Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• How Organisations Can Protect Themselves in The Emerging Risk Landscape

ThoughtLab’s 2022 cyber security benchmarking study ‘Cyber Security Solutions for a Riskier World’ revealed that the pandemic has brought cyber security to a critical inflection point. The number of material breaches that respondents suffered rose 20.5% from 2020 to 2021, and cyber security budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%.

During that time, cyber security has become a strategic business imperative, requiring CEOs and their management teams to work together to meet the higher expectations of regulators, shareholders, and the board.

https://www.helpnetsecurity.com/2022/06/13/cybersecurity-strategic-business-imperative-video/

• Phishing Reaches All-Time High in Early 2022

The Anti-Phishing Working Group (APWG) Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total.

In the first quarter of 2022, OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well, while attacks against retail/ecommerce sites fell from 17.3 to 14.6 percent after the holiday shopping season.

Phishing against social media services rose markedly, from 8.5 percent of all attacks in 4Q2021 to 12.5 percent in 1Q2022. Phishing against cryptocurrency targets—such as cryptocurrency exchanges and wallet providers—inched up from 6.5 in the previous quarter to 6.6 percent of attacks.

https://www.helpnetsecurity.com/2022/06/15/2022-total-phishing-attacks/

• Ransomware Attacks Are Surging, with More Dangerous Hybrid Attacks to Come. Is Your Cyber Security Up to Date?

Time to reassess your cyber security strategies. Again.

Ransomware attacks on businesses have increased by one-third in the past year, according to a recent report by the Boston-based cyber security company Cybereason. 

Most (73 percent of businesses) were hit by at least one ransomware attack in the past year, and 68 percent of businesses that paid a ransom were hit again in less than a month for a higher ransom, according to the survey, which polled 1,456 cyber security professionals at global companies with 700 or more employees.

These attacks have big implications: Thirty-seven percent of companies were forced to lay off employees after paying ransoms, and 33 percent were forced to temporarily suspend business.

Since the invasion of Ukraine, cyber security experts have insisted businesses improve their lines of defence to protect against an increased risk of ransomware attacks from Russia. ​Ransomware attacks have also increased since the start of the pandemic--the rise of remote work increased vulnerability for many businesses, which hackers have taken advantage of, a 2020 FBI memo noted. So, enterprises of all sizes are at risk from many more points of attack.

https://www.inc.com/rebecca-deczynski/ransomware-attacks-increasing-cyber-security-advice.html

• The Challenges of Managing Increased Complexity as Hybrid IT Accelerates

SolarWinds released the findings of its ninth annual IT Trends Report which examines the acceleration of digital transformation efforts and its impact on IT departments. The report found the acceleration of hybrid IT has increased network complexity for most organisations and caused several worrisome challenges for IT professionals.

Hybrid and remote work have amplified the impact of distributed and complex IT environments. Running workloads and applications across both cloud and on-premises infrastructure can be challenging, and many organisations are increasingly experiencing—and ultimately hindered by—these pain points.

As more and more mission-critical workloads move to connected cloud architectures that span public, private, hybrid, and multi-cloud environments, enterprises recognise they need to invest in the tools that will help them ensure consistent policies and performance across all platforms and end users. However, they simultaneously face challenges such as budget, time constraints, and barriers to implementing observability as a strategy to keep pace with hybrid IT realities.

However professionals feel less confident in their organisation’s ability to manage IT. While 54% of respondents state they leverage monitoring strategies to manage this complexity, 49% revealed they lack visibility into the majority of their organisation’s apps and infrastructure. This lack of visibility impacts their ability to conduct anomaly detection, easy root-cause analysis, and other critical processes to ensure the availability, performance, and security of business-critical applications.

https://www.helpnetsecurity.com/2022/06/16/hybrid-it-acceleration-challenges/

• 72% Of Middle Market Companies Expect to Experience a Cyber Attack

Middle market companies face an increasingly volatile cyber security environment, with threats coming from more directions than ever before and more skilled criminals targeting the segment, according to an RSM US and US Chamber of Commerce report.

However, there is good news as the number of breaches reported in the last year among middle market companies slightly decreased with protections becoming more available and executives understanding the consequences related to potential incidents. Twenty-two percent of middle market leaders claimed that their company experienced a data breach in the last year, representing a drop from 28% in last year’s survey, suggesting that even with enhanced protections in place and the decrease in attacks, companies cannot afford to let their guard down.

The middle market encountered a roller coaster of risks in the last year, from lingering threats related to the COVID-19 pandemic to geopolitical conflicts and economic uncertainty.

The small drop in reported breaches is encouraging, and largely attributed to middle market companies beginning to implement better identity and access management controls. Yet, even with the decline in reported attacks, companies recognise the risks posed by the current dynamic threat environment, with 72% of executives anticipating that unauthorised users will attempt to access data or systems in 2022, a sharp rise from 64% last year and the highest number since RSM began tracking data in 2015.

https://www.helpnetsecurity.com/2022/06/16/middle-market-companies-cybersecurity/

• Malware's Destruction Trajectory and How to Defeat It

Malware and targeted attacks on operating systems and firmware have become increasingly destructive in nature, and these more nefarious attack methods are rising in prevalence. And just to add insult to injury, there are more of them. Today’s attacks are hitting more often, and they are hitting harder.

In the first three decades of its existence, malware was primarily restricted to mischief and attempts by virus creators to discover if their creations would work. But now the threat landscape has changed from simple vandalism to lucrative cyber crime and state-sponsored attacks.

Wiper malware, in particular, has gained traction in recent months. The FortiGuard Labs research team has seen at least seven different malware attacks targeting Ukrainian infrastructure or Ukrainian companies so far this year. The primary reason for using Wiper malware is its sheer destructiveness – the intent is to cripple infrastructure. What does the increased presence of Wiper malware strains indicate? And what do security leaders need to know and do to keep their organisation safe? Read more…

https://www.securityweek.com/malwares-destruction-trajectory-and-how-defeat-it

• Which Stolen Data Are Ransomware Gangs Most Likely to Disclose?

If your organisation gets hit by a ransomware gang that has also managed to steal company data before hitting the “encrypt” button, which types of data are more likely to end up being disclosed as you debate internally on whether you should pay the ransomware gang off?

Rapid7 analysed 161 data disclosures performed by ransomware gangs using the double extortion approach between April 2020 and February 2022, and found that:

• The most commonly leaked data is financial (63%), followed by customer/patient data (48%)

• Files containing intellectual property (e.g., trade secrets, research data, etc.) are rarely disclosed (12%) by ransomware gangs, but if the organisation is part of the pharmaceutical industry, the risk of IP data being disclosed is considerably higher (43%), “likely due to the high value placed on research and development within this industry.”

https://www.helpnetsecurity.com/2022/06/17/ransomware-data-disclosed/

• Threat Actors Becoming More Creative Exploiting the Human Factor

Threat actors exhibited "ceaseless creativity" last year when attacking the Achilles heel of every organisation—its human capital—according to Proofpoint's annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company's deployments to identify the latest attack trends by malicious players.

"Last year, attackers demonstrated just how unscrupulous they really are, making protecting people from cyber threats an ongoing—and often eye-opening—challenge for organisations,” Proofpoint said in a statement.

The combination of remote work and the blurring of work and personal life on smartphones have influenced attacker techniques, the report notes. During the year, SMS phishing, or smishing, attempts more than doubled in the United States, while in the UK, 50% of phishing lures focused on delivery notifications. An expectation that more people were likely working from home even drove good, old-fashioned voice scams, with more than 100,000 telephone attacks a day being launched by cyber criminals.

https://www.csoonline.com/article/3663478/threat-actors-becoming-more-creative-exploiting-the-human-factor.html#tk.rss_news

• 66% Of Organisations Store 21%-60% Of Their Sensitive Data in The Cloud

A Thales report, conducted by 451 Research, reveals that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year, raising even greater concerns regarding the protection of sensitive data from cyber criminals.

Globally, cloud adoption and notably multicloud adoption, remains on the rise. In 2021, organisations worldwide were using an average amount of 110 software as a service (SaaS) applications, compared with just eight in 2015, showcasing a startlingly rapid increase.

With increasing complexity of multicloud environments comes an even greater need for robust cyber security. When asked what percentage of their sensitive data is stored in the cloud, 66% said between 21-60%. However, only 25% said they could fully classify all data.

https://www.helpnetsecurity.com/2022/06/16/cloud-based-data-breach-video/

• Travel-related Cyber Crime Takes Off as Industry Rebounds

An upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cyber criminals to scam the tourists.

Researchers are warning a post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cyber crimes.

Criminal activity includes an uptick in adversaries targeting the theft of airline mileage reward points, website credentials for travel websites and travel-related databases breaches, according to a report by Intel 471.

The impact of the attacks are hacked accounts stripped of value. But also, researchers say the consequences of recent attacks can also include flight delays and cancelations as airlines grapple with mitigating hacks.

https://threatpost.com/travel-related-cybercrime-takes-off/179962/

• How Should You Think About Security When Considering Digital Transformation Projects?

Digital transformation helps businesses keep operating and stay competitive. Here are the ways to think about security so that businesses reap the benefits without taking on associated risks.

Multiple factors contribute to the sheer number of digital transformation projects underway today: the proliferation of the Internet of Things (IoT), expanding artificial intelligence (AI) capabilities, the sudden shift to a remote workforce prompted by the global COVID-19 pandemic, and the rapid rate of cloud migration. Digital transformation is no longer a nice-to-have; it’s a must-have in order to survive and thrive in today’s business world.

CISOs and their security teams need to think about security in the digital age from both an internal and an external perspective. For the former, security teams should introduce and adopt digital enablers to transform the information security organisation. Digital enablers include the cloud, IoT, AI/machine learning (ML), and automation to transform the information security organisation.

For the latter, they should address potential risks as new digital enablers are introduced by the business to drive growth.

Here are five specific areas security teams should prioritise to achieve security-first digital transformation:

1. Security operations modernisation

2. Developer-centric security

3. Cloud strategy and execution

4. Connected devices

5. Big data and analytics

As important as it is to keep the business operating and competitive, organisations must transform securely. Keeping security at the forefront gives the business the benefits of digital transformation without the associated risks.

https://www.darkreading.com/edge-ask-the-experts/how-should-i-think-about-security-when-considering-digital-transformation-projects-

• Internet Explorer Now Retired but Still an Attacker Target

Microsoft's official end-of-support for the Internet Explorer 11 desktop application on June 15 relegated to history a browser that's been around for almost 27 years. Even so, IE still likely will provide a juicy target for attackers.

That's because some organisations are still using Internet Explorer (IE) despite Microsoft's long-known plans to deprecate the technology. Microsoft meanwhile has retained the MSHTML (aka Trident) IE browser engine as part of Windows 11 until 2029, allowing organisations to run in IE mode while they transition to the Microsoft Edge browser. In other words, IE isn't dead just yet, nor are threats to it.

Though IE has a negligible share of the browser market worldwide these days (0.52%), many enterprises still run it or have legacy applications tied to IE. This appears to be the case in countries such as Japan and Korea. Stories in Nikkei Asia and Japan Times this week quoted a survey by Keyman's Net showing that nearly 49% of 350 Japanese companies surveyed are still using IE. Another report in South Korea's MBN pointed to several large organisations still running IE.

https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time

Threats

Ransomware

• Ransomware attacks are increasing with more dangerous hybrids ahead | CSO Online

• Why do organisations need to prioritize ransomware preparedness? - Help Net Security

• Ransomware and Phishing Remain IT's Biggest Concerns (darkreading.com)

• The attacker’s toolkit: Ransomware-as-a-service | VentureBeat

• Ransomware gang publishes stolen victim data on the public Internet - Help Net Security

• Researchers Discover Way to Attack SharePoint and OneDrive Files with Ransomware | SecurityWeek.Com

• ALPHV/BlackCat ransomware gang starts publishing victims' data on the clear web - Security Affairs

• Ransomware gang creates site for employees to search for their stolen data (bleepingcomputer.com)

• Microsoft: Exchange servers hacked to deploy BlackCat ransomware (bleepingcomputer.com)

• Conti's Attack Against Costa Rica Sparks a New Ransomware Era | WIRED UK

• Hello XD ransomware now drops a backdoor while encrypting (bleepingcomputer.com)

• Alphv ransomware gang ups pressure with new extortion scheme (techtarget.com)

• Costa Rica Chaos a Warning That Ransomware Threat Remains | SecurityWeek.Com

• DeadBolt ransomware takes another shot at QNAP storage • The Register

• The many lives of BlackCat ransomware - Microsoft Security Blog

• Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners (thehackernews.com)

• BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers - Security Affairs

• Ransomware gangs target Japan as a feeding ground | Financial Times (ft.com)

• Africa's biggest supermarket hit by ransomware attacks | TechRadar

Phishing & Email Based Attacks

• NakedPages Phishing Toolkit is Now Available on Cyber crime Forums - Infosecurity Magazine

• New phishing attack infects devices with Cobalt Strike (bleepingcomputer.com)

Other Social Engineering

• How social engineering attacks are evolving beyond email - Help Net Security

• 2,000 People Arrested Worldwide for Social Engineering Schemes | SecurityWeek.Com

• Facebook Messenger Scam Duped Millions | Threatpost

• Heineken giving away free beer for Father's Day? It's a WhatsApp scam (bitdefender.com)

Malware

• Businesses are leaving bot attacks unchallenged for almost four months - Help Net Security

• New Syslogk Linux rootkit uses magic packets to trigger backdoor (bleepingcomputer.com)

• Linux Malware Deemed ‘Nearly Impossible’ to Detect | Threatpost

• Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices (thehackernews.com)

• PSA: Beware of Clipboard Malware | NiceHash

• New Emotet Variant Stealing Users’ Credit Card Information From Google Chrome – Information Security Buzz

• Akamai Warns Of "Panchan" Linux Botnet That Leverages Golang Concurrency, Systemd - Phoronix

• Websites Hosting Fake Cracks Spread Updated CopperStealer Malware (trendmicro.com)

Mobile

• Over a billion Google Play Store app downloads could be infected by malware | TechRadar

• Android malware on the Google Play Store gets 2 million downloads (bleepingcomputer.com)

• MaliBot: A New Android Banking Trojan Spotted in the Wild (thehackernews.com)

• Cyber security Researchers Find Several Google Play Store Apps Stealing Users Data - Infosecurity Magazine

• Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users (thehackernews.com)

• Android Spyware 'Hermit' Discovered in Targeted Attacks (darkreading.com)

Internet of Things - IoT

• Anker Eufy smart home hubs exposed to RCE attacks by critical flaw (bleepingcomputer.com)

• Researcher Shows How Tesla Key Card Feature Can Be Abused to Steal Cars | SecurityWeek.Com

Data Breaches/Leaks

• Unsecured Elasticsearch server leaks a million records • The Register

Organised Crime & Criminal Actors

• Cyber Criminals Smuggle Ukrainian Men Across Border - Infosecurity Magazine

• iCloud hacker gets 9 years in prison for stealing nude photos (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

• Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners (thehackernews.com)

Insider Risk and Insider Threats

• At Second Trial, Ex-CIA Employee Defends Himself in Big Leak | SecurityWeek.Com

Fraud, Scams & Financial Crime

• BNPL (Buy Now Pay Later) Fraud Alert as Account Takeovers Surge - Infosecurity Magazine (infosecurity-magazine.com)

• INTERPOL raids hundreds of scammy call centers in sweep - CyberScoop

• Fraud trends and scam tactics consumers should be aware of - Help Net Security

Dark Web

• 24 Billion Usernames And Passwords Found On The Dark Web – Information Security Buzz

Supply Chain and Third Parties

• How confident are IT pros in the security of their organisation's supply chain? - Help Net Security

Denial of Service DoS/DDoS

• A tiny botnet launched the largest DDoS attack on record | ZDNet

• Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second (thehackernews.com)

• DDoS Subscription Service Operator Gets 2 Years in Prison (darkreading.com)

Cloud/SaaS

• Increased cloud complexity needs stronger cyber security - Help Net Security

• Beware the 'Secret Agent' Cloud Middleware (darkreading.com)

• SaaS security: How to avoid “death by 1000 apps” - Help Net Security

• Quantifying the SaaS Supply Chain and Its Risks (darkreading.com)

• 83% of IT pros are using either hybrid or multi-cloud - Help Net Security

Privacy

• Location data poses risks to individuals, organisations | CSO Online

Passwords, Credential Stuffing & Brute Force Attacks

• 24+ Billion Credentials Circulating on the Dark Web in 2022 — So Far (darkreading.com)

• Strong passwords still a priority strategy for enterprises - Help Net Security

• The future is passwordless. What's slowing it down? - Help Net Security

• Brute-Force Attacks: How to Defend Against Them - MSSP Alert

• Staffing Firm Robert Half Says Hackers Targeted Over 1,000 Customer Accounts | SecurityWeek.Com

Travel

• Cyber Criminals Capitalizing on Resurgence in Travel (darkreading.com)

Regulations, Fines and Legislation

• Privacy Watchdog Set to Keep Millions in Fines for Legal Costs - Infosecurity Magazine

• Canada wants companies to report cyber attacks and hacking incidents | Reuters

• A closer look at the US SEC Cyber Security Disclosure rule - Help Net Security

Law Enforcement Action and Take Downs

• Interpol anti-fraud op leads to 2,000 arrests, $50m seized • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Chinese Threat Actor Employs Fake Removable Devices as Lures in Cyber-Espionage Campaign (darkreading.com)

• Sophisticated Android Spyware 'Hermit' Used by Governments | SecurityWeek.Com

• Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks (thehackernews.com)

• Vladimir Putin forced by cyber attack in Russia to delay keynote speech | The Independent

• Iranian hacking campaign that included former US ambassador exposed - CyberScoop

Nation State Actors

Nation State Actors – Russia

• Russia Reportedly Warns of "Direct Military Clash" if Cyber-Attacks on its Infrastructure Continue - IT Security Guru

• Russian hackers start targeting Ukraine with Follina exploits (bleepingcomputer.com)

• Mixed results for Russia's aggressive Ukraine information war, experts say - CyberScoop

Nation State Actors – China

• Chinese Gallium hackers backdoor finance, govt orgs using new PingPull malware (bleepingcomputer.com)

• China-linked APT Flew Under Radar for Decade | Threatpost

• Chinese APT exploited Sophos Firewall Zero-Day before it was fixed - Security Affairs

Nation State Actors – Iran

• New Iranian Spear-Phishing Campaign Hijacks Email Conversations- IT Security Guru

• State-Sponsored Phishing Attack Targeted Israeli Military Officials | Threatpost

Vulnerability Management

• Only 10% of vulnerabilities are remediated each month - Help Net Security

• Vulnerability management mistakes CISOs still make | CSO Online

• Mind the gap: How to ensure your vulnerability detection methods are up to scratch - Help Net Security

Vulnerabilities

• Microsoft fixes Follina and 55 other CVEs - Help Net Security

• Details of Twice-Patched Windows RDP Vulnerability Disclosed | SecurityWeek.Com

• New Hertzbleed side-channel attack affects Intel, AMD CPUs (bleepingcomputer.com)

• Time to throw out those older, vulnerable Cisco SMB routers • The Register

• Critical Citrix Bugs Impact All ADM Servers, Agents (darkreading.com)

• Time to update: Google patches seven Chrome browser bugs, four rated 'high' risk | ZDNet

• Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication (thehackernews.com)

• Cisco fixed a critical Bypass Authentication flaw in Cisco ESA and Secure Email and Web Manager- Security Affairs

• Why Log4j Is Still The Problem When The Patch Is Released 6 Months Ago? – Information Security Buzz

• Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners (thehackernews.com)

• Sophos Firewall zero-day bug exploited weeks before fix (bleepingcomputer.com)

• Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses (thehackernews.com)

• NinjaForms WordPress plugin, actively exploited in wild, receives forced security update • Graham Cluley

• How to mitigate Active Directory attacks that use the KrbRelayUp toolset | CSO Online

• Hertzbleed disclosure raises questions for Intel (techtarget.com)

• Critical Atlassian Confluence flaw remains under attack (techtarget.com)

• Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike (bleepingcomputer.com)

• Technical Details Released for 'SynLapse' RCE Vulnerability Reported in Microsoft Azure (thehackernews.com)

• Zimbra bug allows stealing email logins with no user interaction (bleepingcomputer.com)

• Microsoft takes months to fix critical Azure Synapse bug (techtarget.com)

• PACMAN, a new attack technique against Apple M1 CPUs - Security Affairs

• Critical Code Execution Vulnerability Patched in Splunk Enterprise | SecurityWeek.Com

• High-Severity RCE Vulnerability Reported in Popular Fastjson Library (thehackernews.com)

• This Security Exploit Could Have Major PS5 And PS4 Implications (slashgear.com)

Sector Specific

Financial Services Sector

• Chinese GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool (paloaltonetworks.com)

Telecoms

• Chinese GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool (paloaltonetworks.com)

Government

• Chinese GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool (paloaltonetworks.com)

Health/Medical/Pharma Sector

• Ransomware Risk in Healthcare Endangers Patients | Threatpost

• Kaiser Permanente Says Data Breach Hit 69,000 Patients (gizmodo.com)

Transport and Aviation

• Cyber Criminals Capitalizing on Resurgence in Travel (darkreading.com)

CNI, OT, ICS, IIoT and SCADA

• Tackling 5 Challenges Facing Critical National Infrastructure Today (darkreading.com)

• State of OT Security in 2022: Big Survey Key Insights (trendmicro.com)

• Over a Dozen Flaws Found in Siemens' Industrial Network Management System (thehackernews.com)

• Eight ICS Zero Days Could Open Doors for Hackers - Infosecurity Magazine

Web3

• Web3 and IAM: Marching toward disruption | CSO Online

Reports Published in the Last Week

• Voice of the CISO 2022 | Proofpoint

• 3 Big Takeaways From the Verizon DBIR 2022 (darkreading.com)

• Other News

• Why We Need Security Knowledge and Not Just Threat Intel (darkreading.com)

• Once is never enough: The need for continuous penetration testing - Help Net Security

• CISOs Gain False Confidence in the Calm After the Storm of the Pandemic (darkreading.com)

• 9 ways hackers will use machine learning to launch attacks | CSO Online

• API security warrants its own specific solution - Help Net Security

• Cyber Security Courses Ramp Up Amid Shortage of Professionals | SecurityWeek.Com

• How Russian sanctions may be helping US cyber security (techtarget.com)

• UK Security Practitioners Lack The Confidence To Stop Attacks – Information Security Buzz

• How Can Security Partnerships Help to Mitigate the Increasing Cyber Threat? (darkreading.com)

• 45% of cyber security pros are considering quitting the industry due to stress - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Change Outpaces Boardroom Engagement

We all know the story of the past two years. Mass digital investments in SaaS collaboration suites, cloud infrastructure and other tools helped to keep organisations operational when they needed it most. The money continues to flow today, as those same companies realize they must keep on pumping funds into digital to stay competitive amidst rising customer expectations. Gartner predicted public cloud spending growth would hit 23% year-on-year in 2021 and increase 20% this year to top $397bn.

From a cyber security perspective, these business decisions are loaded with risk if protections are not built into projects from the start. A recent global poll revealed that of 90% of business and IT decision makers are concerned about the impact of ransomware. It also found generally poor levels of cyber-awareness among board members. Less than half (46%) of respondents claimed concepts like “cyber risk” and “cyber risk management” were known extensively in their organisation.

The truth is that many board leaders do understand the need for greater investment in security as a strategic growth driver. But they find it hard to keep pace with a threat landscape that moves at the speed of light. Vulnerabilities used to go months or years before they were exploited, for example, but today threat actors are working on exploits for bugs like Log4Shell within hours of their discovery. That makes the fast-changing risk landscape difficult to grasp for even tech-savvy C-suite leaders. As a result, cyber risk continues to be managed reactively, which puts the organisation perpetually on the back foot.

https://www.trendmicro.com/en_us/research/22/b/why-cyber-change-outpaces-boardroom-engagement.html

NCSC Alerts UK Orgs to Brace for Destructive Russian Cyber Attacks

The UK’s National Cyber Security Centre (NCSC) is urging organisations to bolster security and prepare for a potential wave of destructive cyber attacks after recent breaches of Ukrainian entities.

The NCSC openly warns that Russian state-sponsored threat actors will likely conduct the attacks and reminds of the damage done in previous destructive cyber attacks, like NotPetya in 2017 and the GRU campaign against Georgia in 2019.

These warnings come after Ukrainian government agencies and corporate entities suffered cyber attacks where websites were defaced, and data-wiping malware was deployed to destroy data and make Windows devices inoperable.

The cause for the resurgence of attacks is the tensions between Russia and Ukraine, and attempts to negotiate a way out of the Ukraine crisis have failed so far.

Ukraine and Russia have engaged in cyber warfare for many years, but recent Russian military mobilization was accompanied by new waves of attacks, with European countries and the USA expected to be targeted next.

https://www.bleepingcomputer.com/news/security/ncsc-alerts-uk-orgs-to-brace-for-destructive-russian-cyberattacks/

Over Half of Ransomware Attacks are Targeting Financial Services, Utilities and Retail

Three sectors have been the most common target for ransomware attacks, but researchers warn "no business or industry is safe".

Over half of ransomware attacks are targeting one of three industries; banking, utilities and retail, according to analysis by cyber security researchers – but they've also warned that all industries are at risk from attacks.

The data has been gathered by Trellix – formerly McAfee Enterprise and FireEye – from detected attacks between July and September 2021, a period when some of the most high-profile ransomware attacks of the past year happened.

According to detections by Trellix, banking and finance was the most common target for ransomware during the reporting period, accounting for 22% of detected attacks. That's followed by 20% of attacks targeting the utilities sector and 16% of attacks targeting retailers. Attacks against the three sectors in combination accounted for 58% of all of those detected.

https://www.zdnet.com/article/ransomware-over-half-of-attacks-are-targeting-these-three-industries/

Third of Employees Admit to Exfiltrating Data When Leaving Their Job

Nearly one-third (29%) of employees admitted taking data with them when they leave their job, according to new research from Tessian.

The findings follow the ‘great resignation’ of 2021, when workers quit their jobs in huge waves following the COVID-19 pandemic. Unsurprisingly, close to three-quarters (71%) of IT leaders believe this trend has increased security risks in their organisations.

In addition, nearly half (45%) of IT leaders said they had seen incidents of data exfiltration increase in the past year due to staff taking data with them when they left.

The survey of 2000 UK workers also looked at employees' motives for taking such information. The most common reason was that the data would help them in their new job (58%). This was followed by the belief that the information belonged to them because they worked on the document (53%) and to share it with their new employer (44%).

The employees most likely to take data with them when leaving their job worked in marketing (63%), HR (37%) and IT (37%).

https://www.infosecurity-magazine.com/news/third-employees-exfiltrating-data/

Massive Social Engineering Waves Have Impacted Banks in Several Countries

A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, the UK, and France. According to Segurança Informática publication, the malicious waves have impacted banking organisations with the goal of stealing the users’ secrets, accessing the home banking portals, and also controlling all the operations on the fly via Command and Control (C2) servers geolocated in Brazil.

In short, criminal groups are targeting victims’ from different countries to collect their home banking secrets and payment cards. The campaigns are carried out by using social engineering schemas, namely smishing, and spear-phishing through fake emails.

Criminals obtain lists of valid and tested phone numbers and emails from other malicious groups, and the process is performed on underground forums, Telegram channels or Discord chats.

The spear-phishing campaigns try to lure victims with fake emails that impersonate the banking institutions. The emails are extremely similar to the originals, exception their content, mainly related to debts or lack of payments.

https://securityaffairs.co/wordpress/127516/cyber-crime/massive-social-engineering-banks.html

Ransomware is Terrifying – But Never Underestimate the Damage an Employee with Unmonitored Access Can Do

Is the biggest threat to your data a mysterious ransomware merchant or an advanced persistent threat cartel?

Or is it a security system that will show you that data has been exfiltrated from your organisation – but only after the fact, leaving open the possibility that your valuable IP could have already been shared with unauthorized parties?

It was the latter scenario that allegedly resulted in 12,000 internal documents being lifted from Pfizer’s systems by a soon-to-depart employee last year. Those documents reportedly included details of COVID-19 vaccine research and a new melanoma drug.

The incident shows how today’s cloud infrastructure can exacerbate security gaps and why simply detecting a potential data leak isn’t enough. Companies need to have deep insight into what their employees are doing, as well as technology that can actively enforce policy and prevent unencrypted data from ever leaving the enterprise.

https://www.theregister.com/2022/02/03/ransomware_terrifying/

People Working in IT Related Roles Equally Susceptible to Phishing Attempts as the General Population

Phishing emails that mimic HR announcements or ask for assistance with invoicing get the most clicks from recipients, according to a study from F-Secure.

The study, which included 82,402 participants, tested how employees from four different organisations responded to emails that simulated one of four commonly used phishing tactics.

22% of recipients that received an email simulating a human resources announcement about vacation time clicked, making emails that mimic those sent by HR the most frequent source of clicks in the study.

An email asking the recipient to help with an invoice (referred to as CEO Fraud in the report) was the second most frequently engaged with email type, receiving clicks from 16% of recipients.

https://www.helpnetsecurity.com/2022/02/03/phishing-emails-clicks/

FBI Says More Cyber Attacks Come from China than Everywhere Else Combined

US Federal Bureau of Investigation director Christopher Wray has named China as the source of more cyber-attacks on the USA than all other nations combined.

In a Monday speech titled Countering Threats Posed by the Chinese Government Inside the US, Wray said the FBI is probing over 2,000 investigations of incidents assessed as attempts by China's government "to steal our information and technology."

"The Chinese government steals staggering volumes of information and causes deep, job-destroying damage across a wide range of industries – so much so that, as you heard, we're constantly opening new cases to counter their intelligence operations, about every 12 hours or so."

Wray rated China's online offensive as "bigger than those of every other major nation combined," adding it has "a lot of funding and sophisticated tools, and often joining forces with cyber criminals – in effect, cyber mercenaries."

https://www.theregister.com/2022/02/03/fbi_china_threat_to_usa/

Managing Detections is Not the Same as Stopping Breaches

Enterprises interested in managed detection and response (MDR) services to monitor endpoints and workloads should make sure the providers have rock-solid expertise in detecting and responding to threats.

The fundamental challenge in cyber security is that adversaries move quickly. We know from observation that attackers go from initial intrusion to lateral movement in a matter of a couple hours or less.

If security teams are going to successfully stop a breach, they need to operate within the same timeframe, containing and remediating threats within minutes, 24 hours a day, 7 days a week. Such constant vigilance can be challenging for in-house staff. This is why many organisations engage a provider of managed detection and response (MDR) security services, which monitors endpoints, workloads, and other systems to detect and monitor threats.

Unfortunately, even most managed services have several fundamental flaws that prevent them from executing on the core mission of stopping breaches.

https://www.darkreading.com/crowdstrike/managing-detections-is-not-the-same-as-stopping-breaches

From War to Web Security, Protect Your Attack Surface from the Weakest Link

With the rapid proliferation of data, increasing number of domains and subdomains as well as rise in third-party providers, the number of entry points through which attackers can infiltrate a company’s web environment is endless. Attacks are increasingly causing consequences felt beyond the perimeter of an organisation, as demonstrated earlier this year with the Colonial Pipeline breach, which caused fuel prices along the US East Coast to soar, and the attack on software provider Kaseya that forced hundreds of grocery stores in the Nordics to shut down business for days.

Security breaches often happen through an avenue that no one saw coming — a server no one knew existed, an old landing page, weak passwords or an application that was missing a patch. It’s perhaps never been clearer than today that a company is only as strong as the weakest link in its growing attack surface.

https://thenewstack.io/from-war-to-web-security-protect-your-attack-surface-from-the-weakest-link/

Number of Data Compromises Reaching All-Time High

According to an Identity Theft Resource Center (ITRC) report, the overall number of data compromises (1,862) is up more than 68 percent compared to 2020.

The new record number of data compromises is 23 percent over the previous all-time high (1,506) set in 2017. The number of data events that involved sensitive information (Ex: Social Security numbers) increased slightly compared to 2020 (83 percent vs. 80 percent). However, it remained well below the previous high of 95 percent set in 2017.

The number of victims continues to decrease (down five (5) percent in 2021 compared to the previous year) as identity criminals focus more on specific data types rather than mass data acquisition. However, the number of consumers whose data was compromised multiple times per year remains alarmingly high.

https://www.helpnetsecurity.com/2022/01/31/data-compromises-up/

Threats

Ransomware

• Inside Trickbot, Russia’s Notorious Ransomware Gang | WIRED

• Aggressive BlackCat Ransomware on the Rise (darkreading.com)

• A Look At The New Sugar Ransomware Demanding Low Ransoms (bleepingcomputer.com)

• BlackCat Ransomware - What You Need To Know | The State of Security (tripwire.com)

• KP Snacks Giant Hit By Conti Ransomware, Deliveries Disrupted (bleepingcomputer.com)

• Hacker Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks (thehackernews.com)

• Financially Motivated Hackers Use Leaked Conti Ransomware Techniques in Attacks | SecurityWeek.Com

• FBI Shares Lockbit Ransomware Technical Details, Defense Tips (bleepingcomputer.com)

• BlackCat (ALPHV) Ransomware Linked To BlackMatter, DarkSide Gangs (bleepingcomputer.com)

• Over 500,000 People Impacted By A Ransomware Attack That Hit Morley - Security Affairs

• Scottish Agency Still Recovering from 2020 Ransomware Attack - Infosecurity Magazine

• Conti Ransomware Encrypted 80% of Ireland's HSE IT Systems (bleepingcomputer.com)

• Ransomware Wants You to Like and Subscribe, Or Else (vice.com)

• Ransomware Means Your Database IS The Front Line. How Are You Defending It? • The Register

Phishing

• Low-Detection Phishing Kits Increasingly Bypass MFA | Threatpost

• MFA Adoption Pushes Phishing Actors To Reverse-Proxy Solutions (bleepingcomputer.com)

• Intuit Warns Of Phishing Emails Threatening To Delete Accounts (bleepingcomputer.com)

• Strong Authentication Protects Against Phishing. So Why Aren't More People Using It? | ZDNet

• Microsoft Blocked Billions Of Brute-Force And Phishing Attacks Last Year (bleepingcomputer.com)

Other Social Engineering

• FBI Warning: Scammers Are Posting Fake Job Ads On Networking Sites To Steal Your Money And Identity | ZDNet

Malware

• Malicious CSV Text Files Used To Install BazarBackdoor Malware (bleepingcomputer.com)

• New Malware Used by SolarWinds Attackers Went Undetected for Years (thehackernews.com)

• Microsoft: This Mac Malware Is Getting Smarter And More Dangerous | ZDNet

Data Breaches/Leaks

• The 3 Most Common Causes of Data Breaches in 2021 (darkreading.com)

• British Council Exposed More Than 100,000 Files With Student Records (bleepingcomputer.com)

Insider Risk and Insider Threats

• How Costly Is An Insider Threat? - Help Net Security

Fraud, Scams & Financial Crime

• Americans Lost $770 Million From Social Media Fraud In 2021, FTC Reports - Security Affairs

Supply Chain

• Supply Chain Security Is Not a Problem…It’s a Predicament | Threatpost

DoS/DDoS

• Reasons Why Every Business is a Target of DDoS Attacks (thehackernews.com)

CNI, OT, ICS, IIoT and SCADA

• Ransomware Often Hits Industrial Systems, With Significant Impact: Survey | SecurityWeek.Com

Nation State Actors

• Russian 'Gamaredon' Hackers Use 8 New Malware Payloads In Attacks (bleepingcomputer.com)

• State Hackers' New Malware Helped Them Stay Undetected For 250 Days (bleepingcomputer.com)

• Charming Kitten Sharpens Its Claws with PowerShell Backdoor | Threatpost

• FBI's Warning About Iranian Firm Highlights Common Cyber Attack Tactics | CSO Online

• Iranian APT Group Uses Previously Undocumented Trojan For Destructive Access To Organisations | CSO Online

Cloud

• If My Organisation Is Mostly in the Cloud, Do I Need a Firewall? (darkreading.com)

Passwords & Credential Stuffing

• The Account Takeover Cat-and-Mouse Game | Threatpost

• Reducing The Blast Radius Of Credential Theft - Help Net Security

Spyware, Espionage & Cyber Warfare

• Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers (thehackernews.com)

• Gamaredon (Primitive Bear) Russian APT Group Actively Targeting Ukraine (paloaltonetworks.com)

• Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users (thehackernews.com)

• Cyber Spies Linked To Memento Ransomware Use New PowerShell Malware (bleepingcomputer.com)

• NSO Group's Pegasus Spyware and Phantom Encryption Cracker Trigger Fresh Concerns - MSSP Alert

Vulnerabilities

• Apple, SonicWall, Internet Explorer Vulnerabilities Added To CISA List | ZDNet

• Samba 'Fruit' Bug Allows RCE, Full Root User Access | Threatpost

• Tens of Thousands of Websites Vulnerable to RCE Flaw in WordPress Plug-in (darkreading.com)

• Cisco Fixes Critical Bugs In SMB Routers, Exploits Available (bleepingcomputer.com)

• UEFI Firmware Vulnerabilities Affect At Least 25 Computer Vendors (bleepingcomputer.com)

• Google Patches 27 Vulnerabilities With Release of Chrome 98 | SecurityWeek.Com

• Intel Patched 226 Vulnerabilities in 2021 | SecurityWeek.Com

• Public Exploit Released for Windows 10 Bug | Threatpost

• 600K WordPress Sites Impacted By Critical Plugin RCE Vulnerability (bleepingcomputer.com)

• Critical Log4j Vulnerabilities Are the Ultimate Gift for Cyber Criminals (darkreading.com)

• ESET Antivirus Bug Let Attackers Gain Windows SYSTEM Privileges (bleepingcomputer.com)

Sector Specific

Financial Services Sector

• Bank Executives Mostly Concerned About Cyber Crime - Help Net Security

Retail

• Why Buy Now, Pay Later Is The Next Big Fraud Risk For Retailers | CSO Online

Transport and Aviation

• Ransomware Spree Hitting European Oil, Transport Companies - CyberScoop
  

Reports Published in the Last Week

• Identity Theft Resource Center’s 2021 Annual Data Breach Report Sets New Record for Number of Compromises - ITRC (idtheftcenter.org)

Other News

• Hackers Went Wild in 2021 — Every Company Should Do These 5 Things in 2022 (darkreading.com)

• Rush To Remote Work Left Sysadmins Struggling To Keep Businesses Safe - Help Net Security

• Telco Fined €9 Million For Hiding Cyber Attack Impact From Customers (bleepingcomputer.com)

• Are There Holes In Your Cyber Security Map? | VentureBeat

• 90% of Security Leaders Warn of Skills Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• The Real-World Impact of the Global Cyber Security Workforce Gap on Cyber Defenders (darkreading.com)

• Hundreds Of Thousands Of Routers Exposed To Eternal Silence Campaign Via UPnP - Security Affairs

• Social Security Numbers Most Targeted Sensitive Data - Infosecurity Magazine

• NIST's New Cyber-Resiliency Guidance: 3 Steps For Getting Started | CSO Online

• Organisations Neglecting Microsoft 365 Cyber Security Features - Help Net Security

• Microsoft Says MFA Adoption Remains Low, Only 22% Among Enterprise Customers - The Record by Recorded Future

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Warned To Bolster Defences Against Cyber Attacks As Russia Threatens Ukraine - BBC News

UK organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.

The National Cyber Security Centre (NCSC) has issued new guidance, saying it is vital companies stay ahead of a potential threat.

The centre said it was unaware of any specific threats to UK organisations.

It follows a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies.

In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours.

It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.

"It was a complex operation," says John Hultquist, an expert on Russian cyber operations at the US security firm Mandiant. "They even disrupted the telephone lines so that the engineers couldn't make calls."

Ukraine has been on the front line of a cyber conflict for years. But if Russia does invade the country soon, tanks and troops will still be at the forefront.

https://www.bbc.co.uk/news/uk-60158874

Cyber Attacks And Ransomware Hit A New Record In 2021, Says Report

Ransomware attacks have doubled for the past two years, says a new report—but a lot of people aren’t bothering to change their passwords.

Hackers made up for some lost time last year.

After seeing the number of data breaches decline in 2020, the Identity Theft Resource Center’s 16th Annual Data Breach Report says the number of security compromises was up more than 68% in 2021. That tops the all-time high by a shocking 23%.

All told, there were 1,862 breaches last year, says the ITRC, 356 more than in 2017, the previous busiest year on record.

“Many of the cyber attacks committed were highly sophisticated and complex, requiring aggressive defences to prevent them,” Eva Velasquez, ITRC president and CEO, said in a statement. “If those defences failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”

https://www.fastcompany.com/90715622/cyberattacks-ransomware-data-breach-new-record-2021

Ransomware Families Becoming More Sophisticated With Newer Attack Methods

Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year.

The report also found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate crippling attacks. At the same time, they are broadening their attack spheres and finding newer ways to compromise organisational networks and fearlessly trigger high-impact assaults.

https://www.helpnetsecurity.com/2022/01/28/new-ransomware-families/

More Than 90% Of Enterprises Surveyed Have Been Hit By Successful Cyber Attacks

Cyber attacks can impact any organisation, big or small. But large enterprises are often more tempting targets due to the vast amount of lucrative data they hold. A new report from cyber security firm Anomali reveals an increase in successful cyber attacks and offers ideas on how organisations can better protect themselves.

Published on Thursday, the "2022 Anomali Cyber security Insights Report" is based on a survey of 800 cyber security decision makers commissioned by Anomali and conducted by Harris between September 9 and October 13 of 2021. The survey elicited responses from professionals in the US, UK, Canada and other countries who work full time in such industries as manufacturing, telecommunications and financial services.

Among the respondents, 87% said that their organisations were victims of successful cyber attacks sometime over the past three years. In this case, a successful attack is one that caused damage, disruption or a data breach. Since the pandemic started almost two years ago, 83% of those polled have experienced an increase in attempted cyber attacks, while 87% have been hit with a rise in phishing emails, many of them exploiting coronavirus-related themes.

https://www.techrepublic.com/article/more-than-90-of-enterprises-surveyed-have-been-hit-by-successful-cyberattacks/

Ransomware Gangs Increase Efforts To Enlist Insiders For Attacks

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.

The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.

Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.

https://www.bleepingcomputer.com/news/security/ransomware-gangs-increase-efforts-to-enlist-insiders-for-attacks/

Shipment-Delivery Scams Become the Favoured Way to Spread Malware

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found.

Researchers from Avanan, a Check Point company, and Cofense have discovered recent phishing campaigns that include malicious links or attachments aimed at infecting devices with Trickbot and other dangerous malware, they reported separately on Thursday.

The campaigns separately relied on trust in widely used methods for shipping and employees’ comfort with receiving emailed documents related to shipments to try to elicit further action to compromise corporate systems, researchers said.

https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/

Most Ransomware Infections Are Self-Installed

New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed.

The finding was included in the company’s inaugural annual report on cyber security trends and predictions, Great eXpeltations, published on Thursday.

Researchers found eight out of ten ransomware infections occurred after victims unwittingly opened a zipped file containing malicious code. Abuse of third-party access accounted for 3% of all ransomware incidents, and 4% were caused by exploiting a software vulnerability on the perimeter.

The report was based on the analysis of data aggregated from Expel’s security operations center (SOC) concerning incidents spanning January 1 2021 to December 31 2021.

Other key findings were that 50% of incidents were BEC (business email compromise) attempts, with SaaS apps a top target.

https://www.infosecurity-magazine.com/news/most-ransomware-infections-self/

Staff Negligence Is Now A Major Reason For Insider Security Incidents

Insider threats cost organisations approximately $15.4 million every year, with negligence a common reason for security incidents, new research suggests.

Enterprise players today are facing cyber security challenges from every angle. Weak endpoint security, unsecured cloud systems, vulnerabilities -- whether unpatched or zero-days -- the introduction of unregulated internet of things (IoT) devices to corporate networks and remote work systems can all become conduits for a cyber attack to take place.

When it comes to the human element of security, a lack of training or cyber security awareness, mistakes, or deliberate, malicious actions also needs to be acknowledged in managing threat detection and response.

https://www.zdnet.com/article/employee-contractor-negligence-is-now-a-major-reason-for-insider-security-incidents/

22 Cyber Security Myths Organisations Need To Stop Believing In 2022

Security teams trying to defend their organisations need to adapt quickly to new challenges. Yesterday’s buzzwords and best practices have become today’s myths.

The past few years have seen a dramatic shift in how organisations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

This convoluted environment requires a new mindset to defend, and things that might have held true in the past might no longer be useful. Can digital certificates' expiration dates still be managed in a spreadsheet? Is encryption 'magic dust'? And are humans actually the weakest link?

Security experts weigh in the 22 cyber security myths that we finally need to retire in 2022.

https://www.csoonline.com/article/3648048/22-cybersecurity-myths-organisations-need-to-stop-believing-in-2022.html

Android Malware Can Factory-Reset Phones After Draining Bank Accounts

A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean.

Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks.

https://arstechnica.com/information-technology/2022/01/android-malware-can-factory-reset-phones-after-draining-bank-accounts/

GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study

Fines issued for GDPR non-compliance increased sevenfold from 2020 to 2021, analysis shows

In its latest annual GDPR summary, international law firm DLA Piper focuses attention in two areas: fines imposed and the evolving effect of the Schrems II ruling of 2020. Fines are increasing and Schrems II issues are becoming more complex.

Fines issued for GDPR non-compliance increased significantly (sevenfold) in 2021, from €158.5 million (approximately $180 million) in 2020 to just under €1.1 billion (approximately $1.25 billion) in 2021. The largest fines came from Luxembourg against Amazon (€746 million / $846 million), and Ireland against WhatsApp (€225 million / $255 million). Both are currently being appealed.

The WhatsApp fine is interesting. The original fine proposed by the Irish Data Protection Commission (DPC) was for €30 million to €50 million. However, other European regulators objected, and the European Data Processing Board (EDPB) adjudicated – instructing Ireland to increase the fine by 350%.

https://www.securityweek.com/gdpr-fines-surged-sevenfold-125-billion-2021-study

Cyber Security In 2022 – A Fresh Look At Some Very Alarming Stats

Last year Forbes wrote a couple of articles  that highlighted some of the more significant cyber statistics associated with our expanding digital ecosystem.  In retrospect, 2021 was a very trying year for cyber security in so many areas. There were high profile breaches such as Solar Winds, Colonial Pipeline and dozens of others that had major economic and security related impact.  Ransomware came on with a vengeance targeting many small and medium businesses.  

Perhaps most worrisome was how critical infrastructure and supply chains security weaknesses were targeted and exploited by adversaries at higher rates than in the past.  Since it is only January, we are just starting to learn of some of the statistics that certainly will trend in 2022.  By reviewing the topics below, we can learn what we need to fortify and bolster in terms of cyber security throughout the coming year.

https://www.forbes.com/sites/chuckbrooks/2022/01/21/cybersecurity-in-2022--a-fresh-look-at-some-very-alarming-stats/

Buy now, pay later fraud, romance and cryptocurrency schemes top the list of threats this year

Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud.

The main areas they are predicting seeing rises in fraud are:

-Buy now, pay never

-Cryptocurrency scams

-Doubling ransomware attacks

-More increases in romance fraud

-Digital elder abuse will rise

https://www.helpnetsecurity.com/2022/01/26/fraud-threats-this-year/

Threats

Ransomware

• Ransomware: More Families, More Vulnerabilities, More Weaponry Dominate 2021 - MSSP Alert

• Linux Version Of LockBit Ransomware Targets VMware ESXi Servers (bleepingcomputer.com)

• BlackCat Ransomware Targeting US, European Retail, Construction And Transportation Orgs | ZDNet

• Conti Ransomware Hits Apple, Tesla Supplier - The Record by Recorded Future

Phishing

• There's Been A Big Rise In Phishing Attacks Using Microsoft Excel XLL Add-Ins | ZDNet

• Microsoft warns of multi-stage phishing campaign leveraging Azure AD (bleepingcomputer.com)

• Evolved phishing: Device Registration Trick Adds To Phishers’ Toolbox For Victims Without MFA - Microsoft Security Blog

Other Social Engineering

• Coronavirus SMS Scam Offers Home PCR Testing Devices – Don’t Fall For It! – Naked Security (sophos.com)

Malware

• Trickbot Injections Get Harder to Detect & Analyze (darkreading.com)

• Log4j: Mirai Botnet Found Targeting ZyXEL Networking Devices | ZDNet

• Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks (thehackernews.com)

• TrickBot Malware Using New Techniques to Evade Web Injection Attacks (thehackernews.com)

Mobile

• 105 Million Android Users Targeted By Subscription Fraud Campaign (bleepingcomputer.com)

• 2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan | Ars Technica

• New FluBot And TeaBot Campaigns Target Android Devices Worldwide (bleepingcomputer.com)

• Latest Version Of Android RAT BRATA Wipes Devices After Stealing Data - Security Affairs

• Is Google Tracking Your Location Even When You Think You’ve Turned It Off? US States Sue Over “Deception” • Graham Cluley

IoT

• As IoT Attacks Increase, Experts Fear More Serious Threats (darkreading.com)

• Mirai Splinter Botnets Dominate IoT Attack Scene | ZDNet

• Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHub (darkreading.com)

• 19-Year-Old Describes How He Remotely Hacked 25+ Teslas (businessinsider.com)

Data Breaches/Leaks

• 'We're Losing Control Of Our Data' As Breaches Reach An All-Time High | ZDNet

• Personal Identifying Information For 1.5 Billion Users Was Stolen In 2021, But From Where? - TechRepublic

Organised Crime & Criminal Actors

• Russia Makes More Arrests, But Cyber Crime-Harbouring Reputation Hard To Shake (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking

• People Are Still Getting Pwned a Week After a Crypto Hack Was ‘Contained’ (vice.com)

Supply Chain

• Aqua Security Reports Large Increase in Supply Chain Attacks (infoq.com)

DoS/DDoS

• Microsoft Mitigates Largest DDoS Attack 'Ever Reported In History' (bleepingcomputer.com)

• Nobel Foundation Site Hit By DDoS Attack On Award Day (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Over 20,000 Data Center Management Systems Exposed To Hackers (bleepingcomputer.com)

• Energy Sector Still Needs to Shut the Barn Door (darkreading.com)

Nation State Actors

• North Korean Hackers Using Windows Update Service to Infect PCs with Malware (thehackernews.com)

• Russian APT29 Hackers' Stealthy Malware Undetected For Years (bleepingcomputer.com)

• North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware (thehackernews.com)

• German Intel Warns Of APT27 Targeting Commercial Organisations - Security Affairs

• Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign (darkreading.com)

• APTs Quiet Ahead Of Beijing Games, But Financially Motivated Hackers Are Still Lurking, Research Says - CyberScoop

Cloud

• Top 5 Cloud Security Data Breaches in Recent Years (makeuseof.com)

• Molerats Group Uses Public Cloud Services As Attack Infrastructure - Security Affairs

Privacy

• UK’s Privacy Tsar Mounts Fierce Defence of End-to-End Encryption - Infosecurity Magazine

Passwords & Credential Stuffing

• 65% Of Organisations Continue To Rely On Shared Logins - Help Net Security

• Strong Security Starts With The Strengthening Of The Weakest Link: Passwords - Help Net Security

• Has That Password Been Compromised? - IT Security Guru

Spyware, Espionage & Cyber Warfare

• DazzleSpy: Pro-Democracy Org Hijacked To Become macOS Spyware Distributor | ZDNet

Vulnerabilities

• Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’ | Threatpost

• Outlook Security Feature Bypass Allowed Sending Malicious Links | SecurityWeek.Com

• Attackers Now Actively Targeting Critical SonicWall RCE Bug (bleepingcomputer.com)

• Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? (thehackernews.com)

• Apple Fixes New Zero-Day Exploited To Hack macOS, iOS Devices (bleepingcomputer.com)

• F5 Fixes 25 Flaws In BIG-IP, BIG-IQ, and NGINX Products - Security Affairs

Sector Specific

Health/Medical/Pharma Sector

• Healthcare Industry Most Common Victim Of Third-Party Breaches Last Year - Help Net Security

Education and Academia

• Education Sector Hounded By Cyber Attacks In 2021 | CSO Online

• Reports Published in the Last Week

• Identity Theft Resource Center’s 2021 Annual Data Breach Report Sets New Record for Number of Compromises - ITRC (idtheftcenter.org)

• Experian plc - Experian’s Annual Future of Fraud Forecast Predicts Five Key Threats for Businesses and Consumers in 2022

• Aqua Security Reports Large Increase in Supply Chain Attacks (infoq.com)

Other News

• Cyber Security: 11 Steps To Take As Threat Levels Increase | ZDNet

• Right of Boom: Can Your MSP Really Survive A Cyber Attack? - MSSP Alert

• Are You Prepared to Defend Against a USB Attack? (darkreading.com)

• Prioritizing And Remediating Vulnerabilities In The Wake Of Log4J and Microsoft's Patch Tuesday Blunder | CSO Online

• VW Fired Senior Employee After They Raised Cyber Security Concerns | Financial Times

• Microsoft Outlook RCE Zero-Day Exploits Now Selling For $400,000 (bleepingcomputer.com)

• Hackers Are Taking Over CEO Accounts With Rogue OAuth Apps (bleepingcomputer.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Risks Top Worldwide Business Concerns In 2022

Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the COVID-19 pandemic, all of which have heavily affected firms in the past year.

Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey’s history (44% of responses), Business interruption drops to a close second (42%) and Natural catastrophes ranks third (25%), up from sixth in 2021. Climate change climbs to its highest-ever ranking of sixth (17%, up from ninth), while Pandemic outbreak drops to fourth (22%).

The annual survey incorporates the views of 2,650 experts in 89 countries and territories, including CEOs, risk managers, brokers and insurance experts. View the full global and country risk rankings.

https://www.helpnetsecurity.com/2022/01/20/cyber-concern-2022/

Bosses Think That Security Is Taken Care Of: CISOs Aren't So Sure

The World Economic Forum warns about a significant gap in understanding between C-suites and information security staff - but it's possible to close the gap.

Organisations could find themselves at risk from cyberattacks because of a significant gap between the views of their own security experts and the boardroom.

The World Economic Forum's new report, The Global Cyber Security Outlook 2022, warns there are big discrepancies between bosses and information security personnel when it comes to the state of cyber resilience within organisations.

According to the paper, 92% of business executives surveyed agree that cyber resilience is integrated into enterprise risk management strategies – or in other words, protecting the organisation against falling victim to a cyberattack, or mitigating the incident so it doesn't result in significant disruption.

However, only 55% of security-focused executives believe that cyber resilience is integrated into risk management strategies – indicating a significant divide in attitudes to cyber security.

This gap can leave organisations vulnerable to cyberattacks, because boardrooms believe enough has been done in order to mitigate threats, while in reality there could be unconsidered vulnerabilities or extra measures put in place.

https://www.zdnet.com/article/managers-think-their-systems-are-unbreakable-cybersecurity-teams-arent-so-sure/

Fraud Is On the Rise, and It's Going to Get Worse

The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud.

As more daily activities — work, education, shopping, and entertainment — shift online, fraud is also on the rise. A trio of recent reports paint a bleak picture, highlighting concerns that companies are experiencing increasing losses from fraud and that the situation will get worse over the coming year.

In KPMG's survey of senior risk executives, 67% say their companies have experienced external fraud in the past 12 months, and 38% expect the risk of fraud committed by external perpetrators to somewhat increase in the next year. External fraud, which includes credit card fraud and identity theft, is specifically referring to incidents perpetuated by individuals outside the company. For most of these respondents, there was a financial impact: Forty-two percent say their organisations experienced 0.5% to 1% of loss as a result of fraud and cybercrime.

https://www.darkreading.com/edge-articles/fraud-is-on-the-rise-and-its-going-to-get-worse

Two-Fifths of Ransomware Victims Still Paying Up

Two-fifths (39%) of ransomware victims paid their extorters over the past three years, with the majority of these spending at least $100,000, according to new Anomali research.

The security vendor hired The Harris Poll to complete its Cyber Resiliency Survey – interviewing 800 security decision-makers in the US, Canada, the UK, Australia, Singapore, Hong Kong, India, New Zealand, the UAE, Mexico and Brazil.

Some 87% said their organisation had been the victim of a successful attack resulting in damage, disruption, or a breach since 2019. However, 83% said they’d experienced more attacks since the start of the pandemic.

Over half (52%) were ransomware victims, with 39% paying up. Of these, 58% gave their attackers between $100,000 and $1m, while 7% handed over more than $1m.

https://www.infosecurity-magazine.com/news/two-fifths-ransomware-victims/

Less Than a Fifth of Cyber Leaders Feel Confident Their Organisation is Cyber-Resilient

Less than one-fifth (17%) of cyber leaders feel confident that their organisations are cyber-resilient, according to the World Economic Forum (WEF)’s inaugural Global Cyber Security Outlook 2022 report.

The study, written in collaboration with Accenture, revealed there is a wide perception gap between business executives and security leaders on the issue of cyber security. For example, 92% of businesses believe cyber-resilience is integrated into their enterprise risk-management strategies, compared to just 55% of cyber leaders.

This difference in attitude appears to be having worrying consequences. The WEF said that many security leaders feel that they are not consulted in security decisions, and only 68% believe cyber-resilience forms a major part of their organisation’s overall corporate risk management.

In addition, over half (59%) of all cyber leaders admitted they would find it challenging to respond to a cyber security incident due to a shortage of skills within their team.

Supply chain security was another major concern among cyber leaders, with almost nine in 10 (88%) viewing SMEs as a key threat to supply chains.

Interestingly, 59% of cyber leaders said cyber-resilience and cyber security are synonymous, with the differences not well understood.

https://www.infosecurity-magazine.com/news/cyber-leaders-organisation/

Endpoint Malware And Ransomware Detections Hit All-Time High

Endpoint malware and ransomware detections surpassed the total volume seen in 2020 by the end of Q3 2021, according to researchers at the WatchGuard Threat Lab. In its latest report, WatchGuard also highlights that a significant percentage of malware continues to arrive over encrypted connections.

While zero-day malware increased by just 3% to 67.2% in Q3 2021, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. Data shows that many organisations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks.

https://www.helpnetsecurity.com/2022/01/20/endpoint-malware-ransomware-detections-q3-2021/

End Users Remain Organisations' Biggest Security Risk

With the rapid adoption of hybrid working environments and increased attacks, IT and security professionals worry that future data breaches will most likely be the result of end users who are negligent of or break security policy, according to a recent Dark Reading survey. The percentage of respondents in Dark Reading's 2021 Strategic Security Survey who perceive users breaking policy as the biggest risk fell slightly, however, from 51% in 2020 to 48% in 2021. Other potential issues involving end users showed improvements as well, with social engineering falling in concern from 20% to 15% and remote work worries halving from 26% to 13%.

While this trend is positive, it's unclear where the increased confidence comes from, since more people now report ineffective end-user security awareness training (11%, to 2020's 7%).

Respondents shared their heightened concern about well-funded attacks. In 2021, 25% predicted an attack targeted at their organisations (a rise from 2020, when 20% said the same), and fear of a nation-state-sponsored action rose to 16% from 9% the year before. Yet only 16% reported sophisticated, automated malware as a top concern, a 10% drop from 2020, and fear of a gap between security and IT advances only merited 9%. A tiny 3% worried that their security tools wouldn't work well together, dropping from the previous year's 10%.

https://www.darkreading.com/edge-threat-monitor/despite-rise-of-third-party-concerns-end-users-still-the-biggest-security-risk

Supply Chain Disruptions Rose In 2021

56% of businesses experienced more supply chain disruptions in 2021 than 2020, a Hubs report reveals.

Last year was marked by a number of challenges, including computer chip shortages, port congestion, the ongoing impacts of COVID-19, logistics impediments, and energy crises, though with every hurdle faced, solutions are being sought. It is increasingly clear that while certain risks are hard to anticipate and difficult to plan for, it is possible to mitigate the effects of supply chain disruptions by establishing a robust and agile supply chain.

Over 98% of global companies are now planning to boost the resilience of their manufacturing supply chains, however, 37% have yet to implement any measures. As businesses develop long term strategies, over 57% of companies say diversification of their supply chains is the most effective way of building resilience. This report explores last year’s most disruptive events, how disruptions have changed over time, industry trends and strategies for strengthening manufacturing supply chains.

https://www.helpnetsecurity.com/2022/01/19/supply-chain-disruptions-2021/

Red Cross Begs Attackers Not to Leak Stolen Data for 515K People

A cyber attack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. UPDATE: The ICRC says it’s open to confidentially communicating with the attacker.

The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ “highly vulnerable” people. The data was stolen from a program used to reunite family members split apart by war, disaster or migration.

“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Robert Mardini, the director general of the International Committee for the Red Cross (ICRC), said in a release on Wednesday. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

https://threatpost.com/red-cross-begs-attackers-not-to-leak-515k-peoples-stolen-data/177799/

DHL Dethrones Microsoft As Most Imitated Brand In Phishing Attacks

DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth.

This isn't surprising considering that the final quarter of every year includes the Black Friday, Cyber Monday, and Christmas shopping season, so phishing lures based on package deliveries naturally increase.

DHL is an international package delivery and express mail service, delivering over 1.6 billion parcels per year.

As such, phishing campaigns impersonating the brand have good chances of reaching people who are waiting for a DHL package to arrive during the holiday season.

The specific lures range from a package that is stuck at customs and requires action for clearance to supposed tracking numbers that hide inside document attachments or embedded links.

https://www.bleepingcomputer.com/news/security/dhl-dethrones-microsoft-as-most-imitated-brand-in-phishing-attacks/

Threats

Ransomware

• New White Rabbit Ransomware Linked To FIN8 Hacking Group (bleepingcomputer.com)

• Conti Ransomware Gang Started Leaking Files Stolen From Bank Indonesia - Security Affairs

• This New Ransomware Comes With A Small But Dangerous Payload | ZDNet

• FBI Warning: This New Ransomware Makes Demands Of Up To $500,000 | ZDNet

• Experts Warn Of Attacks Using A New Linux Variant Of SFile Ransomware - Security Affairs

• SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack | Threatpost

• FBI Warns Organisations of Diavol Ransomware Attacks | SecurityWeek.Com

• Marketing Giant RRD Confirms Data Theft In Conti Ransomware Attack (bleepingcomputer.com)

• After Ransomware Arrests, Some Dark Web Criminals Are Getting Worried | ZDNet

BEC – Business Email Compromise

• Nigerian Authorities Arrest 11 Members of Prolific BEC Fraud Group | SecurityWeek.Com

Phishing

• Phishing Impersonates Shipping Giant Maersk To Push STRRAT Malware (bleepingcomputer.com)

• #COVID19 Phishing Emails Surge 500% on Omicron Concerns - Infosecurity Magazine

• Financially Motivated Earth Lusca Threat Actors Targets Orgs Worldwide - Security Affairs

Malware

• Microsoft Details Recent Damaging Malware Attacks on Ukrainian Organisations (darkreading.com)

• Custom-Written Malware Discovered Across Windows, MacOS, And Linux Systems | TechSpot

• Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

• Ukraine: Wiper Malware Masquerading As Ransomware Hits Government Organisations - Help Net Security

• Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware (thehackernews.com)

• Linux Malware Is On The Rise. Here Are Three Top Threats Right Now | ZDNet

• Malware That Can Survive OS Reinstalls Strikes Again, Likely for Cyber Espionage | PCMag

• New MoonBounce UEFI Malware Used By Apt41 In Targeted Attacks (bleepingcomputer.com)

Data Breaches/Leaks

• Exposed Records Exceeded 40 Billion In 2021 - Help Net Security

• European Regulators Hand Out €1.1bn in GDPR Fines - Infosecurity Magazine

Organised Crime & Criminal Actors

• Financially Motivated Earth Lusca Threat Actors Targets Orgs Worldwide - Security Affairs

• A Hacker Is Negotiating With Victims on the Blockchain After $1.4M Heist (vice.com)

• FBI & European Police Take Down Computer Servers Used In Major Cyberattacks Worldwide - CNNPolitics

• Europol Shuts Down VPNLab, Cyber Criminals' Favourite VPN Service (thehackernews.com)

Cryptocurrency/Cryptomining/Cryptojacking

• 2FA Bypassed in $34.6M Crypto.com Heist | Threatpost

• Cyber Criminals Actively Target VMware vSphere with Cryptominers | Threatpost

• New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets (thehackernews.com)

• Cheap Malware Is Behind A Rise In Attacks On Cryptocurrency Wallets | ZDNet

Insider Risk and Insider Threats

• Research: Why Employees Violate Cyber Security Policies (hbr.org)

• What CISOs Can Learn About Insider Threats From Iran's Human Espionage Tactics | CSO Online

Fraud, Scams & Financial Crime

• How Buy Now, Pay Later Is Being Targeted By Fraudsters - Help Net Security

• Romance Scammer Who Targeted 670 Women Gets 28 Months In Jail – Naked Security (sophos.com)

Insurance

• Merck Awarded $1.4B Insurance Payout over NotPetya Attack | Threatpost

CNI, OT, ICS, IIoT and SCADA

• UK Mulls Making MSPs Subject To Mandatory Security Standards • The Register

• ‘Anomalous’ Spyware Stealing Credentials In Industrial Firms (bleepingcomputer.com)

• European Union Simulated A Cyber Attack On A Fictitious Finnish Power Company - Security Affairs

Nation State Actors

• Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure (thehackernews.com)

• Ukraine Cyber Attack Timeline: Microsoft, CISA, White House and Kyiv Statements - MSSP Alert

• Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks (thehackernews.com)

• Security Scanners Across Europe Tied To China Govt, Military | AP News

Cloud

• Attackers Use Public Cloud Providers To Spread RATs | CSO Online

Privacy

• UK.Gov's No Place To Hide campaign flops on launch • The Register

Passwords & Credential Stuffing

• Your Keyboard Walking Password Isn’t Complex Or Secure – Review Geek

• Box Flaw Allowed To Bypass MFA And Takeover Accounts - Security Affairs

Spyware, Espionage & Cyber Warfare

• Malware That Can Survive OS Reinstalls Strikes Again, Likely for Cyber Espionage | PCMag

Vulnerabilities

• CISA Adds 13 Exploited Vulnerabilities To List, 9 with Feb. 1 Remediation Date | ZDNet

• Microsoft RDP Vulnerability Makes It A Breeze For Attackers To Become Men-In-The-Middle - TechRepublic

• High-Severity Vulnerabilities Patched in McAfee Enterprise Product | SecurityWeek.Com

• Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM (thehackernews.com)

• A bug in McAfee Agent allows to run code with SYSTEM privileges - Security Affairs

• Zoho Fixes A Critical Vulnerability (CVE-2021-44757) in Desktop Central - Security Affairs

• Ubuntu Patch For Heap Buffer Overflow Vulnerability • The Register

• Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers (thehackernews.com)

• Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks (thehackernews.com)

• F5 Patches Two Dozen Vulnerabilities in BIG-IP | SecurityWeek.Com

• McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges | Threatpost

• Oracle Critical Patch Update for January 2022 will fix 483 new flaws - Security Affairs

• 20K WordPress Sites Exposed by Insecure Plugin REST-API | Threatpost

• Nasty Linux Kernel Bug Found And Fixed | ZDNet

• Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software (thehackernews.com)

• Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks (thehackernews.com)

• Critical SAP Vulnerability Allows Supply Chain Attacks | SecurityWeek.Com

• Zoho Plugs Another Critical Security Hole In Desktop Central (bleepingcomputer.com)

• Safari Exploit Can Leak Browser Histories And Google Account Info | Engadget

Sector Specific

Financial Services Sector

• Singapore Pushed To Introduce Security Measures Amidst Online Banking Scams | ZDNet

Health/Medical/Pharma Sector

• More Than Half Of Medical Devices Found To Have Critical Vulnerabilities | ZDNet

• Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack | SecurityWeek.Com

Retail

• PCI SSC Updates Card Security Standards To Secure The Card Production Process - Help Net Security

Education and Academia

• Kids Won’t Stop Launching DDoS Attacks Against Their Schools | TechRadar

Other News

• Biggest MSP Takeaways From The Apache Log4j Vulnerability - MSSP Alert

• The Emotional Stages Of A Data Breach: How To Deal With Panic, Anger, And Guilt | CSO Online

• The Log4j Vulnerability Puts Pressure on the Security World | Threatpost

• Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes (thehackernews.com)

• BadUSB explained: How rogue USBs threaten your organisation | CSO Online

• Millions of UK Wi-Fi Routers Vulnerable To Security Threats - IT Security Guru

• NATO, Ukraine Sign Deal to 'Deepen' Cyber Cooperation | SecurityWeek.Com

• UK Umbrella Company Parasol Group Confirms Cyber Attack • The Register

• MPs Criticise Cyber Agency For Not Aiding China Rights Group After It Was Hacked | China | The Guardian

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.