The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.

OVERVIEW

Cyber Threat Intelligence Briefing

Hacker poisons water supply

  • An unknown adversary hacked into a Florida water treatment plant and attempted to increase the acidity of the water to toxic levels. The attack was subverted by a plant operator before it could cause any harm to the public.[1]
  • The adversary used TeamViewer to take control of the terminal. The plant operator discovered the attack after he noticed his mouse moving without his control.

So what? Organisations should ensure that all remote connections to corporate infrastructure require multi-factor authentication and that logs are monitored for suspicious connections.

Google removes two applications due to malicious updates

So what? Ensure your employees only install apps and / or browser extensions that have been reviewed and approved by your IT team.

Ethical supply chain attack successful against 35 tech firms

So what? Consider how a bug bounty program or pen testing can help your organisation uncover vulnerabilities through third-party security researchers.

Ukraine’s police reel-in author of the notorious U-Admin phishing kit

So what? The author may be arrested, but the source code is still out there for other criminals to leverage and improve upon. Arm your employees through effective phishing awareness training.

RDP attacks increased by 768% in 2020, but slowed in Q4

So what? RDP attacks will continue in 2021. Strong password security, multi-factor authentication, and a robust patching strategy are strongly advised.

Use Adobe or Windows? Then it’s time to patch

So what? Installing patches as they become available is a core element of a healthy security strategy.

References:

[1] ‘Remote Hacker Caught Poisoning Florida City Supply’, SecurityWeek, 8 February 2021.

[2] ‘Barcode Scanner app on Google Play infects 10 million users with one update’, Malwarebytes, 5 February 2021.

[3] ‘The Great Suspender Chrome extension’s fall from grace’, Bleeping Computer, 6 February 2021.

[4] ‘Researcher hacks over 35 tech firms in novel supply chain attack’, Bleeping Computer, 9 February 2021.

[5] ‘Ukraine’s police arrested the author of the U-Admin phishing kit’, Security Affairs, 9 February 2021.

[6] ‘ESET Threat Report Q4 2020’, We Live Security, 8 February 2021.

[7] ‘Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands’, Coveware, 1 February 2021.

[8] ‘Microsoft Patch Tuesday, February 2021 Edition’, Krebs on Security, 9 February 2021.

[9] ‘Attackers Exploit Critical Adobe Flaw to Target Windows Users’, Threat Post, 9 February 2021.



Source link

Is your business effected by Cyber Crime?

If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.

Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/

Europe +31558448040
UK +44 20 8089 9944
ASIA +85239733884