top of page

The CyberDiplomat Daily



New cyber espionage targeting European diplomatic missions


ESET Research discovered two new backdoors: LunarWeb and LunarMail. These were deployed in three diplomatic missions of a European country in the Middle East, indicating prior access to the Ministry of Foreign Affairs' domain controller. The attacks are believed to be the work of the cyber spy group Turla, associated with Russia. Turla has been active since the 1990s and targets governments and diplomatic organizations in Europe, Central Asia, and the Middle East. LunarWeb uses HTTP(S) for its C&C communications and mimics legitimate requests, while LunarMail acts as an Outlook add-on. Both backdoors can run Lua scripts and use steganography to hide commands in images. Filip Jurčacko, a researcher at ESET, suggests that several people were likely involved in the development and operation of these tools.



Ohio City Hit by 'Cyber Incident': What We Know


Cleveland City Hall closed temporarily due to a significant "cyber incident" affecting the city's systems. Most internal systems were shut down to prevent further damage while the cybersecurity breach is investigated. Essential services like police, fire, and utilities are still operational. Further updates will be provided as the situation progresses.



Transforming Cyber Risk Management with Advanced Threat Intelligence


The study emphasizes the need to integrate cyber threat intelligence (CTI) into risk management processes to address the increasing severity and frequency of cyber threats. The proposed framework combines EBIOS Risk Manager with integrated CTI to align the CTI process with the organization's context and enhance risk management. This integration can identify specific threats relevant to the organization, leading to more accurate risk assessments and better prioritization of security measures.



Ascension Wisconsin restores EHR access post-cyber attack


Ascension Wisconsin says it has successfully restored Electronic Health Record access after last month's cyber security breach. Patients should see improved efficiencies and wait times, the hospital system says. All Ascension Wisconsin hospitals, physician offices, and care sites across the state remain open and have continued to provide patient care since the incident occurred.



NHS issues urgent plea for blood donation after cyber attack


After a cyber attack on major London hospitals, pathology services are disrupted, causing delays in blood type matching for transfusions. NHS Blood and Transport urgently need O-Positive and O-Negative donors to make appointments at London’s 25 donor centers due to the shortage. Patients are encouraged to access services as usual, but some operations and appointments have been postponed or diverted to other hospitals. If you are O-Negative or O-Positive, please consider donating blood to support patient care.



The importance of trust in a cyber crime era


In today's era of increasing cybercrime, obtaining ISO 27001 adds to our list of compliance accreditations at b4b Group, significantly bolstering our ability to combat cybercrime. This accomplishment is crucial in safeguarding against data breaches, unauthorized access, and other cyber threats for companies that handle substantial amounts of customer data. It signals a commitment to maintaining high standards of data security and privacy, enhancing reputation and serving as a deciding factor for customers when choosing service providers. Continuous improvement is crucial in the ever-evolving field of data security to ensure that companies remain resilient against new and emerging threats. As a telecommunications and managed IT company, achieving ISO 27001 has the potential to enhance our reputation, deepen customer trust, and improve operational efficiency.




Major blood supply threat after Russian cyber attack with NHS calling for rare universal donors to come forward to boost emergency supplies


The NHS urgently needs blood donations after a cyber attack disrupted the computer system for checking patients' blood types. Over 200 operations have been cancelled, and hospitals are relying on pen and paper, making it hard to quickly find blood types for emergency transfusions. The NHS specifically needs donations from people with O-positive and O-negative blood types. O-negative blood can be given to almost anyone, while O-positive can be given to three-quarters of people. The NHS needs three lifesaving blood donations every minute and encourages everyone, especially those with O-type blood, to donate. The ransomware attack on the NHS blood computer system affected several London hospitals, including King's College Hospital. The attack compromised blood testing services, leading to an increased need for type-O blood. The NHS is urging donors, particularly those with O-negative and O-positive blood types, to come forward and make donations. The attack has resulted in lower than normal stocks of type-O blood, and hospitals are manually matching blood types due to the cyber incident, causing delays.



Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus


Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf involved in cyber attacks targeting entities in Russia and Belarus. The group was first documented in October 2023 and is believed to be active since at least April 2023. Sticky Werewolf and other threat actors have used phishing emails with links to malicious payloads. The recent attack chain observed by Morphisec involves RAR archive attachments with LNK files and a decoy PDF document, leading to the delivery of commodity RATs and information stealer malware. The development comes as BI.ZONE revealed an activity cluster coding Sapphire Werewolf behind more than 300 attacks on various sectors in Russia. Additionally, clusters referred to as Fluffy Wolf and Mysterious Werewolf have been uncovered, using spear-phishing lures to distribute various forms of malware.



Indian cyber agency finds multiple bugs in Microsoft Edge, advises users to update


The Indian Computer Emergency Response Team (CERT-In) has warned users of multiple vulnerabilities in Microsoft Edge (Chromium-based) that could compromise the targeted system. These vulnerabilities exist due to 'out of bounds' memory access, out of bounds write, and heap buffer overflow. Users are advised to apply security updates as recommended by the company. In addition, CERT-In warned of multiple vulnerabilities in Android that could allow attackers to obtain sensitive information, gain elevated privileges, and cause denial-of-service (DoS) conditions. These vulnerabilities exist in Android due to flaws in various components including the Framework, System, Google Play system updates, Kernel, Arm components, MediaTek components, Imagination Technologies, and Qualcomm closed-source components.



Japanese video-sharing platform Niconico was victim of a cyber attack


Niconico, the Japanese video-sharing platform, was hit by a large-scale cyberattack on June 8, 2024, leading to the temporary suspension of its services. The company apologized for the inconvenience and suspended various services, including Niconico Video and Niconico Live Broadcast. The cyberattack also forced the cancellation or postponement of programs scheduled from June 10th to June 16th. Niconico is working with law enforcement and external experts to investigate the incident and determine the extent of the damage.



Cyber PYMES” Explorando el Futuro y el negocio de la Ciberseguridad en México e Israel


On June 5, an influential event brought together cybersecurity experts, business leaders, and visionaries to exchange ideas and solutions for digital security. The panelists revealed mysteries of cyberspace and presented innovative solutions. Join us on a virtual journey through electronic circuits to discover how small and medium-sized companies are fortifying their defense against digital threats. Continuing the excellent series of presentations, in partnership with the Office of the Economy of Israel and the Mexico-Israel Chamber of Commerce and Industry, we had the opportunity to learn about aspects and secrets of cybersecurity for small and medium-sized enterprises in both countries. Importantly, we also got to explore the business opportunities in this area for both countries.



Cyber report warns drones need more regulation


The collaboration "Flight Critical: Drones, Cyber Security and Critical Infrastructure" between the Cyber Security Cooperative Research Centre (CSCRC) and Omni examines the cybersecurity impact of drones on critical infrastructure. Despite their increasing use, there are currently no national standards or regulations for drone cybersecurity. According to Rachael Falk, CEO of CSCRC, drones are vulnerable to cyber attacks, particularly in critical infrastructure applications. Luke Easey, Omni's General Manager, stressed the need to prioritize security and provide clear guidance to mitigate UAV-related cyber threats for the benefit of all Australians.



Latin America is increasingly dissatisfied with China's influence, and these small conflicts have been revealed.


Costa Rican President Rodrigo Chavez established the Budapest Convention to combat cybercrime. It strained Costa Rica's relationship with Huawei, as China has yet to sign the convention. The Budapest Convention is an international agreement against cybercrime, covering copyright infringement, computer fraud, and network security violations. In Brazil, there is concern over the impact of cheap textiles from China on local businesses, as well as allegations of environmental damage caused by Chinese enterprises. Brazil responded by imposing a 20% tariff on goods under $50 purchased from international shopping websites. This decision surprised China's online retail platform AliExpress. Christian Hauser, an expert on Latin American issues, believes that China's growing influence in Latin America has led to increased criticism of its trade practices in the region. He also highlighted how Latin American countries are being pulled into the geopolitical competition between China and the United States. Nicaragua seems to be an exception, maintaining a strong relationship with China despite criticism of its government's actions and Chinese companies' activities.



Nicodo "Cyber attacks are still ongoing", the program distribution will be suspended at least until the 16th due to difficult recovery


Dwango, the operator of the video site "Nico Nico Douga," has announced that the site will remain suspended due to cyber attacks until at least the 16th. X (formerly Twitter) reported that the cyber attacks are still ongoing. Additionally, the parent company, KADOKAWA, revealed on the 9th that multiple websites within the group are inaccessible. It is suspected that unauthorized access from external sources led to the blockage of the related server for data preservation. An investigation is underway to determine if there was any information leakage. Nico Nico Douga's service has been suspended since around 6 a.m. on the 8th, with the reason cited as a "large-scale cyber attack.”



"Cybersecurity Strategy of the Ministry of Defense and the Self-Defense Forces" will be held on Thursday, July 18


JPI (Japan Planning Research Institute) will hold a seminar to discuss the efforts of securing cyber security in the Ministry of Defense and the Self-Defense Forces by Mr. Kyoshi Nakanishi, Minister's Secretariat, Cyber Security and Information Officer, Minister's Secretariat, Ministry of Defense, Cyber Security and Self-Defense Force.



AISPera participates in AI and big data's defense utilization policy and security seminar... Sunveying attack surface management technology


AI SPERA, led by CEO Kang Byung-tak, participated in the 'AI and Big Data Defense Utilization Policy and Security Seminar', presenting its attack surface management solution 'Criminal IP ASM'. The seminar aimed to discuss defense policy and security with military personnel and K-SAEM association members. AI SPERA is the sole domestic company with the technology for attack surface management and has gained recognition through domestic and U.S. patents. The company's 'Criminal IP' platform has users in 150 countries and its corporate security solutions have attracted attention from domestic and foreign organizations. AI SPERA is expanding its global presence through strategic partnerships with over 40 global security companies and by launching products on major marketplaces such as Microsoft's Azure, AWS, and Snowflake.



Calls for finalisation of Cyber Security Bill


The demand for finalizing South Africa’s legislative framework on cyber security has increased, with experts urging quick action. South Africa currently lacks a framework to effectively deal with cyber security, as the cyber security aspects were removed from the Cyber Crimes Act. The Cyber Security Bill is still in the development phase, and South Africa’s Cyber Crimes Act came into partial operation on 1 December 2021. The law will regulate how information in cyberspace is secured in South Africa. Munyaradzi Silomonye, a cyber crime operations officer at Interpol, reported that most cyber crime in the African region occurs through business email compromise attacks and fake investment and job scams. In South Africa, ransomware attacks are primarily targeted at private organizations. Private companies indicated that there were 300 cases of ransomware attacks targeting South Africa. The need for collaboration between the private sector and the police to address cyber threats was also emphasized.e concluded.



Switzerland flags cyberattacks, disinformation ahead of Ukraine summit


Switzerland reported an increase in cyberattacks and disinformation ahead of a summit aiming to create a pathway for peace in Ukraine. The talks, to be held from June 15-16, will involve 90 states and organizations, with a focus on involving both Russia and Ukraine in a future peace process. Russia has not been invited, and there have been increased cyber attacks and personal attacks in the media. The summit will address international concerns such as nuclear and food security, freedom of navigation, and humanitarian issues. While Russia has dismissed the summit, Switzerland stated that it must be part of the peace process. The summit is expected to conclude with a final declaration and aims to outline the next steps in the peace process.










1 view0 comments

Recent Posts

See All

Comments


bottom of page