Robin’s Newsletter #284

26 November 2023. Volume 6, Issue 48
Warning over Lazarus software supply-chain attacks. Australia cyber security strategy published.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

NCSC, NIS warn over Lazarus supply-chain attacks as more details come to light

  • The UK National Cyber Security Centre (NCSC) and South Korea’s National Intelligence Service (NIS) released a joint advisory on North Korean software supply chain attacks this week.
  • Supply-chain attackers are a favourite of the Lazarus group right now, with hundreds of millions of dollars being stolen from cryptocurrency companies earlier this 
  • The advisory goes on to warning of attacks against MagicLine4NX, an authentication system used widely in South Korea.
  • Also this week, Microsoft said that it believes North Korea is behind a compromise at Taiwanese software company CyberLink. You may be scratching your head trying to work out why you know that name: CyberLink’s products include the PowerDVD player that came bundled with many early computer DVD drives. The company makes an attractive supply-chain attack, shipping over 400 million apps. The “LambLoader” malware was included in a modified installer file hosted on the official update servers. 

Australia’s cyber security strategy 2023-30 published

  • Australia’s cyber security strategy 2023-30 was published this week, with a vision of becoming a “world leader in cyber security by 2030”. Six ‘shields’ are set out to protect Australian citizens and businesses:
  1. Strong businesses and citizens — includes support for small businesses to strengthen their posture and deter threat actors from attacking Australia
  2. Safe technology — standards for IoT and safe adoption of AI
  3. World-class threat sharing and blocking — a ‘whole of economy’ threat intelligence network
  4. Protected critical infrastructure — CNI regulation and government security improvements
  5. Sovereign capabilities — growing local talent and accelerating the domestic cyber industry
  6. Resilient region and global leadership — become the ‘partner of choice’ in the region 

Interesting stats

2,620 organisations and  77 million individuals have been affected by the Clop ransomware group’s mass-compromise of Progress Software’s MOVEit file transfer appliances.

Other newsy bits / in brief

And finally

Robin

  Robin's Newsletter - Volume 6

  Lazarus North Korea Supply-chain Australia Cyber Security Strategy Data retention Incident reporting Ransomware Clop Progress Software MOVEit Optus Real Estate Legal Sector Law firm CTS LitterDrifter Russia Federal Security Service Nothing Chat Cookies