Black Arrow Cyber Threat Briefing 29 October 2021
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Protect Your Passwords, Warns Spy Chief, As Ransomware Cyber Attacks Double
Ransomware cyber attacks doubled in the past year, the chief of GCHQ has revealed - as he warned Britain must “pay attention” to attacks from China.
Sir Jeremy Fleming, director of the cyber spy agency, called for more action to "sort out" ransomware attacks across the UK, adding it was not "rocket science".
He said such attacks have doubled in the last year, with hackers using software to lock files on computers and stop victims from accessing their own data.
This essentially holds them hostage until the hackers receive payment and then give a decryption key to the victim, so they can regain access.
‘Criminals are making very good money from it’
Sir Jeremy said ransomware "just pays" and added that "criminals are making very good money from it and are often feeling that that's largely uncontested".
While cautious of “keeping up” with security challenges alongside European partners, he said the immediate priority was tackling “links between criminal and state actors” to defeat ransomware, which he said “is no mean feat in itself”. https://www.telegraph.co.uk/news/2021/10/25/ransomware-cyber-attacks-double-year-reveals-spy-chief/
Graff Multinational Jeweller Hit by Conti Gang. Data of its Rich Clients Are At Risk, Including Trump and Beckham, as the Gang Threaten to Release Private Details of World Leaders, Actors and Tycoons
The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff and asked the payment of a multi-million ransom to avoid leaking details of world leaders, actors and tycoons.
The customers of the company are the richest people on the globe, including Donald Trump, David Beckham, Tom Hanks, Samuel L Jackson, Alec Baldwin, and Sir Philip Green.
As proof of the hack, the group already published on its leak site files related to purchases made by David Beckham, Oprah, and Donald Trump.
The Conti gang has already leaked 69,000 confidential documents, leaked files include customer lists, invoices, receipts, and credit notes. https://securityaffairs.co/wordpress/123980/cyber-crime/conti-ransomware-graff-jeweller.html
Business Email Compromise (BEC) Costs UK Firms £140M Over Past Year
Reported business email compromise (BEC) incidents have hit 4600 cases over the past 12 months, costing individuals and businesses £138m in losses, according to new figures from the UK’s National Economic Crime Centre (NECC).
The government body is working with the National Crime Agency (NCA), City of London Police, banking group UK Finance and fraud prevention non-profit Cifas on a new campaign to raise awareness of the crime, also dubbed “mandate fraud” or “payment diversion fraud.”
It claimed that the average amount lost over those 4600 cases was £30,000, with criminals typically impersonating others and creating or amending invoices to trick victims into diverting money to accounts under their control. https://www.infosecurity-magazine.com/news/bec-costs-uk-firms-140m-past-year/
Ransomware: It's A 'Golden Era' For Cyber Criminals - And It Could Get Worse Before It Gets Better
Ransomware is the most significant cybersecurity threat facing organisations today as increasingly professional and sophisticated cyber criminals follow the money in order to maximise the profit from illicit campaigns.
ENISNA, the European Union Agency for Cybersecurity, has released the latest edition of the ENISA Threat Landscape (ETL) report, which analyses cyber-criminal activity between April 2020 and July 2021. It warns of a surge in cyber criminality, much of it driven by the monetisation of ransomware attacks.
Although the paper warns that many different cybersecurity threats are on the rise, ransomware represents the 'prime threat' faced by organisations today, with a 150% rise in ransomware attacks during the reporting period. And there are fears that despite the problem of ransomware attracting the attention of world leaders, the problem will get worse before it gets better. https://www.zdnet.com/article/ransomware-its-a-golden-era-for-cyber-criminals-and-it-could-get-worse-before-it-gets-better/
Despite Increased Cyber Threats, Many Organisations Have No Defence Plans In Place
98% of US executives report that their organisations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-US executives, according to a Deloitte survey.
Further, COVID-19 pandemic disruption led to increased cyber threats to US executives’ organisations (86%) at a considerably higher rate than non-US executives experienced (63%). Yet, 14% of US executives say their organisations have no cyber threat defence plans, a rate more than double that of non-US executives (6%).
The biggest fallout US execs report from cyber incidents or breaches at their organisations during the past year include operational disruption (28%), share price drop (24%), leadership change (23%), intellectual property theft (22%) and loss of customer trust (22%).
Increases in data management, perimeter and complexities (38%), inability to match rapid technology changes (35%) and a need for better prioritization of cyber risk across the enterprise (31%) all pose obstacles to US executives’ organisation-wide cybersecurity management programs.
“No CISO or CSO ever wants to tell organisational stakeholders that efforts to manage cyber risk aren’t keeping-up with the speed of digital transformations made, or bad actors’ improving tactics”. https://www.helpnetsecurity.com/2021/10/28/threat-defence-plans/
Serious Warning Issued For Millions Of Apple iPhone Users
While iPhone 13 sales continue to soar, iPhones owners have faced growing security threats, multiple App Store scams, potential privacy violations and zero day hacks. Now a shocking account of extreme iPhone hacking has been revealed.
In a remarkable report, New York Times senior reporter Ben Hubbard has revealed how his iPhone was hacked multiple times over a period of several years, and without any human interaction or knowledge the attacks were taking place. And the experience results in a stark warning: “the spyware used against me makes us all vulnerable”.
“It’s like being robbed by a ghost,” explains Hubbard, recounting the experience. “I didn’t even have to click on a link for my phone to be infected.” https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/
Ransomware Attacks Are Evolving. Your Security Strategy Should, Too
Ransomware is an intensifying problem for all organisations, and it’s only going to get worse. What started as a floppy disk-based attack with a $189 ransom demands has grown from a minor inconvenience for organisations into a multi-billion dollar cyber crime industry.
The organisational threat of these types of attacks goes well beyond encryption of sensitive or mission-critical data – for many companies, the thought of a breach and data becoming publicly available on the internet makes a high ransom seem worth it. No wonder ransomware is on the rise: Organisations pay an average of $220,298 and suffer 23 days of downtime following an attack. https://threatpost.com/ransomware-attacks-evolving-security-strategy/175835/
Solarwinds Hackers Are Targeting The Global IT Supply Chain, Microsoft Says
The Russian-linked hacking group that’s been blamed for an attack on the US government and a significant number of private US companies last year is targeting key players in the global technology supply chain, according to cybersecurity experts at Microsoft.
Nobelium, as the hacking group is known, is infamous for the SolarWinds hack.
On Monday, Tom Burt, Microsoft corporate vice president of customer security and trust, said Nobelium has “been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain.”
“This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers” https://www.cnbc.com/2021/10/25/solarwinds-hackers-targeting-global-it-supply-chain-microsoft-says.html
Defenders Worry Orgs Are More Vulnerable Than Last Year
Enterprise security defenders find themselves in a rough spot: The number of threats against their organisations is growing and that they're vulnerable to attacks. Data from Dark Reading's 2021 Strategic Security Survey suggest that even though most IT and security leaders are confident about the security defences they have implemented, they also believe their organisations are more vulnerable to attacks compared with a year ago.
The reasons for this pessimism vary. For 67% of respondents, the biggest concern lies in the fact that there are more attacks this year than there were last year. However, 56% say the increased sophistication of the threats they are facing is why their organisations are more vulnerable to compromise. Other reasons include the surge in ransomware attacks and shortage of skilled security professionals to detect and respond to threats. https://www.darkreading.com/edge-threat-monitor/defenders-worry-orgs-are-more-vulnerable-than-last-year
Threats
Ransomware
These Companies Are Most at Risk for Ransomware Attacks | PCMag
As Fewer Victims Pay Ransoms, Conti Gang Looks To Sell Victim Data | Sc Media (Scmagazine.Com)
Europol Announces “Targeting” Of 12 Suspects In Ransomware Attacks – Naked Security (Sophos.Com)
Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide (thehackernews.com)
SEO Poisoning Used to Distribute Ransomware (darkreading.com)
FBI Warns Of Ranzy Locker Ransomware Threat, As Over 30 Companies Hit (Tripwire.Com)
Ransomware Has Disrupted Almost 1,000 Schools in the US This Year (vice.com)
Chaos Ransomware Targets Gamers Via Fake Minecraft Alt Lists (Bleepingcomputer.Com)
Phishing
Phishing as a Ransomware Precursor - MSP Insights - MSSP Alert
Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam | Threatpost
Other Social Engineering
Malware
Squid Game Malware Might Be The Scariest Thing You See This Halloween | Techradar
TA575 Criminal Group Using 'Squid Game' Lures For Dridex Malware | ZDNet
Snake Malware Biting Hard On 50 Apps For Only $25 (Bleepingcomputer.Com)
New WSlink Malware Loader Runs as a Server and Executes Modules in Memory (thehackernews.com)
Mobile
6 Ways Your Cell Phone Can Be Hacked—Are You Safe? (makeuseof.com)
Millions Of Android Users Targeted In Subscription Fraud Campaign (Bleepingcomputer.Com)
New AbstractEmu Malware Roots Android Devices, Evades Detection (Bleepingcomputer.Com)
IOT
Vulnerabilities
All Windows Versions Impacted By New LPE Zero-Day Vulnerability (Bleepingcomputer.Com)
Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs (thehackernews.com)
Adobe's Surprise Security Bulletin Dominated by Critical Patches | Threatpost
WordPress Plugin Bug Lets Subscribers Wipe Sites | Threatpost
Over 1 Million WordPress Sites Affected by OptinMonster Plugin Flaws - Security Affairs
Cisco SD-WAN Flaw Could Lead To Arbitrary Code Execution, Patch It Now! Security Affairs
Data Breaches/Leaks
Millions Of Healthcare Records Reportedly Exposed In Mega Data Breach | Techradar
Location Data Collection Firm Admits Privacy Breach - BBC News
HIV Scotland Reveals Patient-Advocates' Names In Email Fail • The Register
Organised Crime & Criminal Actors
Dark Web
Supply Chain
The SolarWinds Hackers Are Looking for Their Next Big Score | WIRED
North Korean Lazarus Attackers Turn to the IT Supply Chain | Threatpost
6 Eye-Opening Statistics About Software Supply Chain Security (darkreading.com)
Nation State Actors
Other News
All Sectors Are Now Prey as Cyber Threats Expand Targeting | Threatpost
Microsoft Warns Over Uptick In Password Spraying Attacks | ZDNet
Increased Risk Tolerances Are Making Digital Transformation Programs Vulnerable - Help Net Security
MITRE and CISA Publish The 2021 List of Most Common Hardware Weaknesses - Security Affairs
Enterprises Allocating More IT Dollars on Cybersecurity (darkreading.com)
Threat Actor Leaks Mercedes-Benz Platform’s Source Code | CyberNews
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.