Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 16 September 2022
Black Arrow Cyber Threat Briefing 16 September 2022
-CFOs’ Overconfidence in Cyber Security Can Cost Millions
-Cyber Security Outflanks Inflation, Talent, Logistics in Business Worries
-Attackers Can Compromise Most Cloud Data in Just 3 Steps
-Cyber Insurance Premiums Soar 80% As Claims Surge
-One In 10 Employees Leaks Sensitive Company Data Every 6 Months
-Business Application Compromise & the Evolving Art of Social Engineering
-SMBs Are Hardest-Hit By Ransomware
-65% Say Legacy Backup Solutions Aren’t Up To Ransomware Challenges
-Four-Fifths of Firms Hit by Critical Cloud Security Incident
-Homeworkers Putting Home and Business Cyber Safety at Risk
-Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen
-IHG hack: 'Vindictive' couple deleted hotel chain data for fun
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
CFOs’ Overconfidence in Cyber Security Can Cost Millions
Kroll announced its report entitled ‘Cyber Risk and CFOs: Over-Confidence is Costly’ which found chief financial officers (CFOs) to be woefully in the dark regarding cyber security, despite confidence in their company’s ability to respond to an incident.
The report, conducted by StudioID of Industry Dive, exposed three key themes among the 180 senior finance executives surveyed worldwide:
Ignorance is bliss. Eighty-seven percent of CFOs are either very or extremely confident in their organisation’s cyber attack response. This is at odds with the level of visibility CFOs have into cyber risk issues, given only four out of 10 surveyed have regular briefings with their cyber teams.
Wide-ranging damages. 71% of the represented organisations suffered more than $5 million in financial losses stemming from cyber incidents in the previous 18 months, and 61% had suffered at least three significant cyber incidents in that time. Eighty-two percent of the executives in the survey said their companies suffered a loss of 5% or more in their valuations following their largest cyber security incident in the previous 18 months.
Increasing investment in cyber security. Forty-five percent of respondents plan to increase the percentage of their overall IT budget dedicated to information security by at least 10%.
According to Kroll: “We often see that CFOs are not aware enough of the financial risk presented by cyber threats until they face an incident. At that point, it’s clear that they need to be involved not only in the recovery, including permitting access to emergency funds and procuring third-party suppliers, but also in the strategy and investment around cyber both pre- and post-incident.”
“Ultimately, cyber attacks represent a financial risk to the business, and incidents can have a significant impact on value. It is, therefore, critical that this is included in wider business risk considerations. A CFO and CISO should work side-by-side, helping the business navigate the operational and financial risk of cyber.”
https://www.helpnetsecurity.com/2022/09/14/cfos-cybersecurity-confidence/
Cyber Security Outflanks Inflation, Talent, Logistics in Business Worries
Nearly six in 10 IT leaders in a new study view cyber security as their top business concern, ranking it higher than inflation, retaining talent and supply chain/logistics management.
Less than half of respondents (43%) believe their critical data and assets are protected from cyber threats despite increased cyber security investments by their organisations, greater board visibility and increased collaboration between the security team and the C-suite, Rackspace said in its new survey of 1,420 IT professionals worldwide.
The multi-cloud technology services specialist said that a “large majority” of the survey respondents report being either unprepared or only “somewhat prepared” to respond to major threats, such as identifying and mitigating threats and areas of concern (62%), recovering from cyber attacks (61%) or preventing lapses and breaches (63%).
Cloud native security is where organisations are most likely to rely on an outside partner, such as a managed security service provider, for expertise.
Here are more of the survey’s findings:
The top three cyber security challenges their organisation is facing: migrating and operating apps (45%); shortage of workers with cyber security skills (39%); lack of visibility of vulnerabilities across all infrastructure (38%).
70% of survey respondents report that their cyber security budgets have increased over the past three years.
The leading recipients of new investment are cloud native security (59%); data security (50%), consultative security services (44%); and application security (41%).
Investments align closely with the areas where organisations perceive their greatest concentration of threats, led by network security (58%), closely followed by web application attacks (53%) and cloud architecture attacks (50%).
70% of respondents said there has been an increase in board visibility for cyber security over the past five years, while 69% cite better collaboration between the security team and members of the C-suite.
Only 13% of respondents said there were significant communications gaps between the security team and C-suite, while 69% of IT executives view their counterparts in the C-suite as advocates for their concerns.
The authors stated “We are seeing a major shift in how organisations are allocating resources to address cyber threats, even as budgets increase. The cloud brings with it a new array of security challenges that require new expertise, and often reliance on external partners who can help implement cloud native security tools, automate security, provide cloud native application protection, offer container security solutions and other capabilities”.
Attackers Can Compromise Most Cloud Data in Just 3 Steps
An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.
Companies and their cloud providers often leave vulnerabilities open in their system and services, gifting attackers with an easy path to gain access to critical data.
According to an Orca Security analysis of data collected from major cloud services, attackers only need on average three steps to gain access to sensitive data, the so-called "crown jewels," starting most often — in 78% of cases — with the exploitation of a known vulnerability.
While much of the security discussion has focused on the misconfigurations of cloud resources by companies, cloud providers have often been slow to plug vulnerabilities.
The key is to fix the root causes, which is the initial vector, and to increase the number of steps that they attacker needs to take. Proper security controls can make sure that even if there is an initial attack vector, you are still not able to reach the crown jewels.
The report analysed data from Orca's security research team using data from a "billions of cloud assets on AWS, Azure, and Google Cloud," which the company's customers regularly scan. The data included cloud workload and configuration data, environment data, and information on assets collected in the first half of 2022.
https://www.darkreading.com/cloud/cyberattackers-compromise-most-cloud-data-3-steps
Cyber Insurance Premiums Soar 80% As Claims Surge
Cyber insurance premiums have soared in the past year as claims surged in response to a rise in damaging attacks by hackers.
The cost of taking out cyber cover had doubled on average every year for the past three years, said global insurance broker Marsh. Honan Group, another broker, pointed to an 80 per cent rise in premiums in the past 12 months, following a 20 per cent increase in the cost of cover in each of the previous two years.
Brokers are calling cyber “the new D&O”, referring to sharp rises in directors and officers insurance premiums since 2018. Brokers were hopeful premiums would ease, but have warned insurers would continue to demand companies prove they had strong security systems and policies in place before agreeing to sell them insurance.
There’ll be a number of insurance companies that won’t even look at a business that doesn’t have a bunch of security measures in place. They’ll just turn around and say, ‘we’re not going to insure you’. The chief reason for the price rises is the increase in the number and size of claims relating to ransomware, where criminals use malicious software to block access to an organisation’s computer system until a sum of money is paid. In addition, some insurers left the market, while remaining players attempted to recoup the cost of under-priced contracts written in previous years.
The rise in the premiums is mainly due to ransomware and cyber attacks across the board have risen sharply over the past few years.
One In 10 Employees Leaks Sensitive Company Data Every 6 Months
Departing employees are most likely to leak sensitive information to competitors, criminals or the media in exchange for cash.
Insider threats are an ongoing menace that enterprise security teams need to handle. It's a global problem but especially acute in the US, with 47 million Americans quitting their jobs in 2021. The threat of ex-employees taking sensitive information to competitors, selling it to criminals in exchange for cash, and leaking files to media is making data exfiltration a growing concern.
About 1.4 million people who handle sensitive information in their organisation globally were tracked over the period from January to June 30 this year by cyber security firm Cyberhaven to find out when, how and who is involved in data exfiltration.
On average, 2.5% of employees exfiltrate sensitive information in a month, but over a six-month period, nearly one in 10, or 9.4% of employees, do so, Cyberhaven noted in its report. Data exfiltration incidents occur when data is transferred outside the organisation in unapproved ways.
Among employees that exfiltrated data, the top 1% most prolific “super stealers” were responsible for 7.7% of incidents, and the top 10% were responsible for 34.9% of incidents.
North America accounted for the highest number of incidents at 44%, followed by the Asia Pacific region at 27%. Europe, the Middle East, and Africa accounted for 24% of incidents while 5% of incidents were recorded in South America.
Business Application Compromise and the Evolving Art of Social Engineering
Social engineering is hardly a new concept, even in the world of cyber security. Phishing scams alone have been around for nearly 30 years, with attackers consistently finding new ways to entice victims into clicking a link, downloading a file, or providing sensitive information.
Business email compromise (BEC) attacks iterated on this concept by having the attacker gain access to a legitimate email account and impersonate its owner. Attackers reason that victims won't question an email that comes from a trusted source — and all too often, they're right.
But email isn't the only effective means cyber criminals use to engage in social engineering attacks. Modern businesses rely on a range of digital applications, from cloud services and VPNs to communications tools and financial services. What's more, these applications are interconnected, so an attacker who can compromise one can compromise others, too. Organisations can't afford to focus exclusively on phishing and BEC attacks — not when business application compromise (BAC) is on the rise.
SMBs Are Hardest-Hit By Ransomware
Coalition announced the mid-year update to its 2022 Cyber Claims Report detailing the evolution of cyber trends, revealing that small businesses have become bigger targets, overall incidents are down, and ransomware attacks are declining as demands go unpaid.
During the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, which is 58% higher than levels during the first half of 2021.
“Across industries, we continue to see high-profile attacks targeting organisations with weak or exposed infrastructure — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors,” said Coalition’s Head of Claims.
“Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that Active Insurance is accessible.”
The good news: both Coalition and the broader insurance industry observed a decrease in ransomware attack frequency and the amount of ransom demanded between the second half of 2021 and the first half of 2022. Ransomware demands decreased from $1.37M in H2 2021 to $896,000 in H1 2022.
“Organisations are increasingly aware of the threat ransomware poses. They have started to implement controls such as offline data backups that allow them to refuse to pay the ransom and restore operations through other means,” said Coalition’s Head of Incident Response. “As ransomware is on the decline, attackers are turning to reliable methods. Phishing, for example, has skyrocketed – and only continues to grow.”
https://www.helpnetsecurity.com/2022/09/15/small-businesses-ransomware-targets/
65% Say Legacy Backup Solutions Aren’t Up To Ransomware Challenges
HYCU researchers are reporting 65% of respondents lack full confidence in their legacy backup solutions (HYCU is a multi-cloud backup-as-a-service provider).
According to the report, 65% of surveyed enterprise organisations are increasing spending on detection, prevention and recovery, and respondents are beginning to understand that air-gapped or immutable backups are the only ways to ensure that the backups themselves don’t fall prey to encryption worms when ransomware hits.
Key findings include:
52% of ransomware victims suffered data loss
63% of victims suffered an operational disruption
Just 41% air gap their backups
Just 47% routinely test their backups
Only 35% of respondents believe their current backup and recovery tools are sufficient.
Four-Fifths of Firms Hit by Critical Cloud Security Incident
Some 80% of organisations suffered a “severe” cloud security incident over the past year, while a quarter worry they’ve suffered a cloud data breach and aren’t aware of it, according to new research from Snyk.
The developer security specialist polled 400 cloud engineering and security practitioners from organisations of various sizes and sectors, to compile its State of Cloud Security Report.
Among the incidents flagged by respondents over the past 12 months were breaches, leaks, intrusions, crypto-mining, compliance violations, failed audits and system downtime in the cloud.
Startups (89%) and public sector organisations (88%) were the most likely to have suffered such an incident over the period.
The bad news is that 58% of respondents predict they will suffer another severe incident in the cloud over the coming year. Over three-quarters (77%) of those questioned cited poor training and collaboration as a major challenge in this regard.
“Many cloud security failures result from a lack of effective cross-team collaboration and team training. When different teams use different tools or policy frameworks, reconciling work across those teams and ensuring consistent enforcement can be challenging,” the report argued.
https://www.infosecurity-magazine.com/news/fourfifths-firms-critical-cloud/
Homeworkers Putting Home and Business Cyber Safety at Risk
BlackBerry published a European research report exposing the cyber security risk created by cost-conscious homeworkers who prioritise security behind price, usability and ease of set up in their purchase of domestic smart devices.
32% of European home workers who own a smart device surveyed said security was a top three factor when choosing a smart device, compared to 50% who prioritised price. 28% of businesses aren’t putting adequate security provisions in place to extend cyber protection as far as homes. This heightens the risk of cyber attacks for businesses and their employees, as hybrid and home working become the norm.
The survey of 4,000 home workers in the UK, France, Germany, and the Netherlands revealed that 28% of people say that their employer has not done or communicated anything about protecting their home network or smart devices, or they don’t know if they are protected.
Furthermore, 75% of Europeans say their employers have taken no steps to secure the home internet connection or provide software protection for home devices. This failure to extend network security to home devices increases risk of the vulnerabilities created by hybrid and home working being successfully exploited. These are particularly sobering findings for small and mid-sized businesses who face upwards of eleven cyber attacks per device, per day, according to the research.
Through even the most innocent of devices, bad actors can access home networks with connections to company devices – or company data on consumer devices – and seize the opportunity to steal data and intellectual property worth millions. It’s likely businesses will bear the brunt of cyber attacks caused by unsecured home devices, with knock-on effects to employees themselves.
https://www.helpnetsecurity.com/2022/09/12/homeworkers-smart-devices-security/
Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen
Uber suffered a cyber attack Thursday afternoon with an allegedly 18-year-old hacker downloading HackerOne vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.
The screenshots shared by the hacker and seen by BleepingComputer show what appears to be full access to many critical Uber IT systems, including the company's security software and Windows domain.
Other systems accessed by the hacker include the company's Amazon Web Services console, VMware vSphere/ESXi virtual machines, and the Google Workspace admin dashboard for managing the Uber email accounts.
The threat actor also breached the Uber Slack server, which he used to post messages to employees stating that the company was hacked. However, screenshots from Uber's slack indicate that these announcements were first met with memes and jokes as employees had not realised an actual cyber attack was taking place.
Uber has since confirmed the attack, tweeting that they are in touch with law enforcement and will post additional information as it becomes available. "We are currently responding to a cyber security incident. We are in touch with law enforcement and will post additional updates here as they become available," tweeted the Uber Communications account.
The New York Times, which first reported on the breach, said they spoke to the threat actor, who said they breached Uber after performing a social engineering attack on an employee and stealing their password. The threat actor then gained access to the company's internal systems using the stolen credentials.
IHG Hack: 'Vindictive' Couple Deleted Hotel Chain Data for Fun
Hackers have told the BBC they carried out a destructive cyber-attack against Holiday Inn owner Intercontinental Hotels Group (IHG) "for fun".
Describing themselves as a couple from Vietnam, they say they first tried a ransomware attack, then deleted large amounts of data when they were foiled. They accessed the FTSE 100 firm's databases thanks to an easily found and weak password, Qwerty1234. An expert says the case highlights the vindictive side of criminal hackers.
UK-based IHG operates 6,000 hotels around the world, including the Holiday Inn, Crowne Plaza and Regent brands. On Monday last week, customers reported widespread problems with booking and check-in. For 24 hours IHG responded to complaints on social media by saying that the company was "undergoing system maintenance".
Then on the Tuesday afternoon it told investors that it had been hacked.
Threats
Ransomware and Extortion
How prepared are organisations to tackle ransomware attacks? - Help Net Security
Lorenz ransomware breaches corporate network via phone systems (bleepingcomputer.com)
3 Iranian nationals are accused of ransomware attacks on US victims (cnbc.com)
Emotet botnet now pushes Quantum and BlackCat ransomware (bleepingcomputer.com)
Cisco confirms Yanluowang ransomware leaked stolen company data (bleepingcomputer.com)
DEV-0270 Hacker Group Uses Windows BitLocker Feature to Encrypt Systems (gbhackers.com)
New York ambulance service discloses data breach after ransomware attack (bleepingcomputer.com)
The ransomware problem won't get better until we change one thing | ZDNET
Iranian Hackers Used Victims’ Printers to Issue Ransom Demands, DOJ Says (vice.com)
Transparency, disclosure key to fighting ransomware (techtarget.com)
Cisco Data Breach Attributed to Lapsus$ Ransomware Group (darkreading.com)
Ransomware Group Leaks Files Stolen From Cisco | SecurityWeek.Com
Phishing & Email Based Attacks
Revolut hit by ‘phishing’ cyber attack | Business | The Times
Phishing page embeds keylogger to steal passwords as you type (bleepingcomputer.com)
Hackers now use ‘sock puppets’ for more realistic phishing attacks (bleepingcomputer.com)
Phishers take aim at Facebook page owners - Help Net Security
Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials (darkreading.com)
Death of Queen Elizabeth II exploited to steal Microsoft credentials (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
Hackers Are Using WeTransfer Links To Spread Malware (informationsecuritybuzz.com)
New malware bundle self-spreads through YouTube gaming videos (bleepingcomputer.com)
Linux variant of the SideWalk backdoor discovered - Help Net Security
Malware on Pirated Content Sites a Major WFH Risk for Enterprises (darkreading.com)
How to spot and avoid scams and malware in search results - The Washington Post
Gay hookup site typosquatted to push dodgy Chrome extensions, scams (bleepingcomputer.com)
Mobile
Google Patches Critical Vulnerabilities in Pixel Phones | SecurityWeek.Com
Apple patches iPhone and macOS flaws under active attack • The Register
Internet of Things – IoT
Securing your IoT devices against cyber attacks in 5 steps (bleepingcomputer.com)
EU Wants to Toughen Cyber Security Rules for Smart Devices | SecurityWeek.Com
Data Breaches/Leaks
Uber hacked, internal systems breached and vulnerability reports stolen (bleepingcomputer.com)
LastPass says hackers had internal access for four days (bleepingcomputer.com)
Hacker sells stolen Starbucks data of 219,000 Singapore customers (bleepingcomputer.com)
U-Haul discloses data breach exposing customer driver licenses (bleepingcomputer.com)
Organised Crime & Criminal Actors
Chinese-linked cyber crims nab $529 million from India • The Register
Cyber Crime Forum Admins Steal from Site Users - Infosecurity Magazine (infosecurity-magazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Police arrest man for laundering tens of millions in stolen crypto (bleepingcomputer.com)
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies (thehackernews.com)
Fake cryptocurrency giveaway sites have tripled this year (bleepingcomputer.com)
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities (trendmicro.com)
DOJ drops report on cryptocurrency crime efforts (techtarget.com)
76% Of Financial Institutions Plan On Using Crypto In The Next 3 Years (informationsecuritybuzz.com)
How Can You Tell if a Cryptocurrency is Legitimate? Read Our Guide To Find Out - IT Security Guru
Insider Risk and Insider Threats
5 Ways to Mitigate Your New Insider Threats in the Great Resignation (thehackernews.com)
Ex-Broadcom engineer asks for no prison in trade secret case • The Register
Fraud, Scams & Financial Crime
Microsoft Edge’s News Feed ads abused for tech support scams (bleepingcomputer.com)
Cops Raid Suspected Fraudster Penthouses - Infosecurity Magazine (infosecurity-magazine.com)
How to spot and avoid scams and malware in search results - The Washington Post
Tax fraud ring leader jailed for selling children’s stolen identities (bleepingcomputer.com)
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
Hackers breach software vendor for Magento supply-chain attacks (bleepingcomputer.com)
WordPress sites backdoored after FishPig supply chain attack • The Register
Denial of Service DoS/DDoS
Cloud/SaaS
5 ways to improve your cloud security posture (techtarget.com)
Excess privilege in the cloud is a universal security problem, IBM says | CSO Online
Organisations lack visibility into unauthorised public cloud data access - Help Net Security
One-third of enterprises don’t encrypt sensitive data in the cloud | CSO Online
Attack Surface Management
Cyber attack trends vs. growing IT complexity - Help Net Security
Outdated infrastructure remains a problem against sophisticated cyber attacks - Help Net Security
Shadow IT
Encryption
API
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies (thehackernews.com)
API security—and even visibility—isn’t getting handled by enterprises | CSO Online
Bad bots are coming at APIs! How to beat the API bot attacks? - Help Net Security
Open Source
When It Comes to Security, Don’t Overlook Your Linux Systems | SecurityWeek.Com
40% of pros scaled back back open source use over security • The Register
You never walk alone: The SideWalk backdoor gets a Linux variant | WeLiveSecurity
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Thwarting attackers in their favourite new playground: Social media - Help Net Security
Cyber attackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign (darkreading.com)
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
Nation State Actors – Russia
Montenegro Wrestles With Massive Cyber Attack, Russia Blamed | SecurityWeek.Com
Russia’s cyber future connected at the waist to Soviet military industrial complex | CSO Online
Nation State Actors – North Korea
Nation State Actors – Iran
Iranian cyber spies use multi-persona impersonation in phishing threads | CSO Online
Albania says Iranian hackers hit the country with another cyber attack - CyberScoop
US, UK, Canada and Australia Link Iranian Government Agency to Ransomware Attacks | SecurityWeek.Com
Iranian Hackers Used Victims’ Printers to Issue Ransom Demands, DOJ Says (vice.com)
Vulnerability Management
Vulnerabilities
Adobe Patches 63 Security Flaws in Patch Tuesday Bundle | SecurityWeek.Com
CISA orders agencies to patch vulnerability used in Stuxnet attacks (bleepingcomputer.com)
Chrome 105 Update Patches High-Severity Vulnerabilities | SecurityWeek.Com
Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs (bleepingcomputer.com)
Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs (darkreading.com)
Apple fixed the eighth actively exploited zero-day this year - Security Affairs
Cisco Patches High-Severity Vulnerability in SD-WAN vManage | SecurityWeek.Com
Over 280,000 WordPress sites may have been hijacked by zero-day hiding in popular plugin | TechRadar
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices (thehackernews.com)
CISA added 2 more security flaws to its Known Exploited Vulnerabilities Catalog - Security Affairs
ManageEngine Password Management Vulnerability and Patch: Details for MSPs, MSSPs - MSSP Alert
Reports Published in the Last Week
Other News
MSPs and cyber security: The time for turning a blind eye is over - Help Net Security
Organisations should fear misconfigurations more than vulnerabilities - Help Net Security
Companies need data privacy plan before joining metaverse (techtarget.com)
Lens reflections may betray your secrets in Zoom video calls • The Register
US Government Wants Security Guarantees From Software Vendors | SecurityWeek.Com
The Cyber Security Head Game | Psychology Today South Africa
Cyber Security Report: Average Data Breach in US Costs $9.4 Million - MSSP Alert
5 Best Practices for Building Your Data Loss Prevention Strategy (darkreading.com)
Hands-on cyber attacks jump 50%, CrowdStrike reports | CSO Online
Penetration Testing Report: Security Misconfiguration Is "Top Vulnerability" - MSSP Alert
Twitter whistleblower: Lack of access, data controls invite exploitation | SC Media (scmagazine.com)
Cost of Living Crisis Impact on Online Activity - IT Security Guru
Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber (darkreading.com)
Zoom outage left users unable to sign in or join meetings (bleepingcomputer.com)
Five ways your data may be at risk — and what to do about it (bleepingcomputer.com)
Twitter's ex-security boss Zatko disses biz as dysfunctional • The Register
Don't Let Your Home Wi-Fi Get Hacked. Here's What to Do - CNET
How serious are organisations about their data sovereignty strategies? - Help Net Security
Undermining Microsoft Teams Security By Mining Tokens (informationsecuritybuzz.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 October 2021
Black Arrow Cyber Threat Briefing 29 October 2021
-Protect Your Passwords, Warns Spy Chief, As Ransomware Cyber Attacks Double
-Graff Multinational Jeweller Hit by Conti Gang, Data of its Rich Clients Are At Risk
-Business Email Compromise (BEC) Costs UK Firms £140M Over Past Year
-Ransomware: It's A 'Golden Era' For Cyber Criminals - And It Could Get Worse Before It Gets Better
-Despite Increased Cyber Threats, Many Organisations Have No Defence Plans In Place
-Serious Warning Issued For Millions Of Apple iPhone Users
-Ransomware Attacks Are Evolving. Your Security Strategy Should, Too
-Solarwinds Hackers Are Targeting The Global It Supply Chain, Microsoft Says
-Defenders Worry Orgs Are More Vulnerable Than Last Year
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Protect Your Passwords, Warns Spy Chief, As Ransomware Cyber Attacks Double
Ransomware cyber attacks doubled in the past year, the chief of GCHQ has revealed - as he warned Britain must “pay attention” to attacks from China.
Sir Jeremy Fleming, director of the cyber spy agency, called for more action to "sort out" ransomware attacks across the UK, adding it was not "rocket science".
He said such attacks have doubled in the last year, with hackers using software to lock files on computers and stop victims from accessing their own data.
This essentially holds them hostage until the hackers receive payment and then give a decryption key to the victim, so they can regain access.
‘Criminals are making very good money from it’
Sir Jeremy said ransomware "just pays" and added that "criminals are making very good money from it and are often feeling that that's largely uncontested".
While cautious of “keeping up” with security challenges alongside European partners, he said the immediate priority was tackling “links between criminal and state actors” to defeat ransomware, which he said “is no mean feat in itself”. https://www.telegraph.co.uk/news/2021/10/25/ransomware-cyber-attacks-double-year-reveals-spy-chief/
Graff Multinational Jeweller Hit by Conti Gang. Data of its Rich Clients Are At Risk, Including Trump and Beckham, as the Gang Threaten to Release Private Details of World Leaders, Actors and Tycoons
The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff and asked the payment of a multi-million ransom to avoid leaking details of world leaders, actors and tycoons.
The customers of the company are the richest people on the globe, including Donald Trump, David Beckham, Tom Hanks, Samuel L Jackson, Alec Baldwin, and Sir Philip Green.
As proof of the hack, the group already published on its leak site files related to purchases made by David Beckham, Oprah, and Donald Trump.
The Conti gang has already leaked 69,000 confidential documents, leaked files include customer lists, invoices, receipts, and credit notes. https://securityaffairs.co/wordpress/123980/cyber-crime/conti-ransomware-graff-jeweller.html
Business Email Compromise (BEC) Costs UK Firms £140M Over Past Year
Reported business email compromise (BEC) incidents have hit 4600 cases over the past 12 months, costing individuals and businesses £138m in losses, according to new figures from the UK’s National Economic Crime Centre (NECC).
The government body is working with the National Crime Agency (NCA), City of London Police, banking group UK Finance and fraud prevention non-profit Cifas on a new campaign to raise awareness of the crime, also dubbed “mandate fraud” or “payment diversion fraud.”
It claimed that the average amount lost over those 4600 cases was £30,000, with criminals typically impersonating others and creating or amending invoices to trick victims into diverting money to accounts under their control. https://www.infosecurity-magazine.com/news/bec-costs-uk-firms-140m-past-year/
Ransomware: It's A 'Golden Era' For Cyber Criminals - And It Could Get Worse Before It Gets Better
Ransomware is the most significant cybersecurity threat facing organisations today as increasingly professional and sophisticated cyber criminals follow the money in order to maximise the profit from illicit campaigns.
ENISNA, the European Union Agency for Cybersecurity, has released the latest edition of the ENISA Threat Landscape (ETL) report, which analyses cyber-criminal activity between April 2020 and July 2021. It warns of a surge in cyber criminality, much of it driven by the monetisation of ransomware attacks.
Although the paper warns that many different cybersecurity threats are on the rise, ransomware represents the 'prime threat' faced by organisations today, with a 150% rise in ransomware attacks during the reporting period. And there are fears that despite the problem of ransomware attracting the attention of world leaders, the problem will get worse before it gets better. https://www.zdnet.com/article/ransomware-its-a-golden-era-for-cyber-criminals-and-it-could-get-worse-before-it-gets-better/
Despite Increased Cyber Threats, Many Organisations Have No Defence Plans In Place
98% of US executives report that their organisations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-US executives, according to a Deloitte survey.
Further, COVID-19 pandemic disruption led to increased cyber threats to US executives’ organisations (86%) at a considerably higher rate than non-US executives experienced (63%). Yet, 14% of US executives say their organisations have no cyber threat defence plans, a rate more than double that of non-US executives (6%).
The biggest fallout US execs report from cyber incidents or breaches at their organisations during the past year include operational disruption (28%), share price drop (24%), leadership change (23%), intellectual property theft (22%) and loss of customer trust (22%).
Increases in data management, perimeter and complexities (38%), inability to match rapid technology changes (35%) and a need for better prioritization of cyber risk across the enterprise (31%) all pose obstacles to US executives’ organisation-wide cybersecurity management programs.
“No CISO or CSO ever wants to tell organisational stakeholders that efforts to manage cyber risk aren’t keeping-up with the speed of digital transformations made, or bad actors’ improving tactics”. https://www.helpnetsecurity.com/2021/10/28/threat-defence-plans/
Serious Warning Issued For Millions Of Apple iPhone Users
While iPhone 13 sales continue to soar, iPhones owners have faced growing security threats, multiple App Store scams, potential privacy violations and zero day hacks. Now a shocking account of extreme iPhone hacking has been revealed.
In a remarkable report, New York Times senior reporter Ben Hubbard has revealed how his iPhone was hacked multiple times over a period of several years, and without any human interaction or knowledge the attacks were taking place. And the experience results in a stark warning: “the spyware used against me makes us all vulnerable”.
“It’s like being robbed by a ghost,” explains Hubbard, recounting the experience. “I didn’t even have to click on a link for my phone to be infected.” https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/
Ransomware Attacks Are Evolving. Your Security Strategy Should, Too
Ransomware is an intensifying problem for all organisations, and it’s only going to get worse. What started as a floppy disk-based attack with a $189 ransom demands has grown from a minor inconvenience for organisations into a multi-billion dollar cyber crime industry.
The organisational threat of these types of attacks goes well beyond encryption of sensitive or mission-critical data – for many companies, the thought of a breach and data becoming publicly available on the internet makes a high ransom seem worth it. No wonder ransomware is on the rise: Organisations pay an average of $220,298 and suffer 23 days of downtime following an attack. https://threatpost.com/ransomware-attacks-evolving-security-strategy/175835/
Solarwinds Hackers Are Targeting The Global IT Supply Chain, Microsoft Says
The Russian-linked hacking group that’s been blamed for an attack on the US government and a significant number of private US companies last year is targeting key players in the global technology supply chain, according to cybersecurity experts at Microsoft.
Nobelium, as the hacking group is known, is infamous for the SolarWinds hack.
On Monday, Tom Burt, Microsoft corporate vice president of customer security and trust, said Nobelium has “been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain.”
“This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers” https://www.cnbc.com/2021/10/25/solarwinds-hackers-targeting-global-it-supply-chain-microsoft-says.html
Defenders Worry Orgs Are More Vulnerable Than Last Year
Enterprise security defenders find themselves in a rough spot: The number of threats against their organisations is growing and that they're vulnerable to attacks. Data from Dark Reading's 2021 Strategic Security Survey suggest that even though most IT and security leaders are confident about the security defences they have implemented, they also believe their organisations are more vulnerable to attacks compared with a year ago.
The reasons for this pessimism vary. For 67% of respondents, the biggest concern lies in the fact that there are more attacks this year than there were last year. However, 56% say the increased sophistication of the threats they are facing is why their organisations are more vulnerable to compromise. Other reasons include the surge in ransomware attacks and shortage of skilled security professionals to detect and respond to threats. https://www.darkreading.com/edge-threat-monitor/defenders-worry-orgs-are-more-vulnerable-than-last-year
Threats
Ransomware
These Companies Are Most at Risk for Ransomware Attacks | PCMag
As Fewer Victims Pay Ransoms, Conti Gang Looks To Sell Victim Data | Sc Media (Scmagazine.Com)
Europol Announces “Targeting” Of 12 Suspects In Ransomware Attacks – Naked Security (Sophos.Com)
Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide (thehackernews.com)
SEO Poisoning Used to Distribute Ransomware (darkreading.com)
FBI Warns Of Ranzy Locker Ransomware Threat, As Over 30 Companies Hit (Tripwire.Com)
Ransomware Has Disrupted Almost 1,000 Schools in the US This Year (vice.com)
Chaos Ransomware Targets Gamers Via Fake Minecraft Alt Lists (Bleepingcomputer.Com)
Phishing
Phishing as a Ransomware Precursor - MSP Insights - MSSP Alert
Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam | Threatpost
Other Social Engineering
Malware
Squid Game Malware Might Be The Scariest Thing You See This Halloween | Techradar
TA575 Criminal Group Using 'Squid Game' Lures For Dridex Malware | ZDNet
Snake Malware Biting Hard On 50 Apps For Only $25 (Bleepingcomputer.Com)
New WSlink Malware Loader Runs as a Server and Executes Modules in Memory (thehackernews.com)
Mobile
6 Ways Your Cell Phone Can Be Hacked—Are You Safe? (makeuseof.com)
Millions Of Android Users Targeted In Subscription Fraud Campaign (Bleepingcomputer.Com)
New AbstractEmu Malware Roots Android Devices, Evades Detection (Bleepingcomputer.Com)
IOT
Vulnerabilities
All Windows Versions Impacted By New LPE Zero-Day Vulnerability (Bleepingcomputer.Com)
Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs (thehackernews.com)
Adobe's Surprise Security Bulletin Dominated by Critical Patches | Threatpost
WordPress Plugin Bug Lets Subscribers Wipe Sites | Threatpost
Over 1 Million WordPress Sites Affected by OptinMonster Plugin Flaws - Security Affairs
Cisco SD-WAN Flaw Could Lead To Arbitrary Code Execution, Patch It Now! Security Affairs
Data Breaches/Leaks
Millions Of Healthcare Records Reportedly Exposed In Mega Data Breach | Techradar
Location Data Collection Firm Admits Privacy Breach - BBC News
HIV Scotland Reveals Patient-Advocates' Names In Email Fail • The Register
Organised Crime & Criminal Actors
Dark Web
Supply Chain
The SolarWinds Hackers Are Looking for Their Next Big Score | WIRED
North Korean Lazarus Attackers Turn to the IT Supply Chain | Threatpost
6 Eye-Opening Statistics About Software Supply Chain Security (darkreading.com)
Nation State Actors
Other News
All Sectors Are Now Prey as Cyber Threats Expand Targeting | Threatpost
Microsoft Warns Over Uptick In Password Spraying Attacks | ZDNet
Increased Risk Tolerances Are Making Digital Transformation Programs Vulnerable - Help Net Security
MITRE and CISA Publish The 2021 List of Most Common Hardware Weaknesses - Security Affairs
Enterprises Allocating More IT Dollars on Cybersecurity (darkreading.com)
Threat Actor Leaks Mercedes-Benz Platform’s Source Code | CyberNews
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.