Black Arrow Cyber Threat Briefing 25 December 2020
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
The Cyber Threat Is Real and Growing
The SolarWinds breach could be one of the most significant cyber incidents in history. Russian intelligence—likely the SVR, the foreign-intelligence branch—infiltrated and sat undetected on U.S. and other government networks for nearly 10 months. It was a sophisticated, smart and savvy attack that should alarm the public and private sectors.
We may not know the full extent of the damage for some time. Don’t be surprised if more government entities disclose that they too were victims of this attack. Don’t be surprised either if it emerges that private companies were hit. SolarWinds says it has more than 300,000 customers, including 400 companies in the Fortune 500. That’s a lot of potential victims.
https://www.wsj.com/articles/the-cyber-threat-is-real-and-growing-11608484291
Ransomware Attacks Surge in Q3 as Cyber Criminals Shift Tactics
A record growth in ransomware attacks took place in Q3 of 2020 compared to Q2, from 39% to 51% of all malware attempts according to a new study. The study also found that hacking accounted for 30% of all attacks during Q3, with cyber criminals reducing their emphasis on social engineering tactics compared with earlier this year. The researchers noted that the percentage of social engineering attacks using COVID-19 as a lure fell from 16% in Q2 to just 4% in Q3, which they attribute to people becoming more accustomed to this crisis. Additionally, social engineering attacks targeting organizations fell from 67% of all attempts in Q1 to under half (45%) in Q3.
https://www.infosecurity-magazine.com/news/ransomware-attacks-surge-q3/
In 2021, there will be a cyber attack every 11 seconds. Here’s how to protect yourself
Experienced outdoor athletes know that with winter rapidly approaching, the secret to success lies in protecting the core. That is, the body’s core temperature through layering, wicking and a host of ever-improving technical fabrics that prevent the cold, snow and ice from affecting performance. The same could be said for cyber security. With organizations and workers now in their ninth month of COVID-19, the time has come to prepare as the threat of cyber attacks becomes even more menacing.
The US, and much of the West, has suffered a massive cyber breach. It's hard to overstate how bad it is
Recent news articles have all been talking about the massive Russian cyber-attack against the United States, but that’s wrong on two accounts. It wasn’t a cyber-attack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous.
Espionage is internationally allowed in peacetime. The problem is that both espionage and cyber-attacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk – and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack.
https://www.theguardian.com/commentisfree/2020/dec/23/cyber-attack-us-security-protocols
Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack
Last week, news broke that IT management company SolarWinds had been hacked, possibly by the Russian government, and the US Treasury, Commerce, State, Energy, and Homeland Security departments have been affected — two of which may have had emails stolen as a result of the hack. Other government agencies and many companies are investigating due to SolarWinds’ extensive client list. The Wall Street Journal is now reporting that some big tech companies have been infected, too.
Cisco, Intel, Nvidia, Belkin, and VMware have all had computers on their networks infected with the malware. There could be far more: SolarWinds had stated that “fewer than 18,000” companies were impacted, as if that number is supposed to be reassuring, and it even attempted to hide the list of clients who used the infected software. Today’s news takes some of SolarWinds’ big-name clients from “possibly affected’’ to “confirmed affected.”
https://www.theverge.com/2020/12/21/22194183/intel-nvidia-cisco-government-infected-solarwinds-hack
Researchers share the lists of victims of SolarWinds hack
Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations. Researchers from multiple cybersecurity firms published a list that contains major companies, including Cisco, Deloitte, Intel, Mediatek, and Nvidia. The researchers decoded the DGA algorithm used by the backdoor to assign a subdomain of the C2 for each of the compromised organizations.
https://securityaffairs.co/wordpress/112555/hacking/solarwinds-victims-lists.html
Threats
Ransomware
Ransomware: Attacks could be about to get even more dangerous and disruptive
IOT
New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices
Malware
Emotet Returns to Hit 100K Mailboxes Per Day
Microsoft has discovered yet more SolarWinds malware
3 million users hit with infected Google Chrome and Microsoft Edge extensions
Vulnerabilities
Windows zero-day with bad patch gets new public exploit code
Script for detecting vulnerable TCP/IP stacks released
New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
Smart Doorbell Disaster: Many Brands Vulnerable to Attack
Zero-day exploit used to hack iPhones of Al Jazeera employees
Signal: Cellebrite claimed to have 'cracked' chat app's encryption
Data Breaches
There's been a Nintendo Switch data leak, according to reports
Data breach hits 30,000 signed up to workplace pensions provider
Thousands of customer records exposed after serious data breach
Organised Crime
Cyber criminals have started indexing the dark web
Joker’s Stash Carding Site Taken Down
International sting shuts down 'favourite' VPN of cyber criminals
Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data
NSA Warns of Hacking Tactics That Target Cloud Resources
Denial of Service
Cloudflare has identified a new type of DDoS attack inspired by an acoustic beat
Privacy
The pandemic has taken surveillance of workers to the next level
Other News
Dozens of Al Jazeera journalists allegedly hacked using Israeli firm's spyware
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.