Robin’s Newsletter #229

6 November 2022. Volume 5, Issue 45
Slovkia's parliamentary business suspended. Mondelez & Zurich settle NotPetya insurance claim. US Treasury says ransomware losses are over $1 billion.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

  • Slovakia’s parliament has been suspended following a ’cybersecurity incident’. Conflicting reports referred to the issue as “IT service outages” and “abnormal behaviour” on parliamentary networks. Voting and meetings are suspended until 8th November

  • Mondelez and insurer Zurich have settled a claim arising from the 2017 NotPetya cyberattack (vol. 1, iss. 26). Mondelez was claiming under a property insurance policy that included cover for some cyber-related circumstance, while Zurich was asserting an exclusion under ‘act of war’ wording. Increasingly insurers are stripping such inclusions out of policies and requiring dedicated cyber insurance coverage. This is a good thing, I think, as the aggregation and concentration risks are very different and arguably more important than ‘act of war’ in/exclusions that Lloyd’s issued revised wording for earlier this year (vol. 5, iss. 35) 

  • Cybercriminals have jumped on Twitter’s introduction of paid ‘blue checks’ as a lure for phishing emails

  • The UK National Cyber Security Centre (NCSC) is now scanning ‘internet-accessible systems hosted in the UK’ as part of the Active Cyber Defence programme to understand the vulnerability of UK day-to-day better and in response to ‘shocks’ from zero-days and widely exploited vulnerabilities

Interesting stats

576 corporate networks advertised on cybercrime forums in Q3 2022 by threat intel firm Kela, with  $2,800 the average selling price for these listings by ‘Initial Access Brokers’ and others

£10.1 billion (up 13.4%) the value of the UK’s cyber security sector, with  1,838 employers (up 24%(!)) creating  52,700 full-time equivalent jobs, according to NCSC’s Annual Review 2022

$1.2 billion in ransomware losses in 2021 (2020: $416 million), across  1,489 incidents (2020: 487), according to the US Treasury, based on Bank Secrecy Act data

17% of the world’s internet traffic flows through Egypt with submarine cables crossing the country between the Mediterranean and Red seas. An interesting read into what may be ‘the Internet’s most vulnerable place on Earth’

Other newsy bits / in brief

Attacks, incidents & breaches

  • An identity verification tool provided by Experian exposed partial Social Security numbers. The ‘knowledge-based verification’ system provided a set of sequential SSNs for the user to choose from based on a name and address
  • Copper mining firm Aurubis “shutdown and disconnected” numbers systems “as a preventative measure” as part of an alleged “larger attack on the metals and mining industry”
  • Dropbox confirms breach of 130 GitHub repositories after attackers phished one of their developers using a fake continuous integration message. The repositories contained some credits and APIs keys but not core platform source code, said the company
  • Royal Mail’s Click and Drop service was offline for four hours as a “protective measure” because some customers could see other customers’ orders
  • A content provider used by 250 US national and regional newspaper websites has been compromised and used to push SocGholish malware disguised as web browser updates, according to Proofpoint
  • Flight disruptions after a Boeing subsidiary, Jeppesen, who provides navigation and flight planning tools, experienced a cyber incident

Threat intel

  • “No information credible or specific about efforts to disrupt or compromise” US midterm elections, says CISA Director Jen Easterly
  • The Emotet botnet has started distributing malware again after a four-month hiatus
  • A new BEC scam from the ‘Crimson Kingsnake’ group imitates global law firms in an attempt to intimidate recipients into paying fraudulent invoices, says Abnormal Security
  • Black Basta ransomware group linked to FIN7 cybercrime cartel by SentinelOne


  • OpenSSL vulnerability does need patching, but isn’t as critical as initially thought, with CVE-2022-37786 and CVE-2022-3602 arriving as ‘highs’

Public policy

  • Members of the International counter Ransomware Initiative (CRI) reaffirm their commitment to ‘build collective resilience’ to ransomware at the Second CRI Summit hosted by the White House
  • ’Digital Red Cross’ proposed by the International Committee of the Red Cross (ICRC) to mark websites and systems used for medical and humanitarian purposes. The mark is intended to be respected in the same way it is in physical conflict (PDF)
  • Japan has formally joined NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE)


  • The ICO has found the UK Department for Education allowed ‘prolonged misuse’ of the learning records of up to 28 million children by screening firm Trustopia. The information was used by, amongst others, gambling sites to confirm users were over 18 years of age. A fine of £10 million would have been issued, if a new approach towards the public sector was not in place

Law enforcement

  • Finnish authorities have charged and named 25-year-old Julius Kivimaki with the extortion of Vastaamo Psychotherapy Center (vol. 3, iss. 44). After the organisation wouldn’t pay up, Kivimaki began attempting to individually extort patients before making a mistake and accidentally uploading data that included his own ‘home’ directory’
  • 42 Soccer and live TV piracy sites seized ahead of the World Cup in Qatar
  • SolarWinds had reached a $26 million settlement with shareholders over misleading statements about its cyber security posture. The company expects enforcement action from the Securities and Exchange Commission, too

Mergers, acquisitions and investments

  • Appsec startup Apiiro has announced a $100 million Series B round to expand the company, whose solution flags potential issues starting “at the design phase when you just create a user story with a new feature request”

And finally

  • Spreading Deadly Pathogens Under the Disguise of Popular Music: Researchers from the University of California inserted resonant frequencies into music to trick sensors in negative pressure rooms into leaking pathogens. H/t Rich (PDF)

  Robin's Newsletter - Volume 5

  Slovakia Democracy Mondelez NotPetya Zurich Cyber insurance Twitter NCSC Ransomware