#NSBCS.006 - The Invisible Hand of Cybercrime
The Invisible Hand of Cybercrime - Access Brokers Targeting Australia
NSB Cyber recently undertook Cyber Threat Intelligence (CTI) research on the current state of the Initial Access Broker (IAB) market both globally and domestically. IABs have quickly become one of the most essential players in the cybercrime underground, providing a critical service to ransomware gangs, nation-state actors and hacktivists alike.
Our research identified that between January 1 and September 30, 2023, there were 1,586 instances of IABs selling company access globally, with 62 of those relating specifically to Australia. We took our research a step further and identified that at least 9 of those 62 IAB transactions directly resulted in a Ransomware attack on an Australian business, where the attack took place within 60 days of the access being sold.
We delve into specific findings regarding Australia, including an IAB to Ransomware attack case study of an Australian-based ISP, as well as outlining the implications of the IAB market for Australian organisations and how NSB Cyber can assist.
Read more about our White Paper here.
For information on NSB Cyber’s Cyber Threat Intelligence capabilities or to book a meeting with our team, click here.
What we read this week
Okta says hackers stole data for all customer support users in cyber breach - Okta announced that hackers stole information from all users of its customer support system in a breach two months ago. This included names and email addresses of clients using the support system. Okta provides identity services like single sign-on and multi-factor authentication, including for OpenAI.
Hackers Exploiting Windows SmartScreen Zero-day Flaw to Deploy Remcos RAT - Microsoft patched a high-severity zero-day vulnerability in Windows SmartScreen as part of their security updates. This vulnerability, which could bypass SmartScreen’s security warnings, was actively exploited in the wild and required user interaction for successful exploitation.
Australia ups ante on cyber security - The Australian government announced a new cybersecurity strategy aimed at making Australia a world leader in cybersecurity by 2030. The strategy focuses on six pillars, including building sovereign and threat blocking capabilities, protecting critical infrastructure, and enhancing resilience. The plan addresses the increasing number of cyber attacks faced by the country and outlines short-term goals to improve cyber defenses and protection for citizens and businesses.
Qilin ransomware claims attack on automotive giant Yanfeng - The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, a major automotive parts supplier. The attack disrupted production at Stellantis, one of Yanfeng's customers. The threat actors have published samples of stolen data and are threatening to release more.
Capital Health Hospitals hit by cyberattack causing IT outages - Capital Health, a healthcare network in New Jersey and Pennsylvania, was hit by a cyberattack causing significant IT outages. The attack disrupted services at several facilities, including the Regional Medical Center in Trenton and the Capital Health Medical Center – Hopewell. Despite the challenges, all emergency rooms remained open, and hospitals continued admitting patients. Elective surgeries and certain procedures were rescheduled, with minimal current impact on surgical schedules.
References
https://www.reuters.com/technology/cybersecurity/okta-says-hackers-stole-data-all-customer-support-users-cyber-breach-2023-11-29/
https://cybersecuritynews.com/hackers-windows-smartscreen-zero-day/#google_vignette
https://www.computerweekly.com/news/366560793/Australia-ups-ante-on-cyber-security#:~:text=In
https://www.bleepingcomputer.com/news/security/qilin-ransomware-claims-attack-on-automotive-giant-yanfeng/
https://www.bleepingcomputer.com/news/security/capital-health-hospitals-hit-by-cyberattack-causing-it-outages/