Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 13 October 2023
Black Arrow Cyber Threat Intelligence Briefing 13 October 2023:
-Small Businesses Hit by Frequent Cyber Attacks as 90% of CISOs Faced at least One Attack Last Year
-The Most Effective Cyber Attacks Never Touch Your Organisation's Firewall, HR’s Role in Defending the Organisation
-Ransomware Infection Times Fall from 5 Days to 5 Hours
-80% of Security Leaders See AI as the Biggest Threat to Business
-Is Your Board Cyber-Ready?
-Cyber Security Should Be a Business Priority for CEOs
-The Looming Threat of a Single Phishing Click to Your Business
-40% of Organisations Leave Ransomware to IT
-Auditors Growing Concern About Cyber Security
-The Cyber Villains Are Getting Bolder: Businesses Need to Up Their Game
-Preparing for the Unexpected: A Proactive Approach to Operational Resilience
-Staggering Losses to Social Media and Social Engineering Since 21, as Victims Take $2.7 Billion Hit in US Alone
-Organisations Grapple with Detection and Response Despite Rising Security Budgets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year
A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.
In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.
Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.
Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]
The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation
In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.
Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.
Source: [News Week] [Beta News]
Ransomware Infection Times Fall from 5 Days to 5 Hours
The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.
This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.
The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.
Sources: [Cision] [PC Mag] [Security Magazine]
80% of Security Leaders See AI as the Biggest Threat to Business
A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.
In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.
With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.
Sources: [Diginomica] [Infosecurity Magazine]
Is Your Board Cyber-Ready?
With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.
Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.
Sources: [Harvard.edu] [JDSupra]
Cyber Security Should Be a Business Priority for CEOs
A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.
Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.
Source: [HelpNet Security]
The Looming Threat of a Single Phishing Click to Your Business
A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.
Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CMS-lawnow]
40% of Organisations Leave Ransomware to IT
A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.
By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [MSSP Alert]
Auditors’ Growing Concern About Cyber Security
The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.
Source: [Accounting Today]
Preparing for the Unexpected: A Proactive Approach to Operational Resilience
Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.
Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.
Source: [Dark Reading]
Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone
The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.
It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.
Sources: [Bleeping Computer] [Infosecurity Magazine]
Organisations Grapple with Detection and Response Despite Rising Security Budgets
A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.
The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.
Source: [CSO Online]
Governance, Risk and Compliance
Auditors more worried about cyber security than AI risks | Accounting Today
Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert
Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar
Warning as more businesses fall victim to cyber attacks | Insurance Times
PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News
The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)
90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)
The world was already horrifying — technology is making it more so - The Hustle
Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)
Cyber security should be a business priority for CEOs - Help Net Security
Organisations grapple with detection and response despite rising security budgets | CSO Online
The undeniable benefits of making cyber resiliency the new standard | CSO Online
Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)
Cyber insurance costs pressure business budgets - Help Net Security
C-suite weighs in on generative AI and security (securityintelligence.com)
Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023
New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)
Should businesses follow Google’s footsteps in cyber security? | TechRadar
Cyber security is booming but it comes at a human cost (betanews.com)
A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)
A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)
Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)
Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)
6 steps to getting the board on board with your cyber security program (welivesecurity.com)
Threats
Ransomware, Extortion and Destructive Attacks
First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine
Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert
Cyber criminals can go from click to compromise in less than a day - Help Net Security
Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)
Ransomwared health insurer wasn't using anti-virus software • The Register
Everest searching for corporate insiders amid rare pivot • The Register
HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)
How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)
SEC Investigating Progress Software Over MOVEit Hack - Security Week
Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)
Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)
Ransomware Victims
Cyber attack victim Estes making ‘steady progress’ - FreightWaves
Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews
Ransomwared health insurer wasn't using anti-virus software • The Register
BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)
Phishing & Email Based Attacks
The looming threat of a single phishing click to your business (cms-lawnow.com)
What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog
LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)
Phishing, the campaigns that are affecting Italy (securityaffairs.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News
'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)
Cyber security pros predict rise of malicious AI - Help Net Security
Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)
C-suite weighs in on generative AI and security (securityintelligence.com)
68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)
US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)
Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)
How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)
2FA/MFA
Malware
Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)
Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)
How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)
Endpoint malware attacks decline as campaigns spread wider - Help Net Security
Mobile
Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar
China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert
Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)
Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)
Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)
5 quick tips to strengthen your Android phone security today | ZDNET
Botnets
Denial of Service/DoS/DDOS
HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)
Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert
Internet of Things – IoT
Automotive cyber security: A decade of progress and challenges - Help Net Security
Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD
Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)
Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)
Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week
Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)
Data Breaches/Leaks
3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)
23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)
DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)
Lyca Mobile says customer data was stolen during cyber attack | TechCrunch
Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)
Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews
Air Europa customers urged to cancel cards following hack on payment system (therecord.media)
Dymocks breach happened while changing providers | Information Age | ACS
Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)
Organised Crime & Criminal Actors
The cyber villains are getting bolder. Businesses need to up their game - Raconteur
Protecting your business against the cyber criminal enterprise (techuk.org)
Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)
Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
Insider Risk and Insider Threats
Everest searching for corporate insiders amid rare pivot • The Register
Former US soldier accused of trying to pass secrets to China • The Register
Understanding the human factor of digital safety | TechRadar
Fraud, Scams & Financial Crime
Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media
Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)
FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)
The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)
Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)
‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog
Never click on bank-draining words if message pops up, expert warns (ladbible.com)
Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian
Deepfakes
AML/CFT/Sanctions
Insurance
Cyber insurance costs pressure business budgets - Help Net Security
Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News
Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)
Keeping up with the demands of the cyber insurance market - Help Net Security
Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)
Supply Chain and Third Parties
Software Supply Chain
Why open-source software supply chain attacks have tripled in a year | CSO Online
New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)
Cloud/SaaS
The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)
Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology
Securely Moving Financial Services to the Cloud (darkreading.com)
Identity and Access Management
Encryption
New cryptographic protocol aims to bolster open-source software security | ZDNET
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week
API
Open Source and Linux
New cryptographic protocol aims to bolster open-source software security | ZDNET
Why open-source software supply chain attacks have tripled in a year | CSO Online
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week
Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)
Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)
New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
CISA publishes top 10 most common security misconfigurations • The Register
Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)
Social Media
FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)
LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)
Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)
What should you do if your Facebook is hacked? (pocket-lint.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Work-related stress “keeps cyber professionals up at night” | ITPro
Cyber security is booming but it comes at a human cost (betanews.com)
eBook: Cyber security career hacks for newcomers - Help Net Security
Turning military veterans into cyber security experts - Help Net Security
CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week
Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)
Law Enforcement Action and Take Downs
European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Misc Nation State/Cyber Warfare
Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)
Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)
Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)
Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week
Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)
Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)
The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)
Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)
Russia
Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)
Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)
Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba
Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)
Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)
Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)
China
A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)
Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)
Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)
Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)
China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert
Former US soldier accused of trying to pass secrets to China • The Register
Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)
Iran
Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)
North Korea
Vulnerability Management
Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)
Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert
Vulnerabilities
Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)
Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week
Google Chrome 118 is a massive security update - gHacks Tech News
Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)
Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)
Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)
Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)
WhatsApp exploits commanding multi-million prices (computing.co.uk)
High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)
Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week
Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)
Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica
New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)
D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)
Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)
Apple releases iOS 16.7.1 to plug critical security holes | Macworld
The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)
35 Squid proxy bugs still unpatched after 2 years • The Register
Fortinet Releases Security Updates for Multiple Products | CISA
Tools and Controls
Organisations grapple with detection and response despite rising security budgets | CSO Online
Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)
A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)
Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)
16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)
A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)
Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)
Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)
You can't avoid APIs, so you need to secure them (betanews.com)
What is External Attack Surface Management (EASM)? | UpGuard
Why You Should Phish In Your Own (informationsecuritybuzz.com)
Why zero trust delivers even more resilience than you think - Help Net Security
Unmasking the limitations of yearly penetration tests - Help Net Security
Keeping up with the demands of the cyber insurance market - Help Net Security
Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)
Keep on keeping your organisation informed to stay cyber secure (techuk.org)
Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)
Reports Published in the Last Week
Other News
Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)
Large law firms experiencing two 'cyber incidents' a month - Legal Futures
Small businesses growing target for cyber criminals (planetradio.co.uk)
The world was already horrifying — technology is making it more so - The Hustle
Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)
Subsea cable business seeks to plug its security holes (lightreading.com)
Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)
Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)
Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star
Proactive not reactive: adjusting the approach to cyber crime in education
Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)
As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security
Electric Power System Cyber Security Vulnerabilities (trendmicro.com)
Securing the Food Pipeline from Cyber Attacks (newswise.com)
US construction giant reports cyber security incident • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 September 2023
Black Arrow Cyber Threat Intelligence Briefing 22 September 2023:
-New Ransomware Victims Surge by 47% as Small Businesses Targeted
-MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards
-SMEs Overestimate Their Cyber Security Preparedness
-China’s Hacking Power Bigger Than Rest of World Combined
-Cyber Insurance Claims for Ransomware Reach Record High
-Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives
-Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats
-Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company
-Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them
-Half of Executives Expect Supply Chain Challenges
-How Social Engineering Takes Advantage of Your Kindness
-Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
New Ransomware Victims Surge by 47% as Small Businesses Targeted
Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.
Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.
Source [Infosecurity Magazine]
MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards
The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.
The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens.
Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]
SMEs Overestimate Their Cyber Security Preparedness
According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.
The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Helpnet Security] [Security Magazine]
China’s Hacking Power Bigger Than Rest of World Combined
In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.
This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.
Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]
Cyber Insurance Claims for Ransomware Reach Record High
A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.
The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.
Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]
Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives
Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).
C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.
This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.
Sources: [MSSP Alert] [Tech Radar]
Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats
Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.
One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.
Source: [Synack]
Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company
A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.
The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?
Sources [PC Mag]
Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them
With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.
The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.
Sources: [Computer Weekly] [CSO Online]
Half of Executives Expect Supply Chain Challenges
With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.
One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.
Sources [PRnewswire] [SiliconANGLE]
How Social Engineering Takes Advantage of Your Kindness
Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.
Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.
Source: [Engadget]
Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually
A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.
Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.
Source: [Information Security Buzz]
Governance, Risk and Compliance
Cyber security still remains the greatest concern for many executives | TechRadar
Cyber attacks are constant and test even the best | Newsroom
Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)
SMEs overestimate their cyber security preparedness - Help Net Security
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)
Organisations failing to proactively address insider cyber risk | Computer Weekly
Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)
Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert
Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)
How to Get Your Board on Board With Cyber security (darkreading.com)
Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security
Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)
Balancing budget and system security: Approaches to risk tolerance - Help Net Security
Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)
Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Poor digital experience a blocker for cyber resilience | Computer Weekly
What is Governance, Risk and Compliance (GRC)? | TechTarget Definition
How to prevent and prepare for a cyber catastrophe (securityintelligence.com)
2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)
Why more security doesn’t mean more effective compliance - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com
Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)
‘Top’ ransomware gangs favour smaller businesses | Computer Weekly
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
Ransomware group's evolving tactics pose growing threat - Nextgov/FCW
Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog
Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian
NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)
Scattered Spider, Alphv, and the MGM hack, explained - The Hustle
Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)
What is Extortionware? How is it Different from Ransomware? (techtarget.com)
Ransomware cyber insurance claims rose by 27% | Security Magazine
Cyber insurance claims for ransomware reach record high (betanews.com)
Ransomware gang targeting defence firms, FBI warns - Defence One
Scattered Spider snares 100+ victims, moves into ransomware • The Register
BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)
FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)
Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week
Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)
Ransomware vs. resources: A higher education dilemma - eCampus News
Ransomware Victims
Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters
Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)
Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k
Clorox products in short supply after cyber attack disrupts operations | CNN Business
Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel
UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)
UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)
Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)
Major trucking software provider confirms ransomware incident (therecord.media)
Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)
Phishing & Email Based Attacks
HR phishing: self-evaluation questionnaire | Kaspersky official blog
Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)
How social engineering takes advantage of your kindness (engadget.com)
Artificial Intelligence
Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag
NSA Report: Deepfakes Threaten National Security | MSSP Alert
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)
Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)
Companies still don’t know how to handle generative AI risks - Help Net Security
85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)
McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)
Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)
2FA/MFA
Malware
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)
Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog
macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)
A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar
New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)
Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)
Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)
P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)
‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Mobile
Dangerous permissions detected in top Android health apps (securityaffairs.com)
Android security updates: Everything you need to know | Android Central
Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)
APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)
Botnets
Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)
P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)
No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)
Data Breaches/Leaks
Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)
Police data breach: 20,000 data points 'at risk' (computing.co.uk)
CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)
Pizza Hut Australia hack: data breach exposes customer information and order details | Australia
Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)
T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK
TransUnion says dump of customer data came from third party • The Register
US govt IT worker accused of leaking top secrets • The Register
Organised Crime & Criminal Actors
Europol lifts the lid on cyber crime tactics (malwarebytes.com)
One of the FBI’s most wanted hackers is trolling the US government | TechCrunch
India's biggest tech centres named as cyber crime hotspots • The Register
Scattered Spider snares 100+ victims, moves into ransomware • The Register
Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)
Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News
How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto
Insider Risk and Insider Threats
Organisations failing to proactively address insider cyber risk | Computer Weekly
HR’s role in cyber security and insider threat mitigation - Hindustan Times
Fraud, Scams & Financial Crime
Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News
How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto
Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)
Court sentences pair for India-based robocall scam • The Register
Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK
Singapore to detail fraud liability split for bank & victim • The Register
Deepfakes
Insurance
Cyber insurance claims for ransomware reach record high (betanews.com)
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
Ransomware cyber insurance claims rose by 27% | Security Magazine
Dark Web
Supply Chain and Third Parties
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)
Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)
Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)
How cyber attacks on Taiwan are hurting global business - Raconteur
Software Supply Chain
Cloud/SaaS
Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)
IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World
Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)
Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)
Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
EU's quest to fix the internet could become a privacy nightmare | TechRadar
UK Minister Warns Meta Over End-to-End Encryption - Security Week
Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)
Open Source
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica
New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)
Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)
Social Media
TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)
APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)
Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)
UK Minister Warns Meta Over End-to-End Encryption - Security Week
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK Minister Warns Meta Over End-to-End Encryption - Security Week
EU's quest to fix the internet could become a privacy nightmare | TechRadar
TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)
California Settles With Google Over Location Privacy Practices for $93 Million - Security Week
Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Models, Frameworks and Standards
How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)
How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)
Data Protection
Careers, Working in Cyber and Information Security
Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
IT pros told to accept burnout as normal part of their job - Help Net Security
Wanted: another 3mn cyber professionals | Financial Times (ft.com)
Law Enforcement Action and Take Downs
How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)
Court sentences pair for India-based robocall scam • The Register
Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)
Privacy, Surveillance and Mass Monitoring
California Settles With Google Over Location Privacy Practices for $93 Million - Security Week
TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent
EU's quest to fix the internet could become a privacy nightmare | TechRadar
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)
International Criminal Court hacked amid Russia probe • The Register
Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
One of the FBI’s most wanted hackers is trolling the US government | TechCrunch
Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)
Russian allegedly smuggled US weapons electronics to Moscow • The Register
China
China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)
FBI chief says China has bigger hacking program than the competition combined | Reuters
EU warns China on Ukraine disinformation and cyber attacks – POLITICO
Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED
Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica
Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar
Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)
Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)
How cyber attacks on Taiwan are hurting global business - Raconteur
DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)
Iran
Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)
Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)
North Korea
Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)
How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)
Misc Nation State/Cyber Warfare
Vulnerability Management
KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned | CISA
Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)
How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)
Vulnerabilities
Fortinet Releases Security Updates for Multiple Products | CISA
Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security
iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac
If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar
GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)
Microsoft releases firmware update for all Surface devices | TechSpot
Tools and Controls
Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)
Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)
Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)
Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)
Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security
Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)
Shadow IT: Security policies may be a problem - Help Net Security
Balancing budget and system security: Approaches to risk tolerance - Help Net Security
How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)
How Choosing Authentication Is a Business-Critical Decision (darkreading.com)
Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Reports Published in the Last Week
Other News
Why automakers are worried your car is the next target for cyber attacks - CityAM
Consumers are being bombarded with billions of threats every year | TechRadar
Bad torts: Law firms feel the heat from rising cyber threats (synack.com)
SME Cyber Security – Time for a New Approach? - IT Security Guru
Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)
Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online
Home Office sets up cyber security for Emergency Services Network | UKAuthority
Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)
Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)
Cyber on the battlefield is about more than IT - Nextgov/FCW
Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week
Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week
Singapore's retail banks take steps to enhance cyber security (finextra.com)
Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)
Strong compliance management is crucial for fintech-bank partnerships - Help Net Security
Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)
Dairy industry teams with cyber security group to beef up defences | Food Dive
Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)
GCHQ chief takes job in private security company | The Independent
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 07 July 2023
Black Arrow Cyber Threat Briefing 07 July 2023:
-Cyber Attacks Against Mobile Devices Growing Fast
-One Third of Security Breaches Go Unnoticed by Security Professionals
-Cyber Security Experts Have Become Targets for Board Seats
-Phishing Attack Prevention as Email Attacks Surge Over 450%
-Outsmarting Business Email Compromise Scammers
-Small Organisations Face Security Threats on a Limited Budget
-Cloud Security: Sometimes the Risks May Outweigh the Rewards
-Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks
-75% of Consumers Prepared to Ditch Brands Hit by Ransomware
-Scammers Using AI Voice Technology to Commit Crimes
-What are the Causes of Data Loss and What it the Impact on Your Organisation?
-Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Against Mobile Devices Growing Fast
A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year. The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.
It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.
https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users
One Third of Security Breaches Go Unnoticed by Security Professionals
While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.
The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.
https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/
Cyber Security Experts Have Become Targets for Board Seats
The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.
The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.
CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.
https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html
Phishing Attack Prevention as Email Attacks Surge Over 450%
A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.
In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.
https://cybersecuritynews.com/phishing-attack-prevention-checklist/
Outsmarting Business Email Compromise (BEC) Scammers
Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.
There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.
https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers
Small Organisations Face Security Threats on a Limited Budget
Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.
The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.
https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/
Cloud Security: Sometimes the Risks May Outweigh the Rewards
Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.
Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.
https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/
https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/
Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks
A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.
From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.
https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks
75% of Consumers Prepared to Ditch Brands Hit by Ransomware
As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.
While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.
https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/
Scammers Using AI Voice Technology to Commit Crimes
The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.
The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.
https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/
What are the Causes of Data Loss and What it the Impact on Your Organisation?
In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.
It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.
https://securityaffairs.com/148086/security/impacts-of-data-loss.html
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.
One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.
Governance, Risk and Compliance
Cyber Security experts have become targets for board seats (cnbc.com)
The Impacts of Data Loss on Your Organisation -Security Affairs
One third of security breaches go unnoticed by security professionals - Help Net Security
Small organisations face security threats on a limited budget - Help Net Security
How to cultivate a culture of continuous cyber Security improvement - Help Net Security
CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (darkreading.com)
Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)
Cyber Security's Future Hinges on Stronger Public-Private Partnerships (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of consumers prepared to ditch brands hit by ransomware - Help Net Security
More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)
Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks (darkreading.com)
Encryption-less ransomware: Warning issued over emerging attack method for threat actors | ITPro
Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)
8Base ransomware group leaks data of 67 victim organisations - Help Net Security
Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)
Seven ways to prepare for double extortion ransomware | SC Media (scmagazine.com)
The rise in cyber extortion attacks and its impact on business security - Help Net Security
University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online
Ransomware Criminals Are Dumping Kids' Private Files Online After School Hacks - SecurityWeek
Ransomware accounts for 54% of cyber threats in the health sector- Security Affairs
Avast released a free decryptor for Windows version of Akira ransomware- Security Affairs
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
How ransomware impacts the healthcare industry - Help Net Security
June saw flurry of ransomware attacks on education sector | TechTarget
Decryption tool for Akira ransomware available for free | Tripwire
Japanese Port of Nagoya Resumes Operations After 2-Day Russian Ransomware Attack - MSSP Alert
Ransomware Victims
Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data - SecurityWeek
Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)
Japan’s largest port stops operations after ransomware attack (bleepingcomputer.com)
Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)
8Base ransomware group leaks data of 67 victim organisations - Help Net Security
Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
MOVEit Hacks Ensnare US Department of Health and Human Services - Bloomberg
UCLA among victims of worldwide cyber attack – NBC Los Angeles
BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg
Chipmaker TSMC says supplier targeted in cyber Attack | Reuters
MOVEit hack impacts US financial services provider for academics | SC Media (scmagazine.com)
Phishing & Email Based Attacks
Email Cyber Attacks Spiked Nearly 500% in First Half of 2023, Acronis Reports - MSSP Alert
Phishing Attack Prevention Checklist - A Detailed Guide (cybersecuritynews.com)
African Nations Face Escalating Phishing & Compromised Password Cyber Attacks (darkreading.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Quishing on the rise: How to prevent QR code phishing | TechTarget
Why cyberpsychology is such an important part of effective cyber Security | CSO Online
Artificial Intelligence
Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register
Cyber Criminals can break voice authentication with 99% success rate - Help Net Security
Dutch counterterrorism agency says Generative AI is posing new cyber threats | NL Times
AI-generated attack vectors cyber Security should watch for (fastcompany.com)
OpenAI Pauses ChatGPT's 'Browse With Bing' as Users Bypass Paywalls (gizmodo.com)
Promoting responsible AI: Balancing innovation and regulation - Help Net Security
GPT-4 is great at infuriating telemarketing scammers • The Register
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)
Malware
Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)
Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)
CISA: Truebot malware infecting networks in US, Canada | TechTarget
Mockingjay - A New Injection Technique to Bypass EDR (cybersecuritynews.com)
Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)
Mobile
Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek
Mobile Cyber Attacks Soar, Especially Against Android Users (darkreading.com)
Android users at risk as banking trojan targets more apps | Fox News
Cyber Attacks Against Mobile Devices Growing Fast - MSSP Alert
We can’t trust the Government to protect your privacy, says boss of Signal (telegraph.co.uk)
Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)
Botnets
Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)
Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)
Denial of Service/DoS/DDOS
CISA issues DDoS warning after attacks hit multiple US orgs (bleepingcomputer.com)
Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)
Data Breaches/Leaks
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
Microsoft denies data breach, theft of 30 million customer accounts (bleepingcomputer.com)
Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En
The Impacts of Data Loss on Your Organisation- Security Affairs
Nickelodeon investigates breach after leak of 'decades old’ data (bleepingcomputer.com)
OpenAI lawsuit reignites privacy debate over data scraping | CyberScoop
28,000 Impacted by Data Breach at Pepsi Bottling Ventures - SecurityWeek
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Meduza Stealer targets tens of crypto wallers and pwd managers- Security Affairs
$7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Google Searches for 'USPS Package Tracking' Leads to Banking Theft (darkreading.com)
Support from British businesses crucial in removing over... - NCSC.GOV.UK
GPT-4 is great at infuriating telemarketing scammers • The Register
Ex-Amazon manager who stole $9m+ gets 16 years in prison • The Register
$7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)
Deepfakes
Scammers using AI voice technology to commit crimes - Help Net Security
Cyber Criminals can break voice authentication with 99% success rate - Help Net Security
AML/CFT/Sanctions
Insurance
University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online
Find A Cyber Insurance Policy That Fits Your Small Business Budget (forbes.com)
Cyber insurance rates drop 10% in June, report says | Reuters
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)
How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)
Dark Web
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)
Deep Web vs Dark Web: What’s the Difference? - Keeper (keepersecurity.com)
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)
Japan rebukes Fujitsu for cloud security fails • The Register
IT leaders believe hybrid cloud solutions are the future of IT - Help Net Security
Microsoft investigates Outlook.com bug breaking email search (bleepingcomputer.com)
11 best practices for securing data in the cloud | Microsoft Security Blog
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)
Attack Surface Management
Encryption
Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)
Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
High school changes every student’s password to ‘Ch@ngeme!’ | TechCrunch
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets (thehackernews.com)
Social Media
Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)
EU Court Deals Blow to Meta in German Data Case - SecurityWeek
Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek
EU Court Deals Blow to Meta in German Data Case - SecurityWeek
Promoting responsible AI: Balancing innovation and regulation - Help Net Security
European companies slam the EU’s incoming AI regulations in open letter - The Verge
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Crack the Code: How to Secure Your Dream Cyber Security Career - IT Security Guru
3 Ways to Build a More Skilled Cyber Security Workforce (darkreading.com)
Make Diversity the 'How,' Not the 'What,' of Cyber Security Success (darkreading.com)
CISO Speaks: Resilience and Avoiding Burnout - IT Security Guru
Top 5 Free Online Cyber Security Courses in 2023 (analyticsinsight.net)
ISACA joins ECSO to strengthen cyber Security and digital skills in Europe - Help Net Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
Satellite system used by Russian military is hacked - The Washington Post
Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)
Russian railway site allegedly taken down by Ukrainian hackers (therecord.media)
China
US authorities warn on China’s new counter-espionage la' • The Register
Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research
Chinese threat actor attacks diplomats across Europe • The Register
Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)
Iran
Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools (darkreading.com)
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)
North Korea
Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs
North Korean satellite had no military utility for spying • The Register
Misc/Other/Unknown
Vulnerability Management
Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)
Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)
Vulnerabilities
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug (bleepingcomputer.com)
Microsoft puts out Outlook fire, downplays Teams flaw • The Register
WordPress plugin lets users become admins – Patch early, patch often! – Naked Security (sophos.com)
Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)
Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities - SecurityWeek
Microsoft fixes bug behind Windows LSA protection warnings, again (bleepingcomputer.com)
Cisco warns of bug that lets attackers break traffic encryption (bleepingcomputer.com)
StackRot Linux Kernel Bug Has Exploit Code on the Way (darkreading.com)
Tools and Controls
Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)
Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online
VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek
Small organisations face security threats on a limited budget - Help Net Security
11 best practices for securing data in the cloud | Microsoft Security Blog
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)
How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)
Reports Published in the Last Week
Other News
Foreign spies hacked government 20 years ago (thetimes.co.uk)
GCHQ Reveals Details of State-Backed Breach - Infosecurity Magazine (infosecurity-magazine.com)
Police investigate stolen exam papers after cyber attack (schoolsweek.co.uk)
VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek
Why Schools are Low-Hanging Fruit for Cyber Criminals - IT Security Guru
Hacks targeting British exam boards raise fears of students cheating (therecord.media)
Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En
Is your browser betraying you? Emerging threats in 2023 - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 May 2023
Black Arrow Cyber Threat Briefing 19 May 2023:
-Triple Threat: Insecure Economy, Cyber Crime Recruitment and Insider Threats
-Insured Companies More Likely to be Ransomware Victims, Sometimes More Than Once
-Ensuring Security Remains/Becomes Everyone’s Responsibility
-Software Supply Chain Attacks Hit 61% of Firms
-More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees
-Law Enforcement Crackdowns and New Techniques are Forcing Cyber Criminals to Pivot
-Talking Security Strategy: Why Cyber Security Requires a Seat at the Boardroom Table
-How Incident Response Rehearsals and Readiness Exercises Can Aid Incident Response
-Ransomware’s Real Goals are to Exploit Internet Facing Apps, Mine Intellectual Property and Grab Sensitive Information
-Organisations’ Cyber Resilience Efforts Fail to Keep Up with Evolving Threats
-Fraudsters Send Fake Invoice, Follow Up with Fake Executive Confirmation
-Capita Warns Customers They Should Assume Data was Stolen
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Triple Threat: Insecure Economy, Cyber Crime Recruitment and Insider Threats
Across all sectors employees are feeling the ramifications of economic uncertainty, coupled with ransomware attacks continuing to evolve and become more sophisticated, and with this, cyber crime gangs are increasing their recruitment efforts. All the while, the cyber security skills gap persists and continues to widen for most organisations. This has the potential to create a perfect storm in terms of insider threats.
Insider threats can be malicious or unintentional, and they might come from current or former employees, business partners, board members or consultants. A recent report found that the past two years have seen a 44% rise in insider incidents. There is no quick fix to solve the insider threat problem. At a time when many businesses are struggling with visibility issues brought on by digital transformation and vendor sprawl, what’s needed is planning. Reducing the risk associated with insider threats requires a multifaceted approach.
Ensuring Security Remains/Becomes Everyone’s Responsibility
In the same way as organisations believe that everyone is somewhat responsible for keeping costs reasonable, why would an organisation not think the same of cyber security, especially as cyber security is not just a technology problem: it is a business problem. One of the best methods for ensuring that security is everyone’s responsibility is to make cyber a top-down issue, with the board and C-suite setting the tone for security; they should provide clear direction and guidance, prioritising security as a business objective.
Other methods that can help ensure security as everyone’s responsibility include integrating it into the functions of roles, creating a security culture, providing awareness and training and rewarding employees for responses such as reporting phishing attacks.
https://cisoseries.com/20-ways-to-ensure-security-remains-becomes-everyones-responsibility/
Insured Companies More Likely to be Ransomware Victims, Sometimes More Than Once
Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers.
According to the survey by Barracuda Networks, 77% of organisations with cyber insurance were hit at least once, compared to 65% without insurance. Of those with insurance, 39% paid the ransom. Worryingly, the survey found that insured companies were also 70% more likely to be hit multiple times. Repeat victims were also more likely to pay the ransom, and less likely to use backup systems to help them recover.
Software Supply Chain Attacks Hit 61% of Firms
More than three-fifths (61%) of businesses have been directly impacted by a software supply chain threat over the past year, according to a new report. The report pointed to open source software as a key source of supply chain risk. Open source is now used by 94% of companies in some form, with over half (57%) using multiple open source platforms, the report revealed.
Organisations may be putting themselves at further risk by not having a full view of the software which is used within their corporate environment. One of the first things an organisation seeking to reduce their risk of a software supply chain attack should do is to understand their attack surface and maintain a record of the software which they use.
https://www.infosecurity-magazine.com/news/software-supply-chain-attacks-hit/
More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees
In a newly released 2023 Fortune 1000 Identity Exposure Report, an analysis of the dark net exposure of employees across 21 industries, including technology, financial, retailing and media, researchers analysed 2.27 billion exposed dark web assets. These assets included more than 423 million records containing personally identifiable information (PII) found in data breaches and exfiltrated from malware-infected devices tied directly to Fortune 1000 employees’ email addresses.
Additional findings include 27.48 million pairs of credentials with Fortune 1000 corporate email addresses and plain text passwords, and a 62% re-use rate of passwords amongst Fortune 1000 employees. Whilst the research focuses on Fortune 1000 employees, it is unlikely that these are the only employees who are exposed on the dark web. Organisations should be aware of how such PII could include their own employees, and how to avoid password re-use in the corporate environment.
Law Enforcement Crackdowns and New Techniques are Forcing Cyber Criminals to Pivot
Researchers say that law enforcement crackdowns and new investigative tools are putting pressure on cyber criminals, but challenges for defenders remain. It can seem like cyber criminals are running rampant across the world's digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among other operations to crack down on internet-enabled crimes. With such pressure, financially motivated threat actors are pivoting to crimes that have a higher rate of success, such as selling data instead of extorting, and romance scams and pig butchering (building rapport and trust with victims over time only to steal from them) are replacing the old get-rich schemes.
Talking Security Strategy: Why Cyber Security Requires a Seat at the Boardroom Table
Cyber security is no longer a fringe issue for businesses. What was once a siloed function is now woven into the fabric of any successful business. Any business still treating its cyber security initiatives as a side project is setting itself up to fail. The US Securities and Exchange Commission (SEC) has laid to rest any doubts about the importance of cyber security with new regulations around how boards of directors should approach it. The regulations, which are in the process of being finalised, will require companies to openly report any serious cyber security attack and explain who on their board is responsible for dealing with it. The regulations also will require businesses to include board of directors' cyber security experience and credentials as part of any public disclosure.
How Incident Response Rehearsals and Readiness Exercises Can Aid Incident Response
Incident response rehearsals and readiness exercises can aid organisations by identifying security gaps, testing communications in the event of a cyber attack, and understanding roles in reducing response times. All of which benefits the business objectives of the organisation.
The importance for organisations to understand who their adversaries are and how they operate against their enterprise environments cannot be overstated. An organisation's approach to cyber security testing and resilience improvements in the face of an increasingly volatile threat landscape must be underpinned around this perspective.
Rehearsals should look to leverage scenarios based on evolving and emerging attacker techniques, tactics and procedures (TTPs), with different levels of complexity; this allows an organisation to constantly sharpen their technique and update rehearsals to reflect the current attack environment. These TTPs should be driven by an intelligence-led and risk-based approach. Additionally, organisations need to set metrics for understanding the results of rehearsals, which in turn should be used in established feedback channels to drive improvement in the organisation’s incident response.
https://www.darkreading.com/edge-articles/5-ways-security-testing-can-aid-incident-response
Ransomware’s Real Goals are to Exploit Internet Facing Apps, Mine Intellectual Property and Grab Sensitive Information
The majority of ransomware attacks in 2022 were intended to unearth personal data, mine intellectual property and grab other sensitive information rather than financial extortion or data encryption, Kaspersky said in a new report.
Most attacks started off as exploiting public facing applications (43%), data from compromised user accounts (24%) and malicious emails (12%). The goal was to snatch information the cyber crews could leverage into bigger and more lucrative scores. The report also revealed that the longest-running ransomware attacks began with the exploitation of public-facing applications, with just over 2% of them lasting for a year and more.
Organisations’ Cyber Resilience Efforts Fail to Keep Up with Evolving Threats
A steady increase in cyber attacks and an evolving threat landscape are resulting in more organisations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber capabilities, according to Immersive Labs. The report found that while 86% of organisations have a cyber resilience program, 52% of respondents say their organisation lacks a comprehensive approach to assessing cyber resilience.
Organisations have taken steps to deploy cyber resilience programs; however, 53% of respondents indicate the organisation’s workforce is not well-prepared for the next cyber attack and just over half say they lack a comprehensive approach to assessing cyber resilience. These statistics indicate that although cyber resilience is a priority and programs are in place, their current structure and training are ineffective.
https://www.helpnetsecurity.com/2023/05/18/cyber-resilience-programs-shortcomings/
Fraudsters Send Fake Invoice, Follow Up with Fake Executive Confirmation
Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. The fraud attempt begins with an email containing a payment request for a fake invoice. The recipient, an employee in a company’s finance department, reads the email and checks who sent it. The sender’s email address looks like it belongs to one of the company’s trusted vendors, and the VP of Finance has been CC-ed. Soon after, the “VP of Finance” replies to the email thread, and asks the employee (by name) to pay this at the earliest convenience.
Most organisations view social engineering methods as a one step process; however, threat actors are employing multiple layers. In this case, adding management to increase authenticity. Businesses looking to bolster their resilience should look to ensure that these kinds of attacks are addressed in their organisation’s user education and awareness training.
https://www.helpnetsecurity.com/2023/05/16/payment-request-fraud/
Capita Warns Customers They Should Assume Data was Stolen
Outsourcing giant Capita is warning customers to assume that their data was stolen in a cyber attack that affected its systems in early April. This includes the Universities Superannuation Scheme (USS), the largest private pension scheme in the UK, which holds pensions of over 500,000 individuals. A total of 350 UK corporate retirement schemes are believed to be impacted. The cyber attack, originally described to be a technical problem, has been reported to the UK’s Information Commissioner’s Office.
Governance, Risk and Compliance
Cyber security Often Overlooked as Key Factor for Business Success, New Study Says - MSSP Alert
Cyber Risk Management in 2023: The People Element (trendmicro.com)
Is Your Cyber security “Too” Good? (securityintelligence.com)
Cyber risk: Can banks win the arms race? | Financial Times (ft.com)
Security breaches push digital trust to the fore | CSO Online
5 Ways Security Testing Can Aid Incident Response (darkreading.com)
Organisations reporting cyber resilience are hardly resilient: Study | CSO Online
Organisations' cyber resilience efforts fail to keep up with evolving threats - Help Net Security
Keeping a competitive edge in the cyber security ‘game’ | CyberScoop
UK NCSC, ICO debunk 6 cyber attack reporting myths | CSO Online
An Executive's Guide To The Cyber crime Underground (forbes.com)
Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online
20 Ways to Ensure Security Remains/Becomes Everyone’s Responsibility (cisoseries.com)
Talking Security Strategy: Cyber security Has a Seat at the Boardroom Table (darkreading.com)
Triple Threat: Insecure Economy, Cyber crime Recruitment and Insider Threats - SecurityWeek
Threats
Ransomware, Extortion and Destructive Attacks
Insured companies more likely to be ransomware victims, sometimes more than once | CSO Online
Ransomware payments nearly double in one year | Cyber crime | The Guardian
The Week in Ransomware - May 12th 2023 - New Gangs Emerge (bleepingcomputer.com)
New trends in ransomware attacks shape the future of cyber security - Help Net Security
ABB 'suffers cyber attack' by ransomware gang Black Basta (techmonitor.ai)
Why Amazon S3 is a ransomware target and how to protect it | TechTarget
Experts question San Bernardino's $1.1M ransom payment | TechTarget
Ransomware corrupts data, making restoration harder • The Register
CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)
VPN vulnerability linked to ransomware attack on Law Society: PDPC - CNA (channelnewsasia.com)
Philadelphia Inquirer operations disrupted after cyber attack (bleepingcomputer.com)
Ransomware gang steals data of 5.8 million PharMerica patients (bleepingcomputer.com)
New RA Group ransomware targets US orgs in double-extortion attacks (bleepingcomputer.com)
Ransomware Prevention – Are Meeting Password Security Requirements Enough (bleepingcomputer.com)
Qilin Ransomware Operation Outfits Affiliates With Sleek, Turnkey Cyber attacks (darkreading.com)
Ransomware-as-a-service groups pay affiliates top dollar • The Register
Russian ransomware affiliate charged with attacks on critical infrastructure (bleepingcomputer.com)
This new ransomware group is targeting big businesses - here's what you need to know | TechRadar
Warning Issued About BianLian Ransomware Attacks By CISA & FBI (informationsecuritybuzz.com)
FBI confirms BianLian ransomware switch to extortion only attacks (bleepingcomputer.com)
'Strictly limit' remote desktop to avoid BianLian ransomware • The Register
MalasLocker ransomware targets Zimbra servers, demands charity donation (bleepingcomputer.com)
Russian national indicted for ransomware attacks against the US | CSO Online
A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop
Phishing & Email Based Attacks
What the Email Security Landscape Looks Like in 2023-Security Affairs
Ongoing Facebook phishing campaign without a sender and (almost) without links
Google's .zip Top Level domain is already used in phishing attacks - gHacks Tech News
New ZIP domains spark debate among cyber security experts (bleepingcomputer.com)
Exploring the tactics of phishing and scam websites in 2023 - Help Net Security
Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
Fraudsters send fake invoice, follow up with fake exec confirmation - Help Net Security
Insider threats surge across US CNI as attackers exploit human factors | CSO Online
Microsoft Teams Features Amp Up Orgs' Cyber attack Exposure (darkreading.com)
Researchers show ways to abuse Microsoft Teams accounts for lateral movement | CSO Online
Artificial Intelligence
New Google search tool will distinguish real images from AI-generated phonies | ZDNET
AI-Powered Tools Threaten Password Strength, New Study Finds - MSSP Alert
AI Is About to Be Everywhere: Where Will Regulators Be? (darkreading.com)
Generative AI Empowers Users but Challenges Security (darkreading.com)
Security Vulnerabilities of ChatGPT-Generated Code (trendmicro.com)
3 Ways Hackers Use ChatGPT to Cause Security Headaches (darkreading.com)
ChatGPT is about to revolutionize cyber security | VentureBeat
Mitigating Dark Web Risks: The Role Of AI And Machine Learning (forbes.com)
2FA/MFA
Malware
Microsoft is scanning the inside of password-protected zip files for malware | Ars Technica
XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (thehackernews.com)
Atomic malware steals Mac passwords, crypto wallets, and more • Graham Cluley
CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)
No more macros? No problem, say attackers, we'll adapt • The Register
The new info-stealing malware operations to watch out for (bleepingcomputer.com)
DangerousPassword - A Malware Attack Pattern to Infect Devices (gbhackers.com)
Stealthy MerDoor malware uncovered after five years of attacks (bleepingcomputer.com)
Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems (thehackernews.com)
New ZIP domains spark debate among cyber security experts (bleepingcomputer.com)
Infamous cyber crime marketplace offers pre-order service for stolen credentials - Help Net Security
Once Again, Malware Discovered Hidden in npm (darkreading.com)
Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)
Mobile
Parental control app with 5 million downloads vulnerable to attacks (bleepingcomputer.com)
Apple blocked 1.7 million apps for privacy, security issues in 2022 (bleepingcomputer.com)
Converso walks back E2EE claims, yanks app from stores • The Register
OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users (thehackernews.com)
Google Announces New Rating System for Android and Device Vulnerability Reports - SecurityWeek
Millions of Smartphones Distributed Worldwide With Preinstalled 'Guerrilla' Malware - SecurityWeek
Botnets
Latest variant of RapperBot botnet adds cryptojacking capabilities-Security Affairs
Spanish cops arrest 69 in immigration bot scheme • The Register
Denial of Service/DoS/DDOS
Internet of Things – IoT
Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance (thehackernews.com)
Why 2.4GHz Wi-Fi is both the savior and the scourge of the smart home - The Verge
Hackers infect TP-Link router firmware to attack EU entities (bleepingcomputer.com)
Chinese Hackers Mustang Panda Attacks TP-Link Routers (informationsecuritybuzz.com)
Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyber attacks (darkreading.com)
Is your car safe from a cyber attack? | E&T Magazine (theiet.org)
Data Breaches/Leaks
UK's largest private pension scheme hit by Capita attack • The Register
Capita warns customers they should assume data was stolen (bleepingcomputer.com)
More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees - MSSP Alert
MP’s laptop stolen from Welcome Break spot 'not covered by CCTV' | UK News | Metro News
Discord discloses data breach after support agent got hacked (bleepingcomputer.com)
Data of 237,000 US government employees breached - CNA (channelnewsasia.com)
Toyota: Car location data of 2 million customers exposed for ten years (bleepingcomputer.com)
Toyota's bungling of customer privacy is becoming a pattern • The Register
WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers - SecurityWeek
Personal info of 90k hikers leaked by French tourism company La Malle Postale-Security Affairs
Ransomware gang steals data of 5.8 million PharMerica patients (bleepingcomputer.com)
Airline exposes passenger info to others due to a 'technical error' (bleepingcomputer.com)
University admission platform exposed student passports-Security Affairs
Millions of deleted files recovered in hard drives purchased online | TechRadar
Organised Crime & Criminal Actors
Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online
An Executive's Guide To The Cyber crime Underground (forbes.com)
Hacker marketplace still active despite police 'takedown' claim - BBC News
How Cyber criminals Adapted to Microsoft Blocking Macros by Default (darkreading.com)
Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Atomic malware steals Mac passwords, crypto wallets, and more • Graham Cluley
Hacker admits he was connected to 'tens of thousands’ laptops to mine crypto (finbold.com)
CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)
Latest variant of RapperBot botnet adds cryptojacking capabilities-Security Affairs
North Korean hackers stole $721 million in cryptocurrency from Japan - Nikkei | Reuters
DangerousPassword - A Malware Attack Pattern to Infect Devices (gbhackers.com)
Landmark crypto rules make exchanges liable for customer losses in EU | Ars Technica
Insider Risk and Insider Threats
Triple Threat: Insecure Economy, Cyber crime Recruitment and Insider Threats - SecurityWeek
Avoiding Reputational Damage By Conquering Insider Threats (informationsecuritybuzz.com)
Insider threats surge across US CNI as attackers exploit human factors | CSO Online
Ex-Apple engineer accused of stealing self-driving car secrets - BBC News
Identity crimes: Too many victims, limited resources - Help Net Security
Fraud, Scams & Financial Crime
Fraudsters send fake invoice, follow up with fake exec confirmation - Help Net Security
Exploring the tactics of phishing and scam websites in 2023 - Help Net Security
How To Avoid Mother's Day Scams By Protecting Your Purse And Heart (informationsecuritybuzz.com)
Spanish cops arrest 69 in immigration bot scheme • The Register
Admin of the darknet carding platform Skynet Market pleads guilty-Security Affairs
18-year-old charged with hacking 60,000 sports betting accounts (bleepingcomputer.com)
AML/CFT/Sanctions
Insurance
Dark Web
Hacker marketplace still active despite police 'takedown' claim - BBC News
Infamous cyber crime marketplace offers pre-order service for stolen credentials - Help Net Security
Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)
Mitigating Dark Web Risks: The Role Of AI And Machine Learning (forbes.com)
Supply Chain and Third Parties
Capita warns customers they should assume data was stolen (bleepingcomputer.com)
Capita hit by new data breach incident | Financial Times (ft.com)
Another security calamity for Capita: Unsecured AWS bucket • The Register
UK's largest private pension scheme hit by Capita attack • The Register
Discord Informs Users of Data Breach Involving Customer Support Provider - SecurityWeek
Preparing for federal supply chain security standardization - Help Net Security
Software Supply Chain
Cloud/SaaS
Security experts share cloud auditing best practices | TechTarget
Stop worrying about cloud-lock-in, and outages: Gartner • The Register
Microsoft Azure VMs Hijacked in Cloud Cyber attack (darkreading.com)
Why High Tech Companies Struggle with SaaS Security (thehackernews.com)
Capita hit by new data breach incident | Financial Times (ft.com)
Why Amazon S3 is a ransomware target and how to protect it | TechTarget
Microsoft lets Azure AD choose authentication method • The Register
Encryption
Converso walks back E2EE claims, yanks app from stores • The Register
Protect against current and future threats with encryption | TechTarget
API
Open Source
EU attempts to secure software could hurt open source • The Register
CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek
Open-source Cobalt Strike port 'Geacon' used in macOS attacks (bleepingcomputer.com)
Malicious open-source components threatening digital infrastructure - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Time Taken For Hackers to Crack Passwords Revealed - IT Security Guru
AI-Powered Tools Threaten Password Strength, New Study Finds - MSSP Alert
Passkeys may not be for you, but they are safe and easy—here’s why | Ars Technica
Ransomware Prevention – Are Meeting Password Security Requirements Enough (bleepingcomputer.com)
KeePass 2.X Master Password Dumper allows retrieving the KeePass master password-Security Affairs
Social Media
Former TikTok official says China had access to app data | Al Arabiya English
Ongoing Facebook phishing campaign without a sender and (almost) without links
Twitter wrong to block tweets during Turkey election - Wikipedia founder - BBC News
Twitter sued over Saudi spying that allegedly landed popular user in prison [Updated] | Ars Technica
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
EU attempts to secure software could hurt open source • The Register
AI Is About to Be Everywhere: Where Will Regulators Be? (darkreading.com)
Preparing for federal supply chain security standardization - Help Net Security
Secure Disposal
Careers, Working in Cyber and Information Security
Open source and Linux skills are still in demand in a dark economy | ZDNET
Top 10 Ideas for Addressing the Cyber security Skills Gap in 2023 (analyticsinsight.net)
Google Cloud CISO on why the Google Cyber security Certificate matters - Help Net Security
Law Enforcement Action and Take Downs
Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online
Hacker marketplace still active despite police 'takedown' claim - BBC News
Spanish cops arrest 69 in immigration bot scheme • The Register
Identity crimes: Too many victims, limited resources - Help Net Security
Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)
Admin of the darknet carding platform Skynet Market pleads guilty-Security Affairs
18-year-old charged with hacking 60,000 sports betting accounts (bleepingcomputer.com)
Russian national indicted for ransomware attacks against the US | CSO Online
Privacy, Surveillance and Mass Monitoring
The UK’s Secretive Web Surveillance Program Is Ramping Up | WIRED
WhatsApp allows users to lock sensitive chats - Help Net Security
Apple blocked 1.7 million apps for privacy, security issues in 2022 (bleepingcomputer.com)
Google details its next steps for wiping out Chrome tracking cookies | Engadget
Misinformation, Disinformation and Propaganda
Pakistan shut down the internet - but that didn't stop the protests - BBC News
Twitter wrong to block tweets during Turkey election - Wikipedia founder - BBC News
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
Former TikTok official says China had access to app data | Al Arabiya English
Gatewatcher unveils research into advanced persistent threats | Data Centre Solutions
How China came to dominate the black market for money laundering (telegraph.co.uk)
North Korean hackers stole $721 million in cryptocurrency from Japan - Nikkei | Reuters
Hackers infect TP-Link router firmware to attack EU entities (bleepingcomputer.com)
Chinese Hackers Mustang Panda Attacks TP-Link Routers (informationsecuritybuzz.com)
Cyble — Cisco Routers Exploited by Russian State-Sponsored Attackers
DOJ links Iran, China and Russia to five IP theft-related cases | SC Media (scmagazine.com)
Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)
Vulnerability Management
Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug | Ars Technica
Remote updates on motherboards could lead to bricked servers • The Register
Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities (gbhackers.com)
CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek
How to build a better vulnerability management program | TechTarget
Google Announces New Rating System for Android and Device Vulnerability Reports - SecurityWeek
How to Protect Your Organisation From Vulnerabilities (darkreading.com)
Vulnerabilities
Hackers target Wordpress plugin flaw after PoC exploit released (bleepingcomputer.com)
Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks (thehackernews.com)
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) - Help Net Security
Apple fixes three new zero-days exploited to hack iPhones, Macs (bleepingcomputer.com)
XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (thehackernews.com)
Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers - SecurityWeek
Arm confident Cortex-M is secure after side-channel attack • The Register
Microsoft Follina Bug Is Back in Meme-Themed Cyber attacks Against Travel Orgs (darkreading.com)
CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek
Remote updates on motherboards could lead to bricked servers • The Register
Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug | Ars Technica
Microsoft pulls Defender update fixing Windows LSA Protection bug (bleepingcomputer.com)
WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities – WP Tavern
Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities - SecurityWeek
Tools and Controls
Organisations' cyber resilience efforts fail to keep up with evolving threats - Help Net Security
Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities (gbhackers.com)
5 Ways Security Testing Can Aid Incident Response (darkreading.com)
Organisations reporting cyber resilience are hardly resilient: Study | CSO Online
Passkeys may not be for you, but they are safe and easy—here’s why | Ars Technica
The Ultimate Guide to Multi-Factor Authentication - Security Boulevard
Open-source Cobalt Strike port 'Geacon' used in macOS attacks (bleepingcomputer.com)
Protect against current and future threats with encryption | TechTarget
Can AI Decision-Making Be Trusted for Cyber security? (analyticsinsight.net)
'Strictly limit' remote desktop to avoid BianLian ransomware • The Register
Millions of deleted files recovered in hard drives purchased online | TechRadar
Key Metrics In Evaluating DevOps Threat Matrix (informationsecuritybuzz.com)
ChatGPT is about to revolutionize cyber security | VentureBeat
A Requirements-Driven Approach to Cyber Threat Intelligence | Mandiant
Embedding Security by Design: A Shared Responsibility (darkreading.com)
Reports Published in the Last Week
Other News
Heightened cyber attacks threat before Council of Europe summit in Reykjavik – EURACTIV.com
12 common network protocols and their functions explained | TechTarget
Pentagon Hacking Fears Fueled by Microsoft's Monopoly on Military IT (newsweek.com)
Ukraine, Ireland, Japan and Iceland join NATO CCDCOE-Security Affairs
Web entity activity reveals insights into internet security - Help Net Security
Microsoft Security highlights from RSAC 2023 - Microsoft Security Blog
Top 5 Cyber security Predictions and Statistics for 2023 (analyticsinsight.net)
No more macros? No problem, say attackers, we'll adapt • The Register
Researchers show ways to abuse Microsoft Teams accounts for lateral movement | CSO Online
Rebinding Attacks Persist With Spotty Browser Defences (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 09 December 2022
Black Arrow Cyber Threat Briefing 09 December 2022:
-Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime
-Cyber Security Resilience Emerges as Top Priority as 62% of Companies Say Security Incidents Impacted Business Operations
-Cyber Security Should Focus on Managing Risk
-Fear of Cyber Attacks Drives SMBs to Spend More on Software
-Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices
-Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold
-Automated Dark Web Markets Sell Corporate Email Accounts For $2
-Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack
-Security Concerns Scupper Deals for Two-Thirds of Firms
-Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime
Norton released its top cyber trends to watch in 2023, emphasising that the economy will have the greatest impact on the spread of cyber crime next year. Experts predict the pressures associated with economic uncertainty and rising costs will create the perfect environment for scammers to take advantage of people when they are more vulnerable.
It’s expected that cyber criminals will trick victims into surrendering personal information, emptying their bank accounts, or spending money for products, services or “lottery winnings” that never arrive. “We anticipate scammers will continue to prey on the vulnerability of people as economic pressures rise in 2023,” said Norton.
“Cyber criminals love to exploit seasonal opportunities, and consumers are facing a perfect storm of rising prices in the middle of the busiest shopping season of the year when scammers are particularly active. Scams are always harder to detect during the holiday season because consumers expect deep discounts and may believe prices that would normally seem too good to be true. This year, inflation and other unfavourable macroeconomic factors are likely to make people particularly eager to find good deals and they may therefore be at greater risk than in previous years. Taking a few proactive steps today could help you to be safer all year long.”
https://www.helpnetsecurity.com/2022/12/06/economic-uncertainty-cybercrime/
Cyber Security Resilience Emerges as Top Priority, as 62% of Companies Say Security Incidents Impacted Business Operations
Cyber security resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest edition of Cisco's annual Security Outcomes Report.
Resilience has emerged as a top priority as a staggering 62 percent of organisations surveyed said they had experienced a security event that impacted business in the past two years. The leading types of incidents were network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).
These incidents resulted in severe repercussions for the companies that experienced them, along with the ecosystem of organisations they do business with. The leading impacts cited include IT and communications interruption (62.6 percent), supply chain disruption (43 percent), impaired internal operations (41.4 percent) and lasting brand damage (39.7 percent).
With stakes this high, it is no surprise that 96 percent of executives surveyed for the report said that security resilience is high priority for them. The findings further highlight that the main objectives of security resilience for security leaders and their teams are to prevent incidents, and mitigate losses when they occur.
Technology is transforming businesses at a scale and speed never seen before. While this is creating new opportunities, it also brings with it challenges, especially on the security front. To be able to tackle these effectively, companies need the ability to anticipate, identify, and withstand cyber threats, and if breached be able to rapidly recover from one. That is what building resilience is all about.
Security, after all, is a risk business. As companies don't secure everything, everywhere, security resilience allows them to focus their security resources on the pieces of the business that add the most value to an organisation, and ensure that value is protected.
Cyber Security Should Focus on Managing Risk
Preventing all data breaches is an unrealistic goal. Instead, focus on finding and minimising the greatest risks.
There is a common misconception that all problems have clear, straightforward solutions — as long as you look hard enough. While this is a bold and ambitious goal, it's misguided when applied to cyber security. Organisations cannot prevent data breaches or cyberattacks altogether, and avoiding a breach or cyber incident is nearly impossible in the modern era. Organisations can, however, take steps to reduce an attack's negative impacts.
Eradicating risk is an impractical goal because you cannot "solve" something that constantly changes. To understand the risks you need to think like an attacker.
Threat actors are, first and foremost, opportunistic. They will always look for the easiest targets to maximise their financial gain. So intimately understanding an organisation's level of risk is the first step to managing and reducing it — and making yourself less of a target.
In line with Verizon’s "Data Breach Investigations Report" (DBIR) the four critical ways that threat actors most frequently use to compromise organisations large and small are credential compromise, phishing, vulnerability exploitation, and botnets, and these are the areas organisations should look reduce risks.
https://www.darkreading.com/edge-articles/cybersecurity-should-focus-on-managing-risk
Fear of Cyber Attacks Drives SMBs to Spend More on Software
Despite fears of a looming recession, small and medium sized businesses (SMBs) are spending more on software in 2023, according to Capterra’s 2023 SMB Software Buying Trends Survey. 75% of US SMBs estimate they’ll spend more on software in 2023 compared to 2022.
Alongside increased software budgets, Capterra’s survey of over 500 SMBs reveals four other major trends in software buying behaviours and challenges that will impact businesses in 2023:
Fearful of cyber attacks, US businesses rate security as a top motivator for software purchases
Implementation concerns are SMBs’ biggest purchase barrier
Most SMB software purchases are solely handled by IT, disregarding other important stakeholders
Customer reviews sway purchase decisions, and verified reviews are critical
Despite the expected increase in software investments, many US SMBs regret their technology purchases. 61% of US SMBs say they have buyer’s remorse over a technology purchase in the past 12-18 months. Inadequate support services (39%) and higher-than-anticipated costs (34%) are the top reasons behind such regrets.
https://www.helpnetsecurity.com/2022/12/07/smbs-software-spending-2023/
Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices
Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cyber security specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages.
“Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads the report. Trustwave further added that scammers typically obtain mobile numbers from data breaches, social media and data brokers, among other methods. After that, attackers ask victims for a wire transfer, send a copy of an aging report or change a payroll account, luring them into paying for something that should be reimbursed later (but never will).
BEC attacks will always be here so long as they remain profitable. Their continued profitability proves that employee cyber security behaviour is neglected and mismanaged by the compliance-based approach to security awareness.
Security culture needs a reformation that begins with transforming the human layer into an asset which, when empowered by the right training and platform, augments the protect-detect-respond pillars of the [National Institute of Standards and Technology] NIST framework.
Trustwave’s findings were also confirmed in SlashNext’s State of Phishing 2022 report, which recently highlighted a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads. The document also suggested 83% of organisations reported that mobile device threats had been growing more quickly than other device threats.
https://www.infosecurity-magazine.com/news/bec-attacks-expand-toward-mobile/
Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold
Ransomware groups are getting their acts together, growing in sophistication and business acumen while monetising ransomware beyond encryption, including double and triple extortion, as the market for ransomware-as-a-service (RaaS) matures.
In first half of 2022, LockBit, Conti, Alphv, Black Basta, and Vice Society were among the most prolific ransomware gangs, focusing their attack on US-based organisations, according to a LookingGlass report on the topic.
The report confirmed and attributed 1,133 ransomware attacks in the first six months of the year and attributed 207 data leaks across all active threat actor groups throughout the same period. Of the more than 1,300 incidents, the bulk came from the top 15 most active ransomware groups, led by LockBit, Conti, and Alphv.
Ransomware gangs have primarily targeted two sectors during the analysis period: manufacturing and industrial products, followed by engineering and construction and healthcare and life sciences, with the consumer and retail industry rounding out the top five.
The report highlighted the rise of sophisticated software and networks as a principal contributor to the professionalisation of ransomware, with malicious actors now offering RaaS, bug bounties, sales teams, and even customer support.
“This new, more professional ransomware structure can only mean that the problem will continue to grow in the months ahead," the report noted. "We anticipate the adoption of more traditional business practices as the underground economy continues to remain robust”.
Automated Dark Web Markets Sell Corporate Email Accounts For $2
Cyber crime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.
Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.
The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organisations.
Typically, these accounts were stolen via password cracking (brute-forcing) or credential stuffing, had their credentials stolen through phishing, or were bought from other cyber criminals.
Hackers use their access to corporate email accounts in targeted attacks like business email compromise (BEC), social engineering, spear-phishing, and deeper network infiltration.
Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack
Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.
While the company is still investigating the incident and is working on bringing affected systems back online, it says that cyber criminals might also take advantage and exploit this incident for their own purposes.
"If you do receive a message from an individual you do not recognise, do not reply. Please login to your control panel and create a ticket, including details about the message you received," Rackspace said. "We understand that contact such as this may be alarming, but we currently have no evidence to suggest that you are at increased risk as a result of this direct contact."
Rackspace added that customers could easily spot scammers attempting to steal their sensitive information since:
Emails from Rackspace will be sent from @rackspace.com emails (although attackers might still use a spoofed email address and redirect their targets to a landing phishing page)
Rackspace support will not ask for login credentials or personal information (e.g., social security number, driver's license) during phone calls
Even though the company is yet to reveal if it has any evidence that the attackers have stolen data from its systems during the breach, customers were advised to remain vigilant and monitor their credit reports and banking account statements for suspicious activity.
Some customers are also reporting an increase in phishing emails impersonating Rackspace since the ransomware attack. Those affected by the Rackspace ransomware attack and outage should not open any suspicious email attachments or click any suspicious links.
Security Concerns Scupper Deals for Two-Thirds of Firms
Two-thirds (67%) of global organisations have admitted to losing out on acquiring potential customers due to concerns about their security posture, according to LogRhythm.
The security vendor polled 1175 security professionals and executives across five continents to compile its latest report, The State of the Security Team 2022. It found that security due diligence among customers and partners is increasingly rigorous.
Some 91% of respondents said that their security strategy must now align with customers’ security policies and standards, while 85% claimed their company must provide proof that they meet partners’ security requirements.
There was more worrying news from the report: 70% of respondents reported an increase in workplace stress for security teams, with nearly a third (30%) citing a “significant” increase. Among the key stress factors highlighted in the study were growing attack sophistication, greater responsibilities and increasing attack frequency.
Two-fifths (41%) claimed that better integrated solutions would help to relieve these pressures, while a similar number (42%) pointed to the need for more experienced security professionals. The latter would seem unlikely, given the coming recession’s likely impact on budgets, and persistent industry skills shortages. The gap is now 3.4 million globally, including 56,800 in the UK, a massive 73% year-on-year increase, according to ISC2.
https://www.infosecurity-magazine.com/news/security-concerns-scupper-deals/
Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks
Microsoft is gearing up for a slew of Russian cyber attacks this winter, and warns others to stay vigilant. Between missiles, drones, and cyber attacks the onslaught against Ukraine has been a brutal one, and reportedly only set to get worse in the coming months.
"Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support," says Microsoft in a recent blog post. "Recent attacks in Poland suggest that Russian state-sponsored cyber attacks may increasingly be used outside Ukraine in an effort to undermine foreign-based supply chains."
In late October, Russian forces were pushed from formerly occupied territory, retaliating with missile, drone, and cyber strikes that left much of Kyiv in need of simple running water.
The Russian group known to Microsoft as IRIDIUM (aka Sandworm) is thought to be working with the Russian intelligence service, the GRU, in coordinated efforts to inflict suffering on the people of Ukraine. The group has been at large for almost a decade, as Microsoft notes, "Following Russia’s annexation of Crimea in 2014, IRIDIUM launched a series of wintertime operations against Ukrainian electricity providers, cutting power to hundreds of thousands of citizens in 2015 and 2016."
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Professionalization Grows as RaaS Takes Hold (darkreading.com)
Medibank share price slumps ahead of major shutdown and cyber security overhaul (fool.com.au)
Rackspace confirms ransomware behind days-long email outage • The Register
Vice Society: Profiling a Persistent Threat to the Education Sector (paloaltonetworks.com)
Wiper, Disguised as Fake Ransomware, Targets Russian Orgs (darkreading.com)
Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica
Rackspace rocked by ‘security incident’ in hosted Exchange • The Register
Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware (thehackernews.com)
Understanding NIST CSF to assess your organisation's Ransomware readiness (thehackernews.com)
New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security
South Pacific vacations may be wrecked by ransomware • The Register
Gartner: 5 Considerations for I&O Leaders Planning Against Ransomware Attacks - IT Security Guru
Intersport Data Posted On Hive Dark Web Blog - Information Security Buzz
Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022 (thehackernews.com)
Education sector hit by Hive ransomware in November | TechTarget
Ransomware attack forces French hospital to transfer patients (bleepingcomputer.com)
CommonSpirit Health ransomware attack exposed data of 623,000 patients (bleepingcomputer.com)
Ransomware Gang Steals Employee and Customer Data From LJ Hooker (vice.com)
Phishing & Email Based Attacks
Rackspace warns of phishing risks following ransomware attack (bleepingcomputer.com)
Phishing in the Cloud: We're Gonna Need a Bigger Boat (darkreading.com)
Phishing scammers impersonate WhatsApp by buying a top ad spot on Google | PC Gamer
How to Recognize Phishing Emails: Cyber security Experts Give Advice - WSJ
Investment Fraud Gang May Have Made $500m - Infosecurity Magazine (infosecurity-magazine.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Infostealer Malware Market Booms, as MFA Fatigue Sets In (darkreading.com)
Hardening Identities With Phish-Resistant MFA (darkreading.com)
'I had £8,000 stolen but Revolut won't refund it' - BBC News
Malware
Infostealer Malware Market Booms, as MFA Fatigue Sets In (darkreading.com)
Malware Authors Inadvertently Take Down Own Botnet (darkreading.com)
Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines (darkreading.com)
Mobile
Code of practice for app store operators and app developers - GOV.UK (www.gov.uk)
Android malware apps with 2 million installs spotted on Google Play (bleepingcomputer.com)
Privacy changes set Apple at odds with UK government over online safety bill | Apple | The Guardian
Android malware infected 300,000 devices to steal Facebook accounts (bleepingcomputer.com)
Android December 2022 security updates fix 81 vulnerabilities (bleepingcomputer.com)
Telcom and BPO Companies Under Attack by SIM Swapping Hackers (thehackernews.com)
Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide (thehackernews.com)
SIM swapper gets 18-months for involvement in $22 million crypto heist (bleepingcomputer.com)
Compromised Android keys used to sign info-stealing malware • The Register
Largest mobile malware marketplace identified by Resecurity in the Dark Web - Security Affairs
Internet of Things – IoT
How IoT is changing the threat landscape for businesses - Help Net Security
What's the Matter with digital trust in smart home devices? - Help Net Security
Security Risks Found in Millions of XIoT Devices - Infosecurity Magazine (infosecurity-magazine.com)
Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities | SecurityWeek.Com
Data Breaches/Leaks
Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED
Personal data of 10,000 Australians found for sale online | 7NEWS
Stolen data of 600,000 Indians sold on bot markets so far - study | Reuters
Organised Crime & Criminal Actors
Of Exploits and Experts: The Professionalization of Cyber Crime (darkreading.com)
Economic uncertainty will greatly impact the spread of cyber crime - Help Net Security
Automated dark web markets sell corporate email accounts for $2 (bleepingcomputer.com)
DHS Cyber Safety Board to review Lapsus$ gang’s hacking tactics (bleepingcomputer.com)
BlackProxies proxy service increasingly popular among hackers (bleepingcomputer.com)
Chart: Cyber crime Expected To Skyrocket in Coming Years | Statista
Metaparasites: The cyber criminals who rip each other off • Graham Cluley
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps (thehackernews.com)
Microsoft: Hackers target cryptocurrency firms over Telegram (bleepingcomputer.com)
UK finalises plans for regulation of ‘wild west’ crypto sector | Financial Times (ft.com)
North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Even cyber criminals fall for online scams: $2.5m last year • The Register
'I had £8,000 stolen but Revolut won't refund it' - BBC News
Suspects arrested for hacking US networks to steal employee data (bleepingcomputer.com)
Australia arrests 'Pig Butchering' suspects for stealing $100 million (bleepingcomputer.com)
Cyber criminals are scamming each other, tipping off law enforcement - Help Net Security
Elon Musk "Freedom Giveaway" crypto scam promoted via Twitter lists (bleepingcomputer.com)
SIM swapper gets 18-months for involvement in $22 million crypto heist (bleepingcomputer.com)
Metaparasites: The cyber criminals who rip each other off • Graham Cluley
Investment Fraud Gang May Have Made $500m - Infosecurity Magazine (infosecurity-magazine.com)
Deepfakes
AML/CFT/Sanctions
Insurance
What you should know when considering cyber insurance in 2023 | CSO Online
Cyber Insurance Policy Underwriting Explained (trendmicro.com)
Dark Web
Supply Chain and Third Parties
Antwerp's city services down after hackers attack digital partner (bleepingcomputer.com)
Transport And Shipping Beware – Supply Chains Under Attack - Information Security Buzz
Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED
Software Supply Chain
Denial of Service DoS/DDoS
3 Types Of DDoS Attack Types You Should Care About - Information Security Buzz
Microsoft warning after DDoS attack disrupts Russian bank • The Register
Cloud/SaaS
Phishing in the Cloud: We're Gonna Need a Bigger Boat (darkreading.com)
How to implement least privilege access in the cloud | TechTarget
Hybrid/Remote Working
Encryption
WhatsApp raises threat of UK shutdown in encryption row (telegraph.co.uk)
Governments want to avert quantum's encryption apocalypse (axios.com)
API
Open Source
Ping of death! FreeBSD fixes crashtastic bug in network tool – Naked Security (sophos.com)
Research reveals where 95% of open source vulnerabilities lie - Help Net Security
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Taiwan bans state-owned devices from running TikTok • The Register
Critical Vulnerabilities Force Twitter Alternative Hive Social Offline | SecurityWeek.Com
Does Hive's Security Problem Make It Unsafe to Use? (lifehacker.com)
Elon Musk "Freedom Giveaway" crypto scam promoted via Twitter lists (bleepingcomputer.com)
US States label TikTok a malicious and menacing threat • The Register
Training, Education and Awareness
Engage your employees with better cyber security training - Help Net Security
Lack of Cyber security Expertise Poses Threat for Public-Safety Orgs (darkreading.com)
4 cyber security predictions for 2023 --- SANS analysts look ahead | VentureBeat
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK finalises plans for regulation of ‘wild west’ crypto sector | Financial Times (ft.com)
What Stricter Data Privacy Laws Mean for Your Cyber security Policies (thehackernews.com)
Governance, Risk and Compliance
Cyber security Risk Management In The Real World - Information Security Buzz
Economic uncertainty will greatly impact the spread of cyber crime - Help Net Security
Models, Frameworks and Standards
Understanding NIST CSF to assess your organisation's Ransomware readiness (thehackernews.com)
PCI Secure Software Standard 1.2 released - Help Net Security
How compliance leaders can encourage employees to report misconduct - Help Net Security
The changing role of the MITRE ATT@CK framework | CSO Online
Don't Wait to Become CMMC Compliant - Information Security Buzz
Three Ways to Improve Defence Readiness Using MITRE D3FEND | SecurityWeek.Com
Data Protection
Remote workers losing laptops are bigger threat to companies than hackers (telegraph.co.uk)
How companies time data leak disclosures - Help Net Security
What Stricter Data Privacy Laws Mean for Your Cyber security Policies (thehackernews.com)
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Suspects arrested for hacking US networks to steal employee data (bleepingcomputer.com)
Australia arrests 'Pig Butchering' suspects for stealing $100 million (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Apple Faces Critics Over Its Privacy Policies | SecurityWeek.Com
Privacy changes set Apple at odds with UK government over online safety bill | Apple | The Guardian
Apple announces new security and privacy measures amid surge in cyber-attacks | Apple | The Guardian
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
NATO Readies for Cyber War: Simulation Shows Unified Front Against Attack - MSSP Alert
Microsoft warns of Russian cyber attacks throughout the winter (bleepingcomputer.com)
Microsoft warning after DDoS attack disrupts Russian bank • The Register
Russian Espionage APT Callisto Focuses on Ukraine War Support Organisations | SecurityWeek.Com
Russian Actors Use Compromised Healthcare Networks Against Ukrainian Orgs (darkreading.com)
Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict (substack.com)
Nation State Actors
Nation State Actors – Russia
Microsoft encourages 'strong cyber hygiene' in light of increasing Russian cyber attacks | PC Gamer
Russian Hackers Spotted Targeting US Military Weapons and Hardware Supplier (thehackernews.com)
The surprising ineffectiveness of Russia’s cyber-war | The Economist
Nation State Actors – China
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks (thehackernews.com)
Chinese hackers stole millions worth of US COVID relief money, Secret Service says | Reuters
Amnesty International Canada breached by suspected Chinese hackers (bleepingcomputer.com)
China Operates More Than 100 Secret 'Police Stations' Globally: Report (businessinsider.com)
US Congress rolls back proposal to restrict use of Chinese chips | Computerworld
Nation State Actors – North Korea
North Korean tech freelancers' earnings fund nukes, missiles • The Register
North Korean Hackers Spread AppleJesus Malware Disguised as Cryptocurrency Apps (thehackernews.com)
Google Documents IE Browser Zero-Day Exploited by North Korean Hackers | SecurityWeek.Com
APT37 Uses Internet Explorer Zero-Day to Spread Malware (darkreading.com)
Google: State hackers still exploiting Internet Explorer zero-days (bleepingcomputer.com)
North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News
Nation State Actors – Iran
Vulnerabilities
Attackers take over expired domain to deliver web skimming scripts - Help Net Security
Google discovers Windows exploit framework used to deploy spyware (bleepingcomputer.com)
Cisco discloses high-severity IP phone bug with exploit code (bleepingcomputer.com)
Google Chrome emergency update fixes 9th zero-day of the year (bleepingcomputer.com)
Google Documents IE Browser Zero-Day Exploited by North Korean Hackers | SecurityWeek.Com
For Cyber attackers, Popular EDR Tools Can Turn into Destructive Data Wipers (darkreading.com)
A new Linux flaw can be chained with other two bugs to gain full root privileges - Security Affairs
Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities | SecurityWeek.Com
Google Chrome Flaw Added to CISA Patch List (darkreading.com)
Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS | SecurityWeek.Com
Research reveals where 95% of open source vulnerabilities lie - Help Net Security
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)
Google: State hackers still exploiting Internet Explorer zero-days (bleepingcomputer.com)
APT37 Uses Internet Explorer Zero-Day to Spread Malware (darkreading.com)
WAFs of Several Major Vendors Bypassed With Generic Attack Method | SecurityWeek.Com
Google Chrome zero-day exploited in the wild (CVE-2022-4262) - Help Net Security
Sophos fixed a critical flaw in its Sophos Firewall version 19.5 - Security Affairs
Tools and Controls
Security pros feel threat detection and response workloads have increased - Help Net Security
Single Sign-on: It's Only as Good as Your Ability to Use It (darkreading.com)
Leveraging the full potential of zero trust - Help Net Security
Understanding malware analysis and its challenges | TechTarget
Using XDR to Consolidate and Optimize Cyber security Technology (thehackernews.com)
Reports Published in the Last Week
Other News
Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet | SecurityWeek.Com
Where Advanced Cyber attackers Are Heading Next: Disruptive Hits, New Tech (darkreading.com)
43 Trillion Security Data Points Illuminate Our Most Pressing Threats (darkreading.com)
7 reasons why you must embed trust into the core of your business - Help Net Security
Risky online behaviour ‘almost normalised’ among young people, says study | Internet | The Guardian
Top 7 factors boosting enterprise cyber security resilience - Help Net Security
Machine Learning Models: A Dangerous New Attack Vector (darkreading.com)
Consumers want convenience without sacrificing security - Help Net Security
4 cyber security predictions for 2023 --- SANS analysts look ahead | VentureBeat
3 of the Worst Data Breaches in the World That Could Have Been Prevented - Security Affairs
Removing the Barriers to Security Automation Implementation | SecurityWeek.Com
Cyber security Should Focus on Managing Risk (darkreading.com)
Deal with sophisticated bot attacks: Learn, adapt, improve - Help Net Security
Want to detect Cobalt Strike? Look to process memory • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 October 2022
Black Arrow Cyber Threat Briefing 21 October 2022:
-Gen Z, Millennials Really Doesn't Care About Workplace Cyber Security
-Supply Chain Attacks Increased Over 600% This Year and Companies Are Falling Behind
-Cyber-Enabled Crimes Are Biggest Police Concerns
-List of Common Passwords Accounts for Nearly All Cyber Attacks
-Shared Responsibility or Shared Fate? Decentralized IT Means We Are All Cyber Defenders
-Ukraine War Cuts Ransomware as Kremlin Co-Opts Hackers
-96% Of Companies Report Insufficient Security for Sensitive Cloud Data
-Your Microsoft Exchange Server Is a Security Liability
-Are Cyber Security Vendors Pushing Snake Oil?
-Ransomware Preparedness, What Are You Doing Wrong?
-NSA Cybersecurity Director's Six Takeaways from the War in Ukraine
-Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Gen Z, Millennials Really Don’t Care About Workplace Cyber Security
When it comes to cyber security in the workplace, younger employees don’t really seem to care that much, which is putting their organisations in serious harm’s way, new research has claimed.
Surveying approximately 1,000 workers using devices issued by their employers, professional services firm EY found Gen Z enterprise employees were more apathetic about cyber security than their Boomer counterparts in adhering to their employer's safety policies.
This is despite the fact that four in five (83%) of all those surveyed claimed to understand their employer’s security protocol.
When it comes to implementing mandatory IT updates, for example, 58% of Gen Z’ers and 42% of millennials would disregard them for as long as possible. Less than a third (31%) of Gen X’ers, and just 15% of baby boomers said they do the same.
Apathy in the young extends to password reuse between private and business accounts. A third of Gen Z and millennial workers surveyed admitted to this, compared to less than a quarter of all Gen X’ers and baby boomers.
Some say the apathy of young people towards technology is down to their over-familiarity with technology, and never having been without it. Being too comfortable with tech undoubtedly makes an enterprise's younger employees a major target for cyber criminals looking to exploit any hole in security.
If an organisation's cyber security practices aren't upheld strongly, threat actors can compromise huge networks with simple social engineering attacks.
https://www.techradar.com/news/younger-workers-dont-care-about-workplace-cybersecurity
Supply Chain Attacks Increased Over 600% This Year and Companies Are Falling Behind
The number of documented supply chain attacks involving malicious third-party components has increased 633% over the past year, now sitting at over 88,000 known instances, according to a new report from software supply chain management company Sonatype. Meanwhile, instances of transitive vulnerabilities that software components inherit from their own dependencies have also reached unprecedented levels and plague two-thirds of open-source libraries.
“The networked nature of dependencies highlights the importance of having visibility and awareness about these complex supply chains” Sonatype said in its newly released State of the Software Supply Chain report. “These dependencies impact our software, so having an understanding of their origins is critical to vulnerability response. Many organisations did not have the needed visibility and continued their incident response procedures for Log4Shell well beyond the summer of 2022 as a result.”
Log4Shell is a critical vulnerability discovered in November 2021 in Log4j, a widely popular open-source Java library used for logging and bundled in millions of enterprise applications and software products, often as an indirect dependency. According to Sonatype’s monitoring, as of August 2022, the adoption rate for fixed versions of Log4j sits at around 65%. Moreover, this doesn’t even account for the fact that the Log4Shell vulnerability originated in a Java class called JndiManager that is part of Log4j-core, but which has also been borrowed by 783 other projects and is now found in over 19,000 software components.
Log4Shell served as a watershed moment, highlighting the inherent risks that exist in the open-source software ecosystem – which sits at the core of modern software development – and the need to manage them properly. It also led to several initiatives to secure the software supply chain by private organisations, software repository managers, the Linux Foundation, and government bodies. Yet, most organisations are far from where they need to be in terms of open-source supply chain management.
Cyber-Enabled Crimes Are Biggest Police Concerns
Cyber-related crimes such as money laundering, ransomware and phishing pose the biggest threat to society, according to the first ever Interpol Global Crime Trend report.
The inaugural study was compiled from data received from the policing organisation’s 195 member countries, as well as information and analysis from external sources.
Money laundering was ranked the number one threat, with 67% of respondents claiming it to be a “high” or “very high” risk. Ransomware came second (66%) but was the crime type that most (72%) expected to increase in the next 3–5 years.
Of the nine top crime trends identified in the report, six are directly cyber-enabled, including money laundering, ransomware, phishing, financial fraud, computer intrusion and child sexual exploitation.
Interpol warned that the pandemic had fomented new underground offerings like “financial crime-as-a-service,” including digital money laundering tools which help to lower the barrier to entry for criminal gangs. It also claimed that demand for online child sexual exploitation and abuse (OCSEA) content surged during the pandemic. Some 62% of respondents expect it to increase or significantly increase in the coming years.
The findings represent something of a turnaround from pre-pandemic times, when drug trafficking regularly topped the list of police concerns. Thanks to a surge in corporate digitalisation, home working and online shopping, there are now rich pickings to be had from targeting consumers and business users with cyber-scams and attacks, Interpol claimed.
https://www.infosecurity-magazine.com/news/cyberenabled-crimes-are-biggest/
List of Common Passwords Accounts for Nearly All Cyber Attacks
Half of a million passwords from the RockYou2021 list account for 99.997% of all credential attacks against a variety of honeypots, suggesting attackers are just taking the easy road.
Tens of millions of credential-based attacks targeting two common types of servers boiled down to a small fraction of the passwords that formed a list of leaked credentials, known as the RockYou2021 list.
Vulnerability management firm Rapid7, via its network of honeypots, recorded every attempt to compromise those servers over a 12-month period, finding that the attempted credential attacks resulted in 512,000 permutations. Almost all of those passwords (99.997%) are included in a common password list — the RockYou2021 file, which has 8.4 billion entries — suggesting that attackers, or the subset of threat actors attacking Rapid7's honeypots, are sticking to a common playbook.
The overlap in all the attacks also suggest attackers are taking the easy road, said Rapid7. "We know now, in a provable and demonstrable way, that nobody — 0% of attackers — is trying to be creative when it comes to unfocused, untargeted attacks across the Internet," they said. "Therefore, it's very easy to avoid this kind of opportunistic attack, and it takes very little effort to take this threat off the table entirely, with modern password managers and configuration controls."
Every year, security firms present research suggesting users are continuing to pick bad passwords. In 2019, an evaluation of passwords leaked to the Internet found that the top password was "123456," followed by "123456789" and "qwerty," and unfortunately things have not got much better since then.
https://www.darkreading.com/endpoint/a-common-password-list-accounts-for-nearly-all-cyberattacks
Shared Responsibility or Shared Fate? Decentralised IT Means We Are All Cyber Defenders
Does your organisation truly understand the shared responsibility model? Shared responsibility emerged from the early days of cloud computing as a way to delineate responsibilities between cloud providers and their customers, but often there's a gap between what shared responsibility means and how it is interpreted. With the decentralisation of IT, this gap is getting worse.
Applications, servers, and overall technology used to be under the purview and control of the IT department, yet with the shift to cloud, and specifically software-as-a-service (SaaS), this dynamic has changed. Whether it's the sales team bringing in a customer relationship management (CRM) system like Salesforce, or the HR department operating a human resources information system (HRIS) like Workday, there's a clear "expanding universe" of IT that no longer sits where it used to. Critical business workflows exist in separate business units far from IT and security and are managed as such. Our corporate IT footprints have become decentralised.
This is not some minor, temporary trend. With the ease and speed of adopting new SaaS applications and the desire to "lift and shift" code into cloud-based environments, this is the future. The future is decentralised.
The shift to business-owned and -operated applications puts security teams in a position where risk management is their responsibility; they are not even able to log into some of these critical systems. It's like asking your doctor to keep you healthy but not giving her access to your information or having regular check-ups. It doesn't work that way.
Beyond the challenging human skills gap, there's technical entropy and diversity everywhere, with different configuration settings, event logs, threat vectors, and data sensitivities. On the access side, there are different admins, users, integrations, and APIs. If you think managing security on Windows and Mac is a lot, try it across many huge applications.
With this reality, how can the security team be expected to combat a growing amount of decentralised business technology risk?
We must operate our technology with the understanding that shared responsibility is the vertical view between cloud provider and customer, but that enterprise-owned piece of shared responsibility is the burden of multiple teams horizontally across an organisation. Too often the mentality is us versus them, availability versus security, too busy to care about risk, too concerned with risk to understand "the business."
Ukraine War Cuts Ransomware as Kremlin Co-Opts Hackers
The Ukraine war has helped reduce global ransomware attacks by 10pc in the last few months, a British cyber security company has said.
Criminal hacking gangs, usually engaged in corporate ransomware activities, are increasingly being co-opted by the Russian military to launch cyber attacks on Ukraine, according to Digital Shadows. “The war is likely to continue to motivate ransomware actors to target government and critical infrastructure entities,” according to the firm. Such attacks partly contributed to a 10pc drop in the number of ransomware threats launched during the three months to September, said the London-based company.
The drop in ransomware may also partly be caused by tit-for-tat digital attacks between rival hacking gangs. Researchers said the Lockbit gang, who recently targeted LSE-listed car retailer Pendragon with a $60m (£53.85m) ransom demand, were the target of attacks from their underworld rivals. The group is increasingly inviting resentment from competing threat groups and possibly former members.
Some cyber criminals’ servers went offline in September after what appeared to be an attack from competitors. In the world of cyber criminality, it is not uncommon for tensions to flare among rival groups.
Officials from GCHQ’s National Cyber Security Centre have said ransomware is one of the biggest cyber threats facing the UK. Figures published by the Department for Digital, Culture, Media and Sport this year revealed the average costs to businesses caused by ransomware attacks is around £19,000 per incident.
US-based cyber security company Palo Alto Networks, however, warned that the average ransom payment it saw in the early part of this year was $925,000 (£829,000).
https://www.telegraph.co.uk/business/2022/10/23/ukraine-war-cuts-ransomware-kremlin-co-opts-hackers/
96% Of Companies Report Insufficient Security for Sensitive Cloud Data
The vast majority of organisations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA).
The CSA report surveyed 1,663 IT and security professionals from organisations of various sizes and in various locations. "Only 4% report sufficient security for 100% of their data in the cloud. This means that 96% of organisations have insufficient security for at least some of their sensitive data," according to the report, which was sponsored by data intelligence firm BigID.
Apart from struggling with securing sensitive data, organisations are also having trouble tracking data in the cloud. Over a quarter of organisations polled aren’t tracking regulated data, nearly a third aren’t tracking confidential or internal data, and 45% aren’t tracking unclassified data, the report said.
“This suggests that organisations’ current methods of classifying data aren’t sufficient for their needs. However, if the tracking is this low, it could be a contributing factor to the issue of dark data. Organisations need to utilise data discovery and classification tools to properly understand the data they have and how to protect it,” the CSA study noted.
Your Microsoft Exchange Server Is a Security Liability
With endless vulnerabilities, widespread hacking campaigns, slow and technically tough patching, it's time to say goodbye to on-premise Exchange.
Once, reasonable people who cared about security, privacy, and reliability ran their own email servers. Today, the vast majority host their personal email in the cloud, handing off that substantial burden to the capable security and engineering teams at companies like Google and Microsoft. Now, cyber security experts argue that a similar switch is due - or long overdue - for corporate and government networks. For enterprises that use on-premise Microsoft Exchange, still running their own email machine somewhere in a closet or data centre, the time has come to move to a cloud service, if only to avoid the years-long plague of bugs in Exchange servers that has made it nearly impossible to keep determined hackers out.
The latest reminder of that struggle arrived earlier this week, when Taiwanese security researcher Orange Tsai published a blog post laying out the details of a security vulnerability in Microsoft Exchange. Tsai warned Microsoft about this vulnerability as early as June of 2021, and while the company responded by releasing some partial fixes, it took Microsoft 14 months to fully resolve the underlying security problem. Tsai had earlier reported a related vulnerability in Exchange that was massively exploited by a group of Chinese state-sponsored hackers known as Hafnium, which last year penetrated more than 30,000 targets by some counts. Yet according to the timeline described in Tsai’s post this week, Microsoft repeatedly delayed fixing the newer variation of that same vulnerability, assuring Tsai no fewer than four times that it would patch the bug before pushing off a full patch for months longer. When Microsoft finally released a fix, Tsai wrote, it still required manual activation and lacked any documentation for four more months.
Meanwhile, another pair of actively exploited vulnerabilities in Exchange that were revealed last month still remain unpatched after researchers showed that Microsoft’s initial attempts to fix the flaws had failed. Those vulnerabilities were just the latest in a years-long pattern of security bugs in Exchange’s code. And even when Microsoft does release Exchange patches, they’re often not widely implemented, due to the time-consuming technical process of installing them.
The result of those compounding problems, for many who have watched the hacker-induced headaches of running an Exchange server pile up, is a clear message: An Exchange server is itself a security vulnerability, and the fix is to get rid of it.
“You need to move off of on-premise Exchange forever. That’s the bottom line,” says Dustin Childs, the head of threat awareness at security firm Trend Micro’s Zero Day Initiative (ZDI), which pays researchers for finding and reporting vulnerabilities in commonly used software and runs the Pwn2Own hacking competition. “You’re not getting the support, as far as security fixes, that you would expect from a really mission-critical component of your infrastructure.”
https://www.wired.com/story/microsoft-exchange-server-vulnerabilities/
Are Cyber Security Vendors Pushing Snake Oil?
Survey: 96 percent of cyber security decision makers confused by vendor marketing.
The availability of new security products increases, the amount of budget spent on cyber security grows, and the number of security breaches seems to outpace both. This basic lack of correlation between increasing cyber security spend and any clear increase in cyber security effectiveness is the subject of a new analytical survey from Egress.
With 52 million data breaches in Q2 2022 alone (Statista), Egress questioned 800 cyber security and IT leaders on why vendor claims and reality aren’t aligned. The headline response in the survey is that 91% of decision makers have difficulty in selecting cyber security vendors due to unclear marketing about their specific offerings.
The financial investment cycle doesn’t help in this. For many investors, the strength of the management team is more important than the product. The argument is not whether this product is a cyber security silver bullet, but whether this management can take the company to a point where it can exit with serious profits.
If investment is achieved, much of it will go into marketing. That marketing must compete against existing, established vendors – so it tends to be louder, more aggressive, and replete with hyperbole. Marketing noise can lead to increased valuation, which can lead to a successful and profitable exit by the investors.
Of course, this is an oversimplification and doesn’t always happen. The point, however, is that it does happen and has no relevance to the real effectiveness of the product in question. Without any doubt, there are many products that have been over-hyped by marketing funds provided by profit-driven investors.
https://www.securityweek.com/are-cybersecurity-vendors-pushing-snake-oil
Ransomware Preparedness: What Are You Doing Wrong?
Axio released its 2022 State of Ransomware Preparedness research report, revealing that although notable improvements have been made since Axio’s 2021 report, organisational ransomware preparedness continues to be insufficient to keep pace with new attack vectors.
The report reveals that the lack of fundamental cyber security practices and controls, including critical vulnerability patching and employee cyber security training, continues to undermine organisational attempts to improve ransomware defences.
“Ransomware continues to wreak havoc on global organisations, regardless of size or industry,” remarked the report’s co-author David White, President of Axio. “As the number of attacks will most likely continue on an exponential trajectory, it’s more important than ever for companies to re-evaluate their cyber security practices and make the needed improvements to help combat these attacks.”
The report identifies several emerging patterns that yield insights into why organisations are increasingly susceptible to ransomware attacks. In 2021, seven key areas where organisations were deficient in implementing and sustaining basic cyber security practices were identified, and these patterns dominated the 2022 study results as well:
Managing privileged access
Improving basic cyber hygiene
Reducing exposure to supply chain and third-party risk
Monitoring and defending networks
Managing ransomware incidents
Identifying and addressing vulnerabilities in a timely manner
Improving cyber security training and awareness
Overall, most organisations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include:
The number of organisations with a functional privileged access management solution in place increased by 10% but remains low at 33% overall.
Limitations on the use of service and local administrator accounts remain average overall, with nearly 50% of organisations reporting implementing these practices.
Approximately 40% of organisations monitor third-party network access, evaluate third-party cyber security posture, and limit the use of third-party software.
Less than 50% of respondents implement basic network segmentation and only 40% monitor for anomalous connections.
Critical vulnerability patching within 24 hours was reported by only 24% of organisations.
A ransomware-specific playbook for incident management is in place for only 30% of organisations.
Active phishing training has improved but is still not practiced by 40% of organisations.
https://www.helpnetsecurity.com/2022/10/20/insufficient-ransomware-preparedness/
NSA Cybersecurity Director's Six Takeaways from the War in Ukraine
From the warning banner ‘Be afraid and expect the worst’ that was shown on several Ukrainian government websites on January 13, 2022, after a cyber-attack took them down, the US National Security Agency’s (NSA) cybersecurity director, Rob Joyce, knew that something was going to be different, and very aggressive, between Ukraine and Russia, and that it would be happening in the cyber space as well.
Ten months on, he was invited to speak at one of Mandiant Worldwide Information Security Exchange's (mWISE) opening keynotes on October 18, 2022. Joyce shared six takeaways from the Russia-Ukraine cyber-conflict in terms of what we learned from it and its impact on how nations should protect their organisations.
Both espionage and destructive attacks will occur in conflict
The cyber security industry has unique insight into these conflicts
Sensitive intelligence can make a decisive difference
You can develop resiliency skills
Don’t try to go it alone
You have not planned enough yet for the contingencies
Toward the end of the keynote, Joyce suggested the audience simulate a scenario based on what happened in Ukraine with the China-Taiwan conflict escalating and see what they should put in place to better prepare for such an event.
https://www.infosecurity-magazine.com/news/nsa-6-takeaways-war-ukraine/
Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak
Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.
"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.
Microsoft also emphasised that the B2B leak was "caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability."
The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cyber security company SOCRadar, which termed the leak BlueBleed. Microsoft said it's in the process of directly notifying impacted customers.
The Windows maker did not reveal the scale of the data leak, but according to SOCRadar, it affects more than 65,000 entities in 111 countries. The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.
https://thehackernews.com/2022/10/microsoft-confirms-server.html
Threats
Ransomware and Extortion
Сryptocurrency and Ransomware — The Ultimate Friendship (thehackernews.com)
Venus Ransomware targets publicly exposed Remote Desktop services (bleepingcomputer.com)
Pendragon being held to $60m ransom by dark web hackers – Car Dealer Magazine
Magniber Ransomware Is Targeting Home PC (informationsecuritybuzz.com)
Hackers exploit critical VMware flaw to drop ransomware, miners (bleepingcomputer.com)
Ransomware Now Deployed as a Precursor to Physical War - MSSP Alert
TommyLeaks and SchoolBoys: Two sides of the same ransomware gang (bleepingcomputer.com)
With Conti gone, LockBit takes lead of the ransomware threat landscape | CSO Online
Tactics Tie Ransom Cartel Group to Defunct REvil Ransomware (darkreading.com)
Wholesale giant METRO hit by IT outage after cyber attack (bleepingcomputer.com)
The link between Ransom Cartel and REvil ransomware gangs - Security Affairs
How Vice Society Got Away With a Global Ransomware Spree | WIRED
Defenders beware: A case for post-ransomware investigations - Microsoft Security Blog
Ransomware crews regrouping as LockBit rise continues (computerweekly.com)
Ransom Cartel linked to notorious REvil ransomware operation (bleepingcomputer.com)
Hackney Council Ransomware Attack £12m+ Recovery - IT Security Guru
Microsoft Warns of Novel Ransomware Attacking Ukraine, Poland - MSSP Alert
Prestige ransomware hits victims of HermeticWiper • The Register
New ransomware targets transportation sectors in Ukraine, Poland | SC Media (scmagazine.com)
Japanese tech firm Oomiya hit by LockBit 3.0 - Security Affairs
Ransomware attack halts circulation of some German newspapers (bleepingcomputer.com)
Ransomware Insurance Security Requirement Strategies (trendmicro.com)
Australian insurance firm Medibank confirms ransomware attack (bleepingcomputer.com)
BlackByte ransomware uses new data theft tool for double-extortion (bleepingcomputer.com)
Phishing & Email Based Attacks
Phishing works so well crims won't use deepfakes: Sophos • The Register
Phishing Mitigation Can Cost Businesses More Than $1M Annually (darkreading.com)
Securing your organisation against phishing can cost up to $85 per email | CSO Online
How phishing campaigns abuse Google Ad click tracking redirects - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Malware
VMware bug with 9.8 severity rating exploited to install witch’s brew of malware | Ars Technica
Microsoft’s out-of-date driver list left Windows PCs open to malware attacks for years - The Verge
Ursnif malware switches from bank account theft to initial access (bleepingcomputer.com)
Experts spotted a new undetectable PowerShell Backdoor - Security Affairs
Typosquat campaign mimics 27 brands to push Windows, Android malware (bleepingcomputer.com)
Thousands of GitHub repositories deliver fake PoC exploits with malware (bleepingcomputer.com)
Hackers use new stealthy PowerShell backdoor to target 60+ victims (bleepingcomputer.com)
Hijacking of Popular Minecraft Launcher by Rogue Developer Raises Malware Fears - IGN
URSNIF (aka Gozi) banking trojan morphs into backdoor • The Register
What is a RAT (Remote Access Trojan)? | Definition from TechTarget
Mobile
Internet of Things – IoT
Riskiest IoT Devices - Cameras, VoIP And Video Conferencing (informationsecuritybuzz.com)
Securing IoT devices against attacks that target critical infrastructure - Microsoft Security Blog
74% say connected cars and EV chargers need cyber security ratings | Ars Technica
Data Breaches/Leaks
The companies most likely to lose your data - Help Net Security
Fines are not enough! Data breach victims want better security - Help Net Security
Medibank hack turned into a data breach: The attackers are demanding money - Help Net Security
Mormon Church Hit By Cyber attack, Personal Data Exposed (informationsecuritybuzz.com)
Keystone Health Data Breach Impacts 235,000 Patients | SecurityWeek.Com
Fashion brand SHEIN fined $1.9m for lying about data breach – Naked Security (sophos.com)
Client Data Exfiltrated In Advanced NHS cyber Attack (informationsecuritybuzz.com)
Australian Wine Dealer Suffers Data Breach, 500,000 Customers May Be (informationsecuritybuzz.com)
Advocate Aurora Health in potential 3 million patient leak • The Register
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Why Crypto Winter is No Excuse to Let Your Cyber Defences Falter (thehackernews.com)
North Korea’s Lazarus Group Attacks Japanese Crypto Firms - Decrypt
Coinbase users scammed out of $21M in crypto sue company for negligence | Ars Technica
SIM Swappers Sentenced to Prison for Hacking Accounts, Stealing Cryptocurrency | SecurityWeek.Com
Fraud, Scams & Financial Crime
Financial losses to synthetic identity-based fraud to double by 2024 | CSO Online
AI is Key to Tackling Money Mules and Disrupting Fraud: Industry Group | SecurityWeek.Com
Deepfakes
Deepfakes: What they are and how to spot them - Help Net Security
Phishing works so well crims won't use deepfakes: Sophos • The Register
Insurance
Supply Chain and Third Parties
Software Supply Chain
Software Supply Chain Attacks Soar 742% In Three Years (informationsecuritybuzz.com)
SBOMs: An Overhyped Concept That Won't Secure Your Software Supply Chain (darkreading.com)
Denial of Service DoS/DDoS
Cloud/SaaS
Microsoft Data-Exposure Incident Highlights Risk of Cloud Storage Misconfiguration (darkreading.com)
3 cloud security posture questions CISOs should answer (techtarget.com)
Attack Surface Management
Identity and Access Management
Encryption
API
Open Source
New security concerns for the open-source software supply chain - Help Net Security
Python vulnerability highlights open source security woes (techtarget.com)
3 Ways to Help Customers Defend Against Linux-Based Cyber attacks - MSSP Alert
OldGremlin hackers use Linux ransomware to attack Russian orgs (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Most People Still Reuse Their Passwords Despite Years Of Hacking (informationsecuritybuzz.com)
Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH | SecurityWeek.Com
Eight RTX 4090s Can Break Passwords in Under an Hour | Tom's Hardware (tomshardware.com)
Training, Education and Awareness
Security Awareness Urged to Grow Beyond Compliance (darkreading.com)
Raising cyber security awareness is good for everyone - but it needs to be done better | ZDNET
Millennials, Gen Z blamed for poor company security • The Register
Privacy, Surveillance and Mass Monitoring
Regulations, Fines and Legislation
Fines are not enough! Data breach victims want better security - Help Net Security
Fashion brand SHEIN fined $1.9m for lying about data breach – Naked Security (sophos.com)
New York fines EyeMed $4.5 million for 2020 email hack, data breach | SC Media (scmagazine.com)
Health insurer pays out $4.5m over bungled data security • The Register
Law Enforcement Action and Take Downs
INTERPOL-led Operation Takes Down 'Black Axe' Cyber Crime Organisation (thehackernews.com)
Law enforcement arrested 31 suspects for stealing cars by hacking key fobs - Security Affairs
Interpol is setting up its own metaverse to learn how to police the virtual world | Euronews
Brazilian Police Nab Suspected Member of Lapsus$ Group (darkreading.com)
Interpol Report: "Financial Crime-as-a-Service" an Emerging Threat - MSSP Alert
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ransomware Now Deployed as a Precursor to Physical War - MSSP Alert
US, China, Russia, more meet at Singapore infosec event • The Register
NSA cyber chief says Ukraine war is compelling more intelligence sharing with industry - CyberScoop
China-Linked Cyber-Espionage Team Homes In on Hong Kong Government Orgs (darkreading.com)
Microsoft Warns of Novel Ransomware Attacking Ukraine, Poland - MSSP Alert
Hackers target Asian casinos in lengthy cyber espionage campaign (bleepingcomputer.com)
Prestige ransomware hits victims of HermeticWiper • The Register
Pro-Russia Hackers DDoS Bulgarian Government - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors
Nation State Actors – Russia
Ukraine's cyber chief calls for global anti-fake news fight • The Register
German Cyber security Boss Sacked Over Kremlin Connection (darkreading.com)
New ransomware targets transportation sectors in Ukraine, Poland | SC Media (scmagazine.com)
Bulgaria hit by a cyber attack originating from Russia - Security Affairs
Nation State Actors – China
As China-Taiwan tensions mount, how's your cyber defence? • The Register
Chinese 'Spyder Loader' Malware Spotted Targeting Organisations in Hong Kong (thehackernews.com)
Hackers compromised Hong Kong govt agency network for a year (bleepingcomputer.com)
WIP19 Threat Group Cyber attacks Target IT Service Providers, Telcos - MSSP Alert
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerability Management
Vulnerabilities
45,654 VMware ESXi servers reached End of Life on Oct. 15 - Security Affairs
VMware bug with 9.8 severity rating exploited to install witch’s brew of malware | Ars Technica
Text message verification flaws in your Windows Active Directory (bleepingcomputer.com)
Apache Commons Vulnerability: Patch but Don't Panic (darkreading.com)
Zoom for Mac patches sneaky “spy-on-me” bug – update now! – Naked Security (sophos.com)
ProxyLogon researcher details new Exchange Server flaws (techtarget.com)
Exploited Windows zero-day lets JavaScript files bypass security warnings (bleepingcomputer.com)
Dozen High-Severity Vulnerabilities Patched in F5 Products | SecurityWeek.Com
Oracle Releases 370 New Security Patches With October 2022 CPU | SecurityWeek.Com
Palo Alto Networks fixed a high-severity flaw in PAN-OS - Security Affairs
Hackers exploit critical VMware flaw to drop ransomware, miners (bleepingcomputer.com)
Zimbra Patches Under-Attack Code Execution Bug | SecurityWeek.Com
WordPress Security Update 6.0.3 Patches 16 Vulnerabilities | SecurityWeek.Com
Python vulnerability highlights open source security woes (techtarget.com)
Other News
Zero trust is misused in security, say Cloudflare, Zscaler - Protocol
Cyber professional shortfall hits 3.4 million (computerweekly.com)
VPN use prevails despite interest in VPN alternatives (techtarget.com)
JP Morgan Bans Staff From Working Remotely In Hotels and Coffee Shops-But Not Airbnbs | Inc.com
Experts discovered millions of .git folders exposed to public - Security Affairs
Microsoft Defender is lacking in offline detection capabilities, says AV-Comparatives | TechSpot
Internet connectivity worldwide impacted by severed fiber cables in France (bleepingcomputer.com)
UK's Remote Shetland Mysteriously Lose Phone, Internet After Cable Cut (businessinsider.com)
CISOs, rejoice! Security spending is increasing - Help Net Security
Equifax surveilled 1,000 remote workers, fired 24 found juggling two jobs | Ars Technica
NATO Just Deployed Its First Killer Ground Robot (futurism.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 September 2022
Black Arrow Cyber Threat Briefing 30 September 2022:
-UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia
-Cyber Criminals See Allure in BEC Attacks Over Ransomware
-Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments
-Global Firms Deal with 51 Security Incidents Each Day
-Phishing Attacks Crushed Records Last Quarter, Driven by Mobile
-Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack?
-Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months
-More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise
-How To Outsmart Increasingly Complex Cyber Attacks
-Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks
-Cyber Threats Top Business Leaders' Biggest Concerns
-Fired Admin Cripples Former Employer's Network Using Old Credentials
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia
The head of the UK National Cyber Security Centre (NCSC) Lindy Cameron has given an update on Russia’s cyber activity amid its war with Ukraine. Her speech at Chatham House last week came just a few days after Ukraine’s military intelligence agency issued a warning that Russia was “preparing massive cyber attacks on the critical infrastructure of Ukraine and its allies.” This coincides with a new Forrester report that reveals the extent to which the cyber impact of the Russia-Ukraine conflict has expanded beyond the conflict zone with malware attacks propagating into European entities.
Addressing Russian cyber activity this year, Cameron stated that, while we have not seen the “cyber-Armageddon” some predicted, there has been a “very significant conflict in cyber space – probably the most sustained and intensive cyber campaign on record – with the Russian State launching a series of major cyber attacks in support of their illegal invasion in February.”
Russian cyber forces from their intelligence and military branches have been busy launching a huge number of attacks in support of immediate military objectives.
Since the start of the year, the NCSC has been advising UK organisations to take a more proactive approach to cyber security in light of the situation in Ukraine. “There may be organisations that are beginning to think ‘is this still necessary?’ as in the UK we haven’t experienced a major incident related to the war in Ukraine. My answer is an emphatic yes,” Cameron said.
In response to significant recent battlefield set-backs, Putin has been reacting in unpredictable ways, and so we shouldn’t assume that just because the conflict has played out in one way to date, it will continue to go the same way, Cameron added. “There is still a real possibility that Russia could change its approach in the cyber domain and take more risks – which could cause more significant impacts in the UK.” UK organisations and their network defenders should therefore be prepared for this period of elevated alert with a focus on building long-term resilience, which is a “marathon not a sprint,” she said.
Cyber Criminals See Allure in BEC Attacks Over Ransomware
While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organisations.
BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17% in the first quarter of 2022. That's according to Arctic Wolf's "1H 2022 Incident Response Insights" report, published on 29 September, which found that specific industries — including financial, insurance, business services, and law firms, as well as government agencies — experienced more than double their previous number of cases, the company said.
Overall, the number of BEC attacks encountered per email box has grown by 84% in the first half of 2022, according to data from cyber security firm Abnormal Security.
Meanwhile, so far this year, threat reports released by organisations have revealed contradictory trends for ransomware. Arctic Wolf and the Identity Theft Resource Center (ITRC) have seen drops in the number of successful ransomware attacks, while business customers seem to be encountering ransomware less often, according to security firm Trellix. At the same time, network security firm WatchGuard had a contrary take, noting that its detection of ransomware attacks skyrocketed 80% in the first quarter of 2022, compared with all of last year.
The surging state of BEC landscape is unsurprising because BEC attacks offer cyber criminals advantages over ransomware. Specifically, BEC gains do not rely on the value of cryptocurrency, and attacks are often more successful at escaping notice while in progress. Threat actors are unfortunately very opportunistic.
For that reason, BEC — which uses social engineering and internal systems to steal funds from businesses — continues to be a stronger source of revenue for cyber criminals. In 2021, BEC attacks accounted for 35%, or $2.4 billion, of the $6.9 billion in potential losses tracked by the FBI's Internet Crime Complaint Center (IC3), while ransomware remained a small fraction (0.7%) of the total.
https://www.darkreading.com/threat-intelligence/cybercriminals-see-allure-bec-attacks-ransomware
Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments
A new survey of 300 ethical hackers provides insight into not only the most common means of initial access, but how a complete end-to-end attack happens.
Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.
The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organisations, with different levels of experience and specialisations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.
The survey highlights the need for organisations to improve their mean time-to-detect and mean-time-to-contain, especially when considering that ethical hackers are restricted in the techniques they're allowed to use during penetration testing or red team engagements. Using black hat techniques, like criminals do, would significantly improve the success rate and speed of attack.
When asked how much time they typically need to identify a weakness in an environment, 57% of the polled hackers indicated ten or fewer hours: 16% responded six to ten hours, 25% three to five hours, 11% one to two hours and 5% less than an hour.
Global Firms Deal with 51 Security Incidents Each Day
Security operations (SecOps) teams are struggling to respond to dozens of cyber security incidents every single day, according to a new report from Trellix.
The security vendor polled 9000 security decision makers from organisations with 500+ employees across 15 markets to compile its latest study, ‘XDR: Redefining the future of cyber security’.
It found that the average SecOps team has to manage 51 incidents per day, with 36% of respondents claiming they deal with 50 to 200 daily incidents. Around half (46%) agreed that they are “inundated by a never-ending stream of cyber-attacks.”
Part of the problem is the siloed nature of security and detection and response systems, the study claimed. Some 60% of respondents argued that poorly integrated products mean teams can’t work efficiently, while a third (34%) admitted they have blind spots. It’s perhaps no surprise, therefore, that 60% admitted they can’t keep pace with the rapid evolution of security threats.
This could be having a major impact on the bottom line. The vast majority (84%) of security decision makers that Trellix spoke to estimated that their organisation lost up to 10% of revenue from security breaches in the past year.
Medium size businesses ($50–$100m in revenue) lost an average of 8% in revenue, versus 5% for large businesses with a turnover of $10bn–$25bn. That could mean hundreds of millions of dollars are being thrown away each year due to inadequate SecOps.
https://www.infosecurity-magazine.com/news/global-firms-51-security-incidents/
Phishing Attacks Crushed Records Last Quarter, Driven by Mobile
Last quarter saw a record-shattering number of observed phishing attacks, fuelled in large part by attempts to target users on their mobile devices.
The latest Anti-Phishing Working Group (APWG) "Phishing Activity Trends Report" for the second quarter of 2022 found 1,097,811 observed phishing attacks, the most the group has ever measured in its history.
The financial sector remained the top target for phishing lures (27.6%), along with other bombarded sectors, including webmail and software-as-a-service providers, social media sites, and cryptocurrency.
But much of the rise in phishing volume is due to a new threat actor focus on mobile devices, specifically vishing (voice phishing) and smishing (SMS phishing) attacks, the report noted.
https://www.darkreading.com/attacks-breaches/phishing-attacks-crushed-records-last-quarter
Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack
According to new data from Databarracks, 44% of the organisations who experienced a ransomware assault paid the demanded ransom. 22% made use of ransomware decryption software, while 34% restored data from backups.
The Databarracks 2022 Data Health Check produced the results. The annual report has been collecting data on ransomware, cyber, backup, disaster recovery, and business continuity from more than 400 UK IT decision-makers since 2008.
From the victim’s standpoint, it’s logical why you may pay a ransom. You are unable to handle orders or provide customer support, and losses mount swiftly. Downtime expenses can easily surpass the ransom.
Organisations may believe that paying the ransom will solve the issue more quickly, allowing them to resume operations as usual. This strategy is faulty for a number of causes.
First of all, there is no assurance that your data will be returned. Second, once criminals know an organisation is an easy target, they frequently attack it again. Finally, it conveys the incorrect message. By paying, you are assisting the crooks by demonstrating that their strategies are effective.
Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to a latest annual report from cyber security specialist Hornetsecurity.
The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with one in five (20%) attacks happening in the last year.
Cyber attacks are happening more frequently. Last year's ransomware survey revealed one in five (21%) companies experienced an attack; this year it rose by three percent to 24%.
Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. The survey shows that many in the IT community have a false sense of security as bad actors develop new techniques.
The 2022 Ransomware Report highlighted a lack of knowledge on the security available to businesses. A quarter (25%) of IT professionals either don't know or don't think that Microsoft 365 data can be impacted by a ransomware attack.
Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.
Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks.
Industry responses showed the widespread lack of preparedness from IT professionals and businesses. There has been an increase in businesses not having a disaster recovery plan in place if they do succumb to the heightened threat of a cyber attack.
In 2021, 16% of respondents reported having no disaster recovery plan in place. In 2022, this grew to 19%, despite the rise in attacks.
More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise
A recent survey from machine identity solutions provider Venafi aimed to explore the complexity of cloud environments and the resulting impact on cyber security.
Venafi surveyed 1,101 security decision makers (SDMs) in firms with more than 1,000 employees and found that eighty-one percent of companies have experienced a cloud security incident in the last year. Forty-five percent have suffered at least four security incidents in the same period. More than half of security decision makers believe that security risks are higher in the cloud than on-premise.
Twenty-four percent of the firms have more than 10,000 employees. Ninety-two percent of the SDMs are at manager level or above, with 49% at c-suite level or higher.
Most of the firms surveyed believe the underlying issue is the increasing complexity of their cloud deployments. Since these companies already host 41% of their applications in the cloud, and expect to increase this to 57% over the next 18 months, the problem is only likely to worsen in the future.
The ripest target of attack in the cloud is identity management, especially machine identities. Each of these cloud services, containers, Kubernetes clusters and microservices needs an authenticated machine identity – such as a TLS certificate – to communicate securely. If any of these identities is compromised or misconfigured, it dramatically increases security and operational risks.
Respondents reported that the most common cloud incidents are security incidents during runtime (34%), unauthorised access (33%), misconfigurations (32%), vulnerabilities that have not been remediated (24%), and failed audits (19%).
Their primary operational concerns are hijacking of accounts, services or traffic (35%), malware or ransomware (31%), privacy/data access issues such as those from GDPR (31%), unauthorised access (28%), and nation state attacks (26%).
https://www.securityweek.com/more-half-security-pros-say-risks-higher-cloud-premise
How To Outsmart Increasingly Complex Cyber Attacks
Threat detection is harder today than it was two years ago. Next year will be harder than this year. Why? It’s a compounding effect from skills shortages and threat varieties that’s making it more challenging for any one product to handle key security wins. And cyber security is a constantly evolving sector with 2022 a devastating year for cyber security. Both hackers and security experts are always in a battle to outsmart each other.
Even for businesses with good IT departments, data protection can too quickly become an afterthought. Today’s threat landscape is growing, not just in the frequency of attacks (and the number of high-profile breaches recorded in the media) but so is the complexity of any given threat. A recent piece of research found that in 93 percent of cases, an external attacker can breach an organisation’s network perimeter and gain access to local network resources. Following increasing levels of cyber-attacks, it’s a case of “not if I will be hit by a ransomware attack,” but “when…” Organisations need to do something to mitigate the risk and protect their businesses, and they need to do it now.
Planning and executing a better defence to outsmart attackers and win more security battles doesn’t have to feel like a military operation – but it does require the right service coverage to remove blind spots and reduce emerging risks before they escalate.
https://informationsecuritybuzz.com/articles/how-to-outsmart-increasingly-complex-cyber-attacks/
Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks
Fortifying cyber security defences remains a work in progress for many organisations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, according to new research from CompTIA.
While a majority of respondents in each of seven geographic regions feels that their company’s cyber security is satisfactory, CompTIA’s “State of Cybersecurity” shows that a much smaller number rank the situation as “completely satisfactory.” Nearly everyone feels that there is room for improvement.
“Companies are aware of the threats they face and the potential consequences of an attack or breach,” said Seth Robinson, VP of industry research, CompTIA. “But they may be underestimating their exposure and how much they need to invest in cyber security. Risk mitigation is the key, the filter through which everything should be viewed.”
Two of the top three issues driving cyber security considerations are the growing volume of cyber criminals, cited by 48% of respondents, and the growing variety of cyber attacks (45%). Additionally, ransomware and phishing have quickly become major areas of concern as digital operations have increased and human error has proven more costly.
“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cyber security, but this poses significant challenges, both tactically and financially,” Robinson said. “As IT operations and strategy have grown more complex, so has the management of cyber security.”
As cyber security is more tightly integrated with business objectives, zero trust is the overarching policy that should be guiding modern efforts, though its adoption will not take place overnight because it requires a drastically different way of thinking and acting. The report suggests there is small progress in recognising a holistic zero trust approach, but better progress in adopting some elements that are part of an overarching zero trust policy.
https://www.helpnetsecurity.com/2022/09/30/top-issues-driving-cybersecurity/
Cyber Threats Top Business Leaders' Biggest Concerns
Cyber threats are the number one concern for business decision makers, beating worries over economic uncertainty, rising energy costs and hiring, according to insurance provider Travelers. The firm polled over 1200 business leaders to compile its 2022 Travelers Risk Index report.
This is the third time in four years that cyber has emerged as the top concern, with more than half (57%) of respondents believing a future cyber-attack on their organisation is inevitable. A quarter (26%) said their company had already been a breach victim, the seventh successive year this figure has risen.
The top two cyber-related concerns were suffering a security breach (57%), and a system glitch causing computers to crash (55%). Becoming a cyber-extortion victim rose from eighth position to third this year.
However, despite general concern about cyber-threats, business decision-makers may also be guilty of overconfidence in their organisation’s security posture.
Nearly all respondents (93%) said they’re confident their company has implemented best practices to prevent or mitigate a cyber event. Yet most have not deployed endpoint detection and response tools (64%), they haven’t conducted a vendor cyber-assessment (59%), and don’t have an incident response plan (53%). Further, while 90% said they’re familiar with multi-factor authentication (MFA), only 52% had implemented it for remote access. This increasingly matters, not only to mitigate cyber-risk but also to reduce insurance premium costs and increase coverage.
Cyber attacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions.
Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber-event.
https://www.infosecurity-magazine.com/news/cyberthreats-top-business-big/
Fired Admin Cripples Former Employer's Network Using Old Credentials
After being laid off, an IT system administrator disrupted the operations of his former employer, a high-profile financial company in Hawaii, hoping to get his job back.
Casey K Umetsu, aged 40, worked as a network admin for the company between 2017 and 2019, when his employer terminated his contract. The US Department of Justice says in a press release that the defendant pled guilty to accessing his former employer's website and making configuration changes to redirect web and email traffic to external computers.
To prolong the business disruption for several more days, Umetsu performed additional actions that essentially locked out the firm's IT team from the website administration panel. In the end, the victimised company learned who was responsible for the sabotage after reporting the cyber security incident to the FBI.
Umetsu is awaiting sentence for his wrongdoings on January 19, 2023. He faces a maximum of 10 years of prison time and a fine of up to $250,000.
While Umetsu's actions are condemnable, the company's security practices cannot be overlooked since Umetsu used credentials that should have been invalidated the moment he got fired.
Threats
Ransomware and Extortion
Ransomware data theft tool may show a shift in extortion tactics (bleepingcomputer.com)
The various ways ransomware impacts your organization - Help Net Security
New Royal Ransomware emerges in multi-million dollar attacks (bleepingcomputer.com)
Research: 20% of All Reported Ransomware Attacks Occurred in the Last 12 Months - MSSP Alert
BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal (thehackernews.com)
Noberus ransomware gets info-stealing upgrades • The Register
SQL Server admins warned to watch for Fargo ransomware • The Register
BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic (darkreading.com)
Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks (bleepingcomputer.com)
NCC Group: IceFire ransomware gang ramping up attacks (techtarget.com)
MS SQL servers are getting hacked to deliver ransomware to orgs - Help Net Security
Hackers Leak French Hospital Patient Data in Ransom Fight | SecurityWeek.Com
Oxford Health: Cyber attack continues to hit NHS trust's services - BBC News
LA School District Ransomware Attackers Now Threaten to Leak Stolen Data (darkreading.com)
Phishing & Email Based Attacks
Fake US govt job offers push Cobalt Strike in phishing attacks (bleepingcomputer.com)
Germany arrests hacker for stealing €4 million via phishing attacks (bleepingcomputer.com)
Capital One Phish Showcases Growing Bank-Brand Targeting Trend (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
How cyber criminals use public online and offline data to target employees | CSO Online
Beware Revolut frozen card scams sent via SMS text • Graham Cluley
IRS warns Americans of massive rise in SMS phishing attacks (bleepingcomputer.com)
Malware
Office exploits continue to spread more than any other category of malware - Help Net Security
This credit card-stealing malware is spreading like wildfire | Digital Trends
Hacking group hides backdoor malware inside Windows logo image (bleepingcomputer.com)
Hackers now sharing cracked Brute Ratel post-exploitation kit online (bleepingcomputer.com)
Cobalt Strike malware campaign targets job seekers (techtarget.com)
New Botnet 'Chaos' Targeting Linux, Windows Systems (informationsecuritybuzz.com)
Malware targets VMware users for espionage, Mandiant says • The Register
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Quantum Builder tool helps criminals spread Windows RATs • The Register
Unit 42 finds polyglot files delivering IcedID malware (techtarget.com)
Hackers use PowerPoint files for 'mouseover' malware delivery (bleepingcomputer.com)
Does AI-powered malware exist in the wild? Not yet (techtarget.com)
New Erbium password-stealing malware spreads as game cracks, cheats (bleepingcomputer.com)
Lazarus APT continues to target job seekers with macOS malware - Security Affairs
APT28 relies on PowerPoint Mouseover to deliver Graphite malware - Security Affairs
Mobile
WhatsApp 0-Day Bug Let Hackers Execute an Arbitary Code Remotely (gbhackers.com)
Adware on Google Play and Apple Store installed 13 million times (bleepingcomputer.com)
Samsung facing class action suit after customer data leak • The Register
Inside a cyber attack method that targets your cellphone - The Washington Post
Internet of Things – IoT
Data Breaches/Leaks
Watchfinder warns customers that hackers stole their data • Graham Cluley
Shangri-La hotels Customer Database Hacked | SecurityWeek.Com
Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme (thehackernews.com)
Australia government wants Optus to pay for data breach | ZDNET
Organised Crime & Criminal Actors
Ukraine Arrests Cyber Crime Group for Selling Data of 30 Million Accounts (thehackernews.com)
New hacking group ‘Metador’ lurking in ISP networks for months (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Scams targeting crypto enthusiasts are becoming increasingly common - Help Net Security
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Cyber sleuth alleges $160M Wintermute hack was an inside job (cointelegraph.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Identities Stolen From 1 In 4 Internet Users (informationsecuritybuzz.com)
Fake Sites Siphon Millions of Dollars in 3-Year Scam (darkreading.com)
Here’s how crooks are using deepfakes to scam your biz • The Register
Deepfakes
Reshaping the Threat Landscape: Deepfake Cyber attacks Are Here (darkreading.com)
The deepfake danger: When it wasn’t you on that Zoom call | CSO Online
Software Supply Chain
Denial of Service DoS/DDoS
Hackers are making DDoS attacks sneakier and harder to protect against | ZDNET
UK's MI5 website briefly hit by denial of service attack - BBC | Reuters
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules (darkreading.com)
Cloud/SaaS
Cloud security trends: What makes cloud infrastructure vulnerable to threats? - Help Net Security
81% of Companies Suffered A Cloud Security Incident Last Year – (informationsecuritybuzz.com)
What Lurks in the Shadows of Cloud Security? (darkreading.com)
Open Source
Open source projects under attack, with enterprises as the ultimate targets - Help Net Security
Microsoft: Lazarus hackers are weaponizing open-source software (bleepingcomputer.com)
Numerous orgs hacked after installing weaponized open source apps | Ars Technica
Passwords, Credential Stuffing & Brute Force Attacks
The Country Where You Live Impacts Password Choices (darkreading.com)
Five Steps to Mitigate the Risk of Credential Exposure (thehackernews.com)
Social Media
Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security
Ofcom chair says tech firms must prioritise safety alongside clicks | Ofcom | The Guardian
UK may fine TikTok $29 million for failing to protect children's privacy | Reuters
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows | SecurityWeek.Com
Mystery hackers are “hyperjacking” targets for insidious spying | Ars Technica
Cyber espionage group developed backdoors tailored for VMware ESXi hypervisors | CSO Online
Taiwanese citizens prepare for possible cyber war (axios.com)
Malware targets VMware users for espionage, Mandiant says • The Register
Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange (darkreading.com)
Nation State Actors
Nation State Actors – Russia
Researchers Identify 3 Hacktivist Groups Supporting Russian Interests (thehackernews.com)
APT28 relies on PowerPoint Mouseover to deliver Graphite malware - Security Affairs
Meta dismantles massive Russian network spoofing Western news sites (bleepingcomputer.com)
Nation State Actors – China
Chinese Cyberespionage Group 'Witchetty' Updates Toolset in Recent Attacks | SecurityWeek.Com
China’s infosec researchers may have dodged vuln report ban` • The Register
Nation State Actors – North Korea
Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings (darkreading.com)
Microsoft: Lazarus hackers are weaponizing open-source software (bleepingcomputer.com)
Lazarus APT continues to target job seekers with macOS malware - Security Affairs
Lazarus hackers abuse Dell driver bug using new FudModule rootkit (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerabilities
Exchange Server zero-day being actively exploited • The Register
Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet (darkreading.com)
Cisco Patches High-Severity Vulnerabilities in Networking Software | SecurityWeek.Com
Sophos fixes critical code injection bug under exploit • The Register
Zoho ManageEngine flaw is actively exploited, CISA warns | CSO Online
Lazarus hackers abuse Dell driver bug using new FudModule rootkit (bleepingcomputer.com)
Google Quashes 5 High-Severity Bugs With Chrome 106 Update (darkreading.com)
Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely (thehackernews.com)
Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws | WIRED
Reports Published in the Last Week
Other News
High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks | SecurityWeek.Com
Poll Of IT Security Pros Suggests Gaps In UK Cyber Defence (informationsecuritybuzz.com)
Why Organisations Need Both EDR and NDR for Complete Network Protection (thehackernews.com)
Lessons From the GitHub Cyber Security Breach (darkreading.com)
Data security trends: 7 statistics you need to know - Help Net Security
Why does a Legacy WAF Fail to “Catch” Sophisticated Attacks? (informationsecuritybuzz.com)
Akamai finds 13 million malicious newly observed domains a month | SC Media (scmagazine.com)
Opinion | The Uber Hack Exposes More Than Failed Data Security - The New York Times (nytimes.com)
Cyber security Study Sees “Siloed” Security As Organisational Weak Spot - MSSP Alert
3 types of attack paths in Microsoft Active Directory environments - Help Net Security
97% of enterprises say VPNs are prone to cyber attacks: Study | CSO Online
65% of companies are considering adopting VPN alternatives - Help Net Security
Spoofing cyber attack can make cameras see things that aren’t there | New Scientist
Zero Trust is the Goal But Much Ground Yet to Cover, CompTIA Reports - MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 June 2022
Black Arrow Cyber Threat Briefing 17 June 2022
-How Organisations Can Protect Themselves in The Emerging Risk Landscape
-Phishing Reaches All-Time High in Early 2022
-Ransomware Attacks Are Surging, with More Dangerous Hybrid Attacks to Come. Is Your Cyber Security Up to Date?
-The Challenges of Managing Increased Complexity As Hybrid IT Accelerates
-72% Of Middle Market Companies Expect to Experience a Cyber Attack
-Malware's Destruction Trajectory and How to Defeat It
-Which Stolen Data Are Ransomware Gangs Most Likely to Disclose?
-Threat Actors Becoming More Creative Exploiting the Human Factor
-66% Of Organisations Store 21%-60% Of Their Sensitive Data in The Cloud
-Travel-related Cyber Crime Takes Off as Industry Rebounds
-How Should You Think About Security When Considering Digital Transformation Projects?
-Internet Explorer Now Retired but Still an Attacker Target
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
How Organisations Can Protect Themselves in The Emerging Risk Landscape
ThoughtLab’s 2022 cyber security benchmarking study ‘Cyber Security Solutions for a Riskier World’ revealed that the pandemic has brought cyber security to a critical inflection point. The number of material breaches that respondents suffered rose 20.5% from 2020 to 2021, and cyber security budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%.
During that time, cyber security has become a strategic business imperative, requiring CEOs and their management teams to work together to meet the higher expectations of regulators, shareholders, and the board.
https://www.helpnetsecurity.com/2022/06/13/cybersecurity-strategic-business-imperative-video/
Phishing Reaches All-Time High in Early 2022
The Anti-Phishing Working Group (APWG) Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total.
In the first quarter of 2022, OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well, while attacks against retail/ecommerce sites fell from 17.3 to 14.6 percent after the holiday shopping season.
Phishing against social media services rose markedly, from 8.5 percent of all attacks in 4Q2021 to 12.5 percent in 1Q2022. Phishing against cryptocurrency targets—such as cryptocurrency exchanges and wallet providers—inched up from 6.5 in the previous quarter to 6.6 percent of attacks.
https://www.helpnetsecurity.com/2022/06/15/2022-total-phishing-attacks/
Ransomware Attacks Are Surging, with More Dangerous Hybrid Attacks to Come. Is Your Cyber Security Up to Date?
Time to reassess your cyber security strategies. Again.
Ransomware attacks on businesses have increased by one-third in the past year, according to a recent report by the Boston-based cyber security company Cybereason.
Most (73 percent of businesses) were hit by at least one ransomware attack in the past year, and 68 percent of businesses that paid a ransom were hit again in less than a month for a higher ransom, according to the survey, which polled 1,456 cyber security professionals at global companies with 700 or more employees.
These attacks have big implications: Thirty-seven percent of companies were forced to lay off employees after paying ransoms, and 33 percent were forced to temporarily suspend business.
Since the invasion of Ukraine, cyber security experts have insisted businesses improve their lines of defence to protect against an increased risk of ransomware attacks from Russia. Ransomware attacks have also increased since the start of the pandemic--the rise of remote work increased vulnerability for many businesses, which hackers have taken advantage of, a 2020 FBI memo noted. So, enterprises of all sizes are at risk from many more points of attack.
https://www.inc.com/rebecca-deczynski/ransomware-attacks-increasing-cyber-security-advice.html
The Challenges of Managing Increased Complexity as Hybrid IT Accelerates
SolarWinds released the findings of its ninth annual IT Trends Report which examines the acceleration of digital transformation efforts and its impact on IT departments. The report found the acceleration of hybrid IT has increased network complexity for most organisations and caused several worrisome challenges for IT professionals.
Hybrid and remote work have amplified the impact of distributed and complex IT environments. Running workloads and applications across both cloud and on-premises infrastructure can be challenging, and many organisations are increasingly experiencing—and ultimately hindered by—these pain points.
As more and more mission-critical workloads move to connected cloud architectures that span public, private, hybrid, and multi-cloud environments, enterprises recognise they need to invest in the tools that will help them ensure consistent policies and performance across all platforms and end users. However, they simultaneously face challenges such as budget, time constraints, and barriers to implementing observability as a strategy to keep pace with hybrid IT realities.
However professionals feel less confident in their organisation’s ability to manage IT. While 54% of respondents state they leverage monitoring strategies to manage this complexity, 49% revealed they lack visibility into the majority of their organisation’s apps and infrastructure. This lack of visibility impacts their ability to conduct anomaly detection, easy root-cause analysis, and other critical processes to ensure the availability, performance, and security of business-critical applications.
https://www.helpnetsecurity.com/2022/06/16/hybrid-it-acceleration-challenges/
72% Of Middle Market Companies Expect to Experience a Cyber Attack
Middle market companies face an increasingly volatile cyber security environment, with threats coming from more directions than ever before and more skilled criminals targeting the segment, according to an RSM US and US Chamber of Commerce report.
However, there is good news as the number of breaches reported in the last year among middle market companies slightly decreased with protections becoming more available and executives understanding the consequences related to potential incidents. Twenty-two percent of middle market leaders claimed that their company experienced a data breach in the last year, representing a drop from 28% in last year’s survey, suggesting that even with enhanced protections in place and the decrease in attacks, companies cannot afford to let their guard down.
The middle market encountered a roller coaster of risks in the last year, from lingering threats related to the COVID-19 pandemic to geopolitical conflicts and economic uncertainty.
The small drop in reported breaches is encouraging, and largely attributed to middle market companies beginning to implement better identity and access management controls. Yet, even with the decline in reported attacks, companies recognise the risks posed by the current dynamic threat environment, with 72% of executives anticipating that unauthorised users will attempt to access data or systems in 2022, a sharp rise from 64% last year and the highest number since RSM began tracking data in 2015.
https://www.helpnetsecurity.com/2022/06/16/middle-market-companies-cybersecurity/
Malware's Destruction Trajectory and How to Defeat It
Malware and targeted attacks on operating systems and firmware have become increasingly destructive in nature, and these more nefarious attack methods are rising in prevalence. And just to add insult to injury, there are more of them. Today’s attacks are hitting more often, and they are hitting harder.
In the first three decades of its existence, malware was primarily restricted to mischief and attempts by virus creators to discover if their creations would work. But now the threat landscape has changed from simple vandalism to lucrative cyber crime and state-sponsored attacks.
Wiper malware, in particular, has gained traction in recent months. The FortiGuard Labs research team has seen at least seven different malware attacks targeting Ukrainian infrastructure or Ukrainian companies so far this year. The primary reason for using Wiper malware is its sheer destructiveness – the intent is to cripple infrastructure. What does the increased presence of Wiper malware strains indicate? And what do security leaders need to know and do to keep their organisation safe? Read more…
https://www.securityweek.com/malwares-destruction-trajectory-and-how-defeat-it
Which Stolen Data Are Ransomware Gangs Most Likely to Disclose?
If your organisation gets hit by a ransomware gang that has also managed to steal company data before hitting the “encrypt” button, which types of data are more likely to end up being disclosed as you debate internally on whether you should pay the ransomware gang off?
Rapid7 analysed 161 data disclosures performed by ransomware gangs using the double extortion approach between April 2020 and February 2022, and found that:
The most commonly leaked data is financial (63%), followed by customer/patient data (48%)
Files containing intellectual property (e.g., trade secrets, research data, etc.) are rarely disclosed (12%) by ransomware gangs, but if the organisation is part of the pharmaceutical industry, the risk of IP data being disclosed is considerably higher (43%), “likely due to the high value placed on research and development within this industry.”
https://www.helpnetsecurity.com/2022/06/17/ransomware-data-disclosed/
Threat Actors Becoming More Creative Exploiting the Human Factor
Threat actors exhibited "ceaseless creativity" last year when attacking the Achilles heel of every organisation—its human capital—according to Proofpoint's annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company's deployments to identify the latest attack trends by malicious players.
"Last year, attackers demonstrated just how unscrupulous they really are, making protecting people from cyber threats an ongoing—and often eye-opening—challenge for organisations,” Proofpoint said in a statement.
The combination of remote work and the blurring of work and personal life on smartphones have influenced attacker techniques, the report notes. During the year, SMS phishing, or smishing, attempts more than doubled in the United States, while in the UK, 50% of phishing lures focused on delivery notifications. An expectation that more people were likely working from home even drove good, old-fashioned voice scams, with more than 100,000 telephone attacks a day being launched by cyber criminals.
66% Of Organisations Store 21%-60% Of Their Sensitive Data in The Cloud
A Thales report, conducted by 451 Research, reveals that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year, raising even greater concerns regarding the protection of sensitive data from cyber criminals.
Globally, cloud adoption and notably multicloud adoption, remains on the rise. In 2021, organisations worldwide were using an average amount of 110 software as a service (SaaS) applications, compared with just eight in 2015, showcasing a startlingly rapid increase.
With increasing complexity of multicloud environments comes an even greater need for robust cyber security. When asked what percentage of their sensitive data is stored in the cloud, 66% said between 21-60%. However, only 25% said they could fully classify all data.
https://www.helpnetsecurity.com/2022/06/16/cloud-based-data-breach-video/
Travel-related Cyber Crime Takes Off as Industry Rebounds
An upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cyber criminals to scam the tourists.
Researchers are warning a post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cyber crimes.
Criminal activity includes an uptick in adversaries targeting the theft of airline mileage reward points, website credentials for travel websites and travel-related databases breaches, according to a report by Intel 471.
The impact of the attacks are hacked accounts stripped of value. But also, researchers say the consequences of recent attacks can also include flight delays and cancelations as airlines grapple with mitigating hacks.
https://threatpost.com/travel-related-cybercrime-takes-off/179962/
How Should You Think About Security When Considering Digital Transformation Projects?
Digital transformation helps businesses keep operating and stay competitive. Here are the ways to think about security so that businesses reap the benefits without taking on associated risks.
Multiple factors contribute to the sheer number of digital transformation projects underway today: the proliferation of the Internet of Things (IoT), expanding artificial intelligence (AI) capabilities, the sudden shift to a remote workforce prompted by the global COVID-19 pandemic, and the rapid rate of cloud migration. Digital transformation is no longer a nice-to-have; it’s a must-have in order to survive and thrive in today’s business world.
CISOs and their security teams need to think about security in the digital age from both an internal and an external perspective. For the former, security teams should introduce and adopt digital enablers to transform the information security organisation. Digital enablers include the cloud, IoT, AI/machine learning (ML), and automation to transform the information security organisation.
For the latter, they should address potential risks as new digital enablers are introduced by the business to drive growth.
Here are five specific areas security teams should prioritise to achieve security-first digital transformation:
Security operations modernisation
Developer-centric security
Cloud strategy and execution
Connected devices
Big data and analytics
As important as it is to keep the business operating and competitive, organisations must transform securely. Keeping security at the forefront gives the business the benefits of digital transformation without the associated risks.
Internet Explorer Now Retired but Still an Attacker Target
Microsoft's official end-of-support for the Internet Explorer 11 desktop application on June 15 relegated to history a browser that's been around for almost 27 years. Even so, IE still likely will provide a juicy target for attackers.
That's because some organisations are still using Internet Explorer (IE) despite Microsoft's long-known plans to deprecate the technology. Microsoft meanwhile has retained the MSHTML (aka Trident) IE browser engine as part of Windows 11 until 2029, allowing organisations to run in IE mode while they transition to the Microsoft Edge browser. In other words, IE isn't dead just yet, nor are threats to it.
Though IE has a negligible share of the browser market worldwide these days (0.52%), many enterprises still run it or have legacy applications tied to IE. This appears to be the case in countries such as Japan and Korea. Stories in Nikkei Asia and Japan Times this week quoted a survey by Keyman's Net showing that nearly 49% of 350 Japanese companies surveyed are still using IE. Another report in South Korea's MBN pointed to several large organisations still running IE.
Threats
Ransomware
Ransomware attacks are increasing with more dangerous hybrids ahead | CSO Online
Why do organisations need to prioritize ransomware preparedness? - Help Net Security
Ransomware and Phishing Remain IT's Biggest Concerns (darkreading.com)
The attacker’s toolkit: Ransomware-as-a-service | VentureBeat
Ransomware gang publishes stolen victim data on the public Internet - Help Net Security
Researchers Discover Way to Attack SharePoint and OneDrive Files with Ransomware | SecurityWeek.Com
ALPHV/BlackCat ransomware gang starts publishing victims' data on the clear web - Security Affairs
Ransomware gang creates site for employees to search for their stolen data (bleepingcomputer.com)
Microsoft: Exchange servers hacked to deploy BlackCat ransomware (bleepingcomputer.com)
Conti's Attack Against Costa Rica Sparks a New Ransomware Era | WIRED UK
Hello XD ransomware now drops a backdoor while encrypting (bleepingcomputer.com)
Alphv ransomware gang ups pressure with new extortion scheme (techtarget.com)
Costa Rica Chaos a Warning That Ransomware Threat Remains | SecurityWeek.Com
DeadBolt ransomware takes another shot at QNAP storage • The Register
The many lives of BlackCat ransomware - Microsoft Security Blog
Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners (thehackernews.com)
BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers - Security Affairs
Ransomware gangs target Japan as a feeding ground | Financial Times (ft.com)
Africa's biggest supermarket hit by ransomware attacks | TechRadar
Phishing & Email Based Attacks
NakedPages Phishing Toolkit is Now Available on Cyber crime Forums - Infosecurity Magazine
New phishing attack infects devices with Cobalt Strike (bleepingcomputer.com)
Other Social Engineering
How social engineering attacks are evolving beyond email - Help Net Security
2,000 People Arrested Worldwide for Social Engineering Schemes | SecurityWeek.Com
Heineken giving away free beer for Father's Day? It's a WhatsApp scam (bitdefender.com)
Malware
Businesses are leaving bot attacks unchallenged for almost four months - Help Net Security
New Syslogk Linux rootkit uses magic packets to trigger backdoor (bleepingcomputer.com)
Linux Malware Deemed ‘Nearly Impossible’ to Detect | Threatpost
Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices (thehackernews.com)
Akamai Warns Of "Panchan" Linux Botnet That Leverages Golang Concurrency, Systemd - Phoronix
Websites Hosting Fake Cracks Spread Updated CopperStealer Malware (trendmicro.com)
Mobile
Over a billion Google Play Store app downloads could be infected by malware | TechRadar
Android malware on the Google Play Store gets 2 million downloads (bleepingcomputer.com)
MaliBot: A New Android Banking Trojan Spotted in the Wild (thehackernews.com)
Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users (thehackernews.com)
Android Spyware 'Hermit' Discovered in Targeted Attacks (darkreading.com)
Internet of Things - IoT
Anker Eufy smart home hubs exposed to RCE attacks by critical flaw (bleepingcomputer.com)
Researcher Shows How Tesla Key Card Feature Can Be Abused to Steal Cars | SecurityWeek.Com
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cyber Criminals Smuggle Ukrainian Men Across Border - Infosecurity Magazine
iCloud hacker gets 9 years in prison for stealing nude photos (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
INTERPOL raids hundreds of scammy call centers in sweep - CyberScoop
Fraud trends and scam tactics consumers should be aware of - Help Net Security
Dark Web
Supply Chain and Third Parties
Denial of Service DoS/DDoS
A tiny botnet launched the largest DDoS attack on record | ZDNet
DDoS Subscription Service Operator Gets 2 Years in Prison (darkreading.com)
Cloud/SaaS
Increased cloud complexity needs stronger cyber security - Help Net Security
Beware the 'Secret Agent' Cloud Middleware (darkreading.com)
SaaS security: How to avoid “death by 1000 apps” - Help Net Security
Quantifying the SaaS Supply Chain and Its Risks (darkreading.com)
83% of IT pros are using either hybrid or multi-cloud - Help Net Security
Privacy
Passwords, Credential Stuffing & Brute Force Attacks
24+ Billion Credentials Circulating on the Dark Web in 2022 — So Far (darkreading.com)
Strong passwords still a priority strategy for enterprises - Help Net Security
The future is passwordless. What's slowing it down? - Help Net Security
Brute-Force Attacks: How to Defend Against Them - MSSP Alert
Staffing Firm Robert Half Says Hackers Targeted Over 1,000 Customer Accounts | SecurityWeek.Com
Travel
Regulations, Fines and Legislation
Privacy Watchdog Set to Keep Millions in Fines for Legal Costs - Infosecurity Magazine
Canada wants companies to report cyber attacks and hacking incidents | Reuters
A closer look at the US SEC Cyber Security Disclosure rule - Help Net Security
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Sophisticated Android Spyware 'Hermit' Used by Governments | SecurityWeek.Com
Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks (thehackernews.com)
Vladimir Putin forced by cyber attack in Russia to delay keynote speech | The Independent
Iranian hacking campaign that included former US ambassador exposed - CyberScoop
Nation State Actors
Nation State Actors – Russia
Russian hackers start targeting Ukraine with Follina exploits (bleepingcomputer.com)
Mixed results for Russia's aggressive Ukraine information war, experts say - CyberScoop
Nation State Actors – China
Nation State Actors – Iran
Vulnerabilities
Microsoft fixes Follina and 55 other CVEs - Help Net Security
Details of Twice-Patched Windows RDP Vulnerability Disclosed | SecurityWeek.Com
New Hertzbleed side-channel attack affects Intel, AMD CPUs (bleepingcomputer.com)
Time to throw out those older, vulnerable Cisco SMB routers • The Register
Critical Citrix Bugs Impact All ADM Servers, Agents (darkreading.com)
Time to update: Google patches seven Chrome browser bugs, four rated 'high' risk | ZDNet
Why Log4j Is Still The Problem When The Patch Is Released 6 Months Ago? – Information Security Buzz
Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners (thehackernews.com)
Sophos Firewall zero-day bug exploited weeks before fix (bleepingcomputer.com)
Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses (thehackernews.com)
How to mitigate Active Directory attacks that use the KrbRelayUp toolset | CSO Online
Hertzbleed disclosure raises questions for Intel (techtarget.com)
Critical Atlassian Confluence flaw remains under attack (techtarget.com)
Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike (bleepingcomputer.com)
Zimbra bug allows stealing email logins with no user interaction (bleepingcomputer.com)
Microsoft takes months to fix critical Azure Synapse bug (techtarget.com)
PACMAN, a new attack technique against Apple M1 CPUs - Security Affairs
Critical Code Execution Vulnerability Patched in Splunk Enterprise | SecurityWeek.Com
High-Severity RCE Vulnerability Reported in Popular Fastjson Library (thehackernews.com)
This Security Exploit Could Have Major PS5 And PS4 Implications (slashgear.com)
Sector Specific
Financial Services Sector
Telecoms
Government
Health/Medical/Pharma Sector
Ransomware Risk in Healthcare Endangers Patients | Threatpost
Kaiser Permanente Says Data Breach Hit 69,000 Patients (gizmodo.com)
Transport and Aviation
CNI, OT, ICS, IIoT and SCADA
Tackling 5 Challenges Facing Critical National Infrastructure Today (darkreading.com)
State of OT Security in 2022: Big Survey Key Insights (trendmicro.com)
Over a Dozen Flaws Found in Siemens' Industrial Network Management System (thehackernews.com)
Eight ICS Zero Days Could Open Doors for Hackers - Infosecurity Magazine
Web3
Reports Published in the Last Week
Other News
Why We Need Security Knowledge and Not Just Threat Intel (darkreading.com)
Once is never enough: The need for continuous penetration testing - Help Net Security
CISOs Gain False Confidence in the Calm After the Storm of the Pandemic (darkreading.com)
9 ways hackers will use machine learning to launch attacks | CSO Online
API security warrants its own specific solution - Help Net Security
Cyber Security Courses Ramp Up Amid Shortage of Professionals | SecurityWeek.Com
How Russian sanctions may be helping US cyber security (techtarget.com)
UK Security Practitioners Lack The Confidence To Stop Attacks – Information Security Buzz
How Can Security Partnerships Help to Mitigate the Increasing Cyber Threat? (darkreading.com)
45% of cyber security pros are considering quitting the industry due to stress - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 01 April 2022
Black Arrow Cyber Threat Briefing 01 April 2022
-One Tenth of UK Staff Bypass Corporate Security
-Majority Of Data Security Incidents Caused by Insiders
-One-Third of UK Firms Suffer A Cyber Attack Every Week
-Russia's Cyber Criminals Fear Sanctions Will Erase Their Wealth
-86% Of Organisations Believe They Have Suffered a Nation-State Cyber Attack
-Multiple Hacking Groups Are Using the War in Ukraine As A Lure In Phishing Attempts
-4 Ways Attackers Target Humans to Gain Network Access
-Security Incidents Reported to FCA Surge 52% in 2021
-NCSC Suggests Rethinking Russian Supply Chain Risks
-25% Of Workers Lost Their Jobs In The Past 12 Months After Making Cyber Security Mistakes: Report
-Attackers Compromise 94% Of Critical Assets Within Four Steps Of Initial Breach
-UK Spy Chief Warns Russia Looking for Cyber Targets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
One Tenth of UK Staff Bypass Corporate Security
A new study from Cisco has found that a tenth of UK employees actively circumvent their organisation’s security measures.
The network technology company polled over 1000 UK professionals working for organisations that allow hybrid working, in order to better understand the potential security risks of the modern, flexible workplace.
The research has revealed that many hybrid workers do not see cyber security as their responsibility, with many actively finding workarounds or engaging in risky behaviours such as password reuse.
19% of employees said they reuse passwords for multiple accounts and applications, with only 15% using password managers.
The problem seems to stem from user friction in existing security measures. Only 44% of survey participants said they found it easy to securely access their IT equipment.
A majority said they would be willing to use biometric authentication, a reflection of how enterprise security is still catching up to consumer functionality.
https://www.itsecurityguru.org/2022/03/28/one-tenth-of-uk-staff-bypass-corporate-security/
Majority Of Data Security Incidents Caused by Insiders
New research from Imperva has revealed that 70% of EMEA organisations have no insider risk strategy, despite 59% of data security incidents being caused by employees.
The shocking revelation comes as part of a wider study carried out by Forrester: Insider Threats Drive Data Protection Improvements. The study involved interviewing 150 security and IT professionals in EMEA.
An insider threat is defined by Imperva as originating from “inappropriate use of legitimate authorised user accounts” by either their rightful owner or a threat actor who has managed to compromise them.
The study found that insider threats were responsible for 59% of incidents impacting sensitive data in the past 12 months. This supports a previous Imperva analysis of the most significant breaches of the past five years, revealing that 24% were caused by either human error or compromised credentials.
https://www.itsecurityguru.org/2022/04/01/majority-of-data-security-incidents-caused-by-insiders/
One-Third of UK Firms Suffer a Cyber Attack Every Week
Cyber attacks and related incidents at UK organisations continue their seemingly unstoppable upward trajectory, with new statistics from the Department for Digital, Culture, Media and Sport (DCMS) revealing that 31% of businesses and 26% of charity organisations now experience incidents on a weekly basis.
The data, contained in the annual cyber security breaches survey report, paints a stark picture of the scale of the threat facing the average organisation, and the urgent need to boost standards and defences.
It is vital that every organisation takes cyber security seriously as more and more business is done online and we live in a time of increasing cyber risk. No matter how big or small your organisation is, you need to take steps to improve digital resilience.
Some 20% of businesses and 19% of charities said they had experienced a negative outcome as a direct consequence of an attack. The average cost of an attack, spread out across all organisations, now works out at £4,200, or £19,400 if only medium and large businesses are considered, although there is probably a vast amount of under-reporting, so the true figures are certainly higher.
Meanwhile, 35% of businesses and 38% of charities said they had experienced some kind of negative impact during the incident, such as service downtime.
https://www.computerweekly.com/news/252515288/One-third-of-UK-firms-suffer-a-cyber-attack-every-week
Russia's Cyber Criminals Fear Sanctions Will Erase Their Wealth
Punitive economic sanctions over Russia's invasion of Ukraine had crooks discussing the best ways to adapt to the new reality.
Members of Russian-language underground forums are not immune to the latest news. Russia's invasion of Ukraine and subsequent economic sanctions against Moscow got forum users to discuss how to live in this new world they find themselves in.
According to a report by the Digital Shadows Photon team, dark web forums are teeming with questions on how to ensure the safety of funds held in Russia-based accounts.
One user sought advice on what to do with dollars held in a Russian bank, with others suggesting converting dollars to rubles for a few months.
"I hope you were joking about [holding the funds in rubles for] half a year? After half a year, your rubles will only be good for lighting a fire, they will not be good for anything else," a forum user responded.
https://cybernews.com/news/russias-cybercriminals-fear-sanctions-will-erase-their-wealth/
86% Of Organisations Believe They Have Suffered a Nation-State Cyber Attack
A new study by Trellix and the Center for Strategic and International Studies (CSIS) has revealed that 86% of organisations believe they have fallen victim to a nation-state cyber attack.
The research surveyed 800 IT decision-makers in Australia, France, Germany, India, Japan, the UK and US.
It has also been revealed that 92% of respondents have faced, or suspect they have faced, a nation-state backed cyber attack in the past 18 months, or anticipate one in the future.
Russia and China were identified as the most likely suspects behind said attacks. 39% of organisations that believe they have been hit with a nation-state cyber attack believe Russia were the perpetrators.
Multiple Hacking Groups Are Using the War in Ukraine as A Lure in Phishing Attempts
Hostile hacking groups are exploiting Russia's invasion of Ukraine to carry out cyber attacks designed to steal login credentials, sensitive information, money and more from victims around the world.
According to cyber security researchers at Google's Threat Analysis Group (TAG), government-backed hackers from Russia, China, Iran and North Korea, as well as various unattributed groups and cyber criminal gangs, are using various themes related to the war in Ukraine to lure people into becoming victims of cyber attacks.
In just the last two weeks alone, Google has seen several hacking groups looking to take advantage of the war to fulfil their malicious aims, whether that's stealing information, stealing money, or something else.
4 Ways Attackers Target Humans to Gain Network Access
Since the day we started receiving email, we hope that our antivirus or endpoint protection software alerts us to problems. In reality, it often does not. When technology fails, it’s likely because the attacker made an end run around it by targeting humans. Here are four ways they do it:
1. The targeted human attack
2. Fraudulent wire transfer email
3. Tricking users into handing over credentials
4. Bypassing multi-factor authentication
Security Incidents Reported to FCA Surge 52% in 2021
The number of cyber security incidents reported to the UK’s financial regulator surged by over 50% last year after a significant increase in cyber-attacks, according to new figures from Picus Security.
The security vendor submitted Freedom of Information (FoI) requests to the Financial Conduct Authority (FCA) to compile its latest report, Cyber Security Incidents in the UK Financial Sector.
The 52% year-on-year increase in “material” security incidents reported to the FCA seems to have been driven by cyber-attacks, which comprised nearly two-thirds (65%) of these reports.
Picus Security claimed that the rest are likely explained by “system and process failures and employee errors.”
In addition, a third of incident reports were about corporate or personal data breaches, and a fifth involved ransomware.
Picus Security explained that to qualify as a material incident, there needs to have been a significant loss of data, operational IT outages, unauthorized IT access, and/or an impact on a large number of customers.
https://www.infosecurity-magazine.com/news/security-incidents-reported-fca/
NCSC Suggests Rethinking Russian Supply Chain Risks
The National Cyber Security Centre (NCSC) of the UK has urged organisations to reconsider the risks associated with “Russian-controlled” parts of their supply chains.
Ian Levy, technical director of the NCSC argued that “Russian law already contains legal obligations on companies to assist the Russian Federal Security Service (FSB), and the pressure to do so may increase in a time of war. We also have hacktivists on each side, further complicating matters, so the overall risk has materially changed.”
Levy has suggested that while there is currently nothing to suggest that the Russian state intends to force commercial providers to sabotage UK interests, that doesn’t mean it will not happen in the future.
https://www.itsecurityguru.org/2022/03/30/ncsc-suggests-rethinking-russian-supply-chain-risks/
25% Of Workers Lost Their Jobs in The Past 12 Months After Making Cyber Security Mistakes: Report
For business leaders, there is never a good time for their employees to make mistakes on the job. This is especially true now for workers who have anything to do with the cyber security of their companies and organisations. Given the growing risks of cyber attacks across the world and the increased threats posed by Russia in the aftermath of their invasion of Ukraine, these are certainly perilous times.
Indeed, a new study released by email security company Tessian found that one in four employees (26%) lost their job in the last 12 months after making a mistake that compromised their company’s security.
According to the second edition of Tessian’s Psychology of Human Error report, people are falling for more advanced phishing scams—and the business stakes for mistakes are much higher.
The study also found that:
Two-fifths (40%) of employees sent an email to the wrong person, with almost one-third (29%) saying their business lost a client or customer because of the error
Over one-third (36%) of employees have made a mistake at work that compromised security and fewer are reporting their mistakes to IT.
Attackers Compromise 94% of Critical Assets Within Four Steps of Initial Breach
New research from XM Cyber analysing the methods, attack paths, and impacts of cyber attacks has discovered that attackers can compromise 94% of critical assets within just four steps of initial breach points. The hybrid cloud security company’s Attack Path Management Impact Report incorporates insights from nearly two million endpoints, files, folders, and cloud resources throughout 2021, highlighting key findings on attack trends and techniques impacting critical assets across on-prem, multi-cloud, and hybrid environments.
The findings showed that 75% of an organisation’s critical assets are open to compromise in their current security state, while 73% of the top attack techniques used last year involved mismanaged or stolen credentials. Just over a quarter (27%) of most common attack techniques exploited a vulnerability or misconfiguration.
UK Spy Chief Warns Russia Looking for Cyber Targets
A UK intelligence chief warned that the Kremlin is hunting for cyber targets and bringing in mercenaries to shore up its stalled military campaign in Ukraine.
Jeremy Fleming, who heads the GCHQ electronic spy agency, praised Ukrainian President Volodymyr Zelenskyy’s “information operation” for being highly effective at countering Russia’s massive disinformation drive spreading propaganda about the war.
While there were expectations that Russia would launch a major cyber attack as part of its military campaign, Fleming said such a move was never a central part of Moscow’s standard playbook for war.
“That’s not to say that we haven’t seen cyber in this conflict. We have — and lots of it,” Fleming said in a speech in Canberra, Australia, according to a transcript released in London on Wednesday.
He said GCHQ’s National Cyber Security Centre has picked up signs of “sustained intent” by Russia to disrupt Ukrainian government and military systems.
“We’ve seen what looks like some spillover of activity affecting surrounding countries,” Fleming said. “And we’ve certainly seen indicators which suggest Russia’s cyber actors are looking for targets in the countries that oppose their actions.”
He provided no further details. He said the UK and other Western allies will continue to support Ukraine in beefing up its cyber security defences.
https://www.securityweek.com/uk-spy-chief-warns-russia-looking-cyber-targets
Threats
Ransomware
Ransomware Payments Hitting New Records In 2021 - Help Net Security
UK Ransomware Attacks Double In Past Year, Expert Insight - Information Security Buzz
Ransomware, Endpoint Risks Are Top Concerns for DFIR Professionals | CSO Online
Not Enough Businesses Have A Formal Ransomware Plan In Place - Help Net Security
Ukraine, Conti, and the law of unintended consequences | CSO Online
FBI Investigating More than 100 Ransomware Variants - Infosecurity Magazine
Precursor Malware Is an Early Warning Sign for Ransomware (darkreading.com)
Cyber Blackmail Gains Traction in Ransomware Hijackers' Tool Set - MSSP Alert
Services Giant Admits $42m Fallout from Ransomware Attack - Infosecurity Magazine
Hive Ransomware Uses New 'IPfuscation' Trick to Hide Payload (bleepingcomputer.com)
Shutterfly, Hit By Conti Ransomware Group, Warns Staff Their Data Has Been Stolen • Graham Cluley
FBI: Ransomware Attacks Are Piling Up The Pressure On Public Services | ZDNet
BEC – Business Email Compromise
Phishing & Email Based Attacks
Calendly Actively Abused in Microsoft Credentials Phishing (bleepingcomputer.com)
Phishing Attacks: Malicious URLs May Outpace Email Attachment Risks - MSSP Alert
Phishing uses Azure Static Web Pages to impersonate Microsoft (bleepingcomputer.com)
Other Social Engineering
5 Old Social Engineering Tricks Employees Still Fall For, And 4 New Gotchas | CSO Online
Fraudsters Use 'Fake Emergency Data Requests' To Steal Info • The Register
Malware
Mobile
IoT
Organised Crime & Criminal Actors
Sanctions Hitting Russian Cyber-Criminals Hard - Infosecurity Magazine
Secret World of Pro-Russia Hacking Group Exposed in Leak - WSJ
UK Police Charges Two Teenagers for Their Alleged Role in Lapsus$ Group - Security Affairs
LAPSUS$ Hacks Globant. 70GB of Data Leaked from IT Firm (bitdefender.com)
Cryptocurrency/Cryptomining/Cryptojacking
How CISOs can Mitigate Cryptomining Malware (trendmicro.com)
Ronin Blockchain Hit With $620 Million Crypto Heist - IT Security Guru
Insider Risk and Insider Threats
Yale Finance Director Stole $40m In Computers to Resell • The Register
Making Security Mistakes May Come With A High Price For Employees - Help Net Security
Fraud, Scams & Financial Crime
Europol Dismantles Massive Call Centre Investment Scam Operation (bleepingcomputer.com)
Emily Maitlis Opens Up About Terrifying Bank Scam: ‘I Feel Sick’ | The Independent
Supply Chain
Denial of Service DoS/DDoS
DDoS Attacks Becoming Larger And More Complex, Finance Most Targeted Sector - Help Net Security
Number of DDoS Attacks in 2021 Reached 9.75 Million - Help Net Security
Beastmode Botnet Boosts DDoS Power With New Router Exploits (bleepingcomputer.com)
Passwords & Credential Stuffing
Spyware, Espionage & Cyber Warfare
Russian Invasion of Ukraine
Anonymous Targets Oligarchs' Russian Businesses - Security Affairs
With War Next Door, EU is Warned on Cyber Security Gaps | SecurityWeek.Com
Ukraine Intelligence Leaks Names of 620 Alleged Russian FSB Agents - Security Affairs
Russian Credential Thieves Target NATO, European Military • The Register
Viasat Confirms Satellite Modems Were Wiped with AcidRain Malware (bleepingcomputer.com)
Internet Provider to Ukrainian Military Hit With Major Cyber Attack - WSJ
GhostWriter APT Targets State Entities of Ukraine with Cobalt Strike Beacon - Security Affairs
Hacked WordPress Sites Force Visitors to DDoS Ukrainian Targets (bleepingcomputer.com)
Russia Facing Internet Outages Due to Equipment Shortage (bleepingcomputer.com)
Anonymous Is Working On A Huge Data Dump That Will Blow Russia Away - Security Affairs
Phishing Campaign Targets Russian Govt Dissidents With Cobalt Strike (bleepingcomputer.com)
Leaked Hacker Logs Show Weaknesses of Russia’s Cyber Proxy Ecosystem | CSO Online
Russian Aviation Authority Switches to Paper After Losing 65TB of Data | CyberNews
Anonymous Hacked Russian Thozis Corp, But Denies Attacks on Rosaviatsia - Security Affairs
ZTE Whistleblower: Chinese Companies Will Sell to Russia • The Register
Nation State Actors
Nation State Actors – Russia
UK Spy Boss Warns About Russia-China Tech Collaboration • The Register
UK Cyber Security Centre Advises Review of Russian Tech • The Register
Russia Ranks Top For State-Linked Online Misinformation • The Register
Google: Russian phishing attacks target NATO, European military (bleepingcomputer.com)
Russian Spies Unmasked In Embarrassing Blow For Vladimir Putin (telegraph.co.uk)
Nation State Actors – China
Vulnerabilities
CISA Adds 66 Vulnerabilities to 'Must Patch' List | SecurityWeek.Com
Apple Rushes Out Patches for Two 0-days Threatening iOS and macOS Users | Ars Technica
Chrome Browser Gets Major Security Update | SecurityWeek.Com
Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances (thehackernews.com)
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors | Threatpost
Experts Warn Defenders: Don't Relax on Log4j | SecurityWeek.Com
Google Chrome, Microsoft Edge Updated to Close Security Hole • The Register
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn | Threatpost
Spring4Shell: No need To Panic, But Mitigations Are Advised - Help Net Security
Sophos Firewall Affected by A Critical Authentication Bypass Flaw - Security Affairs
CVE-2022-1162 Flaw in GitLab Allowed Threat Actors To Take Over Accounts - Security Affairs
Trend Micro Fixed High Severity Flaw In Apex Central Product Console - Security Affairs
Zyxel Urges Customers To Patch Critical Firewall Bypass Vulnerability | ZDNet
QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices (thehackernews.com)
Sector Specific
Health/Medical/Pharma Sector
Hive Ransomware Group Claims Partnership HealthPlan of California Data Breach | CSO Online
LockBit Victim Estimates Cost of Ransomware Attack To Be $42 Million (bleepingcomputer.com)
Retail/eCommerce
Shopping Trap: The Online Stores’ Scam That Hits Users Worldwide - Security Affairs
Automotive
Automaker Cyber Security Lagging Behind Tech Adoption, Experts Warn | Threatpost
CNI, OT, ICS, IIoT and SCADA
The Spectre of Stuxnet: CISA Issues Alert on Rockwell Automation ICS Vulnerabilities | ZDNet
Other News
Protecting Your Organisation Against a New Class of Cyber Threats: HEAT (darkreading.com)
Why Do Organisations Need To Prioritize Cyber Resiliency? - Help Net Security
How Security Complexity Is Being Weaponized (darkreading.com)
In Charts: Cyber Security Risks And Companies’ Readiness | Financial Times (ft.com)
CISA Warns of Attacks Against Internet-Connected UPS Devices | CSO Online
Hackers Posing as Police Convinced Apple and Meta to Share Basic Subscriber Info (softpedia.com)
Exploring the Intersection of Physical Security and Cyber Security (darkreading.com)
The Current State Of Enterprise Backup And Recovery - Help Net Security
Why Metrics Are Crucial To Proving Cyber Security Programs’ Value | CSO Online
COVID Bounce: A Massive 2021 Resurgence of Cyber Threats - Help Net Security
Rapid7 Finds Zero-Day Attacks Surged In 2021 (techtarget.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 March 2022
Black Arrow Cyber Threat Briefing 18 March 2022
-Guernsey Cyber Security Warning For Islanders And Businesses
-CISOs Face 'Perfect Storm' Of Ransomware And State-Supported Cyber Crime
-Four Key Risks Exacerbated By Russia’s Invasion Of Ukraine
-These Four Types Of Ransomware Make Up Nearly Three-Quarters Of Reported Incidents
-Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'
-Cyber Insurance War Exclusions Loom Amid Ukraine Crisis
-Zelenskyy Deepfake Crude, But Still Might Be A Harbinger Of Dangers Ahead
-Cyber Crooks’ Political In-Fighting Threatens the West
-Cloud-Based Email Threats Surge 50% in 2021
-Millions of New Mobile Malware Strains Blitzed Enterprise in 2021
-UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit
-Russian Ransomware Gang Retool Custom Hacking Tools Of Other APT Groups
-The Massive Impact of Vulnerabilities In Critical Infrastructure
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Guernsey Cyber Security Warning for Islanders and Businesses
There has been a rise in cyber-attacks since the war in Ukraine began, according to the States of Guernsey and a cyber-security firm.
The States said: "We have seen a noticeable increase in the number of phishing emails since the war began."
The Channel Islands see more than 10 million cyber attacks every month, according to research by Guernsey firm Black Arrow Cyber Consulting.
It encouraged vigilance, as the islands are not immune to these attacks.
A States spokesman said: "The whole community needs to remain vigilant against such emails, which are designed to appear to be from reputable sources in order to dupe people into providing personal information or access to their device via the clicking of a link."
Bruce McDougall, from Black Arrow Cyber Consulting, said: "Criminals don't let a good opportunity go to waste. So they're conducting scams encouraging people to make false payments in the belief they're collecting for charities."
https://www.bbc.co.uk/news/world-europe-guernsey-60763398
CISOs Face 'Perfect Storm' Of Ransomware and State-Supported Cyber Crime
As some nations turn a blind eye, defence becomes life-or-death matter
With ransomware gangs raiding network after network, and nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.
"There's this marriage right now of financially motivated cyber crime that can have a critical infrastructure and economic impact," Curry said during a CISO roundtable hosted by his endpoint security shop. "And there are some nation states that do what we call state-ignored sanctioning," he continued, using Russia-based REvil and Conti ransomware groups as examples of criminal operations that benefit from their home governments looking the other way.
"You get the umbrella of sovereignty, and you get the free license to be a privateer in essence," Curry said. "It's not just an economic threat. It's not just a geopolitical threat. It's a perfect storm."
It's probably not a huge surprise to anyone that destructive cyber attacks keep CISOs awake at night. But as chief information security officers across industries — in addition to Curry, the four others on the roundtable spanned retail, biopharmaceuticals, electronics manufacturing, and a cruise line — have watched threats evolve and criminal gangs mature, it becomes a battle to see who can innovate faster; the attackers or the defenders.
https://www.theregister.com/2022/03/18/ciso_security_storm/
Four Key Risks Exacerbated by Russia’s Invasion of Ukraine
Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.
“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.
“As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”
There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues: Talent Risk, Cyber Security Risk, Financial Risk and Supply Chain Risk
https://www.helpnetsecurity.com/2022/03/17/erm-leaders-risk/
These Four Types of Ransomware Make Up Nearly Three-Quarters of Reported Incidents
Any ransomware is a cyber security issue, but some strains are having more of an impact than others.
Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.
According to analysis by cyber security company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice.
Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare Executive. The group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each.
"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.
Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'
The cyber crime underground has fractured into pro-Ukraine and pro-Russia camps, with the latter increasingly focused on critical national infrastructure (CNI) targets in the West, according to a new report from Accenture.
The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm warned that the ideological schism could spell mounting risk for Western organisations as pro-Kremlin criminal groups adopt quasi-hacktivist tactics to choose their next victims.
Organisations in the government, media, finance, insurance, utilities and resources sectors should be braced for more attacks, said ACTI.
https://www.infosecurity-magazine.com/news/critical-infrastructure-threat/
Cyber Insurance War Exclusions Loom Amid Ukraine Crisis
An expanding threat landscape is testing the limits of cyber insurance coverage.
The industry experienced a rapid maturation over the past three years as enterprises required a broader umbrella of insurance coverage to combat increasing cyber risks. While demands and premiums continue to rise, one recent area of contention involves war and hostile acts, an exclusion that's becoming harder to categorize.
A judgment in December, coupled with the Russian invasion last month that posed potential cyber retaliations to Ukraine allies, highlighted shortcomings in insurance policies when it comes to cyber conflicts.
Zelenskyy Deepfake Crude, But Still Might Be a Harbinger of Dangers Ahead
Several deepfake video experts called a doctored video of Ukrainian President Volodymyr Zelenskyy that went viral this week before social media platforms removed it a poorly executed example of the form, but nonetheless damaging.
Elements of the Zelenskyy deepfake — which purported to show him calling for surrender — made it easy to debunk, they said. But that won’t always be the case.
https://www.cyberscoop.com/zelenskyy-deepfake-troubles-experts/
Cyber Crooks’ Political In-Fighting Threatens the West
They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.
A rift has formed in the cyber crime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware.
According to a report, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along ideological factions.”
“Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine,” wrote researchers from Accenture’s Cyber Threat Intelligence (ACTI). “However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering.”
What might otherwise seem like a good thing – bad guys fighting bad guys – may in fact pose an increased threat to the West.
https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/
Cloud-Based Email Threats Surge 50% in 2021
There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro.
The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence.
It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020.
The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed.
https://www.infosecurity-magazine.com/news/cloudbased-email-threats-surge-2021/
Millions of New Mobile Malware Strains Blitzed Enterprise in 2021
Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.
Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.
UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit
Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.
The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018.
The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.
https://www.theregister.com/2022/03/15/brit_solicitor_fined_for_failing/
Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups
A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found.
The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.
Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack.
The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as ADFind, NetScan, SoftPerfect, and LaZagne. Also employed is an AccountRestore executable to brute-force administrator credentials and a forked version of a reverse tunneling tool called Ligolo.
https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html
The Massive Impact of Vulnerabilities in Critical Infrastructure
Recent cyber events have shown how extremely vulnerable critical infrastructure is. What are the biggest security concerns?
In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is that there will be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict.
Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyber attacks. Though businesses are ramping up their security initiatives and investments to defend and protect, their efforts have largely been siloed, reactive, and lack business context. Lack of visibility of risk across the estate is a huge problem for this sector.
https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/
Threats
Ransomware
Nearly 34 Ransomware Variants Observed in Hundreds of Cyber Attacks in Q4 2021 (thehackernews.com)
Franchises, Partnerships Emerge in Ransomware-as-a-Service Operations | ZDNet
Dozens of Ransomware Variants Used In 722 Attacks Over 3 Months (bleepingcomputer.com)
Conti Leak: A Ransomware Gang's Chats Expose Its Crypto Plans | WIRED
Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops | Threatpost
SEC Filings Show Hidden Ransomware Costs And Losses | CSO Online
Exotic Lily Sells Ransomware Groups Access To Targets • The Register
New "Initial Access Broker" Working with Conti gang - IT Security Guru
Google Exposes Tactics Of A Conti Ransomware Access Broker (bleepingcomputer.com)
Avoslocker Ransomware Gang Targets US Critical Infrastructure - Security Affairs
How Prepared Are Organisations To Face A Ransomware Attack On Kubernetes? - Help Net Security
Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware (thehackernews.com)
Bridgestone Cyber Attack Timeline and Ransomware Recovery Details - MSSP Alert
Automotive Giant Denso Confirms Hack, Pandora Ransomware Group Takes Credit | ZDNet
Phishing & Email
Massive Phishing Campaign Uses 500+ Domains To Steal Credentials (bleepingcomputer.com)
How CAPTCHA Puzzles Cloak Phishing Page URLs In Emails • The Register
Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks (darkreading.com)
76,000 Scams Taken Down Through Email Reporting - IT Security Guru
Phony Instagram ‘Support Staff’ Emails Hit Insurance Company | Threatpost
This Browser-In-The-Browser Attack Is Perfect For Phishing • The Register
Malware
New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw (thehackernews.com)
Attacker Uses Websites' Contact Forms To Spread BazarLoader Malware | TechRepublic
Gh0stCringe RAT Targeting Database Servers in Recent Attacks | SecurityWeek.Com
Cyclops Blink Malware Sets Up Shop in ASUS Routers • The Register
DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (thehackernews.com)
Linux Botnet Exploits Log4j Flaw To Hijack Arm, x86 Systems • The Register
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel (360.com)
Russian Cyclops Blink Botnet Launches Assault Against Asus Routers | ZDNet
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control (thehackernews.com)
Mobile
2021 Mobile Security: Android More Vulnerabilities, iOS More Zero-Days (bleepingcomputer.com)
Thousands of Secret Keys Found in Leaked Samsung Source Code | SecurityWeek.Com
Scammers Have 2 Clever New Ways To Install Malicious Apps on iOS Devices | Ars Technica
Threat Intel Report: Who Is Behind Staggering 190GB Samsung Galaxy Hack? (forbes.com)
Android Trojan Persists On The Google Play Store Since January (bleepingcomputer.com)
IoT
Organised Crime & Criminal Actors
Financially Motivated Threat Actors Willing To Go After Russian Targets - Help Net Security
A Third of Malicious Logins Originate in Nigeria - Infosecurity Magazine
Phishers Exploit Ukraine Conflict To Solicit Crypto - IT Security Guru
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Supply Chain
DoS/DDoS
Cloud
How Cloud Services Become Weapons In Russia-Ukraine Cyber Conflict | ZDNet
The Next Big Cyber Security Threat Is Connected SaaS Platforms (thenextweb.com)
Privacy
Passwords & Credential Stuffing
Regulations, Fines and Legislation
CafePress Fined For Covering Up Customer Info Leak • The Register
Meta Fined €17 Million by Irish Regulator for GDPR Violations | CSO Online
Spyware, Espionage & Cyber Warfare
Nation State Actors
Nation State Actors – Russia
Conti Leaks Reveal the Ransomware Group’s Links to Russia | WIRED
How The Cyber World Can Support Ukraine | World Economic Forum (weforum.org)
FBI Warns of MFA Flaw Used By State Hackers For Lateral Movement (bleepingcomputer.com)
Ukraine Secret Service Arrests Hacker Helping Russian Invaders (thehackernews.com)
Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers (vice.com)
German Government Advises Against Using Kaspersky Antivirus (bleepingcomputer.com)
Ukraine's "IT Army" Hit With Info-Stealing Malware- IT Security Guru
Mozilla Firefox Removes Russian Search Providers Over Misinformation Concerns (bleepingcomputer.com)
Fake Antivirus Updates Used To Deploy Cobalt Strike in Ukraine (bleepingcomputer.com)
Ukrainian Hacktivists Allegedly Dumps Kaspersky Product Source Code Online (Updated) - Lowyat.NET
New CaddyWiper Data Wiping Malware Hits Ukrainian Networks (bleepingcomputer.com)
Top Ukrainian Cyber Official Praises Volunteer Hacks On Russian Targets, Offers Updates - CyberScoop
Anonymous Sent A Message To Russians: "Remove Putin" - Security Affairs
Cyber Attacks Cripple Russian Websites After Ukraine Invasion (gizmodo.com)
Russia Faces IT Crisis With Just Two Months Of Data Storage Left (bleepingcomputer.com)
Russia Labels Meta 'Extremist Organisation, Bans Instagram • The Register
Nation State Actors – China
China-Linked Threat Actors Are Targeting The Government Of Ukraine - Security Affairs
China Claims It Captured NSA Spy Tool That Already Leaked • The Register
Nation State Actors – Iran
Vulnerabilities
CISA Adds 15 Vulnerabilities To List Of Flaws Exploited In Attacks (bleepingcomputer.com)
New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access (thehackernews.com)
Apple Patch Day: Gaping Security Holes in iOS, macOS, iPadOS | SecurityWeek.Com
OpenSSL Patches Denial-Of-Service Certificate Flaw • The Register
OpenSSL Patches Infinite-Loop DoS Bug In Certificate Verification – Naked Security (sophos.com)
SolarWinds Warns Of Attacks Targeting Web Help Desk Instances (bleepingcomputer.com)
High-Severity Vulnerabilities Patched in BIND Server | SecurityWeek.Com
QNAP Warns Severe Linux Bug Affects Most Of Its NAS Devices (bleepingcomputer.com)
Sector Specific
Financial Services Sector
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines (thehackernews.com)
Banks on Alert For Russian Reprisal Cyber Attacks on Swift | Ars Technica
Fraudsters Use Intelligent Bots To Attack Financial Institutions (scmagazine.com)
70% of Financial Service Providers Are Implementing API Security - Help Net Security
Health/Medical/Pharma Sector
Transport and Aviation
Reports Published in the Last Week
Other News
Does the Free World Need a Global Cyber Alliance? | SecurityWeek.Com
Why EDR Is Not Sufficient To Protect Your Organisation - Help Net Security
Public and Private Sector Security: Better Protection by Collaboration | SecurityWeek.Com
The Importance Of Building In Security During Software Development - Help Net Security
How Fast Can Organisations Respond To A Cyber Security Crisis? - Help Net Security
Researcher Uses 379-Year-Old Algorithm To Crack Crypto Keys Found In The Wild | Ars Technica
How Pen Testing Gains Critical Security Buy-in and Defence Insight (darkreading.com)
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data | Threatpost
When IT Spending Plans Don't Reflect Security Priorities (darkreading.com)
Half of People Accept All Cookies Despite The Security Risk | TechRadar
Business Is At Last Collaborating On Cyber Security | Financial Times (ft.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 December 2021
Black Arrow Cyber Threat Briefing 17 December 2021:
-Employees Think They’re Safe From Cyber Threats On Company Devices
-Internet Is Scrambling To Fix Log4shell, The Worst Hack In History
-Apache Log4j Flaw: A Fukushima Moment for the Cyber Security Industry
-60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low
-Ransomware in 2022: We're All Screwed
-Attacks on UK Firms Increase Five-Fold During Pandemic
-The Log4J Software Flaw Is ‘Christmas Come Early’ for Cyber Criminals
-Why Cloud Storage Isn't Immune to Ransomware
-400 Banks’ Customers Targeted with Anubis Trojan
-Sites Hacked With Credit Card Stealers Undetected For Months
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Employees Think They’re Safe From Cyber Threats On Company Devices
A research launched by Menlo Security reveals increased cyber security risks posed to employees and organisations during the 2021 holiday shopping season.
The research – which surveyed 2,000 employed people in the United States and the United Kingdom – found that while employees are concerned about threats and are taking some measures to mitigate them, they often have false confidence in their security posture.
There are now more threats to corporate devices and networks than ever as hybrid work models blur the boundaries between work and home. More than half of respondents (56% US; 53% UK) reported performing non-work-related tasks – such as online shopping – on company devices.
Furthermore, the survey found that 65% of people in the US (63% UK) are doing more online holiday shopping in 2021 compared to previous years, and nearly half of respondents (48% US; 45% UK), reported shopping for gifts this holiday season on a work-issued device such as a laptop or mobile phone.
Workers are also noticing a rise in cyber threats this holiday season, with 58% of respondents in the US (48% UK) observing an increase in scams and fraudulent messages, exemplifying that threats are rampant worldwide. This is worrying many people, as the vast majority of respondents (80% US & UK) report being somewhat to very concerned about their personal data being stolen while online shopping.
However, despite workers’ recognition and concern of cyber threats, 60% of people (65% UK) still believe they’re secure from cyberthreats if they’re using a company device.
https://www.helpnetsecurity.com/2021/12/14/employees-cybersecurity-risks/
Internet Is Scrambling To Fix Log4shell, The Worst Hack In History
Massive data breaches have become so common that we’ve gotten numb to reports detailing another hack or 0-day exploit. That doesn’t reduce the risk of such events happening, as the cat-and-mouse game between security experts and hackers continues. As some vulnerabilities get fixed, others pop up requiring attention from product and service providers. The newest one has a name that will not mean anything to most people. They call the hack Log4Shell in security briefings, which doesn’t sound very scary. But the new 0-day attack is so significant that some people see it as the worst internet hack in history.
Malicious individuals are already exploiting the Log4Shell attack, which allows them to get into computer systems and servers without a password. Security experts have seen Log4Shell in action in Minecraft, the popular game that Microsoft owns. A few lines of text passed around in a chat might be enough to penetrate the defences of a target computer. The same ease of access would allow hackers to go after any computer out there using the Log4J open-sourced java-based logging utility.
https://bgr.com/tech/internet-is-scrambling-to-fix-log4shell-the-worst-hack-in-history/
Apache Log4j Flaw: A Fukushima Moment for the Cyber Security Industry
Organisations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come.
The discovery of a critical flaw in the Apache Log4j software is nothing short of a Fukushima moment for the cybersecurity industry.
Ten years ago, an earthquake and subsequent tidal wave triggered the meltdown of the Fukushima nuclear power plant that continues to plague the region today. Similarly, the early exploitation of Log4j, during which attackers will go after the low-hanging fruit exposed by the vulnerability, will evolve over time to take the form of more complex attacks on more sensitive systems that have less exposure to the internet. And, just as Fukushima brought to light significant issues with longstanding processes in place at the plant, so too does the Log4j vulnerability, known as Log4Shell, highlight two crucial practices of concern:
· How organisations capture and protect their massive troves of log data; and
· The use of open-source code libraries as the building blocks for major enterprise applications.
The paradox of Log4j: the more you log, the worse it gets
We’re discovering new apps every minute which use Log4j in one way or another. It affects not only the code you build, but also the third-party systems you have in place. Everything from the new printer you’ve bought for the office to the ticketing system you’ve just deployed is potentially affected by this flaw. Some affected systems may be on premises, others may be hosted in the cloud but no matter where they are, the flaw is likely to have an impact.
https://www.theregister.com/2021/12/17/vmware_criticial_uem_flaw/
60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low
There is a “dangerous” lack of awareness among UK workers towards cybersecurity, leaving businesses at risk of attacks, according to a new study by Armis. This is despite 60% of workers admitting they have fallen victim to a cyber-attack.
The nationwide survey of 2000 UK employees found that only around a quarter (27%) are aware of the associated cyber risks, while one in 10 (11%) don’t worry about them at all.
Even more worryingly, just one in five people said they paid for online security, putting businesses at high risk of attacks amid the shift to remote working during COVID-19.
The most prevalent types of attacks experienced by workers or their organisations were phishing (27%), data breaches (23%) and malware (20%).
The study also revealed growing concerns about the scale of the cyber-threats facing the UK. A large-scale cyber-attack was ranked as the fourth biggest future concern (21%) among the respondents, equal to the UK going to war. Two-fifths (40%) said they would like to see a minister for cyber security installed to ensure the issue is focused on more at a government level.
Russian-backed cyber-criminals were considered the biggest threat to the UK’s cybersecurity (20%) by the respondents, followed by financially motivated cyber-criminals (17%) and Chinese-backed cyber-criminals (16%).
https://www.infosecurity-magazine.com/news/uk-workers-victim-cyber-attack/
Ransomware in 2022: We're All Screwed
Ransomware is now a primary threat for businesses, and with the past year or so considered the "golden era" for operators, cybersecurity experts believe this criminal enterprise will reach new heights in the future.
Kronos. Colonial Pipeline. JBS. Kaseya. These are only a handful of 2021's high-profile victims of threat groups including DarkSide, REvil, and BlackMatter.
According to Kela's analysis of dark web forum activity, the "perfect" prospective ransomware victim in the US will have a minimum annual revenue of $100 million and preferred access purchases include domain admin rights, as well as entry into Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) services.
Over the past few years, we've seen ransomware operators evolve from disorganised splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains.
Ransomware infection is no longer an end goal of a cyberattack. Instead, malware families in this arena -- including WannaCry, NotPetya, Ryuk, Cerber, and Cryptolocker -- can be one component of attacks designed to elicit a blackmail payment from a victim organisation.
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Attacks on UK Firms Increase Five-Fold During Pandemic
Attacks on UK firms surged five-fold during the pandemic and now cost way more than the global average, according to Accenture.
The global consultancy polled 500 UK executives to compile its State of Cybersecurity Resilience 2021 study.
It found that large organisations experienced 885 attempted cyber-attacks in 2020 – up from 156 the previous year and more than triple the global average of 270.
They’re also more expensive than elsewhere. Accenture calculated that incidents and breaches cost over £1.3m a year – £350,000 more than the global average.
Over 80% of respondents said the cost of staying ahead of cyber-criminals is unsustainable, a fifth more than the previous year, and a quarter said they’ve been forced to increase cybersecurity budgets by 10% or more.
Worryingly, supply chain attacks accounted for 64% of breaches in the UK last year, up by a quarter (26%) from the previous year.
https://www.infosecurity-magazine.com/news/attacks-on-uk-firms-increase/
The Log4J Software Flaw Is ‘Christmas Come Early’ for Cyber Criminals
Researchers have just identified a security flaw in a software program called Log4J, widely used by a host of private, commercial and government entities to record details ranging from usernames and passwords to credit card transactions. Since the glitch was found last weekend, the cybersecurity community has been scrambling to protect applications, services, infrastructure and even Internet of Things devices from criminals—who are already taking advantage of the vulnerability.
“For cybercriminals this is Christmas come early, because the sky’s the limit,” says Theresa Payton, a former White House chief information officer and the CEO of Fortalice Solutions, a cybersecurity consulting company. “They’re really only limited by their imagination, their technical know-how and their own ability to exploit this flaw.” Payton spoke with Scientific American about what Log4J does, how criminals can use its newly discovered weakness, and what it will take to repair the problem.
Why Cloud Storage Isn't Immune to Ransomware
Ransomware is the flavour of the month for cybercriminals. The FBI reports that ransomware attacks rose 20% and losses almost tripled in 2020. And our increased use of the cloud may have played a part in that spike. A survey of CISOs conducted by IDC earlier this year found that 98% of their companies suffered at least one cloud data breach in the previous 18 months as opposed to 79% last year, and numbers got worse the more exposure they had to the cloud.
Organisations now use hundreds of cloud-based apps, which adds thousands of new identities logging in to their systems. This opens almost unlimited possibilities for hackers. Even if cloud vendors have their own identity and access management controls, vulnerabilities will emerge. In fact, recent research into cloud security found that over 70% of organisations had machines open to the public that were linked to identities whose permissions were vulnerable, under the right conditions, to being exploited to launch ransomware attacks.
A number of reasons could explain why security falls through the cracks of many cloud systems, and leaves them more vulnerable to ransomware attacks.
https://www.darkreading.com/attacks-breaches/why-cloud-storage-isn-t-immune-to-ransomware
400 Banks’ Customers Targeted with Anubis Trojan
Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A.
Researchers say this is just the beginning.
Once downloaded, the malware – a variant of banking trojan Anubis – steals the user’s personal data to rip them off, researchers at Lookout warned in a new report. And it’s not just customers of big banks at risk, the researchers added: Virtual payment platforms and crypto wallets are also being targeted.
“As a banking trojan malware, Anubis’ goal is to collect significant data about the victim from their mobile device for financial gain,” the Lookout report said. “This is done by intercepting SMSs, keylogging, file exfiltration, screen monitoring, GPS data collection and abuse of the device’s accessibility services.”
https://threatpost.com/400-banks-targeted-anubis-trojan/177038/
Sites Hacked With Credit Card Stealers Undetected For Months
Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers.
Magecart skimming is an attack that involves the injection of malicious JavaScript code on a target website, which runs when the visitor is at the checkout page.
The code can steal payment details such as credit card number, holder name, addresses, and CVV, and send them to the actor.
Threat actors may then use this information for purchasing goods online or sold to other actors on underground forums and dark web marketplaces known as "carding" sites.
Threats
Ransomware
Why Ransomware Attacks Happen Out Of Hours Or During The Holidays • The Register
Conti Ransomware Gang Exploits Log4Shell Bug In Its Operations - Security Affairs
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware (thehackernews.com)
HR Management Firm Kronos Needs Weeks to Recover From Ransomware Attack | SecurityWeek.Com
Ransomware Affiliate Arrested In Romania - The Record By Recorded Future
Police Arrests Ransomware Affiliate Behind High-Profile Attacks (Bleepingcomputer.Com)
All Change at the Top as New Ransomware Groups Emerge - Infosecurity Magazine
Hive Ransomware Enters Big League With Hundreds Breached In Four Months (Bleepingcomputer.Com)
Ransomware Suspect Arrested Over Attacks On 'High-Profile' Organisations | Zdnet
BEC – Business Email Compromise
Phishing
How A Phishing Campaign Is Able To Exploit Microsoft Outlook - Techrepublic
Phishing Campaign Uses PowerPoint Macros To Drop Agent Tesla (Bleepingcomputer.Com)
New Microsoft Exchange Credential Stealing Malware Could Be Worse Than Phishing - TechRepublic
Other Social Engineering
Malware
Hackers Start Pushing Malware In Worldwide Log4shell Attacks (Bleepingcomputer.Com)
Hackers’ Log4Shell Malware Attacks Shuts Down Thousands of Government Websites | Tech Times
A Practical and Detailed Look at Cobalt Strike Threat Actors - MSSP Alert
New Fileless Malware Uses Windows Registry as Storage to Evade Detection (thehackernews.com)
‘DarkWatchman’ RAT Shows Evolution in Fileless Malware | Threatpost
New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 (thehackernews.com)
Mobile
China: Man Lifts Sleeping Ex's Eyelids, Unlocks Phone, Steals $24k (insider.com)
Malicious Joker App Scores Half-Million Downloads on Google Play | Threatpost
Apple Patches 42 Security Flaws in Latest iOS Refresh | SecurityWeek.Com
IoT
Modern Cars: A Growing Bundle Of Security Vulnerabilities - Help Net Security
Are Your Home Security Cameras Vulnerable To Hacking? - cnet
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Log4j Attackers Switch To Injecting Monero Miners Via RMI (bleepingcomputer.com)
Hackers Are Using the Blockchain to Make Bulletproof Botnets (gizmodo.com)
Botnet Steals Half A Million Dollars In Cryptocurrency From Victims - Techrepublic
Hackers Steal $140 Million From Users of Crypto Gaming Company (vice.com)
Insider Risk and Insider Threats
Fraud & Financial Crime
“Sadistic” Online Extortionist Jailed for 32 Years - Infosecurity Magazine
Experts: Public Should Freeze Credit Post-Breach - Infosecurity Magazine
Nation State Actors
China, Iran Among Those Exploiting Apache Cyber Vulnerability, Researchers Say (Yahoo.Com)
Documents Link Huawei To Uyghur Surveillance Projects, Report Claims | Huawei | The Guardian
Russian Cyberspy Groups Start Exploiting Log4Shell Vulnerability | SecurityWeek.Com
Cloud
Privacy
Spyware and Espionage
Vulnerabilities
4 Ways To Properly Mitigate The Log4j Vulnerabilities (And 4 To Skip) | CSO Online
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges (thehackernews.com)
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability (thehackernews.com)
Patching Isn't Enough For December's Patch Tuesday | Computerworld
Windows 10 Patch Tuesday (Kb5008212) Is Out — Here's What's New And What's Broken - Neowin
Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware (thehackernews.com)
Adobe Addresses Over 60 Vulnerabilities In Multiple Products - Security Affairs
Hackers Launch More Than 1.2m Attacks Through Log4J Flaw | Financial Times (ft.com)
Google Pushes Emergency Chrome Update To Fix Zero-Day Used In Attacks (Bleepingcomputer.Com)
Over Log4j? VMware Has Another Critical Flaw For You To Fix - The Register
CISA Urges VMware Admins To Patch Critical Flaw In Workspace ONE UEM (bleepingcomputer.com)
Sector Specific
SMBs – Small and Medium Businesses
What the Log4Shell Bug Means for SMBs: Experts Weigh In | Threatpost
Security Priorities Are Geared Toward Ongoing Remote And Hybrid Work - Help Net Security
Transport and Aviation
Nation State Threat Group Targets Airline with Aclip Backdoor (securityintelligence.com)
Other News
Why Tech Companies Must Come Clean About The Latest Cyber Security Crisis | Fortune
“Worst-Case Scenario” Exploit Travels the Globe - Infosecurity Magazine
Log4j Hack Raises Serious Questions About Open-Source Software | Financial Times
Why Log4j Mitigation Is Fraught With Challenges (darkreading.com)
Security Flaws Found In A Popular Guest Wi-Fi System Used In Hundreds Of Hotels | TechCrunch
Experts: Log4j Bug Could Be Exploited for “Years” - Infosecurity Magazine
2022: Supply-Chain Chronic Pain & SaaS Security Meltdowns | Threatpost
Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips (thehackernews.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 06 August 2021
Black Arrow Cyber Threat Briefing 06 August 2021:
-Ransomware Volumes Hit Record High
-Ransomware Gangs Recruiting Insiders To Breach Corporate Networks
-More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021
-New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies
-Constant Review Of Third Party Security Critical As Ransomware Threat Climbs
-Kaseya Ransomware Attack Sets Off Race To Hack Service Providers
-Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Volumes Hit Record Highs As 2021 Wears On
Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020.
https://threatpost.com/ransomware-volumes-record-highs-2021/168327/
Ransomware Gangs Recruiting Insiders To Breach Corporate Networks
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims' networks and encrypt devices. Any ransom payments that victims make are then split between the core group and the affiliate, with the affiliate usually receiving 70-80% of the total amount. However, in many cases, the affiliates purchase access to networks from other third-party pentesters rather than breaching the company themselves. With LockBit 2.0, the ransomware gang is trying to remove the middleman and instead recruit insiders to provide them access to a corporate network.
More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021
Two new reports were released, covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the number of vulnerabilities disclosed. The company's data breach report found that there were 1,767 publicly reported breaches in the first six months of 2021, a 24% decline compared to the same period last year. The number of reported breaches grew in the US by 1.5% while 18.8 billion records were exposed year to date, a 32% decline compared to the 27.8 billion records leaked in the first half of 2020.
New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies
Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.
DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organisations that do not want to manage and secure yet another network asset on their own.
These DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration.
Constant Review Of Third Party Security Critical As Ransomware Threat Climbs
Enterprises typically would give their third-party suppliers "the keys to their castle" after carrying out the usual checks on the vendor's track history and systems, according to a New York-based Forrester analyst who focuses on security and risk. They believed they had done their due diligence before establishing a relationship with the supplier, but they failed to understand that they should be conducting reviews on a regular basis, especially with their critical systems suppliers. Third-party suppliers should have the ability to deal with irregular activities in their systems and the appropriate security architecture in place to prevent any downstream effects, he added.
Kaseya Ransomware Attack Sets Off Race To Hack Service Providers
A ransomware attack in July that paralyzed as many as 1,500 organisations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said. An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said. Now that criminals see how powerful MSP attacks can be, "they are already busy, they have already moved on and we don’t know where," said head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.
‘It’s Quite Feasible To Start A War’: Just How Dangerous Are Ransomware Hackers?
Secretive gangs are hacking the computers of governments, firms, even hospitals, and demanding huge sums. But if we pay these ransoms, are we creating a ticking time bomb? They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.
Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects
A joint advisory from law enforcement agencies in the US, UK, and Australia this week tallied the 30 most-frequently exploited vulnerabilities. Perhaps not surprisingly, the list includes a preponderance of flaws that were disclosed years ago; everything on the list has a patch available for whoever wants to install it. But as we've written about time and again, many companies are slow to push updates through for all kinds of reasons, whether it's a matter of resources, know-how, or an unwillingness to accommodate the downtime often necessary for a software refresh. Given how many of these vulnerabilities can cause remote code execution—you don't want this—hopefully they'll start to make patching more of a priority.
https://www.wired.com/story/top-vulnerabilities-russia-nso-group-iran-security-news/
Average Total Cost Of A Data Breach Increased By Nearly 10% Year Over Year
Based on in-depth analysis of real-world data breaches experienced by over 500 organisations, the global study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year. Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic. The new findings suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.
https://www.helpnetsecurity.com/2021/07/29/total-cost-data-breach/
65% Of All DDoS Attacks Target US And UK
Distributed denial of service (DDoS) attacks are common for cyber criminals who want to disrupt online-dependent businesses. According to the data analysed by a VPN team, 65% of all distributed denial of service (DDoS) attacks are directed at the US or UK. Computers and the internet industry are the favourite among cyber criminals. The United States was a target for 35% of all DDoS attacks in June 2021. Cyber criminals launched DDoS attacks against Amazon Web Services, Google, and other prominent US-based companies in the past. The United Kingdom comes second as it fell victim to 29% of all DDoS attacks. As the UK has many huge businesses, they often are targeted by hackers for valuable data or even a ransom. China was threatened by 18% of all DDoS attacks in June 2021. Assaults from and to China happen primarily due to political reasons, to interrupt some government agency.
https://www.pcr-online.biz/2021/08/05/65-of-all-ddos-attacks-target-us-and-uk/
Threats
Ransomware
Ransomware Attacks Rise Despite US Call For Clampdown On Cyber Criminals
BlackMatter Ransomware Gang Rises From The Ashes Of DarkSide, Revil
Criminals Are Using Call Centres To Spread Ransomware In A Crafty Scheme
Phishing
Microsoft Warns Office 365 Users Over This Sneaky Phishing Campaign
Spear Phishing Now Targets Employees Outside The Finance And Executive Teams, Report Says
Other Social Engineering
Malware
A Wide Range Of Cyber Attacks Leveraging Prometheus TDS Malware Service
Several Malware Families Targeting IIS Web Servers With Malicious Modules
Microsoft: This Windows And Linux Malware Does Everything It Can To Stay On Your Network
Mobile
An Explosive Spyware Report Shows Limits Of IOS, Android Security
This Android Malware Steals Your Data In The Most Devious Way
The Latest Android Bank-Fraud Malware Uses A Clever Tactic To Steal Credentials
Vulnerabilities
Code Execution Flaw Found In Cisco Firepower Device Manager On-Box Software
Cisco Issues Critical Security Patches To Fix Small Business VPN Router Bugs
Decade-Long Vulnerability In Multiple Routers Could Allow Network Compromise
Security Researchers Warn Of TCP/IP Stack Flaws In Operational Technology Devices
PwnedPiper PTS Security Flaws Threaten 80% of Hospitals In The U.S.
Data Breaches
Threat Actors Leaked Data Stolen From EA, Including FIFA Code
Hackers Breach San Diego Hospital, Gaining Access To Patients'... Well, Uh, Everything
OT, ICS, IIoT and SCADA
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
Supply Chain
Nation State Actors
Here's 30 Servers Russian Intelligence Uses To Fling Malware At The West, Beams RiskIQ
Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus
New Chinese Spyware Being Used In Widespread Cyber Espionage Attacks
Suspected Chinese Hackers Took Advantage Of Microsoft Exchange Vulnerability To Steal Call Records
Iranian APT Lures Defense Contractor In Catfishing-Malware Scam
Chinese Hackers Target Major Southeast Asian Telecom Companies
Cloud
Reports Published in the Last Week
Other News
Leaked Document Says Google Fired Dozens Of Employees For Data Misuse
Hybrid Work Is Here To Stay – But What Does That Mean For Cyber Security?
Huawei To America: You're Not Taking Cyber Security Seriously Until You Let China Vouch For Us
Trusted Platform Module Security Defeated In 30 Minutes, No Soldering Required
Credit-Card-Stealing, Backdoored Packages Found In Python's PyPi Library Hub
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 July 2021
Black Arrow Cyber Threat Briefing 02 July 2021: Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit; 71% Of Orgs Experienced BEC Attacks Over The Past Year; Cyber Insurance Making Ransomware Crisis Worse; Breach Exposes 92% Of LinkedIn Users; Users Clueless About Cyber Security Risks; Paying Ransoms Make You A Bigger Target; Cyber Crime Never Sleeps; Classified MOD Docs Found At Bus Stop; Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit
Hackers began a ransomware attack on Friday, hitting at least 200 companies, according to cyber security researchers.
In what appears to be one of the largest supply chain attacks to date, hackers compromised Kaseya, an IT management software supplier, in order to spread ransomware to the managed service providers that use its technology, as well as to their clients in turn.
The attacks have been attributed t=to REvil, the notorious Russia-linked ransomware cartel that the FBI claimed was behind recent crippling attack on beef supplier JBS.
The attack is the latest example of hackers weaponising the IT supply chain in order to attack victims at scale, by breaching just one provider. Last year, it emerged that Russian state-backed hackers had hijacked the SolarWinds IT software group in order to penetrate the email networks of US federal agencies and corporations, for example.
Late on Friday, Kaseya urged those using the compromised “VSA server” tool, which provides remote monitoring and patching capabilities, to shut it down immediately.
https://www.ft.com/content/a8e7c9a2-5819-424f-b087-c6f2e8f0c7a1
71% Of Organisations Experienced BEC Attacks Over The Past Year
Business email compromise (BEC) attacks are one of the most financially damaging cyber crimes and have been on the rise over the past year. This is according to a new report which revealed that spoofed email accounts or websites accounted for the highest number of BEC attack as 71% of organisations acknowledged they had seen one over the past year. This is followed by spear phishing (69%) and malware (24%). Data from 270 IT and cyber security professionals were collected to identify the latest enterprise adoption trends, gaps and solution preferences related to phishing attacks.
https://www.helpnetsecurity.com/2021/06/25/bec-attacks-past-year/
Cyber Insurance Isn't Helping With Cyber Security, And It Might Be Making The Ransomware Crisis Worse, Say Researchers
Cyber insurance is designed to protect organisations against the fallout of cyber attacks, including covering the financial costs of dealing with incidents. However, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it's the customer that makes any decision to pay the ransom, not the insurer.
LinkedIn Breach Reportedly Exposes Data Of 92% Of Users, Including Inferred Salaries
A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up to date. No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. https://9to5mac.com/2021/06/29/linkedin-breach/
Users Clueless About Cyber Security Risks
Organisations are facing yet another unprecedented threat to their cyber security now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new survey shows the mountains of work ahead for security teams in not just locking down their organisations’ systems but also in keeping users from getting duped into handing over the keys to the kingdom. 2,000 end users were surveyed in the U.S. and found the dangers to critical infrastructure, utilities and food supplies are not sinking in with the public, despite the deluge of headlines.
https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/
Ransomware: Paying Up Won't Stop You From Getting Hit Again, Says Cyber Security Chief
Ireland's Health Service Executive (HSE) has been praised for its response after falling victim to a major ransomware attack and for not giving into cyber criminals and paying a ransom. HSE was hit with Conti ransomware in May, significantly impacting frontline health services. The attackers initially demanded a ransom of $20 million in bitcoin for the decryption key to restore the network. While the gang eventually handed over a decryption key without receiving a ransom, they still published stolen patient data – a common technique by ransomware attackers, designed to pressure victims into paying.
Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk
Phishing attacks, insider threats, denial of service disruptions, malware and ransomware — cyber security incidents like these happen on a daily basis. For most of these incidents, the onsite IT team will remediate based on a pre-developed plan and process. And for many of these incidents, that’s a solid approach. But those incident response plans and strategies are IT oriented and geared toward short-term fixes and single incident responses. Meaning, if an incident accelerates beyond a handful of infected laptops or a compromised server and begins to affect operations of all or even part of the organisation, business itself can be disrupted — or even shut down entirely.
https://securityintelligence.com/posts/incident-response-vs-cyber-crisis-management-plan/
Cyber Crime Never Sleeps
When the Colonial Pipeline fell victim to a ransomware attack, people across the United States were shocked to find that a single episode of cyber crime could lead to widespread delays, gas shortages and soaring prices at the pump. But disruptive ransomware attacks like these are far from rare; in fact, they are becoming more and more frequent. Cyber crime is on the rise, and our cyber security infrastructure desperately needs to keep up. A quick look at the data from the last year confirms that cyber crime is a growing threat. Identity theft doubled in 2020 over 2019.
https://www.newsweek.com/cybercrime-never-sleeps-opinion-1603901
IT, Healthcare And Manufacturing Facing Most Phishing Attacks
Researchers examined more than 905 million emails for the H1 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. Researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked.
https://www.zdnet.com/article/it-healthcare-and-manufacturing-facing-most-phishing-attacks-report/
Classified Ministry Of Defence Documents Found At Bus Stop
Classified Ministry of Defence documents containing details about HMS Defender and the British military have been found at a bus stop in Kent. One set of documents discusses the likely Russian reaction to the ship's passage through Ukrainian waters off the Crimea coast on Wednesday. Another details plans for a possible UK military presence in Afghanistan after the US-led NATO operation there ends. The government said an investigation had been launched.
Cabinet Office Increases Cyber Security Training Budget By Almost 500%
The UK’s Cabinet Office increased its cyber security training budget to £274,142.85 in the fiscal year 2021 – a 483% increase from the £47,018 spent in the previous year. In its FOI response, the Cabinet Office detailed the cyber security courses attended by its staff, revealing that the number of booked courses grew from 35 in 2019-20 to 428 in the current fiscal year.
Threats
Ransomware
Increase In Ransomware Attacks ‘Absolutely Aligns’ With Rise Of Crypto, FireEye CEO Says
Ransomware Gangs Now Creating Websites To Recruit Affiliates
New Ransomware Highlights Widespread Adoption Of Golang Language By Cyber Attackers
This Major Ransomware Attack Was Foiled At The Last Minute. Here's How They Spotted It
Using VMs To Hide Ransomware Attacks Is Becoming More Popular
Phishing
Malware
Microsoft Admits To Signing Rootkit Malware In Supply-Chain Fiasco
The 'ChaChi' Trojan Is Helping A Ransomware Gang Target Schools
Mobile
IoT
Data Breaches
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
OT, ICS, IIoT and SCADA
Nation State Actors
Russian Hackers Had Months-Long Access To Denmark's Central Bank
Russian Hackers Are Trying To Brute-Force Hundreds Of Networks
US And UK Agencies Accuse Russia Of Political Cyber Campaign
Cloud
Privacy
Vulnerabilities
Microsoft Finds Netgear Router Bugs Enabling Corporate Breaches
Exploitable Critical RCE Vulnerability Allows Regular Users To Fully Compromise Active Directory
Critical VMware Carbon Black Bug Allows Authentication Bypass
My Book Live Users Wake Up To Wiped Devices, Active RCE Attacks
Flaws In FortiWeb WAF Expose Fortinet Devices To Remote Hack
Hackers Exploited 0-Day, Not 2018 Bug, To Mass-Wipe My Book Live Devices
A Second Exploit Has Emerged In The Sad WD My Book Live Data Deletion Saga
Microsoft Adds Second CVE For PrintNightmare Remote Code Execution
Zyxel Says A Threat Actor Is Targeting Its Enterprise Firewall And VPN Devices
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 06 November 2020
Cyber Threat Briefing 06 November 2020
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest of open source intelligence (OSINT), collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
2020 could be 'the worst year in cyber security history'
Businesses around the world are severely unprepared to face the sheer scale of cyber threats facing us today, new research has claimed.
The latest 2020 Business Threat Landscape report from security firm Bitdefender has said that this could be the worst year in cyber security history, as despite multiple warnings, many firms still aren't ready to protect themselves.
Bitdefender's report found that the "new normal" of remote working had led many businesses to face difficulties in ensuring their online protection, with 50% of organisations "completely unprepared" to face a scenario in which they had to migrate their entire workforce in a working from home environment.
https://www.techradar.com/news/2020-could-be-the-worst-year-in-cybersecurity-history
Two-Thirds of Financial Services Firms Suffered Cyber-Attack in the Past Year
Almost two-thirds (65%) of large financial services companies have suffered a cyber attack in the past year, while 45% have experienced a rise in attack attempts since the start of the COVID-19 pandemic.
This is according to new research from HelpSystems, which surveyed 250 CISOs and CIOs in global financial services firms about the impact of the pandemic on their cybersecurity.
It highlighted that these organisations are taking cybersecurity increasingly seriously, with 92% stating that they have increased investment in this area over the past 12 months, with 26% doing so by a significant amount. The main targets of this investment have included secure file transfer (64%), protecting the remote workforce (63%) and cloud/office365 (56%).
https://www.infosecurity-magazine.com/news/two-thirds-financial-services/
Proofpoint survey: IT security leaders worry about and are ill-prepared to defeat cyber-attacks
IT security leaders say they are ill-prepared for a cyber attack and believe that human error and a lack of security awareness are major risk factors for their organisations, according to a series of reports and surveys from cyber security vendor Proofpoint. But there are some marked variations in both the rates and the types of cyber attack between the regions surveyed.
It’s a dynamic attack landscape: in the DACH countries of Germany, Austria and Switzerland 67 per cent of IT security leaders say they have suffered at least one attack in the last 12 months, while in Benelux 72 per cent of respondents say their business has suffered at least one cyber attack in the same time period. In Sweden 59 per cent of businesses have been attacked at least once, while in the UAE the figure is much higher at 82 per cent - with 51 per cent of IT security leaders in the UAE saying their business has been targeted multiple times.
https://www.theregister.com/2020/11/05/proofpoint_survey_it_security_leaders/
Akamai sees doubling in malicious internet traffic as remote world’s bad actors boom, too
Akamai Technologies’ CEO said he is impressed by the amazing traffic levels on the internet during the coronavirus pandemic, and the world technology infrastructure’s ability to handle it. But during the stay-at-home boom, the web and cyber security expert also has been closely watching a boom in bad actors.
With so many people working from home, hackers are taking advantage, and massively increasing the number of attacks as daily routine changes caused by the pandemic are prolonged, and become potentially permanent.
“I think the threat actors are trying to take advantage of the pandemic, and of course, the prize is greater now that so much business has moved online”
Quarter-over-quarter — Akamai reported its Q3 results this week — the cyber security and cloud computing company has tracked a doubling of malicious traffic as telecommuting makes for easier targets.
Attacks Against Microsoft’s Remote Desktop Protocol Soar Under Work From Home Measures
The number of Remote Desktop Protocol (RDP) attacks soared by 140% in Q3 compared with the previous quarter, as cyber criminals looked to take advantage of companies relying on remote access while working from home.
RDP makes it possible for one computer to connect to another over a network and control it as though the individual was sat at the keyboard themselves. While the Microsoft tool is useful for businesses and popular among IT administrators, it has increasingly been targeted by hackers who try to gain administrator access to company servers. Once inside they are able to disable security software, steal files, delete data and install malicious software.
Slovak internet security firm ESET detected the surge between July and September, with the number of separate companies reporting brute-force attacks against their RDP connection increasing by 37% quarter-over-quarter.
Threats
Ransomware
Ransomware gangs that steal your data don't always delete it
Ransomware gangs that steal a company's data and then get paid a ransom fee to delete it don't always follow through on their promise.
The number of cases where something like this has happened has increased, according to a report published by Coveware this week and according to several incidents shared by security researchers with ZDNet researchers over the past few months.
https://www.zdnet.com/article/ransomware-gangs-that-steal-your-data-dont-always-delete-it/
Spike in Emotet activity could mean big payday for ransomware gangs
There's been a massive increase in Emotet attacks and cyber criminals are taking advantage of machines compromised by the malware to launch more malware infections as well as ransomware campaigns.
The October 2020 HP-Bromium Threat Insights Report reports a 1,200% increase in Emotet detections from July to September compared to the previous three months in which deployment of the malware appeared to decline.
https://www.zdnet.com/article/spike-in-emotet-activity-could-mean-big-payday-for-ransomware-gangs/
Italian beverage vendor Campari knocked offline after ransomware attack
Campari Group, the famed Italian beverage vendor behind brands like Campari, Cinzano, and Appleton, has been hit by a ransomware attack and has taken down a large part of its IT network.
The attack took place last Sunday, on November 1, and has been linked to the RagnarLocker ransomware gang, according to a copy of the ransom note shared with ZDNet by a malware researcher who goes online by the name of Pancak3.
Hackney Council still working to restore services as IT boss describes horror at cyber attack
Hackney’s director of information communication technology (ICT) Rob Miller was playing football with his family on a Sunday morning early in October when he got a message letting him know there was a systems outage being investigated at the Town Hall.
By the end of Sunday, the council had moved swiftly to shut down its systems, declared an emergency and notified national agencies after Miller’s team found “clear markers” that the local authority had been hit by a serious cyber attack.
Leading toy maker Mattel hit by ransomware
Toy industry giant Mattel disclosed that they suffered a ransomware attack in July that impacted some of its business functions but did not lead to data theft.
Mattel is the second-largest toymaker in the world with 24,000 employees and $5.7 billion in revenue for 2019. Mattel is known for its popular brands, including Barbie, Hot Wheels, Fisher-Price, American Girl, and Thomas & Friends.
https://www.bleepingcomputer.com/news/security/leading-toy-maker-mattel-hit-by-ransomware/
Business Email Compromise (BEC)
BEC attacks increase in most industries, invoice and payment fraud rise by 155%
BEC attacks increased 15% quarter-over-quarter, driven by an explosion in invoice and payment fraud, Abnormal Security research reveals.
“As the industry’s only measure of BEC attack volume by industry, our quarterly BEC research is important for CISOs to prepare and stay ahead of attackers,” said Evan Reiser, CEO of Abnormal Security.
“Not only are BEC campaigns continuing to increase overall, they are rising in 75% of industries that we track. Since these attacks are targeted and sophisticated, these increases could indicate an ability for threat actors to scale that may overwhelm some businesses.”
For this research, BEC campaigns across eight major industries were tracked, including retail/consumer goods and manufacturing, technology, energy/infrastructure, services, medical, media/tv, finance and hospitality.
https://www.helpnetsecurity.com/2020/11/03/bec-attacks-increase-quarter-over-quarter/
Phishing
Sneaky Office 365 phishing inverts images to evade detection
A creative Office 365 phishing campaign has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by crawlers designed to spot phishing sites.
These inverted backgrounds are commonly used as part of phishing kits that attempt to clone legitimate login pages as closely as possible to harvest a target's credentials by tricking them into entering them into a fake login form.
The BBC Experiences Over 250,000 Malicious Email Attacks Per Day
The British Broadcasting Corporation (BBC), the UK’s public service broadcaster, faces in excess of a quarter of a million malicious email attacks every day, according to data obtained following a Freedom of Information (FoI) request.
The corporation blocked an average of 283,597 malicious emails per day during the first eight months of 2020.
According to the data, every month the BBC receives an average of 6,704,188 emails that are classified as scam or spam as well as 18,662 malware attacks such as viruses, ransomware and spyware. In total, 51,898,393 infected emails were blocked in the period from January to August 2020.
The month which contained the highest amount of recorded incidents was July, when the BBC received 6,787,635 spam and 13,592 malware attempts. The next highest was March, when the COVID-19 first struck the UK, with 6,768,632 spam emails and 14,089 malware attacks.
https://www.infosecurity-magazine.com/news/bbc-experiences-malicious-email/
Malware
US Cyber Command exposes new Russian malware
US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks
Six of the eight samples are for the ComRAT malware (used by the Turla hacking group), while the other two are samples for the Zebrocy malware (used by the APT28 hacking group).
Both ComRAT and Zebrocy are malware families that have been used by Russia hacking groups for years, with ComRAT being deployed in attacks for more than a decade, having evolved from the old Agent.BTZ malware.
https://www.zdnet.com/article/us-cyber-command-exposes-new-russian-malware/
IoT
New data shows just how badly home users overestimate IoT security
A new survey from the National Cyber Security Alliance (NCSA) shows adult workers vastly overestimate the security of the internet devices in their homes.
The survey polled 1,000 adults – 500 aged 18-34 and 500 aged 50-75 – and found that the overwhelming majority of both believed the internet of things devices they owned were secure.
IoT devices, particularly those that are cheap, outdated and hard to upgrade, are widely considered to be an easy target for hackers. Yet 87 percent of the younger group and 77 percent of the older group said they were either “somewhat” or “very confident” in the security of their connected things
Vulnerabilities
Windows 10 zero-day could allow hackers to seize control of your computer
A security bug has been discovered that affects every version of the Windows operating system, from Windows 7 to Windows 10. The vulnerability can be found within the Windows Kernel Cryptography Driver and enables attackers to gain admin-level control of a victim’s computer.
The flaw was discovered by Google’s Project Zero security team, which subsequently notified Microsoft. The Redmond-based firm was given seven days to patch the bug before Google published further details – a task that proved beyond the company.
Adobe warns Windows, MacOS users of critical acrobat and reader flaws
Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. The vulnerabilities could be exploited to execute arbitrary code on affected products.
These critical flaws include a heap-based buffer overflow, out-of-bounds write glitch and two use-after free flaws. The bugs are part of Adobe’s regularly scheduled patches, which overall patched critical-, important- and moderate-severity vulnerabilities tied to 14 CVEs.
https://threatpost.com/adobe-windows-macos-critical-acrobat-reader-flaws/160903/
Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed
Cisco has disclosed a zero-day vulnerability, in the Cisco AnyConnect Secure Mobility Client software with the public availability of a proof-of-concept exploit code.
The flaw resided in the inter-process communication (IPC) channel of Cisco AnyConnect Client, it can be exploited by authenticated and local attackers to execute malicious scripts via a targeted user.
Critical bug actively used to deploy Cobalt Strike on Oracle servers
Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices.
Cobalt Strike is a legitimate penetration testing tool also used by threat actors in post-exploitation tasks and to deploy so-called beacons that enable them to gain persistent remote access.
This later allows them to access the compromised servers to harvest data and to deploy second stage malware payloads.
Oracle Solaris Zero-Day Attack Revealed
A previously known threat group, called UNC1945, has been compromising telecommunications companies and targeting financial and professional consulting industries, by exploiting a security flaw in Oracle’s Solaris operating system.
Researchers said that the group was exploiting the bug when it was a zero-day, long before a patch arrived.
The bug, was recently addressed in Oracle’s October 2020 Critical Patch Update. The vulnerability exists in the Oracle Solaris Pluggable Authentication Module (PAM) and allows an unauthenticated attacker with network access via multiple protocols to exploit and compromise the operating system. Threat actors utilized a remote exploitation tool, which researchers call “EVILSUN,” to exploit the flaw.
https://threatpost.com/oracle-solaris-zero-day-attack/160929/
Data Breaches
Marriott Hotels fined £18.4m for data breach that hit millions
The UK's data privacy watchdog has fined the Marriott Hotels chain £18.4m for a major data breach that may have affected up to 339 million guests.
The Information Commissioner's Office (ICO) said names, contact information, and passport details may all have been compromised in a cyber-attack.
The breach included seven million guest records for people in the UK.
The ICO said the company failed to put appropriate safeguards in place but acknowledged it had improved.
https://www.bbc.co.uk/news/technology-54748843
23,600 hacked databases have leaked from a defunct 'data breach index' site
More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind.
The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals.
Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee.
Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their accounts at other, more high-profile sites.
Other News
Deloitte's 'Test your Hacker IQ' site fails itself after exposing database user name, password in config file
Suspended sentence for bank IT worker who hacked his boss's webcam because he didn't get a payrise
APT Groups Finding Success with Mix of Old and New Tools
Quantum computing may make current encryption obsolete, a quantum internet could be the solution
Reports Published in the Last Week
NCSC defends UK from more than 700 cyber attacks while supporting national pandemic response
The NCSC's fourth Annual Review reveals its ongoing work against cyber attacks, support for the UK during the coronavirus pandemic.
https://www.ncsc.gov.uk/news/ncsc-defends-uk-700-cyber-attack-national-pandemic
Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues
The Coveware Quarterly Ransomware Report describes ransomware incident response trends during Q3 of 2020. Ransomware groups continue to leverage data exfiltration as a tactic, though trust that stolen data will be deleted is eroding as defaults become more frequent when exfiltrated data is made public despite the victim paying. In Q3, Coveware saw the Maze group sunset their operations as the active affiliates migrated to Egregor (a fork of Maze). We also saw the return of the original Ryuk group, which has been dormant since the end of Q1.
https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.