Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 20 August 2021
Black Arrow Cyber Threat Briefing 20 August 2021:
-Third of Global Companies Have Experienced Ransomware Attack, Survey Finds
-Company Size Is A Nonissue With Automated Cyberattack Tools
-60% Of Employees Reuse Passwords Across Business And Personal Accounts
-LockBit 2.0 Ransomware Proliferates Globally
-Secret Terrorist Watchlist With 2 Million Records Exposed Online
-Phishing Costs Quadruple Over 6 Years
-Security Teams Report Rise In Cyber Risk
-Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
A Third of Global Companies Have Experienced Ransomware Attack, Survey Finds
Roughly a third of large international companies have faced a ransomware attack or other data breach in the last 12 months, according to a new survey.
Analysts surveyed almost 800 companies and found 37% of international companies experienced ransomware attacks this past year. The survey focused on companies with more than 500 employees.
Company Size Is A Nonissue With Automated Cyber Attack Tools
Even with plenty of old problems to contend with, firms need to get ready for new and more powerful automated ransomware tools.
Cyber criminals are constantly looking for the best return on their investment and solutions that lower the chance of being caught. Sadly, that appears to mean small businesses are their current target of opportunity.
Tech media and cyber pundits have been sounding the alarm and offering small businesses specific cybersecurity solutions for a few years now, but it seems to no avail.
https://www.techrepublic.com/article/company-size-is-a-nonissue-with-automated-cyberattack-tools/
Over 60% Of Employees Reuse Passwords Across Business And Personal Accounts
Nearly two thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue. Surprisingly, 97% of employees know what constitutes a strong password, yet over half (53%) admit to not always using one.
http://hrnews.co.uk/over-60-of-employees-reuse-passwords-across-business-and-personal/
LockBit 2.0 Ransomware Proliferates Globally
Fresh attacks target companies’ employees, promising millions of dollars in exchange for valid account credentials for initial access.
The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.
https://threatpost.com/lockbit-ransomware-proliferates-globally/168746/
Secret Terrorist Watchlist With 2 Million Records Exposed Online
A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.
The list was left accessible on an Elasticsearch cluster that had no password on it.
Phishing Costs Nearly Quadrupled Over 6 Years
Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not pay-outs to crooks.
Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large US companies are now losing, on average, $14.8 million annually, or $1,500 per employee.
That’s up sharply from 2015’s figure of $3.8 million, according to a new study from Ponemon Institute that was sponsored by Proofpoint.
According to the study, released Tuesday, phishing leads to some of the costliest cyber attacks.
https://threatpost.com/phishing-costs-quadrupled/168716/
Security Teams Report Rise In Cyber Risk
A recent report shows declining confidence in many organisations’ security function to address today’s threats.
80% of respondents to the Trend Micro’s biannual Cyber Risk Index (CRI) report said they expect to experience a data breach that compromises customer data in the next 12 months.
The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets.
Organisations are overwhelmed as they pivot from traditional to distributed networks. Pandemic-driven work-from-home growth is potentially how businesses will be run going forward. That distributed network means that it’s harder for IT staff to know what assets are under their control and what security controls should be in place. With the line blurring between corporate and personal assets, organizations are overwhelmed with the pace of change.
https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html
Organisations Aware Of The Importance Of Zero Trust, Yet Still Relying On Passwords
Organisations have become more security conscious over the course of the pandemic, leading them to invest heavily in zero trust, according to a new study.
The report surveyed over 600 global security leaders about their initiatives and found that remote work has led to a change in how organizations view the importance of zero trust, with financial services, healthcare organisations and the software industry seeing the most significant progress.
78% of companies globally say that zero trust has increased in priority and nearly 90% are currently working on a zero trust initiative, up from just 41% a year ago.
https://www.helpnetsecurity.com/2021/08/11/importance-of-zero-trust/
Reliance On Third Party Workers Making Companies More Vulnerable To Cyber Attacks
A new survey revealed 83% of respondents agree that because organisations increasingly rely on contractors, freelancers, and other third party workers, their data systems have become more vulnerable to cyber attacks.
Further, 88% of people say organisations and government entities must have better data security systems in place to protect them from the increase in third party remote attacks.
Recent high-profile breaches, including SolarWinds, Colonial Pipeline, and JBS Foods, have exposed how vulnerable organisations are to cyber crime and in particular ransomware attacks. Of note with recent attacks is how data breaches can quickly affect aspects of everyday life, such as the ability to fill a car with petrol or buy meat at the supermarket.
https://www.helpnetsecurity.com/2021/08/16/reliance-on-third-party-workers/
The Cyber Security Skills Gap Persists For The Fifth Year Running
Most organisations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.
T-Mobile Hack Is A Return To The Roots Of Cyber Crime
In the world of cyber crime, ransomware attacks might be the sophisticated bank heists. The hack of T-Mobile is more akin to smashing a window, grabbing merchandise, and running.
The attack that exposed the personal information of millions of T-Mobile customers spotlights a common type of cyber threat that can inflict significant damage to consumers, much like the recent rash of ransomware attacks hitting companies.
The breach exposed the data of more than 40 million people, T-Mobile confirmed Wednesday, including customer’s full names and driver’s license information. A hacker posted about the stolen information on a cyber crime forum late last week, offering to sell the information to buyers for the price of six bitcoin, or about $270,000.
This type of attack, in which hackers worm their way into companies’ systems, steal data and try to sell it online, has been a common tactic for years, cyber security experts say. Unlike the high-profile ransomware attacks that have disrupted fuel supplies, hospital systems and food production in recent months, these data exfiltration hacks do not lock down computer systems.
https://www.washingtonpost.com/technology/2021/08/19/tmobile-breach-data-hacks/
Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks
The first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, a new report reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May.
Bad actors continue to utilise phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on.
https://www.helpnetsecurity.com/2021/08/19/phishing-attacks-h1-2021/
Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily
A new report has shined a light on the state of connected devices. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020). These devices include medical and manufacturing devices that are critical to business operations along with network devices, IP phones, video surveillance cameras and facility devices (such as badge readers) that are not designed with security in mind, cannot be patched, and cannot support endpoint security agents.
With almost half of devices in the network that are either agentless or un-agentable, organisations need to complement their endpoint security strategy with a network-based security approach to discover and secure these devices.
https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/
Threats
Ransomware
John Oliver On Ransomware Attacks: ‘It’s In Everyone’s Interest To Tet This Under Control’
Device Complexity Leaving Schools At Heightened Risk Of Ransomware Attacks
This Ransomware Has Returned With New Techniques To Make Attacks More Effective
Diavol Ransomware Sample Shows Stronger Connection To TrickBot Gang
Ransomware Criminals' Demands Rise As Aggressive Tactics Pay Off
BEC
Phishing
Other Social Engineering
Malware
Malware Campaign Uses Clever 'Captcha' To Bypass Browser Warning
Malware Dev Infects Own PC And Data Ends Up On Intel Platform
Researchers Discover New AdLoad Malware Campaigns Targeting Macs And Apple Products
Mobile
IOT
Vulnerabilities
Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly A Million IoT Devices
Unpatched Remote Hacking Flaw Disclosed In Fortinet's FortiWeb WAF
65 Vendors Affected By Severe Vulnerabilities In Realtek Chips
Eight-Year-Old Bug In Microsoft's 64-Bit VBA Prompts Complaints Of Neglect
Cisco Won’t Fix Zero-Day RCE Vulnerability In End-Of-Life VPN Routers
Data Breaches/Leaks
Chase Bank Accidentally Leaked Customer Info To Other Customers
Colonial Pipeline Reports Data Breach After May Ransomware Attack
Ford Bug Exposed Customer And Employee Records From Internal Systems
Dark Web
Dark Web Blockchain Analysis Tool Suspended After Flurry Of Media Coverage
Dark Web Drug Dealer Indicted For Laundering $137 Million In Bitcoin From Prison
Dark Web Criminals Have Built A Tool That Checks For Dirty Bitcoin
Supply Chain
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
Cloud
Other News
Threat Actors Hacked US Census Bureau In 2020 By Exploiting A Citrix Flaw
Cyber Security Is Top Priority For Enterprises As They Shift To Digital-First Operating Models
SMEs Awareness Of GDPR Is High, But Few Adhere To Its Legal Requirements
Hacker Finds A Way To Steal Windows 365 User Names And Passwords
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 05 February 2021
Black Arrow Cyber Threat Briefing 05 February 2021: Ransomware Gangs Made At Least $350 Million In 2020; Widening Security Shaped Gulf Between Firms And Remote Workers; 3.2 Billion Emails And Passwords Exposed; Account Takeover and Data Leakage Attacks Spiked In 2020; Automated Tools Increasingly Used to Launch Cyber Attacks; 93% Of Workers Overshare Online, Causing Social Engineering Risks;
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Gangs Made At Least $350 Million In 2020
Ransomware gangs made at least $350 million in ransom payments last year, in 2020, blockchain analysis. The figure was compiled by tracking transactions to blockchain addresses linked to ransomware attacks. Although Chainalysis possesses one of the most complete sets of data on cryptocurrency-related cybercrime, the company said its estimate was only a lower bound of the true total due.
https://www.zdnet.com/article/ransomware-gangs-made-at-least-350-million-in-2020/
Home Working Increases Cyber Security Fears
"We see tens of different hacking attacks every single week. It is never ending."A senior computer network manager says they are bombarded from all directions. "We see everything," he says. "Staff get emails sent to them pretending to be from the service desk, asking them to reset their log-in passwords. "We see workers being tricked into downloading viruses from hackers demanding ransoms, and we have even had employees sent WhatsApp messages pretending to be from the CEO, asking for money transfers.
https://www.bbc.co.uk/news/business-55824139
3.2 Billion Emails And Passwords Exposed Online
A whopping 3.2 billion password-username pairs are up for grabs in an unnamed online hacking forum. But don't panic — the data is nothing new. It's a compilation of stolen credentials from dozens of old data breaches, some going back ten years. That doesn't mean you shouldn't be aware that your old passwords are floating out there. Yes, your passwords, and ours too. Pretty much anyone who's ever created more than three online accounts has had a password compromised by now.
https://www.tomsguide.com/news/3-2-billion-passwords-leaked
Account Takeover Attacks Spiked In 2020
Occurring whenever a bad actor can steal login credentials and seize control of an online account, takeover attacks rose from 34% of fraud detected in 2019 to 54% by the end of December 2020. Other methods of fraud were blips on the radar compared to account takeovers: The next most popular method, at just 16% of detected fraud, was money laundering/mule transactions, followed by new account fraud (14%), and a mere 12% of instances used remote access or hacking tools to accomplish their goals.
https://www.techrepublic.com/article/account-takeover-attacks-spiked-in-2020-kaspersky-says/
30% Of “Solarwinds Hack” Victims Didn’t Actually Use Solarwinds
When security last week that it had been targeted by the same attacker that compromised SolarWinds' Orion software, it noted that the attack did not use SolarWinds itself. According to Malwarebytes, the attacker had used "another intrusion vector" to gain access to a limited subset of nearly a third of the organizations attacked had no direct connection to SolarWinds.
Data Leakage Attacks Saw Huge Rise In 2020
The number of data leakage incidents grew by an “unprecedented” rate in 2020, a new report from Imperva argues. Through online means alone, not counting leaks caused by lost hardware or word of mouth, Imperva researchers tracked a 93 percent rise. By the end of the year, Imperva had identified a total of 1.7 million leaks, with the the number growing even faster in the second half of the year. Between Q3 and Q4, there was a 47 percent increase.
https://www.itproportal.com/news/data-leakage-attacks-saw-huge-rise-in-2020/
Automated Tools Increasingly Used to Launch Cyber Attacks
Cyber-criminals are increasingly making use of automation and bots to launch attacks, according to a new analysis. revealed that over half (54%) of all cyber-attacks it blocked in November and December were web application attacks which involved the use of automated tools. The most prevalent form was fuzzing attacks, making up around one in five (19.5%). This uses automation to detect and exploit the points at which applications break. This was followed by injection attacks (12%), in which cyber-criminals make use of automation tools such as sqlmap to gain access to applications.
https://www.infosecurity-magazine.com/news/automated-tools-launch-cyber/
A Second SolarWinds Hack Deepens Third-Party Software Fears
It’s been more than two months since revelations that alleged Russia-backed hackers broke into the IT management firm SolarWinds and used that access to launch a massive software supply chain attack. It now appears that Russia was not alone; Reuters reports that suspected Chinese hackers independently exploited a different flaw in SolarWinds products last year at around the same time, apparently hitting the US Department of Agriculture's National Finance Center.
https://www.wired.com/story/solarwinds-hack-china-usda/
93% Of Workers Overshare Online, Causing Security Risks
Reveals just how much, and how often, people divulge about their lives online and how attackers take advantage of it. With insights from both professionals and hackers, the report explores how cybercriminals use an abundant and seemingly cheap resource — the personal information people share on social media and in out-of-office alerts — to craft social engineering attacks.
https://www.helpnetsecurity.com/2021/02/03/workers-overshare-online/
Is There A Widening Gulf Between You And Your Remote Workers? Yes – And It’s Security Shaped
It’s been almost a year since large parts of the workforce beat a hasty retreat from their offices, and began a mass experiment in working from home, often courtesy of Microsoft 365. And after 12 or so months, it’s safe to say that the case for productive remote working has been proved, and that many workers will continue to do so even when the all clear sounds. But is there a question as to whether remote working is as secure as the traditional, office bound, hard perimeter setup? Well, yes, and it’s fair to say the jury is still very much out.
https://www.theregister.com/2021/02/04/mind_the_security_gap_regcast/
Threats
Ransomware
Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains
2021's First Big Ransomware Gang Launches Sleek and Bigoted 'Leak' Site
Ransomware gangs now have industrial targets in their sights. That raises the stakes for everyone
Other Social Engineering
Malware
This malware abuses Tor and Telegram infrastructure to evade detection
Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET
Experts discovered a new Trickbot module used for lateral movement
Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection
Mobile
Vulnerabilities
Data Breaches
Security firm Stormshield discloses data breach, theft of source code
Female escort review site data breach affects 470,000 members
Nation-State Actors
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.