There's a new threat in town & the sun is setting on Suncor

We have now reached 19,180 subscribers. Thanks for your support! Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network!

1. Malvertising is the new threat in town

‍

Threat actors behind the BlackCat ransomware are using malvertising to distribute malicious installers disguised as the WinSCP file transfer application. The malware includes a Cobalt Strike Beacon and employs legitimate tools for network discovery, lateral movement, and data exfiltration. The attackers aim to gain administrator privileges and establish persistence. This incident highlights the ongoing trend of malware distribution through advertising platforms. The ransomware landscape continues to evolve with the emergence of new groups like Rhysida and the adaptability of existing ones, such as the Conti/TrickBot syndicate. (gizmochina)

‍

My thoughts: The use of malvertising to distribute malware reveals two important things… 1. the need for endpoint management; a solution that detects when something is not right and/or anomalies arise. Anti-virus is NOT enough! 2. A solution that is able to detect lateral movement by threat actors inside your network like SentinelOne Identity.

‍

2. Pension and insurance hacked!

‍

The compromise of PBI Research and The Berwyn Group's MOVEit installation has led to millions of insurers being affected. The theft of data from pension systems and insurance companies including personal information, such as names and social security numbers, have been compromised. Steps are being taken to mitigate the harm, such as notification letters and credit monitoring services for affected individuals. (helpnetsecurity)

‍

My thoughts: The incident involved a third-party vendor, hence emphasizing the importance of third-party risk management strategies incorporated in a company to enhance its cybersecurity posture.  Be sure to regularly meet with your suppliers and partners to ensure their standards are up to yours!

‍

3. University hacking affects National Health Service

‍

Over a million NHS patients' details have been compromised in a cyber attack targeting a dataset from 200 hospitals. The attack took place during a ransomware incident at the University of Manchester. The breached information includes NHS numbers and partial postal codes of patients. The extent of the breach and the number of affected patients is still unknown. NHS leaders have taken immediate action, closing the affected dataset and warning of potential public exposure. Previous cyber security challenges and outages within the NHS have raised concerns about its vulnerability. The University of Manchester is cooperating with authorities, including the ICO and NCSC, to investigate the breach. NHS England has declined to comment on the matter. (independent.co.uk)

‍

My thoughts: It seems like the institution was warned about potential vulnerabilities. Does this mean there will be consequences for their dismissal? Who knew? Who will be held responsible? In my opinion, more corporate executives will be held accountable in these situations. Will we see a follow-up on how they properly secure their networks moving forward?

‍

4. The sun is setting on Suncor

‍

Suncor, the oil and gas company based in Calgary, couldn’t sign into their network two Fridays ago. They confirmed a breach two days later admitting that transactions with partners and clients might be affected. Multiple Petro-Canada stores were unable to take credit or debit card payments. (insurancebusiness)

‍

My thoughts: Suncor will lose money, brand reputation, and probably some clients. However, the worst part is the obvious fact that there are vulnerabilities related to our energy sector. Moreover, there are potential vulnerabilities to our critical infrastructure. As a nation, it is important to prioritize the safety of critical/essential services and infrastructure above all else.

‍

5. Have you heard?

‍

Check out our new partners at Abnormal Security. The reason why Assurance IT decided to make this strategic investment with Abnormal is due to their platform's effectiveness at significantly mitigating losses related to business / vendor email compromise by leveraging advanced user behavior profiling and behavioral data science.

‍

Abnormal offers a free non-invasive, minimal-overhead, Email Risk Assessment which highlights the residual risk that is bypassing an organization's existing email security controls. Check out our new partners Abnormal Security.

‍