Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Organisations Lack Basic Cyber Hygiene Despite High Confidence In Their Cyber Defences

A new report released this week analysed IT security leaders’ perceived threat of ransomware attacks and the maturity of their cyber security defences. The report found that while 81% of those surveyed consider their security to be above average or exceptional, many lack basic cyber hygiene – 41% lack a password complexity requirement, one of the cheapest, easiest forms of protection, and only 55.6% have implemented multi-factor authentication (MFA). https://www.helpnetsecurity.com/2021/10/21/organizations-cyber-hygiene/

83% Of Ransomware Victims Paid Ransom

A new survey of 300 US-based IT decision-makers found that 64% have been victims of a ransomware attack in the last 12 months, and 83% of those attack victims paid the ransom demand.

Cybersecurity company ThycoticCentrify released its "2021 State of Ransomware Survey & Report" on Tuesday, featuring the insights of IT leaders who have dealt with ransomware attacks over the last year. https://www.zdnet.com/article/83-of-ransomware-victims-paid-ransom-survey/

Ransomware Affected 72% Of Organisations In Past Year

72% of organisations were affected by ransomware at least once within the past twelve months, with 18% impacted more than six times in the past year. Organizations of all sizes were affected nearly to the same extent, with the exception of those with more than 25,000 employees. https://venturebeat.com/2021/10/20/report-ransomware-affected-72-of-organizations-in-past-year/

Ransomware: Looking For Weaknesses In Your Own Network Is Key To Stopping Attacks

Ransomware is a major cybersecurity threat to organisations around the world, but it's possible to reduce the impact of an attack if you have a thorough understanding of your own network and the correct protections are in place.

While the best form of defence is to stop ransomware infiltrating the network in the first place, thinking about how the network is put together can help slow down or stop the spread of an attack, even if the intruders have successfully breached the perimeter. https://www.zdnet.com/article/ransomware-looking-for-weaknesses-in-your-own-network-is-key-to-stopping-attacks/

A Hacker Warns: Give Up Trying To Keep Me Out — And Focus On Your Data

There is a misconceived notion that the security arena is a battlefield. It is not. It is a chess board and requires foresight and calculated pawn placement to protect the king — your data. If your main focus lies on keeping hackers out of your environment, then it’s already check mate. Your mission should be to buy time, slow hackers down and ultimately contain an attack.

Businesses must therefore make it as hard as possible for adversaries to exploit the relationships that allow them to move laterally through the corporate network. They can do this by distrusting anyone within their data’s environment and repeatedly corroborating that all users are who they say they are, and that they act like it too. That last part is crucial, because while identities are easy to compromise and imitate, behaviours are not. https://www.ft.com/content/93cec8b6-3fe9-4e9e-800a-62e13a0e2eac

Cyber Risk Trends Driving The Surge In Ransomware Incidents

During the COVID-19 crisis, another outbreak took place in the cyber space: a digital pandemic driven by ransomware. In a recent report, Allianz Global Corporate & Specialty (AGCS) analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices

The increasing frequency and severity of ransomware incidents is driven by several factors:

·         Growing number of different attack patterns such as double and triple extortion campaigns

·         Criminal business model around ‘ransomware as a service’ and cryptocurrencies

·         Recent skyrocketing of ransom demands

·         Rise of supply chain attacks.

Not all attacks are targeted. Criminals also adopt a scattergun approach to exploit those businesses that aren’t addressing or understanding the vulnerabilities they may have. Businesses must understand the need to strengthen their controls.

Cyber intrusion activity globally jumped 125% in the first half of 2021 compared to the previous year, according to Accenture, with ransomware and extortion operations one of the major contributors behind this increase. According to the FBI, there was a 62% increase in ransomware incidents in the US in the same period that followed an increase of 20% for the full year 2020. https://www.helpnetsecurity.com/2021/10/18/five-ransomware-trends/

US Ransomware Victims Paid $600 Million to Hackers in 1H of 2021

US Ransomware victims coughed up nearly $600 million to cyber hijackers in the first six months of 2021, further stamping cyber extortionists as an “increasing threat” to the U.S. financial, business and public sectors, a recent report released by the Treasury Department said.

Data gathered by the Financial Crimes Enforcement Network (FinCEN) derived from financial institutions’ Suspicious Activity Reports (SARs) revealed that the 635 reports filed for the first six months of this year is already 30 percent greater than the 487 filed for all of last year. Some 458 financial transitions have been reported as of June 30, 2021 with the total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 amounting to $590 million, or 42 percent more than the $416 million filed for all of 2020. https://www.msspalert.com/cybersecurity-research/victims-paid-600-millon-1h-2021/

Hacking Group Created Fake Cyber Security Companies To Hire Experts And Involve Them In Ransomware Attacks Tricking Them Of Conducting A Pentest

The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang is creating fake cyber security companies that hire experts requesting them to carry out pen testing attacks under the guise of pentesting activities.

FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces.

One of the companies created by the cyber criminal organizations with this purpose is Combi Security, but researchers from Gemini Advisory discovered other similar organizations by analyzing the site of another fake cybersecurity company named Bastion Security. https://securityaffairs.co/wordpress/123673/cyber-crime/fin7-fake-cybersecurity-firm.html

Nearly Three-Quarters of Organisations Victimized by DNS Attacks in Past 12 Months

Domain name system (DNS) attacks are impacting organizations at worrisome rates. According to a new survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Among those targeted, 61% have seen multiple attacks and 11% said they have been victimized regularly. While one-third of respondents recovered within minutes, 58% saw their businesses disrupted for more than an hour, and 14% took several hours to recover. https://www.darkreading.com/attacks-breaches/nearly-three-quarters-of-organizations-victimized-by-dns-attacks-in-past-12-months

Cyber Crime Matures As Hackers Are Forced To Work Smarter

An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.

Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide.

One key finding of the study is that the level of security on office software, web services, email platforms, etc., is getting better, browser vulnerabilities have reduced in numbers, and websites are not as easy to compromise and use as infection vectors today.

This has resulted in making web infections too difficult to pursue for non-sophisticated threat groups.

The case is similar with vulnerabilities, which are fewer and more expensive to discover.

Instead, hacking groups are waiting for a PoC or patch to be released, and then use that information to create their own exploits. https://www.bleepingcomputer.com/news/security/cybercrime-matures-as-hackers-are-forced-to-work-smarter/

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts

Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder.

That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting the video platform with cookie theft malware. The actors behind the infiltration have been attributed to a group of hackers recruited in a Russian-speaking forum. https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html

Threats

Ransomware

• 2021 Ransomware Transactions Already Exceed 2020 Numbers, Treasury Department Says - CyberScoop

• Ransomware: US Financial Institutions Report Major Increase In Payments To Cybercriminals - CNNpolitics

• DarkSide Ransomware Rushes To Cash Out $7 Million In Bitcoin (Bleepingcomputer.Com)

• Gigabyte Allegedly Hit by AvosLocker Ransomware | Threatpost

• Evil Corp Demands $40 Million In New Macaw Ransomware Attacks (Bleepingcomputer.com)

• Olympus US Hack Tied To Sanctioned Russian Ransomware Group | Techcrunch

• 81% of UK Healthcare Organizations Hit by Ransomware in Last Year - Infosecurity Magazine

BEC

• BEC Attacks: Scammers' Latest Tricks - Help Net Security

• Palo Alto Warns of BEC-As-A-Service | ZDNet

Phishing

• This Monster Of A Phishing Campaign Is After Your Passwords | ZDNet

Malware

• Cyber Criminals Have Found A Way To Get Their Malware Certified By Microsoft | Techradar

• Watch Out: ‘Squid Game’ Malware Hits Google Play As Hundreds Of Unofficial Apps Flood Store (forbes.com)

• Minecraft Declared The Most Malware-Infected Game (Hackread.Com)

Mobile

• Experts Hacked A Fully Patched iOS 15 Running On iPhone 13 At Tianfu Cup - Security Affairs

Vulnerabilities

• Update Now! Chrome Fixes More Security Issues - Malwarebytes Labs

• Patch PowerShell Now, Microsoft Tells Admins | TechRadar

• A Flaw In WinRAR Could Lead To Remote Code Execution - Security Affairs

• Injection Vulnerabilities In Popular WordPress Plugin Could Expose Credentials, Allow Admin Access | The Daily Swig (Portswigger.Net)

• SQL Is The Top Critical Risk In The Web Application Layer In Q3, 2021 - IT Security Guru

Data Breaches/Leaks

• Data Scrapers Expose 2.6 Million Instagram and TikTok Users - Infosecurity Magazine

Organised Crime & Criminal Actors

• Criminals Use Fake AI Voice To Swindle UAE Bank Out Of $35m • The Register

Insider Threats

• Most Employees Believe Backing Up Company Data Is Not Their Problem - Help Net Security

Dark Web

• The Dark Web Has Become Darker And Busier, Cyber Crime Services Cost Less Than $500 | Techspot

• Increased Activity Surrounding Stolen Data On The Dark Web - Help Net Security

• The Truth About The Dark Web's Secret Red Rooms (grunge.com)

Supply Chain

• Supply Chain Cybersecurity Breaches Have Hit Alarming Percentage Of Firms: Survey | Fox Business

OT, ICS, IIoT and SCADA

• Shared Responsibility Key to Protecting Critical Infrastructure - Infosecurity Magazine

Nation State Actors

• State-Backed Hackers Breach Telcos With Custom Malware (Bleepingcomputer.Com)

• Suspected Chinese Hackers Behind Attacks On Ten Israeli Hospitals (Bleepingcomputer.Com)

Cloud

• Russian Cyber-Criminals Switch to Cloud - Infosecurity Magazine

Privacy

• Over 80% of Brits Deluged with Scam Calls and Texts - Infosecurity Magazine

• How mobile devices can be tracked via Bluetooth analysis • The Register

• Brave Ditches Google For Its Own Privacy-Centric Search Engine (Bleepingcomputer.Com)

• A Massive ‘Stalkerware’ Leak Puts The Phone Data Of Thousands At Risk | Techcrunch

Reports Published in the Last Week

• Ransomware Report: State of Ransomware Survey & Report (thycotic.com)

Other News

• The Simmering Cybersecurity Risk of Employee Burnout (darkreading.com)

• Acer Hacked Twice In A Week By The Same Threat Actor (Bleepingcomputer.Com)

• Threat Actors Abusing Discord to Spread Malware - Infosecurity Magazine

• Mysterious Hacking Group Is Quietly Breaking Into Global Telecommunications Networks, Research Finds | Sky News

• Hacker Steals Government Id Database For Argentina's Entire Population - The Record By Recorded Future

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.