Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 26 March 2021

Black Arrow Cyber Threat Briefing 26 March 2021: Cyber Warfare Will Grind Britain’s Economy To A Halt; $2 Billion Lost To BEC Scams In 2020; Ransomware Gangs Targets Firms With Cyber Insurance; Three Billion Phishing Emails Are Sent Every Day; $50 Million Ransomware For Computer Maker Acer; Office 365 Phishing Attack Targets Financial Execs; MS Exchange Hacking, Thousands Of Email Servers Still Compromised; Average Ransom Payment Surged 171% in 2020; Phishers’ Perfect Targets: Employees Getting Back To The Office; Nasty Malware Stealing Amazon, Facebook And Google Passwords

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.



Top Cyber Stories of the Last Week

Cyber Warfare Will Grind Britain’s Economy To A Halt

The UK Integrated Security, Defence, Development and Foreign Policy Review was published this week, reflecting on current concerns and previously announced initiatives. The policy made it clear that emerging networks and technologies, such as electric vehicle charging points, provide an opportunity for adversaries to unbalance, paralyse or even defeat us, and a large scale attack on the UK could grind Britain’s economy to a halt.

https://www.telegraph.co.uk/technology/2021/03/22/cyber-warfare-will-grind-britains-economy-halt/

Almost $2 Billion Lost To BEC Scams In 2020

Losses emanating from Business Email Compromise (BEC) and Email Account Compromise (EAC) scams surpassed US$1.86 billion last year, which is more than the combined losses stemming from the next six costliest types of cyber crime. 19,000 reports of BEC/EAC scams last year, a decrease compared to the almost 24,000 incidents reported in 2019. The associated losses, however, increased by over US$90 million and accounted for 45 percent of the total losses (US$4.2 billion).

https://www.welivesecurity.com/2021/03/23/almost-2billion-lost-bec-scams-2020/

Ransomware Gang Says It Targets Firms Who Have Cyber Insurance

What I found particularly fascinating was a claim made by “Unknown” that the REvil gang specifically targets firms who have taken out insurance against ransomware attacks – presumably in the understandable belief that those corporate victims are more likely to pay up.

https://grahamcluley.com/ransomware-gang-says-it-targets-firms-with-cyber-insurance/

Three Billion Phishing Emails Are Sent Every Day

Cyber criminals are sending over three billion emails a day as part of phishing attacks designed to look like they come from trusted senders. By spoofing the sender identity used in the 'from' field in messages, cyber criminals attempt to lure potential victims into opening emails from names they trust. This could be the name of a trusted brand like a retailer or delivery company, or even, in more sophisticated attacks, the name of their CEO or a colleague.

https://www.zdnet.com/article/three-billion-phishing-emails-are-sent-every-day-but-one-change-could-make-life-much-harder-for-scammers/

Ransomware Gang Demands $50 Million From Computer Maker Acer

Acer has suffered a ransomware attack over the past weekend at the hands of the REvil ransomware gang, which is now demanding a whopping $50 million ransom payment to decrypt the company’s computers and not leak its data on the dark web. The attack has not disrupted production systems but only hit the company’s back-office network. The security breach was not deemed disruptive enough to prevent or delay the computer maker from announcing its Q4 2020 financial results on Wednesday.

https://therecord.media/ransomware-gang-demands-50-million-from-computer-maker-acer/

Office 365 Phishing Attack Targets Financial Execs

A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise (BEC) attacks. These new, sophisticated attacks are aimed at C-suite executives, their assistants, and financial departments, and can work around email security and Office 365 defences.

https://threatpost.com/office-365-phishing-attack-financial-execs/164925/

Microsoft Exchange Hacking: Thousands Of Email Servers Still Compromised – Ransomware Operators Still Piling In On Already Hacked Servers

Thousands of Microsoft Exchange servers are still compromised by hackers even after applying fixes. Owners of email servers that were compromised before Microsoft Corp. issued a patch nearly three weeks ago must take additional measures to remove the hackers from their networks. Microsoft has previously warned that patching will not evict a hacker who has already compromised a server.

https://www.livemint.com/technology/tech-news/microsoft-exchange-hacking-thousands-of-email-servers-still-compromised-11616462322125.html

Average Ransom Payment Surged 171% in 2020

The average ransomware payment soared by 171% year-on-year in 2020 as cyber crime gangs queued up to exploit the pandemic. The security vendor’s Unit 42 division compiled its Ransomware Threat Report 2021 from analysis of over 19,000 network sessions, 252 ransomware leak sites and 337 victim organizations.

https://www.infosecurity-magazine.com/news/average-ransom-payment-surged-171/

Phishers’ Perfect Targets: Employees Getting Back To The Office

Phishers have been exploiting people’s fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start and will continue to do it for as long it affects out private and working lives. Cyber criminals continually exploit public interest in COVID-19 relief, vaccines, and variant news, spoofing the Centers for Disease Control (CDC), U.S. Internal Revenue Service (IRS), U.S. Department of Health and Human Services (HHS), World Health Organization (WHO), and other agencies and businesses.

https://www.helpnetsecurity.com/2021/03/22/phishers-employees/

Nasty Malware Stealing Amazon, Facebook And Google Passwords

A new piece of malware called CopperStealer is lurking in “cracked” software downloads available on pirated-content sites, and the malware can compromise your login info for Amazon, Apple, Facebook and Google, among other services. Notably, CopperStealer runs on the same basic principles as SilentFade, a pernicious piece of malware that ravaged Facebook accounts back in 2019.

https://www.tomsguide.com/news/cracked-software-copperstealer-malware


Threats

Ransomware

Phishing

Malware

IOT

Vulnerabilities

Data Breaches

Organised Crime & Criminal Actors

OT, ICS, IIoT and SCADA

Nation State Actors

Privacy



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 26 February 2021

Black Arrow Cyber Threat Briefing 26 February 2021: Cyber Crime Could Cost The World $10.5 Trillion Annually By 2025; 119,000 Threats Per Minute Detected In 2020; 78% Of Top Security Leaders Say Their Organisations Are Unprepared For A Cyber Attack; Uk Faced Millions Of Cyber Attacks Last Year; New Tier Of APT Actors That Behave More Like Cyber Criminals; US Calls North Korean Hackers ‘World’s Leading Bank Robbers’; Sequoia Capital, One Of Silicon Valley's Most Notable VC Firms, Told Investors It Was Hacked; Poor Hardware Disposal Practices Posing A Risk To Data Security

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.



Top Cyber Stories of the Last Week

Cyber Crime Could Cost The World $10.5 Trillion Annually By 2025

In a world that is becoming increasingly reliant on technology, cyber security is an extremely important priority for entrepreneurs and small and medium-sized businesses. And it's become even more essential in the wake of the pandemic. In June 2020, a report revealed that small and medium-sized businesses were at an especially high risk of data breaches and cyber attacks during the pandemic.

https://www.entrepreneur.com/article/364015

119,000 Threats Per Minute Detected In 2020

The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion. Averaging out at 119,000 cyber-threats per minute, the huge figure was included in the company's annual roundup, Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target.

https://www.infosecurity-magazine.com/news/119k-threats-per-minute-detected/

78% Of Top Security Leaders Say Their Organisations Are Unprepared For A Cyber Attack

Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyber attacks. The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cyber security budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in 2020.

https://www.scmagazine.com/home/security-news/network-security/78-percent-of-top-security-leaders-say-their-organizations-are-unprepared-for-a-cyberattack/

UK Faced Millions Of Cyber Attacks Last Year

The UK faced millions of Covid-19-related cyber security threats last year, but generally managed to mitigate attacks effectively. A total of 16.4 million Covid-19-related threats were recorded last year, with four percent (563,571) identified in the UK. The US suffered the highest volume of attacks by a significant margin: more than 6.5 million. Germany was second with 2.3 million, and France rounded out the top three with just over one million attacks.

https://www.itproportal.com/news/uk-faced-millions-of-cyberattacks-last-year/

New Malformed URL Phishing Technique Can Make Attacks Harder To Spot

Warning of a new form of phishing attack that makes malicious messages more likely to get through filters and harder for the average person to detect by sight. By hiding phishing information in the prefixes of URLs, attackers can send what looks like a link to a legitimate website, free of misspellings and all, with a malicious address hidden in the prefix of the link.

https://www.techrepublic.com/article/new-malformed-url-phishing-technique-can-make-attacks-harder-to-spot/

Hackers Share Details Of Canadian Military Spy Plane On Dark Web

Hackers have shared details of a Canadian military spy plane after its manufacturers seemingly refused to pay a cyber ransom. Aerospace firm Bombardier, whose Global 6000 plane is used for Saab’s GlobalEye spy system, says it was the victim of a “limited cyber security breach.” That saw detailed plans of the airborne early warning system developed by the Swedish defence company Saab being dumped on the dark web site CLOP^_-LEAKS.

https://www.independent.co.uk/news/world/americas/hackers-spy-plane-bombardier-saab-b1807037.html

Cisco Points To New Tier Of APT Actors That Behave More Like Cyber Criminals

Cisco Talos suggests that maybe it is time to start thinking of hacker groups as more than either advanced persistent threat or criminal attackers. It is already well established that some APTs operate as criminals. Several international governments, including the United States, have identified North Korean state-sponsored hackers as stealing on behalf of the government, and other groups have been identified by vendors as state-sponsored groups with actors who occasionally freelance as criminals.

https://www.scmagazine.com/home/security-news/apts-cyberespionage/cisco-points-to-new-tier-of-apt-actors-that-behave-more-like-cybercriminals/

These Hackers Sell Network Logins To The Highest Bidder. And Ransomware Gangs Are Buying

A growing class of cyber criminals are playing an important role on underground marketplaces by breaching corporate networks and selling access to the highest bidder to exploit however they please. The buying and selling of stolen login credentials and other forms of remote access to networks has long been a part of the dark web ecosystem, but according to analysis by cyber security researchers, there has been a notable increase in listings by 'Initial Access Brokers' over the course of the past year.

https://www.zdnet.com/article/these-hackers-sell-network-logins-to-the-highest-bidder-and-ransomware-gangs-are-buying/

U.S. Calls North Korean Hackers ‘World’s Leading Bank Robbers’

North Korea was accused of being behind the 2014 hack of an internal computer network of Sony Pictures Entertainment Inc., an audacious attack that exposed Hollywood secrets and destroyed company data.

https://www.bloomberg.com/news/articles/2021-02-17/u-s-charges-3-north-koreans-linked-to-sony-hack-in-new-scheme

Sequoia Capital, One Of Silicon Valley's Most Notable VC Firms, Told Investors It Was Hacked

One of Silicon Valley's oldest and most venerable VC firms was hacked. Sequoia Capital told its investors on Friday that some personal and financial information may have been accessed by a third party after one of its employees fell victim to a successful. Phishing attack, according to a report in Axios Friday. Sequoia told investors that it has not yet seen any indication that compromised information is being traded or otherwise exploited on the dark web, Axios reported.

https://www.businessinsider.com/vc-firm-sequoia-capital-told-investors-it-was-hacked-2021-2?utmSource=twitter&utmContent=referral&utmTerm=topbar&referrer=twitter

Poor Hardware Disposal Practices Posing A Risk To Data Security

Many business leaders are not paying much attention to the way they dispose of old and obsolete hardware, opening their organizations up to possible data breaches. Of the 1,029 people polled for the report, a fifth said their employer disposed of various IT hardware over the last 12 months. However, less than half (40 percent) thought this hardware did not contain confidential data when it was disposed of.

https://www.itproportal.com/news/poor-hardware-disposal-pratice-posing-a-risk-to-data-security/


Threats

Ransomware

Phishing

Malware

Mobile

Vulnerabilities

Organised Crime

Dark Web

OT, ICS, IIoT and SCADA

Nation-State Actors

Denial of Service

Privacy


Reports Published in the Last Week



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Antony Cleal Antony Cleal

Black Arrow Cyber Threat Briefing 12 February 2021

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.


Top Cyber Stories of the Last Week

2020 Sees Ransomware Increase By Over 400 Percent

A new study from Cyber Security company, finds that last year malware increased by 358 percent overall and ransomware increased by 435 percent as compared with 2019. The report which analyzes millions of attacks taking place across the year finds distribution of the Emotet malware skyrocketed by 4,000 percent, while malware threats attacking Android phones increased by 263 percent. July saw the largest increase in malicious activity, up by 653 percent compared with the previous year. Microsoft Office documents are the most manipulated document attack vector and these attacks were up by 112 percent.

https://betanews.com/2021/02/10/ransomware-increase-400-percent/

Remote Desktop Protocol Attacks Surge By 768%

Remote desktop protocol (RDP) attacks increase by 768% between Q1 and Q4 last year, fuelled by the shift to remote working. However, a slower rate of growth was observed in the final quarter of the year, indicating that organizations have enhanced their security for remote users.

https://www.infosecurity-magazine.com/news/remote-desktop-protocol-attacks/

Even Minor Phishing Operations Can Distribute Millions Of Malicious Emails Per Week

Even small-scale phishing campaigns are capable of distributing millions and millions of malicious emails to victims around the world, according to a new report. Describing the most popular styles of phishing attack, criminal today rely on fast-churning campaigns. They create a single phishing email template (usually in English) and send it out to anywhere between 100 and 1,000 targets.

https://www.itproportal.com/news/even-small-phishing-operations-can-distribute-millions-of-malicious-emails-per-week/

With One Update, This Malicious Android App Hijacked Millions Of Devices

With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices. Lavabird Ltd.'s Barcode Scanner was an Android app that had been available on Google's official app repository for years. The app, accounting for over 10 million installs, offered a QR code reader and a barcode generator -- a useful utility for mobile devices.

https://www.zdnet.com/article/with-one-update-this-malicious-android-app-hijacked-10-million-devices/

Cd Projekt Hit By Ransomware Attack, Refused To Pay Ransom, Data Reportedly Sold Off By Hackers

Polish video game maker CD Projekt, which makes Cyberpunk 2077 and The Witcher, has confirmed it was hit by a ransomware attack. In a statement posted to its Twitter account, the company said it will “not give in nor negotiate” with the hackers, saying it has backups in place. “We have already secured our IT infrastructure and begun restoring data,” the company said.

https://techcrunch.com/2021/02/09/cd-projekt-red-hit-by-ransomware-attack-refuses-to-pay-ransom/

Hacked Florida Water Plant Used Shared Passwords And Windows 7 PCs

The Oldsmar, Florida water plant hacked earlier this week used outdated Windows 7 PCs and shared passwords, the Associated Press has reported. A government advisory also revealed that the relatively unsophisticated attack used the remote-access program TeamViewer. However, officials also said that the hacker’s attempt to boost chemicals to dangerous levels was stopped almost immediately after it started.

https://www.engadget.com/hacked-water-plant-computer-had-shared-passwords-andofdate-windows-os-082552973.html

Top Web Hosting Provider Shuts Down Following Cyber Attack

Cybercriminals often attack websites in order to extort a ransom from their victims but a recent cyberattack against the web hosting company No Support Linux Hosting took quite a different turn. After a hacker managed to breach the company's internal systems and compromise its entire operation, No Support Linux Hosting has announced that it is shutting down. The company alerted its customers to the situation before shutting down its website in a message.

https://www.techradar.com/news/top-web-hosting-provider-shuts-down-following-cyberattack

High Demand For Hacker Services On Dark Web Forums

Nine in 10 (90%) users of dark web forums are searching for a hacker who can provide them with a particular resource or who can download a user database. This is according to new research by Positive Technologies, which analyzed activity on the 10 most prominent forums on the dark web, which offer services such as website hacking and the buying/selling of databases. The study highlights the growing demand for hackers’ services and stolen data, exacerbated by the increased internet usage by both organizations and individuals since the start of COVID-19.

https://www.infosecurity-magazine.com/news/demand-hacker-services-dark-web/

Facebook Phishing Campaign Tricked Nearly 500,000 Users In Two Weeks

A recent investigation uncovered a large scale phishing operation on Facebook. The Facebook phishing campaign is dangerous and targets user personal information. The phishing scam “Is that you” currently on Facebook has been around in multiple forms for years. The whole trouble starts with a “friend” sending you a message claiming to have found a video or image with you in it. The message is usually a video and after clicking, it takes you through a series of websites. These websites have malicious scripts that get your location, device type, and operating system.

https://www.gizchina.com/2021/02/09/facebook-phishing-campaign-tricked-nearly-500000-users-in-two-weeks/

Hackers Are Tweaking Their Approach To Phishing Attacks In 2021

Cyber criminals are a creative bunch, constantly coming up with new ways to avoid detection and advance their sinister goals. A new report from cyber security experts at BitDam describes a few fresh techniques used in the wild so far in 2021. According to the report, email protection solutions tend to trust newly created email domains that are yet to be flagged as dangerous. Criminals are now increasingly exploiting this fact to increase the chances that phishing, and malware emails make it into victims' inboxes.

https://www.itproportal.com/news/hackers-are-tweaking-their-approach-to-phishing-attacks-in-2021/


Threats

 Ransomware

Phishing

Malware

Mobile

IOT

Vulnerabilities

Data Breaches

Organised Crime

Supply Chain

Nation-State Actors

Privacy




As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More