FBI Warns Hackers, Halliburton Cyber Threats, TfL Targeted Threat
Your wait is finally over, as we are here with our September Week 1 edition of fresh cybersecurity news! This week, we will be talking about North Korean hackers’ aggressive social engineering moves. Next in the pipeline is Halliburton’s oil sector cyber attack. Lastly, booking your next vacation can be risky as major travel sites are still vulnerable to cyberattacks.
Without much ado, let’s start!
FBI issues warning against highly skilled North Korean hackers
North Korean threat actors have been making aggressive hacking attempts for the past couple of months on cryptocurrency companies. Their main goal is to gain illegitimate access through malware deployment and steal precious crypto assets.
The FBI has been looking into the matter for some time now and has found that the North Korean social engineering tactics are quite evasive in nature. Even highly trained cybersecurity experts are finding it hard to detect and intercept these hacking moves.
Of late, these threat actors have been conducting in-depth research to discover potential victims. As per the observation of experts, it is believed that the primary target of North Korean threat groups are individuals who have connections with ETFs and other similar financial assets. This is a kind of pre-operational staging that largely hints towards their potential attacks on cryptocurrency companies in the near future.
FBI is concerned about the sophisticated and meticulously planned cyberattacks that involve determining particular DeFi and cryptocurrency companies as potential targets. The next stage involves luring the potential targets with hard-to-resist offers such as investment or job opportunities. These state-sponsored threat actors are quite trained in personalizing these offers to enhance their credibility. Also, North Korean hackers communicate with their targets in fluent English and have in-depth knowledge of cryptocurrency.
As these cyber threats escalate, it’s crucial to fortify email security by implementing SPF, DKIM, and DMARC protocols to protect against phishing and spoofing attacks that could exploit vulnerabilities in your communications.
Halliburton’s cyberattack hints at the gaping risk of cyber threats in the oil sector.
The recent incident of cyberattack on Halliburton has created ripples across the oil sector. On 21st August 2024, threat actors managed to gain access to Halliburton- the global energy services company. They penetrated Halliburton’s system and exfiltrated valuable data.
After the attack, Halliburton had to go offline for some time in order to bring things back on track. Because of the cyberattack, the company was unable to fully access the business applications pertaining to corporate functions and day-to-day operations.
Cybersecurity experts believe that this attack is a wake-up call for the oil sector, utilities, and other critical infrastructures across the globe. The need of the hour is to fix existing vulnerabilities and amp up cybersecurity systems. They must deploy micro-segmentation controls within their networks in order to limit unnecessary external access.
Threat actors have already started exploring and carrying out this kind of cyberattack on critical infrastructure systems across the US. For example, small utilities like water supply systems in Texas and Muleshoe have been affected by similar attacks.
TfL was recently targeted by threat actors!
The computer systems of Transport for London, the UK-based transport agency, recently fell prey to cyberattack. According to TfL, the threat actors could not access customer data. However, insider report suggests that the backroom systems of TfL have been badly affected. Also, the employees have been asked to work from home as of now.
TfL’s Customer Information System has connected with its customers through emails and informed them about the ongoing cyberattack situation. An advisory cum warning has also been issued for the customers. The incident has been reported to relevant government agencies by Transport for London. Agencies like NCSC and NCA are working closely on this cyber offense and are trying to mitigate the impact of the attack.
TfL has insisted that they prioritize cybersecurity and that they won’t be taking this incident lightly. The CTO at Transport for London has stated that the transport agency has adopted adequate measures to prevent any cybersecurity mishap in the future.
However, this is not the first time TfL has experienced a cyber offense. The transport company was attacked by the Cl0p ransomware group just a few months back. Cl0p threat group targeted MOVEit, one of TfL’s clients. Cl0p managed to access the details of a whopping 13,000 customers. However, TfL stated that the Russia state-sponsored threat group could not access the consumers’ bank details.
The attack has further led to confusion and panic among daily commuters who are worried about their personal data available with Transport for London. The major delays at places like King’s Cross have also created a sense of uproar among daily commuters.
Cybersecurity experts believe that these attacks, backed by nations like Iran, China, Russia etc., are gaining momentum in view of creating a sense of political and public disorder.