Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

70% Of IT Pros Say Security Hygiene Has Got Harder Over Past Two Years

A new report from Enterprise Strategy Group (ESG) and JupiterOne warns of inadequate security hygiene and posture management practices at many organizations. The research found that 86% of organizations believe they follow best practices for security hygiene and posture management. However, 70% of organizations said they use more than ten security tools to manage security hygiene and posture management, which raises concerns about data management and operations overhead.

In addition, 73% of security professionals admitted that they still depend on spreadsheets to manage security hygiene and posture at their organizations. As a result, 70% of respondents said that security hygiene and posture management had become more difficult over the past two years as their attack surfaces have grown.

https://venturebeat.com/2021/11/19/report-70-of-it-pros-say-security-hygiene-has-gotten-harder-over-past-two-years/

As Digital Shopping Surges, Researchers Predict 8 Million Daily Attacks

Arkose Labs released new data on the latest fraud trends, revealing increased threats during the holidays, rising bot attacks, and a resurgence in attacks on travel companies. As shoppers fill their online carts, account takeover (ATO) attacks and gift-card fraud remain persistent.

The report shares the top six fraud-fighting trends from the previous 3 months and provides data highlighting that no digital business is immune from attack. Financial industries saw 32 percent more attacks than in the first half of 2021.

Retail and travel attacks increased 63 percent in Q3, and gaming saw a spate of fake new accounts being set up for fraudulent purposes. Media and streaming businesses saw 60 percent of malicious activity targeting logins, and 20 percent of these attacks originating from human fraud farms.

Technology platforms see 91 percent of all attacks powered by bots. Overall, attacks are increasing in every industry, and they are growing more sophisticated.

https://www.helpnetsecurity.com/2021/11/22/threats-during-holidays/

More Ransomware Attacks Up to September Than Whole of 2020

Most UK business leaders expect cyber-threats to surge next year, with ransomware, business email compromise (BEC), cloud and supply chain attacks all predicted to increase, according to PwC.

The findings come from the consulting giant’s 2022 Global Digital Trust Insights Survey and were distilled from interviews with 257 business and technology executives in the UK.

Although most (63%) respondents said they expect security budgets to increase next year, even more (66%) predicted cyber-threats would rise. Ransomware (61%), BEC (61%), malware via software updates (63%), and cloud compromise (64%) were among the most notable.

Bobbie Ramsden-Knowles, crisis and resilience partner at PwC UK, claimed the firm’s threat intelligence team has tracked more ransomware incidents globally up to September this year than for the whole of 2020.

https://www.infosecurity-magazine.com/news/more-ransomware-attacks-september/

Ransomware Warning: Hackers See Holidays And Weekends As A Great Time To Attack

Just because you're taking a break, that doesn't mean hackers will be too.

Ahead of the holidays cyber agencies have released a warning to stay vigilant on holidays and weekends, because hackers don't plan on taking a holiday break.

Warnings remind organisations that ransomware attackers often choose to launch attacks on holidays and weekends, specifically when businesses are likely to be closed.

Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure.

Some of the worst ransomware attacks happened on holidays and weekends.

https://www.zdnet.com/article/security-warning-ransomware-attackers-are-working-on-the-holidays-even-if-you-arent/

Suspect Arrested In 'Ransom Your Employer' Criminal Scheme

A Nigerian man has been arrested in connection to a scheme attempting to lure insiders to deploy ransomware on employer systems.

On November 22, security expert Brian Krebs reported that the man, Oluwaseun Medayedupin, was arrested by Nigerian authorities on Friday.

The suspect is allegedly linked to a 'ransom your employer' scheme investigated by Abnormal Security in August.

Customers of the cybersecurity firm were sent emails with the subject "Partnership affiliate offer," requesting that the recipient considered becoming an accomplice in a cyberattack.

The emails offered a 40% cut of an anticipated $2.5 million ransomware payment in Bitcoin (BTC), made after the recipients installed the DemonWare ransomware on their employer's systems.

https://www.zdnet.com/article/suspect-arrested-in-ransom-your-employer-criminal-scheme/

The Newer Cyber Crime Triad: Trickbot-Emotet-Conti

Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang.

Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action.

This operation was the result of a joint effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust.

The law enforcement agency was able to take over at least 700 servers used as part of the Emotet botnet’s infrastructure. The FBI collected millions of email addresses used by Emotet operators in their malware campaigns as part of the cleanup operation.

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. The infamous banking trojan was also used to deliver other malicious code, such as Trickbot and QBot trojans, or ransomware such as Conti, ProLock, Ryuk, and Egregor.

https://securityaffairs.co/wordpress/124807/cyber-crime/trickbot-emotet-conti-triad.html

Threat Actors Find And Compromise Exposed Services In 24 Hours

Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours.

Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity.

To track what software and services are targeted by threat actors, researchers create publicly accessible honeypots. Honeypots are servers configured to appear as if they are running various software as lures to monitor threat actors' tactics.

https://www.bleepingcomputer.com/news/security/threat-actors-find-and-compromise-exposed-services-in-24-hours/

Does Your Company Employ A CISO? Many Are Operating Without Security Leadership

45% of companies do not employ a Chief Information Security Officer (CISO), a Navisite research found. Of this group, 58% think their company should hire a CISO.

Only 40% of respondents stated their cybersecurity strategy was developed by a CISO or member of the security team, with 60% relying on other parts of their organization, including IT, executive leadership and compliance.

130 security, IT and compliance professionals were polled in the US to determine their perceptions on the state of cybersecurity leadership and readiness within their organizations. More than 80% of respondents described their job title as either executive leadership or management, with more than 60% of respondents coming from mid-sized organizations between 100-5,000 employees.

Why you should employ a CISO?

·       21% of respondents admit their company does not have a dedicated person or staff whose sole responsibility is security/cybersecurity.

·       75% of respondents said their company experienced an increase in overall cybersecurity threat volume in the last year.

·       80% of respondents felt their company exhibited strong cybersecurity leadership during the COVID-19 pandemic.

·       70% of respondents expressed confidence in the effectiveness of their cybersecurity program—but that confidence dropped to 58% for companies without a CISO.

·       47% of survey takers believe their company spends too little on cybersecurity.

https://www.helpnetsecurity.com/2021/11/23/employ-ciso/

New Malware Is Capable Of Evading Almost All Antivirus Products

There’s a new JavaScript downloader on the prowl that not only distributes eight different Remote Access Trojans (RATs), keyloggers and information stealers, but is also able to bypass detection by a majority of security tools, experts have warned.

Cyber security researchers at HP Wolf Security named the malware RATDispenser, noting that while JavaScript downloaders typically have a lower detection rate than other downloaders, this particular malware is more dangerous since it employs several techniques to evade detection.

“It’s particularly concerning to see RATDispenser only being detected by about 11% of antivirus systems, resulting in this stealthy malware successfully deploying on victims’ endpoints in most cases,” noted Patrick Schlapfer, Malware Analyst at HP.

https://www.techradar.com/news/new-malware-is-capable-of-evading-almost-all-antivirus-products

Interpol Arrests Over 1,000 Suspects Linked To Cyber Crime

Interpol has coordinated the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling.

This crackdown results from a four-month action codenamed ‘Operation HAEICHI-II,’ which took place in twenty countries between June and September 2021.

These were Angola, Brunei, Cambodia, Colombia, China, India, Indonesia, Ireland, Japan, Korea (Rep. of), Laos, Malaysia, Maldives, Philippines, Romania, Singapore, Slovenia, Spain, Thailand, and Vietnam.

On the financial aspect of the operation, the authorities have also intercepted nearly $27,000,000 and froze 2,350 banking accounts linked to various online crimes.

As the Interpol announcement details, at least ten new criminal modus operandi were identified in HAEICHI-II, indicative of the evolving nature of cyber-crime.

https://www.bleepingcomputer.com/news/legal/interpol-arrests-over-1-000-suspects-linked-to-cyber-crime/

Researchers Warn Of Severe Risks From ‘Printjack’ Printer Attacks

A team of Italian researchers has compiled a set of three attacks called 'Printjack,' warning users of the significant consequences of over-trusting their printer.

The attacks include recruiting the printers in DDoS swarms, imposing a paper DoS state, and performing privacy breaches.

As the researchers point out, modern printers are still vulnerable to elementary flaws and lag behind other IoT and electronic devices that are starting to conform with cybersecurity and data privacy requirements.

By evaluating the attack potential and the risk levels, the researchers found non-compliance with GDPR requirements and the ISO/IEC 27005:2018 (framework for managing cyber-risks).

This lack of in-built security is particularly problematic when considering how omnipresent printers are, being deployed in critical environments, companies, and organizations of all sizes.

https://www.bleepingcomputer.com/news/security/researchers-warn-of-severe-risks-from-printjack-printer-attacks/

Threats

Ransomware

• New Memento Ransomware Uses Password-Protected WinRAR Archives To Block Access To The Files - Security Affairs

• Defense Contractors Are Highly Susceptible To Ransomware Attacks - Help Net Security

• Holidays Don't Mean Much To Ransomware Attackers - Help Net Security

BEC – Business Email Compromise

• Two Nigerians Sentenced to Prison in US for Role in BEC Scams | SecurityWeek.Com

Phishing

• TrickBot Phishing Checks Screen Resolution To Evade Researchers (Bleepingcomputer.Com)

Malware

• Crooks Compromise Microsoft Exchange Servers To Hijack Internal Email Chains - Security Affairs

• Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware (thehackernews.com)

• Malicious Python Packages Employ Advanced Detection Evasion Techniques - Help Net Security

• Stealthy New JavaScript Malware Infects Windows PCs with RATs (bleepingcomputer.com)

• New Golang-based Linux Malware Targeting eCommerce Websites (thehackernews.com)

Mobile

• Spyware Alert! 23 Apps Found Spying On Android Users Via Mobile Camera | techgig

• MediaTek Chip Flaw Could Have Let Attackers Spy on Android Phones (darkreading.com)

• Over 9 Million Android Phones Running Malware Apps from Huawei's AppGallery (thehackernews.com)

IOT

• Hikvision Security Cameras Potentially Exposed to Remote Code Execution (sans.edu)

• Some Tesla Owners Unable To Unlock Cars Due To Server Errors (Bleepingcomputer.Com)

Vulnerabilities

• All Versions of Windows Are Vulnerable to a New Zero-Day Exploit (pcmag.com)

• Attackers Hijack Email Using Proxy Logon/Proxyshell Flaws | Threatpost

• Cisco Flaw Affects Firewalls - Infosecurity Magazine

• Expert Discloses Details Of Flaws In Oracle VirtualBox - Security Affairs

• VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client (thehackernews.com)

Data Breaches/Leaks

• GoDaddy Hack Exposes Accounts Of 1.2 Million Customers (Bitdefender.Com)

Organised Crime & Criminal Actors

• Hackers Accused Of Stealing $100m Live Openly In Russia | World | The Times

Cryptocurrency/Cryptojacking

• Teen Accused of Stealing Bitcoin Worth $36.5M - Infosecurity Magazine (infosecurity-magazine.com)

Fraud & Financial Crime

• Fraud Fighters Aren't Prepared For The Multi-Billion Dollar Threat Of Global Insurance Fraud - Help Net Security

Insurance

• Work From Home, Digital Shift During Covid Drives Cyber Insurance Prices (bloombergquint.com)

Nation State Actors

• NCSC Warns Industry, Academia Of Foreign Threats To Their Intellectual Property | CSO Online

• North Korean Hackers Found Behind a Range of Credential Theft Campaigns (thehackernews.com)

• US Bans Chinese Firms For Feeding Tech To The Military • The Register

Cloud

• Observing Attacks Against Hundreds of Exposed Services in Public Clouds (paloaltonetworks.com)

Passwords

• Attackers Don't Bother Brute-Forcing Long Passwords, Microsoft Engineer Says - The Record By Recorded Future

• Less than Half of Consumers Change Password Post-Breach - Infosecurity Magazine

Parental Controls

• Products Used By Children Are Not Nearly As Privacy-Protecting As They Should Be - Help Net Security

Sector Specific

Financial Services Sector

• Credentials Exposed For Majority Of US Financial Firm Employees | Sc Media (Scmagazine.Com)

• US Government Securities Watchdog Spoofed By Investment Scammers – Don’t Fall For It! – Naked Security (sophos.com)

SMBs – Small and Medium Businesses

• UK Govt Warns Thousands Of SMBs Their Online Stores Were Hacked (Bleepingcomputer.Com)

Defence

• Defence Contractors Are Highly Susceptible To Ransomware Attacks - Help Net Security

Health/Medical/Pharma Sector

• Devious ‘Tardigrade’ Malware Hits Biomanufacturing Facilities | WIRED

• Preventing a Cyber Pandemic in Healthcare | SecurityWeek.Com

• Healthcare Organisations At Risk: The Attack Surface Is Expanding - Help Net Security

• ENISA - The Need For Incident Response Capabilities In The Health Sector - Security Affairs

• Philips Working on Patches for Vulnerabilities Found in Medical Products | SecurityWeek.Com

Transport and Aviation

• Hackers Hit Iran's Mahan Airline, Claim Confidential Data Theft (Bleepingcomputer.Com)

Maritime

• Marine Services Provider Swire Pacific Offshore Hit By Ransomware (Bleepingcomputer.Com)

Reports Published in the Last Week

• The Evolving Threat of Ransomware | The State of Security (tripwire.com)

Other News

• As Digital Shopping Surges, Researchers Predict 8 Million Daily Attacks - Help Net Security

• Rising Cyber Crime Demands Laws And Users Keep Up | The Seattle Times

• IKEA Email Systems Hit By Ongoing Cyber Attack (Bleepingcomputer.Com)

• UK and German Police Take Down 21 Jihadist Websites - Infosecurity Magazine

 As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.