Archives: Briefings

Increasing posturing and geopolitical tension suggests that cyber warfare may become a key weapon in the behind the scenes battle for nations. Given the history of global cyber warfare and nation state involvement the following critical infrastructure functions are likely to become the target of both basic and elaborate disruption. Energy firms, capitalising on the fear of supply issues, water treatment, health and hospitals, finance institutions, government administration and banking and logistics. Firms and government institutions should check their protection from distributed denial of service and external perimeters. Practicing for recovery and making a plan for continued operations under duress are advised.

In a seemingly sharp increase in activity, Lazarus group, the alias for APT38 and widely attributed to be a North Korean nation-state threat actor has doubled down on Crypto theft, going after crypto.com to acquire funds. However the most recent activity points to spear phishing attacks using Microsoft documents and piggy backs on legitimate windows update mechanisms. The target for the command and control activity is a GitHub repository, which again may be difficult to spot from legitimate traffic on your proxy.

Two new security aligned software products have been launched this week. x x Messenger has been released to provide instant messaging with encryption that cannot be reversed with quantum computing. Secondly Quantinuum a company created from Honeywell International has released a product called Quantum Origin. It creates quantum encryption keys that enable information to be protected. No matter how much encrypted material is collected it cannot be reversed. This year may become the year of Quantum as the cyber security buzzword.

An Android remote access trojan that is dubbed Brazilian Remote Access Tool Android has been found to be targeting UK, Poland, Italy and Latin American banking customers. It spreads through SMS phishing, encouraging customers to download a new security software. Once installed it downloads further malware and combined can redirect you to fake banking websites, capture your credentials and then move money to the attackers fund sources. Once a transaction is complete the app can trigger a factory reset which removes evidence of the attack.

Recent attacks against individuals in Hong Kong have targeted older versions of Apple’s MAC operating system. The attack makes use of a vulnerability and the use of Safari to extract the iCloud Keychain, the location of stored credentials for remembered sites. It is advised to avoid the use of Safari remembered passwords on older Apple Mac devices.