In today’s cybersecurity news…
Transport for London suffers cyberattack
The local government body responsible for most of the transport system in Greater London is currently dealing with a cyberattack, but representatives state that there is no evidence that customer information was compromised during the incident. The BBC has stated that the attack mainly impacted the transport provider’s backroom systems at the corporate headquarters.
(BBC News)
German air traffic control agency confirms cyberattack
The state-owned company responsible for Germany’s air traffic control has confirmed an attack on its administrative IT infrastructure. They further stress that “flight safety in Germany “is fully guaranteed” and that air traffic control operations were unaffected.” According to Munich-based broadcaster Bayerischer Rundfunk, the incident is suspected to have been caused by APT28 — a threat actor attributed to Russia’s military intelligence service, the GRU.
(The Record and Bayerischer Rundfunk)
Sweden warns of heightened risk of Russian sabotage
Security companies in Sweden have reported an increase in sabotage attempts, such as flying mapping drones over defense facilities, and other “more aggressive” espionage, cyber-attacks and misinformation activities. This appears to be connected to the fact that Sweden is supporting Ukraine, and has joined NATO, and evidence of increased aggression in espionage as well as disinformation about the reliability of Swedish military products has been seen in large and small companies involved in the manufacture of weapons and related technologies.
Verkada faces FTC penalty for security lapses
The security camera vendor is facing a possible penalty of up to $2.95 million for “security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras,” many of which were located in sensitive environments, such as women’s health clinics, psychiatric hospitals, prisons, and schools. The FTC alleges that Verkada “not only failed to implement basic security measures to protect the cameras from unauthorized access but also misrepresented the products’ security to customers with unbased promises and reviews submitted by investors.” The FTC finding comes with a litany of rules for better behavior, with the penalty intended to be insurance against further misdeeds.
Thanks to today’s episode sponsor, Scrut Automation
New Cicada variant preys on VMWare ESXi systems
This new ransomware-as-a-service group, named Cicada3301 is already quite busy, with 23 victims since mid-June, according to its leak site. Its ransomware is written in Rust and targets Windows and Linux/ESXi hosts. Researchers at Truesec analyzed a variant that targets VMware ESXi systems, and said it appears to be a version of the Windows malware. They added that “the Cicada3301 ransomware has several interesting similarities to the ALPHV ransomware.”
U.S. House Homeland Security Committee calls on CrowdStrike VP for explanations
Adam Meyers, Senior VP of counter adversary operations will testify before the committee sometime in September. Not only is this an opportunity to hear from a CrowdStrike executive about the seismic event of the summer, it stands, in the words of subcommittee chairman Andrew Garbarino as being important that “public and private sectors work together to mitigate risk going forward.” As a note of clarity, the U.S. House Committee on Homeland Security which has called upon Meyers, is a standing committee of the United States House of Representatives, whose responsibilities include U.S. security legislation and oversight of the Department of Homeland Security, but it is not the Department of Homeland Security.
(The Register and Wikipedia)
MFA bypass service admins plead guilty
Three individuals, aged between 19 and 21 have pleaded guilty in a UK court to running OTP.Agency, “an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K.” Their agency allegedly helped deliver OTPs for more than 30 online services, including Apple Pay, for members who paid weekly subscriptions. These customers would be criminals who already possessed a victim’s login credentials to a service but who would also need a one-time-password. OTP.Agency arranged these by making automated, scripted calls to the victim using text-to-speech technology and asking for the temporary password, via spoofed addresses. A video showing how they did what they did is available in the show notes to this episode.
(BleepingComputer and NCA video on X)
SlowTempest espionage campaign unfolds within China
Researchers at Securonix are tracking what is being called a highly coordinated espionage operation that is targeting people and organizations within China and appears to be the work of an organization with deep knowledge of Chinese language and culture. The goal of the attackers appears to be espionage, persistent access, and potential sabotage, with the end goal being to infiltrate government or high-profile business sectors. The researchers cannot say where the attacks are ultimately coming from or who is behind them, but they note that the sophisticated attack has been designed not just to gain access to their victims, but to maintain it in order to achieve broader strategic objectives, potentially aligned with state-sponsored activities.