NOBELIUM targeting admin privileges to facilitate attacks
The threat actor tracked as NOBELIUM has been detected by The Microsoft Threat Intelligence Center (MSTIC) as a nation-state activity associated with attempting to gain access to downstream customers. This included those who are multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations that have been granted administrative or privileged access by other organizations. The activities have been observed against organizations based in the US and Europe since May this year and NOBELIUM is the same actor behind the SolarWinds compromise in 2020. Microsoft has notified known victims of these activities through their nation-state notification process and worked with them and other industry partners to expand their investigation into the activities by NOBELIUM.
Maritime industry in Africa still under potential threat
The African maritime industry is still under potential cyber security attack threats after South Africa’s major ports, railways and pipelines company, Transnet, suffered a major ransomware attack in July this year. Major disruptions were caused at Transnet’s shipping terminals where cargo processing had to be done manually while the IT systems were being recovered. Shipping companies worldwide have been targeted by cyber criminals with the world’s largest, Maersk, that is based in Copenhagen, Denmark, and which has 83 000 employees and offices in 130 countries around the world having been hit by a NotPetya attack in 2017. Fortunately, Maersk manged to obtain backed-up data from one of their subsidiaries in Africa that allowed them to recover from the attack. The Online news service DefenceWeb has reported on the feedback from numerous experts on the potential threats facing the shipping industry.
Banks being warned of increase in data breach attempts
The South African Banking Risk Information Centre (SABRIC) announced recently that the consumer credit reporting company Experian, had experienced a data breach which exposed the personal details of millions of SA consumers. African Bank also confirmed that its professional debt recovery partners, Debt-IN, had been targeted by cybercriminals in April 2021 with some of their customers’ personal data being compromised. SA banks are busy taking extra measures improve their data security in order to protect their customers. Business Tech has reported on the breach at African Bank’s Debt-in partner and given information on some of the procedures in place to prevent future breaches at banks.