Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 10 May 2024
Black Arrow Cyber Threat Intelligence Briefing 10 May 2024:
-China Suspected of Hacking MoD, Through Its Payroll Provider
-Security Tools Fail to Translate Risks for Executives
-Gang Accused of MGM Hack Shifts Attacks to Finance Sector
-Are SMEs Paving the Way for Cyber Attacks on Larger Companies?
-Misconfigurations Drive 80% of Security Exposure, Report Finds
-Only 45% of Organisations Employ MFA Protections
-You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever
-The Rise and Stealth of The Socially Engineered Insider
-Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training
-Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security
-Ransomware Activity Thrives, Despite Law enforcement Efforts
-NATO Warns of Russian Hybrid Warfare
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
China Suspected of Hacking UK Ministry of Defence, Through Its Payroll Provider
UK Defence Secretary Grant Shapps has confirmed that over 270,000 personal details have been leaked after the MoD was hacked through its third-party payroll provider, SSCL. The affected systems have been pulled offline since the attack. SSCL’s website describes that it manages HR for the armed forces, the Metropolitan Police and other areas of British government. The commercial supply chain, and in particular HR and payroll providers, is increasing being used as the soft underbelly to attack larger and better protected organisations.
Sources: [LBC] [The Register] [Sky News]
Security Tools Fail to Translate Risks for Executives
Organisations are struggling with internal communication barriers, hindering their ability to address and mitigate cyber security threats, according to a report which found that seven out of 10 C-suite executives said their security teams talk in technical terms without providing business context. However, in contrast, 75% of CISO’s highlight the issue is rooted in security tools that cannot generate the insights C-level executives and boards can use to understand business implications. The role of a good CISO should be to take the output of these tools and turn that data into metrics the Boards can understand.
The issues highlight the necessity for organisations to have someone in their organisation, whether an employee or a third-party, who is able to ingest technical results and translate them into a style that the C-suite can understand for business risk management.
Source: [Help Net Security]
Gang Accused of MGM Hack Shifts Attacks to Finance Sector
The hacking group responsible for the infamous hack on MGM and Caesar’s Palace resorts is engaged in a new campaign targeting the financial sector. The group known as Scattered Spider has targeted 29 companies since 20 April this year, compromising at least 2 insurance companies so far. The research has stated that the attackers are purchasing lookalike domains that match the name of target companies, hosting fake log-in pages. Links to these are sent to employees, in an attempt to direct them there. The most recent attack took place just days ago, with more expected.
Sources: [Bloomberg Law] [Claims Journal]
Are SMEs Paving the Way for Cyber Attacks on Larger Companies?
A recent study highlights the escalating cyber threats facing businesses, particularly SMEs and supply chains. The study found that 32% of UK businesses, including 69% of large and 59% of mid-sized organisations, suffered a cyber attack last year. The situation is worse for SMEs, with weaker security systems and 77% lacking in-house cyber security. SMEs can become entry points for hackers targeting larger partners through interconnected supply chains. Meanwhile, Verizon’s latest data breaches report revealed a 68% increase in supply chain breaches, accounting for 15% of all breaches in 2023, up from 9% in 2022. These breaches are primarily driven by third-party software vulnerabilities exploited in ransomware and extortion attacks. Experts emphasise proactive cyber policies, vulnerability scans, and employee education for SMEs to bolster defences. They also urge organisations to consider third-party bugs as both vulnerability and vendor management problems, make better vendor choices, and use external signals like SEC disclosures in the United States to guide decisions. These measures can help prevent SMEs from becoming gateways for larger attacks and manage the rising threat of supply chain breaches.
Sources: [Insurance Times] [Dark Reading]
Misconfigurations Drive 80% of Security Exposure, Report Finds
A recent report has found that 80% of security exposures are caused by identity and credential misconfigurations, with a third of these putting critical assets at risk of a breach. According to the report, the majority of this is within an organisation’s network user management (Active Directory) and 56% of breaches that impact critical assets are within cloud platforms. There is often the misconception that cloud-based environments are secure by default, but misconfigurations can undo any security benefits and still leave you exposed. Just because someone else built and maintains your house, it is still your responsibility to lock the doors and windows.
Sources: [Security Magazine]
Only 45% of Organisations Employ MFA Protections
A recent report of IT decision-makers has found that 97% are facing challenges with identity verification and 52% are very concerned about credential compromise, followed by account takeover (50%). When it comes to reinforcing identity verification, only 45% used multi-factor authentication (MFA). By using MFA, organisations are forcing two identification verifications: simply knowing a username and password is not enough, especially given the speeds with which attackers can crack passwords, with average 8 character passwords able to be cracked in less than a minute. Whilst no control is 100% impenetrable, enabling MFA will aid in increasing your organisation's cyber resilience.
Source: [Help Net Security]
You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever
For many organisations, visibility of their information assets can be incredibly hard to obtain and maintain, with different tools, under-reporting and shadow IT contributing to the problem. Unfortunately, cyber criminals are getting faster at exploiting vulnerabilities, and if you do not know you have the vulnerability in your estate then you cannot patch against it. In their recent report, Fortinet found that attacks started on average 4.76 days after new exploits were publicly disclosed.
Interestingly though, while zero-day threats garner much attention (these are ‘new’ vulnerabilities that are being exploited by attackers but for which there are no security patches yet available), one third of all exploits are for older vulnerabilities. This highlights the need for a comprehensive and robust approach to network security and vulnerability management, beyond simply patching what Microsoft puts out once a month. To have effective patch management, organisations must know what they need to patch and therefore must have visibility of the corporate environment. A good starting block is the creation of a robust information asset register.
Sources: [Security Brief] [Help Net Security] [IT Security Guru]
The Rise and Stealth of The Socially Engineered Insider
Social engineering has become increasingly prevalent as the preferred tactic for foreign adversaries. Insiders are prime targets due to their privileged access to sensitive data. This is particularly affecting the technology, pharma, and critical infrastructure sectors. Advances in AI and social platforms have made it easier to exploit these vulnerabilities. These advances allow threat actors to tailor attacks with unprecedented speed and realism. Using methods like coercion or deception, these actors exploit employees to gain high-value data that can be weaponised. As a result, the threat landscape has become more complex, blurring the lines between internal and external risks. To bolster their defences, organisations are now investing in insider risk management and AI. They are also emphasising employee education and cross-sector collaboration.
Source: [Forbes]
Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training
An ISACA study and the AI Security & Governance Report reveal a complex landscape of AI adoption and security. 73% of European organisations and 54% of global organisations use AI, with 79% increasing their AI budgets, however training and policy development lag behind. Only 30% offer limited training, 40% provide none, and a mere 17% have a comprehensive AI policy. Despite AI’s potential, 80% of data experts find it complicates security, with concerns high around generative AI exploitation (61% of respondents) and AI-powered attacks (over 50% of business leaders). Data poisoning and privacy issues persist, yet 85% of leaders express confidence in their data security strategies, with 83% revising privacy and governance guidelines. With 86% recognising a need for AI training within two years, the call for dynamic governance strategies and formal education is clear to manage evolving threats.
Sources: [Help Net Security] [IT Security Guru]
Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security
Cyber security success depends on more than just technology. Bad actors are always looking for the easiest entry point, meaning that employees’ everyday actions are crucial, when even one careless click or a weak password can be an open door for hackers. However, empowered with the right knowledge and tools, staff can become a robust defence. Nearly 80% of organisations have reported an increase in phishing attacks, but training programs like role-playing exercises and phishing simulations significantly reduce these risks. Effective cyber security also hinges on C-suite leaders promoting a security-first culture, ensuring all employees understand the risks and follow strict protocols like MFA and strong password policies. Consistent training and open communication are vital in fostering a resilient, security-aware workforce.
Source: [JDSupra]
Ransomware Activity Thrives, Despite Law enforcement Efforts
Despite the recent law enforcement takedowns on ransomware groups, ransomware remains rife. Whilst the takedown of a group can come as an initial relief in that the group has gone, it simply forces ransomware affiliates to diversify. This is reflected in ransomware continuing its growth in the first quarter of 2024, with 18 new leak sites, the largest number in a single quarter, emerging over this period. When comes to those at risk, both financial services and healthcare remain a prominent target.
Sources: [Help Net Security ] [Infosecurity Magazine] [Help Net Security]
NATO Warns of Russian Hybrid Warfare
NATO has issued a statement in which it describes it is “deeply concerned about Russia's hybrid actions and the threat that they constitute to NATO security”. The actions are described to include sabotage, acts of violence, cyber and electronic interference, and disinformation campaigns. This comes as many countries including the UK and US are due to have elections this year.
Sources: [EU Reporter] [Financial Times]
Governance, Risk and Compliance
You cannot protect what you do not understand (securitybrief.co.nz)
Security tools fail to translate risks for executives - Help Net Security
It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs (thehackernews.com)
Now More Than Ever, it's Crucial for Companies to Get Cyber Security Right (newsweek.com)
Why SMBs are facing significant security, business risks - Help Net Security
Are SMEs paving the way for cyber attacks on larger companies? | Insurance Times
Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra
The Art Of Cyber Security Governance: Safeguarding Beyond Code (forbes.com)
CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes (darkreading.com)
92% of CISOs Question the Future of Their Role Amidst Growing AI Pressures | Business Wire
Three strategies for winning the cyber security arms race | Fintech Nexus
Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)
CIOs and CFOs, two parts of the same whole - IT Security Guru
Threats
Ransomware, Extortion and Destructive Attacks
Gang Accused of MGM Hack Turns Its Sights on Finance Sector (bloomberglaw.com)
Cybercrime Unicorns: What Everyone Needs to Know About Ransomware Gangs (pcmag.com)
Why Paying Should Be A Last Resort In Ransomware Attacks (forbes.com)
Ransomware activity is back on track despite law enforcement efforts - Help Net Security
Ransomware evolves from extortion to 'psychological attacks' • The Register
Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (thehackernews.com)
Ransomware attacks impact 20% of sensitive data in healthcare orgs - Help Net Security
An overwhelming majority of organisations paid ransomware last year - eCampus News
The Growing Threat of Advanced Ransomware Attacks (inforisktoday.com)
Law enforcement seized Lockbit group's website again (securityaffairs.com)
Consultant charged with $1.5M extortion of IT giant • The Register
IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar
Ransomware crooks SIM swap kids to pressure parents • The Register
Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)
97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)
CISA boss: Secure software needed to stop ransomware • The Register
Shields Up: How to Minimize Ransomware Exposure - Security Week
Ransomware Victims
UnitedHealth’s 'egregious negligence' led to that ransomware • The Register
Ascension healthcare takes systems offline after cyber attack (bleepingcomputer.com)
London Drugs president tight-lipped over recent cyber attack | CBC News
Boeing confirms attempted $200 million ransomware extortion attempt | CyberScoop
Cyber attack disrupts operations at major US health care network | CNN Business
City of Wichita Shuts Down Network Following Ransomware Attack - Security Week
Patient appointments imperilled by cyber attack on French radiologist (therecord.media)
Ransomware attack hits Brandywine Realty Trust | SC Media (scmagazine.com)
Phishing & Email Based Attacks
Other Social Engineering
The Rise And Stealth Of The Socially Engineered Insider (forbes.com)
Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online
What is social engineering penetration testing? | Definition from TechTarget
Artificial Intelligence
Organisations go ahead with AI despite security risks - Help Net Security
Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)
Strategies for preventing AI misuse in cyber security - Help Net Security
AI is changing the game when it comes to cyber security | ITPro
Why the Cyber Security Industry Is Obsessed With AI Right Now - CNET
LLMs & Malicious Code Injections: 'We Have to Assume It's Coming' (darkreading.com)
Cyber Security, Deepfakes and the Human Risk of AI Fraud (govtech.com)
Criminal Use of AI Growing, But Lags Behind Defenders - Security Week
2FA/MFA
Only 45% of organisations use MFA to protect against fraud - Help Net Security
UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert
Malware
ZLoader Malware adds Zeus's anti-analysis feature (securityaffairs.com)
Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)
Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)
New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (thehackernews.com)
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)
Mobile
Mobile Banking Malware Surges 32% - Infosecurity Magazine (infosecurity-magazine.com)
Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)
European Threat To End-To-End Encryption Would Invade Phones (forbes.com)
Ransomware crooks SIM swap kids to pressure parents • The Register
Denial of Service/DoS/DDOS
Data Breaches/Leaks
How does a data breach affect you and why should you care? | TechRadar
Dell customer order database stolen, for sale on dark web • The Register
The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED
Cyber attack: Large volume of data stolen in attack on Scottish health board (scotsman.com)
Security breach affects 6,000 German military VC meetings (avinteractive.com)
Security company exposes 1.2M guard and suspect records • The Register
Children's mental health records published after cyber attack - BBC News
Georgia education agency's MOVEit data theft impacted 800K • The Register
Data Brokers: What They Are and How to Safeguard Your Privacy - IT Security Guru
Zscaler Investigates Hacking Claims After Data Offered for Sale - Security Week
UK government departments reveal rise in data breaches & lost devices (datacentrenews.uk)
'Sophisticated' cyber attacks involving British Colombia government networks found | CBC News
Over 380K more NYC students had info leaked, bringing total to over 1M (nypost.com)
Dating apps kiss'n'tell all sorts of sensitive user info • The Register
Organised Crime & Criminal Actors
Hackers of all kinds are attacking routers across the world | TechRadar
These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED
Massive webshop fraud ring steals credit cards from 850,000 people (bleepingcomputer.com)
Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
The Rise And Stealth Of The Socially Engineered Insider (forbes.com)
Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra
Supply Chain and Third Parties
UK Military Data Breach a Reminder of Third-Party Risk (darkreading.com)
Details of UK military personnel exposed in huge payroll data breach | AP News
Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)
DBIR: Supply Chain Breaches Up 68% Year Over Year (darkreading.com)
The complexities of third-party risk management - Help Net Security
Cloud/SaaS
Encryption
Cop complaints won't stop E2EE, says encryption advocate • The Register
European Threat To End-To-End Encryption Would Invade Phones (forbes.com)
Linux and Open Source
Open-Source Cyber Security Is a Ticking Time Bomb (gizmodo.com)
Spies Among Us: Insider Threats in Open Source Environments (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online
Microsoft introduces Passkeys support for consumer accounts - gHacks Tech News
Google Announces Passkeys Adopted by Over 400 Million Accounts (thehackernews.com)
UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert
Hackers can crack average 8-character passwords in under a minute (newsbytesapp.com)
How secure is the “Password Protection” on your files and drives? - Help Net Security
Social Media
Training, Education and Awareness
Regulations, Fines and Legislation
The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard
The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard
Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
How workforce reductions affect cyber security postures - Help Net Security
One in Four Tech CISOs Unhappy with Compensation - Security Boulevard
Law Enforcement Action and Take Downs
Ransomware activity is back on track despite law enforcement efforts - Help Net Security
LockBit's seized darknet site resurrected by police, teasing new revelations (therecord.media)
LockBit leader unmasked and sanctioned - National Crime Agency
Israeli private investigator wanted for hacking in US is arrested in London | The Independent
German police bust Europe's 'largest' scam call centre – DW – 05/02/2024
Consultant charged with $1.5M extortion of IT giant • The Register
97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Israeli private investigator wanted for hacking in US is arrested in London | The Independent
Cyber Attacks on US Utilities: New Trends in Cyber Warfare - ClearanceJobs
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus (darkreading.com)
Nation State Actors
China
Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)
Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (thehackernews.com)
Russia
Malice from Moscow: NATO warns of Russian hybrid warfare - EU Reporter
Russia plotting sabotage across Europe, intelligence agencies warn (ft.com)
How Nato could respond after wave of Russian spy arrests across Europe (inews.co.uk)
EU, NATO denounce Russia's cyber attacks on Germany, Czechia (kyivindependent.com)
Russia Cyber Attack Germany's Ruling Party, Defence | Silicon UK
Foreign Ministry: Czech institutions targeted by GRU cyber attacks | Radio Prague International
Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)
Ukraine records increase in financially motivated attacks by Russian hackers (therecord.media)
Cyber War? EU rages over alleged Russian cyber attack on German’s ruling SPD (brusselssignal.eu)
Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)
A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED
Russia says Germany using baseless 'hacker myths' to destroy ties | Reuters
Poland says it too was targeted by Russian hackers – POLITICO
Kaspersky denies claims it helped Russia with drones • The Register
Iran
Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)
Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Cyber criminals are getting faster at exploiting vulnerabilities - Help Net Security
Misconfigurations drive 80% of security exposures | Security Magazine
Patch management vs. vulnerability management: Key differences | TechTarget
What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)
CISA’s KEV list improving private and public-sector patching • The Register
CISA Announces CVE Enrichment Project 'Vulnrichment' - Security Week
Vulnerabilities
Citrix Addresses High-Severity NetScaler Servers Flaw (darkreading.com)
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (bleepingcomputer.com)
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) - Help Net Security
LiteSpeed Cache WordPress plugin actively exploited in the wild (securityaffairs.com)
New BIG-IP Next Central Manager bugs allow device takeover (bleepingcomputer.com)
Microsoft: April Windows Server updates also cause crashes, reboots (bleepingcomputer.com)
Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)
Tools and Controls
Behind Closed Doors: The Rise of Hidden Malicious Remote Access (cybereason.com)
Security tools fail to translate risks for executives - Help Net Security
Misconfigurations drive 80% of security exposures | Security Magazine
NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)
Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica
Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica
Strategies for preventing AI misuse in cyber security - Help Net Security
Shadow APIs: An Overlooked Cyber Risk for Orgs (darkreading.com)
What is social engineering penetration testing? | Definition from TechTarget
How workforce reductions affect cyber security postures - Help Net Security
What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)
Top 10 physical security considerations for CISOs | CSO Online
IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar
A SaaS Security Challenge: Getting Permissions All in One Place (thehackernews.com)
Tips for Controlling the Costs of Security Tools - The New Stack
Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)
Microsoft confirms Windows 11 24H2 turns on Device Encryption by default (windowslatest.com)
Reports Published in the Last Week
Other News
Microsoft overhaul treats security as ‘top priority’ after a series of failures - The Verge
The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard
Complexity leads to trade-off between risk and innovation (betanews.com)
When has the UK faced cyber attacks in the past? | The Independent
Man-in-the-middle attack: The new cyber security threat | YourStory
Paris 2024 gearing up to face unprecedented cyber security threat | Reuters
38% of riskiest cyber physical systems neglected, warns Claroty report (securitybrief.co.nz)
Why undersea cables need high-priority protection • The Register
GAO: NASA Faces 'Inconsistent' Cyber Security Across Spacecraft (darkreading.com)
Cyber security regulations: Are non-compliant cars more vulnerable? | Autocar
Fujitsu sets aside £200m as calls mount for Post Office scandal payout
FE News | Why the education sector needs to do the homework on cyber security as attacks soar
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 March 2023
Black Arrow Cyber Threat Briefing 17 March 2023:
-Almost Half of IT Leaders Consider Security as an Afterthought
-Over $10bn Lost To Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says
-Over 721 Million Passwords Were Leaked in 2022
-How Much of a Cyber Security Risk are Suppliers?
-90% of £5m+ Businesses Hit by Cyber Attacks
-Rushed Cloud Migrations Result in Escalating Technical Debt
-17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
-Microsoft Warns of Large-Scale Use of Phishing Kits
-BEC Volumes Double on Phishing Surge
-The Risk of Pasting Confidential Company Data in ChatGPT
-Ransomware Attacks have Entered a New Phase
-MI5 Launches New Agency to Tackle State-Backed Attacks
-Why Cyber Awareness Training is an Ongoing Process
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Almost Half of IT Leaders Consider Security as an Afterthought
A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.
Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says
According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.
Over 721 Million Passwords were Leaked in 2022
A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.
https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/
How Much of a Cyber Security Risk are Suppliers?
When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.
https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2
90% of £5m+ Businesses Hit by Cyber Attacks
A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.
https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/
Rushed Cloud Migrations Result in Escalating Technical Debt
A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.
https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.
Microsoft Warns of Large-Scale Use of Phishing Kits
Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.
https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html
BEC Volumes Double on Phishing Surge
The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.
https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/
The Risk of Pasting Confidential Company Data in ChatGPT
Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.
https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html
Ransomware Attacks have Entered a Heinous New Phase
With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.
https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/
MI5 Launches New Agency to Tackle State-Backed Attacks
British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.
https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/
Why Cyber Awareness Training is an Ongoing Process
A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.
Threats
Ransomware, Extortion and Destructive Attacks
BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)
Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru
FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)
Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)
Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)
Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)
CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)
Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs
Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register
Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)
5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert
Dish customers kept in the dark as ransomware fallout continues | TechCrunch
Cancer patient sues hospital over stolen naked photos • The Register
ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)
Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert
Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)
Universities and colleges cope silently with ransomware attacks | CSO Online
Phishing & Email Based Attacks
Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica
Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)
6 reasons why your anti-phishing strategy isn’t working | CSO Online
Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)
Botnet that knows your name and quotes your email is back with new tricks | Ars Technica
Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)
How two-step phishing attacks evade detection and what you can do about it - Help Net Security
BEC – Business Email Compromise
Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)
Organizations need to re-examine their approach to BEC protection - Help Net Security
BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)
2FA/MFA
Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)
Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica
Malware
Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)
Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)
Law enforcement seized the website selling the NetWire RAT- - Security Affairs
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)
Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)
Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)
Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)
New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)
Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)
Mobile
Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)
GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET
FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)
Botnets
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)
Botnet that knows your name and quotes your email is back with new tricks | Ars Technica
Denial of Service/DoS/DDOS
Internet of Things – IoT
Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)
Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)
Data Breaches/Leaks
Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert
Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)
BMW exposes data of clients in Italy, experts warn- - Security Affairs
Acronis states that only one customer's account was compromised- - Security Affairs
Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch
LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek
Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru
CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)
Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto
UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)
CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs
Claim: FTX leaders helped themselves to $3.2B in cash • The Register
Feds charge exiled Chinese billionaire over crypto fraud • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek
Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru
ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET
Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)
The SVB demise is a fraudster's paradise, so take precautions - Help Net Security
Fighting financial fraud through fusion centers - Help Net Security
UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)
UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Claim: FTX leaders helped themselves to $3.2B in cash • The Register
Feds charge exiled Chinese billionaire over crypto fraud • The Register
Impersonation Attacks
Deepfakes
AML/CFT/Sanctions
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Dark Web
Supply Chain and Third Parties
Top 10 operational risks: focus on third-party risk - Risk.net
How much of a cyber security risk are my suppliers? (thetimes.co.uk)
Software Supply Chain
We can't wait for SBOMs to be demanded by regulation - Help Net Security
Best practices for securing the software application supply chain - Help Net Security
Cloud/SaaS
Rushed cloud migrations result in escalating technical debt - Help Net Security
CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat
How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)
Navigating the future of digital identity - Help Net Security
Encryption
Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
Passwords, Credential Stuffing & Brute Force Attacks
Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert
Study: Over 721 million passwords were leaked in 2022 - Neowin
Social Media
UK bans TikTok from government mobile phones | TikTok | The Guardian
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop
Governance, Risk and Compliance
Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)
Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)
6 principles for building engaged security governance | TechTarget
Models, Frameworks and Standards
How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)
Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)
Data Protection
Law Enforcement Action and Take Downs
International authorities bring NetWire's malware infrastructure to a standstill | TechSpot
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
Privacy, Surveillance and Mass Monitoring
German states rethink reliance on Palantir technology | Financial Times (ft.com)
Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert
Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)
Artificial Intelligence
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)
ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek
How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)
UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News
Why red team exercises for AI should be on a CISO's radar | CSO Online
GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop
UK bans TikTok from government mobile phones | TikTok | The Guardian
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek
Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)
Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert
YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)
China sought control of telecoms to spy on Micronesia • The Register
Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian
This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Polish intelligence dismantled a network of Russian spies- Security Affairs
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs
Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ
Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Nation State Actors
UK bans TikTok from government mobile phones | TikTok | The Guardian
North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop
A new Chinese era: security and control | Financial Times (ft.com)
Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)
Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online
Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)
China sought control of telecoms to spy on Micronesia • The Register
CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop
APT29 abuses EU information exchange systems in recent attacks- Security Affairs
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)
Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian
This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs
Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ
Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Vulnerabilities
Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)
Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)
Microsoft and Fortinet fix bugs under active exploit • The Register
CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)
Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs
Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto
SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)
Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek
Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)
Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)
Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)
Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek
Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)
Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica
Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET
Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Tools and Controls
Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)
What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)
Set up PowerShell script block logging for added security | TechTarget
Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)
Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)
5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert
5 Steps to Effective Cloud Detection and Response - The New Stack
Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)
ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)
Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)
Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 May 2022
Black Arrow Cyber Threat Briefing 27 May 2022
-How Confident Are Companies in Managing Their Current Threat Exposure?
-'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds
-Paying Ransom Doesn’t Guarantee Data Recovery
-Report: Frequency of Cyber Attacks in 2022 Has Increased by Almost 3M
-New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message
-VMware, Airline Targeted as Ransomware Chaos Reigns
-Crypto Hacks Aren't a Niche Concern; They Impact Wider Society
-State of Cyber Security Report 2022 Names Ransomware and Nation-State Attacks as Biggest Threats
-Vishing (Voice Phishing) Cases Reach All Time High
-DeFi (Decentralised Finance) Is Getting Pummelled by Cyber Criminals
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
How Confident Are Companies In Managing Their Current Threat Exposure?
Crossword Cybersecurity has released a report based on the findings of a survey of over 200 CISOs and senior UK cyber security professionals. The paper reveals companies are more concerned and exposed to cyber threats than ever before, with 61 percent describing themselves as at best only “fairly confident” at managing their current cyber security threat exposure, which should raise some eyebrows around the boardroom.
Respondents also feared their cyber strategy would not keep pace with the rate of tech innovation and changes in the threat landscape. 40 percent of organisations believe their existing cyber strategy will be outdated in two years, and a further 37 percent within three years. Additional investment is needed to address longer term planning, with 44 percent saying they only have sufficient resources in their organisation to focus on the immediate and mid-term cyber threats and tech trends.
https://www.helpnetsecurity.com/2022/05/26/organizations-cyber-strategy/
'There's No Ceiling': Ransomware's Alarming Growth Signals A New Era, Verizon DBIR Finds
Ransomware has become so efficient, and the underground economy so professional, that traditional monetisation of stolen data may be on its way out.
The past year has seen a staggering acceleration in ransomware incidents, with 25% of all breaches containing a ransomware component.
That's the top-line finding in the 2022 Verizon Data Breach Investigations Report (DBIR), which found that ransomware events in conjunction with breaches ballooned 13% in the past year — last year's report found that just 12% of incidents were ransomware-related. That translates into a rate of increase that's more than the previous five years of growth combined.
The 15th annual DBIR analysed 23,896 security incidents, of which 5,212 were confirmed breaches. About four in five of those were the handiwork of external cyber criminal gangs and threat groups, according to Verizon. And according to Alex Pinto, manager of the Verizon Security Research team, these nefarious types are finding it easier and easier to earn an ill-gotten living with ransomware, making other types of breaches increasingly obsolete.
"Everything in cyber crime has become so commoditised, so much like a business now, and it's just too darn efficient of a methodology for monetising their activity," he tells Dark Reading, noting that with the emergence of ransomware as-a-service (RaaS) and initial-access brokers, it takes very little skill or effort to get into the extortion game.
"Before, you had to get in somehow, look around, and find something worth stealing that would have a reseller on the other end," he explains. "In 2008 when we started the DBIR, it was by and large payment-card data that was stolen. Now, that has fallen precipitously because they can just pay for access someone else established and install rented ransomware, and it's so much simpler to reach the same goal of getting money."
https://www.darkreading.com/attacks-breaches/ransomware-alarming-growth-verizon-dbir
Paying Ransom Doesn’t Guarantee Data Recovery
A Veeam report has found that 72% of organisations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom.
Additionally, 76% of organisations admitted to paying the ransom. But while 52% paid the ransom and were able to recover data, 24% paid the ransom but were still not able to recover data.
https://www.helpnetsecurity.com/2022/05/24/paying-ransom-recover-data-video/
Report: Frequency Of Cyber Attacks in 2022 Has Increased By Almost 3M
Kaspersky has released a new report revealing a growing number of cyber attacks on small businesses in 2022 so far. Researchers compared the period between January and April 2022 to the same period in 2021, finding increases in the numbers of Trojan-PSW detections, internet attacks and attacks on Remote Desktop Protocol.
In 2022, the number of Trojan-PSW (Password Stealing Ware) detections increased globally by almost a quarter compared to the same period in 2021 一 4,003,323 to 3,029,903. Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the company network and steal sensitive information.
Internet attacks grew from 32,500,000 globally in the analysed period of 2021 to almost 35,400,000 in 2022. These can include web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet command & control centres and more.
The number of attacks on Remote Desktop Protocol grew in the U.S. (while dropping slightly globally), going from 47.5 million attacks in the first trimester of 2021 to 51 million in the same period of 2022. With the widespread shift toward remote work, many companies have introduced Remote Desktop Protocol (RDP), a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home.
With small business owners typically handling numerous responsibilities at the same time, cyber security is often an afterthought. However, this disregard for IT security is being exploited by cyber criminals. The Kaspersky study sought to assess the threats that pose an increasing danger to entrepreneurs.
New Zoom Flaws Could Let Attackers Hack Victims Just By Sending Them A Message
Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code.
With Zoom's chat functionality built on top of the XMPP standard, successful exploitation of the issues could enable an attacker to force a vulnerable client to masquerade a Zoom user, connect to a malicious server, and even download a rogue update, resulting in arbitrary code execution stemming from a downgrade attack.
https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html
VMware, Airline Targeted As Ransomware Chaos Reigns
Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.
Ransomware incidents are on the rise and this week proved no exception, with the discovery of a Linux-based ransomware family called Cheerscrypt targeting VMware ESXi servers and an attack on SpiceJet, India’s second largest airline.
Meanwhile, an oddball "GoodWill" variant purports to help the needy.
The Cheerscrypt ransomware variant was uncovered by Trend Micro and relies on the double-extortion scheme to coerce victims to pay the ransom – i.e., stealing data as well and threatening to leak it if victims don’t pay up.
Because of the popularity of ESXi servers for creating and running multiple virtual machines (VMs) in enterprise settings, the Cheerscrypt ransomware could be appealing to malicious actors looking to rapidly distribute ransomware across many devices.
Meanwhile, low-cost carrier SpiceJet faced a ransomware attack this week, causing flight delays of between two and five hours as well as rendering unavailable online booking systems and customer service portals.
While the company’s IT team announced on Twitter that it had successfully prevented the attempted attack before it was able to fully breach all internal systems and take them over, customers and employees are still experiencing the ramifications.
https://www.darkreading.com/attacks-breaches/vmware-airline-targeted-as-ransomware-chaos-reigns
Crypto Hacks Aren't A Niche Concern; They Impact Wider Society
Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.
The attack against the Ronin Network in March was quickly speculated to be one of the largest cryptocurrency hacks of all time. Approximately $540 million was stolen from the cryptocurrency and NFT games company in a combination of USDC and Etherium, with $400 million of the stolen funds owned by customers playing the game Axie Infinity.
This attack was the latest in a string of thefts perpetrated against crypto and should be a jolt to both the digital asset and cyber security communities to bring the security of cryptocurrencies into line.
The current vogue of large-scale crypto heists goes as far back as the 2014 Mt. Gox hack (another cryptocurrency exchange built around a game, Magic: The Gathering), which went into bankruptcy after losing $460 million of assets.
However, the trend has been gathering pace. In the months leading up to the Ronin Network attack, cyber criminals stole nearly $200 million worth of cryptocurrency from the crypto trading platform BitMart, attacked 400 Crypto.com users, and orchestrated NFT-related scams, to name but a few incidents.
There is often an uncomfortable tendency to see these attacks as something that takes place in isolation in a remote part of the Internet when they actually have a huge impact on thousands of people.
State Of Cyber Security Report 2022 Names Ransomware And Nation-State Attacks As Biggest Threats
Ransomware is the biggest concern for cyber security professionals, according to results of the Infosecurity Group’s 2022 State of Cybersecurity Report, produced by Infosecurity Europe and Infosecurity Magazine.
Cyber Security Professionals' Number One Concern: Ransomware.
This attack vector was voted as the biggest cyber security trend (28%) by the survey respondents (including CISOs, CTOs, CIOs and academics), marking a significant change from the previous report in 2020, where ransomware did not break the top three. This follows surging ransomware incidents in 2021, with ransom demands and payments growing significantly last year. A number of these attacks have also impacted critical industries, for example, taking down the US’ largest fuel pipeline.
The survey respondents also highlighted the evolving tactics and capabilities of ransomware attackers. This includes threat actors becoming more sophisticated as they evolve into loosely coupled service-based operations.
A number of cyber security professionals believe that cyber-criminal groups will become more guarded in their approach due to new initiatives by governments and law enforcement to tackle these activities.
Cyber Security Professionals' Number Two Concern: Nation-State Attacks.
The second biggest concern for survey respondents was geopolitics/nation-state attacks (24%), particularly the shifting hostilities from the Russia-Ukraine conflict into cyberspace. Russia already had a reputation for conducting offensive cyber operations prior to the conflict, and the Ukrainian government and critical services have experienced numerous attacks both before and since the war began.
https://www.infosecurity-magazine.com/news/2022-state-industry-report/
Vishing (Voice Phishing) Cases Reach All Time High
Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months (Q1 2021 to Q1 2022), according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs.
In Q1 2022, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.
According to the findings, vishing attacks have overtaken business email compromise (BEC) as the second most reported response-based email threat since Q3 2021. By the end of the year, more than one in four of every reported response-based threat was a vishing attack, and this makeup continued through Q1 2022.
https://www.helpnetsecurity.com/2022/05/24/vishing-cases-increased/
DeFi (Decentralised Finance) Is Getting Pummelled By Cyber Criminals
Decentralised finance lost $1.8 billion to cyber attacks last year — and 80% of those events were the result of vulnerable code, analysts say.
Decentralised finance (DeFi) platforms — which connect various cryptocurrency blockchains to create a decentralised infrastructure for borrowing, trading, and other transactions — promise to replace banks as a secure and convenient way to invest in and spend cryptocurrency. But in addition to attracting hordes of new users with dreams of digital fortune, cyber criminals have discovered them to be an easy target, wiping out wallets to zero balances in a moment, tanking whole markets while profiting, and more, according to a new report.
Analysts with Bishop Fox found that DeFi platforms lost $1.8 billion to cyber attacks in 2021 alone. With a total of 65 events observed, 90% of the losses came from unsophisticated attacks, according to the report, which points to the lax cyber security practices of the sector.
DeFi averaged five attacks per week last year, with most of them (51%) coming from the exploitation of "smart contracts" bugs, the analysts found. Smart contracts are essentially records of transactions, stored on the blockchain.
Other top DeFi attack vectors include cryptowallets, protocol design flaws, and so-called "rug-pull" scams (where investors are lured to a new cryptocurrency project that is then abandoned, leaving targets with a worthless currency). But taken together, 80% of all events were caused by the use (and re-use) of buggy code, according to the report.
https://www.darkreading.com/attacks-breaches/defi-pummeled-by-cybercriminals
Threats
Ransomware
Ransomware Attacks Increasing at “Alarming” Rate - Infosecurity Magazine
VMware, Airline Targeted as Ransomware Chaos Reigns (darkreading.com)
Clop ransomware gang is back, hits 21 victims in a single month (bleepingcomputer.com)
Link Found Connecting Chaos, Onyx and Yashma Ransomware | Threatpost
Ransomware demands three good demands to restore files • The Register
Ransomware Cheerscrypt targets VMware ESXi systems • The Register
New Chaos Malware Variant Ditches Wiper for Encryption (darkreading.com)
Industrial Spy data extortion market gets into the ransomware game (bleepingcomputer.com)
BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state (bleepingcomputer.com)
Conti Ransomware Operation Shut Down After Splitting into Smaller Groups (thehackernews.com)
Suspected phishing email crime boss arrested in Nigeria • The Register
BEC – Business Email Compromise
Interpol arrests alleged leader of the SilverTerrier BEC gang (bleepingcomputer.com)
Cyber security breach at the city of Portland led to fraudulent $1.4M transaction | KATU
Phishing & Email Based Attacks
Intuit warns of QuickBooks phishing threatening to suspend accounts (bleepingcomputer.com)
Suspected phishing email crime boss arrested in Nigeria • The Register
Other Social Engineering
Malware
BPFDoor malware uses Solaris vulnerability to get root privileges (bleepingcomputer.com)
New Windows Subsystem for Linux malware steals browser auth cookies (bleepingcomputer.com)
This Windows malware uses PowerShell to subvert Chrome • The Register
Hackers have found a new way to smuggle malware onto your device | TechRadar
Cyber Security Community Warned of Fake PoC Exploits Delivering Malware | SecurityWeek.Com
Popular Python and PHP libraries hijacked to steal AWS keys (bleepingcomputer.com)
New Attack Shows Weaponized PDF Files Remain a Threat (darkreading.com)
Mobile
Microsoft finds severe bugs in Android apps from large mobile providers (bleepingcomputer.com)
Google warns Android smartphones targeted by dangerous Predator spyware | TechRadar
New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps (bleepingcomputer.com)
BYOD
Data Breaches/Leaks
GM Discloses Data Breach of Cars' Locations, Mileage, Service (gizmodo.com)
MGM Resorts' customer data now leaked on Telegram for free • The Register
Organised Crime & Criminal Actors
REvil prosecutions reach a 'dead end,' Russian media reports - CyberScoop
Scammer Behind $568M International Cyber Crime Syndicate Gets 4 Years (darkreading.com)
Multi-Continental Operation Leads to Arrest of Cyber Crime Gang Leader - Infosecurity Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Insider Risk and Insider Threats
68% of Legal Sector Data Breaches Caused by Insider Threats - Infosecurity Magazine
Verizon Report: Ransomware, Human Error Among Top Security Risks | Threatpost
Dark Web
Military cyber weapons could become available on dark web: Interpol (cnbc.com)
Darknet market Versus shuts down after hacker leaks security flaw (bleepingcomputer.com)
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Cybergang Claims REvil is Back, Executes DDoS Attacks | Threatpost
DDoS Extortion Attack Flagged as Possible REvil Resurgence (darkreading.com)
Anatomy of a DDoS amplification attack - Microsoft Security Blog
Cloud/SaaS
Attack Surface Management
Open Source
Privacy
Passwords & Credential Stuffing
Strong Password Policy Isn't Enough, Study Shows (darkreading.com)
Verizon DBIR: Stolen credentials led to nearly 50% of attacks (techtarget.com)
Regulations, Fines and Legislation
GDPR Anniversary, Expert Insight On What Lead To GDPR Fines – Information Security Buzz
Indian stock markets given ten day deadline to file reports • The Register
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Network of hyperlocal Russian Telegram channels spew disinformation in occupied Ukraine - CyberScoop
Predator spyware uses in Chrome, Android zero-day exploits • The Register
Unknown APT group is targeting Russian government entities - Security Affairs
Hackers target Russian govt with fake Windows updates pushing RATs (bleepingcomputer.com)
Remote bricking of Ukrainian tractors raises agriculture security concerns | CSO Online
Anonymous Declares Cyber-War On Pro-Russian Hacker Gang Killnet – Information Security Buzz
Ex-spymaster and fellow Brexiteers' emails stolen, leaked • The Register
Nation State Actors
Nation State Actors – Russia
Russian Hackers Believed to Be Behind Leak of Hard Brexit Plans - Infosecurity Magazine
Russian Gamaredon APT could fuel a new round of DDoS attacks - Security Affairs
Putin aimed cyber attack at me, says former MI6 chief Sir Richard Dearlove | News | The Times
Nation State Actors – China
Trend Micro Patches Vulnerability Exploited by Chinese Cyber Spies | SecurityWeek.Com
Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes (thehackernews.com)
Nation State Actors – Iran
Vulnerabilities
CISA ‘Strongly Urges’ You To Patch 75 Actively Exploited Security Bugs (forbes.com)
CISA adds 41 vulnerabilities to list of bugs used in cyber attacks (bleepingcomputer.com)
Exploit released for critical VMware auth bypass bug, patch now (bleepingcomputer.com)
Zyxel addresses four flaws affecting APs, AP controllers, and firewalls - Security Affairs
Critical New Google Chrome Security Warning For All Users, Update Now (forbes.com)
Patching the latest Active Directory vulnerabilities is not enough | CSO Online
Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021 (darkreading.com)
Sector Specific
SMBs – Small and Medium Businesses
Legal
Health/Medical/Pharma Sector
teiss - News - American healthcare tech giant Omnicell suffers a major ransomware attack
Web app attacks on the rise in healthcare as insider challenges remain (scmagazine.com)
Retail/eCommerce
Microsoft: Credit card stealers are getting much stealthier (bleepingcomputer.com)
Microsoft warns of new highly evasive web skimming campaigns - Security Affairs
Transport and Aviation
Hundreds Stranded After Ransomware Attack on Indian Airline | SecurityWeek.Com
SpiceJet airline passengers stranded after ransomware attack (bleepingcomputer.com)
CNI, OT, ICS, IIoT and SCADA
Taking the Danger Out of IT/OT Convergence (darkreading.com)
Critical Flaws in Popular ICS Platform Can Trigger RCE | Threatpost
Energy & Utilities
Oil, Gas and Mining
Education and Academia
Other News
IP and cyber security disputes are top legal concerns for tech companies | TechCrunch
Verizon DBIR: Stolen credentials led to nearly 50% of attacks (techtarget.com)
Managed Detection and Response (MDR): Who's Responsible for the R? - MSSP Alert
Survey Evidences Leaders Lack Confidence in Cyber-Risk Management - Infosecurity Magazine
Flaw in PayPal can allow attackers to steal money from users' account - Security Affairs
Most organisations do not follow data backup best practices - Help Net Security
Why are current cyber security incident response efforts failing? - Help Net Security
Nation-state malware will be a commodity on dark web soon, Interpol warns - Security Affairs
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 December 2021
Black Arrow Cyber Threat Briefing 24 December 2021
-Cyber Criminals Shifting Focus: IT Sector Most Targeted In 2021
-Log4j Flaw: Attackers Are 'Actively Scanning Networks' Warns New Guidance, Joint Advisory from Cyber Agencies in US, Australia, Canada, New Zealand and the United Kingdom
-New Ransomware Variants Flourish Amid Law Enforcement Actions
-93% of Tested Networks Vulnerable to Breach, Pen Testers Find
-Dridex Malware Trolls Employees With Fake Job Termination Emails
-More Than 35,000 Java Packages Impacted By Log4j Flaw, Google Warns
-Conti Ransomware Gang Has Full Log4Shell Attack Chain
-Second Ransomware Family Exploiting Log4j Spotted In US, Europe
-Threat actors steal $80 million per month with fake giveaways, surveys
-Microsoft Teams might have a few serious security issues
-The Future of Work Has Changed, and Your Security Mindset Needs to Follow
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Criminals Shifting Focus: IT Sector Most Targeted In 2021
Darktrace reported that the IT and communications sector was globally the most targeted industry by cybercriminals in 2021.
Darktrace’s data is developed by ‘early indicator analysis’ that looks at the breadcrumbs of potential cyber-attacks at several stages before they are attributed to any particular actor and before they escalate into a full-blown crisis. Findings show that its artificial intelligence autonomously interrupted an average of 150,000 threats per week against the sector in 2021.
The IT and communications sector includes telecommunications providers, software developers, and managed security service providers, amongst others. There was also a growing trend of hackers targeting backup servers in an attempt to deliberately disable or corrupt backup files by deleting a single index file that would render all backups inaccessible. Attackers could then launch ransomware attacks against the clients of the backup vendor, preventing recovery and forcing payment.
In 2020, the most attacked industry was the financial and insurance sector, showing that cyber-criminals have shifted their focus over the last 12 months.
Over the last 12 months, it is clear that attackers are relentlessly trying to access the networks of trusted suppliers in the IT and communications sector. Quite simply, it is a better return on investment than, for example, going after one company in the financial services sector. SolarWinds and Kaseya are just two well-known and recent examples of this. Sadly, there is likely to be more in the near term.
The findings of this research mark one year since the compromise of US software company SolarWinds rattled the security industry. This landmark supply-chain attack made thousands of organisations vulnerable to infiltration by inserting malicious code into the Orion system. Over the last 12 months, there has been a continued spate of attacks against the IT and communications sector, including the high-profile attacks on Kaseya and Gitlab.
https://www.helpnetsecurity.com/2021/12/22/cybercriminals-it-sector/
New Ransomware Variants Flourish Amid Law Enforcement Actions
Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cyber crime gangs to prevent them from victimizing additional companies.
"Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] groups dominating the ecosystem at this point in time are completely different than just a few months ago," Intel 471 researchers said in a report published this month. "Yet, even with the shift in the variants, ransomware incidents as a whole are still on the rise."
Sweeping law enforcement operations undertaken by government agencies in recent months have brought about rapid shifts in the RaaS landscape and turned the tables on ransomware syndicates like Avaddon, BlackMatter, Cl0p, DarkSide, Egregor, and REvil, forcing the actors to slow down or shut down their businesses altogether.
https://thehackernews.com/2021/12/new-ransomware-variants-flourish-amid.html
93% of Tested Networks Vulnerable to Breach, Pen Testers Find
Data from dozens of penetration tests and security assessments suggest nearly every organisation can be infiltrated by cyber attackers.
The vast majority of businesses can be compromised within a month by a motivated attacker using common techniques, such as compromising credential, exploiting known vulnerabilities in software and Web applications, or taking advantage of configuration flaws, according to an analysis of security assessments by Positive Technologies.
In 93% of cases, an external attacker could breach a target company's network and gain access to local devices and systems, the company's security service professionals found. In 71% of cases, the attacker could affect the businesses in a way deemed "unacceptable." For example, every bank tested by the security firm could be attacked in a way that disrupted business processes and reduced the quality of their service.
Dridex Malware Trolls Employees With Fake Job Termination Emails
A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message.
Dridex is a banking malware spread through malicious emails that was initially developed to steal online banking credentials. Over time, the developers evolved the malware to use different modules that provide additional malicious behaviour, such as installing other malware payloads, providing remote access to threat actors, or spreading to other devices on the network.
This malware was created by a hacking group known as Evil Corp, which is behind various ransomware operations, such as BitPaymer, DoppelPaymer, WastedLocker variants, and Grief. Due to this, Dridex infections are known to lead to ransomware attacks on compromised networks.
More Than 35,000 Java Packages Impacted By Log4j Flaw, Google Warns
The Google Open Source Team scanned the Maven Central Java package repository and found that 35,863 packages (8% of the total) were using versions of the Apache Log4j library vulnerable to Log4Shell exploit and to the CVE-2021-45046 RCE.
“More than 35,000 Java packages, amounting to over 8% of the Maven Central repository (the most significant Java package repository), have been impacted by the recently disclosed log4j vulnerabilities (1, 2), with widespread fallout across the software industry.” reads the report published by Google. “As far as ecosystem impact goes, 8% is enormous.”
The Google experts used the Open Source Insights, a project used to determine open source dependencies, to assess all versions of all artifacts in the Maven Central Repository.
The experts pointed out that the direct dependencies account for around 7,000 of the affected packages. Most of the affected artifacts are related to indirect dependencies.
Since the vulnerability was disclosed, 13% of all vulnerable packages have been fixed (4,620).
https://securityaffairs.co/wordpress/125845/security/log4j-java-packages-flaws.html
Log4j Flaw: Attackers Are 'Actively Scanning Networks' Warns New Guidance, Joint Advisory from Cyber Agencies in US, Australia, Canada, New Zealand and the United Kingdom
A new informational Log4J advisory has been issued by cybersecurity leaders from the US, Australia, Canada, New Zealand and the United Kingdom. The guide includes technical details, mitigations and resources to address known vulnerabilities in the Apache Log4j software library.
The project is a joint effort by the US' Cybersecurity and Infrastructure Security Agency (CISA), FBI and NSA, as well as the Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Computer Emergency Response Team New Zealand (CERT NZ), New Zealand National Cyber Secure Centre (NZ NCSC), and the United Kingdom's National Cyber Security Centre (NCSC-UK).
The organisations said they issued the advisory in response to "active, worldwide exploitation by numerous threat actors, including malicious cyber threat actors." Numerous groups from North Korea, Iran, Turkey and China have been seen exploiting the vulnerability alongside a slate of ransomware groups and cybercriminal organisations.
Conti Ransomware Gang Has Full Log4Shell Attack Chain
The Conti gang was the first professional-grade, sophisticated ransomware group to weaponise Log4j2, now with a full attack chain.
The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain.
The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of dozens of ransomware groups currently known to be active – was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago, security firm Advanced Intelligence (AdvIntel) said in a report shared with Threatpost on Thursday.
As of Monday the attack chain has taken the following form, AdvIntel’s Yelisey Boguslavskiy told Threatpost: Emotet -> Cobalt Strike -> Human Exploitation -> (no ADMIN$ share) -> Kerberoast -> vCenter ESXi with log4shell scan for vCenter.
https://threatpost.com/conti-ransomware-gang-has-full-log4shell-attack-chain/177173/
Second Ransomware Family Exploiting Log4j Spotted In US, Europe
This was quickly followed by a second ransomware group when researchers found a second family of ransomware has been growing in usage for attack attempts that exploit the critical vulnerability in Apache Log4j, including in the US and Europe.
A number of researchers, including at cybersecurity giant Sophos, have now said they’ve observed the attempted deployment of a ransomware family known as TellYouThePass. Researchers have described TellYouThePass as an older and largely inactive ransomware family — which has been revived following the discovery of the vulnerability in the widely used Log4j logging software.
https://venturebeat.com/2021/12/21/second-ransomware-family-exploiting-log4j-spotted-in-u-s-europe/
Threat actors steal $80 million per month with fake giveaways, surveys
Scammers are estimated to have made $80 million per month by impersonating popular brands asking people to participate in fake surveys or giveaways.
Researchers warn of this new trend in global fraud schemes involving targeted links to make investigation and take-down increasingly challenging.
According to current estimates, these massive campaigns resulted in an estimated $80,000,000 per month, stolen from 10 million people in 91 countries.
The scam themes are the typical and "trustworthy" fake surveys and giveaways from popular brands with the holiday season making targets more susceptible to fraudulent gift offerings.
According to a report by Group-IB, there are currently 60 known scam networks that use targeted links in their campaigns, impersonating 121 brands in false giveaways.
Each network uses an average of 70 different Internet domain names as part of their campaigns, but some find great success with fewer domains, which indicates that quality beats quantity when it comes to scams.
Microsoft Teams might have a few serious security issues
Security researchers have discovered four separate vulnerabilities in Microsoft Teams that could be exploited by an attacker to spoof link previews, leak IP addresses and even access the software giant's internal services.
These discoveries were made by researchers at Positive Security who “stumbled upon” them while looking for a way to bypass the Same-Origin Policy (SOP) in Teams and Electron according to a new blog post. For those unfamiliar, SOP is a security mechanism found in browsers that helps stop websites from attacking one another.
During their investigation into the matter, the researchers found that they could bypass the SOP in Teams by abusing the link preview feature in Microsoft's video conferencing software by allowing the client to generate a link preview for the target page and then using either summary text or optical character recognition (OCR) on the preview image to extract information.
https://www.techradar.com/news/microsoft-teams-might-have-a-few-serious-security-issues
The Future of Work Has Changed, and Your Security Mindset Needs to Follow
VPNs have become a vulnerability that puts organisations at risk of cyber attacks.
When businesses first sent employees to work from home in March 2020 — thinking it'd only be for two weeks — they turned to quick fixes that would enable remote work for large numbers of people as quickly as possible. While these solutions solved the short-term challenge of allowing distributed workforces to connect to a company's network from anywhere, they're now becoming a security vulnerability that is putting organisations at risk of growing cyberattacks.
Now that almost two years have passed and work has fundamentally shifted, with fully or hybrid remote environments here to stay, business and security leaders need solutions that better fit their unique and increasingly complex needs. In fact, a new survey from Menlo Security has found that 75% of organisations are re-evaluating their security strategies for remote employees, exemplifying that accommodating remote work is a top priority for the majority of business leaders.
To successfully manage the risks that distributed workforces entail, leaders must shift their mindset away from the hub-and-spoke approach of providing connectivity to the entire network, instead segmenting access by each individual private application, wherever it is deployed, as threats of cyberattacks loom across all industries. As organisations grapple with the added security challenges that remote and hybrid work environments bring, adopting a zero-trust approach will be critical for end-to-end network and endpoint protection.
Threats
Ransomware
Ransomware Threat Just as Urgent as Terrorism, Say Two-Thirds of IT Pros - Infosecurity Magazine
PYSA Emerges as Top Ransomware Actor in November | Threatpost
AvosLocker Ransomware Reboots In Safe Mode To Bypass Security Tools (bleepingcomputer.com)
Rook Ransomware Is Yet Another Spawn Of The Leaked Babuk Code (bleepingcomputer.com)
PYSA Ransomware Behind Most Double Extortion Attacks In November (bleepingcomputer.com)
This Ransomware Strain Just Started Targeting Lots More Businesses | ZDNet
Phishing
How Likely Are Employees To Fall Prey To A Phishing Attack? - Help Net Security
Dridex Omicron Phishing Taunts With Funeral Helpline Number (bleepingcomputer.com)
New Phishing Campaign Claims $80m Per Month - IT Security Guru
Malware
Log4j Vulnerability Now Used To Install Dridex Banking Malware (bleepingcomputer.com)
New BLISTER Malware Using Code Signing Certificates to Evade Detection (thehackernews.com)
IoT
Cryptocurrency/Cryptomining/Cryptojacking
Example Of How Attackers Are Trying To Push Crypto Miners Via Log4Shell - SANS Internet Storm Center
Insider Risk and Insider Threats
Scams, Fraud & Financial Crime
Insurance
Dark Web
OT, ICS, IIoT and SCADA
Lights Out: Cyber Attacks Shut Down Building Automation Systems (darkreading.com)
Walk-Through Metal Detectors Can Be Hacked, New Research Finds (gizmodo.com)
Nation State Actors
Passwords
Parental Controls and Child Safety
Vulnerabilities
Microsoft Teams Bug Allowing Phishing Unpatched Since March (bleepingcomputer.com)
FBI: Another Zoho ManageEngine Zero-Day Under Active Attack | Threatpost
Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers (thehackernews.com)
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers | Threatpost
Researchers Disclose Unpatched Vulnerabilities in Microsoft Teams Software (thehackernews.com)
Microsoft Admits To Azure App Service Source Code Leak Bug • The Register
Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security (thehackernews.com)
New Dell BIOS Updates Cause Laptops And Desktops Not To Boot (bleepingcomputer.com)
Western Digital Warns Customers To Update Their My Cloud Devices (Bleepingcomputer.Com)
New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G (thehackernews.com)
Sector Specific
Health/Medical/Pharma Sector
Retail
Transport and Aviation
Other News
How Confident Can Organisations Be In Their Managed Services Security? - Help Net Security
Experts Discover Backdoor Deployed on the US Federal Agency's Network (thehackernews.com)
Half-Billion Compromised Credentials Lurking on Open Cloud Server | Threatpost
New Log4J Flaw Caps Year of Relentless Cyber Security Crises - WSJ
Log4Shell Is A Dumpster Fire That Should Have Been Avoided - Help Net Security
7 of the Most Impactful Cyber Security Incidents of 2021 (darkreading.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.