Black Arrow Cyber Threat Briefing 16 July 2021
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
84% Of Organisations Experienced Phishing Or Ransomware Attacks In The Last Year
A new report from Trend Micro has found that 84% of organisations have reported phishing or ransomware security incidents in the last 12 months.
The findings come from an Osterman Research study commissioned by Trend Micro that was compiled from interviews with cyber security professionals in midsize and large organisations nationwide. The research also found that half of organisations are not effective at countering phishing and ransomware threats.
Phishing continues to be one of the easiest paths for ransomware
Ransomware gangs are still using phishing as one of the main ways to attack an organisation, according to a new survey from Cloudian featuring the insights of 200 IT decision-makers who experienced a ransomware attack over the last two years.
More than half of all respondents have held anti-phishing training among employees, and 49% had perimeter defenses in place when they were attacked.
Nearly 25% of all survey respondents said their ransomware attacks started through phishing, and of those victims, 65% had conducted anti-phishing training sessions. For enterprises with fewer than 500 employees, 41% said their attacks started with phishing. About one-third of all victims said their public cloud was the entry point ransomware groups used to attack them.
Ransomware: Only Half Of Organisations Can Effectively Defend Against Attacks, Warns Report
Around half of firms don't have the technology to prevent or detect ransomware attacks, according to research by cybersecurity company Trend Micro. It suggests that many organisations don't have the cybersecurity capabilities required to prevent ransomware attacks, such as the ability to detect phishing emails, remote desktop protocol (RDP) compromise or other common techniques deployed by cyber attackers during ransomware campaigns.
For example, the report warns that many organisations struggle with detecting the suspicious activity associated with ransomware and attacks that could provide early evidence that cyber criminals have compromised the network. That includes failing to identify unusual lateral movement across corporate networks, or being able to spot unauthorised users gaining access to corporate data.
MI5 Chief Warns Public Of Cyber-Threat From Hostile States Such As China & Russia
Head of Britain's MI5, Ken McCallum, is urging the public to be as vigilant about threats from "hostile states" as from terrorism.
These include disruptive cyber-attacks, misinformation, espionage and interference in politics - and are usually linked to Russia and China.
McCallum is warning that "less visible threats... have the potential to affect us all," affecting UK jobs and public services and could even lead to a loss of life.
The head of the Security Service wants to challenge the idea that activity by so-called "hostile states", usually taken to mean primarily Russia and China, only affects governments or certain institutions.
Instead, he is to argue in an annual threat update, that the British public are not immune to the "tentacles" of covert action by other states.
In the speech at MI5's Thames House headquarters, Mr McCallum will warn the "consequences range from frustration and inconvenience, through loss of livelihood, potentially up to loss of life".
Almost All Organisations Have Suffered Insider Data Breaches
Egress’ Insider Data Breach Survey 2021 claims that 94 percent of organisations have experienced insider data breaches in the last year. Human error was the top cause of serious incidents, according to 84 percent of IT leaders surveyed.
However, IT leaders are more concerned about malicious insiders, with 28 percent indicating that intentionally malicious behaviour is their biggest fear. Despite causing the most incidents, human error came bottom of the list, with just over one-fifth (21 percent) saying that it’s their biggest concern.
Additionally, almost three-quarters (74 percent) of organisations have been breached because of employees breaking security rules, and 73 percent have been the victim of phishing attacks.
The survey, independently conducted by Arlington Research on behalf of Egress, surveyed 500 IT leaders and 3,000 employees in the US and UK across vertical sectors including financial services, healthcare and legal.
https://workplaceinsight.net/almost-all-organisations-have-suffered-insider-data-breaches/
Cyber Crime Costs Organisations Nearly $1.79 Million Per Minute
Cybercrime costs organisations an incredible $1.79m every minute, according to RiskIQ’s 2021 Evil Internet Minute Report.
The study, which analysed the volume of malicious activity on the internet, laid bare the scale and damage of cyber-attacks in the past year, finding that 648 cyber-threats occurred every minute.
The researchers calculated that the average cost of a breach is $7.2 per minute, while the overall predicted cybersecurity spend is $280,060 every minute.
E-commerce has been heavily hit by online payment fraud in the past year, with cyber-criminals taking advantage of the shift to online shopping during the COVID-19 pandemic. While the e-commerce industry saw a record $861.1bn in sales, it lost $38,052 to online payment fraud every minute.
https://www.infosecurity-magazine.com/news/cybercrime-costs-orgs-per-minute/
Phishing, Ransomware Driving Wave of Data Breaches
Data compromises have increased every month this year except May.
If that trend continues, or even if there is only an average of 141 new compromises per month for the next six months, the total will still exceed the previous high of 1,632 breaches set in 2017.
These were among the findings of the nonprofit organization Identity Theft Resource Center’s (ITRC) latest data breach analysis report, which revealed publicly reported U.S. data breaches are up 38% in the second quarter of 2021, for a total of 491 compromises, compared to Q1.
https://securityboulevard.com/2021/07/phishing-ransomware-driving-wave-of-data-breaches/
Top CVEs Trending with Cybercriminals
An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in.
Criminal small talk in underground forums offer critical clues about which known Common Vulnerabilities and Exposures (CVEs) threat actors are most focused on. This, in turn, offers defenders clues on what to watch out for.
An analysis of such chatter, by Cognyte, examined 15 cybercrime forums between Jan. 2020 and March 2021. In its report, researchers highlight what CVEs are the most frequently mentioned and try to determine where attackers might strike next.
“Our findings revealed that there is no 100 percent correlation between the two parameters, since the top five CVEs that received the highest number of posts are not exactly the ones that were mentioned on the highest number of Dark Web forums examined,” the report said. “However, it is still enough to understand which CVEs were popular among threat actors on the Dark Web during the time examined.”
https://threatpost.com/top-cves-trending-with-cybercriminals/167889/
Sonicwall Releases Urgent Notice About 'Imminent' Ransomware Targeting Firmware
Networking device maker SonicWall sent out an urgent notice to its customers about "an imminent ransomware campaign using stolen credentials" that is targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.
In addition to the notice posted to its website, SonicWall sent an email to anyone using SMA and SRA devices, urging some to disconnect their devices immediately. They worked with Mandiant and other security companies on the issue, according to the release.
Google Finds Zero-Day Security Flaws In All Your Favourite Browsers
Researchers at Google have shared insight into four zero-day security vulnerabilities in popular web browsers which were exploited in the wild earlier this year.
DIscovered by Google's Threat Analysis Group (TAG), the four vulnerabilities in Google Chrome, Internet Explorer, and WebKit, the browser engine used by Apple's Safari, were used as a part of three different campaigns.
https://www.techradar.com/news/google-finds-zero-day-security-flaws-in-all-your-favorite-browsers
Threats
Ransomware
Ransomware attackers are growing bolder and using new extortion methods
REvil ransomware gang's websites vanish soon after Kaseya fiasco, Uncle Sam threatens retaliation
What it's really like to negotiate with ransomware attackers
This ransomware gang hunts for evidence of crime to pressure victims into paying a ransom
BEC
Phishing
Other Social Engineering
Malware
Trickbot Malware Rebounds with Virtual-Desktop Espionage Module
Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites
Mobile
Vulnerabilities
Microsoft July 2021 Patch Tuesday: 117 vulnerabilities, Pwn2Own Exchange Server bug fixed
SonicWall vulnerability allows attackers to obtain full control of device and underlying OS
Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability
Serious Security Vulnerability Hits DrayTek’s UK Fibre Routers
Kaseya issues patch for on-premise customers, SaaS rollout underway
Data Breaches
Morgan Stanley suffered data breach of customers after supply chain hack
Fashion retailer Guess discloses data breach after ransomware attack
Insurance giant CNA reports data breach after ransomware attack
Organised Crime & Criminal Actors
SolarWinds 0-day gave Chinese hackers privileged access to customer servers
Magecart hackers hide stolen credit card data into images and bogus CSS files
Cryptocurrency/Cryptojacking
Insider Threats
Dark Web
Supply Chain
OT, ICS, IIoT and SCADA
Vulnerability in Schneider Electric PLCs allows for undetectable remote takeover
Unpatched Critical RCE Bug Allows Industrial, Utility Takeovers
Nation State Actors
Privacy
User Education, Awareness and Training
Other News
Kaseya's Staff Sounded the Alarm About Security Flaws for Years Before Ransomware Attack
Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware
Endpoint Detection (alone) won’t protect your organisation from advanced hacking groups
Kaseya hack proves we need better cyber metrics
Instagram's Security Checkup will help users secure their accounts after a hack
79% of organisations identify threat modelling as a top priority in 2021
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.