AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/02/2023

City of London on High Alert After Ransomware Attack 

A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. Ion Cleared Derivatives released a brief statement on Tuesday saying that it experienced a “cybersecurity event” that day which affected some of its services. “The incident is contained to a specific environment, all the affected servers are disconnected and remediation of services is ongoing. Further updates will be posted when available,” it addedReports suggest 42 clients have been impacted by the attack on the provider, whose software plays a key role in derivatives trading around the world. It has been linked to the prolific Lockbit group which recently caused major disruption to the Royal Mail. 


Discrepancies Discovered in Vulnerability Severity Ratings 

A new study this week is sure to raise more questions for enterprise security teams on the wisdom of relying on vulnerability scores in the National Vulnerability Database (NVD) alone to make patch prioritization decisions. An analysis by VulnCheck of 120 CVEs with CVSS v3 scores associated with them shows almost 25,000 — or some 20% — had two severity scores. One score was from NIST, which maintains the NVD, and the other from the vendor of the product with the bug. In many cases, these two scores differed, making it hard for security teams to know which to trust. 


Record $3.8bn Stolen Via Crypto in 2022 

North Korean state-backed hackers and insecure decentralized finance (DeFi) protocols helped to make 2022 a record year for cryptocurrency heists, according to ChainalysisThe blockchain analysis company teased the figures ahead of an upcoming annual crypto crime report. A total of $3.8bn was stolen from cryptocurrency firms last year, 82% of which resulted from targeting of weaknesses in DeFi protocols. This was up from 73% the previous year. North Korean hackers stole $1.7bn, the vast majority of which ($1.1bn) came from DeFi, and particularly the attack on Ronin Network in March, which was calculated at the time to have cost the firm $618m. 


US Senator Calls on Apple and Google to Ban TikTok From App Stores 

United States Senator Michael Bennet today penned a letter to the chief executives of Apple and Google demanding that they ban Chinese-owned TikTok from their app stores on national security grounds (via The New York Times). Bennet, a Democrat of Colorado and member of the Senate Intelligence Committee, sent the letter to Apple’s Tim Cook and Google’s Sundar Pichai, saying that no company subject to “Chinese Communist Party dictates should have the power to accumulate such extensive data on the American people or curate content to nearly a third of our population.” 


Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms 

Security researchers on Feb. 2 reported that they have detected a cyberattack campaign by the North Korean Lazarus Group, targeting medical research and energy organizations for espionage purposes. The attribution was made by threat intelligence analysts for WithSecure, which discovered the campaign while running down an incident against a customer it suspected was a ransomware attack. Further investigation — and a key operational security (OpSec) slip-up by the Lazarus crew — helped them uncover evidence that it was actually part of a wider state-sponsored intelligence gathering campaign being directed by North Korea. 

Related Posts