Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 20 August 2021
Black Arrow Cyber Threat Briefing 20 August 2021:
-Third of Global Companies Have Experienced Ransomware Attack, Survey Finds
-Company Size Is A Nonissue With Automated Cyberattack Tools
-60% Of Employees Reuse Passwords Across Business And Personal Accounts
-LockBit 2.0 Ransomware Proliferates Globally
-Secret Terrorist Watchlist With 2 Million Records Exposed Online
-Phishing Costs Quadruple Over 6 Years
-Security Teams Report Rise In Cyber Risk
-Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
A Third of Global Companies Have Experienced Ransomware Attack, Survey Finds
Roughly a third of large international companies have faced a ransomware attack or other data breach in the last 12 months, according to a new survey.
Analysts surveyed almost 800 companies and found 37% of international companies experienced ransomware attacks this past year. The survey focused on companies with more than 500 employees.
Company Size Is A Nonissue With Automated Cyber Attack Tools
Even with plenty of old problems to contend with, firms need to get ready for new and more powerful automated ransomware tools.
Cyber criminals are constantly looking for the best return on their investment and solutions that lower the chance of being caught. Sadly, that appears to mean small businesses are their current target of opportunity.
Tech media and cyber pundits have been sounding the alarm and offering small businesses specific cybersecurity solutions for a few years now, but it seems to no avail.
https://www.techrepublic.com/article/company-size-is-a-nonissue-with-automated-cyberattack-tools/
Over 60% Of Employees Reuse Passwords Across Business And Personal Accounts
Nearly two thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue. Surprisingly, 97% of employees know what constitutes a strong password, yet over half (53%) admit to not always using one.
http://hrnews.co.uk/over-60-of-employees-reuse-passwords-across-business-and-personal/
LockBit 2.0 Ransomware Proliferates Globally
Fresh attacks target companies’ employees, promising millions of dollars in exchange for valid account credentials for initial access.
The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.
https://threatpost.com/lockbit-ransomware-proliferates-globally/168746/
Secret Terrorist Watchlist With 2 Million Records Exposed Online
A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.
The list was left accessible on an Elasticsearch cluster that had no password on it.
Phishing Costs Nearly Quadrupled Over 6 Years
Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not pay-outs to crooks.
Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large US companies are now losing, on average, $14.8 million annually, or $1,500 per employee.
That’s up sharply from 2015’s figure of $3.8 million, according to a new study from Ponemon Institute that was sponsored by Proofpoint.
According to the study, released Tuesday, phishing leads to some of the costliest cyber attacks.
https://threatpost.com/phishing-costs-quadrupled/168716/
Security Teams Report Rise In Cyber Risk
A recent report shows declining confidence in many organisations’ security function to address today’s threats.
80% of respondents to the Trend Micro’s biannual Cyber Risk Index (CRI) report said they expect to experience a data breach that compromises customer data in the next 12 months.
The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets.
Organisations are overwhelmed as they pivot from traditional to distributed networks. Pandemic-driven work-from-home growth is potentially how businesses will be run going forward. That distributed network means that it’s harder for IT staff to know what assets are under their control and what security controls should be in place. With the line blurring between corporate and personal assets, organizations are overwhelmed with the pace of change.
https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html
Organisations Aware Of The Importance Of Zero Trust, Yet Still Relying On Passwords
Organisations have become more security conscious over the course of the pandemic, leading them to invest heavily in zero trust, according to a new study.
The report surveyed over 600 global security leaders about their initiatives and found that remote work has led to a change in how organizations view the importance of zero trust, with financial services, healthcare organisations and the software industry seeing the most significant progress.
78% of companies globally say that zero trust has increased in priority and nearly 90% are currently working on a zero trust initiative, up from just 41% a year ago.
https://www.helpnetsecurity.com/2021/08/11/importance-of-zero-trust/
Reliance On Third Party Workers Making Companies More Vulnerable To Cyber Attacks
A new survey revealed 83% of respondents agree that because organisations increasingly rely on contractors, freelancers, and other third party workers, their data systems have become more vulnerable to cyber attacks.
Further, 88% of people say organisations and government entities must have better data security systems in place to protect them from the increase in third party remote attacks.
Recent high-profile breaches, including SolarWinds, Colonial Pipeline, and JBS Foods, have exposed how vulnerable organisations are to cyber crime and in particular ransomware attacks. Of note with recent attacks is how data breaches can quickly affect aspects of everyday life, such as the ability to fill a car with petrol or buy meat at the supermarket.
https://www.helpnetsecurity.com/2021/08/16/reliance-on-third-party-workers/
The Cyber Security Skills Gap Persists For The Fifth Year Running
Most organisations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.
T-Mobile Hack Is A Return To The Roots Of Cyber Crime
In the world of cyber crime, ransomware attacks might be the sophisticated bank heists. The hack of T-Mobile is more akin to smashing a window, grabbing merchandise, and running.
The attack that exposed the personal information of millions of T-Mobile customers spotlights a common type of cyber threat that can inflict significant damage to consumers, much like the recent rash of ransomware attacks hitting companies.
The breach exposed the data of more than 40 million people, T-Mobile confirmed Wednesday, including customer’s full names and driver’s license information. A hacker posted about the stolen information on a cyber crime forum late last week, offering to sell the information to buyers for the price of six bitcoin, or about $270,000.
This type of attack, in which hackers worm their way into companies’ systems, steal data and try to sell it online, has been a common tactic for years, cyber security experts say. Unlike the high-profile ransomware attacks that have disrupted fuel supplies, hospital systems and food production in recent months, these data exfiltration hacks do not lock down computer systems.
https://www.washingtonpost.com/technology/2021/08/19/tmobile-breach-data-hacks/
Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks
The first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, a new report reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May.
Bad actors continue to utilise phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on.
https://www.helpnetsecurity.com/2021/08/19/phishing-attacks-h1-2021/
Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily
A new report has shined a light on the state of connected devices. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020). These devices include medical and manufacturing devices that are critical to business operations along with network devices, IP phones, video surveillance cameras and facility devices (such as badge readers) that are not designed with security in mind, cannot be patched, and cannot support endpoint security agents.
With almost half of devices in the network that are either agentless or un-agentable, organisations need to complement their endpoint security strategy with a network-based security approach to discover and secure these devices.
https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/
Threats
Ransomware
John Oliver On Ransomware Attacks: ‘It’s In Everyone’s Interest To Tet This Under Control’
Device Complexity Leaving Schools At Heightened Risk Of Ransomware Attacks
This Ransomware Has Returned With New Techniques To Make Attacks More Effective
Diavol Ransomware Sample Shows Stronger Connection To TrickBot Gang
Ransomware Criminals' Demands Rise As Aggressive Tactics Pay Off
BEC
Phishing
Other Social Engineering
Malware
Malware Campaign Uses Clever 'Captcha' To Bypass Browser Warning
Malware Dev Infects Own PC And Data Ends Up On Intel Platform
Researchers Discover New AdLoad Malware Campaigns Targeting Macs And Apple Products
Mobile
IOT
Vulnerabilities
Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly A Million IoT Devices
Unpatched Remote Hacking Flaw Disclosed In Fortinet's FortiWeb WAF
65 Vendors Affected By Severe Vulnerabilities In Realtek Chips
Eight-Year-Old Bug In Microsoft's 64-Bit VBA Prompts Complaints Of Neglect
Cisco Won’t Fix Zero-Day RCE Vulnerability In End-Of-Life VPN Routers
Data Breaches/Leaks
Chase Bank Accidentally Leaked Customer Info To Other Customers
Colonial Pipeline Reports Data Breach After May Ransomware Attack
Ford Bug Exposed Customer And Employee Records From Internal Systems
Dark Web
Dark Web Blockchain Analysis Tool Suspended After Flurry Of Media Coverage
Dark Web Drug Dealer Indicted For Laundering $137 Million In Bitcoin From Prison
Dark Web Criminals Have Built A Tool That Checks For Dirty Bitcoin
Supply Chain
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
Cloud
Other News
Threat Actors Hacked US Census Bureau In 2020 By Exploiting A Citrix Flaw
Cyber Security Is Top Priority For Enterprises As They Shift To Digital-First Operating Models
SMEs Awareness Of GDPR Is High, But Few Adhere To Its Legal Requirements
Hacker Finds A Way To Steal Windows 365 User Names And Passwords
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 04 June 2021
Black Arrow Cyber Threat Briefing 04 June 2021: Cyber Insurers Recoil As Ransomware Attacks ‘Skyrocket’; US Puts Cyber Crime On Par With Terror After Ransomware Attacks; Cyber Attack Leaves 7,000 Out Of Work; Irish Health Service Patient Data Leaked Online; Enterprise Networks Vulnerable To 20-Year-Old Exploits; US Seize Domains Used By SolarWinds Intruders For Spear-Phishing; Hacker Group DarkSide Operates Like A Franchise; Interpol Intercepts $83M Fighting Financial Cyber Crime
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Insurers Recoil As Ransomware Attacks ‘Skyrocket’
The Great Fire of London helped forge the property insurance market, as residents feared a repeat of the savage destruction of 1666. In the absence of a state-backed fire service, some insurers even employed their own brigades, betting that limiting the damage to a property would be cheaper than rebuilding it. After a wave of high-profile cyber assaults, Graeme Newman, chief innovation officer at London-based insurance provider CFC, draws a parallel with today’s rapidly evolving market for cyber coverage. Insurance companies now provide emergency support services as well as financial compensation, so “the insurers own the digital fire trucks”, he said.
https://www.ft.com/content/4f91c4e7-973b-4c1a-91c2-7742c3aa9922
US Puts Cyber Crime On Par With Terror After Ransomware Attacks
The US government is raising the fight against cyber criminals to the same level as the battle against terrorists after a surge of ransomware attacks on large corporations. Internal guidance circulated by the Department of Justice instructs prosecutors to pool their information about hackers. The idea, said John Carlin, of the attorney-general’s office, is to “make the connections between actors and work your way up to disrupt the whole chain”.
https://www.thetimes.co.uk/article/us-cybercrime-terror-ransomware-attacks-joe-biden-pzrqbkfwt
Russia Under Fire As Cyber Attack Leaves 7,000 Out Of Work
An attack this week on JBS meatworks in North America and Australia brought the firm to a standstill, and now threatens to turn into a diplomatic row with Russia. JBS are reported to supply 20% of the world meat market and the ransomware attack has left 7,000 workers unable to do their jobs.
Irish Health Service Confirms Data Of Nearly 520 Patients Is Online After Cyber Attack
The Health Service Executive (HSE) has confirmed the data of nearly 520 patients is online after media reports of their publication. In a statement, the HSE said the data contains correspondence with patients, minutes of meetings and includes sensitive patient data. The HSE also confirmed corporate documents are among the HSE data illegally accessed. Confirmation of the authenticity of this data follows an analysis carried out by the agency and comments from the Minister for Communications, Eamon Ryan, that reports of patient data being shared online are "very credible".
https://www.irishexaminer.com/news/arid-40301054.html
Enterprise Networks Vulnerable To 20-Year-Old Exploits
While the industry focuses on exotic attacks – like the SolarWinds incident — the real risk to enterprises comes from older exploits, some as much as 20-years old. “While organisations always need to keep up with the latest security patches, it is also vital to ensure older system and well-known vulnerabilities from years past are monitored and patched as well,” says Etay Maor, senior director of security strategy at Cato Networks. “Threat actors are attempting to take advantage of overlooked, vulnerable systems.” Our research showed that attackers often scanned for end-of-life and unsupported systems. Common Vulnerability and Exposures (CVE) identified were exploits targeting software, namely vSphere, Oracle WebLogic, and Big-IP, as well as routers with remote administration vulnerabilities.
https://www.helpnetsecurity.com/2021/05/27/enterprise-networks-vulnerable/
US Authorities Seize Two Domains Used By SolarWinds Intruders For Malware Spear-Phishing Operation
Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development (USAID). The domain takeovers, which occurred on Friday, followed a court order issued in the wake of a Microsoft report warning about the spear-phishing campaign. The phishing effort relied on malware-laden messages sent via marketing service Constant Contact. "Cyber intrusions and spear-phishing email attacks can cause widespread damage throughout affected computer networks, and can result in significant harm to individual victims, government agencies, NGOs, and private businesses,” said Acting US Attorney Raj Parekh for the Eastern District of Virginia, in a statement. "As demonstrated by the court-authorized seizure of these malicious domains, we are committed to using all available tools to protect the public and our government from these worldwide hacking threats."
https://www.theregister.com/2021/06/02/feds_seize_nobelium/
Hacker Group DarkSide Operates In A Similar Way To A Franchise
DarkSide, the hacker group behind the recent Colonial Pipeline ransomware attack, has a business model that’s more familiar than people think, according to New York Times correspondent Andrew Kramer, “It operates something like a franchise, where individual hackers can come and receive the ransomware software and use it, as well as, use DarkSide’s reputation, as it were, to extract money from their targets, mostly in the United States,” Kramer said in an interview that aired Wednesday night.
Interpol Intercepts $83 Million Fighting Financial Cyber Crime
The Interpol (short for International Criminal Police Organisation) has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers. Over 40 law enforcement officers specialized in fighting cyber crime across the Asia Pacific region took part in the Interpol-coordinated Operation HAECHI-I spanning more than six months. Between September 2020 and March 2021, law enforcement focused on battling five types of online financial crimes: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.
Is It Really The Wild West In Cyber Crime? Why We Need To Re-Examine Our Approach To Ransomware
Once again, cyber security has become a headline topic within and well outside technology circles, along with the little-known operator of a significant fuel pipeline: Colonial Pipeline. A ransomware attack, and ensuing panic buying of gasoline, resulted in widespread fuel shortages on the east coast, thrusting the issue of cyber security into the lives of everyday Americans. Colonial Pipeline CEO Joseph Blount later acknowledged that his company ultimately paid the cybercriminals $4.4 million to unlock company systems, generating a great deal of controversy around the simple question (and associated complex potential answers), of whether companies should pay when their systems are held hostage by ransomware.
Threats
Ransomware
White House Contacts Russia After Hack Of World’s Largest Meatpacking Company
This New Ransomware Is Targeting Unpatched Microsoft Exchange Servers
Fujifilm Becomes Latest Ransomware Victim As White House Urges Business Leaders To Take Action
Cyber Crime Forum Advertises Alleged Database, Source Code From Russian Firm That Helped Parler
Phishing
Other Social Engineering
Malware
Mobile
IOT
Vulnerabilities
Huawei USB LTE Dongles Are Vulnerable To Privilege Escalation Attacks
Hackers Actively Exploiting 0-Day In WordPress Plugin Installed On Over 17,000 Sites
EPUB Vulnerabilities: Electronic Reading Systems Riddled With Browser-Like Flaws
SonicWall Urges Customers To 'Immediately' Patch NSM On-Prem Bug
Data Breaches
Supply Chain
Nation State Actors
Chinese Cyber Criminals Spent Three Years Creating A New Backdoor To Spy On Governments
Kimsuky APT Continues To Target South Korean Government Using Appleseed Backdoor
Russian Hacker Pavel Sitnikov Arrested For Sharing Malware Source Code
Privacy
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.