Geopolitical and Cybersecurity Risk Weekly Brief 15 February 2021

15 february 2021

Executive Summary

In the Americas, Canada’s spy chief said China poses a serious strategic threat to Canada due to attempted secrets theft and a campaign to intimidate the Chinese community. In Ecuador, left-wing economist Andrés Arauz won most votes in the first round of presidential elections held on 7 February. The second round will take place on 11 April.

The US experienced a serious infrastructure attack when threat actor looked to poison the water supply of around 15,000 people through the Oldsmar water treatment plant in Tampa, Florida. The threat actor used a remote TeamViewer connection to control the mouse on a terminal at the plant. The FBI has since warned that TeamViewer, Windows 7, and weak passwords – three things that were in use at Oldsmar, are security oversights that must be addressed.

Germany expelled a Russian diplomat in response to Moscow’s decision to expel three envoys from Germany, Sweden, and Poland. Meanwhile, UK-based businesses, including haulage, logistics, and customs clearance firms, have called for a delay in the implementation of full checks on shipments of goods to Northern Ireland, which will come into effect from 1 April.

The French government called on Germany to abandon the Nord Stream 2 pipeline project, adding a political dimension to the project and challenging Germany’s claims that it is merely commercial venture. Multiple Finnish financial institutions have reported being targeted by criminals amid a growing number of hacking attempts in the past year.

In the Middle East, Saudi Arabia introduced reforms marking a significant development for the  judiciary system. Israel Prime Minister Benjamin Netanyahu’s corruption trial resumed in Jerusalem and is likely to fuel protests in the coming weeks.

Two Iranian state-sponsored threat groups have been targeting Iranian citizens: DomesticKitten (APT-C-50) and Infy mainly target dissidents and citizens that the authorities consider may pose a threat to the stability of the country.

In South Africa, authorities have launched a probe into providers over personal protective equipment (PPE) fraud during the first year of the COVID-19 pandemic. In Somalia, opposition parties in Puntland and Jubaland states said they will no longer recognise President Mohamed Abdullahi Mohamed as head of state.

COVID-19 continues to be used a lure for phishing attacks and by threat actors in other cybercriminal enterprises. This week, A version of the Lampion banking Trojan has been observed targeting Portugal using COVID-19-themed phishing lures. Lampion is often distributed through phishing and has simply adjusted its lure in this campaign to take advantage of the ongoing pandemic.

This month’s Patch Tuesday updates were released on 9 February. All products requiring updates should be patched as soon as possible, and in line with organisations’ protocols.

Additional areas covered in the report: 

Attacks and cybersecurity news
Data breaches, fraud and vulnerabilities
APT activity and malware campaigns
Geopolitical threats and impacts