Case Study

August Cyber Roundup

September 1, 2022
Download

Cisco Breached Via Compromised Employee Credentials

A threat actor which Cisco Talos tie to the Yanluowang ransomware group managed to gain access to the Cisco network through social engineering of a Cisco employee in May 2022. The threat actor first used compromised credentials belonging to the employee, and then socially engineered the employee into accepting an MFA push notification, enabling the attacker to access the company network. Cisco report they have contained the attack, and no ransomware was deployed. 

Kovrr Insights - Industry benchmark:

As we have reported before, compromised credentials are an easy and effective source for initial access, which can be combined with additional social engineering techniques, and lead to financial losses for targeted victims.

Book a Demo

ICS VNC Servers Exposed Online without Password

Over 9,000 VNC servers were found exposed online without a password, including VNC servers belonging to industrial control systems, which should not have any exposed online access. Virtual Network Computing (VNC) is a platform-independent remote monitoring system which allows remote access and control of devices. Access to such systems is desired by attackers, as it can allow them to infiltrate and control organizations and devices remotely. 

Kovrr Insights - Industry benchmark:

From Kovrr’s threat intelligence data, we have found that VNC attack attempts seem to be on the rise since the start of the year. The chart below shows the new observed attack attempts per month, in relation to the observed attack attempts in January 2022. It can be seen that there is almost a 10-fold increase in attack attempts since the start of Q3.

K Water Supplier Attacked by Clop Ransomware

South Staffordshire PLC, the parent company of South Staffs Water and Cambridge Water confirmed on August 15th that it suffered a ransomware attack, attributed to the Clop ransomware group. Clop ransomware claimed the attack was on another, larger water supplier, however it seems Clop had mistaken the identity of their target. The attacked supplier updated that its ability to supply water has not been affected, but data containing information on the water suppliers employees and customers has been leaked. 

Kovrr Insights - Industry benchmark:

From Kovrr’s cyber incidents database we learn that around 2% of the known ransomware attacks in 2022 have been attributed to Clop, and that along with critical infrastructure services, Clop commonly targets companies in the legal services and education industries.

Get your free ransomware report

0ktapus Phishing Campaign Compromised Credentials of at least 130 Organizations 

A massive phishing campaign, dubbed 0ktapus, which impersonated Okta has compromised thousands of accounts belonging to 130 organizations, which are mostly based in the United States. These attacks have already led to several reported breaches at Twilio, MailChimp and Klaviyo, and to supply chain attacks against customers of these services. 

Kovrr Insights - Industry benchmark:

As we have reported before and can be seen once again in this case, compromised credentials are an easy and effective source for initial access, and these can be obtained on a massive scale through successful phishing.

No items found.
Ask for a demo
Icon Name
Icon Mail
Icon Company
Icon Message
By providing my contact information and ticking the box below, I agree to Kovrr's Privacy Policy and consent to communications from kovrr at the contact information provided.
Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.