Black Arrow Cyber Threat Briefing 26 March 2021
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Warfare Will Grind Britain’s Economy To A Halt
The UK Integrated Security, Defence, Development and Foreign Policy Review was published this week, reflecting on current concerns and previously announced initiatives. The policy made it clear that emerging networks and technologies, such as electric vehicle charging points, provide an opportunity for adversaries to unbalance, paralyse or even defeat us, and a large scale attack on the UK could grind Britain’s economy to a halt.
https://www.telegraph.co.uk/technology/2021/03/22/cyber-warfare-will-grind-britains-economy-halt/
Almost $2 Billion Lost To BEC Scams In 2020
Losses emanating from Business Email Compromise (BEC) and Email Account Compromise (EAC) scams surpassed US$1.86 billion last year, which is more than the combined losses stemming from the next six costliest types of cyber crime. 19,000 reports of BEC/EAC scams last year, a decrease compared to the almost 24,000 incidents reported in 2019. The associated losses, however, increased by over US$90 million and accounted for 45 percent of the total losses (US$4.2 billion).
https://www.welivesecurity.com/2021/03/23/almost-2billion-lost-bec-scams-2020/
Ransomware Gang Says It Targets Firms Who Have Cyber Insurance
What I found particularly fascinating was a claim made by “Unknown” that the REvil gang specifically targets firms who have taken out insurance against ransomware attacks – presumably in the understandable belief that those corporate victims are more likely to pay up.
https://grahamcluley.com/ransomware-gang-says-it-targets-firms-with-cyber-insurance/
Three Billion Phishing Emails Are Sent Every Day
Cyber criminals are sending over three billion emails a day as part of phishing attacks designed to look like they come from trusted senders. By spoofing the sender identity used in the 'from' field in messages, cyber criminals attempt to lure potential victims into opening emails from names they trust. This could be the name of a trusted brand like a retailer or delivery company, or even, in more sophisticated attacks, the name of their CEO or a colleague.
Ransomware Gang Demands $50 Million From Computer Maker Acer
Acer has suffered a ransomware attack over the past weekend at the hands of the REvil ransomware gang, which is now demanding a whopping $50 million ransom payment to decrypt the company’s computers and not leak its data on the dark web. The attack has not disrupted production systems but only hit the company’s back-office network. The security breach was not deemed disruptive enough to prevent or delay the computer maker from announcing its Q4 2020 financial results on Wednesday.
https://therecord.media/ransomware-gang-demands-50-million-from-computer-maker-acer/
Office 365 Phishing Attack Targets Financial Execs
A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise (BEC) attacks. These new, sophisticated attacks are aimed at C-suite executives, their assistants, and financial departments, and can work around email security and Office 365 defences.
https://threatpost.com/office-365-phishing-attack-financial-execs/164925/
Microsoft Exchange Hacking: Thousands Of Email Servers Still Compromised – Ransomware Operators Still Piling In On Already Hacked Servers
Thousands of Microsoft Exchange servers are still compromised by hackers even after applying fixes. Owners of email servers that were compromised before Microsoft Corp. issued a patch nearly three weeks ago must take additional measures to remove the hackers from their networks. Microsoft has previously warned that patching will not evict a hacker who has already compromised a server.
Average Ransom Payment Surged 171% in 2020
The average ransomware payment soared by 171% year-on-year in 2020 as cyber crime gangs queued up to exploit the pandemic. The security vendor’s Unit 42 division compiled its Ransomware Threat Report 2021 from analysis of over 19,000 network sessions, 252 ransomware leak sites and 337 victim organizations.
https://www.infosecurity-magazine.com/news/average-ransom-payment-surged-171/
Phishers’ Perfect Targets: Employees Getting Back To The Office
Phishers have been exploiting people’s fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start and will continue to do it for as long it affects out private and working lives. Cyber criminals continually exploit public interest in COVID-19 relief, vaccines, and variant news, spoofing the Centers for Disease Control (CDC), U.S. Internal Revenue Service (IRS), U.S. Department of Health and Human Services (HHS), World Health Organization (WHO), and other agencies and businesses.
https://www.helpnetsecurity.com/2021/03/22/phishers-employees/
Nasty Malware Stealing Amazon, Facebook And Google Passwords
A new piece of malware called CopperStealer is lurking in “cracked” software downloads available on pirated-content sites, and the malware can compromise your login info for Amazon, Apple, Facebook and Google, among other services. Notably, CopperStealer runs on the same basic principles as SilentFade, a pernicious piece of malware that ravaged Facebook accounts back in 2019.
https://www.tomsguide.com/news/cracked-software-copperstealer-malware
Threats
Ransomware
Phishing
9,000 Employees Targeted In Phishing Attack Against California Agency
Microsoft Warns Of Phishing Attacks Bypassing Email Gateways
Malware
Fraudsters Jump On Clubhouse Hype To Push Malicious Android App
Purple Fox Malware Evolves To Propagate Across Windows Machines
Nasty malware stealing Amazon, Facebook and Google passwords
IOT
Vulnerabilities
5G Network Slicing Vulnerability Leaves Enterprises Exposed To Cyber Attacks
Hackers Are Exploiting A Server Vulnerability With A Severity Of 9.8 Out Of 10
Openssl Fixes Severe Dos, Certificate Validation Vulnerabilities
Data Breaches
FatFace Tells Customers To Keep Its Data Breach ‘Strictly Private’
Energy giant Shell discloses data breach after Accellion hack
Organised Crime & Criminal Actors
OT, ICS, IIoT and SCADA
Nation State Actors
Privacy
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.