April 2022 Newsletter

Posted By: Mark Tuesday 3rd May 2022 Tags: , , , , , , ,

This month we look at threat intelligence for dealing with cyber attacks, the cost of email breaches, a Microsoft report on the Russia-Ukraine war, Cloudflare blocks largest HTTPS DDoS attack on a crypto customer, and a self-driving car makes a run for it from the police.

Threat Intelligence for Cyber Attacks

Cyber Attack Threat Intelligence

With the ever increasing threat of cyber-attacks, most businesses are now taking notice and taking measures to address the issue. However, one activity that many companies continue to skip is threat intelligence.

What is Threat Intelligence?

Threat intelligence is the gathering of data that is collected, processed and analysed to understand the motives, targets, and attack behaviours of cyber criminals and their related threats to systems and applications. Threat intelligence enables security professionals to make faster, better-informed, data-backed security decisions, allowing the fight against threats to be proactive rather than reactive.

Threat intelligence information can be gathered internally and from external sources and resources. Internal sources can be things such as company log files, and data from previous threat experiences, while external sources may be following government cyber security news, or following IT security updates from other companies.

Threat intelligence differs from cyber security by being the monitor of threats, where cyber security is the tools put in place to actively combat cyber-attacks and protect systems and applications.

Why is threat intelligence important?

Crowdstrike says that threat intelligence is important for the following reasons:

  • sheds light on the unknown, enabling security teams to make better decisions
  • empowers cyber security stakeholders by revealing adversarial motives and their tactics, techniques, and procedures (TTPs)
  • helps security professionals better understand the threat actor’s decision-making process
  • empowers business stakeholders, such as executive boards, CISOs, CIOs and CTOs; to invest wisely, mitigate risk, become more efficient and make faster decisions

What are threat intelligence tools?

In combating cybersecurity threats, security professionals use a wide range of threat intelligence tools and services to protect vital networks. Netscout lists some of the most common threat intelligence tools as:

  • Cybersecurity programs – These programs typically assist with threat detection and threat management.
  • Threat Intelligence Supplier – Third-party companies provide intelligence gathering services to monitor for threats.
  • Reverse Engineering Malware – Incident response teams can address malware by reverse engineering the threat, analyzing it, then developing strategies to defend against it.
  • Web Proxy – By inspecting inbound traffic, web proxies can be used to prevent new infections, following an incident where a malicious website has been inadvertently visited.

How Threat Intelligence can be used

Make Use Of (MUO) lays out some of the ways threat intelligence can be used.

Understanding Threat Alerts

Many businesses use software to alert them of suspicious activity on their network. Threat intelligence helps them gain a better understanding of these alerts and determine which ones require action.

Faster Incident Response

The effectiveness of incident response often relies on speed. If a network intrusion occurs, the potential damage is dependent on how long the intruder is allowed to remain within the network. Threat intelligence plays a vital role in recognising that attacks are occurring and increasing the speed at which the company stops them.

Vulnerability Management

Threat intelligence includes research on the latest software vulnerabilities. While all software should be patched, some businesses fail to do so. Threat intelligence ensures that if a piece of software has a known vulnerability, somebody at the company is aware of it.

Partner Analysis

Companies are often attacked not because of their own mistakes but because one of their business partners has been compromised. Threat intelligence can be used to potentially avoid this scenario. If a service that your company relies on has been hacked, threat intelligence should alert you to this fact.

LaneSystems offers valuable threat intelligence and cyber security services to keep your business safe from cyberattacks and cybercriminals. We can help protect your data and mitigate the actions of ransomware, phishing, data breaches, malware and other cyber threats. Contact us today.


Email Breach

Email Breaches Costing Business

A survey of business customers using Microsoft 365 for email has found that 89% of organisations experienced one or more successful email breaches during the previous year, leading to major costs, while an overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware.

The survey examined concerns with phishing, business email compromise (BEC), and ransomware threats, attacks that became costly incidents, and preparedness to deal with attacks and incidents.

Inbound Threats

The report says: “Security team managers are most concerned that current email security solutions do not block serious inbound threats, particularly ransomware, which requires time for response & remediation by the security team, before dangerous threats are triggered by users,”

Less than half of those surveyed suggested that their organisations can block delivery of email threats. Also, under half of organisations rate their currently deployed email security solutions as ‘effective.’

Increase In Email Phishing & Ransomware Attacks

Protections against impersonation threats are viewed as least effective, followed by measures to find & block mass-mailed phishing emails. So, unsurprisingly, the number of email breaches per year has almost doubled since 2019, most of them due to successful phishing attacks that compromised Microsoft 365 credentials.

Overall, according to the survey, successful ransomware attacks have increased by 71% in the last three years, Microsoft 365 credential compromise increased by 49% and successful phishing attacks increased by 44%.

LaneSystems are experts in Microsoft 365, and providing effective cyber security services and cyber safety training for your business. Talk to us today.


Microsoft Report - Russia Ukraine War

Russia Ukraine War Microsoft Report

When Russia invaded Ukraine, cyber security experts around the world warned businesses and individuals to be prepared for the conflict to include the first major cyberwar, with other countries being either directly targeted, or collateral damage, from cyber-attacks.

Although the expected cyber threats apparently failed to materialise, Microsoft has now released an in-depth report noting cyber-attacks and intrusions at the start of the war that were previously undisclosed, suggesting that hacking played a larger role in the conflict than had been publicly known. Researchers say cyber attacks began one year prior to Russia’s Feb. 24 invasion, and may have laid the groundwork for different military missions in the war-torn territory

It carries on to say it then saw six Russia-aligned, state-sponsored hacking groups launch over 237 cyberattacks against Ukraine starting in the weeks before Russia’s February 24 invasion, and reports that Russian cyberattacks against Ukraine were “strongly correlated” or “directly timed” with its military operations in the country.

Destructive & Info-Stealing Malware Attacks

ZDNet noted from the report that on March 1, several Kyiv-based media companies were struck by destructive and information-stealing malware, which coincided with a missile strike on a Kyiv TV tower on the same day. And on March 13, a suspected Russian nation-state actor stole data from a nuclear safety organization, aligning with Russian troops seizing the Chernobyl nuclear power plant and the Zaporizhzhia Nuclear Power plant.

Taking a closer look at Russia’s use of destructive malware during and before the invasion, it observed a total of 37 Russian destructive cyberattacks inside Ukraine between Feb. 23 and April 8 through eight known destructive malware families, including FoxBlade, CaddyWiper and HermeticWiper.

As Reuters reports: “Since the start of the war, academics and analysts have said Russia appeared to be less active in the cyber domain against Ukraine than expected. The Microsoft report reveals a flurry of malicious cyber activity, although its impact in most cases has been either unclear or not immediately evident.”

You can read the full Microsoft report here

UK businesses have been warned to be on alert for cyber attacks during this conflict. LaneSystems can help to protect your company with a range of IT services and can make sure you’re Cyber Essentials certified. Call us today.


Cloudflare DDoS attack

Cloudflare Blocks Massive DDoS Attack On Crypto Customer

Early this month internet infrastructure giant, Cloudflare, detected and prevented a massive distributed denial-of-service (DDoS) attack on a cryptocurrency platform. It was notable because it was launched over HTTPS and primarily originated from cloud datacenters rather than residential internet service providers (ISPs).

Largest HTTPS attack on record

At 15.3 million requests-per-second (rps), the bombardment was up there amongst the largest DDoS attacks seen, and became the largest HTTPS attack on record.

A botnet of approximately 6,000 unique bots from around 1300 different networks, globally, hit the customer in a burst lasting approximately 15 seconds. The most traffic, 15%, came from Indonesia, while Russia, Brazil, India, Colombia, and the United States generated significant numbers, but the attack involved traffic from 112 countries overall.

Software-based system beats back attack

Cloudflare said the attack, which was auto-detected and mitigated by their systems, was carried out by a botnet they had been monitoring and were aware of the patterns and large size. Attacks across the network can be controlled through monitoring and analysing system traffic samples and mitigated without the need for human intervention.

As described by The Register: “The use of a volumetric HTTPS DDoS attack rather than a more typical bandwidth strike was unusual. In a bandwidth DDoS attack, the goal is to jam a target’s internet connection with a flood of messages, making it difficult for legitimate customers to get into the site.”

“In an HTTPS attack, the botnet overwhelms the target’s server with massive numbers of HTTP requests, eating up compute power and memory with the same goal of making it near impossible for legitimate users to access the website.”

Cloudflare commented: “While this isn’t the largest application-layer attack we’ve seen, it is the largest we’ve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection. Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”

LaneSystems can help protect your business from cyber-attacks. Contact us today to find out how we can keep you cyber safe.


Driverless Car Flees Police Stop

Driverless Car Flees Police Stop

A video appeared earlier this month of a driverless car being stopped by San Francisco police and then attempting to drive away.

The self-drive Chevrolet Bolt EV was pulled over, one evening, for driving without any headlights. The Instagram video shows a confused officer trying the door while shouting to his partner that there’s nobody in the vehicle. Then, as the officer walks back to his police car, the self-drive vehicle appears to drive away before pulling over to a stop a few hundred feet away.

Cruise, the General Motors-owned company, said that the car wasn’t trying to make a run for it. They said the vehicle stopped for the police, and once the officer was clear it then relocated to the nearest safe location.

The company blamed human error for the lack of lights, and any problem has since been fixed. No ticket was issued.

First Responder Information Guides

Autonomous vehicle (AV) developers in the US, like Cruise and Waymo, have prepared guides for first responders on how to interact with the vehicles in case of emergencies. Cruise said it works closely with the police, has a dedicated phone number for them to call, and also provides all first responders with information videos for interacting with their vehicles.

A problem that’s likely to grow around the world as more self-drive vehicles fill the roads, the law commissions for England and Wales and the Scottish Law Commission recommend legal changes to deal with self-driving vehicles. The independent bodies, which monitor and review UK legislation, recommended that if anything goes wrong, the company behind the autonomous driving system would be responsible, rather than the driver.

Other Driverless Traffic Stops

In 2015, a Google self-driving car was stopped in Mountain View, California, for going just 24 mph (39 km/h) in a 35 mph (56 km/h) zone. On that occasion, no ticket was issued, as the officer decided that no law had been broken.

In 2019, a police officer in Providence, Rhode Island, pulled over one of May Mobility’s low-speed autonomous shuttles. The six-person shuttles run a 12-stop urban loop to and from a train station, but on the first day of operations, one was stopped by an officer who was unfamiliar with the vehicle. No charges resulted from that interaction, either.

Also in 2019, a driverless Tesla was stopped after its owner used the car’s remote summon feature in Florida. However, in that case, the incident was staged by a YouTuber.