Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Office Workers Unwilling To Change Their Behaviour, Despite Being Aware Of The Cyber Security Challenges

Despite office workers being aware of the cyber security challenges faced by their employer – especially when it comes to hybrid working – many admit to high-risk behaviour including sharing passwords, downloading non-work-related files, and even losing work-owned devices, a security survey reveals. https://www.helpnetsecurity.com/2021/09/21/office-workers-cybersecurity/

77% Of Execs Concerned About Security Tools Gaps In Their Company

500 people in managerial and executive roles were surveyed to find out their opinions on the security of their companies and industry. The results found that 89% are concerned about external security threats to their company, and nearly the same amount, 86%, are concerned about threats from inside. https://www.helpnetsecurity.com/2021/09/21/security-tools-gaps/

Ransomware Attack Levels Soaring, Now Accounting For 69% Of All Attacks Involving Malware

Ransomware attacks have reached ‘stratospheric’ levels in Q2 2021, now accounting for 69% of all attacks involving malware. That is among the most disturbing finding in the latest report from a recent survey conducted by researchers. The research also reveals that the volume of attacks on governmental institutions, soared from 12% in Q1 2021 to 20% in Q2. https://www.helpnetsecurity.com/2021/09/23/ransomware-attack-levels/

DDoS Attacks Increased 11% In 1h 2021, Fuelling A Global Security Crisis

A survey shows in the first half of 2021, cyber criminals launched approximately 5.4 million Distributed Denial of Services (DDoS) attacks, increasing 11% over 1H 2020 figures. Additionally, data projections point to 2021 as another record-setting year on track to surpass 11 million global DDoS attacks. This long tail of attacker innovation is expected to last, fuelling a growing cyber security crisis that will continue to impact public and private organisations. https://www.helpnetsecurity.com/2021/09/23/1h-2021-ddos-attacks/

Half Of Web Owners Don't Know If Their Site Has Been Attacked

Security researchers discovered that nearly half of US website owners have so little insight into third-party code that they can’t say definitively if their site has suffered a cyber breach. These stats will play a big part surrounding Third-party vendors and what’s more, almost 80% of respondents said that these third-party scripts and open-source libraries account for 50-70% of the capability in their website. https://www.infosecurity-magazine.com/news/half-web-dont-know-site-attacked/

VMware Warns Of Ransomware-Friendly Bug In vCenter Server

VMware has released a security update that includes patches for 19 CVE-numbered vulnerabilities that affect the company’s vCenter Server virtualization management platform and its hybrid Cloud Foundation platform for managing VMs and orchestrating containers.

They’re all serious, but one vulnerability sticks out from the rest - A critical arbitrary file upload vulnerability in the Analytics service that’s been assigned the maximum CVSSv3 base score of 9.8/10, which should be patched immediately. https://threatpost.com/vmware-ransomware-bug-vcenter-server/174901/

Malicious Email Surge Predicted For Q4

Corporate end-users should be on high alert for phishing attacks in the final quarter of the year as this is when most malicious emails are likely to land, according to new recent research. The survey that was conducted found that 45% more malicious emails sent in October, November, and December 2020 than in the previous quarter. That’s perhaps not surprising given the number of opportunities for threat actors at the end of the year to capitalise on upcoming events such as Halloween, Firework nights, and Christmas. https://www.infosecurity-magazine.com/news/malicious-email-surge-q4/

2 Million Malicious Emails Bypassed Secure Email Gateways In 12 Months

Two million malicious emails bypassed traditional email defences, like secure email gateways, between July 2020-July 2021, according to recent data collected by researchers. It shows that the retail industry was targeted most, with the average employee in this sector receiving 49 malicious emails a year. This is significantly higher than the overall average of 14 emails per user, per year. Employees in the manufacturing industry were also identified as major targets, with the average worker receiving 31 malicious emails a year. https://www.helpnetsecurity.com/2021/09/22/malicious-emails-bypassed-gateways/

A Zero-Day Flaw Allows To Run Arbitrary Commands On MacOS Systems

Independent security researchers disclosed a zero-day vulnerability in Apple’s MacOS Finder that can be exploited by attackers to run arbitrary commands on Mac systems running any MacOS version. The flaw is due to the way MacOS handles inetloc files that causes it to run commands embedded inside. According to the SSD Secure Disclosure advisory, the commands it runs can be local to the MacOS allowing the execution of arbitrary commands by the user without any prompts. https://securityaffairs.co/wordpress/122447/hacking/zero-day-macos.html

46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?

Is there a day that goes by where you don’t read a news headline about a mega-breach impacting millions of people? It’s an unlikely scenario, particularly at a time when the volume of data breaches are rising by an astonishing 30 percent annually. Researchers estimate that another 40 billion records will be compromised by the end of 2021. That’s billions of pieces of data, much of it sensitive or identifiable, that will be available for cyber criminals to exploit in the future. https://threatpost.com/46-on-prem-databases-globally-contain-vulnerabilities/174815/

Threats

Ransomware

• Researchers Compile List Of Vulnerabilities Abused By Ransomware Gangs

• REvil Ransomware Devs Added A Backdoor To Cheat Affiliates

• Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

• Ransomware still a primary threat as cyber criminals evolve tactics

• City Of Yonkers Refuses To Pay Ransom After Attackers Demand $10 Million

• A Look At The Triple Extortion Ransomware

• FBI Had Ransomware Decryption Key For Weeks Before Giving It To Victims

Phishing

• Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?

• Microsoft Warns Of A Wide-Scale Phishing-As-A-Service Operation

• Banks Confront New Type Of Phishing: 'Salami' Attacks

Other Social Engineering

• “Back To Basics” As Courier Scammers Skip Fake Fees And Missed Deliveries

• Scammers Use 'IT Support-Themed Email' To Target Organisations

• Hackers Impersonate Bank Customers And Make $500k In Fraudulent Credit Card Payments

• Hackers Hacked The Accounts Of Employees Of Government Agencies In Russia And More Than Ten Other Neighbouring Countries

Malware

• Hacked Sites Push TeamViewer Using Fake Expired Certificate Alert

• New Mac Malware Masquerades As Iterm2, Remote Desktop And Other Apps

• New Capoae Malware Infiltrates WordPress Sites And Installs Backdoored Plugin

• New Mac Malware Spreads Via Search Results — What You Need To Know

• Experts Warn That Mirai Botnet Starts Exploiting OMIGOD Flaw

• New Malware Variant Employs Windows Subsystem For Linux For Attacks

IOT

• Protecting IoT Devices Requires A DNS-Based Solution

Vulnerabilities

• A New Bug In Microsoft Windows Could Let Hackers Easily Install A Rootkit

• Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software

• Lithuania Says Built-In Cyber Security Risks Found In Chinese-Made Xiaomi And Huawei Phones

• Flaw In Netgear SOHO Routers Could Allow Remote Code Execution

• Flaws In Nagios Network Management Systems Pose Risk To Companies

• Apple Tried To Patch This Security Hole In MacOS Finder But Didn't Consider Upper And Lowercase Characters

• Unpatched Apple Zero-Day In MacOS Finder Allows Code Execution

• New PrintNightmare Patch Can Be Bypassed, Say Researchers

• VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

• Payment API Vulnerabilities Exposed "Millions" Of Users

• Hackers Attack Russian Organisations Through A New Microsoft Office Vulnerability

• CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug

Data Breaches/Leaks

• A Second Data Breach At The Ministry of Defence Has Been Discovered

• Microsoft Exchange Service Exposes Nearly 100,000 Names And Logins

• UK MoD Data Breach Shows Cyber Security Must Protect

• Four Months On From A Sophisticated Cyber Attack, Alaska's Health Department Is Still Recovering

• After Ransomware Attack, Company Finds 650+ Breached Credentials From New Cooperative Employees

• Data Of 106 Million Visitors To Thailand Leaked Online

• Epik Data Breach Impacts 15 Million Users, Including Non-Customers

• 'Potentially Damaging' Council And Civil Service Data For Sale On Dark Web

Organised Crime & Criminal Actors

• How The Mafia Is Pivoting To Cyber Crime

• He Escaped the Dark Web's Biggest Bust. Now He's Back 

Cryptocurrency/Cryptojacking

• China Says All Cryptocurrency-Related Transactions Are Illegal And Must Be Banned

DoS/DDoS

• Russian Security Firm Sinkholes Part Of The Dangerous Meris DDoS Botnet

• Canadian VoIP Provider Held For Ransom By DDoS Attack

• Admin Of DDoS Service Behind 200,000 Attacks Faces 35yrs In Prison

Nation State Actors

• A New APT Is Targeting Hotels Across The World

• How APTs Become Long-Term Lurkers: Tools And Techniques Of A Targeted Attack

• Nations, Not Criminals, Are Main Threat To Core Internet

• Experts Say China’s Low-Level Cyber War Is Becoming Severe Threat

• Turla Hacking Group Launches New Backdoor In Attacks Against US, Afghanistan

• APT Actors Exploit Flaw In ManageEngine Single Sign-On Solution

Privacy

• Spyware ‘Found On Phones Of Five French Cabinet Members’

Reports Published in the Last Week

• State Of IoT 2021: Number Of Connected IoT Devices Growing 9% To 12.3 Billion Globally, Cellular IoT Now Surpassing 2 Billion

Other News

• The 8 Most Notorious Malware Attacks of All Time

• Extremists Using Video-Game Chats To Spread Hate

• Future Of Work: Cyber Security And Hybrid Working As Top Two Enterprise Priorities

• Users Increasingly Willing To Abandon Digital Platforms That Demand Personal Info, Stringent Passwords, And Time-Consuming Forms

• Organisations Prioritise Strategic Security Programs, But Lack Fundamentals

• You Need To Protect Yourself From Zero-Click Attacks

• Kamikaze Satellites And Shuttles Adrift: Why Cyber Attacks Are A Major Threat To Humanity's Ambitions In Space

• Internet Users Stressed Out By Cyber Attack News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.