Black Arrow Cyber Threat Briefing 12 March 2021
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
‘Really Messy’: Why The Hack of Microsoft’s Email System Is Getting Worse, With Attacks Doubling Every Two Hours
The cyber security community sprang into action after Microsoft first announced a series of vulnerabilities that let hackers break into the company's Exchange email and calendar programs. China has used it to spy on a wide range of industries in the United States ranging from medical research to law firms to defence contractors, the company said. China has denied responsibility. In the past 24 hours, the team has observed "exploitation attempts on organizations doubling every two to three hours." The countries feeling the brunt of attack attempts are Turkey, the United States, and Italy, accounting for 19%, 18%, and 10% of all tracked exploit attempts, respectively.
https://www.zdnet.com/article/microsoft-exchange-server-hacks-doubling-every-two-hours/
Trickbot Malware Is Now Your Biggest Security Headache
Trickbot malware has risen to fill the gap left by the takedown of the Emotet botnet, with a higher number of criminals shifting towards it to distribute malware attacks. Emotet was the world's most prolific and dangerous malware botnet before it was disrupted by an international law enforcement operation in January this year.
https://www.zdnet.com/article/this-trojan-malware-is-now-your-biggest-security-headache/
Cyber Criminals Are Increasingly Targeting Browser Zero Days
As more and more of our work is done within our browsers, cyber criminals have begun to leverage web browser exploits to compromise endpoint systems, according to new research from Menlo Security. At the same time, enterprises around the world were forced to make an almost overnight transition to remote work last year and this surge in employees working from home along with the shift to cloud computing have resulted in a greatly increased attack surface.
https://www.techradar.com/news/cybercriminals-are-increasingly-targeting-browser-zero-days
More Than 1m Small Businesses ‘At Risk Of Collapse’ Due To Cyber Threats
The research, commissioned by Vodafone, also showed that 16 per cent of firms would likely be forced to lay off staff in the event of a hack. As a result, the report called on ministers to beef up the country’s corporate cyber defences, warning that a failure to do so could hamper the post-pandemic economic recovery. It urged the government to expand a dedicated business cyber security within the National Cyber Security Centre (NCSC), which is part of GCHQ, and introduce a five per cent VAT cut on cybersecurity products for small companies.
Number Of Ransomware Attacks Grew By More Than 150%
By the end of 2020, the ransomware market, fueled by the pandemic turbulence, had turned into the biggest cyber crime money artery. Based on the analysis of more than 500 attacks observed during Group-IB’s own incident response engagements and cyber threat intelligence activity, researchers estimate that the number of ransomware attacks grew by more than 150% in 2020.
https://www.helpnetsecurity.com/2021/03/08/ransomware-attacks-grew-2020/
Hackers Are Using Home Office Selfies To Steal Your Personal Data
The pandemic has been the source of plenty of memes and new internet trends, not least the remote working selfie, which involves people taking photos of their home office setup or video conferencing sessions. However, a new blog suggests cyber criminals are capitalizing on this new genre of selfie to steal a range of personal data that could be used to execute identity or financial fraud.
https://www.techradar.com/uk/news/hackers-are-using-home-office-selfies-to-steal-your-personal-data
Massive Supply-Chain Cyber Attack Breaches Several Airlines
A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.” The affected servers are in Atlanta, and belong to the SITA Passenger Service System (SITA PSS).
https://threatpost.com/supply-chain-cyberattack-airlines/164549/
Millions Of Windows Devices Are Still Infested With Malware
Over 100 million Windows consumer and business devices across the world were infected with malware last year, new analysis has found. While examining the recent Malwarebytes "State of Malware" report, Atlas VPN noted that whilst the number of infected Windows machines seems high, this landmark figure was actually 12% drop when compared to 2019.
https://www.techradar.com/uk/news/millions-of-windows-devices-are-still-infested-with-malware
Did You Know Browser Extensions Are Looking at Your Bank Account?
Browser extensions have full access to all the web pages you visit. It can see which web pages you are browsing, read their contents, and watch everything you type. It could even modify the web pages—for example, by inserting extra advertisements. If the extension is malicious, it could gather all that private data of yours—from web browsing activity and the emails you type to your passwords and financial information—and send it to a remote server on the internet.
https://www.howtogeek.com/716771/did-you-know-browser-extensions-are-looking-at-your-bank-account/
Threats
Ransomware
Capcom reportedly forced employees to work in the office following ransomware attack
Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection
New ransomware only decrypts victims who join their Discord server
Phishing
Malware
Mobile
Vulnerabilities
Microsoft's March Patch Tuesday: Critical remote code execution flaws, IE zero-day fixed
F5 issues BIG-IP patches to tackle unauthenticated remote code execution, critical flaws
Hackers Exploit QNAP Vulnerabilities to Turn NAS Devices Into Crypto Miners
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect
Critical 0-day that targeted security researchers gets a patch
Intel CPU interconnects can be exploited by malware to leak encryption keys and other info
Organised Crime
Dark Web
OT, ICS, IIoT and SCADA
Nation-State Actors
Researchers Unveil New Linux Malware Linked to Chinese Hackers
United States considering cyber war on Russia in retaliation for SolarWinds hack
Privacy
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.