Cyber Intelligence Weekly (January 15, 2022): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let me know!

Before we get started on this week’s CIW, I’d like to share that we will be hosting another webinar with our friends at PlexTrac this coming Tuesday, January 17 at 1pm EST. Without mature processes, even the best cyber teams and most advanced technologies are no match for bad actors. Clearly defined goals and documented processes — followed consistently — are necessary to truly make and demonstrate progress. While not the most exciting aspect of program building, creating and managing good processes across your security team is vital in maturing your program and its capabilities.

Echelon Risk + Cyber and PlexTrac are pleased to present part three of our webinar series diving into the key areas of your offensive security strategy: people, process, and technology. This installment will focus on your processes — an important but often overlooked element of an organization’s security posture.

We’ll discuss the most important decisions your security team must make relating to processes, including:

• Documenting your strategy, mission, and goals
• Aligning a strategic vision to an actionable plan
• Executing on processes consistently through tooling and training
• Building in checkpoints and evaluation

Our experts in offensive security will share tips on how to create a strong foundation on which your program can build by strengthening and standardizing your processes to fight back against the growing complexity of security threats.

Sign up HERE!

Away we go!

1. Royal Mail Service Interrupted After Ransomware Attack

According to reports from the Financial Times and a statement on the Royal Mail website, the primary postal service in the United Kingdom has been hit hard by a ransomware attack. According to the reports, the attacks have caused serious disruptions to all overseas shipping operations.

According to a document reviewed by the Financial Times, the critical mail service has been targeted by the prolific LockBit hacking group. The LockBit group operates an affiliate-based ransomware-as-a-service (RaaS) that employ a wide variety of tactics, techniques, and procedures (TTPs).

LockBit has been used against over 1,000 victims in the United States and other countries. It initially surfaced in January 2020. Members of LockBit have demanded at least $100 million in ransom from those victims and have received actual ransom payments totaling tens of millions of dollars from them.

For a full breakdown of LockBit TTPs and IOCs as well as recommendations for mitigation, please see this FBI Flash report from last year.

2. Police App Leaks Secret Details About Raids and Personal Data About Suspects

A new report from Wired details a story about the SweepWizard app, which was built by ODN Intelligence to help facilitate police departments and other disparate law enforcement organizations to better carry out raids. According to their previous Apple App Store description, “Sweep Wizard allows officers to quickly and easily deploy multi agency sweep or warrant operations.”

When trying to access their website (ODINIntelligence [dot] com), it appeared to have been hacked.

According to the Wired article, there was an error in SweepWizard’s API that allowed anyone with the specific URL to retrieve confidential information directly from the application. Journalists from Wired downloaded the app and confirmed that the API’s were returning data without authorization. Wired found data from law enforcement sweeps that dated as far back as 2011 and as recent as December 2022.

3. FAA Blames Massive Outage on Database Integrity Issue

It was an event filled week for air travelers (including myself!) on Wednesday morning after a technical issue caused a major disruption to the Federal Aviation Administration’s (FAA) Notice to Air Missions (NOTAM) system. While a cybersecurity attack has not been completely ruled out, most signs are pointing to an issue with corrupt data being introduced to the system, that caused it to crash. This led to a complete system shutdown and reboot, which delayed all flights across the country for around 90 minutes.

Previous reports from the FAA point to old hardware and legacy software that is keeping the NOTAM system together, “Many components within the Federal NOTAM System (FNS) are running on old hardware and improvements in the system architecture are needed.”

While adversarial cybersecurity issues don’t appear to be involved in this system outage, it still highlights the need for high integrity and availability of critical systems. These types of goals can be achieved through regular business impact analysis assessments as well as drilling incident response plans, identifying single points of failure, and rehearsing these types of issues with key system stakeholders.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about