#NSBCS.022 - Securing Legacies: The Shared Principles of Anzac Day and Cyber Security
Securing Legacies: The Shared Principles of Anzac Day and Cyber Security
Anzac Day and Cyber Security, though differing in context - historical military conflicts versus digital battles - both emphasise critical themes such as resilience, vigilance and the ongoing duty to protect.
Anzac Day commemorates the bravery and sacrifices of soldiers, serving as a reminder of the necessity for strategic defence and national solidarity.
Similarly, Cyber Security is about safeguarding vital information and infrastructure from cyber threats, necessitating constant alertness and proactive measures.
Both areas highlight the importance of learning from past events - Anzac Day through remembrance of historical lessons, and cyber security through analysing past breaches to fortify future defences. Each underscores a collective responsibility: Anzac Day in remembering and honouring, and cyber security in protecting and defending against invisible yet potent threats. This connection illuminates how principles of defence and vigilance are timeless, extending from the trenches to the digital frontiers whilst taking #NoStepsBackwards.
For information on NSB Cyber’s Cyber Threat Intelligence capabilities or to book a meeting with our team, click here.
What we read this week
DPRK Hacking Groups Target South Korean Defense Contractors
North Korean hacking groups, linked to the Lazarus Group, have infiltrated South Korean defence contractors involved in COVID-19 research and vaccine development. Using malware like Bookcode and wAgent, they deployed backdoors to facilitate intelligence gathering on COVID-19, underscoring their interest beyond their typical financial motivations. The breach reveals a strategic pivot towards acquiring sensitive health-related intelligence.
US Government Sanctions Iranians for Cyber Attacks
The U.S. government has imposed sanctions on several Iranian nationals and a company accused of executing cyber attacks to support Iran's government. These cyber operations targeted global telecommunications providers and internet backbone providers, disrupting global internet traffic. The sanctions aim to curb Iran's capability to conduct potentially harmful cyber activities, reflecting ongoing tensions between Iran and the U.S. over cyber espionage and warfare.
Mitre Corporation Breach via Ivanti Zero-Days
Mitre Corporation experienced a network breach perpetrated by state-sponsored hackers who exploited zero-day vulnerabilities in Ivanti products. The attack underscores the growing trend of utilizing supply chain vulnerabilities to gain access to protected networks. This incident has prompted a broader investigation into the security of third-party software in critical infrastructure and national security entities.
Vulnerabilities in CLI Tools for AWS, Google Cloud, and Azure
Security researchers have identified vulnerabilities in command-line interface (CLI) tools used in AWS, Google Cloud, and Azure that could allow attackers to execute arbitrary code. The issue arises from improper handling of symbolic links within the CLI tools. Users are advised to update their CLI tools to the latest versions to mitigate the risk of exploitation.
Akira Ransomware Gang's $42 Million Extortion
The Akira ransomware gang has recently targeted several large corporations, encrypting their data and demanding ransoms as high as $42 million. The gang leverages security weaknesses in remote desktop protocols and phishing attacks to gain access and deploy their ransomware. This highlights the critical need for robust cybersecurity measures and employee training to counter such threats.
References
https://www.bleepingcomputer.com/news/security/dprk-hacking-groups-breach-south-korean-defense-contractors/
https://www.bleepingcomputer.com/news/security/us-govt-sanctions-iranians-linked-to-government-cyberattacks/
https://www.bleepingcomputer.com/news/security/mitre-says-state-hackers-breached-its-network-via-ivanti-zero-days/
https://thehackernews.com/2024/04/aws-google-and-azure-cli-tools-could.html
https://thehackernews.com/2024/04/akira-ransomware-gang-extorts-42.html