Black Arrow Cyber Threat Briefing 03 September 2021
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Attacks Soar 288% in First Half of 2021
The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew, according to the latest data.
Nearly a quarter (22%) of data leaks in the second quarter came from the Conti ransomware group, who typically gain initial network access to victim organisations via phishing emails.
It’s an unfortunate fact that no organisation in any sector is safe from ransomware today.
Targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model. https://www.infosecurity-magazine.com/news/ransomware-attacks-soar-half-2021/
Ransomware Costs Expected To Reach $265 Billion By 2031
Think ransomware is expensive now? It’s not predicted to get any cheaper over the next decade. Ransoms could cost victims a collective total of $265 billion by 2031. The estimate is based on the prediction that the price tag will increase 30% every year over the next 10 years. https://securityintelligence.com/news/ransomware-costs-expected-265-billion-2031/
Brute Force Email Attacks and Account Takeover Attempts Rise 671%, Reaching Unprecedented Levels, Causing Financial And Reputational Damage
A new Email Threat Report for Q3 2021 examines the escalating adverse impact of socially-engineered and never-seen-before email attacks, and other advanced email threats—both financial and reputational—to organisations worldwide. The report surveyed advanced email attacks across eight major industry sectors, including retail and consumer goods, manufacturing, technology, energy and infrastructure services, medical, media and television, finance, and hospitality.
The report also finds 61% of organisations experienced a vendor email compromise/supply chain attack in Q2 2021.
Key report findings include:
32.5% of all companies were targeted by brute force attacks in early June 2021
137 account takeovers occurred per 100,000 mailboxes for members of the C-suite
61% of organisations experienced a vendor email compromise attack this quarter
22% more business email compromise attacks since Q4 2020
60% chance of a successful account takeover each week for organisations with 50,000+ employees
73% of all advanced threats were credential phishing attacks
80% probability of attack every week for retail and consumer goods, technology, and media and television companies
https://finance.yahoo.com/news/brute-force-email-attacks-account-120100299.html
Investigation Into Hacked "Map" Of UK Gun Owners
Gun-selling site Guntrader announced a data breach affecting more than 100,000 customers in July. This week, reports emerged that an animal rights activist blog had published the information. The group had formatted the data so it could be easily imported into mapping software to show individual homes. The National Crime Agency, which has been investigating the data breach and its fallout, said it "is aware that information has been published online as a result of a recent data breach which impacted Guntrader". https://www.bbc.co.uk/news/technology-58413847
Eight US Financial Services Firms Given Six-Figure Fines Over BEC Data Breaches
The US Securities and Exchange Commission (SEC) has sanctioned multiple financial services firms for cyber security failures that led to the compromise of corporate email accounts and the personal data of thousands of individuals. The case was brought after the unauthorised takeover of cloud-based email accounts at Seattle-based KMS Financial Services, and subsidiaries of California-headquartered Cetera Financial Group and Iowa-based Cambridge Investment Group. https://portswigger.net/daily-swig/eight-us-financial-services-firms-given-six-figure-fines-over-bec-data-breaches
Ransomware Has Been A ‘Game Changer’ For Cyber Insurance
Ransomware attacks accounted for nearly one quarter of all cyber incidents globally last year, according to a software company. The researchers “think of December 2019 as the tipping point for when we started to see ransomware take hold”. The U.S. was hit by a barrage of ransomware attacks in 2019 that impacted at least 966 government agencies, educational establishments, and healthcare providers at a potential cost in excess of $7.5 billion. All of this has a massive knock-on affect for the Insurance firms. https://www.insurancejournal.com/news/national/2021/08/30/628672.htm
Getting Ahead Of A Major Blind Spot For CISOs: Third-Party Risk
For many CISOs and security leaders, it was not long ago that their remit focused on the networks and digital ecosystems for their organisation alone. In today’s digital world, those days are a thing of the past with a growing number of businesses relying on third-party vendors to scale, save time and outsource expertise to stay ahead. With this change, new security risks affiliated with third-party vendors are more prevalent than ever before. https://www.helpnetsecurity.com/2021/09/01/getting-ahead-of-a-major-blind-spot-for-cisos-third-party-risk/
WhatsApp Hit With $267 Million GDPR Fine For Bungling User Privacy Disclosure
Ireland’s Data Protection Commission fined Facebook-owned messenger WhatsApp for $225 million for failing to provide users enough information about the data it shared with other Facebook companies.
The fine is the largest penalty that the Irish regulator has waged since the European Union data protection law, the General Data Protection Regulation, or GDPR, went into effect in 2018. https://www.cyberscoop.com/whatsapp-hit-with-267-million-gdpr-fine-for-bungling-user-privacy-disclosure/
Microsoft Warns About Open Redirect Phishing Campaign
Microsoft’s Security Intelligence team is warning over phishing campaigns using open redirector links, links crafted to subvert normal inspection efforts. Smart users know to hover over links to see where they're going to lead, but these links are prepared for that type of user and display a safe destination designed to lure targets into a false sense of security. Click the link and you'll be redirected to a domain that appears legit (such as a Microsoft 365 login page, for example) and sets the stage for you to voluntarily hand over credentials to bad actors without even realising it until it's too late. https://www.windowscentral.com/microsoft-warns-about-open-redirect-phishing-campaign
Previous Employees With Access To Corporate Data Remain A Threat To Businesses
Offboarding employees securely is a key problem for business leaders, with 40% concerned that employees who leave a company retain knowledge of passwords that grant access to corporate data. This is according to a report, which found few organisations are implementing access management solutions that work with all applications, meaning most lack the ability to revoke access to all corporate data as soon as an employee leaves. https://www.helpnetsecurity.com/2021/09/02/previous-employees-access-data/
BEC Scammers Seek Native English Speakers On Underground
Looking for work? Speak fluent English? Capable of convincingly portraying a professional – as in, somebody a highly ranked corporate leader would talk to? If you lack scruples and disregard those pesky things called “laws,” it could be your lucky day: Cyber Crooks are putting up help-wanted ads, looking for native English speakers to carry out the social-engineering elements of business email compromise (BEC) attacks. https://threatpost.com/bec-scammers-native-english-speakers/169092/
Half Of Businesses Can't Spot These Signs Of Insider Cyber Security Threats
Most businesses are struggling to identify and detect early indicators that could suggest an insider is plotting to steal data or carry out other cyber attacks. Research suggests that over half of companies find it impossible or very difficult to prevent insider attacks. These businesses are missing indicators that something might be wrong. Those include unusual amounts of files being opened, attempts to use USB devices, staff purposefully circumventing security controls, masking their online activities, or moving and saving files to unusual locations. All these and more might suggest that a user is planning malicious activity, including the theft of company data. https://www.zdnet.com/article/half-of-businesses-cant-spot-these-signs-of-insider-cybersecurity-threats/
Threats
Ransomware
Conti Ransomware Now Hacking Exchange Servers With ProxyShell Exploits
LockFile Ransomware Bypasses Protection Using Intermittent File Encryption
FBI, CISA: Ransomware Attack Risk Increases On Holidays, Weekends
LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files
Phishing
Malware
Cyber Attackers Are Now Quietly Selling Off Their Victim's Internet Bandwidth
Cyber Criminal Sells Tool To Hide Malware In AMD, NVIDIA GPUS
Cyber Criminals Abusing Internet-Sharing Services To Monetise Malware Campaigns
Mobile
Snowden Slams Apple CSAM: Warns iPad, iPhone, Mac Users Worldwide
Kaspersky Lab Has Reported About Android Viruses Designed To Steal Money Automatically
Dangerous Android Malware Is Spreading — Beware Of Text Message Scam
Vulnerabilities
New BrakTooth Flaws Leave Millions Of Bluetooth-Enabled Devices Vulnerable
Meltdown-Like Vulnerability Disclosed For AMD Zen+ And Zen 2 Processors
NPM Package With 3 Million Weekly Downloads Had A Severe Vulnerability
Cisco Patches Critical Authentication Bug With Public Exploit
QNAP Working On Patches For OpenSSL Flaws Affecting Its NAS Devices
This Top TP-Link Router Ships With Some Serious Security Flaws
Data Breaches/Leaks
Organised Crime & Criminal Actors
Dark Web
DoS/DDoS
OT, ICS, IIoT and SCADA
Cloud
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.