The most significant ransomware attack in July was the Kaseya attack conducted by the REvil (also known as Sodinokibi) ransomware group. The REvil operators exploited a 0day vulnerability in Kaseya’s VSA servers to bypass authentication measures and perform arbitrary code execution. Notably, this vulnerability had already been privately disclosed to Kaseya, though it remains unclear …
On 16 March 2021, an important new report on national defence and foreign policy in the UK was published – ‘Global Britain in a competitive age’.[i] While in the report there is a focus on traditional forms of defence and the promise of an increase in spending on military hardware – including nuclear warheads – …
The nexus between geopolitics and cybersecurity manifested in the announcement of a ‘highly sophisticated’ supply-chain attack against one of the biggest network management systems in the USA, SolarWinds. The attack, announced on 14 December, is now known to have affected the majority of Fortune 500 companies, US military and government, Intel, Microsoft, and many others …
Geopolitical and Cybersecurity Weekly Brief – 21 December 2020 Read More »
One of the biggest network management systems (NMS) in the USA, SolarWinds, announced on 14 December that it was breached in a ‘highly sophisticated’ supply chain attack. SolarWinds’ Orion platform, used to monitor network devices and critical servers, had its update server compromised to push Trojanised DLL files dubbed SUNBURST or Solorigate. These malicious DLLs …
SolarWinds Supply Chain Attack: Summary and Analysis Read More »
2020 has seen a wide range of attacks and the evolution of the threat landscape. Ransomware attacks have dominated the headlines, alongside state-sponsored APT groups targeting the global COVID-19 response effort. New threat actors have emerged, and well-established groups have persisted undeterred, using upgraded tactics, techniques, and procedures (TTPs). #1 Global malicious email campaigns Throughout …
Executive Summary Education remains a significant focus for threat actors as students receive exam results and return to schools and universities. Both the FBI and NCSC released warnings concerning ransomware targeting educational institutions, and student and faculty data is seriously at risk. In Germany, the ‘real world’ effects of a ransomware attack were felt when …
Geopolitics and Cybersecurity Weekly Brief – 21 September 2020 Read More »
Threat analysts at Cyjax have uncovered multiple mass credential harvesting campaigns that have recently been targeting cybersecurity companies, government entities, and organisations in a range of other sectors. Reverse engineering these campaigns revealed the attacker’s infrastructure and stolen data store. Throughout July and August 2020, we detected two separate credential harvesting campaigns targeting accounts for …
Credential harvesting campaigns target governments and cybersecurity companies Read More »
Attacks and cybersecurity news A Catholic bishop and a priest in Togo, among others, have been revealed as the latest victims of spyware created by NSO Group. This is the first time that the Pegasus spyware is known to have been used against members of the clergy. WhatsApp alerted Bishop Benoît Alowonou and five other …
Geopolitical and Cybersecurity Weekly – 10 August 2020 Read More »
COVID-19 Cybersecurity Update A study conducted by VMware Carbon Black has revealed that enterprises are reporting an increase in cyberattacks since restrictions on free movement have been implemented. There was a 92 per cent increase in COVID-19-inspired malware. Singapore saw a 43 per cent increase in the number of attacks; 67 per cent of them …
Geopolitical and Cybersecurity Weekly – 27 July 2020 Read More »
COVID-19 Cybersecurity Update The US National Security Agency (NSA) and the UK National Cyber Security Centre (NCSC) have disclosed new information regarding Russian threat group APT29 targeting research organisations worldwide. The group is believed to operate on behalf of the Russian intelligence services. The campaign against organisations participating in coronavirus (COVID-19) vaccine development also targeted …
Geopolitical and Cybersecurity Weekly – 20 July 2020 Read More »
