FBI Warns Hackers, Halliburton Cyber Threats, TfL Targeted Threat

From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

FBI Warns Hackers, Halliburton Cyber Threats, TfL Targeted Threat

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-15463">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/09/FBI-Warns-Hackers-Halliburton-Cyber-Threats-TfL-Targeted-Threat.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M0S">2:00</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-15463" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-15463" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-15463" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-15463" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/fbi-warns-hackers-halliburton-cyber-threats-tfl-targeted-threat/&t=FBI Warns Hackers, Halliburton Cyber Threats, TfL Targeted Threat" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/fbi-warns-hackers-halliburton-cyber-threats-tfl-targeted-threat/&url=FBI Warns Hackers, Halliburton Cyber Threats, TfL Targeted Threat" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/09/FBI-Warns-Hackers-Halliburton-Cyber-Threats-TfL-Targeted-Threat.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/fbi-warns-hackers-halliburton-cyber-threats-tfl-targeted-threat/" class="input-link input-link-15463" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-15463" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-15463” readonly/>

					<button class="copy-embed copy-embed-15463" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

Your wait is finally over, as we are here with our **September Week 1 edition of fresh cybersecurity news! This week, we will be talking about North Korean hackers’ aggressive social engineering moves. Next in the pipeline is Halliburton’s oil sector cyber attack. Lastly, booking your next vacation can be risky as major travel sites are still vulnerable to cyberattacks.

Without much ado, let’s start!

FBI issues warning against highly skilled North Korean hackers

North Korean threat actors have been making aggressive hacking attempts for the past couple of months on cryptocurrency companies. Their main goal is to gain illegitimate access through malware deployment and steal precious crypto assets.

The FBI has been looking into the matter for some time now and has found that the North Korean social engineering tactics are quite evasive in nature. Even highly trained cybersecurity experts are finding it hard to **detect and intercept these hacking moves.

Of late, these threat actors have been conducting in-depth research to discover potential victims. As per the observation of experts, it is believed that the primary target of North Korean threat groups are individuals who have connections with ETFs and other similar financial assets. This is a kind of pre-operational staging that largely hints towards their potential attacks on cryptocurrency companies in the near future.

FBI is concerned about the sophisticated and meticulously planned cyberattacks that involve determining particular DeFi and cryptocurrency companies as potential targets. The next stage involves luring the potential targets with hard-to-resist offers such as investment or job opportunities. These **state-sponsored threat actors are quite trained in personalizing these offers to enhance their credibility. Also, North Korean hackers communicate with their targets in fluent English and have in-depth knowledge of cryptocurrency.

As these cyber threats escalate, it’s crucial to fortify email security by implementing SPF, DKIM, and DMARC protocols to protect against phishing and spoofing attacks that could exploit vulnerabilities in your communications.

Halliburton’s cyberattack hints at the gaping risk of cyber threats in the oil sector.

The recent incident of cyberattack on Halliburton has created ripples across the oil sector. On 21st August 2024, threat actors managed to gain access to Halliburton- the global energy services company. They penetrated Halliburton’s system and exfiltrated valuable data.

After the attack, Halliburton had to go offline for some time in order to bring things back on track. Because of the cyberattack, the company was unable to fully access the **business applications pertaining to corporate functions and day-to-day operations .

Cybersecurity experts believe that this attack is a wake-up call for the oil sector, utilities, and other critical infrastructures across the globe. The need of the hour is to fix existing vulnerabilities and amp up cybersecurity systems. They must deploy micro-segmentation controls within their networks in order to limit unnecessary external access.

Threat actors have already started **exploring and carrying out this kind of cyberattack on critical infrastructure systems across the US. For example, small utilities like water supply systems in Texas and Muleshoe have been affected by similar attacks.

TfL was recently targeted by threat actors!

The computer systems of Transport for London, the UK-based transport agency, recently fell prey to cyberattack. According to TfL, the threat actors could not access customer data. However, insider report suggests that the backroom systems of TfL have been badly affected. Also, the employees have been asked to work from home as of now.

TfL’s Customer Information System has connected with its customers through emails and informed them about the ongoing cyberattack situation. An advisory cum warning has also been issued for the customers. The incident has been reported to relevant **government agencies by Transport for London. Agencies like NCSC and NCA are working closely on this cyber offense and are trying to mitigate the impact of the attack.

TfL has insisted that they prioritize cybersecurity and that they won’t be taking this incident lightly. The CTO at Transport for London has stated that the transport agency has adopted **adequate measures to prevent any cybersecurity mishap in the future.

However, this is not the first time TfL has experienced a cyber offense. The transport company was attacked by the Cl0p ransomware group just a few months back. Cl0p threat group targeted MOVEit, one of TfL’s clients. Cl0p managed to access the details of a whopping 13,000 customers. However, TfL stated that the Russia state-sponsored threat group could not access the consumers’ bank details.

The attack has further led to confusion and panic among **daily commuters who are worried about their personal data available with Transport for London. The major delays at places like King’s Cross have also created a sense of uproar among daily commuters.

Cybersecurity experts believe that these attacks, backed by nations like Iran, China, Russia etc., are gaining momentum in view of creating a sense of political and public disorder .