Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 07 July 2023

Black Arrow Cyber Threat Briefing 07 July 2023:

-Cyber Attacks Against Mobile Devices Growing Fast

-One Third of Security Breaches Go Unnoticed by Security Professionals

-Cyber Security Experts Have Become Targets for Board Seats

-Phishing Attack Prevention as Email Attacks Surge Over 450%

-Outsmarting Business Email Compromise Scammers

-Small Organisations Face Security Threats on a Limited Budget

-Cloud Security: Sometimes the Risks May Outweigh the Rewards

-Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

-75% of Consumers Prepared to Ditch Brands Hit by Ransomware

-Scammers Using AI Voice Technology to Commit Crimes

-What are the Causes of Data Loss and What it the Impact on Your Organisation?

-Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Attacks Against Mobile Devices Growing Fast

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year.  The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.

It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/cyber-attacks-against-mobile-devices-growing-fast/

https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

  • One Third of Security Breaches Go Unnoticed by Security Professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.

The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

  • Cyber Security Experts Have Become Targets for Board Seats

The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.

https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html

  • Phishing Attack Prevention as Email Attacks Surge Over 450%

A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.

In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.

https://cybersecuritynews.com/phishing-attack-prevention-checklist/

https://www.msspalert.com/cybersecurity-research/email-cyberattacks-spiked-nearly-500-in-first-half-of-2023-acronis-reports/

  • Outsmarting Business Email Compromise (BEC) Scammers

Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.

There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.

https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers

  • Small Organisations Face Security Threats on a Limited Budget

Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.

https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/

  • Cloud Security: Sometimes the Risks May Outweigh the Rewards

Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.

https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/

https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

  • Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.

From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.

https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks

https://techcrunch.com/2023/07/06/more-organizations-confirm-moveit-related-breaches-as-hackers-claim-to-publish-stolen-data

  • 75% of Consumers Prepared to Ditch Brands Hit by Ransomware

As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

  • Scammers Using AI Voice Technology to Commit Crimes

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.

The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.

https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/

  • What are the Causes of Data Loss and What it the Impact on Your Organisation?

In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.

It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.

https://securityaffairs.com/148086/security/impacts-of-data-loss.html

  • Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.

One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Attack Surface Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Cyber Weekly Flash Briefing 17 July 2020: Major US Twitter accounts hacked, Malware in Chinese Tax Software, NK steals $2bn through cyber heists, Counterfeit Cisco kit, Windows DNS vulns, Citrix vuln

Cyber Weekly Flash Briefing 17 July 2020: Major US Twitter accounts hacked, Malware in Chinese Tax Software, NK steals $2bn through cyber heists, Counterfeit Cisco kit, Windows DNS vulns, Citrix vulns, Iranian Spies Accidentally Leaked Videos of Themselves Hacking, Malicious Router Log-Ins Soar Tenfold in Botnet Battle

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Major US Twitter accounts hacked in Bitcoin scam

Billionaires Elon Musk, Jeff Bezos and Bill Gates are among many prominent US figures targeted by hackers on Twitter in an apparent Bitcoin scam.

The official accounts of Barack Obama, Joe Biden and Kanye West also requested donations in the cryptocurrency.

"Everyone is asking me to give back," a tweet from Mr Gates' account said. "You send $1,000, I send you back $2,000."

The US Senate Commerce committee has demanded Twitter brief it about the incident next week.

Twitter said it was a "co-ordinated" attack targeting its employees "with access to internal systems and tools".

"We know they [the hackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf," the company said in a series of tweets.

It added that "significant steps" had been taken to limit access to such internal systems and tools while the company's investigation was ongoing.

The firm has also blocked users from being able to tweet Bitcoin wallet addresses for the time being.

Read more here: https://www.bbc.co.uk/news/technology-53425822

More Malware Found Hidden in Chinese Tax Software

A malware campaign hiding backdoors in mandatory Chinese corporate tax software is far more extensive than at first thought, according to researchers from Trustwave.

The vendor warned last month that it discovered several clients had unwittingly installed the GoldenSpy backdoor after agreeing to download the Intelligent Tax software product, produced by Aisino Corporation.

China’s banks require all companies to download software from either Aisino or Baiwang to comply with its Golden Tax VAT scheme, indicating that the malware campaign has either direct sponsorship from the government, or is happening with its blessing.

Soon after Trustwave reported on the powerful GoldenSpy backdoor, which it said could not be removed, an uninstaller appeared out of the blue which directly negates the threat.

Now the vendor has discovered a second piece of malware, dubbed GoldenHelper, which dates back to before GoldenSpy. It’s found in the Golden Tax Invoicing Software (Baiwang edition), which is digitally signed by a subsidiary of Aisino, Nou Nou Technologies.

The malware, while functionally different to GoldenSpy, has a similar delivery mechanism and it utilises three DLL files to: interface with the Golden Tax software; bypass Windows security and escalate privileges; and download and execute arbitrary code with system-level privileges.

It also uses multiple techniques to hide its presence and activity, including randomization of name whilst in transit and of file system location, timestomping, IP-based Domain Generation Algorithm (DGA), and UAC bypass and privilege escalation.

Read more here: https://www.infosecurity-magazine.com/news/more-malware-hidden/

How North Korea’s army of hackers stole $2bn through cyber bank heists

Towards the end of last year, a series of seemingly innocuous LinkedIn messages were sent to employees of aerospace and military companies in the UK, Europe and the Middle East. Curious engineers who replied to the job offers were sent further messages urging them to download files to find out more about the opportunities.

The file contained a list of available jobs and the salaries for each role. While recipients read through the list of highly paid positions, their computers were silently taken over by hackers who implanted software that allowed them to peer through all of their files and emails.

The lucrative jobs weren’t real, and neither were the recruiters. Instead the messages were sent by Lazarus, a notorious North Korean hacking group, which in 2014 had managed to break into the servers of Sony Pictures and in 2017 brought parts of the NHS to a standstill during the WannaCry ransomware attack.

Once the hackers had gained access to their target’s computer, the fake LinkedIn profiles vanished.

One hacker then used his access to a victim’s email account to find an outstanding invoice. He sent an email to another business demanding payment, but asked for the money to be sent to a new bank account controlled by the hacking group.

This cyber attack is a typical example of North Korea’s unique approach to hacking. As well as attacks to make political statements, the country uses its legions of hackers to generate billions of dollars for the regime through a series of audacious cyber bank heists.

A United Nations report published last year estimated that North Korean hackers have stolen more than $2bn (£1.5bn) and said the money was being funneled into the regime’s missile development programmes.

Cut off from almost all of the world’s financial systems, North Korea has for years relied on a series of illegal activities to bolster its income. As well as thriving drug trafficking and counterfeiting schemes, the regime has also funded hundreds of its own digital bank heists.

Read more here: https://www.telegraph.co.uk/technology/2020/07/12/north-koreas-army-hackers-stole-2bn-cyber-bank-heists/

UK ‘on alert for China cyber attack’ in retaliation for Hong Kong

The government must be alert to potential cyber attacks from countries such as China, ministers have said as tensions increase between London and Beijing.

Last month relations between the UK and China soured after Boris Johnson pledged to offer refuge to millions of Hong Kong citizens if the country implements its planned national security law. The government is also reported to have ‘changed its view’ on plans for Chinese tech company Huawei to play a role in developing the UK’s 5G network due to growing unease over security risks.

Now senior sources claim the worsening ties could see Britain be targeted by Chinese-backed hackers in a so-called ‘cyber 9/11’. This could damage computer networks, cause power and phone blackouts and bring hospitals, government and businesses to a standstill.

Britain’s National Cyber Security Centre says it is not ‘expecting’ a rise in attacks. However, one senior minister said the threat was ‘obviously part of conversations’, but added that ‘all risk must be looked at in the round’.

Read more: https://metro.co.uk/2020/07/12/ministers-fear-cyber-attack-uk-relations-worsen-china-12978970/

Ransomware warning: Now attacks are stealing data as well as encrypting it

There's now an increasing chance of getting your data stolen, in addition to your network being encrypted, when you are hit with a ransomware attack – which means falling victim to this kind of malware is now even more dangerous.

The prospect of being locked out of the network by cyber criminals is damaging enough, but by leaking stolen data, hackers are creating additional problems. Crooks use the stolen data as leverage, effectively trying to bully organisations who've become infected with ransomware into paying up – rather than trying to restore the network themselves – on the basis that if no ransom is paid, private information will be leaked.

Ransomware groups like those behind Maze and Sodinokibi have already shown they'll go ahead and publish private information if they're not paid and now the tactic is becoming increasingly common, with over one in ten attacks now coming with blackmail in addition to extortion.

Organisations in the legal, healthcare and financial sectors are among the most targeted by these campaigns, based on the assumption that they hold the most sensitive data.

Read more here: https://www.zdnet.com/article/ransomware-warning-now-attacks-are-stealing-data-as-well-as-encrypting-it/

Stop Ignoring Two-Factor Authentication Just Because You’re Lazy

A large number of people and businesses are missing out on a simple, effective online security solution by ignoring two-factor authentication (2FA), also called multi-factor authentication (MFA). The only requirement is to enter a code or press a button on a separate device from the one being used, yet for many, that effort seems too great. Laziness literally becomes the weakest point in their data protection systems.

If this sounds familiar, it’s time to change, as 2FA strengthens the security of all-important apps, including those where you share financial details such as banking and shopping apps – but to work, it has to be used.

Read more here: https://www.infosecurity-magazine.com/opinions/authentication-lazy/

Russian hackers ‘try to steal vaccine research’ in cyber attack on labs

Hackers linked to Russian intelligence agencies are targeting British scientists seeking to develop a coronavirus vaccine, spooks in the US, UK and Canada have warned.

In a joint statement Britain’s National Cyber Security Centre (NCSC), the US National Security Agency and the Canadian Communication Security Establishment, said that the APT29 hacking group, also known as the ‘Dukes’ or ‘Cozy Bear’ has been hitting medical organisations and universities with cyber attacks which they believe have had the Kremlin’s blessing.

These attacks are part of a global campaign to steal research secrets of research. While the institutions targeted have not been revealed, the UK is home to two of the world’s leading coronavirus vaccine development programmes based at Oxford University and Imperial College London.

Read more: https://metro.co.uk/2020/07/16/russian-hackers-launch-cyber-attack-uk-vaccine-researchers-12998769/

Counterfeit Cisco switches raise network security alarms

In a disconcerting event for IT security professionals, counterfeit versions of Cisco Catalyst 2960-X Series switches were discovered on an unnamed business network, and the fake gear was found to be designed to circumvent typical authentication procedures, according to a report.

researcher say their investigators found that while the counterfeit Cisco 2960-X units did not have any backdoor-like features, they did employ various measures to fool security controls. For example, one of the units exploited what F-Secure believes to be a previously undiscovered software vulnerability to undermine secure boot processes that provide protection against firmware tampering.

Read more: https://www.networkworld.com/article/3566705/counterfeit-cisco-switches-raise-network-security-alarms.html

Vulnerability in Windows DNS servers

Microsoft has reported a critical vulnerability in Windows DNS server under CVE-2020-1350.

Bad news: The vulnerability scored 10 on the CVSS scale, which means it’s critical. Good news: Cyber criminals can exploit it only if the system is running in DNS server mode; in other words, the number of potentially vulnerable computers is relatively small. Moreover, the company has already released patches and a workaround.

The vulnerability lets a malefactor force DNS servers running Windows Server to execute malicious code remotely. In other words, the vulnerability belongs to the RCE class. To exploit CVE-2020-1350, one just has to send a specially generated request to the DNS server.

Installing the Microsoft patch modifies the method of handling requests by DNS servers. The patch is available for Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server version 1903, Windows Server version 1909, and Windows Server version 2004.

Read more here: https://www.kaspersky.com/blog/cve-2020-1350-dns-rce/36366/

Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities.

This week Citrix has addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities could be exploited by attackers for local privilege escalation, to trigger a DoS condition, to bypass authorization, to get code injection, and to launch XSS attacks.

Some of the addressed flaws could be exploited only if the attackers have access to the targeted system and request user interaction, or other conditions must be verified. For this reason, Citrix believes the flaws are less likely to be exploited.

Now, hackers are scanning the web for systems affected by the recently disclosed Citrix vulnerabilities.

Read more here: https://securityaffairs.co/wordpress/105776/hacking/vulnerable-citrix-systems-scan.html

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

A security team obtained five hours of Iranian state actor group APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it’s targeting.

Normally security researchers need to painstakingly piece together the blow-by-blow of a state-sponsored hacking operation, they're usually following a thin trail of malicious code samples, network logs, and connections to faraway servers. That detective work gets significantly easier when hackers record what they’re doing and upload the video to an unprotected server on the open internet. Which is precisely what a group of Iranian hackers may have unwittingly done.

Read more here: https://www.wired.com/story/iran-apt35-hacking-video/

Amazon-Themed Phishing Campaigns Swim Past Security Checks

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.

Amazon in the era of COVID-19 has become a staple of many people’s lives, as they order everything from sourdough starter to exercise equipment. Cybercrooks have latched onto the delivery behemoth as a lure for phishing emails, knowing that plenty of legitimate delivery messages are also making it into people’s inboxes and offering cover.

Researchers recently spotted a pair of savvy campaigns leveraging Amazon: A credential-phishing attempt using a purported Amazon delivery order failure notice; and a voice phishing (vishing) attempt also using Amazon delivery order. Both are examples of the ever-more sophisticated phishing efforts being developed by fraudsters that are aimed at gaming traditional email security efforts, researchers said.

Read more here: https://threatpost.com/amazon-phishing-campaigns-security-checks/157495/

Malicious Router Log-Ins Soar Tenfold in Botnet Battle

Home users are being urged to ensure their routers are adequately protected after experts revealed a tenfold spike in brute force log-in attempts.

According to the latest research from Trend Micro “Worm War: The Botnet Battle for IoT Territory”, describes a threat landscape in which rival cyber-criminals are competing against each other in a race to compromise as many devices as possible, to conscript into botnets.

The vendor claimed that automated log-in attempts against routers rose from 23 million in September to nearly 249 million attempts in December 2019. As recently as March this year, it detected almost 194 million brute force logins.

The report also revealed an uptick in routers attempting to open telnet sessions with other devices. As telnet is unencrypted it’s a favorite way for hackers or their botnets to sniff user credentials and therefore infect more routers or IoT devices.

Nearly 16,000 devices attempted to open telnet sessions with other IoT devices in a single week in mid-March, according to the data.

The report warned that these mass compromises could cause serious disruption for home networks at a time when many global users are being forced to work and study from home.

Read more here: https://www.infosecurity-magazine.com/news/malicious-router-logins-soar/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Read More