Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Ransomware Attacks Surged to New Highs in 2021

Ransomware attacks are getting more frequent, more successful and more expensive.

Sixty-six percent of the organisations surveyed by Sophos for its annual State of Ransomware report admitted that they were hit with a ransomware attack last year, up from 37% in 2020. And 65 percent of those attacks were successful in encrypting their victims' data, up from 54 percent the year before.

On top of that, the average ransom paid by organisations for their most significant ransomware attack grew by nearly five times, to just over $800,000, while the number of organisations that paid ransoms of $1 million or more tripled to 11%, the UK-based cybersecurity company said. For its annual report, Sophos surveyed 5,600 organisations from 31 countries. A total of 965 of those polled shared details of their ransomware attacks.

The numbers aren't a huge surprise after a year of epic ransomware attacks that shut down everything from a major oil pipeline to one of the largest meat processors in the US. While both Colonial Pipeline and JBS US Holdings paid millions in ransom, the attacks paused their operations long enough to spark panic buying and drive prices up for consumers.

https://www.cnet.com/tech/services-and-software/ransomware-attacks-surged-to-new-highs-in-2021/#ftag=CAD-09-10aai5b

• NCSC and Allies Publish Advisory on The Most Commonly Exploited Vulnerabilities In 2021

The UK and international partners have published an advisory for public and private sector organisations on the 15 most commonly exploited vulnerabilities in 2021.

The National Cyber Security Centre (NCSC), a part of GCHQ, has jointly published an advisory with agencies in the US, Australia, Canada and New Zealand, showing that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities across the public and private sectors worldwide.

Threat actors often geared their efforts towards targeting internet-facing systems, such as email and virtual private network (VPN) servers.

It also indicates that, to a lesser extent, actors continue to exploit publicly known – and often dated – vulnerabilities, some of which were routinely exploited in 2020 or earlier.

The advisory directs organisations to follow specific mitigation advice to protect against exploitation, which includes applying timely patches, using a centralised patch management system and replacing any software no longer supported by the vendor.

https://www.ncsc.gov.uk/news/ncsc-and-allies-publish-advisory-on-the-most-commonly-exploited-vulnerabilities-in-2021

•  Network Attacks Increased to a 3-Year High

WatchGuard Technologies’ Internet Security Report for Q4 2021 revealed all threats were up, whether they’re network attacks or malware.

When the pandemic started, their research team saw a big drop in malware being detected by network security devices. In this period, tech based jobs moved to remote work, which meant a lot of users were no longer browsing the internet and encountering bad things through the network security control at the office. That’s probably why network detection for malware dropped quite a bit at the beginning of the pandemic.

Meanwhile, network attacks continued to rise even through the pandemic, since the servers still lived at the offices and the cloud, and network security still protected those.

The big takeaway in Q4 2021 is that malware rose significantly, returning to normal levels. The reason might be the holiday season, but it’s most probably the fact that, at the end of last year, a lot of tech-based offices started reopening and offering employees to come back in, and thus there’s a bigger chance for network security controls to catch malware.

https://www.helpnetsecurity.com/2022/04/25/network-attacks-q4-2021-video/

• World War Three Is Far More Likely Than Anyone Is Prepared to Admit

A Telegraph article looks at the Russia-Ukraine conflict and considers risks posed by new weapons and how the West’s failure to understand our enemies are raising the chances of a horrific conflict.

The fact is the world is becoming more, rather than less, dangerous: there are plenty of other wannabe Putins, and they are better equipped to sow death and destruction. Not only traditional and nuclear threats but bioterrorism is a growing worry and a major cyber attack or assault on transatlantic cables could be so devastating to an internet-based economy as to be seen as a declaration of war.

https://www.telegraph.co.uk/news/2022/04/27/world-war-three-far-likely-anyone-prepared-admit/

• The Ransomware Crisis Deepens, While Data Recovery Stalls

Higher probabilities of attack, soaring ransoms, and less chance of getting data back — the ransomware plague gets worse, and cyber insurance fails to be a panacea.

When it comes to ransomware, more companies are seeing attacks and have had data encrypted, according to research out this week. And even though more companies are backing up or paying ransom demands, less data was recovered in 2021 compared with the previous year.

For instance, in its "State of Ransomware 2022" report, cybersecurity firm Sophos found that 66% of surveyed companies had encountered ransomware in 2021, with two-thirds of those firms — or 43% overall — suffering from an actual attack that encrypted data. In its previous report covering 2020, the frequency of successful attacks was much smaller, with about 20% overall resulting in encryption.

The deteriorating cyberthreat landscape is largely due to the evolution of ransomware groups and their techniques, says Sean Gallagher, senior threat researcher with Sophos.

"Over the past couple of years, there has been a massive transition from ransomware to ransomware-as-a-service," he says. "There are very well-established [groups] that are doing these attacks, and as a result, the number of attacks companies are seeing has gone up."

Ransomware continues to plague companies with business-disrupting attacks and defy efforts by cybersecurity experts to rein in the operators behind the criminals’ campaigns. Not only did the portion of companies affected by ransomware more than double last year, but the mean ransomware payment more than quadrupled to $812,000, according to the Sophos report.

https://www.darkreading.com/attacks-breaches/ransomware-crisis-deepens-data-recovery-stalls

• Ransoms Only Make Up 15% of Ransomware Costs

New research suggests that paying ransoms is only the tip of the cost iceberg when it comes to ransomware attacks.

Researchers at Check Point have revealed that the collateral damage of ransomware attacks make up costs roughly seven times higher than the ransom demanded by threat actors.

The costs include financial implications caused by incident response efforts, system restoration, legal fees, monitoring costs and the overall impact of business disruption.

Ransomware attacks are an increasingly popular attack method, typically involving stealing data from the victim, encrypting data and forcing them to pay for decryption and avoiding a data leak.

Check Point said in the report:

“Most other losses, including response and restoration costs, legal fees, monitoring costs, etc., are applied whether the extortion demand was paid or not. The year 2020 showed that the average total cost of a ransomware attack was more than seven times higher than the average ransom paid.”

https://www.itsecurityguru.org/2022/04/28/ransoms-only-make-up-15-of-ransomware-costs/

• Defending Your Business Against Russian Cyber Warfare

We are likely to see Russian state sponsored attacks escalate as the West continues to increase sanctions and support Ukraine.

The eyes of the world are focused on the war in Ukraine. As expected, Russia has targeted Ukraine with cyber attacks first, and much of the West is wondering when Russia will also retaliate against countries supporting Ukraine. Most agree that some attacks are already in progress, and the attacks against western entities are sure to escalate as the war continues and more sanctions are put in place. 

The first wave of companies targeted by the Russian state, and threat actors it supports, will be those that suspend Russian operations or take direct action to support Ukraine. Information operations and subversion against these companies will likely ensue. In the event of Russian cyberwarfare, reviewing the industries, styles, and objectives of their attacks can help organisations to prepare and implement more robust defences. These defences include actions both inside and outside an enterprise's perimeter.

https://www.securityweek.com/defending-your-business-against-russian-cyberwarfare

• 5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable

What 5,800+ pentests show us: Companies have been struggling with the same known and preventable security bugs year over year. Bandwidth stands at the heart of the problem.

Cyber crime can cause major disruption when it comes to the sustainability and long-term success of companies. Teams want to have robust security but often struggle to meet that objective. It's crucial for security professionals to leverage insights into emerging trends in cybersecurity to pinpoint which vulnerabilities put organisations at the greatest risk, and Cobalt's "State of Pentesting" reports explore how to achieve efficiency to strengthen security.

The "State of Pentesting 2022" surveyed 602 cybersecurity and software development professionals and analysed data from 2,380 pentests conducted over the course of 2021 to pull key insights that are relevant to security and development teams when it comes to fixing vulnerabilities.

As a result of the data collected, the top five most common vulnerability categories outlined in this year's "State of Pentesting" report include:

·       Server Security Misconfigurations

·       Cross-Site Scripting (XSS)

·       Broken Access Control

·       Sensitive Data Exposure

·       Authentication and Sessions

Surprisingly — yet predictably — these vulnerability categories have stayed at the top of the list for at least the last five years in a row. They're also recognisable to those who are familiar with OWASP Top 10 list for Web Application Security Risks.

The majority of these findings are connected to missing configurations, outdated software, and a lack of access management controls — all common and easily preventable security flaws. So, what's holding companies back from preventing well-known security flaws? Why does this come as a surprise?

https://www.darkreading.com/vulnerabilities-threats/5-year-vulnerability-trends-are-both-surprising-and-sadly-predictable

• Cisco Talos Observes 'Novel Increase' in APT Activity in Q1

Advanced persistent threat actors have been busy over the past few months, according to Cisco Talos.

The security vendor released its Quarterly Trends report, which examined incident response trends from engagements in the first quarter of 2022. While ransomware remained the top threat, as it has for the past two years now, Cisco observed a new trend of increased APT activity. The Cisco Talos Incident Response (CTIR) team attributed some of the increase to groups like Iranian state-sponsored Muddywater and China-based Mustang Panda.

One suspected Chinese APT, dubbed "Deep Panda," was connected to exploitation of the Log4j flaw that was discovered last year in the widely used Java logging tool. Log4j exploitation was the second most common threat for Q1 behind ransomware, indicating the bug is a growing threat despite a patch being available.

https://www.techtarget.com/searchsecurity/news/252516380/Cisco-Talos-observes-novel-increase-in-APT-activity-in-Q1

• Deepfakes Set to Be Used in Organised Crime

New research from Europol suggests that deepfakes will be used extensively in organised crime operations.

Europol has warned of a projected rise in the use of deepfake technology by organised crime organisations.

Deepfakes involve the use of artificial intelligence to create realistic audio and audio-visual content “that convincingly shows people saying or doing things they never did, or create personas that never existed in the first place.”

Law enforcement and the challenge of deepfakes is the first published analysis of the Europol Innovation Lab’s Observatory function, warning that law enforcement agencies must rapidly improve skills and technologies utilised by officers in order to keep up with criminal deepfake use.

The analysis report highlighted how deepfakes are used primarily in disinformation, non-consensual pornography and document fraud campaigns, which will grow more realistic in years to come.

https://www.itsecurityguru.org/2022/04/29/deepfakes-set-to-be-used-in-organised-crime/

• Smart Contract Developers Not Really Focused on Security. Who Knew?

"Smart contracts," which consist of self-executing code on a blockchain, are not nearly as smart as the label suggests.

They are at least as error-prone as any other software, where historically the error rate has been about one bug per hundred lines of code.

And they may be shoddier still due to disinterest in security among smart contract developers, and perhaps inadequate technical resources.

Multi-million dollar losses attributed to smart contract bugs – around $31m stolen from MonoX via smart contract exploit and ~$34m locked into a contract forever due to bad increment math, to name a few – illustrate the consequences.

https://www.theregister.com/2022/04/26/smart_contract_losses/

• Tractor-Trailer Brake Controllers Vulnerable to Remote Hacker Attacks

We’ve been predicting this for a while now and the move to more and more connected systems, autonomous and semi-autonomous vehicles, how long until someone is subject to threats to disconnect a vehicle’s brakes as they are driving along a motorway? Who wouldn’t pay the ransom demand in that scenario?

A report this week is related to articulated lorries but this is something that will be affecting all vehicles unless safeguards are put in place.

Researchers have analysed the cyber security of heavy vehicles and discovered that the brake controllers found on many tractor-trailers in North America are susceptible to remote hacker attacks.

The research was conducted by the US National Motor Freight Traffic Association (NMFTA), which is a non-profit organisation that represents roughly 500 motor freight carriers, in collaboration with Assured Information Security, Inc.

NMFTA has been analysing the cyber security of heavy vehicles since 2015 and it has periodically disclosed its findings. The latest report from the organisation came in early March, when the US Cybersecurity and Infrastructure Security Agency (CISA) also issued an advisory to describe two vulnerabilities affecting trailer brake controllers.

The flaws described in the CISA advisory are related to the power line communications (PLC) between tractors and trailers, specifically the PLC4TRUCKS technology, which uses a standard named J2497 for bidirectional communications between the tractor and trailer without adding new wires.

https://www.securityweek.com/tractor-trailer-brake-controllers-vulnerable-remote-hacker-attacks

Threats

Ransomware

• Prevent HEAT Attacks to Foil Ransomware Incidents - Help Net Security

• 4-Hour Time-to-Ransom Seen in Quantum Attack as Accelerated Ransomware Increasingly Common | SecurityWeek.Com

• Conti Ransomware Operations Surge Despite Recent Leak - Security Affairs

• Beware: Onyx Ransomware Destroys Files Instead of Encrypting Them (bleepingcomputer.com)

• FBI says BlackCat Rust-Based Ransomware Scratched 60+ Orgs • The Register

• REvil Ransomware Attacks Resume, But Operators Are Unknown (techtarget.com)

• Fake Windows 10 Updates Infect You with Magniber Ransomware (bleepingcomputer.com)

• New Black Basta Ransomware Springs into Action with A Dozen Breaches (bleepingcomputer.com)

• Companies Can't Get Enough of Good Ol' Tape Storage For Ransomware Resistance | PC Gamer

Phishing & Email Based Attacks

• Phishing Goes KISS: Don’t Let Plain and Simple Messages Catch You Out! – Naked Security (sophos.com)

• Phishing Attacks Benefiting from Shady SEO Practices (techtarget.com)

• Cyber Criminals Deliver IRS Tax Scams and Phishing Campaigns by Mimicking Government Vendors - Help Net Security

Malware

• Emotet Malware Now Installs Via Powershell in Windows Shortcut Files (bleepingcomputer.com)

• It’s Called BadUSB for a Reason - Security Affairs

• New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer (thehackernews.com)

• Emotet Tests New Attack Techniques: Sign of Things to Come? | CSO Online

• Cyber Criminals Using New Malware Loader 'Bumblebee' in the Wild (thehackernews.com)

• New Powerful Prynt Stealer Malware Sells for Just $100 Per Month (bleepingcomputer.com)

Mobile

• These Are Signs That Your Phone Could Be Infected with Malware - PhoneArena

Organised Crime & Criminal Actors

• Interpol: We Can't Arrest Our Way Out of Cyber Crime • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

• Scammers Are Copying News Sites To Push Elon Musk-themed Crypto Scams - Information Security Buzz

• Why Did Hackers Target DeFi L1, L2 Solutions for a $1.2 Billion Theft in 2022? (watcher.guru)

• Intuit Sued Over Phishing Attack Targeting Trezor Crypto Wallet Users - Decrypt

• Crypto Trading Fund Partners Accused of Fraud - Infosecurity Magazine

• LemonDuck Botnet Evades Detection in Cryptomining Attacks (techtarget.com)

• Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen (vice.com)

Insider Risk and Insider Threats

• Don't Ignore Risks Lurking Within Your Own Network - Help Net Security

AML/CFT

• Two More Indicted Over North Korean Sanctions Evasion Plot - Infosecurity Magazine

• FCA: Challenger Banks Failing to Spot Money Launderers - Infosecurity Magazine

Denial of Service DoS/DDoS

• Cloudflare Stomps On 15.3 Million Requests Per Second DDoS • The Register

• How a New Generation of IoT Botnets Is Amplifying DDoS Attacks | CSO Online

• Attackers Remain Persistent and Indiscriminate As Multi-Vector DDoS Attacks Continue To Rise - Help Net Security

• DDoS Attacks Target Healthcare, Education Markets, Research Finds - MSSP Alert

Cloud

• Is Cloud Critical Infrastructure? Prep Now for Provider Outages (techtarget.com)

• Shadow IT Is A Top Concern Related To SaaS Adoption - Help Net Security

• Security Turbulence in the Cloud: Survey Says… | Threatpost

Travel

• Finnish Hotels' Data Compromised - Infosecurity Magazine

Parental Controls and Child Safety

• Hackers Sexually Extort Kids with Stolen Data: Report (gizmodo.com)

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• The Hybrid War in Ukraine - Microsoft On the Issues

• Data-Wiper Malware Strains Surge Amid Ukraine Invasion • The Register

• Russia Is Being Hacked at an Unprecedented Scale | WIRED

• Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware (thehackernews.com)

• Cyber Attacks Rage in Ukraine, Support Military Operations | Threatpost

• Ongoing DDoS Attacks from Compromised Sites Hit Ukraine - Security Affairs

• Anonymous Hacked Russian PSCB Commercial Bank and Energy Firms - Security Affairs

• Russia-Linked Threat Actors Launched Hundreds of Cyber Attacks on Ukraine - Security Affairs

• Russian Hacktivists Launch DDoS Attacks on Romanian Govt Sites (bleepingcomputer.com)

• Cyber Espionage APT Now Identified as Three Separate Actors | Threatpost

Nation State Actors

Nation State Actors – Russia

• Microsoft Documents Over 200 Cyber Attacks by Russia Against Ukraine (thehackernews.com)

• Russian Govt Impersonators Target Telcos in Phishing Attacks (bleepingcomputer.com)

• The Subject of Trusting ‘Russian’ Applications - Information Security Buzz

Nation State Actors – North Korea

• Nation-state Hackers Target Journalists with Goldbackdoor Malware | Threatpost

Nation State Actors – Iran

• Iran's Rocket Kitten Likely Behind VMware Exploitation • The Register

Nation State Actors – Misc

• Case Study: Why It's Difficult To Attribute Nation-State Attacks (techtarget.com)

• Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group (thehackernews.com)

Vulnerability Management

• Five Eyes Nations Reveal 2021's Fifteen Most-Exploited Flaws • The Register

• Experts Warn of A Surge In Zero-Day Flaws Observed And Exploited in 2021 - Security Affairs

• Cyber Criminals are Feasting Over 'Zero-day Hacks' While the World Watches (analyticsinsight.net)

Vulnerabilities

• CISA Adds 7 Vulnerabilities to List Of Bugs Exploited In Attacks (bleepingcomputer.com)

• Cisco Patches 11 High-Severity Vulnerabilities in Security Products | SecurityWeek.Com

• Update Now! Critical Patches for Chrome and Edge | Malwarebytes Labs

• Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL (darkreading.com)

• Log4j Attack Surface Remains Massive (darkreading.com)

• Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System (thehackernews.com)

• Millions of Java Apps Remain Vulnerable to Log4Shell | Threatpost

• Organisations Warned of Attacks Exploiting WSO2 Vulnerability | SecurityWeek.Com

• Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack (darkreading.com)

• Vulnerability Found in WordPress Anti-Malware Firewall (searchenginejournal.com)

Sector Specific

Financial Services Sector

• Private Investigator Admits Role in Hedge Fund Hack - Infosecurity Magazine

Government

• Governments Under Attack Must Think Defensively - Help Net Security

• Data Breach Disrupts UK Army Recruitment - Infosecurity Magazine

Health/Medical/Pharma Sector

• French Hospital Group Disconnects Internet After Hackers Steal Data (bleepingcomputer.com)

• Medical Software Firm Fined €1.5M for Leaking Data of 490k Patients (bleepingcomputer.com)

• Data breach at US healthcare provider ARcare impacts 345,000 individuals | The Daily Swig (portswigger.net)

• DDoS Attacks Target Healthcare, Education Markets, Research Finds - MSSP Alert

• Smile Brands Breach Impacts 2.5 Million Individuals - Infosecurity Magazine

CNI, OT, ICS, IIoT and SCADA

• Why Is It So Easy To Break Into The Systems That Run The World’s Most Critical, Expert Weighs In - Information Security Buzz

• Chickens Baked Alive Due to Computer Glitch - Infosecurity Magazine

Education and Academia

• Universities Lose Over £2m to Ransomware - IT Security Guru

• DDoS Attacks Target Healthcare, Education Markets, Research Finds - MSSP Alert

Gaming/Gambling

• New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware (trendmicro.com)

Reports Published in the Last Week

• Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Quarterly Report: Incident Response trends in Q1 2022

• Internet Security Report - Q4 2021 | WatchGuard Technologies

• State of Pentesting Report 2022 | Cobalt

Other News

• SolarWinds Breach Lawsuits: 6 Takeaways for CISOs | CSO Online

• 41% Of Businesses Had an API Security Incident Last Year - Help Net Security

• Security Leaders Relying More Heavily on MSPs Amid Talent Crunch - Help Net Security

• 2022 Security Priorities: Staffing and Remote Work (darkreading.com)

• GitHub: How Stolen OAuth Tokens Helped Breach Dozens of Orgs (bleepingcomputer.com)

• Why Companies Should Focus on Preventing Privilege Escalation (techtarget.com)

• German Wind Turbine Firm Hit by 'Targeted, Professional Cyber Attack' | SecurityWeek.Com

• 308,000 Exposed Databases Discovered, Proper Management Is Key - Help Net Security

• Lapsus$ targeting SharePoint, VPNs and virtual machines (techtarget.com)

• Indian Govt Orders Organisations to Report Security Breaches Within 6 Hours to CERT-In (thehackernews.com)

• Top Five Post-Pandemic Priorities for Cyber Security Leaders - Help Net Security

• Security Spending Set to Hit $198bn by 2025 - Infosecurity Magazine

• Companies Poorly Prepared to Meet CCPA, CPRA and GDPR Compliance Requirements - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Technology Has Enabled Cyber-Crime On An Industrial Scale

Nobody likes a call from the taxman. Donald Rumsfeld, who as America’s defence secretary oversaw a budget bigger than the economy of a typical country, nonetheless finds the rules so confusing that he writes to the Internal Revenue Service each year complaining that he has “no idea” whether he has filed his taxes correctly. So, it is hardly surprising that, when the phone rings and an official-sounding voice says you have underpaid your taxes and will be connected to an adviser to pay the balance, ordinary folk tremble.

https://www.economist.com/international/2021/05/06/new-technology-has-enabled-cyber-crime-on-an-industrial-scale

Cyber Security Control Failures Listed As Top Emerging Risk

Despite a myriad of risks resulting from the pandemic, such as the new work environment and environmental, social and governance (ESG) concerns, cyber security risk was singled out with notable consistency across all geographic regions and most industries, cited by 67% of respondents. The next highest cited risk, “the new working model” was cited by 43% of respondents. “Many organisations were forced to implement quick fixes to serious operational gaps as a result of their initial pandemic responses.”

https://www.helpnetsecurity.com/2021/05/03/cybersecurity-control-failures/

Third Parties Caused Data Breaches At 51% Of Organisations

Remote access is becoming an organisation's weakest attack surface, according to new research published. The new report, titled “A Crisis in Third-party Remote Access Security,” reveals a disparity between an organisation's perceived third-party access security threat and the protective measures it puts in place. Researchers found that organisations are exposing their networks to non-compliance and security risks by not taking action to reduce third-party access risk.

https://www.infosecurity-magazine.com/news/third-parties-breaches-at-51-of/

Apple Devices Under Attack — Update Your Mac, iPhone, iPad And Apple Watch Now

Apple on Monday (May 3) pushed out emergency patches to macOS, iPadOS, watchOS and two different versions of iOS to fix four flaws in WebKit, the rendering engine that underlies the Safari web browser. Install these updates when you receive them, because for each flaw, the company states that "Apple is aware of a report that this issue may have been actively exploited." In each case, Apple says, "processing maliciously crafted web content may lead to arbitrary code execution." In plain English, that means web pages could be built to remotely hack your Mac, iPhone, iPad, or Apple Watch.

https://www.tomsguide.com/uk/news/apple-urgent-updates-2105

Enforcing KYC, AML Laws Is Key To Reducing Ransomware Attacks: Task Force

Better enforcement of crypto currency regulations can help address an increasing number of ransomware attacks; a public-private task force claimed Thursday. The Ransomware Task Force, led by the Institute for Security and Technology with support from Microsoft, McAfee and various government agencies, published a report proposing a host of government and company responses to the growing threat of ransomware attacks, including recommendations to disrupt payments to the developers who develop this form of malware. A ransomware attack is one where a malicious actor hijacks a computer or network, locking it until the victim pays a ransom, often in crypto currency (ransomware victims paid close to $350 million in crypto to attackers last year). Paying the ransom is not necessarily a guarantee the perpetrator will share a decryption tool to unlock the computer.

https://www.coindesk.com/enforcing-kyc-aml-laws-is-key-to-reducing-ransomware-attacks-report-says

Ransomware Reality Shock: 92% Who Pay Do Not Get Their Data Back

As Apple gets caught up in an apparent $50 million ransomware extortion attempt by a significant cyber criminal gang, new research reveals just how unlikely it is that organisations will get all their data back if they pay up. On April 23, I reported how the notorious cyber criminal gang behind the REvil ransomware operation had attempted to get Apple to pay the ransom for another business that it had targeted. That business, REvil said, was Apple original design manufacturer Quanta Computer and the gang said it had stolen the schematics for several new Apple products. Several blueprints were published to the REvil dark web site, including one that 9to5Mac determined was related to the 2021 MacBook Pro.

https://www.forbes.com/sites/daveywinder/2021/05/02/ransomware-reality-shock-92-who-pay-dont-get-their-data-back/?sh=4c38f3d5e0c7

New Vulnerabilities Impact 60% Of The Internet’s Email Servers

The maintainers of the Exim email server software have released updates today to patch a collection of 21 vulnerabilities that can allow threat actors to take over servers using both local and remote attack vectors. Known as 21Nails, the vulnerabilities were discovered by the security firm Qualys. The bugs impact Exim, a type of email server known as a mail transfer agent (MTA) that helps email traffic travel across the internet and reach its intended destinations. While there are different MTA clients available, an April 2021 survey shows that Exim has a market share of nearly 60% among all MTA solutions, being widely adopted around the internet.

New vulnerabilities impact 60% of the internet’s email servers

Ransomware: There's Been A Big Rise In Double Extortion Attacks As Gangs Try Out New Tricks

There has been a big rise in the number of ransomware gangs that threaten to release information stolen from the victims if they themselves rather than the firm, do not pay the ransom for the decryption key required to restore their network. The idea behind these 'double extortion' ransomware attacks is that even if the victim organisation believes it can restore its network without giving into the ransom demands of cyber criminals – which regularly cost millions of dollars in Bitcoin – the threat of sensitive information about employees or customers being exposed could still push victims to giving into the blackmail and paying the ransom.

https://www.zdnet.com/article/ransomware-theres-been-a-big-rise-in-double-extortion-attacks-as-gangs-try-out-new-tricks/

They Told Their Therapists Everything. Hackers Leaked It All

Finnish mental health Clinic Vastaamo suffers catastrophic data breach. A security flaw at the firm’s IT provider not only exposed full names, dates of birth, and social security numbers, but also the actual written notes their therapists had taken. It was the patients themselves, rather than the firm were then left facing a demand for ransom payment to prevent public disclosure of their data.

https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/?utm_source=twitter&utm_medium=social&utm_campaign=onsite-share&utm_brand=wired&utm_social-type=earned

Millions At Security Risk From Old Routers

Millions of people could be using outdated routers that put them at risk of being hacked. The consumer watchdog examined 13 models provided to customers by internet-service companies such as EE, Sky and Virgin Media and found more than two-thirds had flaws. It estimated about six million people could have a device not updated since 2018 or earlier. So, in some cases, they would not have received crucial security updates.

https://www.bbc.co.uk/news/technology-56996717

An Estimated 30% Of All Smartphones Vulnerable To New Qualcomm Bug

Around a third of all smartphones in the world are believed to be affected by a new vulnerability in a Qualcomm modem component that can grant attackers access to the device’s call and SMS history and even audio conversations. First designed in the early 90s, the chip has been updated across the years to support 2G, 3G, 4G, and 5G cellular communications and has slowly become one of the world’s most ubiquitous technologies, especially with smartphone vendors. Devices that use Qualcomm MSM chips today include high-end smartphone models sold by Google, Samsung, LG, Xiaomi, and One Plus, just to name a few.

https://therecord.media/an-estimated-30-of-all-smartphones-vulnerable-to-new-qualcomm-bug/

Threats

Ransomware

• Cloud Hosting Provider Swiss Cloud Suffered A Ransomware Attack

• Babuk Quits Ransomware Encryption, Focuses On Data-Theft Extortion

Phishing

• 'Phishing' Sites Buying Workplace Login Details Linked to Well-Funded Start-up

Malware

• Global Phishing Attacks Spawn Three New Malware Strains

• New Pingback Malware Using ICMP Tunnelling to Evade C&C Detection

• New Buer Malware Downloader Rewritten in E-Z Rust Language

Mobile

• Serious Android flaw threatens hundreds of millions of users

Vulnerabilities

• Security Researchers Found 21 Flaws In This Widely Used Email Server, So Update Immediately

• Dell Is Issuing A Security Patch For Hundreds Of Computer Models Going Back To 2009

• Pulse Secure fixes VPN zero-day used to hack high-value targets

• Microsoft Warns Of Damaging Vulnerabilities In Dozens Of Iot Operating Systems

• Python Also Impacted By Critical Ip Address Validation Vulnerability

• Computer Scientists Discover New Vulnerability Affecting Computers Globally

Data Breaches

• Data Leak Implicates Over 200,000 People In Amazon Fake Product Review Scam

• Middle Market Companies Facing A Record Number Of Data Breaches

Nation State Actors

• Researchers Uncover Iranian State-Sponsored Ransomware Operation

• Rare New Windows Rootkit Spotted In Chinese Apt Attacks

Denial of Service

• A Massive DDoS Knocked Offline Belgian Government Websites

Privacy

• Android Devices Are Leaking Contact Tracing Data All Over The Place

Other News

• Woman Loses Nearly £113k In Dating Site Romance Fraud

• Healthcare Organisations Implementing Zero Trust To Tackle Cyber Attacks

• Hackers Break Into Tesla Using a Drone Flying Over the Car

• Penetration Testing Leaving Organisations With Too Many Blind Spots

• Goodbye Again, Flash—Microsoft Makes Removal From Windows 10 Mandatory

• Data Leak Makes Peloton’s Horrible, No-Good, Really Bad Day Even Worse

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.