Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 20 August 2021
Black Arrow Cyber Threat Briefing 20 August 2021:
-Third of Global Companies Have Experienced Ransomware Attack, Survey Finds
-Company Size Is A Nonissue With Automated Cyberattack Tools
-60% Of Employees Reuse Passwords Across Business And Personal Accounts
-LockBit 2.0 Ransomware Proliferates Globally
-Secret Terrorist Watchlist With 2 Million Records Exposed Online
-Phishing Costs Quadruple Over 6 Years
-Security Teams Report Rise In Cyber Risk
-Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
A Third of Global Companies Have Experienced Ransomware Attack, Survey Finds
Roughly a third of large international companies have faced a ransomware attack or other data breach in the last 12 months, according to a new survey.
Analysts surveyed almost 800 companies and found 37% of international companies experienced ransomware attacks this past year. The survey focused on companies with more than 500 employees.
Company Size Is A Nonissue With Automated Cyber Attack Tools
Even with plenty of old problems to contend with, firms need to get ready for new and more powerful automated ransomware tools.
Cyber criminals are constantly looking for the best return on their investment and solutions that lower the chance of being caught. Sadly, that appears to mean small businesses are their current target of opportunity.
Tech media and cyber pundits have been sounding the alarm and offering small businesses specific cybersecurity solutions for a few years now, but it seems to no avail.
https://www.techrepublic.com/article/company-size-is-a-nonissue-with-automated-cyberattack-tools/
Over 60% Of Employees Reuse Passwords Across Business And Personal Accounts
Nearly two thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue. Surprisingly, 97% of employees know what constitutes a strong password, yet over half (53%) admit to not always using one.
http://hrnews.co.uk/over-60-of-employees-reuse-passwords-across-business-and-personal/
LockBit 2.0 Ransomware Proliferates Globally
Fresh attacks target companies’ employees, promising millions of dollars in exchange for valid account credentials for initial access.
The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.
https://threatpost.com/lockbit-ransomware-proliferates-globally/168746/
Secret Terrorist Watchlist With 2 Million Records Exposed Online
A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.
The list was left accessible on an Elasticsearch cluster that had no password on it.
Phishing Costs Nearly Quadrupled Over 6 Years
Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not pay-outs to crooks.
Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large US companies are now losing, on average, $14.8 million annually, or $1,500 per employee.
That’s up sharply from 2015’s figure of $3.8 million, according to a new study from Ponemon Institute that was sponsored by Proofpoint.
According to the study, released Tuesday, phishing leads to some of the costliest cyber attacks.
https://threatpost.com/phishing-costs-quadrupled/168716/
Security Teams Report Rise In Cyber Risk
A recent report shows declining confidence in many organisations’ security function to address today’s threats.
80% of respondents to the Trend Micro’s biannual Cyber Risk Index (CRI) report said they expect to experience a data breach that compromises customer data in the next 12 months.
The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets.
Organisations are overwhelmed as they pivot from traditional to distributed networks. Pandemic-driven work-from-home growth is potentially how businesses will be run going forward. That distributed network means that it’s harder for IT staff to know what assets are under their control and what security controls should be in place. With the line blurring between corporate and personal assets, organizations are overwhelmed with the pace of change.
https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html
Organisations Aware Of The Importance Of Zero Trust, Yet Still Relying On Passwords
Organisations have become more security conscious over the course of the pandemic, leading them to invest heavily in zero trust, according to a new study.
The report surveyed over 600 global security leaders about their initiatives and found that remote work has led to a change in how organizations view the importance of zero trust, with financial services, healthcare organisations and the software industry seeing the most significant progress.
78% of companies globally say that zero trust has increased in priority and nearly 90% are currently working on a zero trust initiative, up from just 41% a year ago.
https://www.helpnetsecurity.com/2021/08/11/importance-of-zero-trust/
Reliance On Third Party Workers Making Companies More Vulnerable To Cyber Attacks
A new survey revealed 83% of respondents agree that because organisations increasingly rely on contractors, freelancers, and other third party workers, their data systems have become more vulnerable to cyber attacks.
Further, 88% of people say organisations and government entities must have better data security systems in place to protect them from the increase in third party remote attacks.
Recent high-profile breaches, including SolarWinds, Colonial Pipeline, and JBS Foods, have exposed how vulnerable organisations are to cyber crime and in particular ransomware attacks. Of note with recent attacks is how data breaches can quickly affect aspects of everyday life, such as the ability to fill a car with petrol or buy meat at the supermarket.
https://www.helpnetsecurity.com/2021/08/16/reliance-on-third-party-workers/
The Cyber Security Skills Gap Persists For The Fifth Year Running
Most organisations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.
T-Mobile Hack Is A Return To The Roots Of Cyber Crime
In the world of cyber crime, ransomware attacks might be the sophisticated bank heists. The hack of T-Mobile is more akin to smashing a window, grabbing merchandise, and running.
The attack that exposed the personal information of millions of T-Mobile customers spotlights a common type of cyber threat that can inflict significant damage to consumers, much like the recent rash of ransomware attacks hitting companies.
The breach exposed the data of more than 40 million people, T-Mobile confirmed Wednesday, including customer’s full names and driver’s license information. A hacker posted about the stolen information on a cyber crime forum late last week, offering to sell the information to buyers for the price of six bitcoin, or about $270,000.
This type of attack, in which hackers worm their way into companies’ systems, steal data and try to sell it online, has been a common tactic for years, cyber security experts say. Unlike the high-profile ransomware attacks that have disrupted fuel supplies, hospital systems and food production in recent months, these data exfiltration hacks do not lock down computer systems.
https://www.washingtonpost.com/technology/2021/08/19/tmobile-breach-data-hacks/
Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks
The first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, a new report reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May.
Bad actors continue to utilise phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on.
https://www.helpnetsecurity.com/2021/08/19/phishing-attacks-h1-2021/
Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily
A new report has shined a light on the state of connected devices. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020). These devices include medical and manufacturing devices that are critical to business operations along with network devices, IP phones, video surveillance cameras and facility devices (such as badge readers) that are not designed with security in mind, cannot be patched, and cannot support endpoint security agents.
With almost half of devices in the network that are either agentless or un-agentable, organisations need to complement their endpoint security strategy with a network-based security approach to discover and secure these devices.
https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/
Threats
Ransomware
John Oliver On Ransomware Attacks: ‘It’s In Everyone’s Interest To Tet This Under Control’
Device Complexity Leaving Schools At Heightened Risk Of Ransomware Attacks
This Ransomware Has Returned With New Techniques To Make Attacks More Effective
Diavol Ransomware Sample Shows Stronger Connection To TrickBot Gang
Ransomware Criminals' Demands Rise As Aggressive Tactics Pay Off
BEC
Phishing
Other Social Engineering
Malware
Malware Campaign Uses Clever 'Captcha' To Bypass Browser Warning
Malware Dev Infects Own PC And Data Ends Up On Intel Platform
Researchers Discover New AdLoad Malware Campaigns Targeting Macs And Apple Products
Mobile
IOT
Vulnerabilities
Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly A Million IoT Devices
Unpatched Remote Hacking Flaw Disclosed In Fortinet's FortiWeb WAF
65 Vendors Affected By Severe Vulnerabilities In Realtek Chips
Eight-Year-Old Bug In Microsoft's 64-Bit VBA Prompts Complaints Of Neglect
Cisco Won’t Fix Zero-Day RCE Vulnerability In End-Of-Life VPN Routers
Data Breaches/Leaks
Chase Bank Accidentally Leaked Customer Info To Other Customers
Colonial Pipeline Reports Data Breach After May Ransomware Attack
Ford Bug Exposed Customer And Employee Records From Internal Systems
Dark Web
Dark Web Blockchain Analysis Tool Suspended After Flurry Of Media Coverage
Dark Web Drug Dealer Indicted For Laundering $137 Million In Bitcoin From Prison
Dark Web Criminals Have Built A Tool That Checks For Dirty Bitcoin
Supply Chain
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
Cloud
Other News
Threat Actors Hacked US Census Bureau In 2020 By Exploiting A Citrix Flaw
Cyber Security Is Top Priority For Enterprises As They Shift To Digital-First Operating Models
SMEs Awareness Of GDPR Is High, But Few Adhere To Its Legal Requirements
Hacker Finds A Way To Steal Windows 365 User Names And Passwords
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 June 2021
Black Arrow Cyber Threat Briefing 18 June 2021: Ransomware Now Ranks As UK’s Top Cyber Security Danger; 54% of all employees reuse passwords across accounts; Most Firms Face Second Ransomware Attack After Paying Off First; Bad Cyber Security Behaviours Plaguing The Remote Workforce; VPN Attacks Up Nearly 2000% As Companies Embrace A Hybrid Workplace; Over 65,000 Ransomware Attacks Expected In 2021; Business Leaders Now Feel More Vulnerable To Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Now Ranks As UK’s Top Cyber Security Danger
Ransomware hackers are now the biggest cyber security threat in the UK for the majority of individuals and businesses in the region, Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC), said in a speech. “For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,” Cameron said in the speech at the second annual cyber security meeting at the Royal United Services Institute (RUSI), the oldest independent defense and security think tank worldwide.
54% of all employees reuse passwords across multiple work accounts
Results of a study into current attitudes and adaptability to at-home corporate cyber security, employee training, and support in the current global hybrid working era revealed some interesting results. The report surveyed 3,006 employees, business owners, and C-suite executives at large organisations (250+ employees), who have worked from home and use work issued devices in the UK, France and Germany.
According to the findings 54% of all employees use the same passwords across multiple work accounts. 22% of respondents still keep track of passwords by writing them down, including 41% of business owners and 32% of C-level executives.
42% of respondents admit to using work-issued devices for personal reasons daily while working from home. Of these, 29% are using work devices for banking and shopping, and 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with 23% of business owners and 15% of C-level respondents using them for illegal streaming/watching TV.
A year after the pandemic began and work-from-home policies were implemented, 37% of all employees across all sectors are yet to receive cyber security training to work from home, leaving businesses largely exposed to evolving risks. 43% of all employees suggest that cyber security isn’t the responsibility of the workforce, with 60% believing this should be handled by IT teams.
https://www.helpnetsecurity.com/2021/06/10/employees-reuse-passwords-across-multiple-work-accounts/
VPN Attacks Up Nearly 2000% As Companies Embrace A Hybrid Workplace
In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware. “2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organisations, which is what we started to see in Q1 and are continuing to see today.”
https://www.helpnetsecurity.com/2021/06/15/vpn-attacks-up/
Most Firms Face Second Ransomware Attack After Paying Off First
Most businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack. And almost half of those that pay up say some or all their data retrieved were corrupted. Some 80% of organisations that paid ransom demands experienced a second attack, of which 46% believed the subsequent ransomware to be caused by the same hackers. Amongst those that paid to regain access to their systems, 46% said at least some of their data was corrupted, according to a survey released Wednesday. The study polled 1,263 security professionals in seven markets worldwide, including 100 in Singapore, as well as respondents in Germany, France, the US, and UK.
https://www.zdnet.com/article/most-firms-face-second-ransomware-attack-after-paying-off-first/
Over 65,000 Ransomware Attacks Expected In 2021: Former Cisco CEO
U.S. companies are expected to endure over 65,000 ransomware attacks this year — and that's “a conservative number,” according to John Chambers, former CEO of Cisco Systems. With McDonald’s, JBS, and Colonial Pipeline Co. all recently coming under cyber attacks, Chambers does not foresee an end to the onslaught of cyber security threats anytime soon. He estimated that the number of ransomware attacks in 2021 could end up being as high as 100,000, with each one costing companies an average of $170,000. In the case of Colonial, just one password was needed for hackers to compromise the entire company’s IT infrastructure. This led to Colonial and JBS paying a combined $15 million in ransom against FBI advice.
Business Leaders Now Feel More Vulnerable To Cyber Attacks
Geographically speaking, 55% of US and 49% of UK respondents have experienced the most severe impact to their network security due to these attacks (suggesting that their businesses are more of a target than those in continental Europe) which, in turn, has resulted in a clear majority of respondents (60%) increasing their investment in this area. A sizeable 68% of leaders said their company has experienced a DDoS attack in the last 12 months with the UK (76%) and the US (73%) experiencing a significantly higher proportion compared to 59% of their German and 56% French counterparts. Additionally, over half of the leaders who participated in the survey confirmed that they specifically experienced a DDoS ransom or extortion attack in that time, with a large number of them (65%) targeted at UK companies, compared with the relatively low number in France (38%).
https://www.helpnetsecurity.com/2021/06/14/business-leaders-feel-vulnerable-cyber-attacks/
Ransomware Gang Turns To Revenge Porn
At least one ransomware gang has taken a rare and highly invasive step in order to convince its victims to pay: leaking nude images allegedly uncovered as part of their hack of a target company. The news presents an escalation in the world of ransomware and digital extortion, and comes as the U.S. government and other countries discuss new measures to curb the spike in ransomware incidents. Ransomware groups have recently targeted, and in some cases extracted payment from, the Colonial Pipeline Company, meat producer JBS, and the Irish healthcare system. Locking down computers with ransomware can already have a substantial impact on business operations; leaking information on top of that can present victims with another risk. But posting nude images publicly on the internet threatens to make extortion of organisations a much more personal matter.
https://www.vice.com/en/article/z3xzby/ransomware-gang-revenge-porn-leaks-nude-images
Bank Of America Spends Over $1 Billion Per Year On Cyber Security
Bank of America CEO Brian Moynihan said Monday that the company has ramped its cyber security spending to over $1 billion a year. “I became CEO 11 and a half years ago, and we probably spent three to $400 million [per year] and we’re up over a billion now,” Moynihan said on CNBC’s “Squawk Box.” “The institutions around us, other institutions and my peers, spend like amounts, and our contracting parties spend like amounts,” he added. “In other words, we cause spending in third parties that provide services to us to protect us in the same way. So there’s a lot of money being spend on this, and I think one of the things our industry has done a great job of is work together.”
https://www.cnbc.com/2021/06/14/bank-of-america-spends-over-1-billion-per-year-on-cybersecurity.html
Bad Cyber Security Behaviours Plaguing The Remote Workforce
According to the report, younger employees are most likely to admit they cut cyber security corners, with 51% of 16-24 year olds and 46% of 25-34 year olds reporting they’ve used security workarounds. In addition, 39% say the cyber security behaviours they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.
https://www.helpnetsecurity.com/2021/06/16/cybersecurity-behaviors/
Threats
Ransomware
Why Backups Are Not The Panacea For Recovery From A Ransomware Attack
Ryuk Ransomware Recovery Cost Us $8.1m And Counting, Says Baltimore School Authority
Experts Shed Light On Distinctive Tactics Used By Hades Ransomware
The latest Revil Ransomware Victim? Sol Oriens. Oh, A US Nuclear Weapons Contractor
BEC
Phishing
Malware
Vulnerabilities
Update Your Chrome Browser To Patch Yet Another 0-Day Exploited In-The-Wild
Vulnerability In Microsoft Teams Granted Attackers Access To Emails, Messages, And Personal Files
Critical Remote Code Execution Flaw In Thousands Of VMWare vCenter Servers Remains Unpatched
Data Breaches
UK Listed Law Firm Gateley Admits Client Data Lost Through Cyber Attack
Alibaba Suffers Billion-Item Data Leak Of Usernames And Mobile Numbers
Maritime Firm HMM Suffers Security Breach And Cyber Attack On Its Email Systems
Mensa Data Spillage Was Due to 'Unauthorised Internal Download'
Volkswagen, Audi Disclose Data Breach Impacting Over 3.3 Million Customers, Interested Buyers
Organised Crime & Criminal Actors
Cryptocurrency
Supply Chain
OT, ICS, IIoT and SCADA
Nation State Actors
Biden Says He Told Putin U.S. Will Hack Back Against Future Russian Cyber Attacks
Little-Noticed Cyber Spying Campaign Blamed On China Was Much Wider Than Thought
Denial of Service
Cloud
Privacy
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 May 2021
Black Arrow Cyber Threat Briefing 21 May 2021: Ransomware Attacks Are Spiking. Is Your Company Prepared?; Ban Ransom Payments To Hackers, Urges Ex-GCHQ Boss; How Penetration Testing Can Promote A False Sense Of Security; Ransomware’s New Swindle - Triple Extortion; ‘It’s A Battle, It’s Warfare’ - Experts Seek To Defeat Ransomware Attackers; 5 Reasons Why Enterprises Need Cyber Security Awareness And Training; 10 Emerging Cyber Security Trends To Watch In 2021
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
5 Reasons Why Enterprises Need Cyber Security Awareness And Training
Research shows that most cyber attacks rely on exploiting the human factor with the help of creative and innovative phishing techniques and other attack vectors. Almost 90% of all data breaches are caused due to human error. Therefore, even if an organisation has a robust cyber security infrastructure in place, the absence of cyber security awareness among employees can leave a huge gap in its cyber security framework. This gap can be easily exploited by cyber criminals to launch various types of cyber attacks. Hence, cyber security awareness and training are very much needed for any enterprise to secure it against cyber attacks.
Ban Ransom Payments To Hackers, Urges Ex-GCHQ Boss
Britain’s former cyber security chief has called for a ban on ransomware payments after the Irish health service became the latest to be hit by a major attack from international criminals. Ciaran Martin, the founding chief executive of GCHQ’s National Cyber Security Centre (NCSC), said that making payments illegal would help to break the lucrative global hacking business model. Martin said that businesses were helping to fund the organised criminals who locked and stole their data. “At the moment you can pay to make it quietly go away. There’s no legal obligations involved,” he said. “There’s no obligation to report to anybody, there’s no traceability of payment of crypto currency. We have allowed this to spiral in an invisible way.”
Ransomware’s New Swindle: Triple Extortion
Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial breach to grab even more cash for their crimes. Check Point’s latest ransomware report found that over the past year, ransomware payments have spiked by 171 percent, averaging about $310,000 — and that globally, the number of attacks has surged by 102 percent.
https://threatpost.com/ransomwares-swindle-triple-extortion/166149/
‘It’s A Battle, It’s Warfare’: Experts Seek To Defeat Ransomware Attackers
Cyber security experts like to joke that the hackers who have turned ransomware attacks into a multibillion-dollar industry are often more professional than even their biggest victims. Ransomware attacks — when cyber attackers lock up their target’s computer systems or data until a ransom is paid — returned to the spotlight this week after attacks hit one of the biggest petroleum pipelines in the US, Toshiba’s European business, and Ireland’s health service. While governments have pledged to tackle the problem, experts said the criminal gangs have become more enterprising and continue to have the upper hand. For businesses, they said, there is more pain to come. “This is probably the biggest conundrum in security because companies have to decide how far they participate in this cat-and-mouse game,” said Myrna Soto, former chief strategy and trust officer at Forcepoint and current board member of gas and electricity group Consumers Energy. “It’s a battle, it’s warfare, to be honest.”
https://www.ft.com/content/b48a2d70-4a8c-4407-83a2-59cd055068f8
Colonial Pipeline Boss Confirms $4.4M Ransom Payment
Its boss told the Wall Street Journal he authorised the payment on 7 May because of uncertainty over how long the shutdown would continue. "I know that's a highly controversial decision," Joseph Blount said in his first interview since the hack. The 5,500-mile (8,900-km) pipeline carries 2.5 million barrels a day. According to the firm, it carries 45% of the East Coast's supply of diesel, petrol and jet fuel. Chief executive Mr Blount told the newspaper that the firm decided to pay the ransom after discussions with experts who had previously dealt with DarkSide, the criminal organisation behind the attack.
https://www.bbc.co.uk/news/business-57178503
10 Emerging Cyber Security Trends To Watch In 2021
A flurry of new threats, technologies and business models have emerged in the cyber security space as the world shifted to a remote work model in response to the COVID-19 pandemic. The lack of a network perimeter in this new world accelerated the adoption of SASE (secure access service edge), zero trust and XDR (extended detection and response) to ensure remote users and their data are protected. Adversaries have taken advantage of the complexity introduced by newly remote workforces to falsely impersonate legitimate users through credential theft and have upped the ante by targeting customers in the victim’s supply chain. The ability to monetize ransomware attacks by threatening to publicly leak victim data has made it more lucrative, while employers continue to fend off insiders with an agenda.
https://www.crn.com/news/security/10-emerging-cybersecurity-trends-to-watch-in-2021
How Penetration Testing Can Promote A False Sense Of Security
Rob Gurzeev is concerned about blind spots—past and present. In his DarkReading article Defending the Castle: How World History Can Teach Cyber security a Lesson, Gurzeev mentioned, "Military battles bring direct lessons and, I find, often serve as a reminder that attack surface blind spots have been an Achilles' heel for defenders for a long time." "Cyber security attackers follow this same principle today," wrote Gurzeev. "Companies typically have a sizable number of IT assets within their external attack surface they neither monitor nor defend and probably do not know about in the first place."
https://www.techrepublic.com/article/how-penetration-testing-can-promote-a-false-sense-of-security/
Ransomware Attacks Are Only Getting Worse, Darkside Group "Quits," But That May Just Be A Strategy
Earlier this month, a hacker group named DarkSide launched a ransomware attack against the business network of the Colonial Pipeline, forcing the company to shut down the 5,500-mile main pipeline and leading to fuel shortages in 17 states and Washington DC last week. According to a Bloomberg report, Colonial paid 75 Bitcoin (around $5 million on the day of the transaction) in ransom to the Eastern European hackers, but officially the company has maintained a different narrative of not having any intention of paying the extortion fee in crypto currency, as the DarkSide group had demanded. However, the Georgia-based company is said to have made the payment within hours of the attack, possibly using a cyber insurance policy to cover it.
https://www.techspot.com/news/89689-ransomware-attacks-only-getting-worse-darkside-group-quits.html
Learning From Cyber Attacks Could Be The Key To Stopping Them
Organisations should use major cyber incidents as a way to think through the core of their security strategies in order to prevent or recover better from similar attacks. "A significant cyber incident is really an opportunity; because it's an opportunity to focus on the core issues that led to these cyber incidents," said Anne Neuberger, deputy national security advisor for cyber and emerging technology at the White House, speaking at the UK National Cyber Security Centre's (NCSC) CYBERUK 21 virtual conference. Neuberger said that whether it's something like the SolarWinds sophisticated supply chain attack or the Colonial Pipeline ransomware incident, "we know that vulnerabilities across software and hardware can bring on larger concerns", but that looking at the core issues can help everyone improve their security.
https://www.zdnet.com/article/learning-from-cyber-attacks-could-be-the-key-to-stopping-them/
Microsoft Remote Desktop Protocol (RDP) Allegedly Has An Alarming Active Vulnerability
The Remote Desktop Protocol (RDP) is an incredibly useful feature used by likely millions of people every day. Considering it is free and preinstalled from Microsoft, it beats out most other Windows-based remote desktop software with ease. This, however, does not give it a free pass from having flaws; however, as a security researcher has discovered his password in cleartext within the RDP service’s memory. Researcher Jonas Lykkegård of the Secret Club, a group of hackers, seems to stumble across interesting things from time to time. He recently posted to Twitter about finding a password in cleartext in memory after using the RDP service. It seems he could not believe what he had found, as he tested it again and produced the same results using a new local account.
Amazon’s Ring Is The Largest Civilian Surveillance Network The US Has Ever Seen
In a 2020 letter to management, Max Eliaser, an Amazon software engineer, said Ring is “simply not compatible with a free society”. We should take his claim seriously. Ring video doorbells, Amazon’s signature home security product, pose a serious threat to a free and democratic society. Not only is Ring’s surveillance network spreading rapidly, it is extending the reach of law enforcement into private property and expanding the surveillance of everyday life. What’s more, once Ring users agree to release video content to law enforcement, there is no way to revoke access and few limitations on how that content can be used, stored, and with whom it can be shared.
Ransomware Attacks Are Spiking. Is Your Company Prepared?
With the migration to remote work over the last year, cyber attacks have increased exponentially. We saw more attacks of every kind, but the headline for 2020 was ransom attacks, which were up 150% over the previous year. The amount paid by victims of these attacks increased more than 300% in 2020. Already 2021 has seen a dramatic increase in this activity, with high-profile ransom attacks against critical infrastructure, private companies, and municipalities grabbing headlines on a daily basis. The amount of ransom demanded also has significantly increased this year, with some demands reaching tens of millions of dollars. And the attacks have become more sophisticated, with threat actors seizing sensitive company data and holding it hostage for payment.
https://hbr.org/2021/05/ransomware-attacks-are-spiking-is-your-company-prepared
Threats
Ransomware
Insurer AXA Hit By Ransomware After Dropping Support For Ransom Payments
One Of The US’s Largest Insurance Companies Reportedly Paid $40 Million To Ransomware Hackers
Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data
Phishing
Other Social Engineering
Malware
Mobile
IoT
Four New Video Doorbells And Home Security Cameras Are Vulnerable To Hacking
EufyCam Users Should Turn Off Their Security Cams Immediately
Vulnerabilities
QNAP Warns Of eCh0raix Ransomware Attacks, Roon Server Zero-Day
Cross-Browser Tracking Vulnerability Tracks You Via Installed Apps
Cryptocurrency
Supply Chain
Nation State Actors
Denial of Service
Cloud
Governance, Risk and Compliance
Reports Published in the Last Week
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 14 May 2021
Black Arrow Cyber Threat Briefing 14 May 2021: Two Thirds Of CISOs Expect Damaging Cyber Attack In Next 12 Months; Ransomware - Don't Pay, It Just Shows Cyber Criminals That Attacks Work; Most Significant Cyber Attacks 2006-2020; The Shape Of Fraud And Cyber Crime, 10 Things We Learned From 2020; US Pipeline Ransomware Serves As Warning To Persistent Corporate Inertia Over Security; Ransomware Attackers Now Using Triple Extortion Tactics; AXA Pledges To Stop Reimbursing French Ransomware Victims; Cyber Experts Warn Over Online Wine Scams
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Two Thirds Of CISOs Across World Expect Damaging Cyber Attack In Next 12 Months
More than 1,000 CISOs around the world have expressed concerns about the security ramifications of the massive shift to remote work since the beginning of the pandemic. One hundred CISOs from the US, Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, and Singapore were interviewed for the report, with many highlighting significant problems in the current cyber security landscape.
Ransomware: Don't Pay Up, It Just Shows Cyber Criminals That Attacks Work, Warns Home Secretary
For victims of ransomware attacks, paying the ransom does not guarantee that their network will be restored – and handing money to criminals only encourages them to try their luck infecting more companies with the file-encrypting malware. The impact of ransomware attacks continues to rise as cyber criminals encrypt networks, while also blackmailing victims with the prospect of stolen data being published, to generate as much money as possible from extortion.
The Most Significant Cyber Attacks From 2006-2020, By Country
Committing a cyber crime can have serious consequences. In the US, a cyber criminal can receive up to 20 years in prison for hacking into a government institution if it compromises national security. Yet, despite the consequences, cyber criminals continue to wreak havoc across the globe. But some countries seem to be targeted more than others. Using data from SpecOps Software, this graphic looks at the countries that have experienced the most significant cyber attacks over the last two decades.
https://www.visualcapitalist.com/cyber-attacks-worldwide-2006-2020/
The Shape Of Fraud And Cyber Crime: 10 Things We Learned From 2020
While it remains true that the older you are, the greater the financial loss, why would fraudsters target the young, who are arguably less well off? The answer lies in volume. Criminals have been offsetting higher monetary gain for higher attack rates, capitalising on the fact that the young are perhaps both more liberal with personal information (and privacy in general) and, at the same time, heavy digital users (social media, surveys, games, and so on). In fact, it is scary to see how much value the humble email address can have for criminals. We often forget that once obtained, it can be used further down the line to commit more fraud.
Is Third-Party Software Leaving You Vulnerable To Cyber Attacks?
When companies buy digital products, they expect them to be secure. In most cases, they do not test for vulnerabilities down the digital supply chain — and do not even have adequate processes or tools to do so. Hackers have taken note, and incidents of supply chain cyber attacks, which exploit weaknesses within the digital supply chain to break into organisations’ internal networks, are on the rise. As a result, there have been many headline incidents that not only bring shame to the companies involved, but rachet up the visibility of these threats to top executives who want to know their offerings are secure.
https://hbr.org/2021/05/is-third-party-software-leaving-you-vulnerable-to-cyberattacks
US Pipeline Ransomware Attack Serves As Fair Warning To Persistent Corporate Inertia Over Security
Organisations that continue to disregard the need to ensure they have adopted basic cyber security hygiene practices should be taken to task. This will be critical, especially as cyber criminals turn their attention to sectors where cyber threats can result in real-world risks, as demonstrated in the US Colonial Pipeline attack. In many of my conversations with cyber security experts, there is a shared sense of frustration that businesses still are failing to get some of the most basic things right. Default passwords are left unchanged, frontline staff and employees are still falling for common scams and phishing attacks, and major businesses think nothing of using technology that are decades old.
Ransomware Attackers Are Now Using Triple Extortion Tactics
The number of organisations affected by ransomware so far this year has more than doubled, compared with the same period in 2020, according to the report. Since April, Check Point researchers have observed an average of 1,000 organisations impacted by ransomware every week. For all of 2020, ransomware cost businesses worldwide around $20 billion, more than 75% higher than the amount in 2019. The healthcare sector has been seeing the highest volume of ransomware with around 109 attacks per organization each week. Amid news of a ransomware attack against gas pipeline company Colonial Pipeline, the utilities sector has experienced 59 attacks per organization per week. Organisations in the insurance and legal sector have been affected by 34 such attacks each week.
https://www.techrepublic.com/article/ransomware-attackers-are-now-using-triple-extortion-tactics/
AXA Pledges To Stop Reimbursing Ransom Payments For French Ransomware Victims
Insurance company AXA has revealed that, at the request of French government officials, it will end cyber insurance policies in France that pay ransomware victims back for ransoms paid out to cyber criminals. While unconfirmed, the Associated Press reported that the move was an industry first. AXA is one of the five biggest insurers in Europe and made the decision as ransomware attacks become a daily occurrence for organisations across the world.
The Dystopic Future Of Cyber Security And The Importance Of Empowering CISOs
Over a decade ago, in 2007, the first iPhone was released and with it emerged an ecosystem of apps that continues to expand to this day. This was a watershed moment, not solely for the technology industry, but civilization. It was a catalyst for what was to come. Suddenly, every consumer could access the internet at a touch of a button, and the accumulation of their data by private companies began en masse. It was at this point that data was established as an increasingly valuable commodity, and in turn, became a heightened exploitation risk. It also instigated a wave of innovation that has yet to break and is only growing rapidly in pace. In this state, technology providers, users, and manufacturers get excited about new functionalities, new features, new developments, while little thought is given to the negative consequences that could arise as a result. Indeed, fear has no place in the state of innovation as it is this primal thinking that inhibits creativity.
https://www.infosecurity-magazine.com/blogs/the-dystopic-future-of/
Cyber Security Experts Warn Over Online Wine Scams
Online wine scams became a bigger threat as cyber criminals sought to take advantage of more people and businesses organising virtual drinks and ordering bottles on the internet in the wake of Covid-19 restrictions, suggests the report. So-called ‘phishing emails’ were a particular concern, according to findings published in April by US-based group Recorded Future in partnership with Area 1 Security. From January 2020 onwards, the authors found a significant rise in legitimate wine-themed web domain registrations using terms like Merlot, Pinot, Chardonnay or Vino.
https://www.decanter.com/wine-news/cyber-security-experts-warn-over-online-wine-scams-457647/
Threats
Ransomware
New Ransomware: CISA Warns Over Fivehands File-Encrypting Malware Variant
Energy Companies Are The Firms Most Likely To Pay Cyber Attack Ransoms
A Student Pirating Software Led To A Full-Blown Ryuk Ransomware Attack
BEC
Phishing
Other Social Engineering
Coronavirus-Related Cyber Crime Contributes To 15-Fold Surge In Scam Takedowns
She Responded To A Smishing Scam. Then The Spam Texts Got Worse.
Malware
Mobile
IOT
Vulnerabilities
Don’t Delay Installing Your Windows 10 May Patch Tuesday Update – It Fixes 3 Zero-Day Exploits
WiFi Vulnerability May Leave Millions Of Devices Open To 'Frag Attacks'
Remote Mouse Mobile App Contains Raft Of Zero-Day RCE Vulnerabilities
Lemon Duck Hacking Group Adopts Microsoft Exchange Server Vulnerabilities In New Attacks
Data Breaches
Organised Crime & Criminal Actors
Supply Chain
Nation State Actors
Russian Hackers Are Targeting These Vulnerabilities, So Patch Now
NCSC Warns British Start-Ups Of Threat From Chinese And Russian Hackers
Privacy
Reports Published in the Last Week
Other News
Your Old Mobile Phone Number Could Compromise Your Cyber Security
Biden Signs Executive Order Aiming To Prevent Future Cyber Security Disasters
Train Firm’s ‘Worker Bonus’ Email Is Actually Cyber Security Test
Half Of Government Security Incidents Caused By Missing Patches
90% Of Security Leaders View Bot Management As A Top Priority
'Everyone Had To Rethink Security': What Microsoft Learned In Last Year
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.