasing in line with the rate of cyber-attacks.

Resilience reports that none of its clients made an extortion payment in 2022 and that they were half as likely to pay a ransom to recover systems during a cyberattack compared to industry averages. The company's new approach centres around bringing together risk, finance and security roles that have previously operated in silos to create "cyber resilience".

According to its annual claims report, the leading cause of loss is ransomware at 17.8%, transfer fraud at 17%, vendor data breaches at 11.8% and business email compromise at 10.4%. With regards to the leading point of failure, based on primary claim notices, phishing attacks are in the lead at 23.4%, followed by risk from third-party vendors at 22.1% of claims.

Click here to read the full article by Commercial Risk.

Cyber Threat Advisory: Fortinet Vulnerability

Cybersecurity solutions provider Fortinet has released a security advisory for a critical vulnerability in its SSL VPN. The service is widely used for gaining remote access in the public and private sectors. The vulnerability affects both the iOS and Android versions of the software and was identified during an internal audit of Fortinet’s codebase. Security experts believe that the vulnerability is being exploited to compromise affected devices remotely.

Incidents relating to the vulnerability have so far been associated to a Chinese-nation-state cyber group, Volt Typhoon (Insidious Taurus). A proof-of-concept exploit for the vulnerability has subsequently been published online, increasing the likelihood that a broader range of nation state and financially motivated cybercriminals will imminently begin to exploit it.

Corporations using the SSL VPN are being urged to consider disabling the service if it is not critical to business operations, or to apply Fortinet recommendations for hardening of FortiOS applications. In addition, corporations have been advised to review their systems for signs of exploit of the vulnerability. Potential indicators of compromise include an abnormal amount of ‘/remote/logincheck’ and ‘/remote/hostcheck_validate’ requests as well as suspicious reboots.

Click here to read the full S-RM article. 

UAE: ChatGPT used to launch cyber and ransomware attacks, says head of cybersecurity

Dr Mohamed Al Kuwaiti, Head of Cybersecurity at the UAE Government, recently appeared on a panel at the Cybersecurity Innovation Series Conference in Dubai. During the discussion, Dr Al Kuwaiti issued warnings surrounding the increased use of AI tools such as ChatGPT by threat actors.

AI services are being used to draft ransomware scripts and phishing emails which assist threat actors in curating more convincing attacks. With the use of generative AI on the rise, corporations must be alert to the rapid information processing capabilities of these tools and their ability to assist threat actors in the automation of their processes. This has the potential to contribute to a proliferation in the number of cyberattack attempts taking place globally.

Dr Al Kuwaiti confirmed that the UAE government had been the victim of recent cyberattack attempts. These attacks impacted crucial infrastructure such as electrical, energy, transportation, aviation, education and healthcare sectors, with the main focus of the attacks being the financial sector. In response to these growing threats, the UAE government has begun utilising AI tools in its cyber defence mechanisms alongside cloud security systems.

Raising public awareness of cybersecurity across the state will also be a key objective of the UAE government in the near-term future.

Click here to read the full MSN article.