Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 13 October 2023

Black Arrow Cyber Threat Intelligence Briefing 13 October 2023:

-Small Businesses Hit by Frequent Cyber Attacks as 90% of CISOs Faced at least One Attack Last Year

-The Most Effective Cyber Attacks Never Touch Your Organisation's Firewall, HR’s Role in Defending the Organisation

-Ransomware Infection Times Fall from 5 Days to 5 Hours

-80% of Security Leaders See AI as the Biggest Threat to Business

-Is Your Board Cyber-Ready?

-Cyber Security Should Be a Business Priority for CEOs

-The Looming Threat of a Single Phishing Click to Your Business

-40% of Organisations Leave Ransomware to IT

-Auditors Growing Concern About Cyber Security

-The Cyber Villains Are Getting Bolder: Businesses Need to Up Their Game

-Preparing for the Unexpected: A Proactive Approach to Operational Resilience

-Staggering Losses to Social Media and Social Engineering Since 21, as Victims Take $2.7 Billion Hit in US Alone

-Organisations Grapple with Detection and Response Despite Rising Security Budgets

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year

A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.

In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.

Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.

Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]

The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation

In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.

Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.

Source: [News Week] [Beta News]

Ransomware Infection Times Fall from 5 Days to 5 Hours

The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.

This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.

The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.

Sources: [Cision] [PC Mag] [Security Magazine]

80% of Security Leaders See AI as the Biggest Threat to Business

A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.

In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.

With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.

Sources: [Diginomica] [Infosecurity Magazine]

Is Your Board Cyber-Ready?

With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.

Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.

Sources: [Harvard.edu] [JDSupra]

Cyber Security Should Be a Business Priority for CEOs

A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.

Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.

Source: [HelpNet Security]

The Looming Threat of a Single Phishing Click to Your Business

A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.

Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CMS-lawnow]

40% of Organisations Leave Ransomware to IT

A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.

By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [MSSP Alert]

Auditors’ Growing Concern About Cyber Security

The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.

Source: [Accounting Today]

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.

Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.

Source: [Dark Reading]

Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone

The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.

It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.

Sources: [Bleeping Computer] [Infosecurity Magazine]

Organisations Grapple with Detection and Response Despite Rising Security Budgets

A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.

The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.

Source: [CSO Online]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Identity and Access Management

Encryption

API

Open Source and Linux

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Parental Controls and Child Safety

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State/Cyber Warfare

Russia

China

Iran

North Korea

Vulnerability Management

Vulnerabilities

Reports Published in the Last Week

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 22 September 2023

Black Arrow Cyber Threat Intelligence Briefing 22 September 2023:

-New Ransomware Victims Surge by 47% as Small Businesses Targeted

-MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards

-SMEs Overestimate Their Cyber Security Preparedness

-China’s Hacking Power Bigger Than Rest of World Combined

-Cyber Insurance Claims for Ransomware Reach Record High

-Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives

-Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats

-Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company

-Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them

-Half of Executives Expect Supply Chain Challenges

-How Social Engineering Takes Advantage of Your Kindness

-Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Ransomware Victims Surge by 47% as Small Businesses Targeted

Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.

Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.

Source [Infosecurity Magazine]

MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards

The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.

The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens. 

Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]

SMEs Overestimate Their Cyber Security Preparedness

According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.

The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Helpnet Security] [Security Magazine]

China’s Hacking Power Bigger Than Rest of World Combined

In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.

This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.

Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]

Cyber Insurance Claims for Ransomware Reach Record High

A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.

The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA)  released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.

Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]

Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives

Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).

C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.

This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.

Sources: [MSSP Alert] [Tech Radar]

Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats

Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.

One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.

Source: [Synack]

Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company

A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.

The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?

Sources [PC Mag]

Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them

With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.

The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.

Sources: [Computer Weekly] [CSO Online]

Half of Executives Expect Supply Chain Challenges

With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.

One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.  

Sources [PRnewswire] [SiliconANGLE]

How Social Engineering Takes Advantage of Your Kindness

Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.

Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.

Source: [Engadget]

Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually

A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.

Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.  

Source: [Information Security Buzz]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Shadow IT

Identity and Access Management

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Misc Nation State/Cyber Warfare

Other News

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 07 July 2023

Black Arrow Cyber Threat Briefing 07 July 2023:

-Cyber Attacks Against Mobile Devices Growing Fast

-One Third of Security Breaches Go Unnoticed by Security Professionals

-Cyber Security Experts Have Become Targets for Board Seats

-Phishing Attack Prevention as Email Attacks Surge Over 450%

-Outsmarting Business Email Compromise Scammers

-Small Organisations Face Security Threats on a Limited Budget

-Cloud Security: Sometimes the Risks May Outweigh the Rewards

-Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

-75% of Consumers Prepared to Ditch Brands Hit by Ransomware

-Scammers Using AI Voice Technology to Commit Crimes

-What are the Causes of Data Loss and What it the Impact on Your Organisation?

-Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Attacks Against Mobile Devices Growing Fast

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year.  The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.

It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/cyber-attacks-against-mobile-devices-growing-fast/

https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

  • One Third of Security Breaches Go Unnoticed by Security Professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.

The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

  • Cyber Security Experts Have Become Targets for Board Seats

The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.

https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html

  • Phishing Attack Prevention as Email Attacks Surge Over 450%

A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.

In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.

https://cybersecuritynews.com/phishing-attack-prevention-checklist/

https://www.msspalert.com/cybersecurity-research/email-cyberattacks-spiked-nearly-500-in-first-half-of-2023-acronis-reports/

  • Outsmarting Business Email Compromise (BEC) Scammers

Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.

There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.

https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers

  • Small Organisations Face Security Threats on a Limited Budget

Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.

https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/

  • Cloud Security: Sometimes the Risks May Outweigh the Rewards

Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.

https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/

https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

  • Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.

From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.

https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks

https://techcrunch.com/2023/07/06/more-organizations-confirm-moveit-related-breaches-as-hackers-claim-to-publish-stolen-data

  • 75% of Consumers Prepared to Ditch Brands Hit by Ransomware

As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

  • Scammers Using AI Voice Technology to Commit Crimes

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.

The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.

https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/

  • What are the Causes of Data Loss and What it the Impact on Your Organisation?

In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.

It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.

https://securityaffairs.com/148086/security/impacts-of-data-loss.html

  • Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.

One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Attack Surface Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 19 May 2023

Black Arrow Cyber Threat Briefing 19 May 2023:

-Triple Threat: Insecure Economy, Cyber Crime Recruitment and Insider Threats

-Insured Companies More Likely to be Ransomware Victims, Sometimes More Than Once

-Ensuring Security Remains/Becomes Everyone’s Responsibility

-Software Supply Chain Attacks Hit 61% of Firms

-More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees

-Law Enforcement Crackdowns and New Techniques are Forcing Cyber Criminals to Pivot

-Talking Security Strategy: Why Cyber Security Requires a Seat at the Boardroom Table

-How Incident Response Rehearsals and Readiness Exercises Can Aid Incident Response

-Ransomware’s Real Goals are to Exploit Internet Facing Apps, Mine Intellectual Property and Grab Sensitive Information

-Organisations’ Cyber Resilience Efforts Fail to Keep Up with Evolving Threats

-Fraudsters Send Fake Invoice, Follow Up with Fake Executive Confirmation

-Capita Warns Customers They Should Assume Data was Stolen

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Triple Threat: Insecure Economy, Cyber Crime Recruitment and Insider Threats

Across all sectors employees are feeling the ramifications of economic uncertainty, coupled with ransomware attacks continuing to evolve and become more sophisticated, and with this, cyber crime gangs are increasing their recruitment efforts. All the while, the cyber security skills gap persists and continues to widen for most organisations. This has the potential to create a perfect storm in terms of insider threats.

Insider threats can be malicious or unintentional, and they might come from current or former employees, business partners, board members or consultants. A recent report found that the past two years have seen a 44% rise in insider incidents. There is no quick fix to solve the insider threat problem. At a time when many businesses are struggling with visibility issues brought on by digital transformation and vendor sprawl, what’s needed is planning. Reducing the risk associated with insider threats requires a multifaceted approach.

https://www.securityweek.com/triple-threat-insecure-economy-cybercrime-recruitment-and-insider-threats/

  • Ensuring Security Remains/Becomes Everyone’s Responsibility

In the same way as organisations believe that everyone is somewhat responsible for keeping costs reasonable, why would an organisation not think the same of cyber security, especially as cyber security is not just a technology problem: it is a business problem. One of the best methods for ensuring that security is everyone’s responsibility is to make cyber a top-down issue, with the board and C-suite setting the tone for security; they should provide clear direction and guidance, prioritising security as a business objective.

Other methods that can help ensure security as everyone’s responsibility include integrating it into the functions of roles, creating a security culture, providing awareness and training and rewarding employees for responses such as reporting phishing attacks.

https://cisoseries.com/20-ways-to-ensure-security-remains-becomes-everyones-responsibility/

  • Insured Companies More Likely to be Ransomware Victims, Sometimes More Than Once

Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers.

According to the survey by Barracuda Networks, 77% of organisations with cyber insurance were hit at least once, compared to 65% without insurance. Of those with insurance, 39% paid the ransom. Worryingly, the survey found that insured companies were also 70% more likely to be hit multiple times. Repeat victims were also more likely to pay the ransom, and less likely to use backup systems to help them recover.

https://www.csoonline.com/article/3696350/insured-companies-more-likely-to-be-ransomware-victims-sometimes-more-than-once.html

  • Software Supply Chain Attacks Hit 61% of Firms

More than three-fifths (61%) of businesses have been directly impacted by a software supply chain threat over the past year, according to a new report. The report pointed to open source software as a key source of supply chain risk. Open source is now used by 94% of companies in some form, with over half (57%) using multiple open source platforms, the report revealed.

Organisations may be putting themselves at further risk by not having a full view of the software which is used within their corporate environment. One of the first things an organisation seeking to reduce their risk of a software supply chain attack should do is to understand their attack surface and maintain a record of the software which they use.

https://www.infosecurity-magazine.com/news/software-supply-chain-attacks-hit/

  • More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees

In a newly released 2023 Fortune 1000 Identity Exposure Report, an analysis of the dark net exposure of employees across 21 industries, including technology, financial, retailing and media, researchers analysed 2.27 billion exposed dark web assets. These assets included more than 423 million records containing personally identifiable information (PII) found in data breaches and exfiltrated from malware-infected devices tied directly to Fortune 1000 employees’ email addresses.  

Additional findings include 27.48 million pairs of credentials with Fortune 1000 corporate email addresses and plain text passwords, and a 62% re-use rate of passwords amongst Fortune 1000 employees. Whilst the research focuses on Fortune 1000 employees, it is unlikely that these are the only employees who are exposed on the dark web. Organisations should be aware of how such PII could include their own employees, and how to avoid password re-use in the corporate environment.

https://www.msspalert.com/cybersecurity-research/more-than-2-25-million-exposed-assets-on-the-dark-web-tied-to-fortune-1000-employees/

  • Law Enforcement Crackdowns and New Techniques are Forcing Cyber Criminals to Pivot

Researchers say that law enforcement crackdowns and new investigative tools are putting pressure on cyber criminals, but challenges for defenders remain. It can seem like cyber criminals are running rampant across the world's digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among other operations to crack down on internet-enabled crimes. With such pressure, financially motivated threat actors are pivoting to crimes that have a higher rate of success, such as selling data instead of extorting, and romance scams and pig butchering (building rapport and trust with victims over time only to steal from them) are replacing the old get-rich schemes.

https://www.csoonline.com/article/3696748/law-enforcement-crackdowns-and-new-techniques-are-forcing-cybercriminals-to-pivot.html

  • Talking Security Strategy: Why Cyber Security Requires a Seat at the Boardroom Table

Cyber security is no longer a fringe issue for businesses. What was once a siloed function is now woven into the fabric of any successful business. Any business still treating its cyber security initiatives as a side project is setting itself up to fail. The US Securities and Exchange Commission (SEC) has laid to rest any doubts about the importance of cyber security with new regulations around how boards of directors should approach it. The regulations, which are in the process of being finalised, will require companies to openly report any serious cyber security attack and explain who on their board is responsible for dealing with it. The regulations also will require businesses to include board of directors' cyber security experience and credentials as part of any public disclosure.

https://www.darkreading.com/vulnerabilities-threats/talking-security-strategy-cybersecurity-has-a-seat-at-the-boardroom-table

  • How Incident Response Rehearsals and Readiness Exercises Can Aid Incident Response

Incident response rehearsals and readiness exercises can aid organisations by identifying security gaps, testing communications in the event of a cyber attack, and understanding roles in reducing response times. All of which benefits the business objectives of the organisation.

The importance for organisations to understand who their adversaries are and how they operate against their enterprise environments cannot be overstated. An organisation's approach to cyber security testing and resilience improvements in the face of an increasingly volatile threat landscape must be underpinned around this perspective.

Rehearsals should look to leverage scenarios based on evolving and emerging attacker techniques, tactics and procedures (TTPs), with different levels of complexity; this allows an organisation to constantly sharpen their technique and update rehearsals to reflect the current attack environment. These TTPs should be driven by an intelligence-led and risk-based approach. Additionally, organisations need to set metrics for understanding the results of rehearsals, which in turn should be used in established feedback channels to drive improvement in the organisation’s incident response.

https://www.darkreading.com/edge-articles/5-ways-security-testing-can-aid-incident-response 

  • Ransomware’s Real Goals are to Exploit Internet Facing Apps, Mine Intellectual Property and Grab Sensitive Information

The majority of ransomware attacks in 2022 were intended to unearth personal data, mine intellectual property and grab other sensitive information rather than financial extortion or data encryption, Kaspersky said in a new report.

Most attacks started off as exploiting public facing applications (43%), data from compromised user accounts (24%) and malicious emails (12%). The goal was to snatch information the cyber crews could leverage into bigger and more lucrative scores. The report also revealed that the longest-running ransomware attacks began with the exploitation of public-facing applications, with just over 2% of them lasting for a year and more.

https://www.msspalert.com/cybersecurity-research/ransomwares-real-goals-are-exploit-internet-facing-apps-mine-intellectual-property-grab-sensitive-info/

  • Organisations’ Cyber Resilience Efforts Fail to Keep Up with Evolving Threats

A steady increase in cyber attacks and an evolving threat landscape are resulting in more organisations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber capabilities, according to Immersive Labs. The report found that while 86% of organisations have a cyber resilience program, 52% of respondents say their organisation lacks a comprehensive approach to assessing cyber resilience.

Organisations have taken steps to deploy cyber resilience programs; however, 53% of respondents indicate the organisation’s workforce is not well-prepared for the next cyber attack and just over half say they lack a comprehensive approach to assessing cyber resilience. These statistics indicate that although cyber resilience is a priority and programs are in place, their current structure and training are ineffective.

https://www.helpnetsecurity.com/2023/05/18/cyber-resilience-programs-shortcomings/

  • Fraudsters Send Fake Invoice, Follow Up with Fake Executive Confirmation

Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. The fraud attempt begins with an email containing a payment request for a fake invoice. The recipient, an employee in a company’s finance department, reads the email and checks who sent it. The sender’s email address looks like it belongs to one of the company’s trusted vendors, and the VP of Finance has been CC-ed. Soon after, the “VP of Finance” replies to the email thread, and asks the employee (by name) to pay this at the earliest convenience.

Most organisations view social engineering methods as a one step process; however, threat actors are employing multiple layers. In this case, adding management to increase authenticity. Businesses looking to bolster their resilience should look to ensure that these kinds of attacks are addressed in their organisation’s user education and awareness training.

https://www.helpnetsecurity.com/2023/05/16/payment-request-fraud/

  • Capita Warns Customers They Should Assume Data was Stolen

Outsourcing giant Capita is warning customers to assume that their data was stolen in a cyber attack that affected its systems in early April. This includes the Universities Superannuation Scheme (USS), the largest private pension scheme in the UK, which holds pensions of over 500,000 individuals. A total of 350 UK corporate retirement schemes are believed to be impacted. The cyber attack, originally described to be a technical problem, has been reported to the UK’s Information Commissioner’s Office.

https://www.bleepingcomputer.com/news/security/capita-warns-customers-they-should-assume-data-was-stolen/

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Secure Disposal

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Vulnerability Management

Vulnerabilities

Tools and Controls

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 09 December 2022

Black Arrow Cyber Threat Briefing 09 December 2022:

-Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime

-Cyber Security Resilience Emerges as Top Priority as 62% of Companies Say Security Incidents Impacted Business Operations

-Cyber Security Should Focus on Managing Risk

-Fear of Cyber Attacks Drives SMBs to Spend More on Software

-Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices

-Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold

-Automated Dark Web Markets Sell Corporate Email Accounts For $2

-Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack

-Security Concerns Scupper Deals for Two-Thirds of Firms

-Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime

Norton released its top cyber trends to watch in 2023, emphasising that the economy will have the greatest impact on the spread of cyber crime next year. Experts predict the pressures associated with economic uncertainty and rising costs will create the perfect environment for scammers to take advantage of people when they are more vulnerable.

It’s expected that cyber criminals will trick victims into surrendering personal information, emptying their bank accounts, or spending money for products, services or “lottery winnings” that never arrive. “We anticipate scammers will continue to prey on the vulnerability of people as economic pressures rise in 2023,” said Norton.

“Cyber criminals love to exploit seasonal opportunities, and consumers are facing a perfect storm of rising prices in the middle of the busiest shopping season of the year when scammers are particularly active. Scams are always harder to detect during the holiday season because consumers expect deep discounts and may believe prices that would normally seem too good to be true. This year, inflation and other unfavourable macroeconomic factors are likely to make people particularly eager to find good deals and they may therefore be at greater risk than in previous years. Taking a few proactive steps today could help you to be safer all year long.”

https://www.helpnetsecurity.com/2022/12/06/economic-uncertainty-cybercrime/

  • Cyber Security Resilience Emerges as Top Priority, as 62% of Companies Say Security Incidents Impacted Business Operations

Cyber security resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest edition of Cisco's annual Security Outcomes Report.

Resilience has emerged as a top priority as a staggering 62 percent of organisations surveyed said they had experienced a security event that impacted business in the past two years. The leading types of incidents were network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).

These incidents resulted in severe repercussions for the companies that experienced them, along with the ecosystem of organisations they do business with. The leading impacts cited include IT and communications interruption (62.6 percent), supply chain disruption (43 percent), impaired internal operations (41.4 percent) and lasting brand damage (39.7 percent).

With stakes this high, it is no surprise that 96 percent of executives surveyed for the report said that security resilience is high priority for them. The findings further highlight that the main objectives of security resilience for security leaders and their teams are to prevent incidents, and mitigate losses when they occur.

Technology is transforming businesses at a scale and speed never seen before. While this is creating new opportunities, it also brings with it challenges, especially on the security front. To be able to tackle these effectively, companies need the ability to anticipate, identify, and withstand cyber threats, and if breached be able to rapidly recover from one. That is what building resilience is all about.

Security, after all, is a risk business. As companies don't secure everything, everywhere, security resilience allows them to focus their security resources on the pieces of the business that add the most value to an organisation, and ensure that value is protected.

https://www.darkreading.com/vulnerabilities-threats/cybersecurity-resilience-emerges-as-top-priority-as-62-of-companies-say-security-incidents-impacted-business-operations

  • Cyber Security Should Focus on Managing Risk

Preventing all data breaches is an unrealistic goal. Instead, focus on finding and minimising the greatest risks.

There is a common misconception that all problems have clear, straightforward solutions — as long as you look hard enough. While this is a bold and ambitious goal, it's misguided when applied to cyber security. Organisations cannot prevent data breaches or cyberattacks altogether, and avoiding a breach or cyber incident is nearly impossible in the modern era. Organisations can, however, take steps to reduce an attack's negative impacts.

Eradicating risk is an impractical goal because you cannot "solve" something that constantly changes. To understand the risks you need to think like an attacker.

Threat actors are, first and foremost, opportunistic. They will always look for the easiest targets to maximise their financial gain. So intimately understanding an organisation's level of risk is the first step to managing and reducing it — and making yourself less of a target.

In line with Verizon’s "Data Breach Investigations Report" (DBIR) the four critical ways that threat actors most frequently use to compromise organisations large and small are credential compromise, phishing, vulnerability exploitation, and botnets, and these are the areas organisations should look reduce risks.

https://www.darkreading.com/edge-articles/cybersecurity-should-focus-on-managing-risk

  • Fear of Cyber Attacks Drives SMBs to Spend More on Software

Despite fears of a looming recession, small and medium sized businesses (SMBs) are spending more on software in 2023, according to Capterra’s 2023 SMB Software Buying Trends Survey. 75% of US SMBs estimate they’ll spend more on software in 2023 compared to 2022.

Alongside increased software budgets, Capterra’s survey of over 500 SMBs reveals four other major trends in software buying behaviours and challenges that will impact businesses in 2023:

  • Fearful of cyber attacks, US businesses rate security as a top motivator for software purchases

  • Implementation concerns are SMBs’ biggest purchase barrier

  • Most SMB software purchases are solely handled by IT, disregarding other important stakeholders

  • Customer reviews sway purchase decisions, and verified reviews are critical

Despite the expected increase in software investments, many US SMBs regret their technology purchases. 61% of US SMBs say they have buyer’s remorse over a technology purchase in the past 12-18 months. Inadequate support services (39%) and higher-than-anticipated costs (34%) are the top reasons behind such regrets.

https://www.helpnetsecurity.com/2022/12/07/smbs-software-spending-2023/

  • Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices

Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cyber security specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages.

“Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads the report. Trustwave further added that scammers typically obtain mobile numbers from data breaches, social media and data brokers, among other methods. After that, attackers ask victims for a wire transfer, send a copy of an aging report or change a payroll account, luring them into paying for something that should be reimbursed later (but never will).

BEC attacks will always be here so long as they remain profitable. Their continued profitability proves that employee cyber security behaviour is neglected and mismanaged by the compliance-based approach to security awareness.

Security culture needs a reformation that begins with transforming the human layer into an asset which, when empowered by the right training and platform, augments the protect-detect-respond pillars of the [National Institute of Standards and Technology] NIST framework.

Trustwave’s findings were also confirmed in SlashNext’s State of Phishing 2022 report, which recently highlighted a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads. The document also suggested 83% of organisations reported that mobile device threats had been growing more quickly than other device threats.

https://www.infosecurity-magazine.com/news/bec-attacks-expand-toward-mobile/

  • Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold

Ransomware groups are getting their acts together, growing in sophistication and business acumen while monetising ransomware beyond encryption, including double and triple extortion, as the market for ransomware-as-a-service (RaaS) matures.

In first half of 2022, LockBit, Conti, Alphv, Black Basta, and Vice Society were among the most prolific ransomware gangs, focusing their attack on US-based organisations, according to a LookingGlass report on the topic.

The report confirmed and attributed 1,133 ransomware attacks in the first six months of the year and attributed 207 data leaks across all active threat actor groups throughout the same period. Of the more than 1,300 incidents, the bulk came from the top 15 most active ransomware groups, led by LockBit, Conti, and Alphv.

Ransomware gangs have primarily targeted two sectors during the analysis period: manufacturing and industrial products, followed by engineering and construction and healthcare and life sciences, with the consumer and retail industry rounding out the top five.

The report highlighted the rise of sophisticated software and networks as a principal contributor to the professionalisation of ransomware, with malicious actors now offering RaaS, bug bounties, sales teams, and even customer support.

“This new, more professional ransomware structure can only mean that the problem will continue to grow in the months ahead," the report noted. "We anticipate the adoption of more traditional business practices as the underground economy continues to remain robust”.

https://www.darkreading.com/threat-intelligence/ransomware-professionalization-grows-as-raas-takes-hold

  • Automated Dark Web Markets Sell Corporate Email Accounts For $2

Cyber crime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.

Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.

The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organisations.

Typically, these accounts were stolen via password cracking (brute-forcing) or credential stuffing, had their credentials stolen through phishing, or were bought from other cyber criminals.

Hackers use their access to corporate email accounts in targeted attacks like business email compromise (BEC), social engineering, spear-phishing, and deeper network infiltration.

https://www.bleepingcomputer.com/news/security/automated-dark-web-markets-sell-corporate-email-accounts-for-2/

  • Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack

Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.

While the company is still investigating the incident and is working on bringing affected systems back online, it says that cyber criminals might also take advantage and exploit this incident for their own purposes.

"If you do receive a message from an individual you do not recognise, do not reply. Please login to your control panel and create a ticket, including details about the message you received," Rackspace said. "We understand that contact such as this may be alarming, but we currently have no evidence to suggest that you are at increased risk as a result of this direct contact."

Rackspace added that customers could easily spot scammers attempting to steal their sensitive information since:

  • Emails from Rackspace will be sent from @rackspace.com emails (although attackers might still use a spoofed email address and redirect their targets to a landing phishing page)

  • Rackspace support will not ask for login credentials or personal information (e.g., social security number, driver's license) during phone calls

Even though the company is yet to reveal if it has any evidence that the attackers have stolen data from its systems during the breach, customers were advised to remain vigilant and monitor their credit reports and banking account statements for suspicious activity.

Some customers are also reporting an increase in phishing emails impersonating Rackspace since the ransomware attack. Those affected by the Rackspace ransomware attack and outage should not open any suspicious email attachments or click any suspicious links.

https://www.bleepingcomputer.com/news/security/rackspace-warns-of-phishing-risks-following-ransomware-attack/

  • Security Concerns Scupper Deals for Two-Thirds of Firms

Two-thirds (67%) of global organisations have admitted to losing out on acquiring potential customers due to concerns about their security posture, according to LogRhythm.

The security vendor polled 1175 security professionals and executives across five continents to compile its latest report, The State of the Security Team 2022. It found that security due diligence among customers and partners is increasingly rigorous.

Some 91% of respondents said that their security strategy must now align with customers’ security policies and standards, while 85% claimed their company must provide proof that they meet partners’ security requirements.

There was more worrying news from the report: 70% of respondents reported an increase in workplace stress for security teams, with nearly a third (30%) citing a “significant” increase. Among the key stress factors highlighted in the study were growing attack sophistication, greater responsibilities and increasing attack frequency.

Two-fifths (41%) claimed that better integrated solutions would help to relieve these pressures, while a similar number (42%) pointed to the need for more experienced security professionals. The latter would seem unlikely, given the coming recession’s likely impact on budgets, and persistent industry skills shortages. The gap is now 3.4 million globally, including 56,800 in the UK, a massive 73% year-on-year increase, according to ISC2.

https://www.infosecurity-magazine.com/news/security-concerns-scupper-deals/

  • Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks

Microsoft is gearing up for a slew of Russian cyber attacks this winter, and warns others to stay vigilant. Between missiles, drones, and cyber attacks the onslaught against Ukraine has been a brutal one, and reportedly only set to get worse in the coming months.

"Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support," says Microsoft in a recent blog post. "Recent attacks in Poland suggest that Russian state-sponsored cyber attacks may increasingly be used outside Ukraine in an effort to undermine foreign-based supply chains."

In late October, Russian forces were pushed from formerly occupied territory, retaliating with missile, drone, and cyber strikes that left much of Kyiv in need of simple running water.

The Russian group known to Microsoft as IRIDIUM (aka Sandworm) is thought to be working with the Russian intelligence service, the GRU, in coordinated efforts to inflict suffering on the people of Ukraine. The group has been at large for almost a decade, as Microsoft notes, "Following Russia’s annexation of Crimea in 2014, IRIDIUM launched a series of wintertime operations against Ukrainian electricity providers, cutting power to hundreds of thousands of citizens in 2015 and 2016."

https://www.pcgamer.com/microsoft-encourages-strong-cyber-hygiene-in-light-of-increasing-russian-cyberattacks/

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Denial of Service DoS/DDoS

Cloud/SaaS

Hybrid/Remote Working

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – North Korea

Nation State Actors – Iran

Vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 21 October 2022

Black Arrow Cyber Threat Briefing 21 October 2022:

-Gen Z, Millennials Really Doesn't Care About Workplace Cyber Security

-Supply Chain Attacks Increased Over 600% This Year and Companies Are Falling Behind

-Cyber-Enabled Crimes Are Biggest Police Concerns

-List of Common Passwords Accounts for Nearly All Cyber Attacks

-Shared Responsibility or Shared Fate? Decentralized IT Means We Are All Cyber Defenders

-Ukraine War Cuts Ransomware as Kremlin Co-Opts Hackers

-96% Of Companies Report Insufficient Security for Sensitive Cloud Data

-Your Microsoft Exchange Server Is a Security Liability

-Are Cyber Security Vendors Pushing Snake Oil?

-Ransomware Preparedness, What Are You Doing Wrong?

-NSA Cybersecurity Director's Six Takeaways from the War in Ukraine

-Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Gen Z, Millennials Really Don’t Care About Workplace Cyber Security

When it comes to cyber security in the workplace, younger employees don’t really seem to care that much, which is putting their organisations in serious harm’s way, new research has claimed.

Surveying approximately 1,000 workers using devices issued by their employers, professional services firm EY found Gen Z enterprise employees were more apathetic about cyber security than their Boomer counterparts in adhering to their employer's safety policies.

This is despite the fact that four in five (83%) of all those surveyed claimed to understand their employer’s security protocol.

When it comes to implementing mandatory IT updates, for example, 58% of Gen Z’ers and 42% of millennials would disregard them for as long as possible. Less than a third (31%) of Gen X’ers, and just 15% of baby boomers said they do the same.

Apathy in the young extends to password reuse between private and business accounts. A third of Gen Z and millennial workers surveyed admitted to this, compared to less than a quarter of all Gen X’ers and baby boomers.

Some say the apathy of young people towards technology is down to their over-familiarity with technology, and never having been without it. Being too comfortable with tech undoubtedly makes an enterprise's younger employees a major target for cyber criminals looking to exploit any hole in security. 

If an organisation's cyber security practices aren't upheld strongly, threat actors can compromise huge networks with simple social engineering attacks.

https://www.techradar.com/news/younger-workers-dont-care-about-workplace-cybersecurity

  • Supply Chain Attacks Increased Over 600% This Year and Companies Are Falling Behind

The number of documented supply chain attacks involving malicious third-party components has increased 633% over the past year, now sitting at over 88,000 known instances, according to a new report from software supply chain management company Sonatype. Meanwhile, instances of transitive vulnerabilities that software components inherit from their own dependencies have also reached unprecedented levels and plague two-thirds of open-source libraries.

“The networked nature of dependencies highlights the importance of having visibility and awareness about these complex supply chains” Sonatype said in its newly released State of the Software Supply Chain report. “These dependencies impact our software, so having an understanding of their origins is critical to vulnerability response. Many organisations did not have the needed visibility and continued their incident response procedures for Log4Shell well beyond the summer of 2022 as a result.”

Log4Shell is a critical vulnerability discovered in November 2021 in Log4j, a widely popular open-source Java library used for logging and bundled in millions of enterprise applications and software products, often as an indirect dependency. According to Sonatype’s monitoring, as of August 2022, the adoption rate for fixed versions of Log4j sits at around 65%. Moreover, this doesn’t even account for the fact that the Log4Shell vulnerability originated in a Java class called JndiManager that is part of Log4j-core, but which has also been borrowed by 783 other projects and is now found in over 19,000 software components.

Log4Shell served as a watershed moment, highlighting the inherent risks that exist in the open-source software ecosystem – which sits at the core of modern software development – and the need to manage them properly. It also led to several initiatives to secure the software supply chain by private organisations, software repository managers, the Linux Foundation, and government bodies. Yet, most organisations are far from where they need to be in terms of open-source supply chain management.

https://www.csoonline.com/article/3677228/supply-chain-attacks-increased-over-600-this-year-and-companies-are-falling-behind.html#tk.rss_news

  • Cyber-Enabled Crimes Are Biggest Police Concerns

Cyber-related crimes such as money laundering, ransomware and phishing pose the biggest threat to society, according to the first ever Interpol Global Crime Trend report.

The inaugural study was compiled from data received from the policing organisation’s 195 member countries, as well as information and analysis from external sources.

Money laundering was ranked the number one threat, with 67% of respondents claiming it to be a “high” or “very high” risk. Ransomware came second (66%) but was the crime type that most (72%) expected to increase in the next 3–5 years.

Of the nine top crime trends identified in the report, six are directly cyber-enabled, including money laundering, ransomware, phishing, financial fraud, computer intrusion and child sexual exploitation.

Interpol warned that the pandemic had fomented new underground offerings like “financial crime-as-a-service,” including digital money laundering tools which help to lower the barrier to entry for criminal gangs. It also claimed that demand for online child sexual exploitation and abuse (OCSEA) content surged during the pandemic. Some 62% of respondents expect it to increase or significantly increase in the coming years.

The findings represent something of a turnaround from pre-pandemic times, when drug trafficking regularly topped the list of police concerns. Thanks to a surge in corporate digitalisation, home working and online shopping, there are now rich pickings to be had from targeting consumers and business users with cyber-scams and attacks, Interpol claimed.

https://www.infosecurity-magazine.com/news/cyberenabled-crimes-are-biggest/

  • List of Common Passwords Accounts for Nearly All Cyber Attacks

Half of a million passwords from the RockYou2021 list account for 99.997% of all credential attacks against a variety of honeypots, suggesting attackers are just taking the easy road.

Tens of millions of credential-based attacks targeting two common types of servers boiled down to a small fraction of the passwords that formed a list of leaked credentials, known as the RockYou2021 list.

Vulnerability management firm Rapid7, via its network of honeypots, recorded every attempt to compromise those servers over a 12-month period, finding that the attempted credential attacks resulted in 512,000 permutations. Almost all of those passwords (99.997%) are included in a common password list — the RockYou2021 file, which has 8.4 billion entries — suggesting that attackers, or the subset of threat actors attacking Rapid7's honeypots, are sticking to a common playbook.

The overlap in all the attacks also suggest attackers are taking the easy road, said Rapid7. "We know now, in a provable and demonstrable way, that nobody — 0% of attackers — is trying to be creative when it comes to unfocused, untargeted attacks across the Internet," they said. "Therefore, it's very easy to avoid this kind of opportunistic attack, and it takes very little effort to take this threat off the table entirely, with modern password managers and configuration controls."

Every year, security firms present research suggesting users are continuing to pick bad passwords. In 2019, an evaluation of passwords leaked to the Internet found that the top password was "123456," followed by "123456789" and "qwerty," and unfortunately things have not got much better since then.

https://www.darkreading.com/endpoint/a-common-password-list-accounts-for-nearly-all-cyberattacks

  • Shared Responsibility or Shared Fate? Decentralised IT Means We Are All Cyber Defenders

Does your organisation truly understand the shared responsibility model? Shared responsibility emerged from the early days of cloud computing as a way to delineate responsibilities between cloud providers and their customers, but often there's a gap between what shared responsibility means and how it is interpreted. With the decentralisation of IT, this gap is getting worse.

Applications, servers, and overall technology used to be under the purview and control of the IT department, yet with the shift to cloud, and specifically software-as-a-service (SaaS), this dynamic has changed. Whether it's the sales team bringing in a customer relationship management (CRM) system like Salesforce, or the HR department operating a human resources information system (HRIS) like Workday, there's a clear "expanding universe" of IT that no longer sits where it used to. Critical business workflows exist in separate business units far from IT and security and are managed as such. Our corporate IT footprints have become decentralised.

This is not some minor, temporary trend. With the ease and speed of adopting new SaaS applications and the desire to "lift and shift" code into cloud-based environments, this is the future. The future is decentralised.

The shift to business-owned and -operated applications puts security teams in a position where risk management is their responsibility; they are not even able to log into some of these critical systems. It's like asking your doctor to keep you healthy but not giving her access to your information or having regular check-ups. It doesn't work that way.

Beyond the challenging human skills gap, there's technical entropy and diversity everywhere, with different configuration settings, event logs, threat vectors, and data sensitivities. On the access side, there are different admins, users, integrations, and APIs. If you think managing security on Windows and Mac is a lot, try it across many huge applications.

With this reality, how can the security team be expected to combat a growing amount of decentralised business technology risk?

We must operate our technology with the understanding that shared responsibility is the vertical view between cloud provider and customer, but that enterprise-owned piece of shared responsibility is the burden of multiple teams horizontally across an organisation. Too often the mentality is us versus them, availability versus security, too busy to care about risk, too concerned with risk to understand "the business."

https://www.darkreading.com/vulnerabilities-threats/shared-responsibility-or-shared-fate-decentralized-it-means-we-are-all-cyber-defenders

  • Ukraine War Cuts Ransomware as Kremlin Co-Opts Hackers

The Ukraine war has helped reduce global ransomware attacks by 10pc in the last few months, a British cyber security company has said.

Criminal hacking gangs, usually engaged in corporate ransomware activities, are increasingly being co-opted by the Russian military to launch cyber attacks on Ukraine, according to Digital Shadows. “The war is likely to continue to motivate ransomware actors to target government and critical infrastructure entities,” according to the firm. Such attacks partly contributed to a 10pc drop in the number of ransomware threats launched during the three months to September, said the London-based company.

The drop in ransomware may also partly be caused by tit-for-tat digital attacks between rival hacking gangs. Researchers said the Lockbit gang, who recently targeted LSE-listed car retailer Pendragon with a $60m (£53.85m) ransom demand, were the target of attacks from their underworld rivals. The group is increasingly inviting resentment from competing threat groups and possibly former members.

Some cyber criminals’ servers went offline in September after what appeared to be an attack from competitors. In the world of cyber criminality, it is not uncommon for tensions to flare among rival groups.

Officials from GCHQ’s National Cyber Security Centre have said ransomware is one of the biggest cyber threats facing the UK. Figures published by the Department for Digital, Culture, Media and Sport this year revealed the average costs to businesses caused by ransomware attacks is around £19,000 per incident.

US-based cyber security company Palo Alto Networks, however, warned that the average ransom payment it saw in the early part of this year was $925,000 (£829,000).

https://www.telegraph.co.uk/business/2022/10/23/ukraine-war-cuts-ransomware-kremlin-co-opts-hackers/

  • 96% Of Companies Report Insufficient Security for Sensitive Cloud Data

The vast majority of organisations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA).

The CSA report surveyed 1,663 IT and security professionals from organisations of various sizes and in various locations. "Only 4% report sufficient security for 100% of their data in the cloud. This means that 96% of organisations have insufficient security for at least some of their sensitive data," according to the report, which was sponsored by data intelligence firm BigID.

Apart from struggling with securing sensitive data, organisations are also having trouble tracking data in the cloud. Over a quarter of organisations polled aren’t tracking regulated data, nearly a third aren’t tracking confidential or internal data, and 45% aren’t tracking unclassified data, the report said.

“This suggests that organisations’ current methods of classifying data aren’t sufficient for their needs. However, if the tracking is this low, it could be a contributing factor to the issue of dark data. Organisations need to utilise data discovery and classification tools to properly understand the data they have and how to protect it,” the CSA study noted.

https://www.csoonline.com/article/3677491/96-of-companies-report-insufficient-security-for-sensitive-cloud-data.html#tk.rss_news

  • Your Microsoft Exchange Server Is a Security Liability

With endless vulnerabilities, widespread hacking campaigns, slow and technically tough patching, it's time to say goodbye to on-premise Exchange.

Once, reasonable people who cared about security, privacy, and reliability ran their own email servers. Today, the vast majority host their personal email in the cloud, handing off that substantial burden to the capable security and engineering teams at companies like Google and Microsoft. Now, cyber security experts argue that a similar switch is due - or long overdue - for corporate and government networks. For enterprises that use on-premise Microsoft Exchange, still running their own email machine somewhere in a closet or data centre, the time has come to move to a cloud service, if only to avoid the years-long plague of bugs in Exchange servers that has made it nearly impossible to keep determined hackers out.

The latest reminder of that struggle arrived earlier this week, when Taiwanese security researcher Orange Tsai published a blog post laying out the details of a security vulnerability in Microsoft Exchange. Tsai warned Microsoft about this vulnerability as early as June of 2021, and while the company responded by releasing some partial fixes, it took Microsoft 14 months to fully resolve the underlying security problem. Tsai had earlier reported a related vulnerability in Exchange that was massively exploited by a group of Chinese state-sponsored hackers known as Hafnium, which last year penetrated more than 30,000 targets by some counts. Yet according to the timeline described in Tsai’s post this week, Microsoft repeatedly delayed fixing the newer variation of that same vulnerability, assuring Tsai no fewer than four times that it would patch the bug before pushing off a full patch for months longer. When Microsoft finally released a fix, Tsai wrote, it still required manual activation and lacked any documentation for four more months.

Meanwhile, another pair of actively exploited vulnerabilities in Exchange that were revealed last month still remain unpatched after researchers showed that Microsoft’s initial attempts to fix the flaws had failed. Those vulnerabilities were just the latest in a years-long pattern of security bugs in Exchange’s code. And even when Microsoft does release Exchange patches, they’re often not widely implemented, due to the time-consuming technical process of installing them.

The result of those compounding problems, for many who have watched the hacker-induced headaches of running an Exchange server pile up, is a clear message: An Exchange server is itself a security vulnerability, and the fix is to get rid of it.

“You need to move off of on-premise Exchange forever. That’s the bottom line,” says Dustin Childs, the head of threat awareness at security firm Trend Micro’s Zero Day Initiative (ZDI), which pays researchers for finding and reporting vulnerabilities in commonly used software and runs the Pwn2Own hacking competition. “You’re not getting the support, as far as security fixes, that you would expect from a really mission-critical component of your infrastructure.”

https://www.wired.com/story/microsoft-exchange-server-vulnerabilities/

  • Are Cyber Security Vendors Pushing Snake Oil?

Survey: 96 percent of cyber security decision makers confused by vendor marketing.

The availability of new security products increases, the amount of budget spent on cyber security grows, and the number of security breaches seems to outpace both. This basic lack of correlation between increasing cyber security spend and any clear increase in cyber security effectiveness is the subject of a new analytical survey from Egress.

With 52 million data breaches in Q2 2022 alone (Statista), Egress questioned 800 cyber security and IT leaders on why vendor claims and reality aren’t aligned. The headline response in the survey is that 91% of decision makers have difficulty in selecting cyber security vendors due to unclear marketing about their specific offerings.

The financial investment cycle doesn’t help in this. For many investors, the strength of the management team is more important than the product. The argument is not whether this product is a cyber security silver bullet, but whether this management can take the company to a point where it can exit with serious profits.

If investment is achieved, much of it will go into marketing. That marketing must compete against existing, established vendors – so it tends to be louder, more aggressive, and replete with hyperbole. Marketing noise can lead to increased valuation, which can lead to a successful and profitable exit by the investors.

Of course, this is an oversimplification and doesn’t always happen. The point, however, is that it does happen and has no relevance to the real effectiveness of the product in question. Without any doubt, there are many products that have been over-hyped by marketing funds provided by profit-driven investors.

https://www.securityweek.com/are-cybersecurity-vendors-pushing-snake-oil

  • Ransomware Preparedness: What Are You Doing Wrong?

Axio released its 2022 State of Ransomware Preparedness research report, revealing that although notable improvements have been made since Axio’s 2021 report, organisational ransomware preparedness continues to be insufficient to keep pace with new attack vectors.

The report reveals that the lack of fundamental cyber security practices and controls, including critical vulnerability patching and employee cyber security training, continues to undermine organisational attempts to improve ransomware defences.

“Ransomware continues to wreak havoc on global organisations, regardless of size or industry,” remarked the report’s co-author David White, President of Axio. “As the number of attacks will most likely continue on an exponential trajectory, it’s more important than ever for companies to re-evaluate their cyber security practices and make the needed improvements to help combat these attacks.”

The report identifies several emerging patterns that yield insights into why organisations are increasingly susceptible to ransomware attacks. In 2021, seven key areas where organisations were deficient in implementing and sustaining basic cyber security practices were identified, and these patterns dominated the 2022 study results as well:

  • Managing privileged access

  • Improving basic cyber hygiene

  • Reducing exposure to supply chain and third-party risk

  • Monitoring and defending networks

  • Managing ransomware incidents

  • Identifying and addressing vulnerabilities in a timely manner

  • Improving cyber security training and awareness

Overall, most organisations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include:

  • The number of organisations with a functional privileged access management solution in place increased by 10% but remains low at 33% overall.

  • Limitations on the use of service and local administrator accounts remain average overall, with nearly 50% of organisations reporting implementing these practices.

  • Approximately 40% of organisations monitor third-party network access, evaluate third-party cyber security posture, and limit the use of third-party software.

  • Less than 50% of respondents implement basic network segmentation and only 40% monitor for anomalous connections.

  • Critical vulnerability patching within 24 hours was reported by only 24% of organisations.

  • A ransomware-specific playbook for incident management is in place for only 30% of organisations.

  • Active phishing training has improved but is still not practiced by 40% of organisations.

https://www.helpnetsecurity.com/2022/10/20/insufficient-ransomware-preparedness/

  • NSA Cybersecurity Director's Six Takeaways from the War in Ukraine

From the warning banner ‘Be afraid and expect the worst’ that was shown on several Ukrainian government websites on January 13, 2022, after a cyber-attack took them down, the US National Security Agency’s (NSA) cybersecurity director, Rob Joyce, knew that something was going to be different, and very aggressive, between Ukraine and Russia, and that it would be happening in the cyber space as well.

Ten months on, he was invited to speak at one of Mandiant Worldwide Information Security Exchange's (mWISE) opening keynotes on October 18, 2022. Joyce shared six takeaways from the Russia-Ukraine cyber-conflict in terms of what we learned from it and its impact on how nations should protect their organisations.

  1. Both espionage and destructive attacks will occur in conflict

  2. The cyber security industry has unique insight into these conflicts

  3. Sensitive intelligence can make a decisive difference

  4. You can develop resiliency skills

  5. Don’t try to go it alone

  6. You have not planned enough yet for the contingencies

Toward the end of the keynote, Joyce suggested the audience simulate a scenario based on what happened in Ukraine with the China-Taiwan conflict escalating and see what they should put in place to better prepare for such an event.

https://www.infosecurity-magazine.com/news/nsa-6-takeaways-war-ukraine/

  • Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak

Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.

"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.

Microsoft also emphasised that the B2B leak was "caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability."

The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cyber security company SOCRadar, which termed the leak BlueBleed. Microsoft said it's in the process of directly notifying impacted customers.

The Windows maker did not reveal the scale of the data leak, but according to SOCRadar, it affects more than 65,000 entities in 111 countries. The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.

https://thehackernews.com/2022/10/microsoft-confirms-server.html

Threats

Ransomware and Extortion

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Supply Chain and Third Parties

Software Supply Chain

Denial of Service DoS/DDoS

Cloud/SaaS

Attack Surface Management

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Training, Education and Awareness

Privacy, Surveillance and Mass Monitoring

Regulations, Fines and Legislation

Law Enforcement Action and Take Downs

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 30 September 2022

Black Arrow Cyber Threat Briefing 30 September 2022:

-UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia

-Cyber Criminals See Allure in BEC Attacks Over Ransomware

-Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments

-Global Firms Deal with 51 Security Incidents Each Day

-Phishing Attacks Crushed Records Last Quarter, Driven by Mobile

-Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack?

-Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months

-More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise

-How To Outsmart Increasingly Complex Cyber Attacks

-Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks

-Cyber Threats Top Business Leaders' Biggest Concerns

-Fired Admin Cripples Former Employer's Network Using Old Credentials

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • UK Organisations, Ukraine's Allies Warned of Potential "Massive" Cyber Attacks By Russia

The head of the UK National Cyber Security Centre (NCSC) Lindy Cameron has given an update on Russia’s cyber activity amid its war with Ukraine. Her speech at Chatham House last week came just a few days after Ukraine’s military intelligence agency issued a warning that Russia was “preparing massive cyber attacks on the critical infrastructure of Ukraine and its allies.” This coincides with a new Forrester report that reveals the extent to which the cyber impact of the Russia-Ukraine conflict has expanded beyond the conflict zone with malware attacks propagating into European entities.

Addressing Russian cyber activity this year, Cameron stated that, while we have not seen the “cyber-Armageddon” some predicted, there has been a “very significant conflict in cyber space – probably the most sustained and intensive cyber campaign on record – with the Russian State launching a series of major cyber attacks in support of their illegal invasion in February.”

Russian cyber forces from their intelligence and military branches have been busy launching a huge number of attacks in support of immediate military objectives.

Since the start of the year, the NCSC has been advising UK organisations to take a more proactive approach to cyber security in light of the situation in Ukraine. “There may be organisations that are beginning to think ‘is this still necessary?’ as in the UK we haven’t experienced a major incident related to the war in Ukraine. My answer is an emphatic yes,” Cameron said.

In response to significant recent battlefield set-backs, Putin has been reacting in unpredictable ways, and so we shouldn’t assume that just because the conflict has played out in one way to date, it will continue to go the same way, Cameron added. “There is still a real possibility that Russia could change its approach in the cyber domain and take more risks – which could cause more significant impacts in the UK.” UK organisations and their network defenders should therefore be prepared for this period of elevated alert with a focus on building long-term resilience, which is a “marathon not a sprint,” she said.

https://www.csoonline.com/article/3674871/ncsc-chief-warns-uk-organizations-ukraine-s-allies-of-possible-massive-cyberattacks-by-russia.html#tk.rss_news

  • Cyber Criminals See Allure in BEC Attacks Over Ransomware

While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organisations.

BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17% in the first quarter of 2022. That's according to Arctic Wolf's "1H 2022 Incident Response Insights" report, published on 29 September, which found that specific industries — including financial, insurance, business services, and law firms, as well as government agencies — experienced more than double their previous number of cases, the company said.

Overall, the number of BEC attacks encountered per email box has grown by 84% in the first half of 2022, according to data from cyber security firm Abnormal Security.

Meanwhile, so far this year, threat reports released by organisations have revealed contradictory trends for ransomware. Arctic Wolf and the Identity Theft Resource Center (ITRC) have seen drops in the number of successful ransomware attacks, while business customers seem to be encountering ransomware less often, according to security firm Trellix. At the same time, network security firm WatchGuard had a contrary take, noting that its detection of ransomware attacks skyrocketed 80% in the first quarter of 2022, compared with all of last year.

The surging state of BEC landscape is unsurprising because BEC attacks offer cyber criminals advantages over ransomware. Specifically, BEC gains do not rely on the value of cryptocurrency, and attacks are often more successful at escaping notice while in progress. Threat actors are unfortunately very opportunistic.

For that reason, BEC — which uses social engineering and internal systems to steal funds from businesses — continues to be a stronger source of revenue for cyber criminals. In 2021, BEC attacks accounted for 35%, or $2.4 billion, of the $6.9 billion in potential losses tracked by the FBI's Internet Crime Complaint Center (IC3), while ransomware remained a small fraction (0.7%) of the total.

https://www.darkreading.com/threat-intelligence/cybercriminals-see-allure-bec-attacks-ransomware

  • Most Hackers Need 5 Hours or Less to Break Into Enterprise Environments

A new survey of 300 ethical hackers provides insight into not only the most common means of initial access, but how a complete end-to-end attack happens.

Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.

The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organisations, with different levels of experience and specialisations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.

The survey highlights the need for organisations to improve their mean time-to-detect and mean-time-to-contain, especially when considering that ethical hackers are restricted in the techniques they're allowed to use during penetration testing or red team engagements. Using black hat techniques, like criminals do, would significantly improve the success rate and speed of attack.

When asked how much time they typically need to identify a weakness in an environment, 57% of the polled hackers indicated ten or fewer hours: 16% responded six to ten hours, 25% three to five hours, 11% one to two hours and 5% less than an hour.

https://www.csoonline.com/article/3675535/most-hackers-need-5-hours-or-less-to-break-into-enterprise-environments.html#tk.rss_news

  • Global Firms Deal with 51 Security Incidents Each Day

Security operations (SecOps) teams are struggling to respond to dozens of cyber security incidents every single day, according to a new report from Trellix.

The security vendor polled 9000 security decision makers from organisations with 500+ employees across 15 markets to compile its latest study, ‘XDR: Redefining the future of cyber security’.

It found that the average SecOps team has to manage 51 incidents per day, with 36% of respondents claiming they deal with 50 to 200 daily incidents. Around half (46%) agreed that they are “inundated by a never-ending stream of cyber-attacks.”

Part of the problem is the siloed nature of security and detection and response systems, the study claimed. Some 60% of respondents argued that poorly integrated products mean teams can’t work efficiently, while a third (34%) admitted they have blind spots. It’s perhaps no surprise, therefore, that 60% admitted they can’t keep pace with the rapid evolution of security threats.

This could be having a major impact on the bottom line. The vast majority (84%) of security decision makers that Trellix spoke to estimated that their organisation lost up to 10% of revenue from security breaches in the past year.

Medium size businesses ($50–$100m in revenue) lost an average of 8% in revenue, versus 5% for large businesses with a turnover of $10bn–$25bn. That could mean hundreds of millions of dollars are being thrown away each year due to inadequate SecOps.

https://www.infosecurity-magazine.com/news/global-firms-51-security-incidents/

  • Phishing Attacks Crushed Records Last Quarter, Driven by Mobile

Last quarter saw a record-shattering number of observed phishing attacks, fuelled in large part by attempts to target users on their mobile devices.

The latest Anti-Phishing Working Group (APWG) "Phishing Activity Trends Report" for the second quarter of 2022 found 1,097,811 observed phishing attacks, the most the group has ever measured in its history.

The financial sector remained the top target for phishing lures (27.6%), along with other bombarded sectors, including webmail and software-as-a-service providers, social media sites, and cryptocurrency.

But much of the rise in phishing volume is due to a new threat actor focus on mobile devices, specifically vishing (voice phishing) and smishing (SMS phishing) attacks, the report noted.

https://www.darkreading.com/attacks-breaches/phishing-attacks-crushed-records-last-quarter

  • Why Paying the Ransom is Still the Most Common Response to a Ransomware Attack

According to new data from Databarracks, 44% of the organisations who experienced a ransomware assault paid the demanded ransom. 22% made use of ransomware decryption software, while 34% restored data from backups.

The Databarracks 2022 Data Health Check produced the results. The annual report has been collecting data on ransomware, cyber, backup, disaster recovery, and business continuity from more than 400 UK IT decision-makers since 2008.

From the victim’s standpoint, it’s logical why you may pay a ransom. You are unable to handle orders or provide customer support, and losses mount swiftly. Downtime expenses can easily surpass the ransom.

Organisations may believe that paying the ransom will solve the issue more quickly, allowing them to resume operations as usual. This strategy is faulty for a number of causes.

First of all, there is no assurance that your data will be returned. Second, once criminals know an organisation is an easy target, they frequently attack it again. Finally, it conveys the incorrect message. By paying, you are assisting the crooks by demonstrating that their strategies are effective.

https://informationsecuritybuzz.com/study-research/why-paying-the-ransom-is-still-the-most-common-response-to-a-ransomware-attack/

  • Ransomware Attacks Continue Increasing: 20% of All Reported Attacks Occurred in the Last 12 Months

Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to a latest annual report from cyber security specialist Hornetsecurity.

The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with one in five (20%) attacks happening in the last year.

Cyber attacks are happening more frequently. Last year's ransomware survey revealed one in five (21%) companies experienced an attack; this year it rose by three percent to 24%.

Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. The survey shows that many in the IT community have a false sense of security as bad actors develop new techniques.

The 2022 Ransomware Report highlighted a lack of knowledge on the security available to businesses. A quarter (25%) of IT professionals either don't know or don't think that Microsoft 365 data can be impacted by a ransomware attack.

Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.

Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can back up their Microsoft 365 data securely and protect themselves from such attacks.

Industry responses showed the widespread lack of preparedness from IT professionals and businesses. There has been an increase in businesses not having a disaster recovery plan in place if they do succumb to the heightened threat of a cyber attack.

In 2021, 16% of respondents reported having no disaster recovery plan in place. In 2022, this grew to 19%, despite the rise in attacks.

https://www.darkreading.com/attacks-breaches/ransomware-attacks-continue-increasing-20-of-all-reported-attacks-occurred-in-the-last-12-months---new-survey

  • More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise

A recent survey from machine identity solutions provider Venafi aimed to explore the complexity of cloud environments and the resulting impact on cyber security.

Venafi surveyed 1,101 security decision makers (SDMs) in firms with more than 1,000 employees and found that eighty-one percent of companies have experienced a cloud security incident in the last year. Forty-five percent have suffered at least four security incidents in the same period. More than half of security decision makers believe that security risks are higher in the cloud than on-premise.

Twenty-four percent of the firms have more than 10,000 employees. Ninety-two percent of the SDMs are at manager level or above, with 49% at c-suite level or higher.

Most of the firms surveyed believe the underlying issue is the increasing complexity of their cloud deployments. Since these companies already host 41% of their applications in the cloud, and expect to increase this to 57% over the next 18 months, the problem is only likely to worsen in the future.

The ripest target of attack in the cloud is identity management, especially machine identities. Each of these cloud services, containers, Kubernetes clusters and microservices needs an authenticated machine identity – such as a TLS certificate – to communicate securely. If any of these identities is compromised or misconfigured, it dramatically increases security and operational risks.

Respondents reported that the most common cloud incidents are security incidents during runtime (34%), unauthorised access (33%), misconfigurations (32%), vulnerabilities that have not been remediated (24%), and failed audits (19%).

Their primary operational concerns are hijacking of accounts, services or traffic (35%), malware or ransomware (31%), privacy/data access issues such as those from GDPR (31%), unauthorised access (28%), and nation state attacks (26%).

https://www.securityweek.com/more-half-security-pros-say-risks-higher-cloud-premise

  • How To Outsmart Increasingly Complex Cyber Attacks

Threat detection is harder today than it was two years ago. Next year will be harder than this year. Why? It’s a compounding effect from skills shortages and threat varieties that’s making it more challenging for any one product to handle key security wins. And cyber security is a constantly evolving sector with 2022 a devastating year for cyber security. Both hackers and security experts are always in a battle to outsmart each other.

Even for businesses with good IT departments, data protection can too quickly become an afterthought. Today’s threat landscape is growing, not just in the frequency of attacks (and the number of high-profile breaches recorded in the media) but so is the complexity of any given threat. A recent piece of research found that in 93 percent of cases, an external attacker can breach an organisation’s network perimeter and gain access to local network resources. Following increasing levels of cyber-attacks, it’s a case of “not if I will be hit by a ransomware attack,” but “when…” Organisations need to do something to mitigate the risk and protect their businesses, and they need to do it now. 

Planning and executing a better defence to outsmart attackers and win more security battles doesn’t have to feel like a military operation – but it does require the right service coverage to remove blind spots and reduce emerging risks before they escalate. 

https://informationsecuritybuzz.com/articles/how-to-outsmart-increasingly-complex-cyber-attacks/

  • Top Issues Driving Cyber Security: Growing Number of Cyber Criminals, Variety of Attacks

Fortifying cyber security defences remains a work in progress for many organisations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, according to new research from CompTIA.

While a majority of respondents in each of seven geographic regions feels that their company’s cyber security is satisfactory, CompTIA’s “State of Cybersecurity” shows that a much smaller number rank the situation as “completely satisfactory.” Nearly everyone feels that there is room for improvement.

“Companies are aware of the threats they face and the potential consequences of an attack or breach,” said Seth Robinson, VP of industry research, CompTIA. “But they may be underestimating their exposure and how much they need to invest in cyber security. Risk mitigation is the key, the filter through which everything should be viewed.”

Two of the top three issues driving cyber security considerations are the growing volume of cyber criminals, cited by 48% of respondents, and the growing variety of cyber attacks (45%). Additionally, ransomware and phishing have quickly become major areas of concern as digital operations have increased and human error has proven more costly.

“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cyber security, but this poses significant challenges, both tactically and financially,” Robinson said. “As IT operations and strategy have grown more complex, so has the management of cyber security.”

As cyber security is more tightly integrated with business objectives, zero trust is the overarching policy that should be guiding modern efforts, though its adoption will not take place overnight because it requires a drastically different way of thinking and acting. The report suggests there is small progress in recognising a holistic zero trust approach, but better progress in adopting some elements that are part of an overarching zero trust policy.

https://www.helpnetsecurity.com/2022/09/30/top-issues-driving-cybersecurity/

  • Cyber Threats Top Business Leaders' Biggest Concerns

Cyber threats are the number one concern for business decision makers, beating worries over economic uncertainty, rising energy costs and hiring, according to insurance provider Travelers. The firm polled over 1200 business leaders to compile its 2022 Travelers Risk Index report.

This is the third time in four years that cyber has emerged as the top concern, with more than half (57%) of respondents believing a future cyber-attack on their organisation is inevitable. A quarter (26%) said their company had already been a breach victim, the seventh successive year this figure has risen.

The top two cyber-related concerns were suffering a security breach (57%), and a system glitch causing computers to crash (55%). Becoming a cyber-extortion victim rose from eighth position to third this year.

However, despite general concern about cyber-threats, business decision-makers may also be guilty of overconfidence in their organisation’s security posture.

Nearly all respondents (93%) said they’re confident their company has implemented best practices to prevent or mitigate a cyber event. Yet most have not deployed endpoint detection and response tools (64%), they haven’t conducted a vendor cyber-assessment (59%), and don’t have an incident response plan (53%). Further, while 90% said they’re familiar with multi-factor authentication (MFA), only 52% had implemented it for remote access. This increasingly matters, not only to mitigate cyber-risk but also to reduce insurance premium costs and increase coverage.

Cyber attacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions.

Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber-event.

https://www.infosecurity-magazine.com/news/cyberthreats-top-business-big/

  • Fired Admin Cripples Former Employer's Network Using Old Credentials

After being laid off, an IT system administrator disrupted the operations of his former employer, a high-profile financial company in Hawaii, hoping to get his job back.

Casey K Umetsu, aged 40, worked as a network admin for the company between 2017 and 2019, when his employer terminated his contract. The US Department of Justice says in a press release that the defendant pled guilty to accessing his former employer's website and making configuration changes to redirect web and email traffic to external computers.

To prolong the business disruption for several more days, Umetsu performed additional actions that essentially locked out the firm's IT team from the website administration panel. In the end, the victimised company learned who was responsible for the sabotage after reporting the cyber security incident to the FBI.

Umetsu is awaiting sentence for his wrongdoings on January 19, 2023. He faces a maximum of 10 years of prison time and a fine of up to $250,000.

While Umetsu's actions are condemnable, the company's security practices cannot be overlooked since Umetsu used credentials that should have been invalidated the moment he got fired.

https://www.bleepingcomputer.com/news/security/fired-admin-cripples-former-employers-network-using-old-credentials/

Threats

Ransomware and Extortion

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Software Supply Chain

Denial of Service DoS/DDoS

Cloud/SaaS

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Models, Frameworks and Standards

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 June 2022

Black Arrow Cyber Threat Briefing 17 June 2022

-How Organisations Can Protect Themselves in The Emerging Risk Landscape

-Phishing Reaches All-Time High in Early 2022

-Ransomware Attacks Are Surging, with More Dangerous Hybrid Attacks to Come. Is Your Cyber Security Up to Date?

-The Challenges of Managing Increased Complexity As Hybrid IT Accelerates

-72% Of Middle Market Companies Expect to Experience a Cyber Attack

-Malware's Destruction Trajectory and How to Defeat It

-Which Stolen Data Are Ransomware Gangs Most Likely to Disclose?

-Threat Actors Becoming More Creative Exploiting the Human Factor

-66% Of Organisations Store 21%-60% Of Their Sensitive Data in The Cloud

-Travel-related Cyber Crime Takes Off as Industry Rebounds

-How Should You Think About Security When Considering Digital Transformation Projects?

-Internet Explorer Now Retired but Still an Attacker Target

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • How Organisations Can Protect Themselves in The Emerging Risk Landscape

ThoughtLab’s 2022 cyber security benchmarking study ‘Cyber Security Solutions for a Riskier World’ revealed that the pandemic has brought cyber security to a critical inflection point. The number of material breaches that respondents suffered rose 20.5% from 2020 to 2021, and cyber security budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%.

During that time, cyber security has become a strategic business imperative, requiring CEOs and their management teams to work together to meet the higher expectations of regulators, shareholders, and the board.

https://www.helpnetsecurity.com/2022/06/13/cybersecurity-strategic-business-imperative-video/

  • Phishing Reaches All-Time High in Early 2022

The Anti-Phishing Working Group (APWG) Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total.

In the first quarter of 2022, OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well, while attacks against retail/ecommerce sites fell from 17.3 to 14.6 percent after the holiday shopping season.

Phishing against social media services rose markedly, from 8.5 percent of all attacks in 4Q2021 to 12.5 percent in 1Q2022. Phishing against cryptocurrency targets—such as cryptocurrency exchanges and wallet providers—inched up from 6.5 in the previous quarter to 6.6 percent of attacks.

https://www.helpnetsecurity.com/2022/06/15/2022-total-phishing-attacks/

  • Ransomware Attacks Are Surging, with More Dangerous Hybrid Attacks to Come. Is Your Cyber Security Up to Date?

Time to reassess your cyber security strategies. Again.

Ransomware attacks on businesses have increased by one-third in the past year, according to a recent report by the Boston-based cyber security company Cybereason. 

Most (73 percent of businesses) were hit by at least one ransomware attack in the past year, and 68 percent of businesses that paid a ransom were hit again in less than a month for a higher ransom, according to the survey, which polled 1,456 cyber security professionals at global companies with 700 or more employees.

These attacks have big implications: Thirty-seven percent of companies were forced to lay off employees after paying ransoms, and 33 percent were forced to temporarily suspend business.

Since the invasion of Ukraine, cyber security experts have insisted businesses improve their lines of defence to protect against an increased risk of ransomware attacks from Russia. ​Ransomware attacks have also increased since the start of the pandemic--the rise of remote work increased vulnerability for many businesses, which hackers have taken advantage of, a 2020 FBI memo noted. So, enterprises of all sizes are at risk from many more points of attack.

https://www.inc.com/rebecca-deczynski/ransomware-attacks-increasing-cyber-security-advice.html

  • The Challenges of Managing Increased Complexity as Hybrid IT Accelerates

SolarWinds released the findings of its ninth annual IT Trends Report which examines the acceleration of digital transformation efforts and its impact on IT departments. The report found the acceleration of hybrid IT has increased network complexity for most organisations and caused several worrisome challenges for IT professionals.

Hybrid and remote work have amplified the impact of distributed and complex IT environments. Running workloads and applications across both cloud and on-premises infrastructure can be challenging, and many organisations are increasingly experiencing—and ultimately hindered by—these pain points.

As more and more mission-critical workloads move to connected cloud architectures that span public, private, hybrid, and multi-cloud environments, enterprises recognise they need to invest in the tools that will help them ensure consistent policies and performance across all platforms and end users. However, they simultaneously face challenges such as budget, time constraints, and barriers to implementing observability as a strategy to keep pace with hybrid IT realities.

However professionals feel less confident in their organisation’s ability to manage IT. While 54% of respondents state they leverage monitoring strategies to manage this complexity, 49% revealed they lack visibility into the majority of their organisation’s apps and infrastructure. This lack of visibility impacts their ability to conduct anomaly detection, easy root-cause analysis, and other critical processes to ensure the availability, performance, and security of business-critical applications.

https://www.helpnetsecurity.com/2022/06/16/hybrid-it-acceleration-challenges/

  • 72% Of Middle Market Companies Expect to Experience a Cyber Attack

Middle market companies face an increasingly volatile cyber security environment, with threats coming from more directions than ever before and more skilled criminals targeting the segment, according to an RSM US and US Chamber of Commerce report.

However, there is good news as the number of breaches reported in the last year among middle market companies slightly decreased with protections becoming more available and executives understanding the consequences related to potential incidents. Twenty-two percent of middle market leaders claimed that their company experienced a data breach in the last year, representing a drop from 28% in last year’s survey, suggesting that even with enhanced protections in place and the decrease in attacks, companies cannot afford to let their guard down.

The middle market encountered a roller coaster of risks in the last year, from lingering threats related to the COVID-19 pandemic to geopolitical conflicts and economic uncertainty.

The small drop in reported breaches is encouraging, and largely attributed to middle market companies beginning to implement better identity and access management controls. Yet, even with the decline in reported attacks, companies recognise the risks posed by the current dynamic threat environment, with 72% of executives anticipating that unauthorised users will attempt to access data or systems in 2022, a sharp rise from 64% last year and the highest number since RSM began tracking data in 2015.

https://www.helpnetsecurity.com/2022/06/16/middle-market-companies-cybersecurity/

  • Malware's Destruction Trajectory and How to Defeat It

Malware and targeted attacks on operating systems and firmware have become increasingly destructive in nature, and these more nefarious attack methods are rising in prevalence. And just to add insult to injury, there are more of them. Today’s attacks are hitting more often, and they are hitting harder.

In the first three decades of its existence, malware was primarily restricted to mischief and attempts by virus creators to discover if their creations would work. But now the threat landscape has changed from simple vandalism to lucrative cyber crime and state-sponsored attacks.

Wiper malware, in particular, has gained traction in recent months. The FortiGuard Labs research team has seen at least seven different malware attacks targeting Ukrainian infrastructure or Ukrainian companies so far this year. The primary reason for using Wiper malware is its sheer destructiveness – the intent is to cripple infrastructure. What does the increased presence of Wiper malware strains indicate? And what do security leaders need to know and do to keep their organisation safe? Read more…

https://www.securityweek.com/malwares-destruction-trajectory-and-how-defeat-it

  • Which Stolen Data Are Ransomware Gangs Most Likely to Disclose?

If your organisation gets hit by a ransomware gang that has also managed to steal company data before hitting the “encrypt” button, which types of data are more likely to end up being disclosed as you debate internally on whether you should pay the ransomware gang off?

Rapid7 analysed 161 data disclosures performed by ransomware gangs using the double extortion approach between April 2020 and February 2022, and found that:

  • The most commonly leaked data is financial (63%), followed by customer/patient data (48%)

  • Files containing intellectual property (e.g., trade secrets, research data, etc.) are rarely disclosed (12%) by ransomware gangs, but if the organisation is part of the pharmaceutical industry, the risk of IP data being disclosed is considerably higher (43%), “likely due to the high value placed on research and development within this industry.”

https://www.helpnetsecurity.com/2022/06/17/ransomware-data-disclosed/

  • Threat Actors Becoming More Creative Exploiting the Human Factor

Threat actors exhibited "ceaseless creativity" last year when attacking the Achilles heel of every organisation—its human capital—according to Proofpoint's annual The Human Factor 2022 report. The report, released June 2, draws on a multi-trillion datapoint graph created from the company's deployments to identify the latest attack trends by malicious players.

"Last year, attackers demonstrated just how unscrupulous they really are, making protecting people from cyber threats an ongoing—and often eye-opening—challenge for organisations,” Proofpoint said in a statement.

The combination of remote work and the blurring of work and personal life on smartphones have influenced attacker techniques, the report notes. During the year, SMS phishing, or smishing, attempts more than doubled in the United States, while in the UK, 50% of phishing lures focused on delivery notifications. An expectation that more people were likely working from home even drove good, old-fashioned voice scams, with more than 100,000 telephone attacks a day being launched by cyber criminals.

https://www.csoonline.com/article/3663478/threat-actors-becoming-more-creative-exploiting-the-human-factor.html#tk.rss_news

  • 66% Of Organisations Store 21%-60% Of Their Sensitive Data in The Cloud

A Thales report, conducted by 451 Research, reveals that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year, raising even greater concerns regarding the protection of sensitive data from cyber criminals.

Globally, cloud adoption and notably multicloud adoption, remains on the rise. In 2021, organisations worldwide were using an average amount of 110 software as a service (SaaS) applications, compared with just eight in 2015, showcasing a startlingly rapid increase.

With increasing complexity of multicloud environments comes an even greater need for robust cyber security. When asked what percentage of their sensitive data is stored in the cloud, 66% said between 21-60%. However, only 25% said they could fully classify all data.

https://www.helpnetsecurity.com/2022/06/16/cloud-based-data-breach-video/

  • Travel-related Cyber Crime Takes Off as Industry Rebounds

An upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cyber criminals to scam the tourists.

Researchers are warning a post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cyber crimes.

Criminal activity includes an uptick in adversaries targeting the theft of airline mileage reward points, website credentials for travel websites and travel-related databases breaches, according to a report by Intel 471.

The impact of the attacks are hacked accounts stripped of value. But also, researchers say the consequences of recent attacks can also include flight delays and cancelations as airlines grapple with mitigating hacks.

https://threatpost.com/travel-related-cybercrime-takes-off/179962/

  • How Should You Think About Security When Considering Digital Transformation Projects?

Digital transformation helps businesses keep operating and stay competitive. Here are the ways to think about security so that businesses reap the benefits without taking on associated risks.

Multiple factors contribute to the sheer number of digital transformation projects underway today: the proliferation of the Internet of Things (IoT), expanding artificial intelligence (AI) capabilities, the sudden shift to a remote workforce prompted by the global COVID-19 pandemic, and the rapid rate of cloud migration. Digital transformation is no longer a nice-to-have; it’s a must-have in order to survive and thrive in today’s business world.

CISOs and their security teams need to think about security in the digital age from both an internal and an external perspective. For the former, security teams should introduce and adopt digital enablers to transform the information security organisation. Digital enablers include the cloud, IoT, AI/machine learning (ML), and automation to transform the information security organisation.

For the latter, they should address potential risks as new digital enablers are introduced by the business to drive growth.

Here are five specific areas security teams should prioritise to achieve security-first digital transformation:

  1. Security operations modernisation

  2. Developer-centric security

  3. Cloud strategy and execution

  4. Connected devices

  5. Big data and analytics

As important as it is to keep the business operating and competitive, organisations must transform securely. Keeping security at the forefront gives the business the benefits of digital transformation without the associated risks.

https://www.darkreading.com/edge-ask-the-experts/how-should-i-think-about-security-when-considering-digital-transformation-projects-

  • Internet Explorer Now Retired but Still an Attacker Target

Microsoft's official end-of-support for the Internet Explorer 11 desktop application on June 15 relegated to history a browser that's been around for almost 27 years. Even so, IE still likely will provide a juicy target for attackers.

That's because some organisations are still using Internet Explorer (IE) despite Microsoft's long-known plans to deprecate the technology. Microsoft meanwhile has retained the MSHTML (aka Trident) IE browser engine as part of Windows 11 until 2029, allowing organisations to run in IE mode while they transition to the Microsoft Edge browser. In other words, IE isn't dead just yet, nor are threats to it.

Though IE has a negligible share of the browser market worldwide these days (0.52%), many enterprises still run it or have legacy applications tied to IE. This appears to be the case in countries such as Japan and Korea. Stories in Nikkei Asia and Japan Times this week quoted a survey by Keyman's Net showing that nearly 49% of 350 Japanese companies surveyed are still using IE. Another report in South Korea's MBN pointed to several large organisations still running IE.

https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time

Threats

Ransomware

Phishing & Email Based Attacks

Other Social Engineering

Malware

Mobile

Internet of Things - IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Dark Web

Supply Chain and Third Parties

Denial of Service DoS/DDoS

Cloud/SaaS

Privacy

Passwords, Credential Stuffing & Brute Force Attacks

Travel

Regulations, Fines and Legislation

Law Enforcement Action and Take Downs

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Vulnerabilities

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 01 April 2022

Black Arrow Cyber Threat Briefing 01 April 2022

-One Tenth of UK Staff Bypass Corporate Security

-Majority Of Data Security Incidents Caused by Insiders

-One-Third of UK Firms Suffer A Cyber Attack Every Week

-Russia's Cyber Criminals Fear Sanctions Will Erase Their Wealth

-86% Of Organisations Believe They Have Suffered a Nation-State Cyber Attack

-Multiple Hacking Groups Are Using the War in Ukraine As A Lure In Phishing Attempts

-4 Ways Attackers Target Humans to Gain Network Access

-Security Incidents Reported to FCA Surge 52% in 2021

-NCSC Suggests Rethinking Russian Supply Chain Risks

-25% Of Workers Lost Their Jobs In The Past 12 Months After Making Cyber Security Mistakes: Report

-Attackers Compromise 94% Of Critical Assets Within Four Steps Of Initial Breach

-UK Spy Chief Warns Russia Looking for Cyber Targets

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • One Tenth of UK Staff Bypass Corporate Security

A new study from Cisco has found that a tenth of UK employees actively circumvent their organisation’s security measures.

The network technology company polled over 1000 UK professionals working for organisations that allow hybrid working, in order to better understand the potential security risks of the modern, flexible workplace.

The research has revealed that many hybrid workers do not see cyber security as their responsibility, with many actively finding workarounds or engaging in risky behaviours such as password reuse.

19% of employees said they reuse passwords for multiple accounts and applications, with only 15% using password managers.

The problem seems to stem from user friction in existing security measures. Only 44% of survey participants said they found it easy to securely access their IT equipment.

A majority said they would be willing to use biometric authentication, a reflection of how enterprise security is still catching up to consumer functionality.

https://www.itsecurityguru.org/2022/03/28/one-tenth-of-uk-staff-bypass-corporate-security/

  • Majority Of Data Security Incidents Caused by Insiders

New research from Imperva has revealed that 70% of EMEA organisations have no insider risk strategy, despite 59% of data security incidents being caused by employees.

The shocking revelation comes as part of a wider study carried out by Forrester: Insider Threats Drive Data Protection Improvements. The study involved interviewing 150 security and IT professionals in EMEA.

An insider threat is defined by Imperva as originating from “inappropriate use of legitimate authorised user accounts” by either their rightful owner or a threat actor who has managed to compromise them.

The study found that insider threats were responsible for 59% of incidents impacting sensitive data in the past 12 months. This supports a previous Imperva analysis of the most significant breaches of the past five years, revealing that 24% were caused by either human error or compromised credentials.

https://www.itsecurityguru.org/2022/04/01/majority-of-data-security-incidents-caused-by-insiders/

  • One-Third of UK Firms Suffer a Cyber Attack Every Week

Cyber attacks and related incidents at UK organisations continue their seemingly unstoppable upward trajectory, with new statistics from the Department for Digital, Culture, Media and Sport (DCMS) revealing that 31% of businesses and 26% of charity organisations now experience incidents on a weekly basis.

The data, contained in the annual cyber security breaches survey report, paints a stark picture of the scale of the threat facing the average organisation, and the urgent need to boost standards and defences.

It is vital that every organisation takes cyber security seriously as more and more business is done online and we live in a time of increasing cyber risk.  No matter how big or small your organisation is, you need to take steps to improve digital resilience.

Some 20% of businesses and 19% of charities said they had experienced a negative outcome as a direct consequence of an attack. The average cost of an attack, spread out across all organisations, now works out at £4,200, or £19,400 if only medium and large businesses are considered, although there is probably a vast amount of under-reporting, so the true figures are certainly higher.

Meanwhile, 35% of businesses and 38% of charities said they had experienced some kind of negative impact during the incident, such as service downtime.

https://www.computerweekly.com/news/252515288/One-third-of-UK-firms-suffer-a-cyber-attack-every-week

  • Russia's Cyber Criminals Fear Sanctions Will Erase Their Wealth

Punitive economic sanctions over Russia's invasion of Ukraine had crooks discussing the best ways to adapt to the new reality.

Members of Russian-language underground forums are not immune to the latest news. Russia's invasion of Ukraine and subsequent economic sanctions against Moscow got forum users to discuss how to live in this new world they find themselves in.

According to a report by the Digital Shadows Photon team, dark web forums are teeming with questions on how to ensure the safety of funds held in Russia-based accounts.

One user sought advice on what to do with dollars held in a Russian bank, with others suggesting converting dollars to rubles for a few months.

"I hope you were joking about [holding the funds in rubles for] half a year? After half a year, your rubles will only be good for lighting a fire, they will not be good for anything else," a forum user responded.

https://cybernews.com/news/russias-cybercriminals-fear-sanctions-will-erase-their-wealth/

  • 86% Of Organisations Believe They Have Suffered a Nation-State Cyber Attack

A new study by Trellix and the Center for Strategic and International Studies (CSIS) has revealed that 86% of organisations believe they have fallen victim to a nation-state cyber attack.

The research surveyed 800 IT decision-makers in Australia, France, Germany, India, Japan, the UK and US.

It has also been revealed that 92% of respondents have faced, or suspect they have faced, a nation-state backed cyber attack in the past 18 months, or anticipate one in the future.

Russia and China were identified as the most likely suspects behind said attacks. 39% of organisations that believe they have been hit with a nation-state cyber attack believe Russia were the perpetrators.

https://www.itsecurityguru.org/2022/03/29/86-of-organisations-believe-they-have-suffered-a-nation-state-cyberattack/

  • Multiple Hacking Groups Are Using the War in Ukraine as A Lure in Phishing Attempts

Hostile hacking groups are exploiting Russia's invasion of Ukraine to carry out cyber attacks designed to steal login credentials, sensitive information, money and more from victims around the world.

According to cyber security researchers at Google's Threat Analysis Group (TAG), government-backed hackers from Russia, China, Iran and North Korea, as well as various unattributed groups and cyber criminal gangs, are using various themes related to the war in Ukraine to lure people into becoming victims of cyber attacks.

In just the last two weeks alone, Google has seen several hacking groups looking to take advantage of the war to fulfil their malicious aims, whether that's stealing information, stealing money, or something else.

https://www.zdnet.com/article/google-multiple-hacking-groups-are-using-the-war-in-ukraine-as-a-lure-in-phishing-attempts/

  • 4 Ways Attackers Target Humans to Gain Network Access

Since the day we started receiving email, we hope that our antivirus or endpoint protection software alerts us to problems. In reality, it often does not. When technology fails, it’s likely because the attacker made an end run around it by targeting humans. Here are four ways they do it:

1. The targeted human attack

2. Fraudulent wire transfer email

3. Tricking users into handing over credentials

4. Bypassing multi-factor authentication

https://www.csoonline.com/article/3654850/4-ways-attackers-target-humans-to-gain-network-access.html#tk.rss_news

  • Security Incidents Reported to FCA Surge 52% in 2021

The number of cyber security incidents reported to the UK’s financial regulator surged by over 50% last year after a significant increase in cyber-attacks, according to new figures from Picus Security.

The security vendor submitted Freedom of Information (FoI) requests to the Financial Conduct Authority (FCA) to compile its latest report, Cyber Security Incidents in the UK Financial Sector.

The 52% year-on-year increase in “material” security incidents reported to the FCA seems to have been driven by cyber-attacks, which comprised nearly two-thirds (65%) of these reports.

Picus Security claimed that the rest are likely explained by “system and process failures and employee errors.”

In addition, a third of incident reports were about corporate or personal data breaches, and a fifth involved ransomware.

Picus Security explained that to qualify as a material incident, there needs to have been a significant loss of data, operational IT outages, unauthorized IT access, and/or an impact on a large number of customers.

https://www.infosecurity-magazine.com/news/security-incidents-reported-fca/

  • NCSC Suggests Rethinking Russian Supply Chain Risks

The National Cyber Security Centre (NCSC) of the UK has urged organisations to reconsider the risks associated with “Russian-controlled” parts of their supply chains.

Ian Levy, technical director of the NCSC argued that “Russian law already contains legal obligations on companies to assist the Russian Federal Security Service (FSB), and the pressure to do so may increase in a time of war. We also have hacktivists on each side, further complicating matters, so the overall risk has materially changed.”

Levy has suggested that while there is currently nothing to suggest that the Russian state intends to force commercial providers to sabotage UK interests, that doesn’t mean it will not happen in the future.

https://www.itsecurityguru.org/2022/03/30/ncsc-suggests-rethinking-russian-supply-chain-risks/

  • 25% Of Workers Lost Their Jobs in The Past 12 Months After Making Cyber Security Mistakes: Report

For business leaders, there is never a good time for their employees to make mistakes on the job. This is especially true now for workers who have anything to do with the cyber security of their companies and organisations. Given the growing risks of cyber attacks across the world and the increased threats posed by Russia in the aftermath of their invasion of Ukraine, these are certainly perilous times.

Indeed, a new study released by email security company Tessian found that one in four employees (26%) lost their job in the last 12 months after making a mistake that compromised their company’s security.

According to the second edition of Tessian’s Psychology of Human Error report, people are falling for more advanced phishing scams—and the business stakes for mistakes are much higher.

The study also found that:

  • Two-fifths (40%) of employees sent an email to the wrong person, with almost one-third (29%) saying their business lost a client or customer because of the error

  • Over one-third (36%) of employees have made a mistake at work that compromised security and fewer are reporting their mistakes to IT.

https://www.forbes.com/sites/edwardsegal/2022/03/29/25-of-workers-lost-their-jobs-in-the-past-12-months-after-making-cybersecurity-mistakes-report/?sh=d47cdfa49b26

  • Attackers Compromise 94% of Critical Assets Within Four Steps of Initial Breach

New research from XM Cyber analysing the methods, attack paths, and impacts of cyber attacks has discovered that attackers can compromise 94% of critical assets within just four steps of initial breach points. The hybrid cloud security company’s Attack Path Management Impact Report incorporates insights from nearly two million endpoints, files, folders, and cloud resources throughout 2021, highlighting key findings on attack trends and techniques impacting critical assets across on-prem, multi-cloud, and hybrid environments.

The findings showed that 75% of an organisation’s critical assets are open to compromise in their current security state, while 73% of the top attack techniques used last year involved mismanaged or stolen credentials. Just over a quarter (27%) of most common attack techniques exploited a vulnerability or misconfiguration.

https://www.csoonline.com/article/3655633/attackers-compromise-94-of-critical-assets-within-four-steps-of-initial-breach.html

  • UK Spy Chief Warns Russia Looking for Cyber Targets

A UK intelligence chief warned that the Kremlin is hunting for cyber targets and bringing in mercenaries to shore up its stalled military campaign in Ukraine.

Jeremy Fleming, who heads the GCHQ electronic spy agency, praised Ukrainian President Volodymyr Zelenskyy’s “information operation” for being highly effective at countering Russia’s massive disinformation drive spreading propaganda about the war.

While there were expectations that Russia would launch a major cyber attack as part of its military campaign, Fleming said such a move was never a central part of Moscow’s standard playbook for war.

“That’s not to say that we haven’t seen cyber in this conflict. We have — and lots of it,” Fleming said in a speech in Canberra, Australia, according to a transcript released in London on Wednesday.

He said GCHQ’s National Cyber Security Centre has picked up signs of “sustained intent” by Russia to disrupt Ukrainian government and military systems.

“We’ve seen what looks like some spillover of activity affecting surrounding countries,” Fleming said. “And we’ve certainly seen indicators which suggest Russia’s cyber actors are looking for targets in the countries that oppose their actions.”

He provided no further details. He said the UK and other Western allies will continue to support Ukraine in beefing up its cyber security defences.

https://www.securityweek.com/uk-spy-chief-warns-russia-looking-cyber-targets

Threats

Ransomware

BEC – Business Email Compromise

Phishing & Email Based Attacks

Other Social Engineering

Malware

Mobile

IoT

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain

Denial of Service DoS/DDoS

Passwords & Credential Stuffing

Spyware, Espionage & Cyber Warfare

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 18 March 2022

Black Arrow Cyber Threat Briefing 18 March 2022

-Guernsey Cyber Security Warning For Islanders And Businesses

-CISOs Face 'Perfect Storm' Of Ransomware And State-Supported Cyber Crime

-Four Key Risks Exacerbated By Russia’s Invasion Of Ukraine

-These Four Types Of Ransomware Make Up Nearly Three-Quarters Of Reported Incidents

-Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'

-Cyber Insurance War Exclusions Loom Amid Ukraine Crisis

-Zelenskyy Deepfake Crude, But Still Might Be A Harbinger Of Dangers Ahead

-Cyber Crooks’ Political In-Fighting Threatens the West

-Cloud-Based Email Threats Surge 50% in 2021

-Millions of New Mobile Malware Strains Blitzed Enterprise in 2021

-UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit

-Russian Ransomware Gang Retool Custom Hacking Tools Of Other APT Groups

-The Massive Impact of Vulnerabilities In Critical Infrastructure

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Guernsey Cyber Security Warning for Islanders and Businesses

There has been a rise in cyber-attacks since the war in Ukraine began, according to the States of Guernsey and a cyber-security firm.

The States said: "We have seen a noticeable increase in the number of phishing emails since the war began."

The Channel Islands see more than 10 million cyber attacks every month, according to research by Guernsey firm Black Arrow Cyber Consulting.

It encouraged vigilance, as the islands are not immune to these attacks.

A States spokesman said: "The whole community needs to remain vigilant against such emails, which are designed to appear to be from reputable sources in order to dupe people into providing personal information or access to their device via the clicking of a link."

Bruce McDougall, from Black Arrow Cyber Consulting, said: "Criminals don't let a good opportunity go to waste. So they're conducting scams encouraging people to make false payments in the belief they're collecting for charities."

https://www.bbc.co.uk/news/world-europe-guernsey-60763398

CISOs Face 'Perfect Storm' Of Ransomware and State-Supported Cyber Crime

As some nations turn a blind eye, defence becomes life-or-death matter

With ransomware gangs raiding network after network, and nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.

"There's this marriage right now of financially motivated cyber crime that can have a critical infrastructure and economic impact," Curry said during a CISO roundtable hosted by his endpoint security shop. "And there are some nation states that do what we call state-ignored sanctioning," he continued, using Russia-based REvil and Conti ransomware groups as examples of criminal operations that benefit from their home governments looking the other way. 

"You get the umbrella of sovereignty, and you get the free license to be a privateer in essence," Curry said. "It's not just an economic threat. It's not just a geopolitical threat. It's a perfect storm."

It's probably not a huge surprise to anyone that destructive cyber attacks keep CISOs awake at night. But as chief information security officers across industries — in addition to Curry, the four others on the roundtable spanned retail, biopharmaceuticals, electronics manufacturing, and a cruise line — have watched threats evolve and criminal gangs mature, it becomes a battle to see who can innovate faster; the attackers or the defenders.

https://www.theregister.com/2022/03/18/ciso_security_storm/

Four Key Risks Exacerbated by Russia’s Invasion of Ukraine

Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.

“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.

“As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”

There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues: Talent Risk, Cyber Security Risk, Financial Risk and Supply Chain Risk

https://www.helpnetsecurity.com/2022/03/17/erm-leaders-risk/

These Four Types of Ransomware Make Up Nearly Three-Quarters of Reported Incidents

Any ransomware is a cyber security issue, but some strains are having more of an impact than others.

Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.

According to analysis by cyber security company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice. 

Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare Executive. The group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each.

"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.

https://www.zdnet.com/article/these-four-types-of-ransomware-make-up-nearly-three-quarters-of-reported-incidents/

Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'

The cyber crime underground has fractured into pro-Ukraine and pro-Russia camps, with the latter increasingly focused on critical national infrastructure (CNI) targets in the West, according to a new report from Accenture.

The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm warned that the ideological schism could spell mounting risk for Western organisations as pro-Kremlin criminal groups adopt quasi-hacktivist tactics to choose their next victims.

Organisations in the government, media, finance, insurance, utilities and resources sectors should be braced for more attacks, said ACTI.

https://www.infosecurity-magazine.com/news/critical-infrastructure-threat/

Cyber Insurance War Exclusions Loom Amid Ukraine Crisis

An expanding threat landscape is testing the limits of cyber insurance coverage.

The industry experienced a rapid maturation over the past three years as enterprises required a broader umbrella of insurance coverage to combat increasing cyber risks. While demands and premiums continue to rise, one recent area of contention involves war and hostile acts, an exclusion that's becoming harder to categorize.

A judgment in December, coupled with the Russian invasion last month that posed potential cyber retaliations to Ukraine allies, highlighted shortcomings in insurance policies when it comes to cyber conflicts.

https://www.techtarget.com/searchsecurity/news/252514592/Cyber-insurance-war-exclusions-loom-amid-Ukraine-crisis

Zelenskyy Deepfake Crude, But Still Might Be a Harbinger of Dangers Ahead

Several deepfake video experts called a doctored video of Ukrainian President Volodymyr Zelenskyy that went viral this week before social media platforms removed it a poorly executed example of the form, but nonetheless damaging.

Elements of the Zelenskyy deepfake — which purported to show him calling for surrender — made it easy to debunk, they said. But that won’t always be the case.

https://www.cyberscoop.com/zelenskyy-deepfake-troubles-experts/

Cyber Crooks’ Political In-Fighting Threatens the West

They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.

A rift has formed in the cyber crime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware.

According to a report, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along ideological factions.”

“Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine,” wrote researchers from Accenture’s Cyber Threat Intelligence (ACTI). “However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering.”

What might otherwise seem like a good thing – bad guys fighting bad guys – may in fact pose an increased threat to the West.

https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/

Cloud-Based Email Threats Surge 50% in 2021

There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro.

The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence.

It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020.

The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed.

https://www.infosecurity-magazine.com/news/cloudbased-email-threats-surge-2021/

Millions of New Mobile Malware Strains Blitzed Enterprise in 2021

Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.

Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/millions-of-new-mobile-malware-strains-blitzed-enterprises-in-2021/

UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit

Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.

The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018.

The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.

https://www.theregister.com/2022/03/15/brit_solicitor_fined_for_failing/

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found.

The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.

Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack.

The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as ADFind, NetScan, SoftPerfect, and LaZagne. Also employed is an AccountRestore executable to brute-force administrator credentials and a forked version of a reverse tunneling tool called Ligolo.

https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html

The Massive Impact of Vulnerabilities in Critical Infrastructure

Recent cyber events have shown how extremely vulnerable critical infrastructure is. What are the biggest security concerns?

In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is that there will be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict.

Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyber attacks. Though businesses are ramping up their security initiatives and investments to defend and protect, their efforts have largely been siloed, reactive, and lack business context. Lack of visibility of risk across the estate is a huge problem for this sector.

https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/

Threats

Ransomware

Phishing & Email

Malware

Mobile

IoT

Organised Crime & Criminal Actors

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Supply Chain

DoS/DDoS

Cloud

Privacy

Passwords & Credential Stuffing

Regulations, Fines and Legislation

Spyware, Espionage & Cyber Warfare

Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – Iran

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 December 2021

Black Arrow Cyber Threat Briefing 17 December 2021:

-Employees Think They’re Safe From Cyber Threats On Company Devices

-Internet Is Scrambling To Fix Log4shell, The Worst Hack In History

-Apache Log4j Flaw: A Fukushima Moment for the Cyber Security Industry

-60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low

-Ransomware in 2022: We're All Screwed

-Attacks on UK Firms Increase Five-Fold During Pandemic

-The Log4J Software Flaw Is ‘Christmas Come Early’ for Cyber Criminals

-Why Cloud Storage Isn't Immune to Ransomware

-400 Banks’ Customers Targeted with Anubis Trojan

-Sites Hacked With Credit Card Stealers Undetected For Months

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Employees Think They’re Safe From Cyber Threats On Company Devices

A research launched by Menlo Security reveals increased cyber security risks posed to employees and organisations during the 2021 holiday shopping season.

The research – which surveyed 2,000 employed people in the United States and the United Kingdom – found that while employees are concerned about threats and are taking some measures to mitigate them, they often have false confidence in their security posture.

There are now more threats to corporate devices and networks than ever as hybrid work models blur the boundaries between work and home. More than half of respondents (56% US; 53% UK) reported performing non-work-related tasks – such as online shopping – on company devices.

Furthermore, the survey found that 65% of people in the US (63% UK) are doing more online holiday shopping in 2021 compared to previous years, and nearly half of respondents (48% US; 45% UK), reported shopping for gifts this holiday season on a work-issued device such as a laptop or mobile phone.

Workers are also noticing a rise in cyber threats this holiday season, with 58% of respondents in the US (48% UK) observing an increase in scams and fraudulent messages, exemplifying that threats are rampant worldwide. This is worrying many people, as the vast majority of respondents (80% US & UK) report being somewhat to very concerned about their personal data being stolen while online shopping.

However, despite workers’ recognition and concern of cyber threats, 60% of people (65% UK) still believe they’re secure from cyberthreats if they’re using a company device.

https://www.helpnetsecurity.com/2021/12/14/employees-cybersecurity-risks/

Internet Is Scrambling To Fix Log4shell, The Worst Hack In History

Massive data breaches have become so common that we’ve gotten numb to reports detailing another hack or 0-day exploit. That doesn’t reduce the risk of such events happening, as the cat-and-mouse game between security experts and hackers continues. As some vulnerabilities get fixed, others pop up requiring attention from product and service providers. The newest one has a name that will not mean anything to most people. They call the hack Log4Shell in security briefings, which doesn’t sound very scary. But the new 0-day attack is so significant that some people see it as the worst internet hack in history.

Malicious individuals are already exploiting the Log4Shell attack, which allows them to get into computer systems and servers without a password. Security experts have seen Log4Shell in action in Minecraft, the popular game that Microsoft owns. A few lines of text passed around in a chat might be enough to penetrate the defences of a target computer. The same ease of access would allow hackers to go after any computer out there using the Log4J open-sourced java-based logging utility.

https://bgr.com/tech/internet-is-scrambling-to-fix-log4shell-the-worst-hack-in-history/

Apache Log4j Flaw: A Fukushima Moment for the Cyber Security Industry

Organisations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come.

The discovery of a critical flaw in the Apache Log4j software is nothing short of a Fukushima moment for the cybersecurity industry.

Ten years ago, an earthquake and subsequent tidal wave triggered the meltdown of the Fukushima nuclear power plant that continues to plague the region today. Similarly, the early exploitation of Log4j, during which attackers will go after the low-hanging fruit exposed by the vulnerability, will evolve over time to take the form of more complex attacks on more sensitive systems that have less exposure to the internet. And, just as Fukushima brought to light significant issues with longstanding processes in place at the plant, so too does the Log4j vulnerability, known as Log4Shell, highlight two crucial practices of concern:

·       How organisations capture and protect their massive troves of log data; and

·       The use of open-source code libraries as the building blocks for major enterprise applications.

The paradox of Log4j: the more you log, the worse it gets

We’re discovering new apps every minute which use Log4j in one way or another. It affects not only the code you build, but also the third-party systems you have in place. Everything from the new printer you’ve bought for the office to the ticketing system you’ve just deployed is potentially affected by this flaw. Some affected systems may be on premises, others may be hosted in the cloud but no matter where they are, the flaw is likely to have an impact.

https://www.theregister.com/2021/12/17/vmware_criticial_uem_flaw/

60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low

There is a “dangerous” lack of awareness among UK workers towards cybersecurity, leaving businesses at risk of attacks, according to a new study by Armis. This is despite 60% of workers admitting they have fallen victim to a cyber-attack.

The nationwide survey of 2000 UK employees found that only around a quarter (27%) are aware of the associated cyber risks, while one in 10 (11%) don’t worry about them at all.

Even more worryingly, just one in five people said they paid for online security, putting businesses at high risk of attacks amid the shift to remote working during COVID-19.

The most prevalent types of attacks experienced by workers or their organisations were phishing (27%), data breaches (23%) and malware (20%).

The study also revealed growing concerns about the scale of the cyber-threats facing the UK. A large-scale cyber-attack was ranked as the fourth biggest future concern (21%) among the respondents, equal to the UK going to war. Two-fifths (40%) said they would like to see a minister for cyber security installed to ensure the issue is focused on more at a government level.

Russian-backed cyber-criminals were considered the biggest threat to the UK’s cybersecurity (20%) by the respondents, followed by financially motivated cyber-criminals (17%) and Chinese-backed cyber-criminals (16%).

https://www.infosecurity-magazine.com/news/uk-workers-victim-cyber-attack/

Ransomware in 2022: We're All Screwed

Ransomware is now a primary threat for businesses, and with the past year or so considered the "golden era" for operators, cybersecurity experts believe this criminal enterprise will reach new heights in the future.

Kronos. Colonial Pipeline. JBS. Kaseya. These are only a handful of 2021's high-profile victims of threat groups including DarkSide, REvil, and BlackMatter.

According to Kela's analysis of dark web forum activity, the "perfect" prospective ransomware victim in the US will have a minimum annual revenue of $100 million and preferred access purchases include domain admin rights, as well as entry into Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) services.

Over the past few years, we've seen ransomware operators evolve from disorganised splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains.

Ransomware infection is no longer an end goal of a cyberattack. Instead, malware families in this arena -- including WannaCry, NotPetya, Ryuk, Cerber, and Cryptolocker -- can be one component of attacks designed to elicit a blackmail payment from a victim organisation.

https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/

Attacks on UK Firms Increase Five-Fold During Pandemic

Attacks on UK firms surged five-fold during the pandemic and now cost way more than the global average, according to Accenture.

The global consultancy polled 500 UK executives to compile its State of Cybersecurity Resilience 2021 study.

It found that large organisations experienced 885 attempted cyber-attacks in 2020 – up from 156 the previous year and more than triple the global average of 270.

They’re also more expensive than elsewhere. Accenture calculated that incidents and breaches cost over £1.3m a year – £350,000 more than the global average.

Over 80% of respondents said the cost of staying ahead of cyber-criminals is unsustainable, a fifth more than the previous year, and a quarter said they’ve been forced to increase cybersecurity budgets by 10% or more.

Worryingly, supply chain attacks accounted for 64% of breaches in the UK last year, up by a quarter (26%) from the previous year.

https://www.infosecurity-magazine.com/news/attacks-on-uk-firms-increase/

The Log4J Software Flaw Is ‘Christmas Come Early’ for Cyber Criminals

Researchers have just identified a security flaw in a software program called Log4J, widely used by a host of private, commercial and government entities to record details ranging from usernames and passwords to credit card transactions. Since the glitch was found last weekend, the cybersecurity community has been scrambling to protect applications, services, infrastructure and even Internet of Things devices from criminals—who are already taking advantage of the vulnerability.

“For cybercriminals this is Christmas come early, because the sky’s the limit,” says Theresa Payton, a former White House chief information officer and the CEO of Fortalice Solutions, a cybersecurity consulting company. “They’re really only limited by their imagination, their technical know-how and their own ability to exploit this flaw.” Payton spoke with Scientific American about what Log4J does, how criminals can use its newly discovered weakness, and what it will take to repair the problem.

https://www.scientificamerican.com/article/the-log4j-software-flaw-is-christmas-come-early-for-cybercriminals/

Why Cloud Storage Isn't Immune to Ransomware

Ransomware is the flavour of the month for cybercriminals. The FBI reports that ransomware attacks rose 20% and losses almost tripled in 2020. And our increased use of the cloud may have played a part in that spike. A survey of CISOs conducted by IDC earlier this year found that 98% of their companies suffered at least one cloud data breach in the previous 18 months as opposed to 79% last year, and numbers got worse the more exposure they had to the cloud.

Organisations now use hundreds of cloud-based apps, which adds thousands of new identities logging in to their systems. This opens almost unlimited possibilities for hackers. Even if cloud vendors have their own identity and access management controls, vulnerabilities will emerge. In fact, recent research into cloud security found that over 70% of organisations had machines open to the public that were linked to identities whose permissions were vulnerable, under the right conditions, to being exploited to launch ransomware attacks.

A number of reasons could explain why security falls through the cracks of many cloud systems, and leaves them more vulnerable to ransomware attacks.

https://www.darkreading.com/attacks-breaches/why-cloud-storage-isn-t-immune-to-ransomware

400 Banks’ Customers Targeted with Anubis Trojan

Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A.

Researchers say this is just the beginning.

Once downloaded, the malware – a variant of banking trojan Anubis – steals the user’s personal data to rip them off, researchers at Lookout warned in a new report. And it’s not just customers of big banks at risk, the researchers added: Virtual payment platforms and crypto wallets are also being targeted.

“As a banking trojan malware, Anubis’ goal is to collect significant data about the victim from their mobile device for financial gain,” the Lookout report said. “This is done by intercepting SMSs, keylogging, file exfiltration, screen monitoring, GPS data collection and abuse of the device’s accessibility services.”

https://threatpost.com/400-banks-targeted-anubis-trojan/177038/

Sites Hacked With Credit Card Stealers Undetected For Months

Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers.

Magecart skimming is an attack that involves the injection of malicious JavaScript code on a target website, which runs when the visitor is at the checkout page.

The code can steal payment details such as credit card number, holder name, addresses, and CVV, and send them to the actor.

Threat actors may then use this information for purchasing goods online or sold to other actors on underground forums and dark web marketplaces known as "carding" sites.

https://www.bleepingcomputer.com/news/security/sites-hacked-with-credit-card-stealers-undetected-for-months/

Threats

Ransomware

BEC – Business Email Compromise

Phishing

Other Social Engineering

Malware

Mobile

IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking

Insider Risk and Insider Threats

Fraud & Financial Crime

Nation State Actors

Cloud

Privacy

Spyware and Espionage

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 06 August 2021

Black Arrow Cyber Threat Briefing 06 August 2021:

-Ransomware Volumes Hit Record High

-Ransomware Gangs Recruiting Insiders To Breach Corporate Networks

-More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021

-New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies

-Constant Review Of Third Party Security Critical As Ransomware Threat Climbs

-Kaseya Ransomware Attack Sets Off Race To Hack Service Providers

-Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Volumes Hit Record Highs As 2021 Wears On

Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020.

https://threatpost.com/ransomware-volumes-record-highs-2021/168327/

Ransomware Gangs Recruiting Insiders To Breach Corporate Networks

The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims' networks and encrypt devices. Any ransom payments that victims make are then split between the core group and the affiliate, with the affiliate usually receiving 70-80% of the total amount. However, in many cases, the affiliates purchase access to networks from other third-party pentesters rather than breaching the company themselves. With LockBit 2.0, the ransomware gang is trying to remove the middleman and instead recruit insiders to provide them access to a corporate network.

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/

More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021

Two new reports were released, covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the number of vulnerabilities disclosed.  The company's data breach report found that there were 1,767 publicly reported breaches in the first six months of 2021, a 24% decline compared to the same period last year. The number of reported breaches grew in the US by 1.5% while 18.8 billion records were exposed year to date, a 32% decline compared to the 27.8 billion records leaked in the first half of 2020.

https://www.zdnet.com/article/more-than-12500-vulnerabilities-disclosed-in-first-half-of-2021-risk-based-security/

New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies

Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.

DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organisations that do not want to manage and secure yet another network asset on their own.

These DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration.

https://www.bleepingcomputer.com/news/security/new-dns-vulnerability-allows-nation-state-level-spying-on-companies/

Constant Review Of Third Party Security Critical As Ransomware Threat Climbs

Enterprises typically would give their third-party suppliers "the keys to their castle" after carrying out the usual checks on the vendor's track history and systems, according to a New York-based Forrester analyst who focuses on security and risk. They believed they had done their due diligence before establishing a relationship with the supplier, but they failed to understand that they should be conducting reviews on a regular basis, especially with their critical systems suppliers. Third-party suppliers should have the ability to deal with irregular activities in their systems and the appropriate security architecture in place to prevent any downstream effects, he added.

https://www.zdnet.com/article/constant-review-of-third-party-security-critical-as-ransomware-threat-climbs/

Kaseya Ransomware Attack Sets Off Race To Hack Service Providers

A ransomware attack in July that paralyzed as many as 1,500 organisations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said. An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said. Now that criminals see how powerful MSP attacks can be, "they are already busy, they have already moved on and we don’t know where," said head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.

https://www.reuters.com/technology/kaseya-ransomware-attack-sets-off-race-hack-service-providers-researchers-2021-08-03/

‘It’s Quite Feasible To Start A War’: Just How Dangerous Are Ransomware Hackers?

Secretive gangs are hacking the computers of governments, firms, even hospitals, and demanding huge sums. But if we pay these ransoms, are we creating a ticking time bomb? They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.

https://www.theguardian.com/technology/2021/aug/01/crypto-criminals-hack-the-computer-systems-of-governments-firms-even-hospitals

Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects

A joint advisory from law enforcement agencies in the US, UK, and Australia this week tallied the 30 most-frequently exploited vulnerabilities. Perhaps not surprisingly, the list includes a preponderance of flaws that were disclosed years ago; everything on the list has a patch available for whoever wants to install it. But as we've written about time and again, many companies are slow to push updates through for all kinds of reasons, whether it's a matter of resources, know-how, or an unwillingness to accommodate the downtime often necessary for a software refresh. Given how many of these vulnerabilities can cause remote code execution—you don't want this—hopefully they'll start to make patching more of a priority.

https://www.wired.com/story/top-vulnerabilities-russia-nso-group-iran-security-news/

Average Total Cost Of A Data Breach Increased By Nearly 10% Year Over Year

Based on in-depth analysis of real-world data breaches experienced by over 500 organisations, the global study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year. Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic. The new findings suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.

https://www.helpnetsecurity.com/2021/07/29/total-cost-data-breach/

65% Of All DDoS Attacks Target US And UK

Distributed denial of service (DDoS) attacks are common for cyber criminals who want to disrupt online-dependent businesses. According to the data analysed by a VPN team, 65% of all distributed denial of service (DDoS) attacks are directed at the US or UK. Computers and the internet industry are the favourite among cyber criminals. The United States was a target for 35% of all DDoS attacks in June 2021. Cyber criminals launched DDoS attacks against Amazon Web Services, Google, and other prominent US-based companies in the past. The United Kingdom comes second as it fell victim to 29% of all DDoS attacks. As the UK has many huge businesses, they often are targeted by hackers for valuable data or even a ransom. China was threatened by 18% of all DDoS attacks in June 2021. Assaults from and to China happen primarily due to political reasons, to interrupt some government agency.

https://www.pcr-online.biz/2021/08/05/65-of-all-ddos-attacks-target-us-and-uk/

Threats

Ransomware

Phishing

Other Social Engineering

Malware

Mobile

Vulnerabilities

Data Breaches

OT, ICS, IIoT and SCADA

Organised Crime & Criminal Actors

Cryptocurrency/Cryptojacking

Supply Chain

Nation State Actors

Cloud

Reports Published in the Last Week

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 02 July 2021

Black Arrow Cyber Threat Briefing 02 July 2021: Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit; 71% Of Orgs Experienced BEC Attacks Over The Past Year; Cyber Insurance Making Ransomware Crisis Worse; Breach Exposes 92% Of LinkedIn Users; Users Clueless About Cyber Security Risks; Paying Ransoms Make You A Bigger Target; Cyber Crime Never Sleeps; Classified MOD Docs Found At Bus Stop; Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit

Hackers began a ransomware attack on Friday, hitting at least 200 companies, according to cyber security researchers. 

In what appears to be one of the largest supply chain attacks to date, hackers compromised Kaseya, an IT management software supplier, in order to spread ransomware to the managed service providers that use its technology, as well as to their clients in turn. 

The attacks have been attributed t=to REvil, the notorious Russia-linked ransomware cartel that the FBI claimed was behind recent crippling attack on beef supplier JBS. 

The attack is the latest example of hackers weaponising the IT supply chain in order to attack victims at scale, by breaching just one provider. Last year, it emerged that Russian state-backed hackers had hijacked the SolarWinds IT software group in order to penetrate the email networks of US federal agencies and corporations, for example. 

Late on Friday, Kaseya urged those using the compromised “VSA server” tool, which provides remote monitoring and patching capabilities, to shut it down immediately. 

https://www.ft.com/content/a8e7c9a2-5819-424f-b087-c6f2e8f0c7a1

71% Of Organisations Experienced BEC Attacks Over The Past Year

Business email compromise (BEC) attacks are one of the most financially damaging cyber crimes and have been on the rise over the past year. This is according to a new report which revealed that spoofed email accounts or websites accounted for the highest number of BEC attack as 71% of organisations acknowledged they had seen one over the past year. This is followed by spear phishing (69%) and malware (24%). Data from 270 IT and cyber security professionals were collected to identify the latest enterprise adoption trends, gaps and solution preferences related to phishing attacks.

https://www.helpnetsecurity.com/2021/06/25/bec-attacks-past-year/

Cyber Insurance Isn't Helping With Cyber Security, And It Might Be Making The Ransomware Crisis Worse, Say Researchers

Cyber insurance is designed to protect organisations against the fallout of cyber attacks, including covering the financial costs of dealing with incidents. However, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it's the customer that makes any decision to pay the ransom, not the insurer.

https://www.zdnet.com/article/ransomware-has-become-anc`-existential-threat-that-means-cyber-insurance-is-about-to-change/

LinkedIn Breach Reportedly Exposes Data Of 92% Of Users, Including Inferred Salaries

A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up to date. No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. https://9to5mac.com/2021/06/29/linkedin-breach/

Users Clueless About Cyber Security Risks

Organisations are facing yet another unprecedented threat to their cyber security now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new survey shows the mountains of work ahead for security teams in not just locking down their organisations’ systems but also in keeping users from getting duped into handing over the keys to the kingdom. 2,000 end users were surveyed in the U.S. and found the dangers to critical infrastructure, utilities and food supplies are not sinking in with the public, despite the deluge of headlines.

https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/

Ransomware: Paying Up Won't Stop You From Getting Hit Again, Says Cyber Security Chief

Ireland's Health Service Executive (HSE) has been praised for its response after falling victim to a major ransomware attack and for not giving into cyber criminals and paying a ransom. HSE was hit with Conti ransomware in May, significantly impacting frontline health services. The attackers initially demanded a ransom of $20 million in bitcoin for the decryption key to restore the network. While the gang eventually handed over a decryption key without receiving a ransom, they still published stolen patient data – a common technique by ransomware attackers, designed to pressure victims into paying.

https://www.zdnet.com/article/ransomware-paying-up-wont-stop-you-from-getting-hit-again-says-cybersecurity-chief/

Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk

Phishing attacks, insider threats, denial of service disruptions, malware and ransomware — cyber security incidents like these happen on a daily basis. For most of these incidents, the onsite IT team will remediate based on a pre-developed plan and process. And for many of these incidents, that’s a solid approach. But those incident response plans and strategies are IT oriented and geared toward short-term fixes and single incident responses. Meaning, if an incident accelerates beyond a handful of infected laptops or a compromised server and begins to affect operations of all or even part of the organisation, business itself can be disrupted — or even shut down entirely.

https://securityintelligence.com/posts/incident-response-vs-cyber-crisis-management-plan/

Cyber Crime Never Sleeps

When the Colonial Pipeline fell victim to a ransomware attack, people across the United States were shocked to find that a single episode of cyber crime could lead to widespread delays, gas shortages and soaring prices at the pump. But disruptive ransomware attacks like these are far from rare; in fact, they are becoming more and more frequent. Cyber crime is on the rise, and our cyber security infrastructure desperately needs to keep up. A quick look at the data from the last year confirms that cyber crime is a growing threat. Identity theft doubled in 2020 over 2019.

https://www.newsweek.com/cybercrime-never-sleeps-opinion-1603901

IT, Healthcare And Manufacturing Facing Most Phishing Attacks

Researchers examined more than 905 million emails for the H1 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. Researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked.

https://www.zdnet.com/article/it-healthcare-and-manufacturing-facing-most-phishing-attacks-report/

Classified Ministry Of Defence Documents Found At Bus Stop

Classified Ministry of Defence documents containing details about HMS Defender and the British military have been found at a bus stop in Kent. One set of documents discusses the likely Russian reaction to the ship's passage through Ukrainian waters off the Crimea coast on Wednesday. Another details plans for a possible UK military presence in Afghanistan after the US-led NATO operation there ends. The government said an investigation had been launched.

https://www.bbc.co.uk/news/uk-57624942

Cabinet Office Increases Cyber Security Training Budget By Almost 500%

The UK’s Cabinet Office increased its cyber security training budget to £274,142.85 in the fiscal year 2021 – a 483% increase from the £47,018 spent in the previous year. In its FOI response, the Cabinet Office detailed the cyber security courses attended by its staff, revealing that the number of booked courses grew from 35 in 2019-20 to 428 in the current fiscal year.

https://www.itpro.co.uk/security/cyber-security/360039/cabinet-office-increases-cyber-spending-by-almost-500-amid-cctv

Threats

Ransomware

Phishing

Malware

Mobile

IoT

Data Breaches

Organised Crime & Criminal Actors

 Cryptocurrency/Cryptojacking

OT, ICS, IIoT and SCADA

Nation State Actors

Cloud

Privacy

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 06 November 2020

Cyber Threat Briefing 06 November 2020

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest of open source intelligence (OSINT), collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

2020 could be 'the worst year in cyber security history'

Businesses around the world are severely unprepared to face the sheer scale of cyber threats facing us today, new research has claimed.

The latest 2020 Business Threat Landscape report from security firm Bitdefender has said that this could be the worst year in cyber security history, as despite multiple warnings, many firms still aren't ready to protect themselves.

Bitdefender's report found that the "new normal" of remote working had led many businesses to face difficulties in ensuring their online protection, with 50% of organisations "completely unprepared" to face a scenario in which they had to migrate their entire workforce in a working from home environment.

https://www.techradar.com/news/2020-could-be-the-worst-year-in-cybersecurity-history

Two-Thirds of Financial Services Firms Suffered Cyber-Attack in the Past Year

Almost two-thirds (65%) of large financial services companies have suffered a cyber attack in the past year, while 45% have experienced a rise in attack attempts since the start of the COVID-19 pandemic.

This is according to new research from HelpSystems, which surveyed 250 CISOs and CIOs in global financial services firms about the impact of the pandemic on their cybersecurity.

It highlighted that these organisations are taking cybersecurity increasingly seriously, with 92% stating that they have increased investment in this area over the past 12 months, with 26% doing so by a significant amount. The main targets of this investment have included secure file transfer (64%), protecting the remote workforce (63%) and cloud/office365 (56%).

https://www.infosecurity-magazine.com/news/two-thirds-financial-services/

Proofpoint survey: IT security leaders worry about and are ill-prepared to defeat cyber-attacks

IT security leaders say they are ill-prepared for a cyber attack and believe that human error and a lack of security awareness are major risk factors for their organisations, according to a series of reports and surveys from cyber security vendor Proofpoint. But there are some marked variations in both the rates and the types of cyber attack between the regions surveyed.

It’s a dynamic attack landscape: in the DACH countries of Germany, Austria and Switzerland 67 per cent of IT security leaders say they have suffered at least one attack in the last 12 months, while in Benelux 72 per cent of respondents say their business has suffered at least one cyber attack in the same time period. In Sweden 59 per cent of businesses have been attacked at least once, while in the UAE the figure is much higher at 82 per cent - with 51 per cent of IT security leaders in the UAE saying their business has been targeted multiple times.

https://www.theregister.com/2020/11/05/proofpoint_survey_it_security_leaders/

Akamai sees doubling in malicious internet traffic as remote world’s bad actors boom, too

Akamai Technologies’ CEO said he is impressed by the amazing traffic levels on the internet during the coronavirus pandemic, and the world technology infrastructure’s ability to handle it. But during the stay-at-home boom, the web and cyber security expert also has been closely watching a boom in bad actors.

With so many people working from home, hackers are taking advantage, and massively increasing the number of attacks as daily routine changes caused by the pandemic are prolonged, and become potentially permanent.

“I think the threat actors are trying to take advantage of the pandemic, and of course, the prize is greater now that so much business has moved online”

Quarter-over-quarter — Akamai reported its Q3 results this week — the cyber security and cloud computing company has tracked a doubling of malicious traffic as telecommuting makes for easier targets.

https://www.cnbc.com/2020/10/29/akamai-malicious-net-traffic-doubles-as-remote-world-bad-actors-boom.html

Attacks Against Microsoft’s Remote Desktop Protocol Soar Under Work From Home Measures

The number of Remote Desktop Protocol (RDP) attacks soared by 140% in Q3 compared with the previous quarter, as cyber criminals looked to take advantage of companies relying on remote access while working from home.

RDP makes it possible for one computer to connect to another over a network and control it as though the individual was sat at the keyboard themselves. While the Microsoft tool is useful for businesses and popular among IT administrators, it has increasingly been targeted by hackers who try to gain administrator access to company servers. Once inside they are able to disable security software, steal files, delete data and install malicious software.

Slovak internet security firm ESET detected the surge between July and September, with the number of separate companies reporting brute-force attacks against their RDP connection increasing by 37% quarter-over-quarter.

https://www.verdict.co.uk/rdp-attacks-eset/

Threats

Ransomware

Ransomware gangs that steal your data don't always delete it

Ransomware gangs that steal a company's data and then get paid a ransom fee to delete it don't always follow through on their promise.

The number of cases where something like this has happened has increased, according to a report published by Coveware this week and according to several incidents shared by security researchers with ZDNet researchers over the past few months.

https://www.zdnet.com/article/ransomware-gangs-that-steal-your-data-dont-always-delete-it/

Spike in Emotet activity could mean big payday for ransomware gangs

There's been a massive increase in Emotet attacks and cyber criminals are taking advantage of machines compromised by the malware to launch more malware infections as well as ransomware campaigns.

The October 2020 HP-Bromium Threat Insights Report reports a 1,200% increase in Emotet detections from July to September compared to the previous three months in which deployment of the malware appeared to decline.

https://www.zdnet.com/article/spike-in-emotet-activity-could-mean-big-payday-for-ransomware-gangs/

Italian beverage vendor Campari knocked offline after ransomware attack

Campari Group, the famed Italian beverage vendor behind brands like Campari, Cinzano, and Appleton, has been hit by a ransomware attack and has taken down a large part of its IT network.

The attack took place last Sunday, on November 1, and has been linked to the RagnarLocker ransomware gang, according to a copy of the ransom note shared with ZDNet by a malware researcher who goes online by the name of Pancak3.

https://www.zdnet.com/article/italian-beverage-vendor-campari-knocked-offline-after-ransomware-attack/

Hackney Council still working to restore services as IT boss describes horror at cyber attack

Hackney’s director of information communication technology (ICT) Rob Miller was playing football with his family on a Sunday morning early in October when he got a message letting him know there was a systems outage being investigated at the Town Hall.

By the end of Sunday, the council had moved swiftly to shut down its systems, declared an emergency and notified national agencies after Miller’s team found “clear markers” that the local authority had been hit by a serious cyber attack.

https://www.hackneycitizen.co.uk/2020/11/04/council-still-working-restore-services-boss-horror-cyber-attack/

Leading toy maker Mattel hit by ransomware

Toy industry giant Mattel disclosed that they suffered a ransomware attack in July that impacted some of its business functions but did not lead to data theft.

Mattel is the second-largest toymaker in the world with 24,000 employees and $5.7 billion in revenue for 2019. Mattel is known for its popular brands, including Barbie, Hot Wheels, Fisher-Price, American Girl, and Thomas & Friends.

https://www.bleepingcomputer.com/news/security/leading-toy-maker-mattel-hit-by-ransomware/

Business Email Compromise (BEC)

BEC attacks increase in most industries, invoice and payment fraud rise by 155%

BEC attacks increased 15% quarter-over-quarter, driven by an explosion in invoice and payment fraud, Abnormal Security research reveals.

“As the industry’s only measure of BEC attack volume by industry, our quarterly BEC research is important for CISOs to prepare and stay ahead of attackers,” said Evan Reiser, CEO of Abnormal Security.

“Not only are BEC campaigns continuing to increase overall, they are rising in 75% of industries that we track. Since these attacks are targeted and sophisticated, these increases could indicate an ability for threat actors to scale that may overwhelm some businesses.”

For this research, BEC campaigns across eight major industries were tracked, including retail/consumer goods and manufacturing, technology, energy/infrastructure, services, medical, media/tv, finance and hospitality.

https://www.helpnetsecurity.com/2020/11/03/bec-attacks-increase-quarter-over-quarter/

Phishing

Sneaky Office 365 phishing inverts images to evade detection

A creative Office 365 phishing campaign has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by crawlers designed to spot phishing sites.

These inverted backgrounds are commonly used as part of phishing kits that attempt to clone legitimate login pages as closely as possible to harvest a target's credentials by tricking them into entering them into a fake login form.

https://www.bleepingcomputer.com/news/security/sneaky-office-365-phishing-inverts-images-to-evade-detection/

The BBC Experiences Over 250,000 Malicious Email Attacks Per Day

The British Broadcasting Corporation (BBC), the UK’s public service broadcaster, faces in excess of a quarter of a million malicious email attacks every day, according to data obtained following a Freedom of Information (FoI) request.

The corporation blocked an average of 283,597 malicious emails per day during the first eight months of 2020.

According to the data, every month the BBC receives an average of 6,704,188 emails that are classified as scam or spam as well as 18,662 malware attacks such as viruses, ransomware and spyware. In total, 51,898,393 infected emails were blocked in the period from January to August 2020.

The month which contained the highest amount of recorded incidents was July, when the BBC received 6,787,635 spam and 13,592 malware attempts. The next highest was March, when the COVID-19 first struck the UK, with 6,768,632 spam emails and 14,089 malware attacks.

https://www.infosecurity-magazine.com/news/bbc-experiences-malicious-email/

Malware

US Cyber Command exposes new Russian malware

US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks

Six of the eight samples are for the ComRAT malware (used by the Turla hacking group), while the other two are samples for the Zebrocy malware (used by the APT28 hacking group).

Both ComRAT and Zebrocy are malware families that have been used by Russia hacking groups for years, with ComRAT being deployed in attacks for more than a decade, having evolved from the old Agent.BTZ malware.

https://www.zdnet.com/article/us-cyber-command-exposes-new-russian-malware/

IoT

New data shows just how badly home users overestimate IoT security

A new survey from the National Cyber Security Alliance (NCSA) shows adult workers vastly overestimate the security of the internet devices in their homes.

The survey polled 1,000 adults – 500 aged 18-34 and 500 aged 50-75 – and found that the overwhelming majority of both believed the internet of things devices they owned were secure.

IoT devices, particularly those that are cheap, outdated and hard to upgrade, are widely considered to be an easy target for hackers.  Yet 87 percent of the younger group and 77 percent of the older group said they were either “somewhat” or “very confident” in the security of their connected things

https://www.scmagazine.com/home/security-news/with-work-from-home-booming-new-data-shows-just-how-badly-home-users-overestimate-iot-security/

Vulnerabilities

Windows 10 zero-day could allow hackers to seize control of your computer

A security bug has been discovered that affects every version of the Windows operating system, from Windows 7 to Windows 10. The vulnerability can be found within the Windows Kernel Cryptography Driver and enables attackers to gain admin-level control of a victim’s computer.

The flaw was discovered by Google’s Project Zero security team, which subsequently notified Microsoft. The Redmond-based firm was given seven days to patch the bug before Google published further details – a task that proved beyond the company. 

https://www.techradar.com/uk/news/windows-10-zero-day-could-allow-hackers-to-seize-control-of-your-computer

Adobe warns Windows, MacOS users of critical acrobat and reader flaws

Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. The vulnerabilities could be exploited to execute arbitrary code on affected products.

These critical flaws include a heap-based buffer overflow, out-of-bounds write glitch and two use-after free flaws. The bugs are part of Adobe’s regularly scheduled patches, which overall patched critical-, important- and moderate-severity vulnerabilities tied to 14 CVEs.

https://threatpost.com/adobe-windows-macos-critical-acrobat-reader-flaws/160903/

Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed

Cisco has disclosed a zero-day vulnerability, in the Cisco AnyConnect Secure Mobility Client software with the public availability of a proof-of-concept exploit code.

The flaw resided in the inter-process communication (IPC) channel of Cisco AnyConnect Client, it can be exploited by authenticated and local attackers to execute malicious scripts via a targeted user.

https://securityaffairs.co/wordpress/110414/security/zero-day-cisco-anyconnect-secure-mobility-client.html

Critical bug actively used to deploy Cobalt Strike on Oracle servers

Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices.

Cobalt Strike is a legitimate penetration testing tool also used by threat actors in post-exploitation tasks and to deploy so-called beacons that enable them to gain persistent remote access.

This later allows them to access the compromised servers to harvest data and to deploy second stage malware payloads.

https://www.bleepingcomputer.com/news/security/critical-bug-actively-used-to-deploy-cobalt-strike-on-oracle-servers/

Oracle Solaris Zero-Day Attack Revealed

A previously known threat group, called UNC1945, has been compromising telecommunications companies and targeting financial and professional consulting industries, by exploiting a security flaw in Oracle’s Solaris operating system.

Researchers said that the group was exploiting the bug when it was a zero-day, long before a patch arrived.

The bug, was recently addressed in Oracle’s October 2020 Critical Patch Update. The vulnerability exists in the Oracle Solaris Pluggable Authentication Module (PAM) and allows an unauthenticated attacker with network access via multiple protocols to exploit and compromise the operating system. Threat actors utilized a remote exploitation tool, which researchers call “EVILSUN,” to exploit the flaw.

https://threatpost.com/oracle-solaris-zero-day-attack/160929/

Data Breaches

Marriott Hotels fined £18.4m for data breach that hit millions

The UK's data privacy watchdog has fined the Marriott Hotels chain £18.4m for a major data breach that may have affected up to 339 million guests.

The Information Commissioner's Office (ICO) said names, contact information, and passport details may all have been compromised in a cyber-attack.

The breach included seven million guest records for people in the UK.

The ICO said the company failed to put appropriate safeguards in place but acknowledged it had improved.

https://www.bbc.co.uk/news/technology-54748843

23,600 hacked databases have leaked from a defunct 'data breach index' site

More than 23,000 hacked databases have been made available for download on several hacking forums and Telegram channels in what threat intel analysts are calling the biggest leak of its kind.

The database collection is said to have originated from Cit0Day.in, a private service advertised on hacking forums to other cybercriminals.

Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee.

Cybercriminals would then use the site to identify possible passwords for targeted users and then attempt to breach their accounts at other, more high-profile sites.

https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/

Reports Published in the Last Week

NCSC defends UK from more than 700 cyber attacks while supporting national pandemic response

The NCSC's fourth Annual Review reveals its ongoing work against cyber attacks, support for the UK during the coronavirus pandemic.

https://www.ncsc.gov.uk/news/ncsc-defends-uk-700-cyber-attack-national-pandemic

Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues

The Coveware Quarterly Ransomware Report describes ransomware incident response trends during Q3 of 2020. Ransomware groups continue to leverage data exfiltration as a tactic, though trust that stolen data will be deleted is eroding as defaults become more frequent when exfiltrated data is made public despite the victim paying. In Q3, Coveware saw the Maze group sunset their operations as the active affiliates migrated to Egregor (a fork of Maze). We also saw the return of the original Ryuk group, which has been dormant since the end of Q1.

https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More