07 February 2020

IRM Weekly Cybersecurity Roundup: Garmaredon unleashes new weapons and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter.

Garmaredon unleashes new weapons in ‘Cyber Attack Testing Ground’

A report written by SentinelLabs indicates that the Pro-Russian ‘Gamaredon’ APT group has been evolving over the last few months to increase efforts against Ukraine.

The group has been attacking a larger number of victims and enhancing their cyber skills, such as using social engineering.

The idea behind Gamaredon is that the activities act as a testing ground for the Russian military to understand what a potential cyber warfare conflict would look like. The report suggests that these activities seem to sit in the “fifth cyber domain”. This effectively means that, when it’s impossible to fight politically or strategically, States can turn to cyber warfare.

You can read more here.

District of Columbia Government releases 2018 withheld cybersecurity report

District of Columbia Government leaders have released a cybersecurity report from 2018 which has been previously withheld from the public.

The report covers how the District is managing to prevent and prepare for a cyber-attack. It was previously withheld as it was deemed a security risk.

In summary, the report finds that the District lacks well-established coordination to safeguard cyberspace. It also criticises leaders for failing to implement previous recommendations, including performing cybersecurity risk assessments and the development of a contingency response plan for a cyber-attack on the power grid.

You can read more here.

82% of UK businesses not insured against cyber-attacks

A survey from insurance specialist Gallagher shows that only 1 in 5 UK businesses have cyber insurance, despite 2.3 million business leaders believing cyber-attacks are one of their biggest concerns.

One reason for the lack of insurance is due to many leaders believing that traditional business insurance covers losses from cyber-attacks.

Other statistics from the report include:

  • 59% of leaders in larger organisations see cyber-attacks and data breaches as a big issue
  • 80% of businesses experienced an issue with phishing attacks
  • 55% of leaders in manufacturing organisations believe cyber-attacks are an “issue mainly for other types of organisations”

You can read more here.

Australian logistics company shuts down after cyber-attack

Toll Group, an Australian transport and logistics company with a $8.7 billion revenue, fell victim to a ransomware attack last week which shut down its IT systems.

The large company turned to manual processes to allow them to continue operating. They have also increased staffing at their contact centres to assist with the increasing levels of customer service requirements.

The attack was a strain of the Mailto ransomware, which affected several customer-facing applications as a result.

Toll Group has shared details about the ransomware with law enforcement and the Australian Cyber Security Centre to generate more knowledge.

You can read more here.

Quick-fire Updates

French construction company hit by €10 million ransom: The ransomware attack on Bouygues Group has shut down all of the company servers and 200GB of data has been stolen. Read more here.

Stolen laptop from Health Share of Oregon leads to leaked PII: A vendor of the Health Share of Oregon, GridWorks IC, has had a laptop stolen which has led to the exposure of information of 654,362 members. Data included names, addresses, phone numbers, dates of birth, social security numbers etc. Read more here.

Mitsubishi Breach caused by antivirus software: The breach we covered last week at Mitsubishi Electric is now known to have been caused by a zero-day vulnerability in the company’s antivirus software. The breach allowed the attackers to access 40 services, 120 computers and 200MB of files were stolen. Read more here.

To find out more about IRM, Altran’s World Class Center for Cybersecurity, explore our cybersecurity services here.