Black Arrow Cyber Threat Briefing 19 March 2021

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.



Top Cyber Stories of the Last Week

Tens Of Thousands Of Microsoft Exchange Customers Are Under Assault From Hackers, Experts Warning Of Unprecedented Damage, Exploits Being Targeted By "At Least 10 Hacker Groups"

Four exploits in Microsoft Exchange Server hit the news last week, when we heard that a Chinese hacking group had targeted the email servers of some 30,000 U.S. government and commercial organisations. The exploits had been patched by Microsoft, but the hacking group known as “Hafnium” had doubled-up on efforts targeting unpatched servers. Security researchers found that at least 10 APT groups are taking advantage of the exploits in an attempt to compromise servers around the world. Winniti Group, Calypso, Tick, and more are among the groups identified.

https://www.techspot.com/news/88913-microsoft-exchange-server-exploits-targeted-least-10-hacker.html

Over $4.2 Billion Officially Lost To Cyber Crime In 2020

Cyber crime affecting victims in the U.S., noting a record number of complaints and financial losses in 2020 compared to the previous year. The Internet Crime Complaint Center (IC3) received last year 791,790 complaints - up by 69% from 2019 - of suspected internet crime causing more than $4 billion in losses. While most complaints were for phishing, non-payment/non-delivery scams, and extortion, about half of the losses are accounted by business email compromise (BEC), romance and confidence scams, and investment fraud.

https://www.bleepingcomputer.com/news/security/fbi-over-42-billion-officially-lost-to-cybercrime-in-2020/

Cyber Attacks Multiply On Wealthy Investors

An email nearly cost a wealthy British art collector £6m, after hackers monitored email correspondence between the client and an art dealer the client had been negotiating with for a year, with hackers impersonating the genuine art dealer, learning to impersonate the tone and language used — even gleaning private family news and the names of partners and children.

Just when the collector and the art dealer finally reached a conclusion on price, the client received an email to say something along the lines of, I hope the children are recovering from their colds — we have just amended our bank details for security and here they are. As it matched the tone of previous emails the art-loving client didn't think anything was amiss.

Fortunately, his family office phoned the real dealer to check the transaction before approving a transfer and the scam was discovered in time, but many people are not so lucky.

https://www.ft.com/content/cdfe8d97-6431-48e2-a8a7-7d760c6e9ed6

Cyber Strength Now Key To National Security, Says UK

In what has been billed as the largest security and foreign policy strategy revamp since the Cold War, the UK government has outlined new defence priorities – with at their heart, the imperative to boost the use of new technologies to safeguard the country. Prime minister Boris Johnson unveiled the integrated review this week, which has been in the making for over a year and will be used as a guide for spending decisions in the future. Focusing on foreign policy, defense and security, the review sets goals for the UK to 2025; and underpinning many of the targets is the objective of modernizing the country's armed forces.

https://www.zdnet.com/article/cyber-strength-now-key-to-national-security-says-uk/

Largest Ransomware Demand Now Stands At $30 Million As Crooks Get Bolder

Ransomware shows no sign of slowing down as the average ransom paid to cyber criminals by organisations that fall victim to these attacks has nearly tripled over the past year. Cyber security researchers analysed ransomware attacks targeting organisations across North America and Europe and found that the average ransom paid in exchange for a decryption key to unlock encrypted networks rose from $115,123 in 2019 to $312,493 in 2020.

https://www.zdnet.com/article/largest-ransomware-demand-now-stands-at-30-million-as-crooks-get-bolder/

Mimecast: SolarWinds Attackers Stole Source Code

Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company. The email security firm initially reported that a certificate compromise in January was part of the sprawling SolarWinds supply-chain attack that also hit Microsoft, FireEye and several U.S. government agencies.

https://threatpost.com/mimecast-solarwinds-attackers-stole-source-code/164847/

71 Percent Of Office 365 Users Suffer Malicious Account Takeovers

88 percent of companies have accelerated their cloud and digital transformation projects due to COVID-19. But it also finds that 71 percent of Microsoft Office 365 deployments have suffered an account takeover of a legitimate user's account, not just once, but on average seven times in the last year.

https://betanews.com/2021/03/17/office-365-malicious-account-takeovers/

More Than 16 Million Covid-Themed Cyber Attacks Launched In 2020

COVID-19 dominated everyone's lives throughout 2020 but a new report from a cyber security company found that the pandemic was also the main theme of nearly 16.5 million threats and attacks launched against its customers. Researchers wrote that they dealt with 16,393,564 threats that had a COVID-19-related tint to them, with 88% of the threats coming in spam emails and another 11% coming in the form of URLs. Malware accounted for 0.2%, or nearly 33,000, of the threats

https://www.techrepublic.com/article/more-than-16-million-covid-themed-cyberattacks-launched-in-2020/#ftag=RSS56d97e7

“Expert” Hackers Used 11 0-Days To Infect Windows, iOS, And Android Users

Using novel exploitation and obfuscation techniques, a mastery of a wide range of vulnerability types, and a complex delivery infrastructure, the group exploited four zero-days in February 2020. The hackers’ ability to chain together multiple exploits that compromised fully patched Windows and Android devices led members of Google’s Project Zero and Threat Analysis Group to call the group “highly sophisticated.”

https://arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users/

Cyber Attacks: Is The ‘Big One’ Coming Soon?

2020 was the year that the COVID-19 crisis also brought a cyber pandemic. Late last year, the security industry’s top experts from global cyber security company leadership predicted even worse cyber security outcomes for 2021 compared to what we saw in 2020. In December, we learned about how SolarWinds’ Orion vulnerability was compromised, causing one of the worst data breaches in history that is still evolving for about 18,000 organisations.

https://www.govtech.com/blogs/lohrmann-on-cybersecurity/cyber-attacks-is-the-big-one-coming-soon.html


Threats

Ransomware

Phishing

Malware

IOT

Vulnerabilities

Data Breaches

Organised Crime & Criminal Actors

OT, ICS, IIoT and SCADA

Nation-State Actors

Denial of Service

Privacy



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Previous
Previous

Why you need a CISO - Cyber Tip Tuesday video

Next
Next

What is a Cyber 'Trigger Event' under the GFSC Rules - and what firms need to do to evidence they have taken appropriate steps