Intelligence update 30 – 1 -20

Welcome to the CyberCure Bi-Weekly podcast transcript.

A week ago we examined the cyber attack that was made on travelex, 

Travelex is a financial agency with more than 1500 outlets in different airports.

the cyber attack was performed using a malware known as REvil,

it’s been almost a month since travelex declared about the cyber attack and still some of their web sites seems to be down giving the same message.

the hackers who are spreading this type of malware continue to work and this time another big company was hit, Parts manufacturer Gedia Automotive Group, which employs more than 4,000 people in seven countries got hit by what they call a massive cyber attack and said it has been forced to shut down its IT systems and send staff home.

The company is located in a town called Attendorn in Germany which shows that the group behind this malware is able to hit major enterprises all around the world, started with US computer services company Artech Information Systems after that UK based Travelex and now Gedia which is located in Germany.

They managed to hit at least 3 big companies in 3 different segments and 3 different geographical location with the same malware.

The difference this time is that the hackers behind the malware are using psychological warfare in order to push the victims to pay. 

In Gedia case the hackers uploaded records of sensitive data taken from the internal network to show a proof they collected internal data and now they threaten to publish the data if they will not be paid soon.

As we discussed previously, the malware developers worked with other hackers that were affiliates, this gave the developers behind the malware extensive reach to different networks in different segments.

While the hackers made threats against all organizations they still haven’t proved they actually got all the data they claim to have and did not published much sensitive data from previous breaches. is it going to  change ? maybe , stay tunedfor more news soon.

The tension between Iran and the USA is high, the USA already admitted it performed several cyber attacks against Iran.

On the other side Iran never admitted it made cyber attacks but  security researchers are starting to see more and more evidences that such attacks are being performed.

A group of security researchers from Recorded Future identified An hacking campaign with suspected ties to Iran has targeted the European energy sector in what’s thought to be a reconnaissance mission aimed at gathering sensitive information. 

They particularly identified a malware that is known to be used mainly by the group known as APT33, and has previously been deployed in attacks targeting critical infrastructure.

Researchers haven’t been able to identify the exact method of delivery, but think the malware is distributed via spear-phishing attacks. Previous APT 33 campaigns have involved attackers posing as individuals and gaining the trust of potential victims before eventually sending a malicious document.

Energy companies are frequent targets for cyberattacks, but researchers note that attempts at hacking these networks can often be foiled with security procedures such as introducing two-factor authentication across the network and ensuring that passwords are complex and not re-used on multiple systems.

That’s it for this podcast, stay safe and see you in the next podcast.

Don’t forget to visit for the latest podcasts on cyber intelligence.

Leave a Reply