Cyber Intelligence Weekly

Cyber Intelligence Weekly (Jan 23, 2022): Our Take on Three Things You Need to Know

Welcome to our weekly post where I will be sharing some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

You can also Subscribe to receive Cyber Intelligence Weekly in your inbox each week.

Before we get started on this week’s CIW, I’d like to highlight an interview that I did with Matt Tolbert, Senior Cybersecurity Examiner for the Federal Reserve of Cleveland. Matt and I talked about cybersecurity hot button issues for the those in the financial services industry. Some of the things we talked about are more than relevant than ever with continued resilience challenges due to COVID19, new and emerging threats and more. The full interview can be found here:

Away we go!

1. Loses $30 Million in Crypto Through Hack

Last week, confirmed that 483 of its users were affected in an attack that ended up resulting in unauthorized crypto withdrawals from their accounts, totaling over $30 million in lost funds.

The organization posted some details of the incident on their blog. According to a statement, their risk monitoring systems noticed unauthorized activity on a small number of user accounts where transactions were being approved without valid two-factor authentication. This caused the security team to shut down all transactions temporarily as they triaged the issue. This led them to fully upgrade the two-factor system to a truly multi-factor authentication program.

Later in the announcement the company reaffirms its commitment to security and compliance and also touts their recent SOC 2 announcement from November. Deloitte was their auditor for the SOC 2 report. If anything, this just highlights the huge chasm between truly great security programs and compliance.

Hopefully account holders get made whole in this mess. At least I get to use the “Dude Where is My Crypto?” meme again! That saved me some time this week…

2. Cyberattack Affects Red Cross Work, Exposes Confidential Data for Vulnerable People

The International Committee of the Red Cross (ICRC) suffered a cyberattack earlier this year. Per a statement on their website, the ICRC confirmed that personal information for over 500,000 individuals receiving services from the Red Cross and Red Crescent Movement were compromised in a sophisticated cyber security attack.

What is concerning about this attack is that the Red Cross has noted that the exposed information is related to highly vulnerable groups, including families and individuals that have been separated by conflict. Robert Mardini, ICRC’s director general, had the following to say to Cyber Scoop, “An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised. This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk.

The Red Cross did confirm that there was no ransomware in play during the attack, and what else is interesting about this is it seems as if they use a third-party organization to host these systems that were infiltrated and now taken down. While not all details are available, this appears to be another example of a third-party data security issue.

3. Hackers Got Comfy Inside Ukrainian Systems for Months Before Launching Attacks

As is typically the case in most cyber-attacks, it is being reported that hackers were in Ukrainian systems for months before deploying their destructive wiper malware. As tensions are mounting with troop buildup occurring on the Russian/Ukrainian border, so is the story regarding last week’s cyberattack that targeted Ukrainian government sites and infrastructure.

Journalist Kim Zetter breaks down intelligence gained from Cisco’s Talos Intelligence group. Her report notes that the researchers found indicators of compromise that suggested the attackers were in the networks since summertime.

Since the investigation is still on-going, additional details about the nature of the indicators of compromise were not available. Cisco has been assisting the Ukraine with incident response and forensics analysis for years, according to the report.

The most interesting part of Zetter’s report is how the Cisco representative remarks that the attacks on the Ukraine seem to be more of an opportunistic type of attack rather than a planned operation.

Matthew Olney, Director of Threat Intelligence at Cisco had this to say to Zetter, “If I were working for a national security organization, knowing that we were going to potentially be in conflict with another country, I would get access [to systems] without knowing what we’re going to do with it,” he said. “Here [it seems] they got access, and then decided what to do with it.”

I am not saying he is wrong, but if this was not a targeted attack, those hackers need to play the lottery, cause man…

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.