Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 15 September 2023
Black Arrow Cyber Threat Intelligence Briefing 15 September 2023:
-Overconfident Organisations Prone to Cyber Breaches
-Board Members Struggling to Understand Cyber Risks
-Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them
-Cyber Attacks Reach Fever Pitch in Q2 2023
-Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats
-Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing
-Europol - Financial Crime Makes “Billions” and Impacts “Millions”
-Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security
-Hackers are Dropping USB Drives Outside Buildings to Target Networks
-Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night
-If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now
-Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Overconfident Organisations Prone to Cyber Breaches
A study found that 95% of UK enterprises were very confident or somewhat confident that they do not have gaps in their security controls, yet despite this, 69% have fallen victim to a cyber attack in the last two years. One of the reasons given for this false sense of confidence was the belief that more tools meant more security; worryingly, 45% of organisations struggled with the implementation of tools due to the need for expertise. Attackers are constantly adapting their tactics to bypass the security controls that most organisations implement. It is difficult for IT teams and business leaders to maintain an objective assessment of how effective their chosen security controls are against today’s attackers. Black Arrow provides the impartial and expert advice that businesses require, including a free initial assessment, with no vested interest other than helping our clients achieve pragmatic and proportionate security.
Source: [IT Security Guru]
Board Members Struggling to Understand Cyber Risks
Board members frequently struggle to understand cyber risks, putting businesses at higher risk of attacks, a new report has found. The report noted that Board interest is being piqued as a result of growing media reporting of cyber incidents, a heightened Board focus on operational resilience post-pandemic, investor pressure and a tightening regulatory environment.
Worryingly, despite the increase in interest and increased internal and external focus on cyber risk, a number of Board-level respondents reported that they felt scared or embarrassed to ask their CISO for fear of exposing their lack of understanding.
Source: [Infosecurity Magazine]
Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them
Senior executives in today's evolving work landscape face growing cyber security threats, including extortion and device theft. The rise of ‘workcations’, which blend work and leisure, has blurred professional and personal boundaries, exposing leaders to heightened risks, and necessitating a strong focus on cyber security.
These executives are particularly attractive targets due to their access to critical information and decision-making authority. To protect their organisations, they must prioritise robust security measures, such as stronger passwords, anti-theft safeguards for devices, multi factor authentication, and, where appropriate or necessary, the use of virtual private networks. As guardians of their businesses' well-being, executives carry the responsibility of upholding stringent cyber security practices, ensuring that the benefits of remote work do not compromise their organisations' security.
Source: [Fortune]
Cyber Attacks Reach Fever Pitch in Q2 2023
A report has found the global landscape of increasing digitisation, political unrest, the emergence of AI and the widespread adoption of work from home, have all contributed to an increase in attacks, which have increased 314% in the first half of this year compared the first half of 2022. Rather worryingly, between the first and second quarter this year, there was a 387% increase in activity.
Source: [Data Centre & Network News]
Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats
A report from the Information Commissioner’s Office (ICO) in the UK found ransomware attacks on UK organisations reached record levels last year, impacting over 700 organisations. This isn’t the true count though, as it does not factor the overwhelming majority of victims who do not report attacks, so the true number will be many times this. This increase comes as reports are finding that UK companies are struggling to address the growing threats, and this includes a lack of understanding at the Board level. In fact, 59% of directors say their Board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.
Sources: [The Record] [The Fintech Times] [Financial Times]
Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. Referring to one of the groups, Microsoft said “In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,". This tactic has also been used by Russian Nation State Actors.
Source: [Bleeping Computer]
Europol - Financial Crime Makes “Billions” and Impacts “Millions”
The European policing alliance’s first ever European Financial and Economic Crime Threat Assessment was compiled from “operational insights and strategic intelligence” contributed by member states and Europol partners. The assessment highlighted a criminal economy worth billions of euros and that impacts millions of victims each year.
Source: [Infosecurity Magazine]
Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security
A recent report found that 30% of parents have never spoken to their children about cyber security. Additionally, over 40% of parents, who themselves admitted that they didn’t know how to create strong passwords, still give their child access to their mobile phones and almost a third (32%) give them access to their computers. By doing so, parents are not only putting their children at risk, but inadvertently, themselves and the organisations they work for as well.
Black Arrow offers a range of training, including formal and informal training, for individuals, employees and business leaders. Contact us today for a free initial conversation.
Source: [IT Security Guru]
Hackers are Dropping USB Drives Outside Buildings to Target Networks
A mid-year cyber security report found that along with the explosive growth in AI, bad actors are still using tried and tested, but unfortunately still very effective, tactics such as dropping USB drives outside target buildings in the hope that an employee will pick them up and plug them into devices connected to the corporate network. Many times, these actors are banking on their targets lacking protections against these attacks. Think about your organisation, would someone plug a device they found in the street into their work computer out of curiosity? Does your organisation have controls in place to prevent this type of attack?
Source: [Tech Republic]
Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night
According to a recent survey, 55% of IT decision-makers cited data theft as their main concern, with ransomware placed third, after phishing. This comes as ransomware attackers are moving towards more exfiltration-based techniques. Exfiltration creates a significant number of issues for an organisation including the regulatory requirements of telling customers, to not knowing what data has been exfiltrated.
Source: [Information Security Buzz]
If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now
Criminals have had plenty of time to use encryption keys stolen in the 2022 LastPass hack to open vaults, and there has been a reported increase in the number of vaults that have been cracked. For those attackers that haven’t been able to crack your password, they're under no time constraints.
Whilst successful attackers may not directly target your email accounts, PayPal wallets, or banks, these assets can be packaged and sold to other criminal third parties. If any of the passwords stored in a LastPass vault prior to 2022 are still in use, you should change them immediately.
Source: [Make Use Of]
Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web
IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report. The latest haul of new CVEs brings the total number tracked by the vendor to 3,900; a number that has doubled since 2019. Similarly, a separate report from Palo Alto Networks found that 80% of security exposures exist in the cloud.
IBM highlighted that this has led to a number of cloud credentials being actively sold on the dark web, in some cases for the same price as a dozen doughnuts. These credentials are believed to account for almost 90% of goods and services for sale on the dark web.
Sources: [Infosecurity Magazine] [The Register] [TechTarget]
Governance, Risk and Compliance
Deputy PM urges UK plc not to lose focus on cyber | Computer Weekly
Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru
Global companies to hike security spending as threats rise - survey | Reuters
CISOs need to be forceful to gain leverage in the boardroom - Help Net Security
Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru
Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard
Cyber Security risks dampen corporate enthusiasm for tech investments - Help Net Security
CISOs and Board Reporting – an Ongoing Problem - SecurityWeek
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks hit record level in UK, according to neglected official data (therecord.media)
Ransomware tracker: The latest figures [September 2023] (therecord.media)
Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)
Ransomware thrives as cyber security remains lax, says UK report | Financial Times (ft.com)
Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family (thehackernews.com)
Ransomware in top three threats for 65% of organisations | Security Magazine
TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)
Don’t focus on ransomware variants, say UK’s national cyber and crime agencies (therecord.media)
Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor (darkreading.com)
Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors (darkreading.com)
Ransomware Victims
A phone call to helpdesk was likely all it took to hack MGM | Ars Technica
MGM, Caesars File SEC Disclosures on Cyber Security Incidents (darkreading.com)
Caesars paid millions in ransom to cybercrime group prior to MGM hack – NECN
Group in Casino Hacks Skilled at Duping Workers for Access (1) (bloomberglaw.com)
Ransomware tracker: The latest figures [September 2023] (therecord.media)
Rhysida gang claims to have hacked three more US hospitals (securityaffairs.com)
Ransomware crew claims to have hit Save The Children • The Register
Shell says Australian unit BG Group hit by MOVEit cyber security breach | Reuters
Dutch football association pays ransom to Russian cyber criminals – EURACTIV.com
Cyber security incident affects services at The Weather Network | CFJC Today Kamloops
Phishing & Email Based Attacks
Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security
Attackers Abuse Google Looker Studio to Evade DMARC, Email Security (darkreading.com)
$24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack
Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar
Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)
Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)
Journalists, authors, and other writers targeted by phishing emails | TechRadar
Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach - SecurityWeek
How should SMBs navigate the phishing minefield? - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Understanding the dangers of social engineering - Help Net Security
How to Avoid Smishing Attacks Targeting Subscription Service Users (securityintelligence.com)
Artificial Intelligence
Cyber Criminals Feasting On Artificial Intelligence (forbes.com)
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)
Cloud security in the era of artificial intelligence (securityintelligence.com)
Deepfake cyberthreats keep rising. Here's how to prevent them - SiliconANGLE
2FA/MFA
Malware
Microsoft Teams phishing attack pushes DarkGate malware (bleepingcomputer.com)
Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)
Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)
Protecting Your Microsoft IIS Servers Against Malware Attacks (thehackernews.com)
3 Strategies to Defend Against Resurging Infostealers (darkreading.com)
New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (thehackernews.com)
Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)
'Steal-It' Campaign Uses OnlyFans Models as Lures (darkreading.com)
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (welivesecurity.com)
Cybersecurity alert: Malware hidden in Microsoft Teams messages targeting users - OnMSFT.com
Iranian Cyberspies Deployed New Backdoor to 34 Organizations - SecurityWeek
Mobile
'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users (darkreading.com)
France halts iPhone 12 sales over radiation levels - BBC News
Denial of Service/DoS/DDOS
Massive DDoS attack on US financial company thwarted by cyber firm (therecord.media)
Akamai prevented largest DDoS attack on a US financial company (securityaffairs.com)
After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek
Yukon gov't website back after cyber attack, Nunavut gov't site still down | CBC News
Internet of Things – IoT
Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)
Wyze security camera owners report seeing strangers' camera feeds | Mashable
Hackers will hack anything — including your sex toys - The Hustle
Data Breaches/Leaks
Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru
LastPass Hackers Cracking Password Vaults - Experts Warns - Cyber Kendra
Dymocks Booksellers suffers data breach impacting 836k customers (bleepingcomputer.com)
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Capita class action: 2,000 sign up in wake of data theft • The Register
Airbus data leaked via infected customer computer • The Register
Threat actor leaks sensitive data belonging to Airbus (securityaffairs.com)
Organised Crime & Criminal Actors
How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Europol's spotlight report sheds light on evolving cyber attacks (amlintelligence.com)
Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Top blockchain Cyber security threats to watch out for (att.com)
$24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack
Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin
Hackers steal $53 million worth of cryptocurrency from CoinEx (bleepingcomputer.com)
Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Latest fraud schemes targeting the payments ecosystem - Help Net Security
Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News
Glasgow firm issues warning following recent cyber attack | Glasgow Times
Impersonation Attacks
Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security
Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)
Deepfakes
AML/CFT/Sanctions
Insurance
Dark Web
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)
Cloud credentials are the hot ticket item on the dark web • The Register
Supply Chain and Third Parties
Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard
Airbus Cyber Attack: Over 3,200 Vendor Data Accessed by Hackers (cybersecuritynews.com)
Capita class action: 2,000 sign up in wake of data theft • The Register
The rise and evolution of supply chain attacks - Help Net Security
A 2-Week Prescription for Eliminating Supply Chain Threats (darkreading.com)
Cloud/SaaS
Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar
7 Steps to Kickstart Your SaaS Security Program (thehackernews.com)
Cloud storage security: What's new in the threat matrix | Microsoft Security Blog
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Cloud credentials are the hot ticket item on the dark web • The Register
Palo Alto Networks: 80% of security exposures exist in cloud | TechTarget
Cloud security in the era of artificial intelligence (securityintelligence.com)
Containers
Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns (darkreading.com)
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)
Identity and Access Management
Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)
Companies need to rethink how they implement identity security - Help Net Security
Enterprises persist with outdated authentication strategies - Help Net Security
Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)
Encryption
API
How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)
Elevating API security to reinforce cyber defence - Help Net Security
Machine Learning is a Must for API Security - IT Security Guru
Open Source
Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)
Linux Malware! Read This If You Use Free Download Manager (itsfoss.com)
Passwords, Credential Stuffing & Brute Force Attacks
If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now (makeuseof.com)
Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)
New WiKI-Eve attack can steal numerical passwords over WiFi (bleepingcomputer.com)
Wi-Fi radio signal data can be used 'to predict passwords' • The Register
Cloud credentials are the hot ticket item on the dark web • The Register
Iranian hackers breach defence orgs in password spray attacks (bleepingcomputer.com)
Social Media
Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)
After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)
Training, Education and Awareness
How to Transform Security Awareness Into Security Culture (darkreading.com)
Elevating Cyber Awareness: A Strategic Approach (informationweek.com)
How end-user phishing training works (and why it doesn’t) (bleepingcomputer.com)
Great security training is a real challenge - Help Net Security
Digital Transformation
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
SEC Issues Final Rules on Cyber Security Disclosures | Kelley Drye & Warren LLP - JDSupra
What Makes an Incident ‘Material’? | Calloquy, PBC - JDSupra
The International Criminal Court will now prosecute cyberwar crimes | Ars Technica
Preparing For Cyber Security Disclosures Set For Public Companies (forbes.com)
Models, Frameworks and Standards
Backup and Recovery
How to develop a cloud backup ransomware protection strategy | TechTarget
How To Backup Data From NAS: A Complete Guide (informationsecuritybuzz.com)
Data Protection
Careers, Working in Cyber and Information Security
Cyber Security Skills Gap: Roadies & Gamers Are Untapped Talent (darkreading.com)
Three ways to overcome cyber security staff shortages (securitybrief.co.nz)
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
China
Risk & Repeat: Big questions remain on Storm-0558 attacks | TechTarget
Parliamentary researcher ‘who spied for China’ arrested | UK news | The Guardian
Arrest of alleged spy raises questions around UK’s China policy | Financial Times (ft.com)
Microsoft, Apple versus China, spyware actors (techrepublic.com)
Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)
Spies, Hackers, Informants: How China Snoops on the West - SecurityWeek
China caught with its malware in another nation's power grid • The Register
China Threat Recap: A Deeper Insight (informationsecuritybuzz.com)
Iran
Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)
‘Scan-and-exploit’ campaign snares unpatched Exchange servers | SC Media (scmagazine.com)
North Korea
Misc Nation State/Cyber Warfare
Vulnerability Management
Severe vulnerability found in all browsers, and it's being attacked | PCWorldOvercoming the Rising Threat of Session Hijacking (darkreading.com)
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica
Vulnerabilities
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws (bleepingcomputer.com)
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) - Help Net Security
Severe vulnerability found in all browsers, and it's being attacked | PCWorld
After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery - SecurityWeek
Notepad++ 8.5.7 released with fixes for four security vulnerabilities (bleepingcomputer.com)
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (bleepingcomputer.com)
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)
Cisco warns of VPN zero-day exploited by ransomware gangs (bleepingcomputer.com)
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Tools and Controls
Global companies to hike security spending as threats rise - survey | Reuters
Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru
What Is XDR and Why It's Changing the Security Industry - ReadWrite
Remote Desktop Protocol exposures leave 85% of organisations vulnerable to attack - SiliconANGLE
The Dark Web Is Expanding (As Is the Value of Monitoring It) (darkreading.com)
How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)
Elevating Cyber Awareness: A Strategic Approach (informationweek.com)
Great security training is a real challenge - Help Net Security
Companies need to rethink how they implement identity security - Help Net Security
Enterprises persist with outdated authentication strategies - Help Net Security
Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)
Easy Configuration Fixes Can Protect Your Server from Attack (securityintelligence.com)
Other News
The Weaponization of Operational Technology (securityintelligence.com)
ICS Computers in Western Countries See Increasing Attacks: Report - SecurityWeek
Cyber Trends: The Gunpowder of the Twenty-First Century (e-ir.info)
The 9 Top Technology Trends That Are Shaping the Future of Cyber Security (makeuseof.com)
The Cyber Security Risks In Education Cannot Be Ignored (forbes.com)
A new Repojacking attack exposed over 4,000 GitHub repositories to hack (securityaffairs.com)
Cyber attacks reach fever pitch in Q2 2023 - Data Centre & Network News (dcnnmagazine.com)
Rising OT/ICS cyber security incidents reveal alarming trend - Help Net Security
Brits happy to break cyber law if the price is right | Computer Weekly
British Military Hit by Six Million Cyber Attacks in 2022 (thedefensepost.com)
Trustwave report on hospitality industry security threats | Cyber Magazine
Cyber security impact on construction, engineering projects (csemag.com)
Cyber criminals come for schools — and schools aren’t ready (hechingerreport.org)
Professional Sports: The Next Frontier of Cyber Security? (darkreading.com)
How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)
Poison in the Water: The Physical Repercussions of IoT Security Threats (securityintelligence.com)
Australia Inc roiled by raft of cyber attacks since late 2022 | Reuters
Death by digital: attacks on healthcare put people at risk (synack.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 04 November 2022
Black Arrow Cyber Threat Briefing 04 November 2022:
-NCSC Looks Back on Year Of ‘Profound Change’ for Cyber
-LastPass Research Finds False Sense of Cyber Security Running Rampant
-Insurance Giant Settles NotPetya ‘Act of War’ Lawsuit, Signaling Cyber Insurance Shakeup
-Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
-Chinese Mob Has 100K Slaves Working in Cambodian Cyber Crime Mills
-Ransomware Research: 17 Leaked Databases Operated by Threat Actors Threaten Third Party Organisations
-Not Enough Ransomware Victims Are Reporting Attacks, And That's a Problem for Everyone
-Hackers Selling Access to 576 Corporate Networks for $4 Million
-Cyber Security Recovery is a Process That Starts Long Before a Cyber Attack Occurs
-Geopolitics Plays Major Role in Cyber Attacks, Says EU Cyber Security Agency
-Russian Hackers Account for Most 2021 Ransomware Schemes, US Says
-Exposed: The Global Hacking Network That Targets VIPs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
NCSC Looks Back on Year Of ‘Profound Change’ for Cyber
The UK’s National Cyber Security Centre (NCSC) provided support for 18 nationally significant ransomware attacks; removed 2.1 million cyber-enabled commodity campaigns; issued 34 million early warning alerts about attacks, compromises, vulnerabilities or open ports; and received 6.5 million reports of suspicious emails in the past 12 months – but in a year of “profound change” in the cyber security landscape, it was Russia’s invasion of Ukraine that dominated the agenda.
Reflecting on the past 12 months as she launched the NCSC’s latest annual report on 1 November at an event in London, NCSC CEO Lindy Cameron said that the return of war to Europe with Russia’s invasion of Ukraine presented a unique set of challenges in cyber space for the NCSC and its partners and allies.
Cameron added that while the cyber threat from Russia has perhaps been the most visible security issue of 2022, it was also important not to forget that when it comes to nation-state actors, it will likely be the technical development and evolution of China that ultimately has the more lasting impact on the UK’s national cyber security.
https://www.computerweekly.com/news/252526766/NCSC-looks-back-on-year-of-profound-change-for-cyber
LastPass Research Finds False Sense of Cyber Security Running Rampant
LastPass released findings from its fifth annual Psychology of Password findings, which revealed even with cyber security education on the rise, password hygiene has not improved. Regardless of generational differences across Boomers, Millennials and Gen Z, the research shows a false sense of password security given current behaviours across the board. In addition, LastPass found that while 65% of all respondents have some form of cyber security education — through school, work, social media, books or via online courses — the reality is that 62% almost always or mostly use the same or variation of a password.
The survey, which explored the password security behaviours of 3,750 professionals across seven countries, asked about respondents’ mindset and behaviours surrounding their online security. The findings highlighted a clear disconnect between high confidence when it comes to their password management and their unsafe actions. While the majority of professionals surveyed claimed to be confident in their current password management, this doesn’t translate to safer online behaviour and can create a detrimental false sense of safety.
Key findings from the research include:
Gen Z is confident when it comes to their password management, while also being the biggest offenders of poor password hygiene.
Cyber security education doesn’t necessarily translate to action.
Confidence creates a false sense of password security.
The latest research showcases that even in the face of a pandemic, where we spent more time online amid rising cyber attacks, there continues to be a disconnect for people when it comes to protecting their digital lives. Even though nearly two-thirds of respondents had some form of cyber security education, it is not being put into practice for varying reasons.
https://www.darkreading.com/vulnerabilities-threats/untitled
Insurance Giant Settles NotPetya ‘Act of War’ Lawsuit, Signaling Cyber Insurance Shakeup
The settlement last week in a $100 million lawsuit over whether insurance giant Zurich should cover losses Mondelez International suffered from NotPetya may very well reshape the entire cyber insurance marketplace.
Zurich initially denied claims from Mondelez after the malware, which experts estimate caused some $10 billion in damages globally, wreaked havoc on its computer networks. The insurance provider claimed an act of war exemption since it’s widely believed Russian military hackers unleashed NotPetya on a Ukrainian company before it spread around the world.
Now, however, it’s increasingly clear insurers aren’t off the hook for NotPetya payouts or from covering losses from other attacks with clear links to nation-state hackers.
That’s because in this case, what Mondelez and many other corporations endured was not an act of war, but “collateral damage” in a much larger cyber conflict that had nothing to do with them, said the Center for Strategic and International Studies.
There needs to be a rethink what act of war means in cyber space when it comes to insurance. The current definitions come out of the 19th century when we had pirates, navies and privateers.
Last week’s ruling in favour of Mondelez follows a January ruling in a New Jersey court that sided with global pharmaceutical company Merck in a similar case. Its insurance companies initially refused to pay for damages from NotPetya. Merck claimed losses that amounted to $1.4 billion. The insurers are appealing the ruling.
Insurers seized on the NotPetya episode to test how courts would rule on cyber coverage questions, particularly when there’s so much evidence pointing to one particular nation-state actor. Since NotPetya was widely attributed to the Russian government it gave the industry a “really strong opportunity” to set legal precedent limiting their responsibility in these instances.
Insurers will start to be much more upfront about the fact that they aren’t going to cover acts of cyber war or limit payouts for NotPetya type incidents in the future.
https://www.cyberscoop.com/insurance-giant-settles-notpetya-lawsuit/
Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments.
The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditisation of that vulnerability," making it imperative that organisations patch such exploits in a timely manner.
This also corroborates with an April 2022 advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), which found that bad actors are "aggressively" targeting newly disclosed software bugs against broad targets globally.
Microsoft noted that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminate probing events before the patches are installed.
It further accused Chinese state-sponsored groups of being "particularly proficient" at discovering and developing zero-day exploits. This has been compounded by the fact that the Cyberspace Administration of China (CAC) enacted a new vulnerability reporting regulation in September 2021 that requires security flaws to be reported to the government prior to them being shared with the product developers.
Redmond further said the law could enable government-backed elements to stockpile and weaponise the reported bugs, resulting in the increased use of zero-days for espionage activities designed to advance China's economic and military interests.
https://thehackernews.com/2022/11/microsoft-warns-of-uptick-in-hackers.html
Chinese Mob Has 100K Slaves Working in Cambodian Cyber Crime Mills
Up to 100,000 people from across Asia have been lured to Cambodia by Chinese crime syndicates with the promise of good jobs. When they arrive, their passports are seized and they are put to work in modern-day sweatshops, running cyber crime campaigns.
The Los Angeles Times reported that Cambodia, which was hit hard economically by the pandemic, has allowed Chinese mobsters to set up enormous cyber crime operations using human trafficked labour without consequence, because of the revenue it generates for the country. The campaigns they carry out run the gamut from romance scams to fake sports betting.
Although the Cambodian government acknowledges that as many as 100,000 workers are involved in these activities, it denies anyone is being held against their will. However, the stories from traumatised victims rescued from cyber crime mills include tales of beatings and torture for failing to meet quotas, and of being sold and passed around from gang to gang.
https://www.darkreading.com/attacks-breaches/chinese-mob-100k-slaves-cambodian-cybercrime-mills
Ransomware Research: 17 Leaked Databases Operated by Threat Actors Threaten Third Party Organisations
Ransomware remains a serious threat to organisations, Deep Instinct, a New York-based deep learning cyber security specialist, said in its recently released 2022 Interim Cyber Threat Report.
It’s no surprise, the company said, as there are currently 17 leaked databases operated by threat actors who are leveraging the data for attacks on third-party companies, most notably social engineering, credential theft, and triple-extortion attacks.
Here are the report’s key findings:
Changes in ransomware gangs, including LockBit, Hive, BlackCat, and Conti. The latter has spawned “Conti Splinters” made up of former affiliates Quantum, BlackBasta, and BlackByte.
Significant changes to tactics by Emotet, Agent Tesla, NanoCore, and others. For example, Emotet uses highly obfuscated VBA macros to avoid detection.
The use of documents for malware has decreased as the top attack vector, following Microsoft’s move to disable macros by default in Microsoft Office files. Threat actors have already pivoted to other methods such as LNK, HTML, and archive email attachments.
Vulnerabilities such as SpoolFool, Follina and DirtyPipe highlighted the exploitability of both Windows and Linux systems despite efforts to enhance their security.
The number of exploited in-the-wild vulnerabilities spikes every 3-4 months. The next spike is expected to occur by the end of the year.
Threat actor groups are extending data exfiltration attacks to demand ransoms from third-party companies if the leaked data contains their sensitive information.
The report also makes three predictions:
More inside jobs. Malicious threat actors look for the weakest link, which is often in the supply chain. Groups like Lapsus$ do not rely on exploits but instead look for insiders who are willing to sell access to data within their organisation.
Rise of protestware. Look for a spike in protestware, which is self-sabotaging one’s software and weaponising it with malware capabilities in an effort to harm all or some of its users. The war between Russia and Ukraine has caused a surge in protestware.
End of year attacks. While no major vulnerability in 2022 has emerged similar to the Log4J or the Exchange cases in 2021, there is an increase year-over-year in the number of publicly assigned CVEs for reported vulnerabilities. For now, threat actors are still exploiting old vulnerabilities during 2022 simply because there is a plethora of unpatched systems for 2021 CVEs but that will change.
Organisations are warned to be on their guard. 2022 has been another record year for cyber criminals and ransomware gangs. It’s no secret that these threat actors are constantly upping their game with new and improved tactics designed to evade traditional cyber defences. Defenders must continue to be vigilant and find new approaches to prevent these attacks from happening.
Ransomware: Not Enough Victims Are Reporting Attacks, And That's a Problem for Everyone
Ransomware continues to be a significant cyber threat to businesses and the general public – but it's difficult to know the true impact of attacks because many victims aren't coming forward to report them.
The warning comes in the National Cyber Security Centre (NCSC) Annual Review for 2022, which looks back at key developments and incidents in cyber crime over the last year, with ransomware described as an "ever present" threat and a "major challenge" to businesses and public services.
That's demonstrated by how the review details how in the 12-month period between 1 September 2021 and 31 August 2022 there were 18 ransomware incidents that needed a "nationally coordinated" response. These included attacks on a supplier to the National Health Service (NHS) and a ransomware attack against South Staffordshire Water.
However, the true impact of ransomware remains unclear, because the NCSC says that many organisations that fall prey to ransomware attacks aren't disclosing them.
That lack of reporting is despite the significant and disruptive consequences ransomware attacks can have, not only for organisations that fall victim, but for wider society – which is why it's vital that cyber security is taken seriously and incidents are reported.
Hackers Selling Access to 576 Corporate Networks for $4 Million
A new report shows that hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fuelling attacks on the enterprise.
The research comes from Israeli cyber-intelligence firm KELA which published its Q3 2022 ransomware report, reflecting stable activity in the sector of initial access sales but a steep rise in the value of the offerings.
Although the number of sales for network access remained about the same as in the previous two quarters, the cumulative requested price has now reached $4,000,000. For comparison, the total value of initial access listings in Q2 2022 was $660,000, recording a drop in value that coincided with the summer ransomware hiatus that hurt demand.
Initial access brokers (IABs) are hackers who sell access to corporate networks, usually achieved through credential theft, webshells, or exploiting vulnerabilities in publicly exposed hardware. After establishing a foothold on the network, the threat actors sell this corporate access to other hackers who use it to steal valuable data, deploy ransomware, or conduct other malicious activity. The reasons IABs choose not to leverage network access vary, ranging from lacking diverse intrusion skills to preferring not to risk increased legal trouble.
IABs still play a crucial role in the ransomware infection chain, even if they got sidelined last year when big ransomware gangs that operated as crime syndicates operated their own IAB departments.
Cyber Security Recovery is a Process That Starts Long Before a Cyber Attack Occurs
Organisations are racing to stay ahead of cyber criminals, and as a result, we see businesses investing a lot of money on identifying and detecting attacks, on preventing attacks in the first place, and in responding to live attacks. But they are not spending the same amounts on attack recovery. They may have followed all the relevant guidelines, and even implemented the ISO 27000 standard, but none of that helps them to understand how to build the business back after a serious cyber attack.
Until recent years, this cyber security recovery investment would be spent on an annual tabletop exercise or disaster recovery test and auditing recovery plans. While this should be done, it isn’t enough on its own.
Cyber security insurance is also critical, of course, but it only covers some of the losses. It won’t cover future loss. The reality is most organisations find it very difficult to fully recover from an attack. Those that invest more in disaster recovery and business continuity recover from these attacks far more swiftly than their less-prepared competitors.
The four core components of an effective cyber security recovery program
Pre-emptive action
Responsibilities and accountability
Having the right IT architecture, security and recovery process in place
Learning lessons and implementing changes.
Once these factors are understood, and any weak spots identified, the organisation can focus on re-designing or updating architecture and procedures, and on retraining employees (something that should happen regularly).
Recovery is a process that starts long before a cyber attack occurs. It concludes not when the data is secured, but when the organisation can say that it’s learned everything it can from the event and has made the changes necessary to avoid it happening again.
https://www.helpnetsecurity.com/2022/11/03/cybersecurity-recovery/
Geopolitics Plays Major Role in Cyber Attacks, Says EU Cyber Security Agency
The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organisations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).
In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report. The report, this year titled Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape, notes that in general geopolitical situations continue to have a high impact on cyber security.
This year's report identified several attack types frequently used by state-sponsored attackers. These include zero-day and critical vulnerability exploitation; attacks on operational technology (OT) networks; wiper attacks to destroy and disrupt networks of governmental agencies and critical infrastructure entities; and supply chain attacks. Attacks also featured social engineering, disinformation, and threats against data.
State-sponsored threat actors have also been observed targeting entities from countries in Southeast Asia, Japan, Australia, and Taiwan. Due to increased tensions between specific countries in Asia, state-sponsored threat actors have targeted countries (including EU member states) that had established closer ties with Taiwan.
Ransomware remains the top cyber crime attack type this year as well. More than 10 terabytes of data were stolen monthly during the period studied, with phishing identified as the most common initial vector of such attacks. The report also noted that 60% of affected organisations likely have paid the ransom demanded.
The second most used form of attack was DDoS. The largest DDoS attack ever was launched in Europe in July 2022 against a European customer of Akamai. The attack hit a peak at 853.7Gbps and 659.6Mpps (megapackets per second) over 14 hours.
While all sectors fell victim to attacks, public administration and government entities were the most affected, making up 24% of all cyber attack victims. This was followed by digital service providers at 13% and the general public at 12%. These three sectors alone accounted for 50% of all the attacks during this year.
Russian Hackers Account for Most 2021 Ransomware Schemes, US Says
Payment-seeking software made by Russian hackers was used in three quarters of all the ransomware schemes reported to a US financial crime agency in the second half of 2021, a Treasury Department analysis released on Tuesday showed.
In an analysis issued in response to the increase in number and severity of ransomware attacks against critical infrastructure in the United States since late 2020, the US Financial Crimes Enforcement Network (FinCEN) said it had received 1,489 ransomware-related filings worth nearly $1.2 billion in 2021, a 188% jump from the year before.
Out of 793 ransomware incidents reported to FinCEN in the second half of 2021, 75% "had a nexus to Russia, its proxies, or persons acting on its behalf," the report said.
Washington last week hosted a meeting with officials from 36 countries and the European Union, as well as 13 global companies to address the growing threat of ransomware and other cyber crime, including the illicit use of cryptocurrencies.
Exposed: The Global Hacking Network That Targets VIPs
Private investigators linked to the City of London are using an India-based computer hacking gang to target British businesses, government officials and journalists.
The Sunday Times and the Bureau of Investigative Journalism have been given access to the gang’s database, which reveals the extraordinary scale of the attacks. It shows the criminals targeted the private email accounts of more than 100 victims on behalf of investigators working for autocratic states, British lawyers and their wealthy clients. Critics of Qatar who threatened to expose wrongdoing by the Gulf state in the run-up to this month’s World Cup were among those hacked.
It is the first time the inner workings of a major “hack-for-hire” gang have been leaked to the media and it reveals multiple criminal conspiracies. Some of the hackers’ clients are private investigators used by major law firms with bases in the City of London.
The investigation — based on the leaked documents and undercover work in India — reveals:
Orders went out to the gang to target the BBC’s political editor Chris Mason in May, three weeks after his appointment was announced.
The president of Switzerland and his deputy were targeted just days after he met Boris Johnson and Liz Truss in Downing Street to discuss Russian sanctions.
Philip Hammond, then chancellor, was hacked as he was dealing with the fallout of Russia’s novichok poisonings in Salisbury.
A private investigator hired by a London law firm acting for the Russian state ordered the gang to target a British-based oligarch fleeing President Putin.
Michel Platini, the former head of European football, was hacked shortly before he was due to talk to French police about corruption allegations relating to this year’s World Cup.
The hackers broke into the email inboxes of the Formula One motor racing bosses Ruth Buscombe, the British head of race strategy at the Alfa Romeo team, and Otmar Szafnauer, who was chief executive of the Aston Martin team.
The gang seized control of computers owned by Pakistan’s politicians, generals and diplomats and eavesdropped on their private conversations apparently at the behest of the Indian secret services.
The commissioning of hacking is a criminal offence punishable with a maximum sentence of ten years in jail in Britain. The Metropolitan Police was tipped off about the allegations regarding Qatar in October last year, yet chose not to take any action. David Davis, the former cabinet minister, said that the force should reopen its investigation into the cyber attacks against British citizens. Davis said the investigation exposed how London has become “the global centre of hacking”.
https://www.thetimes.co.uk/article/exposed-the-global-hacking-network-that-targets-vips-nff67j67z
Threats
Ransomware and Extortion
International Counter Ransomware Initiative 2022 Joint Statement | The White House
Oreo Giant Mondelez Settles NotPetya 'Act of War' Insurance Suit (darkreading.com)
Extortion fears after hacker stole patient files from Dutch mental health clinics (bitdefender.com)
Ransomware activity and network access sales in Q3 2022 - Security Affairs
Ransomware costs top $1 billion as White House inks new threat-sharing initiative - CyberScoop
FIN7 Cyber crime Group Likely Behind Black Basta Ransomware Campaign (darkreading.com)
Yanluowang ransomware gang goes dark after leaks (techtarget.com)
LockBit 3.0 gang claims to have stolen data from Thales - Security Affairs
Ransomware cost US banks $1.2 billion last year • The Register
Australia sees rise in cyber crimes on back of 'destructive' ransomware, state actors | ZDNET
Australian Defence Department Impacted In Ransomware Attack (informationsecuritybuzz.com)
LockBit ransomware gang claims the hack of the Continental automotive group - Security Affairs
Cyber attack Strikes Global Copper Conglomerate (darkreading.com)
ALMA Observatory shuts down operations due to a cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Robin Banks phishing service returns to steal banking accounts (bleepingcomputer.com)
Attackers leverage Microsoft Dynamics 365 to phish users - Help Net Security
CISA Urges Organisations to Implement Phishing-Resistant MFA | SecurityWeek.Com
130 private Dropbox GitHub repos copied after phish attack • The Register
As Twitter brings on $8 fee, phishing emails target verified accounts (bleepingcomputer.com)
BEC – Business Email Compromise
New Crimson Kingsnake gang impersonates law firms in BEC attacks (bleepingcomputer.com)
Double-check those demand-payment emails from law firms • The Register
Malware
RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam (bleepingcomputer.com)
Emotet botnet starts blasting malware again after 4 month break (bleepingcomputer.com)
Drinik banking malware returns: Things you can do to keep your data safe | Mint (livemint.com)
Hacking group abuses antivirus software to launch LODEINFO malware (bleepingcomputer.com)
This stealthy hacking campaign uses a new trick to deliver its malware | ZDNET
Cranefly threat group uses innocent-looking info-stealer • The Register
250+ US news sites spotted spreading FakeUpdates malware in a supply-chain attack - Security Affairs
New Azov data wiper tries to frame researchers and BleepingComputer
Dozens of PyPI packages caught dropping 'W4SP' info-stealing malware (bleepingcomputer.com)
Mobile
US govt employees exposed to mobile attacks from outdated Android, iOS (bleepingcomputer.com)
Cyber-Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware (darkreading.com)
Malicious dropper apps on Play Store totaled 30.000+ installations - Security Affairs
New SandStrike spyware infects Android devices via malicious VPN app (bleepingcomputer.com)
Internet of Things – IoT
IoT devices can undermine your security. Here are four ways to boost your defences | ZDNET
Understanding The Importance Of Cyber Resilience In Smart Buildings - IT Security Guru
Data Breaches/Leaks
Royal Mail customer data leak shutters online Click and Drop • The Register
Vodafone Italy discloses data breach after reseller hacked (bleepingcomputer.com)
LockBit 3.0 gang claims to have stolen data from Thales - Security Affairs
Dropbox discloses breach after hacker stole 130 GitHub repositories (bleepingcomputer.com)
Experian tool exposed partial Social Security numbers, putting customers at risk - CyberScoop
Label Giant Multi-Color Corporation Discloses Data Breach | SecurityWeek.Com
Bed Bath & Beyond Discloses Data Breach to SEC (darkreading.com)
Organised Crime & Criminal Actors
Four-year cyber crime campaign targeting African banks netted $30 million - CyberScoop
French-speaking crooks stole $30m in bank cyber-heist spree • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Fraud, Scams & Financial Crime
Fraudulent Instruction Losses Spike in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Former Apple worker pleads guilty to $17m fraud charges • The Register
Insurance
Dark Web
Supply Chain and Third Parties
NCSC issues fresh guidance following recent rise in supply chain cyber attacks – Intelligent CISO
Hundreds of US news sites push malware in supply-chain attack (bleepingcomputer.com)
Software Supply Chain
You can up software supply chain security by implementing these measures - Help Net Security
W4SP Stealer Stings Python Developers in Supply Chain Attack (darkreading.com)
Denial of Service DoS/DDoS
FBI: Hacktivist DDoS attacks had minor impact on critical orgs (bleepingcomputer.com)
DDoS Attacks are Upgrading 70% with The Help of CLDAP (analyticsinsight.net)
Cloud/SaaS
Why Identity & Access Management Governance is a Core Part of Your SaaS Security (thehackernews.com)
Top 4 priorities for cloud data protection - Help Net Security
Zscaler's Cloud-Based Cyber security Outages Showcase Redundancy Problem (darkreading.com)
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Training, Education and Awareness
Travel
Regulations, Fines and Legislation
ICO Slashes Government Data Breach Fine - Infosecurity Magazine (infosecurity-magazine.com)
SolarWinds reaches $26m settlement, expects SEC action • The Register
How to Prepare for New SEC Cyber security Disclosure Requirements | SecurityWeek.Com
Careers, Working in Cyber and Information Security
How Microsoft works to grow the next generation of cyber defenders - Microsoft Security Blog
Economic Uncertainty Isn't Stopping Cyber crime Recruitment — It's Fueling It (darkreading.com)
How to Narrow the Talent Gap in Cyber security (darkreading.com)
Is there a problem with stress and burnout in cyber security? - IT Security Guru
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Will cyber saber-rattling drive us to destruction? - Help Net Security
No.10 WhatsApp Use Is Critical Danger To Security (informationsecuritybuzz.com)
Oreo Giant Mondelez Settles NotPetya 'Act of War' Insurance Suit (darkreading.com)
Cyber Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware (darkreading.com)
New SandStrike spyware infects Android devices via malicious VPN app (bleepingcomputer.com)
Russian missile strikes overshadow cyber attacks as Ukraine reels from blackouts | CNN Politics
Nation State Actors
Nation State Actors – Russia
Liz Truss 's phone was allegedly hacked by Russian spies - Security Affairs
MPs 'constantly' warned their phones are national security risk (telegraph.co.uk)
US Treasury thwarted attack by Russian hacker group last month-official | Reuters
Russia tries to impose switch to Linux from Windows (freethink.com)
Nation State Actors – China
China-Backed APT10 Supercharges Spy Game With Custom Fileless Backdoor (darkreading.com)
Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware (thehackernews.com)
Nation State Actors – Misc
Vulnerabilities
Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers | SecurityWeek.Com
Fortinet fixed 16 vulnerabilities, 6 rated as high severity - Security Affairs
Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products | SecurityWeek.Com
You Need to Update Google Chrome, Windows, and Zoom Right Now | WIRED UK
The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical (darkreading.com)
Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product | SecurityWeek.Com
OpenSSL downgrades horror bug after week of speculation • The Register
Follina Exploit Leads to Domain Compromise (thedfirreport.com)
Patch Now: Dangerous RCE Bug Lays Open ConnectWise Server Backup Managers (darkreading.com)
Other News
Meet fundamental cyber security needs before aiming for more - Help Net Security
NCSC Issued 34 Million Cyber Alerts in Past Year - Infosecurity Magazine (infosecurity-magazine.com)
Multi-factor authentication fatigue can blow open security • The Register
WiFi security flaw lets a drone track devices through walls | Engadget
Build Security Around Users: A Human-First Approach to Cyber Resilience (darkreading.com)
The Role of Ethical Hacking in Cyber security (bolton.ac.uk)
Top 10 Ethical Hacking Trends and Predictions for 2023 (analyticsinsight.net)
British govt is scanning all Internet devices hosted in UK (bleepingcomputer.com)
Red Cross Eyes Digital Emblem for Cyber space Protection | SecurityWeek.Com
Security hygiene and posture management requires new tools (techtarget.com)
Offense Gets the Glory, but Defence Wins the Game | SecurityWeek.Com
The 7 Core Pillars of a Zero-Trust Architecture (techtarget.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 04 March 2022
Black Arrow Cyber Threat Briefing 04 March 2022
-Cyber Criminals Exploit Invasion of Ukraine
-UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat
-Phishing - Still a Problem, Despite All The Work
-Phishing Attacks Hit All-Time High In December 2021
-Ransomware Infections Top List Of The Most Common Results Of Phishing Attacks
-Social Media Phishing Attacks Are at An All Time High
-Insurance Giant AON Hit by a Cyber Attack
-How Prepared Are Organisations To Face Email-Based Ransomware Attacks?
-The Most Impersonated Brands in Phishing Attacks
-As War Escalates In Europe, It’s ‘Shields Up’ For The Cyber Security Industry
-2022 May Be The Year Cyber Crime Returns Its Focus To Consumers
-Kaspersky Neutral Stance In Doubt As It Shields Kremlin
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Criminals Exploit Invasion of Ukraine
Cyber criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.
In a blog, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.
Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos remote access Trojans.
Agent Tesla is a malware-as-a-service (MaaS) Remote Access Trojan (RAT) and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.
Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.
https://www.infosecurity-magazine.com/news/cyber-criminals-invasion-ukraine/
UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat
The UK’s Information Commissioner’s Office (ICO) reports a ‘steady and significant’ increase in cyber-attacks against UK firms over the past two years.
Employees should report any suspicious emails rather than delete them and firms must step up their vigilance against cyber-attacks in the face of a heightened threat from Russian hackers, the UK’s data watchdog has said.
John Edwards, the Information Commissioner, said a new era of security had begun where instead of blacking out windows, people needed to maintain vigilance over their inboxes.
Experts including the UK’s cyber security agency have said Russian hackers could target Britain, and the imposition of sanctions by London on Moscow has increased those fears.
Asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK, Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.”
Phishing - Still a Problem, Despite All The Work
Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.
Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?
https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work
Phishing Attacks Hit All-Time High in December 2021
The Anti-Phishing Working Group international consortium (APWG) saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it began its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.
In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.
Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.
The solution provider Abnormal Security observed 4,200 companies, organisations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.
“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.
https://www.helpnetsecurity.com/2022/03/03/phishing-attacks-december-2021/
Ransomware Infections Top List of The Most Common Results of Phishing Attacks
A report from insider threat management software company Egress found some startling conclusions when it spoke to IT leadership: Despite the pervasive and very serious threat of ransomware, very few boards of directors consider it a top priority.
Eighty-four percent of organisations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren’t hit with a phishing attack, and you still end up at around 50% of all organisations having been hit with ransomware in 2021.
Egress said that its data shows there has been a 15% increase in successful phishing attacks over the past 12 months, with the bulk of the attacks utilising malicious links and attachments. Those methods aren’t new, but a 15% increase in successful attacks means that something isn’t working.
Social Media Phishing Attacks Are at An All Time High
Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.
The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analysed phishing attack patterns that unfolded throughout 2021.
As part of their report, Vade analysed 184,977 phishing pages to create stats based on a billion corporate and consumer mailboxes that the cyber security firm protects.
Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures.
Insurance Giant AON Hit by a Cyber Attack
Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.
AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cyber security consulting, risk solutions, healthcare insurance, and wealth management products.
AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.
In a filing with the US SEC, AON has disclosed that they suffered a cyberattack on February 25th, 2022.
AON has not provided any details of the attack other than that it occurred and affected a limited number of systems.
The company stated that although in the early stages of assessing the incident, based on the information currently known, the company did not expect the incident to have a material impact on its business, operations or financial condition.
In addition to being an insurance broker, AON is also a leading reinsurance company, meaning that they insure the insurance companies.
How Prepared Are Organisations to Face Email-Based Ransomware Attacks?
Proofpoint released a report which provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cyber criminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities
This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses data from nearly 100 million simulated phishing attacks sent by customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.
Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. In line with this, 68% of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.
https://www.helpnetsecurity.com/2022/02/28/email-based-ransomware-attacks/
The Most Impersonated Brands in Phishing Attacks
Vade announced its annual ranking of the top 20 most impersonated brands in phishing. Facebook, which was in the second spot in 2020, rose to the top spot for 2021, representing 14% of phishing pages, followed by Microsoft, with 13%.
The report analysed 184,977 phishing pages linked from unique phishing emails between January 1, 2021 and December 31, 2021.
Key findings:
· Financial services is the most impersonated industry
· Microsoft is the most impersonated cloud brand and the top corporate brand
· Facebook dominates social media phishing
· 35% of all phishing pages impersonated financial services brands
· Mondays and Tuesdays are the top days for phishing
· 78% of phishing attacks occur on weekdays
· Monday and Thursday are the top days for Facebook phishing
· Thursday and Friday are the top days for Microsoft phishing
https://www.helpnetsecurity.com/2022/03/04/most-impersonated-brands-phishing/
As War Escalates in Europe, It’s ‘Shields Up’ For The Cyber Security Industry
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the US Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organisations — regardless of size — adopt a heightened posture when it comes to cyber security and protecting their most critical assets.”
The blanket warning is for all industries to take notice. Indeed, it’s a juxtaposition of sorts to think the cyber security industry is vulnerable to cyber attack, but for many nation state groups, this is their first port of call.
Inspired by the spike in attacks on cyber security agencies globally, a report from Reposify assessed the state of the cyber security industry’s external attack surface (EAS). It coincides with CISA’s warning, and highlights critical areas of concern for the sector and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organisations can focus their efforts, and reinforce the digital perimeter.
2022 May Be The Year Cyber Crime Returns Its Focus to Consumers
Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.
This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.
ReasonLabs has compiled a detailed report on the status of consumer-level cyber security and what trends are most likely to emerge this year.
Kaspersky Neutral Stance in Doubt As It Shields Kremlin
Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.
The company insists that they ‘never provide any law enforcement or government organisation with access to user data or the company's infrastructure.”
Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cyber security community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.
"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.
https://cybernews.com/security/kaspersky-neutral-stance-in-doubt-as-it-shields-kremlin/
Threats
Ransomware
Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response (darkreading.com)
Toyota Japan Shutters 14 Plants After Probable Cyber Attack • The Register
Bridgestone Still Struggling With Plant Closures Across North America After Cyber Attack | ZDNet
Cyber Criminals Who Breached Nvidia Issue One Of The Most Unusual Demands Ever | Ars Technica
Conti Ransomware's Internal Chats Leaked After Siding With Russia (bleepingcomputer.com)
Conti Group Encrypts Karma Ransomware Extortion Notes - Infosecurity Magazine
Phishing & Email
Other Social Engineering
'Several Combinations Of Social Engineering' Used During Cyber Attack On Camera Maker Axis | ZDNet
Instagram Scammers As Busy As Ever: Passwords And 2FA Codes At Risk – Naked Security (sophos.com)
Malware
TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (thehackernews.com)
Rebirth of Emotet: New Features of the Botnet and How to Detect it (thehackernews.com)
Mobile
How Much Do Different Generations Trust Their Mobile Devices' Security? - Help Net Security
TeaBot Android Banking Trojan Continues Its Global Conquest With New Upgrades | ZDNet
SharkBot Malware Hides As Android Antivirus In Google Play (bleepingcomputer.com)
Data Breaches/Leaks
Hackers Leak 190GB Of Alleged Samsung Data, Source Code (bleepingcomputer.com)
NVIDIA Data Breach Exposed Credentials Of Over 71,000 Employees (bleepingcomputer.com)
250,000-Plus Lawyer Disciplinary Records Leak • The Register
Swiss Bank Requests Destruction of Documents - Infosecurity Magazine
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Hackers Threaten To Turn Every Nvidia GPU Into A Bitcoin Mining Machine | TechRadar
Beware of Ongoing Crypto Cyber War Amidst the Ukraine Russian War in 2022 (analyticsinsight.net)
Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)
Fraud, Scams & Financial Crime
DoS/DDoS
DDoSers Are Using A Potent New Method To Deliver Attacks Of Unthinkable Size | Ars Technica
DDoS Attackers Have Found This New Trick To Knock Over Websites | ZDNet
Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks (thehackernews.com)
Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)
Nation State Actors
Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation | Mandiant
Charities, Aid Orgs In Ukraine Attacked With Malware (bleepingcomputer.com)
Cyber Attacks In Ukraine Could Reach Other Countries - IT Security Guru
Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (thehackernews.com)
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar | SecurityWeek.Com
Ukraine Security Agencies Warn Of Ghostwriter Threat Activity, Phishing Campaigns | ZDNet
Ukraine Asks ICANN To Revoke Russian Domains And Shut Down DNS Root Servers | Ars Technica
IsaacWiper, The Third Wiper Spotted Since The Beginning Of Russian Invasion - Security Affairs
Ukrainian Sites Saw A 10x Increase In Attacks When Invasion Started (bleepingcomputer.com)
Chinese Malware Targeted Multiple Governments • The Register
Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (thehackernews.com)
Passwords & Credential Stuffing
Spyware, Espionage & Cyber Warfare
Cyber Attack on NATO Could Trigger Collective Defence Clause - Official | Reuters
Ukraine Conflict Spurs Questions Of How To Define Cyberwar - CyberScoop
How China Built A One-Of-A-Kind Cyber-Espionage Behemoth To Last | MIT Technology Review
Russia's Space Chief Says Hacking Satellites 'A Cause For War' - POLITICO
Ukraine Is Building An 'It Army' Of Volunteers, Something That's Never Been Tried Before | ZDNet
China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (thehackernews.com)
Vulnerabilities
Get Patching Now: CISA Adds Another 95 Flaws To Its Known Exploited Vulnerabilities List | ZDNet
Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products | SecurityWeek.Com
Firefox Patches Two In-The-Wild Exploits – Update Now! – Naked Security (sophos.com)
New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container (thehackernews.com)
Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (thehackernews.com)
New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances (thehackernews.com)
Sector Specific
Financial Services Sector
Health/Medical/Pharma Sector
CNI, OT, ICS, IIoT and SCADA
Reports Published in the Last Week
Other News
Ukraine Conflict Puts Organisations’ Cyber-resilience To The Test - Information Security Buzz
The Cyber Security Implications Of The Russia-Ukraine Conflict (forbes.com)
Multifactor Authentication Is Being Targeted by Hackers – The New Stack
Attacks Abusing Programming APIs Grew Over 600% In 2021 (bleepingcomputer.com)
Soaring Cyber Attacks On BBC – ‘No Industry Is Untouchable’ - Information Security Buzz
Bad Actors Are Becoming More Successful At Evading AI/ML Technologies - Help Net Security
Why the Shifting Nature of Endpoints Requires a New Approach to Security (darkreading.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 05 February 2021
Black Arrow Cyber Threat Briefing 05 February 2021: Ransomware Gangs Made At Least $350 Million In 2020; Widening Security Shaped Gulf Between Firms And Remote Workers; 3.2 Billion Emails And Passwords Exposed; Account Takeover and Data Leakage Attacks Spiked In 2020; Automated Tools Increasingly Used to Launch Cyber Attacks; 93% Of Workers Overshare Online, Causing Social Engineering Risks;
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Gangs Made At Least $350 Million In 2020
Ransomware gangs made at least $350 million in ransom payments last year, in 2020, blockchain analysis. The figure was compiled by tracking transactions to blockchain addresses linked to ransomware attacks. Although Chainalysis possesses one of the most complete sets of data on cryptocurrency-related cybercrime, the company said its estimate was only a lower bound of the true total due.
https://www.zdnet.com/article/ransomware-gangs-made-at-least-350-million-in-2020/
Home Working Increases Cyber Security Fears
"We see tens of different hacking attacks every single week. It is never ending."A senior computer network manager says they are bombarded from all directions. "We see everything," he says. "Staff get emails sent to them pretending to be from the service desk, asking them to reset their log-in passwords. "We see workers being tricked into downloading viruses from hackers demanding ransoms, and we have even had employees sent WhatsApp messages pretending to be from the CEO, asking for money transfers.
https://www.bbc.co.uk/news/business-55824139
3.2 Billion Emails And Passwords Exposed Online
A whopping 3.2 billion password-username pairs are up for grabs in an unnamed online hacking forum. But don't panic — the data is nothing new. It's a compilation of stolen credentials from dozens of old data breaches, some going back ten years. That doesn't mean you shouldn't be aware that your old passwords are floating out there. Yes, your passwords, and ours too. Pretty much anyone who's ever created more than three online accounts has had a password compromised by now.
https://www.tomsguide.com/news/3-2-billion-passwords-leaked
Account Takeover Attacks Spiked In 2020
Occurring whenever a bad actor can steal login credentials and seize control of an online account, takeover attacks rose from 34% of fraud detected in 2019 to 54% by the end of December 2020. Other methods of fraud were blips on the radar compared to account takeovers: The next most popular method, at just 16% of detected fraud, was money laundering/mule transactions, followed by new account fraud (14%), and a mere 12% of instances used remote access or hacking tools to accomplish their goals.
https://www.techrepublic.com/article/account-takeover-attacks-spiked-in-2020-kaspersky-says/
30% Of “Solarwinds Hack” Victims Didn’t Actually Use Solarwinds
When security last week that it had been targeted by the same attacker that compromised SolarWinds' Orion software, it noted that the attack did not use SolarWinds itself. According to Malwarebytes, the attacker had used "another intrusion vector" to gain access to a limited subset of nearly a third of the organizations attacked had no direct connection to SolarWinds.
Data Leakage Attacks Saw Huge Rise In 2020
The number of data leakage incidents grew by an “unprecedented” rate in 2020, a new report from Imperva argues. Through online means alone, not counting leaks caused by lost hardware or word of mouth, Imperva researchers tracked a 93 percent rise. By the end of the year, Imperva had identified a total of 1.7 million leaks, with the the number growing even faster in the second half of the year. Between Q3 and Q4, there was a 47 percent increase.
https://www.itproportal.com/news/data-leakage-attacks-saw-huge-rise-in-2020/
Automated Tools Increasingly Used to Launch Cyber Attacks
Cyber-criminals are increasingly making use of automation and bots to launch attacks, according to a new analysis. revealed that over half (54%) of all cyber-attacks it blocked in November and December were web application attacks which involved the use of automated tools. The most prevalent form was fuzzing attacks, making up around one in five (19.5%). This uses automation to detect and exploit the points at which applications break. This was followed by injection attacks (12%), in which cyber-criminals make use of automation tools such as sqlmap to gain access to applications.
https://www.infosecurity-magazine.com/news/automated-tools-launch-cyber/
A Second SolarWinds Hack Deepens Third-Party Software Fears
It’s been more than two months since revelations that alleged Russia-backed hackers broke into the IT management firm SolarWinds and used that access to launch a massive software supply chain attack. It now appears that Russia was not alone; Reuters reports that suspected Chinese hackers independently exploited a different flaw in SolarWinds products last year at around the same time, apparently hitting the US Department of Agriculture's National Finance Center.
https://www.wired.com/story/solarwinds-hack-china-usda/
93% Of Workers Overshare Online, Causing Security Risks
Reveals just how much, and how often, people divulge about their lives online and how attackers take advantage of it. With insights from both professionals and hackers, the report explores how cybercriminals use an abundant and seemingly cheap resource — the personal information people share on social media and in out-of-office alerts — to craft social engineering attacks.
https://www.helpnetsecurity.com/2021/02/03/workers-overshare-online/
Is There A Widening Gulf Between You And Your Remote Workers? Yes – And It’s Security Shaped
It’s been almost a year since large parts of the workforce beat a hasty retreat from their offices, and began a mass experiment in working from home, often courtesy of Microsoft 365. And after 12 or so months, it’s safe to say that the case for productive remote working has been proved, and that many workers will continue to do so even when the all clear sounds. But is there a question as to whether remote working is as secure as the traditional, office bound, hard perimeter setup? Well, yes, and it’s fair to say the jury is still very much out.
https://www.theregister.com/2021/02/04/mind_the_security_gap_regcast/
Threats
Ransomware
Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains
2021's First Big Ransomware Gang Launches Sleek and Bigoted 'Leak' Site
Ransomware gangs now have industrial targets in their sights. That raises the stakes for everyone
Other Social Engineering
Malware
This malware abuses Tor and Telegram infrastructure to evade detection
Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET
Experts discovered a new Trickbot module used for lateral movement
Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection
Mobile
Vulnerabilities
Data Breaches
Security firm Stormshield discloses data breach, theft of source code
Female escort review site data breach affects 470,000 members
Nation-State Actors
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.