Black Arrow Cyber Threat Briefing 29 January 2021

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Phishing Attacks Show High-Ranking Execs May Be ‘Most Valuable Asset,’ and ‘Greatest Vulnerability’

Cyber criminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The scheme highlights the role and responsibility upper management plays in ensuring the security of their own company’s assets.

https://www.scmagazine.com/home/security-news/phishing/phishing-scheme-shows-ceos-may-be-most-valuable-asset-and-greatest-vulnerability/

Insurers 'Funding Organised Crime' by Paying Ransomware Claims

Insurers are inadvertently funding organised crime by paying out claims from companies who have paid ransoms to regain access to data and systems after a hacking attack, Britain’s former top cybersecurity official has warned.

https://www.theguardian.com/technology/2021/jan/24/insurers-funding-organised-by-paying-ransomware-claims

Emotet: Police raids take down botnet that hacked 'millions of computers worldwide'

Emotet, one of the world's most dangerous cyber crime services, has been taken down following one of the largest ever internationally-coordinated actions against cyber criminals. Although it began as banking malware designed to steal financial credentials, Emotet had become an infrastructure tool leased out to cyber criminals to break into victim computer networks and install additional malicious software.

https://news.sky.com/story/emotet-police-raids-take-down-botnet-that-hacked-millions-of-computers-worldwide-12200460

After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face

Months before insurgents breached the Capitol and rampaged through the halls of Congress, a stealthier invader was muscling its way into the computers of government officials, stealing documents, monitoring e-mails, and setting traps for future incursions. Last March, a hacking team, believed to be affiliated with Russian intelligence, planted malware in a routine software upgrade from a Texas-based I.T. company called SolarWinds, which provides network-management systems to more than three hundred thousand clients.

https://www.newyorker.com/news/daily-comment/after-the-solarwinds-hack-we-have-no-idea-what-cyber-dangers-we-face

FSB warns Russian businesses of cyber attacks as retaliation for SolarWinds hack

Russian authorities are alerting Russian organizations of potential cyberattacks launched by the United States in response to SolarWinds attack. The Russian intelligence agency FSB has issued a security alert this week warning Russian organizations of potential cyberattacks launched by the United States in response to the SolarWinds supply chain attack.

https://securityaffairs.co/wordpress/113752/cyber-warfare-2/fsb-fears-retaliation-solarwinds-hack.html

Update your iPhone — Apple just disclosed hackers may have 'actively exploited' a vulnerability in its iOS

On Tuesday released a new iOS software update that includes fixes for three security weaknesses in the former version.  Its support website that it is aware of the three security bugs and that they "may have been actively exploited. “Also, it does not disclose details regarding security issues "until an investigation has occurred."

https://www.businessinsider.com/apple-ios-14-update-hackers-security-bugs-iphone-software-2021-1?utmSource=twitter&utmContent=referral&utmTerm=topbar&referrer=twitter

Top Cyber Attacks of 2020

"Zoombomb" became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images. Nation-state hacker groups mounted attacks against organisations involved in the coronavirus pandemic response, including the World Health Organization and Centres for Disease Control and Prevention, some in an attempt to politicize the pandemic.

https://thehackernews.com/2021/01/top-cyber-attacks-of-2020.html


Threats

Ransomware

BEC

Phishing

Other Social Engineering

Malware

Mobile

Vulnerabilities

Data Breaches

Charities

Insider Threats

Nation-State Actors

Denial of Service

Privacy




As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Previous
Previous

Cyber Security Guidance for Firms during Lockdown 2.0 - What Should Firms Be Doing? Guernsey Press 04 February 2020

Next
Next

Top Tips for Guernsey Businesses During the Second Coronavirus Lockdown, Cyber Tip Tuesday