THREAT LEVEL - CRITICAL

15-10-2024

LulzSec Black Targets Critical Infrastructure in Cyprus

Threat Level Description

IthacaLabs has changed the Threat Level (Critical) adding a new observation:

An attack is expected imminently. Maximum protective security measures to meet specific threats and to minimize vulnerability and risk. Critical may also be used if a terrorist attack is expected seeking to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the economy, and damage public morale and confidence.

Description

We have observed that a hacking group known as LulzSec Black has publicly declared its intent to target the critical infrastructure of Cyprus.

The attack appears to be politically motivated, citing Cyprus’ relationship with Israel as a factor behind the upcoming cyber offensive.

A planned cyberattack targeting the infrastructure of Cyprus is scheduled for 17th October 2024, with potential tactics including distributed denial of service (DDoS), data breaches, and other exploitation techniques. The threat is further heightened by the involvement of the group “Moroccan Soldiers,” who have expressed their support for LulzSec Black in these operations.

The targeted systems include Cypriot infrastructure, specifically government, financial, and critical services, which may be at risk of service disruptions, data theft, or system compromises.

Organizations in Cyprus should prioritize the protection of their systems and data, as LulzSec Black and supporting groups have explicitly stated their intentions to target critical infrastructures. Immediate actions to enhance cybersecurity posture and defence mechanisms are strongly recommended. Organisations should be able to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems as part of their cyber resilience strategy.

CVE(s)

OC-2024-0009

Recommendation(s)

Ensure all critical systems are up to date with the latest security patches.
Enhance monitoring of network traffic for any signs of malicious activity.
Prepare for potential DDoS attacks by working with your network providers on mitigation strategies.
Backup essential data to ensure resilience in the event of a breach or system compromise.
Increase security awareness among staff and partners about phishing attempts or other methods of gaining unauthorized access.
Have an incident response preparedness plan in place.

References:

IthacaLabs Incident Response and Threat Intelligence Services

NIS2 Domain	Odyssey Technology/Service
Policies on risk analysis and information system security	- Cybersecurity Strategy Development - Security Policy Framework Development - Risk Assessment
Incident Handling	- Security Policy Framework Development - SIEM Platform + 24/7 SOC - Incident Response & Operational Recovery
Business Continuity (Backup, Disaster Recovery, Crisis Management)	- Security Policy Framework Development - Backup - Hardware for high availability - Data Loss Prevention (DLP) - Technology Resilience (TR)
Supply Chain Security (Relationship Management with Suppliers and Providers)	- Security Policy Framework Development - Penetration Testing - Vulnerability Scanning - Continuous Threat Exposure Management (CTEM)
Security in Network and Information Systems (Development, Maintenance, Vulnerability Handling)	- Security Policy Framework Development - Next Generation Firewall (NGFW) - Secure Access Service Edge (SASE) - Network Security & Architecture Design Audit - Network Segmentation - Penetration Testing - Vulnerability Scanning - Continuous Threat Exposure Management (CTEM)
Assessing Cybersecurity Risk-Management Effectiveness	- Security Policy Framework Development
Basic Cyber Hygiene Practices and Cybersecurity Training	- Information Security Awareness Platform - Information Security Awareness Training - Endpoint Security - Mobile Device Management (MDM) - Email Security - Patch Management
Cryptography and Encryption Policies	- Security Policy Framework Development - VPN - Password Manager - Database Auditing & Protection - Endpoint Security (including encryption)
Human Resources Security, Access Control, and Asset Management	- Security Policy Framework Development - Privileged Access Management (PAM) - Active Directory (AD) Services - Multi-Factor Authentication (MFA)
Multi-Factor Authentication and Emergency Communication Systems	- Security Policy Framework Development - Multi-Factor Authentication (MFA) - Secure Access Service Edge (SASE) - VPN

World Class Professional Services

MANAGED SERVICES

ADVISORY SERVICES

HYBRID INTEGRATED SOLUTIONS

NEWS & MEDIA

NEWSROOM

PRESS RELEASES

PUBLICATIONS

EVENTS

SUCCESS STORIES

CONTENT LIBRARY

WHITEPAPERS

DATASHEETS

BROCHURES

INFOGRAPHICS

VIDEOS

ODYSSEY BLOG

THREAT RESOURCES

NIS2 HUB

ABOUT US

ACHIEVEMENTS

TECHNOLOGY PARTNERS

CAREER

CONTACT US

Reach out our Team now

LulzSec Black Targets Critical Infrastructure in Cyprus

Threat Level Description

Description

Recommendation(s)

SIGN UP

Who We Are

Solutions & Services

Resources

Careers

Get in touch