Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 26 May 2023

Black Arrow Cyber Threat Briefing 26 May 2023:

-50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy

-Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim

-SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups

-IT Employee Piggybacked on Cyber Attack for Personal Gain

-Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More

-Microsoft Reports Jump in Business Email Compromise (BEC) Activity

-Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions

-Advanced Phishing Attacks Surge 356% in 2022

-Today’s Cyber Defence Challenges: Complexity and a False Sense of Security

-Almost All Ransomware Attacks Target Backups, Says Veeam

-NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

-Half of all Companies were Impacted by Spearphishing in 2022

-Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • 50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy

Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).

Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.

https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/

  • Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim

Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.

The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.

Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.

https://www.itweb.co.za/content/mYZRX79g8gRqOgA8

  • SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups

Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.

Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.

SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.

https://www.csoonline.com/article/3697648/smbs-and-regional-msps-are-increasingly-targeted-by-state-sponsored-apt-groups.html#tk.rss_news

  • IT Employee Piggybacked on Cyber Attack for Personal Gain

A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.

The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.

“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.

While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.

https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/

  • Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More

Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.

Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.

https://www.techradar.com/news/ransomware-threats-are-growing-and-targeting-microsoft-devices-more-and-more

  • Microsoft Reports Jump in Business Email Compromise (BEC) Activity

Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.

Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.

Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.

https://www.csoonline.com/article/3697152/microsoft-reports-jump-in-business-email-compromise-activity.html#tk.rss_news

  • Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions

The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.

Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.

Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.

https://venturebeat.com/security/forrester-predicts-2023-top-cybersecurity-threats-generative-ai-geopolitical-tensions/

  • Advanced Phishing Attacks Surge 356% in 2022

A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.

The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.

Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.

https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/

  • Today’s Cyber Defence Challenges: Complexity and a False Sense of Security

Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.

To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.

https://www.securityweek.com/todays-cyber-defense-challenges-complexity-and-a-false-sense-of-security/

  • Almost All Ransomware Attacks Target Backups

Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.

According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.

Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.

With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.

https://www.computerweekly.com/news/366538492/Almost-all-ransomware-attacks-target-backups-says-Veeam

  • NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.

The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.

https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/

  • Half of All Companies were Impacted by Spearphishing in 2022

Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.

The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.

The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.

https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/

  • Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.

There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.

https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Attack Surface Management

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Training, Education and Awareness

Travel

Parental Controls and Child Safety

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda



Nation State Actors




Tools and Controls


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 18 March 2022

Black Arrow Cyber Threat Briefing 18 March 2022

-Guernsey Cyber Security Warning For Islanders And Businesses

-CISOs Face 'Perfect Storm' Of Ransomware And State-Supported Cyber Crime

-Four Key Risks Exacerbated By Russia’s Invasion Of Ukraine

-These Four Types Of Ransomware Make Up Nearly Three-Quarters Of Reported Incidents

-Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'

-Cyber Insurance War Exclusions Loom Amid Ukraine Crisis

-Zelenskyy Deepfake Crude, But Still Might Be A Harbinger Of Dangers Ahead

-Cyber Crooks’ Political In-Fighting Threatens the West

-Cloud-Based Email Threats Surge 50% in 2021

-Millions of New Mobile Malware Strains Blitzed Enterprise in 2021

-UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit

-Russian Ransomware Gang Retool Custom Hacking Tools Of Other APT Groups

-The Massive Impact of Vulnerabilities In Critical Infrastructure

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Guernsey Cyber Security Warning for Islanders and Businesses

There has been a rise in cyber-attacks since the war in Ukraine began, according to the States of Guernsey and a cyber-security firm.

The States said: "We have seen a noticeable increase in the number of phishing emails since the war began."

The Channel Islands see more than 10 million cyber attacks every month, according to research by Guernsey firm Black Arrow Cyber Consulting.

It encouraged vigilance, as the islands are not immune to these attacks.

A States spokesman said: "The whole community needs to remain vigilant against such emails, which are designed to appear to be from reputable sources in order to dupe people into providing personal information or access to their device via the clicking of a link."

Bruce McDougall, from Black Arrow Cyber Consulting, said: "Criminals don't let a good opportunity go to waste. So they're conducting scams encouraging people to make false payments in the belief they're collecting for charities."

https://www.bbc.co.uk/news/world-europe-guernsey-60763398

CISOs Face 'Perfect Storm' Of Ransomware and State-Supported Cyber Crime

As some nations turn a blind eye, defence becomes life-or-death matter

With ransomware gangs raiding network after network, and nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.

"There's this marriage right now of financially motivated cyber crime that can have a critical infrastructure and economic impact," Curry said during a CISO roundtable hosted by his endpoint security shop. "And there are some nation states that do what we call state-ignored sanctioning," he continued, using Russia-based REvil and Conti ransomware groups as examples of criminal operations that benefit from their home governments looking the other way. 

"You get the umbrella of sovereignty, and you get the free license to be a privateer in essence," Curry said. "It's not just an economic threat. It's not just a geopolitical threat. It's a perfect storm."

It's probably not a huge surprise to anyone that destructive cyber attacks keep CISOs awake at night. But as chief information security officers across industries — in addition to Curry, the four others on the roundtable spanned retail, biopharmaceuticals, electronics manufacturing, and a cruise line — have watched threats evolve and criminal gangs mature, it becomes a battle to see who can innovate faster; the attackers or the defenders.

https://www.theregister.com/2022/03/18/ciso_security_storm/

Four Key Risks Exacerbated by Russia’s Invasion of Ukraine

Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.

“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.

“As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”

There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues: Talent Risk, Cyber Security Risk, Financial Risk and Supply Chain Risk

https://www.helpnetsecurity.com/2022/03/17/erm-leaders-risk/

These Four Types of Ransomware Make Up Nearly Three-Quarters of Reported Incidents

Any ransomware is a cyber security issue, but some strains are having more of an impact than others.

Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.

According to analysis by cyber security company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice. 

Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare Executive. The group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each.

"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.

https://www.zdnet.com/article/these-four-types-of-ransomware-make-up-nearly-three-quarters-of-reported-incidents/

Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'

The cyber crime underground has fractured into pro-Ukraine and pro-Russia camps, with the latter increasingly focused on critical national infrastructure (CNI) targets in the West, according to a new report from Accenture.

The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm warned that the ideological schism could spell mounting risk for Western organisations as pro-Kremlin criminal groups adopt quasi-hacktivist tactics to choose their next victims.

Organisations in the government, media, finance, insurance, utilities and resources sectors should be braced for more attacks, said ACTI.

https://www.infosecurity-magazine.com/news/critical-infrastructure-threat/

Cyber Insurance War Exclusions Loom Amid Ukraine Crisis

An expanding threat landscape is testing the limits of cyber insurance coverage.

The industry experienced a rapid maturation over the past three years as enterprises required a broader umbrella of insurance coverage to combat increasing cyber risks. While demands and premiums continue to rise, one recent area of contention involves war and hostile acts, an exclusion that's becoming harder to categorize.

A judgment in December, coupled with the Russian invasion last month that posed potential cyber retaliations to Ukraine allies, highlighted shortcomings in insurance policies when it comes to cyber conflicts.

https://www.techtarget.com/searchsecurity/news/252514592/Cyber-insurance-war-exclusions-loom-amid-Ukraine-crisis

Zelenskyy Deepfake Crude, But Still Might Be a Harbinger of Dangers Ahead

Several deepfake video experts called a doctored video of Ukrainian President Volodymyr Zelenskyy that went viral this week before social media platforms removed it a poorly executed example of the form, but nonetheless damaging.

Elements of the Zelenskyy deepfake — which purported to show him calling for surrender — made it easy to debunk, they said. But that won’t always be the case.

https://www.cyberscoop.com/zelenskyy-deepfake-troubles-experts/

Cyber Crooks’ Political In-Fighting Threatens the West

They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.

A rift has formed in the cyber crime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware.

According to a report, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along ideological factions.”

“Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine,” wrote researchers from Accenture’s Cyber Threat Intelligence (ACTI). “However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering.”

What might otherwise seem like a good thing – bad guys fighting bad guys – may in fact pose an increased threat to the West.

https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/

Cloud-Based Email Threats Surge 50% in 2021

There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro.

The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence.

It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020.

The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed.

https://www.infosecurity-magazine.com/news/cloudbased-email-threats-surge-2021/

Millions of New Mobile Malware Strains Blitzed Enterprise in 2021

Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.

Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/millions-of-new-mobile-malware-strains-blitzed-enterprises-in-2021/

UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit

Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.

The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018.

The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.

https://www.theregister.com/2022/03/15/brit_solicitor_fined_for_failing/

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found.

The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.

Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack.

The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as ADFind, NetScan, SoftPerfect, and LaZagne. Also employed is an AccountRestore executable to brute-force administrator credentials and a forked version of a reverse tunneling tool called Ligolo.

https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html

The Massive Impact of Vulnerabilities in Critical Infrastructure

Recent cyber events have shown how extremely vulnerable critical infrastructure is. What are the biggest security concerns?

In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is that there will be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict.

Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyber attacks. Though businesses are ramping up their security initiatives and investments to defend and protect, their efforts have largely been siloed, reactive, and lack business context. Lack of visibility of risk across the estate is a huge problem for this sector.

https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/


Threats

Ransomware

Phishing & Email

Malware

Mobile

IoT

Organised Crime & Criminal Actors

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain

DoS/DDoS

Cloud

Privacy

Passwords & Credential Stuffing

Regulations, Fines and Legislation

Spyware, Espionage & Cyber Warfare


Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – Iran






As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 11 March 2022

Black Arrow Cyber Threat Briefing 11 March 2022

-Sharp Rise in SMB Cyberattacks By Russia And China

-We're Seeing An 800% Increase in Cyber Attacks, Says One MSP

-Internet Warfare: How The Russians Could Paralyse Britain

-Just 3% Of Employees Cause 92% Of Malware Events

-70% Of Breached Passwords Are Still in Use

-Organisations Taking Nearly Two Months To Remediate Critical Risk Vulnerabilities

-Android Malware Escobar Steals Your Google Authenticator MFA Codes

-Smartphone Malware Is On The Rise - Here's How To Stay Safe

-Russia May Use Ransomware Payouts to Avoid Sanctions’ Financial Harm

-How An 8-Character Password Could Be Cracked in Less Than An Hour

-Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance

-Security Teams Prep Too Slowly for Cyber Attacks

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Sharp Rise in SMB Cyber Attacks by Russia and China

SaaS Alerts, a cloud security company, unveiled the findings of its latest report which analysed approximately 136 million security events across 2,100 small and medium businesses (SMBs) globally and identified cyber trends negatively impacting businesses.

The findings of the report take into account security events occurring across more than 120,000 user accounts during the period of January 1st to December 31st, 2021 and shows that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are originating from Russia and China. The data set is statistically significant and enables solution providers managing a portfolio of SaaS applications with pertinent data and trends to support defensive IT security re-alignments as required.

https://www.helpnetsecurity.com/2022/03/09/saas-security-events-smbs/

We're Seeing An 800% Increase in Cyber Attacks, Says One Managed Service Provider

Revenge and inflation are believed to be key drivers behind an 800 percent increase in cyber attacks seen by a single managed services provider since the days before the onset of Russia's invasion of Ukraine last month.

The attacks are coming not only from groups inside of Russia but also from elsewhere within the region as well from Russia allies like North Korea and Iran, historically sources of global cyber-threats.

The MSP serves about 2,400 companies around the world, most of them small businesses and midsize enterprises and most in North America. The MSP said it has seen the spike in cyber attacks throughout its customer base.

The sharp rise has been attributed to pro-Russian cyber criminal groups linked to nation states lashing out at countries – first Ukraine and then Western countries – angry at the sanctions being levelled against Russia. At the same time, the sharp inflation that is spreading around the world is also hitting hackers, who need to make money to keep up with rising costs.

https://www.theregister.com/2022/03/11/russia-invasion-cyber-war-rages/

Internet Warfare: How the Russians Could Paralyse Britain

The collapse of critical national infrastructure is a science fiction staple. Fifty years ago, actively switching off a country’s water and power networks would have required huge physical damage to power stations and the sources of those services. Today, however, many of the tools we use every day are connected to the internet.

All of those things now have remote access — and therefore, all of them could be vulnerable.

Ukraine has been blitzed by cyber attacks since the annexation of Crimea in 2014 and they have increased in the lead-up to the invasion. As Russia marched into Ukraine, British officials were concerned about “spillover” from any cyber offensives targeted thousands of miles away.

In today’s interconnected digital world, the reality is that distance from the conflict zone makes no difference.

As the West fears a cyber-reprisal, what would a successful attack look like in Britain — and how likely is a complete “network failure”?

https://www.thetimes.co.uk/article/russia-cyberattack-uk-what-would-happen-l3dt98dmb

Just 3% Of Employees Cause 92% Of Malware Events

A small group of employees is typically responsible for most of the digital risk in an organisation, according to new research.

The report, from cybersecurity company Elevate Security and cyber security research organisation Cyentia, also found that those putting their companies at risk from phishing, malware, and insecure browsing are often repeat offenders.

The research found that 4% of employees clicked 80% of phishing links, and 3% were responsible for 92% of malware events.

Four in five employees have never clicked on a phishing email, according to the research. In fact, it asserts that half of them never see one, highlighting the need to focus anti-phishing efforts on at-risk workers.

The malware that phishing and other attack vectors deliver also affects a small group of employees. The research found that 96% of users have never suffered from a malware event. Most malware events revolve around the 3% of users who suffered from two malware events or more, reinforcing the notion that security awareness messages just aren't getting through to some.

https://www.itpro.co.uk/security/malware/366011/just-3-of-employees-cause-92-of-malware-events

70% Of Breached Passwords Are Still in Use

A new report examines trends related to exposed data. Researchers identified 1.7 billion exposed credentials, a 15% increase from 2020, and 13.8 billion recaptured Personally Identifiable Information (PII) records obtained from breaches in 2021.

Through its analysis of this data, it was found that despite increasingly sophisticated and targeted cyber attacks, consumers continue to engage in poor cyber practices regarding passwords, including the use of similar passwords for multiple accounts, weak or common passwords and passwords containing easy-to-guess words or phrases connected to pop culture.

https://www.helpnetsecurity.com/2022/03/08/exposed-data-trends/

Organisations Taking Nearly Two Months to Remediate Critical Risk Vulnerabilities

Edgescan announces the findings of a report which offers a comprehensive view of the state of vulnerability management globally. This year’s report takes a more granular look at the trends by industry, and provides details on which of the known, patchable vulnerabilities are currently being exploited by threat actors.

The report reveals that organisations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days.

High rates of “known” (i.e. patchable) vulnerabilities which have working exploits in the wild, used by known nation state and cybercriminal groups are not uncommon.

Crucially, 57% of all observed vulnerabilities are more than two years old, with as many as 17% being more than five years old. These are all vulnerabilities that have working exploits in the wild, used by known nation state and cybercriminal groups. Edgescan also observed a concerning 1.5% of known, unpatched vulnerabilities that are over 20 years old, dating back to 1999.

https://www.helpnetsecurity.com/2022/03/10/state-of-vulnerability-management/

Android Malware Escobar Steals Your Google Authenticator MFA Codes

The Aberebot Android banking trojan has returned under the name 'Escobar' with new features, including stealing Google Authenticator multi-factor authentication codes.

The new features in the latest Aberebot version also include taking control of the infected Android devices using VNC, recording audio, and taking photos, while also expanding the set of targeted apps for credential theft.

The main goal of the trojan is to steal enough information to allow the threat actors to take over victims' bank accounts, siphon available balances, and perform unauthorised transactions.

Like most banking trojans, Escobar displays overlay login forms to hijack user interactions with e-banking apps and websites and steal credentials from victims.

The malware also packs several other features that make it potent against any Android version, even if the overlay injections are blocked in some manner.

The authors have expanded the set of targeted banks and financial institutions to a whopping 190 entities from 18 countries in the latest version.

https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/

Smartphone Malware Is on The Rise - Here's How to Stay Safe

The volume of malware attacks targeting mobile devices has skyrocketed so far this year, cyber security researchers are saying.

A new report from security company Proofpoint claims that the number of detected mobile malware attacks has spiked 500% in the first few months of 2022, with peaks at the beginning and end of February.

Much of this malware aims to steal usernames and passwords from mobile banking applications, Proofpoint says. But some strains are even more sinister, recording audio and video from infected devices, tracking the victim's location, or exfiltrating and deleting data.

https://www.techradar.com/nz/news/smartphone-malware-is-coming-for-more-and-more-of-us

Russia May Use Ransomware Payouts to Avoid Sanctions’ Financial Harm

FinCEN warns financial institutions to be wary of unusual cryptocurrency payments or illegal transactions Russia may use to ease financial hurt from Ukraine-linked sanctions.

Russia may ramp up ransomware attacks against the United States as a way to ease the financial hurt it’s under due to sanctions, U.S. federal authorities are warning. Those sanctions have been levied against the nation and Vladimir Putin’s government due to its invasion of Ukraine.

The Financial Crimes Enforcement Network (FinCEN) issued a FinCEN Alert (PDF) on Wednesday advising all financial institutions to remain vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions related to the current conflict. One way this may be done is to move cryptocurrency funds through ransomware payments collected after Russian state-sponsored actors carry out cyberattacks.

“In the face of mounting economic pressure on Russia, it is vitally important for financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs,” said FinCEN Acting Director Him Das in a press statement.

https://threatpost.com/russia-ransomware-payouts-avoid-sanctions/178854/

How An 8-Character Password Could Be Cracked in Less Than an Hour

Security experts keep advising us to create strong and complex passwords to protect our online accounts and data from savvy cybercriminals. And “complex” typically means using lowercase and uppercase characters, numbers and even special symbols. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems.

As described in a recent report, Hive found that an 8-character complex password could be cracked in just 39 minutes if the attacker were to take advantage of the latest graphics processing technology. A seven-character complex password could be cracked in 31 seconds, while one with six or fewer characters could be cracked instantly. Shorter passwords with only one or two character types, such as only numbers or lowercase letters, or only numbers and letters, would take just minutes to crack.

https://www.techrepublic.com/article/how-an-8-character-password-could-be-cracked-in-less-than-an-hour/

Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance

Cyber insurance is a significant industry and growing fast — according to GlobalData, it was worth $7 billion in gross written premiums in 2020. The cyber-insurance market is expected to reach $20.6 billion by 2025. Over the past few years, the cyber-insurance market was competitive, so premiums were low and policies were comprehensive. Over the past year, that has changed — the volume of claims has gone up and led to more payouts, which affected the insurance companies' profitability.

The recent Log4j issue will affect how insurance and reinsurance companies write their policies in future. Already, we're seeing discussions about Log4j-related issues being excluded from reinsurance policies in 2022, as many policies came up for renewal on Dec. 31, 2021. This will affect the policies that insurance companies can offer to their customers.

What does this mean for IT security teams? For practitioners, it will make their work more important than before, as preventing possible issues would be more valuable to the business. Carrying out standard security practices like asset inventory and vulnerability management will be needed, while examining software bills of materials for those same issues will help on the software supply chain security side. These practices will also need to be highly automated, as business must be able to gain accurate insights within hours, not months, to deal with future threats while reducing the cost impact.

For those responsible for wider business risk, these developments around cyber insurance will present a more significant problem. Cyber-insurance policies will still be available — and necessary where needed — but the policies themselves will cover less ground. While the past few years had pretty wide-ranging policies that would pay out on a range of issues, future policies will deliver less coverage.

https://www.darkreading.com/risk/cyber-insurance-and-business-risk-how-the-relationship-is-changing-reinsurance-policy-guidance-

Security Teams Prep Too Slowly for Cyber Attacks

Attackers typically take days or weeks to exploit new vulnerabilities, but defenders are slow to learn about critical issues and take action, requiring 96 days on average to learn to identify and block current cyber threats, according to a new report analysing training and crisis scenarios.

The report, Cyber Workforce Benchmark 2022, found that cybersecurity professionals are much more likely to focus on vulnerabilities that have garnered media attention, such as Log4j, than more understated issues, and that different industries develop their security capabilities at widely different rates. Security professionals in some of the most crucial industries, such as transport and critical infrastructure, are twice as slow to learn skills compare to their colleagues in the leisure, entertainment, and retail sectors.

The amount of time it takes for security professionals to get up to speed on new threats matters. CISA says that patches should be applied within 15 days, sooner than that if the vulnerability is being exploited, says Kevin Breen, director of cyber threat research at Immersive Labs.

https://www.darkreading.com/risk/security-teams-prep-too-slowly-for-cyberattacks


Threats

Ransomware

Phishing & Email

Malware

Mobile

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking

Fraud, Scams & Financial Crime

Insurance

Supply Chain

DoS/DDoS

Parental Controls and Child Safety

Spyware, Espionage & Cyber Warfare



Vulnerabilities





As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 04 March 2022

Black Arrow Cyber Threat Briefing 04 March 2022

-Cyber Criminals Exploit Invasion of Ukraine

-UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat

-Phishing - Still a Problem, Despite All The Work

-Phishing Attacks Hit All-Time High In December 2021

-Ransomware Infections Top List Of The Most Common Results Of Phishing Attacks

-Social Media Phishing Attacks Are at An All Time High

-Insurance Giant AON Hit by a Cyber Attack

-How Prepared Are Organisations To Face Email-Based Ransomware Attacks?

-The Most Impersonated Brands in Phishing Attacks

-As War Escalates In Europe, It’s ‘Shields Up’ For The Cyber Security Industry

-2022 May Be The Year Cyber Crime Returns Its Focus To Consumers

-Kaspersky Neutral Stance In Doubt As It Shields Kremlin

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.


Top Cyber Stories of the Last Week

Cyber Criminals Exploit Invasion of Ukraine

Cyber criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.

In a blog, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.

Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos remote access Trojans.

Agent Tesla is a malware-as-a-service (MaaS) Remote Access Trojan (RAT) and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.

Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.

https://www.infosecurity-magazine.com/news/cyber-criminals-invasion-ukraine/

UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat

The UK’s Information Commissioner’s Office (ICO) reports a ‘steady and significant’ increase in cyber-attacks against UK firms over the past two years.

Employees should report any suspicious emails rather than delete them and firms must step up their vigilance against cyber-attacks in the face of a heightened threat from Russian hackers, the UK’s data watchdog has said.

John Edwards, the Information Commissioner, said a new era of security had begun where instead of blacking out windows, people needed to maintain vigilance over their inboxes.

Experts including the UK’s cyber security agency have said Russian hackers could target Britain, and the imposition of sanctions by London on Moscow has increased those fears.

Asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK, Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.”

https://www.theguardian.com/technology/2022/mar/04/uk-data-watchdog-urges-vigilance-amid-heightened-cyber-threat

Phishing - Still a Problem, Despite All The Work

Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.

Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?

https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work

Phishing Attacks Hit All-Time High in December 2021

The Anti-Phishing Working Group international consortium (APWG) saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it began its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.

In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.

Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.

The solution provider Abnormal Security observed 4,200 companies, organisations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.

“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.

https://www.helpnetsecurity.com/2022/03/03/phishing-attacks-december-2021/

Ransomware Infections Top List of The Most Common Results of Phishing Attacks

A report from insider threat management software company Egress found some startling conclusions when it spoke to IT leadership: Despite the pervasive and very serious threat of ransomware, very few boards of directors consider it a top priority.

Eighty-four percent of organisations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren’t hit with a phishing attack, and you still end up at around 50% of all organisations having been hit with ransomware in 2021.

Egress said that its data shows there has been a 15% increase in successful phishing attacks over the past 12 months, with the bulk of the attacks utilising malicious links and attachments. Those methods aren’t new, but a 15% increase in successful attacks means that something isn’t working.

https://www.techrepublic.com/article/ransomware-infections-top-list-of-the-most-common-results-of-phishing-attacks/

Social Media Phishing Attacks Are at An All Time High

Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.

The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analysed phishing attack patterns that unfolded throughout 2021.

As part of their report, Vade analysed 184,977 phishing pages to create stats based on a billion corporate and consumer mailboxes that the cyber security firm protects.

Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures.

https://www.bleepingcomputer.com/news/security/social-media-phishing-attacks-are-at-an-all-time-high/

Insurance Giant AON Hit by a Cyber Attack

Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.

AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cyber security consulting, risk solutions, healthcare insurance, and wealth management products.

AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.

In a filing with the US SEC, AON has disclosed that they suffered a cyberattack on February 25th, 2022.

AON has not provided any details of the attack other than that it occurred and affected a limited number of systems.

The company stated that although in the early stages of assessing the incident, based on the information currently known, the company did not expect the incident to have a material impact on its business, operations or financial condition.

In addition to being an insurance broker, AON is also a leading reinsurance company, meaning that they insure the insurance companies.

https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/

How Prepared Are Organisations to Face Email-Based Ransomware Attacks?

Proofpoint released a report which provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cyber criminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities

This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses data from nearly 100 million simulated phishing attacks sent by customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.

Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. In line with this, 68% of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.

https://www.helpnetsecurity.com/2022/02/28/email-based-ransomware-attacks/

The Most Impersonated Brands in Phishing Attacks

Vade announced its annual ranking of the top 20 most impersonated brands in phishing. Facebook, which was in the second spot in 2020, rose to the top spot for 2021, representing 14% of phishing pages, followed by Microsoft, with 13%.

The report analysed 184,977 phishing pages linked from unique phishing emails between January 1, 2021 and December 31, 2021.

Key findings:

·         Financial services is the most impersonated industry

·         Microsoft is the most impersonated cloud brand and the top corporate brand

·         Facebook dominates social media phishing

·         35% of all phishing pages impersonated financial services brands

·         Mondays and Tuesdays are the top days for phishing

·         78% of phishing attacks occur on weekdays

·         Monday and Thursday are the top days for Facebook phishing

·         Thursday and Friday are the top days for Microsoft phishing

https://www.helpnetsecurity.com/2022/03/04/most-impersonated-brands-phishing/

As War Escalates in Europe, It’s ‘Shields Up’ For The Cyber Security Industry

In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the US Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organisations — regardless of size — adopt a heightened posture when it comes to cyber security and protecting their most critical assets.”

The blanket warning is for all industries to take notice. Indeed, it’s a juxtaposition of sorts to think the cyber security industry is vulnerable to cyber attack, but for many nation state groups, this is their first port of call.

Inspired by the spike in attacks on cyber security agencies globally, a report from Reposify assessed the state of the cyber security industry’s external attack surface (EAS). It coincides with CISA’s warning, and highlights critical areas of concern for the sector and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organisations can focus their efforts, and reinforce the digital perimeter.

https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/

2022 May Be The Year Cyber Crime Returns Its Focus to Consumers

Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.

This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.

ReasonLabs has compiled a detailed report on the status of consumer-level cyber security and what trends are most likely to emerge this year.

https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/

Kaspersky Neutral Stance in Doubt As It Shields Kremlin

Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.

The company insists that they ‘never provide any law enforcement or government organisation with access to user data or the company's infrastructure.”

Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cyber security community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.

"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.

https://cybernews.com/security/kaspersky-neutral-stance-in-doubt-as-it-shields-kremlin/


Threats

Ransomware

Phishing & Email

Other Social Engineering

Malware

Mobile

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking

Fraud, Scams & Financial Crime

DoS/DDoS

Nation State Actors

Passwords & Credential Stuffing

Spyware, Espionage & Cyber Warfare






As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More