Black Arrow Cyber Threat Briefing 31 December 2020
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
SolarWinds hack may be much worse than originally feared
The Russia-linked SolarWinds hack which targeted US government agencies and private corporations may be even worse than officials first realized, with some 250 federal agencies and business now believed affected.
Microsoft has said the hackers compromised SolarWinds’ Orion monitoring and management software, allowing them to “impersonate any of the organisation’s existing users and accounts, including highly privileged accounts.” The Times reports that Russia exploited layers of the supply chain to access the agencies’ systems.
https://www.theverge.com/2021/1/2/22210667/solarwinds-hack-worse-government-microsoft-cybersecurity
Threat actor is selling 368.8 million records from 26 data breaches
Security experts reported that a threat actor is selling user records allegedly stolen from twenty-six companies on a hacker forum.
The total volume of data available for sale is composed of 368.8 million stolen user records.
For some of these companies, the data breaches have not been previously disclosed, including Teespring.com, MyON.com, Chqbook.com, Anyvan.com, Eventials.com, Wahoofitness.com, Sitepoint.com, and ClickIndia.com.
https://securityaffairs.co/wordpress/112842/data-breach/data-breaches-records-sale.html
The Worst Hacks of 2020, a Surreal Pandemic Year
WHAT A WAY to kick off a new decade. 2020 showcased all of the digital risks and cybersecurity woes you've come to expect in the modern era, but this year was unique in the ways Covid-19 radically and tragically transformed life around the world. The pandemic also created unprecedented conditions in cyberspace, reshaping networks by pushing people to work from home en masse, creating a scramble to access vaccine research by any means, generating new fodder for criminals to launch extortion attempts and scams, and producing novel opportunities for nation-state espionage.
https://www.wired.com/story/worst-hacks-2020-surreal-pandemic-year/
A Nasty Strain of malware is back and hits 100K recipients per day
The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information, resumes, financial documents, or scanned documents.
https://securityaffairs.co/wordpress/112650/malware/december-emotet-redacted.html
Ransomware in 2020: A Banner Year for Extortion
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020. Remote learning platforms shut down. Hospital chemotherapy appointments cancelled. Ransomware attacks in 2020 dominated as a top threat vector this past year. Couple that with the COVID-19 pandemic, putting strains on the healthcare sector, and we witnessed ransomware exact a particularly cruel human toll as well. Attacks had an impact on nearly all sectors of the global economy – costing business $20 billion collectively and creating major cybersecurity headaches for others.
https://threatpost.com/ransomware-2020-extortion/162319/
Ransomware Is Headed Down a Dire Path
AT THE END of September, an emergency room technician in the United States gave WIRED a real-time account of what it was like inside their hospital as a ransomware attack raged. With their digital systems locked down by hackers, health care workers were forced onto backup paper systems. They were already straining to manage patients during the pandemic; the last thing they needed was more chaos. "It is a life-or-death situation," the technician said at the time.
The same scenario was repeated around the country this year, as waves of ransomware attacks crashed down on hospitals and health care provider networks, peaking in September and October. School districts, meanwhile, were walloped by attacks that crippled their systems just as students were attempting to come back to class, either in person or remotely. Corporations and local and state governments faced similar attacks at equally alarming rates.
https://www.wired.com/story/ransomware-2020-headed-down-dire-path/
Russia’s global hacking efforts are going to unwind in 2021
Russia has become adept at using cyberattacks and digital-media manipulation to influence events in other countries. We know there was Russian digital interference in the 2016 US general election and the 2017 presidential election in France: both involved fake social-media accounts and “hack-and-leak” operations to steal emails. The UK government has not investigated whether, as must be probable, Russia had also been using its tools of covert subversion during the Scottish independence and Brexit referenda, but it has said that it is almost certain that Russian actors sought to interfere in the 2019 general election through the online dissemination of illicitly acquired government documents, thought to relate to US/UK trade negotiations.
Threats
IOT
FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’
Malware
New Golang worm turns Windows and Linux servers into monero miners
Emotet malware hits Lithuania's National Public Health Centre
GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic
Vulnerabilities
Cross-layer attacks: New hacking technique raises DNS cache poisoning, user tracking risk
Windows Zero-Day Still Circulating After Faulty Fix
Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
Data Breaches
T-Mobile warns customers of second data breach in less than a year
Kawasaki discloses security breach, potential data leak
Finland says hackers accessed MPs' emails accounts
Organised Crime
21 arrests in nationwide cyber crackdown
Nation State Actors
India: A Growing Cyber Security Threat
Denial of Service
Citrix devices are being abused as DDoS attack vectors
Privacy
Mapped: The Top Surveillance Cities Worldwide
Cryptocurrency
Voyager cryptocurrency broker halted trading due to cyber attack
Other News
Brexit deal mentions Netscape browser and Mozilla Mail
6 Questions Attackers Ask Before Choosing an Asset to Exploit
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.