Cyber 3-2-1: A supply chain attack, a Facebook malvertising campaign, and an existential crisis.

This week:

3: A supply chain attack on a US energy firm.

2: A malvertising campaign on Facebook.

1: A plan with positive intentions may have very negative consequences.

 

3 – What does a supply chain attack look like?

BHI Energy, a US Energy firm, has described how it was hit by ransomware when the VPN account provided to one of their suppliers was compromised.

According to a recent report on Bleeping Computer, “The attack first started by the [criminal gang] using the stolen VPN credentials for a third-party contractor to access BGI Energy’s internal network. [..] The [gang] revisited the network on June 16, 2023 [and] Between June 20 and 29, the [gang] stole 767k files containing 690 GB of data”, before they then launched their ransomware to encrypt the data on the organisation’s devices. “This was when BHI’s IT team realized the company had been compromised.” Security has been improved since the attack, including the broader use of Multi-Factor Authentication.

So what? There are two critical questions that everyone needs to ask of their IT providers: (1) Who can log in to our systems with just a username and password? (2) Why are we allowing this?

 

2 – What does a Facebook malvertising campaign look like?

“Cybercriminals always seek to trick users into taking all sorts of unwelcome actions, and one way they achieve this is by abusing the ad networks [of online and social media platforms]”

This is called ‘malvertising’. One article published by BitDefender (and recently mentioned by Secure The Village) focuses on a malvertising campaign on Facebook. In this attack, “Meta’s Ads Manager tool [was] actively exploited in these campaigns to target male users on Facebook, aged 18 to 65 from Europe, Africa and the Caribbean [..] which dangle access to new media files of the portrayed women [..] Multiple iterations of the same ad were used in about 140 malicious ad campaigns.” If someone is fooled into downloading the advertised “photo album”, they end up installing malware on their device.

So what? Does your staff training only focus on the threats from phishing emails, or does it remind staff that wherever they are, the cyber scammers are there too? (PS: Tell me again why you allow staff to access Facebook and other anti-social media sites on company devices?)

 

1 – What does an existential crisis look like?

“Forty countries in a U.S.-led [International Counter Ransomware Initiative] plan to sign a pledge never to pay ransom to cybercriminals.”

This is according to a report by Reuters, which reminds us that “in ransomware attacks, hackers encrypt an organization’s systems and demand ransom payments in exchange for unlocking them.”

So what? It seems like a positive step to stop cyber criminals from profiting from this crime. However, it does mean that if you are the victim of a ransomware attack, you may have no legal way to recover if your backups don’t work. In other words, a ransomware attack could cause an immediate existential crisis for your organisation. Your organisation’s backups could become more valuable than your organisation’s bank balance. So, shouldn’t someone check the backups at least as frequently as someone checks the bank balance?