Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Workers Ignore Security Risks To Maximize Productivity

A large proportion of employees often take shortcuts to optimize productivity at work, despite understanding the security risks, new data suggests. According to a survey which polled 8,000 workers worldwide, almost four in five (79%) have engaged in one or more “risky activity” in the past twelve months. In a third of cases (35%), this involved saving passwords to their browser. A similar percentage admitted to using a single password across multiple online accounts, while 23% connected personal devices to corporate networks.

https://www.itproportal.com/news/many-workers-ignore-security-risks-to-maximize-productivity/

Financial Services Accounting For Nearly 40% Of All Phishing URLs

A report was released for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected for June alone. For this 6-month window researchers identified Crédit Agricole as the most impersonated brand, with 17,555 unique phishing URLs, followed by Facebook, with 17,338, and Microsoft, with 12,777.

https://www.helpnetsecurity.com/2021/07/22/financial-services-phishing/

Half Of Organisations Are Ineffective At Countering Phishing And Ransomware Threats

Half of organisations are not effective at countering phishing and ransomware threats. The findings come from a study compiled from interviews with 130 cyber security professionals in mid-sized and large organisations. “Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,”. “Organisations need multi-layered defences in place to mitigate these risks.”

https://www.helpnetsecurity.com/2021/07/19/countering-phishing-and-ransomware/

36% Of Organisations Suffered A Serious Cloud Security Data Leak Or A Breach In The Past Year

As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks—and the costs of addressing them—are increasing. The findings are part of the State of Cloud Security 2021 survey. The survey of 300 cloud pros (including cloud engineers; security engineers; DevOps; architects) found that 36% of organisations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they’re vulnerable to a major data breach related to cloud misconfiguration. 64% say the problem will get worse or remain unchanged over the next year.

https://www.helpnetsecurity.com/2021/07/27/cloud-security-data-leak/

HP Finds 75% Of Threats Were Delivered By Email In First Six Months Of 2021

According to the latest HP Report, email is still the most popular way for malware and other threats to be delivered, with more than 75% of threats being sent through email messages.  The report -- covering the first half of 2021 -- is compiled based on customers who opt to share their threat alerts with the company. HP's researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools can solve CAPTCHA challenges using computer vision techniques.

https://www.zdnet.com/article/hp-finds-75-of-threats-were-delivered-by-email-in-first-six-months-of-2021/

Data Breach Costs Hit Record High Due To Pandemic

Data breaches have always proved costly for victimized organisations. But the coronavirus pandemic made a bad situation even worse. A report released Wednesday looks at how and why the average cost of dealing with a data breach has jumped to a new high. The average cost of a data breach among companies surveyed reached $4.24 million per incident, the highest in 17 years.

https://www.techrepublic.com/article/data-breach-costs-hit-record-high-due-to-pandemic/

Top 30 Critical Security Vulnerabilities Most Exploited By Hackers

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors can swiftly weaponize publicly disclosed flaws to their advantage. The top 30 vulnerabilities span a wide range of software, including remote work, virtual private networks (VPNs), and cloud-based technologies, that cover a broad spectrum of products from Microsoft, VMware, Pulse Secure, Fortinet, Accellion, Citrix, F5 Big IP, Atlassian, and Drupal.

https://thehackernews.com/2021/07/top-30-critical-security.html

Average Time To Fix High Severity Vulnerabilities Grows From 197 Days To 246 Days In 6 Months: Report

A recent report has found that the remediation rate for severe vulnerabilities is on the decline, while the average time to fix is on the rise. The report, which is compiled monthly, covers window of exposure, vulnerability by class and time to fix. The latest report found that the window of exposure for applications has increased over the last six months while the top-5 vulnerability classes by prevalence remain constant, which the researchers behind the report said was a "systematic failure to address these well-known vulnerabilities." According to researchers, the time to fix vulnerabilities has dropped 3 days, from 205 days to 202 days. The average time to fix is 202 days, the report found, representing an increase from 197 days at the beginning of the year. The average time to fix for high vulnerabilities grew from 194 days at the beginning of the year to 246 days at the end of June.

https://www.zdnet.com/article/average-time-to-fix-high-vulnerabilities-grows-from-197-days-to-246-days-in-6-months-report/

Why Remote Working Leaves Us Vulnerable To Cyber Attacks

An industry survey found 56% of senior IT technicians believe their employees have picked up bad cyber security habits while working from home. For Example. A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack - US Independence Day, 4 July. They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers. Many firms were forced into a costly downtime period as a result. Among those targeted during the incident was a well-known software provider, Kaseya. REvil used Kaseya as a conduit to spread its ransomware - a malware that can scramble and steal an organisation's computer data - through other corporate and cloud-based networks that use the software.

https://www.bbc.co.uk/news/business-57847652

Stop Mitigating Cyber Security Threats And Start Preventing Them

The impacts of a successful cyber attack can be devastating. Through multiple forms of extortion, criminals can use stolen data and other business-critical assets, including sensitive financial and customer data to hold companies hostage with just one campaign. The average cost of a phishing attack last year was $832,500, with zero-day attacks costing around $1,238,000. Spending this amount of money to recover from a cyber attack could bring a company to its knees. Today’s cyber attacks present very real existential threats to businesses and C-level executives are beginning to fully realize the gravity of these threats. It is critical that organizations invest in solutions that are going to help stop these attackers before they enter their environments.

https://www.itproportal.com/features/stop-mitigating-cybersecurity-threats-and-start-preventing-them/

Threats

Ransomware

• Babuk Ransomware Decryptor Causes Encryption 'Beyond Repair'

• Ransomware Can Penetrate Quickly, Significantly Damaging An Organisation

• BlackMatter Ransomware Targets Companies With Revenue Of $100 Million And More

• LockBit Ransomware Now Encrypts Windows Domains Using Group Policies

• FBI Tracking More Than 100 Active Ransomware Groups

• The World's Top Ransomware Gangs Have created A cyber Crime "Cartel"

Social Engineering

• Average Organisation Targeted By Over 700 Social Engineering Attacks Each Year: Report

• These Hackers Built An Elaborate Online Profile To Fool Their Targets Into Downloading Malware

• FIN7’s Liquor Lure Compromises Law Firm With Backdoor

Malware

• Cisco Researchers Spotlight Solarmarker Malware

• Hackers Exploit Microsoft Browser Bug To Deploy VBA Malware On Targeted PCs

• Some Windows 11 Installers Infect Your PC With Malware

• Microsoft Warns Of LemonDuck Malware Targeting Windows and Linux Systems

• Discord CDN And API Abuses Drive Wave Of Malware Detections

• Japanese Computers Hit By A Wiper Malware Ahead Of 2021 Tokyo Olympics

Mobile

• New Android Malware Uses VNC To Spy And Steal Passwords From Victims

• UBEL Is The New Oscorp — Android Credential Stealing Malware Active In The Wild

Vulnerabilities

• Microsoft Warns Of Credential Stealing NTLM Relay Attacks Against Windows Domain Controllers

• VPN Servers Seized By Ukrainian Authorities Weren’t Encrypted

• Web Applications Have Become A Security Liability

• Hackers Have Found Yet Another Way To Attack Kubernetes Clusters

• Windows 10 Printer Problems Persist Following Latest Security Update

• Microsoft Rushes Fix For ‘PetitPotam’ Attack PoC

• Apple Releases Urgent 0-Day Bug Patch For Mac, iPhone And iPad Devices

• Researchers Warn Of Unpatched Kaseya Unitrends Backup Vulnerabilities

• New Linux Kernel Bug Lets You Get Root On Most Modern Distros

• Dozens Of Web Apps Vulnerable To DNS Cache Poisoning Via ‘Forgot Password’ Feature

• Nasty MacOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Data Breaches

• Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable In Massive Data Breach

• Gun Owners' Fears After Firearms Dealer Data Breach

Organised Crime & Criminal Actors

• Threat Actor Offers Clubhouse Secret Database Containing 3.8b Phone Numbers

• Number Of Hacking Tools Increasing As Cyber Criminals Become More Organised

Dark Web

• How The Dark Web Enables Access To Corporate Networks

Supply Chain

• Kaseya Denies Paying Ransom For Decryptor, Refuses Comment On NDA

DoS/DDoS

• DSoS Attacks Are Up, With Ever-Greater Network Impact

Nation State Actors

• Chinese Hackers Implant PlugX Variant On Compromised MS Exchange Servers

• APT Group Hits IIS Web Servers With Deserialization Flaws And Memory-Resident Malware

Privacy

• Behind The Mercenary Spyware Industry

Reports Published in the Last Week

• DDoS Attack Trends For 2021 Q2

• Spear Phishing: Top Threats And Trends Volume 6

Other News

• PunkSpider—The Search Engine For Web Exploits—Rises From the Dead

• Biden Warns A ‘Real Shooting War’ Could Come From Cyber Breach

• Hackers Turning To 'Exotic' Programming Languages For Malware Development

• Discord Is Now An Essential Tool For Hackers

• Research Roadblock? Security Pros Weigh In On China’s New Vulnerability Disclosure Law

• For Hackers, Space Is The Final Frontier

• A DNS Outage Just Took Down A Large Chunk Of The Internet

• Ireland Sees Biggest Rise In Cyber Security Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

61 Percent Of Employees Fail Basic Cyber Security Quiz

Nearly 70% of employees polled in a new survey said they recently received cyber security training from their employers, yet 61% nevertheless failed when asked to take a basic quiz on the topic. This was one of the leading findings of a research study that sought to understand the cyber security habits of some 1,200 workers, as well as their knowledge of best practices and ability to recognize security threats.

https://www.scmagazine.com/home/security-news/61-percent-of-employees-fail-basic-cybersecurity-quiz/

More Than 1,900 Distinct Hacking Groups Are Active Today

There are currently more than 1,900 distinct hacking groups that are active today, a number that grew from 1,800 groups recorded at the end of 2019. In its yearly cyber crime report, the company said it discovered 650 new threat actors during 2020, but new evidence also allowed it to remove 500 groups from its threat actor tracker due to overlaps in activity and hacking infrastructure with previously known clusters.

https://therecord.media/fireeye-more-than-1900-distinct-hacking-groups-are-active-today/

Ransomware: The Internet's Biggest Security Crisis Is Getting Worse

Organisations continue to fall victim to ransomware, and yet progress on tackling these attacks, which now constitute one of the biggest security problems on the internet, remains slow. From small companies to councils, government agencies and big business, the number and range of organisations hit by ransomware is rising. One recent example; schools with 36,000 students have been hit, leaving pupils without access to email as attempts were made to get systems back online. That is at least four chains of schools attacked in the last month.

https://www.zdnet.com/article/ransomware-the-internets-biggest-security-crisis-is-getting-worse-we-need-a-way-out/?&web_view=true

Enterprise Security Attackers Are One Password Away From Your Worst Day

If the definition of insanity is doing the same thing over and over and expecting a different outcome, then one might say the cyber security industry is insane.

Criminals continue to innovate with highly sophisticated attack methods, but many security organisations still use the same technological approaches they did 10 years ago. The world has changed, but cyber security hasn’t kept pace.

Distributed systems, with people and data everywhere, mean the perimeter has disappeared. And the hackers couldn’t be more excited. The same technology approaches, like correlation rules, manual processes and reviewing alerts in isolation, do little more than remedy symptoms while hardly addressing the underlying problem.

Credentials are supposed to be the front gates of the castle, but as the SOC is failing to change, it is failing to detect. The cyber security industry must rethink its strategy to analyse how credentials are used and stop breaches before they become bigger problems.

https://techcrunch.com/2021/04/16/enterprise-security-attackers-are-one-password-away-from-your-worst-day/

Microsoft’s April Update Patches 114 Bugs—Half Of Which Allow Remote Code Execution

The fourth Patch Tuesday of 2021 is another big one. Today, Microsoft revealed 114 vulnerabilities fixed in the monthly security, over half of which could potentially be exploited for remote code execution by attackers. Of the 55 remote execution bugs, over half were tied to Windows’ Remote Procedure Call (RPC) interface. Four more were Microsoft Exchange bugs (all urgent fixes) reported to Microsoft by the National Security Agency. In addition, six Chrome vulnerabilities that were previously addressed by Google are included in the roll-up.

https://news.sophos.com/en-us/2021/04/13/microsofts-april-update-patches-114-bugs-more-than-half-of-which-allow-remote-code-execution/

Nation-State Cyber Attacks Targeting Businesses Are On The Rise

Businesses are increasingly coming under fire from nation state-backed hackers as governments around the world engage in attacks to steal secrets or lay the foundations for future attacks. Nation States, Cyberconflict and the Web of Profit, a study by cyber security researchers at HP and criminologists at the University of Surrey, warns that the number of key nation-state attacks has risen significantly over the past three years – and that enterprises and businesses are increasingly being targeted. An analysis of nation-state cyber attacks between 2017 and 2020 reveals that just over a third of organisations targeted were businesses: cyber defence, media, government, and critical infrastructure are all also common targets in these attacks, but enterprise has risen to the top of the list.

https://www.zdnet.com/article/nation-state-cyber-attacks-targeting-businesses-are-on-the-rise/

Cyber Criminals Are Installing Cryptojacking Malware On Unpatched Microsoft Exchange Servers

Cyber criminals are targeting vulnerable Microsoft Exchange servers with cryptocurrency mining malware in a campaign designed to secretly use the processing power of compromised systems to make money. Zero-day vulnerabilities in Microsoft Exchange Server were detailed last month when Microsoft released critical security updates to prevent the exploitation of vulnerable systems. Cyber attackers ranging from nation-state-linked hacking groups to ransomware gangs have rushed to take advantage of unpatched Exchange servers -- but they are not the only ones.

https://www.zdnet.com/article/free-money-cyber-criminals-are-installing-cryptojacking-malware-on-unpatched-microsoft-exchange-servers/

NAME:WRECK DNS Vulnerabilities Affect Over 100 Million Devices

Security researchers have disclosed nine vulnerabilities affecting network communication stacks running on at least 100 million devices. Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them. The vulnerabilities were found in a wide range of products, from high-performance servers and networking equipment to operational technology (OT) systems that monitor and control industrial equipment. According to researchers threat actors could exploit NAME:WRECK vulnerabilities to deal significant damage to government or enterprise servers, healthcare facilities, retailers, or companies in the manufacturing business by stealing sensitive data, modifying or taking equipment offline for sabotage purposes.

https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/

Brits Still Confused By Multi-Factor Authentication

The British public are still woefully underinformed and unaware of the security benefits of multi-factor authentication (MFA). The industry association, founded in 2012 to promote authentication standards and reduce global reliance on passwords, recently polled over 4000 consumers in the UK, France, Germany, and the US. It revealed that half (49%) UK consumers have had their social media accounts compromised or know a friend or family member who has. However, despite a continued number of high-profile account takeovers, 43% said this does not make them enhance security on their accounts, even though they “feel like” they should. Part of the problem seems to be a general lack of understanding about the benefits of MFA in protecting account holders from phishing, as well as credential stuffing and other brute force attack types. Although such features are offered by all social media companies today, over a quarter (26%) of respondents said they were not using or didn’t know about them.

https://www.infosecurity-magazine.com/news/brits-still-confused-by/

623K Payment Cards Stolen From Cyber Crime Forum

The Swarmshop cyber underground “card shop” has been hit by hackers, who lifted the site’s database of stolen payment-card data and leaked it online. That is according to researchers, who said that the database was posted on a rival underground forum. Card shops, are online cyber criminal forums where stolen payment-card data is bought and sold. Researchers said the database in question contains 623,036 payment-card records from card-issuers in Brazil, Canada, China, France, Mexico, Saudi Arabia, Singapore, the U.K., and the U.S.

https://threatpost.com/623m-payment-cards-stolen-from-cybercrime-forum/165336/

Threats

Ransomware

• How The Kremlin Provides A Safe Harbour For Ransomware

• Dutch Supermarkets Run Out Of Cheese After Ransomware Attack

• This Nasty Ransomware Hacks Your VPN To Break Into Your Device

Phishing

• New Invoice Payment Phishing Attack

• Tax Phish Swims Past Google Workspace Email Security

Other Social Engineering

• 7 New Social Engineering Tactics Threat Actors Are Using Now

• Cloud-Native Watering Hole Attack: Simple And Potentially Devastating

Malware

• Hackers Using Website's Contact Forms to Deliver IcedID Malware

Mobile

• Joker Malware Infected 538,000 Huawei Android Devices

Vulnerabilities

• Chrome And Edge Hacked By New Zero-Day Flaw — What To Do

• Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop

• Microsoft Security Update Fixes Zero-Day Vulnerabilities In Windows And Other Software

• Critical Security Alert: If You Haven't Patched This Old Vpn Vulnerability, Assume Your Network Is Compromised

• WhatsApp Addressed Two Security Vulnerabilities In Its App For Android That Could Have Been Exploited To Remotely Hack The Victim’s Device.

• Security Bug Allows Attackers to Brick Kubernetes Clusters

• 84% Of Codebases Contain An Open Source Vulnerability

Data Breaches

• Clubhouse Data Breach: 1.3 Million Users Have Info Leaked Online

• Covid Results Emails May Breach GDPR

Organised Crime & Criminal Actors

• Coronavirus Triggers Epidemic Of Cyber Fraud

Nation State Actors

• Iran Vows Revenge For 'Israeli' Attack On Natanz Nuclear Site

• US Poised To Impose Sanctions On Russia For Cyber-Attacks

• NSA: Top 5 Vulnerabilities Actively Abused By Russian Govt Hackers

Privacy

• 24% Of Workers Spied On By Bosses

Reports Published in the Last Week

• SMB Cyber Security Trust & Confidence Report 2021

• Most Imitated Brands In Phishing Emails In First Quarter Of 2021: Report

Other News

• A Casino Gets Hacked Through a Fish-Tank Thermometer

• SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

• Detecting the "Next" SolarWinds-Style Cyber Attack

• The FBI Is Remotely Hacking Hundreds Of Computers To Protect Them From Hafnium

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Warfare Will Grind Britain’s Economy To A Halt

The UK Integrated Security, Defence, Development and Foreign Policy Review was published this week, reflecting on current concerns and previously announced initiatives. The policy made it clear that emerging networks and technologies, such as electric vehicle charging points, provide an opportunity for adversaries to unbalance, paralyse or even defeat us, and a large scale attack on the UK could grind Britain’s economy to a halt.

https://www.telegraph.co.uk/technology/2021/03/22/cyber-warfare-will-grind-britains-economy-halt/

Almost $2 Billion Lost To BEC Scams In 2020

Losses emanating from Business Email Compromise (BEC) and Email Account Compromise (EAC) scams surpassed US$1.86 billion last year, which is more than the combined losses stemming from the next six costliest types of cyber crime. 19,000 reports of BEC/EAC scams last year, a decrease compared to the almost 24,000 incidents reported in 2019. The associated losses, however, increased by over US$90 million and accounted for 45 percent of the total losses (US$4.2 billion).

https://www.welivesecurity.com/2021/03/23/almost-2billion-lost-bec-scams-2020/

Ransomware Gang Says It Targets Firms Who Have Cyber Insurance

What I found particularly fascinating was a claim made by “Unknown” that the REvil gang specifically targets firms who have taken out insurance against ransomware attacks – presumably in the understandable belief that those corporate victims are more likely to pay up.

https://grahamcluley.com/ransomware-gang-says-it-targets-firms-with-cyber-insurance/

Three Billion Phishing Emails Are Sent Every Day

Cyber criminals are sending over three billion emails a day as part of phishing attacks designed to look like they come from trusted senders. By spoofing the sender identity used in the 'from' field in messages, cyber criminals attempt to lure potential victims into opening emails from names they trust. This could be the name of a trusted brand like a retailer or delivery company, or even, in more sophisticated attacks, the name of their CEO or a colleague.

https://www.zdnet.com/article/three-billion-phishing-emails-are-sent-every-day-but-one-change-could-make-life-much-harder-for-scammers/

Ransomware Gang Demands $50 Million From Computer Maker Acer

Acer has suffered a ransomware attack over the past weekend at the hands of the REvil ransomware gang, which is now demanding a whopping $50 million ransom payment to decrypt the company’s computers and not leak its data on the dark web. The attack has not disrupted production systems but only hit the company’s back-office network. The security breach was not deemed disruptive enough to prevent or delay the computer maker from announcing its Q4 2020 financial results on Wednesday.

https://therecord.media/ransomware-gang-demands-50-million-from-computer-maker-acer/

Office 365 Phishing Attack Targets Financial Execs

A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise (BEC) attacks. These new, sophisticated attacks are aimed at C-suite executives, their assistants, and financial departments, and can work around email security and Office 365 defences.

https://threatpost.com/office-365-phishing-attack-financial-execs/164925/

Microsoft Exchange Hacking: Thousands Of Email Servers Still Compromised – Ransomware Operators Still Piling In On Already Hacked Servers

Thousands of Microsoft Exchange servers are still compromised by hackers even after applying fixes. Owners of email servers that were compromised before Microsoft Corp. issued a patch nearly three weeks ago must take additional measures to remove the hackers from their networks. Microsoft has previously warned that patching will not evict a hacker who has already compromised a server.

https://www.livemint.com/technology/tech-news/microsoft-exchange-hacking-thousands-of-email-servers-still-compromised-11616462322125.html

Average Ransom Payment Surged 171% in 2020

The average ransomware payment soared by 171% year-on-year in 2020 as cyber crime gangs queued up to exploit the pandemic. The security vendor’s Unit 42 division compiled its Ransomware Threat Report 2021 from analysis of over 19,000 network sessions, 252 ransomware leak sites and 337 victim organizations.

https://www.infosecurity-magazine.com/news/average-ransom-payment-surged-171/

Phishers’ Perfect Targets: Employees Getting Back To The Office

Phishers have been exploiting people’s fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start and will continue to do it for as long it affects out private and working lives. Cyber criminals continually exploit public interest in COVID-19 relief, vaccines, and variant news, spoofing the Centers for Disease Control (CDC), U.S. Internal Revenue Service (IRS), U.S. Department of Health and Human Services (HHS), World Health Organization (WHO), and other agencies and businesses.

https://www.helpnetsecurity.com/2021/03/22/phishers-employees/

Nasty Malware Stealing Amazon, Facebook And Google Passwords

A new piece of malware called CopperStealer is lurking in “cracked” software downloads available on pirated-content sites, and the malware can compromise your login info for Amazon, Apple, Facebook and Google, among other services. Notably, CopperStealer runs on the same basic principles as SilentFade, a pernicious piece of malware that ravaged Facebook accounts back in 2019.

https://www.tomsguide.com/news/cracked-software-copperstealer-malware

Threats

Ransomware

• Ransomware Attack Foils IoT Giant Sierra Wireless

• Ransomware Gangs Have Found Another Set Of New Targets: Schools And Universities

• Ransomwared Bank Tells Customers It Lost Their SSNs

Phishing

• 9,000 Employees Targeted In Phishing Attack Against California Agency

• Brazil Leads In Phishing Attacks

• The Human Impact Of A Royal Mail Phishing Scam

• Microsoft Warns Of Phishing Attacks Bypassing Email Gateways

• Office 365 Phishing Attack Targets Financial Execs

Malware

• A Newly-Wormable Windows Botnet Is Ballooning In Size

• Fraudsters Jump On Clubhouse Hype To Push Malicious Android App

• Purple Fox Malware Evolves To Propagate Across Windows Machines

• Nasty malware stealing Amazon, Facebook and Google passwords

IOT

• The US Government Finally Gets Serious About IoT Security

Vulnerabilities

• Critical F5 BIG-IP Flaw Now Under Active Attack

• 5G Network Slicing Vulnerability Leaves Enterprises Exposed To Cyber Attacks

• Hackers Are Exploiting A Server Vulnerability With A Severity Of 9.8 Out Of 10

• WordPress Elementor Vulnerability Affects +7 Million

• Openssl Fixes Severe Dos, Certificate Validation Vulnerabilities

Data Breaches

• FatFace Tells Customers To Keep Its Data Breach ‘Strictly Private’

• Energy giant Shell discloses data breach after Accellion hack

Organised Crime & Criminal Actors

• Russian Pleads Guilty To Conspiracy To Introduce Malware Into Tesla's Computer Network

OT, ICS, IIoT and SCADA

• UK Cyber Security Law Forcing Energy Companies To Report Hacks Has Led To No Reports, Despite Numerous Hacks

Nation State Actors

• The Peculiar Ransomware Piggybacking Off of China’s Big Hack

• Working From Home? Watch for a Chinese Cyber Attack

Privacy

• Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports

Other News

• Oauth Apps Are Being Exploited To Launch Cyberattacks

• API Security Becomes A ‘Top’ Priority For Enterprise Players

• Remote Work Makes Cyber Security A Top Worry For CEOs

• Microsoft Exchange Server attacks: 'They're being hacked faster than we can count', says security company

• Office 365 Cyber Attack Lands Disgruntled IT Contractor in Jail

• Energy Giant Shell Is Latest Victim of Accellion Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Crime Could Cost The World $10.5 Trillion Annually By 2025

In a world that is becoming increasingly reliant on technology, cyber security is an extremely important priority for entrepreneurs and small and medium-sized businesses. And it's become even more essential in the wake of the pandemic. In June 2020, a report revealed that small and medium-sized businesses were at an especially high risk of data breaches and cyber attacks during the pandemic.

https://www.entrepreneur.com/article/364015

119,000 Threats Per Minute Detected In 2020

The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion. Averaging out at 119,000 cyber-threats per minute, the huge figure was included in the company's annual roundup, Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target.

https://www.infosecurity-magazine.com/news/119k-threats-per-minute-detected/

78% Of Top Security Leaders Say Their Organisations Are Unprepared For A Cyber Attack

Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyber attacks. The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cyber security budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in 2020.

https://www.scmagazine.com/home/security-news/network-security/78-percent-of-top-security-leaders-say-their-organizations-are-unprepared-for-a-cyberattack/

UK Faced Millions Of Cyber Attacks Last Year

The UK faced millions of Covid-19-related cyber security threats last year, but generally managed to mitigate attacks effectively. A total of 16.4 million Covid-19-related threats were recorded last year, with four percent (563,571) identified in the UK. The US suffered the highest volume of attacks by a significant margin: more than 6.5 million. Germany was second with 2.3 million, and France rounded out the top three with just over one million attacks.

https://www.itproportal.com/news/uk-faced-millions-of-cyberattacks-last-year/

New Malformed URL Phishing Technique Can Make Attacks Harder To Spot

Warning of a new form of phishing attack that makes malicious messages more likely to get through filters and harder for the average person to detect by sight. By hiding phishing information in the prefixes of URLs, attackers can send what looks like a link to a legitimate website, free of misspellings and all, with a malicious address hidden in the prefix of the link.

https://www.techrepublic.com/article/new-malformed-url-phishing-technique-can-make-attacks-harder-to-spot/

Hackers Share Details Of Canadian Military Spy Plane On Dark Web

Hackers have shared details of a Canadian military spy plane after its manufacturers seemingly refused to pay a cyber ransom. Aerospace firm Bombardier, whose Global 6000 plane is used for Saab’s GlobalEye spy system, says it was the victim of a “limited cyber security breach.” That saw detailed plans of the airborne early warning system developed by the Swedish defence company Saab being dumped on the dark web site CLOP^_-LEAKS.

https://www.independent.co.uk/news/world/americas/hackers-spy-plane-bombardier-saab-b1807037.html

Cisco Points To New Tier Of APT Actors That Behave More Like Cyber Criminals

Cisco Talos suggests that maybe it is time to start thinking of hacker groups as more than either advanced persistent threat or criminal attackers. It is already well established that some APTs operate as criminals. Several international governments, including the United States, have identified North Korean state-sponsored hackers as stealing on behalf of the government, and other groups have been identified by vendors as state-sponsored groups with actors who occasionally freelance as criminals.

https://www.scmagazine.com/home/security-news/apts-cyberespionage/cisco-points-to-new-tier-of-apt-actors-that-behave-more-like-cybercriminals/

These Hackers Sell Network Logins To The Highest Bidder. And Ransomware Gangs Are Buying

A growing class of cyber criminals are playing an important role on underground marketplaces by breaching corporate networks and selling access to the highest bidder to exploit however they please. The buying and selling of stolen login credentials and other forms of remote access to networks has long been a part of the dark web ecosystem, but according to analysis by cyber security researchers, there has been a notable increase in listings by 'Initial Access Brokers' over the course of the past year.

https://www.zdnet.com/article/these-hackers-sell-network-logins-to-the-highest-bidder-and-ransomware-gangs-are-buying/

U.S. Calls North Korean Hackers ‘World’s Leading Bank Robbers’

North Korea was accused of being behind the 2014 hack of an internal computer network of Sony Pictures Entertainment Inc., an audacious attack that exposed Hollywood secrets and destroyed company data.

https://www.bloomberg.com/news/articles/2021-02-17/u-s-charges-3-north-koreans-linked-to-sony-hack-in-new-scheme

Sequoia Capital, One Of Silicon Valley's Most Notable VC Firms, Told Investors It Was Hacked

One of Silicon Valley's oldest and most venerable VC firms was hacked. Sequoia Capital told its investors on Friday that some personal and financial information may have been accessed by a third party after one of its employees fell victim to a successful. Phishing attack, according to a report in Axios Friday. Sequoia told investors that it has not yet seen any indication that compromised information is being traded or otherwise exploited on the dark web, Axios reported.

https://www.businessinsider.com/vc-firm-sequoia-capital-told-investors-it-was-hacked-2021-2?utmSource=twitter&utmContent=referral&utmTerm=topbar&referrer=twitter

Poor Hardware Disposal Practices Posing A Risk To Data Security

Many business leaders are not paying much attention to the way they dispose of old and obsolete hardware, opening their organizations up to possible data breaches. Of the 1,029 people polled for the report, a fifth said their employer disposed of various IT hardware over the last 12 months. However, less than half (40 percent) thought this hardware did not contain confidential data when it was disposed of.

https://www.itproportal.com/news/poor-hardware-disposal-pratice-posing-a-risk-to-data-security/

Threats

Ransomware

• Babuk- Latest new Ransomware

• Underwriters Laboratories (UL) certification giant hit by ransomware

• Ransomware Gang Says It's Selling Data from Cyber attack That California DMV Warned About

Phishing

• 10K Microsoft Email Users Hit in FedEx Phishing Attack

• Malformed URL Prefix Phishing Attacks Spike 6,000%

• NIST hints at upgrades to its system for scoring a phish’s deceptiveness

Malware

• Hackers are using Google Alerts to help spread malware

• New macOS malware discovered, but threat remains unknown

• Masslogger malware employs 'fileless' attack to steal Discord and other passwords

Mobile

• Apple's iOS 14.5 adds new security against nasty hackers

Vulnerabilities

• Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

• Code-execution flaw in VMware has a severity rating of 9.8 out of 10

• Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

• Recently fixed Windows zero-day actively exploited since mid-2020

• Cisco Warns of Critical Auth-Bypass Security Flaw

• Exploitation of Accellion File Transfer Appliance

• Clubhouse Chats Are Breached, Raising Concerns Over Security

Organised Crime

• This chart shows the connections between cyber crime groups

• The bitcoin blockchain is helping keep a botnet from being taken down

• New Hack Lets Attackers Bypass Mastercard Pin by Using Them As Visa Card

Dark Web

• Brave browser’s Tor mode exposed users’ dark web activity

OT, ICS, IIoT and SCADA

• 84% of CNI Orgs Experienced Cyber-Attacks in the Last Year

• Hackers Tied to Russia's GRU Targeted the US Grid for Years, Researchers Warn

• The U.S. Has Released the Most Comprehensive Catalog of North Korean Cyber Crimes Ever Made Public

Nation-State Actors

• Chinese Hackers Reportedly Wielded a Stolen NSA Cyber Weapon for Years

• US considers sanctions against Russia over SolarWinds hack

Denial of Service

• TDoS Attacks Take Aim at Emergency First-Responder Services

Privacy

• TikTok Agrees to Pay $92 Million to Settle Class-Action Lawsuit Alleging Privacy Violations

• ‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security

• Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Reports Published in the Last Week

• 2021 Crowdstrike Global Threat Report

Other News

• Oxford lab studying the coronavirus was victim of a cyberattack

• Top 10 web hacking techniques of 2020

• SonicWall Was Hacked. Was It Also Extorted?

• The Internet Is Splintering

• The Anatomy of the SolarWinds Attack Chain

• Why non-human workers can increase security issues in your business

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

Cyber Criminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and Turkey starting in mid-January. When the Masslogger variant launched its infection chain, it disguised its malicious RAR files as Compiled HTML (CHM) files. This is a new move for Masslogger, and helps the malware sidestep potential defensive programs, which would otherwise block the email attachment based on its RAR file extension, said researchers on Wednesday.

https://threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/

Phishers tricking users via fake LinkedIn Private Shared Document

The phishing message is delivered via LinkedIn’s internal messaging system and looks like it has been sent by one of the victim’s contacts. The message urges the recipient to follow a third-party link to view a document. If they fail to find this suspicious, they’ll be redirected to a convincingly spoofed LinkedIn login page, and if they enter their login credentials, their account will probably soon be sending out phishing messages to their contacts.

https://www.helpnetsecurity.com/2021/02/18/linkedin-private-shared-document/

Solarwinds Attack Hit 100 Companies And Took Months Of Planning’; ‘Largest And Most Sophisticated Attack’ Ever Seen According To Microsoft; Hackers Downloaded Some Azure, Exchange, And Intune Source Code

A hacking campaign that used a tech company as a springboard to compromise a raft of US government agencies has been called “the largest and most sophisticated attack the world has ever seen”, according to Microsoft. Nine US governmental agencies were breached along with 100 different private sector companies , many of which were technology companies, including products that could be used to launch additional intrusions. Microsoft said it has formally completed its investigation into the SolarWinds-related breach and found no evidence that hackers abused its internal systems or official products to pivot and attack end-users and business customers, though it did state that it had discovered that hackers used the access they gained through the SolarWinds Orion app to pivot to Microsoft's internal network, where they accessed the source code of several internal projects.

https://www.zdnet.com/article/solarwinds-attack-hit-100-companies-and-took-months-of-planning-says-white-house/ https://www.independent.co.uk/news/world/americas/solarwinds-us-russia-hacking-b1802299.html https://www.zdnet.com/article/microsoft-says-solarwinds-hackers-downloaded-some-azure-exchange-and-intune-source-code/

Ransomware gangs are running riot – paying them off doesn’t help

In the past five years, ransomware attacks have evolved from rare misfortunes into common and disruptive threats. Hijacking the IT systems of organisations and forcing them to pay a ransom in order to reclaim them, cyber criminals are freely extorting millions of pounds from companies – and they’re enjoying a remarkably low risk of arrest as they do it.

https://theconversation.com/ransomware-gangs-are-running-riot-paying-them-off-doesnt-help-155254

Most security bugs in the wild are years old

Most vulnerabilities exploited in the wild are years old and some could be remedied easily with a readily available patch. This is one of the findings of a new report, which states that two thirds (65 percent) of CVEs found in 2020 were more than three years old, while a third of those (32 percent) were originally identified in 2015 or earlier.

https://www.itproportal.com/news/most-security-bugs-in-the-wild-are-multiple-years-old/

Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day

A hacker claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web. Jones Day has many prominent clients, including former President Donald Trump and major corporations. Jones Day, in a statement, disputed that its network has been breached. The statement said that a file-sharing company that it has used was recently compromised and had information taken. Jones Day said it continues to investigate the breach and will continue to be in discussion with affected clients and appropriate authorities.

https://www.wsj.com/articles/hacker-claims-to-have-stolen-files-belonging-to-prominent-law-firm-jones-day-11613514532?reflink=desktopwebshare_twitter

Former Spy Chief Calls For Military Cyber Attacks On Ransomware Hackers

The state should launch military cyber attacks to shut down ransomware gangs that have extorted millions of pounds from British businesses, a former spy chief has said.

Ciaran Martin, who previously led the UK’s National Cyber Security Centre, said the problem of criminal gangs locking and stealing files has become so serious that Government should now seek to disrupt the operations of prolific criminals.

The plans would mark a major change of tack for the UK authorities, who have long downplayed the idea they could routinely use offensive hacking as well as cyber defence.

https://www.telegraph.co.uk/technology/2021/02/15/former-spy-chief-calls-military-cyber-attacks-ransomware-hackers/

Think your backups will protect you from ransomware? What do you think the malware attacked first?

If you think your backup strategy means you’re protected from the worst that cyber criminals can throw at you, we’ve got some bad news. Ransomware creators know all about backups, too. So, if you are unlucky enough to get a “pay up or else” notice, there’s a very good chance that the attacker in question has already been stealthily working their way through your systems for some time, ensuring your recovery data has already been comprehensively trashed.

https://www.theregister.com/2021/02/17/protect_yourself_from_ransomware_webcast/

100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020

More than 100 financial services firms across multiple countries were targeted in a wave of ransom distributed denial-of-service (DDoS) attacks conducted by the same threat actor in 2020. The attacks moved in methodical fashion across Europe, North America, Latin America, and Asia, hitting dozens of organizations in the financial sector in each region, the Financial Services Information Sharing and Analysis Center (FS-ISAC) disclosed this week. Among those targeted were banks, exchanges, payments companies, card issuers, payroll companies, insurance firms, and money transfer services.

https://www.darkreading.com/attacks-breaches/100+-financial-services-firms-targeted-in-ransom-ddos-attacks-in-2020/d/d-id/1340165

14 million alleged Amazon and eBay account details sold online

An unknown user was offering the data of 14 million Amazon and eBay customers’ accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries. The database was being sold for $800 and the accounts are divided into their respective countries. The leaked data includes the customer’s full name, postal code, delivery address, and shop name, as well 1.6 million phone records.

https://cybernews.com/security/14-million-amazon-and-ebay-accounts-sold-online-in-new-leak/

Threats

Ransomware

• Kia Reportedly Under Ransomware Attack With $20M Demand

• Conti ransomware: Evasive by nature

• Egregor ransomware affiliates arrested by Ukrainian, French police

BEC

• This cyber security threat costs business millions. And it's the one they often forget about

Phishing

• This phishing email promises you a bonus - but actually delivers this Windows trojan malware

• How Hackers use Phishing to Hijack Sites through Hosting Provider

• Hackers abusing the Ngrok platform phishing attacks

Malware

• Windows and Linux servers targeted by new WatchDog botnet for almost two years

• Malware Is Now Targeting Apple’s New M1 Processor

• TrickBot's BazarBackdoor malware is now coded in Nim to evade antivirus

Mobile

• Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam

IOT

Vulnerabilities

• The OpenSSL Project addressed three vulnerabilities

• WordPress plugin exploit puts more than one million sites at risk

• Bug in shared SDK can let attackers join calls undetected across multiple apps

• Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

• Apple patches severe macOS Big Sur data loss bug

• Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches

• Telegram privacy feature failed to delete self-destructing video files

Data Breaches

• Scottish Borders Council apologises for data breach

Organised Crime

• Duo Charged with Multimillion-Dollar Dark Web Drugs Scheme

• Cybercrime Joker Retires With A Reported $2.1 Billion In Bitcoin

Insider Threats

• Yandex Data Breach Exposes 4K+ Email Accounts

Supply Chain

• Supply chain attacks are on the rise: Check your software build pipeline security

OT, ICS, IIoT and SCADA

• The Cyber Risks of Transportation’s Connected OT/IoT Systems

Nation-State Actors

• France Ties Russia's Sandworm to a Multiyear Hacking Spree

• Russian state hackers targeted Centreon servers in years-long campaign

• Feds Indict North Korean Hackers for Years of Heists and Scams

• MPs sign up to Clubhouse app despite Chinese security concerns

Privacy

• More bosses are using software to monitor remote workers. Not everyone is happy about it

• 'Spy pixels in emails have become endemic'

Reports Published in the Last Week

• State Of Malware 2021 Report

Other News

• Attacks targeting IT firms stir concern, controversy

• Record year for UK’s £8.9bn cyber security sector

• Most businesses plan to move away from VPNs, adopt a zero-trust access model

• 20 Common Tools & Techniques Used by macOS Threat Actors & Malware

• The biggest cyber attacks in gaming history

• Discord is fast becoming a favourite tool among cyber criminals

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.