Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 03 December 2021
Black Arrow Cyber Threat Briefing 03 December 2021
-Double Extortion Ransomware Victims Soar 935%
-MI6 Boss: Digital Attack Surface Growing "Exponentially"
-How Phishing Kits Are Enabling A New Legion Of Pro Phishers
-Crooks Are Selling Access To Hacked Networks. Ransomware Gangs Are Their Biggest Customers
-Omicron Phishing Scam Already Spotted in UK
-Phishing Remains the Most Common Cause of Data Breaches, Survey Says
-Ransomware Victims Increase Security Budgets Due To Surge In Attacks
-Control Failures Are Behind A Growing Number Of Cyber Security Incidents
-MI6 Spy Chief Says China, Russia, Iran Top UK Threat List
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Double Extortion Ransomware Victims Soar 935%
Researchers have recorded a 935% year-on-year increase in double extortion attacks, with data from over 2300 companies posted onto ransomware extortion sites.
Group-IB’s Hi-Tech Crime Trends 2021/2022 report covers the period from the second half of 2020 to the first half of 2021.
During that time, an “unholy alliance” of initial access brokers and ransomware-as-a-service (RaaS) affiliate programs has led to a surge in breaches, it claimed.
In total, the number of breach victims on ransomware data leak sites surged from 229 in the previous reporting period to 2371, Group-IB noted. During the same period, the number of leak sites more than doubled to 28, and the number of RaaS affiliates increased 19%, with 21 new groups discovered.
Group-IB warned that, even if victim organisations pay the ransom, their data often end up on these sites.
https://www.infosecurity-magazine.com/news/double-extortion-ransomware-soar/
MI6 Boss: Digital Attack Surface Growing "Exponentially"
Head of the Secret Intelligence Service (SIS), Richard Moore, explained in a rare speech this week that, unlike the character Q from the James Bond films, even MI6 cannot source all of its tech capabilities in-house.
New partners and tech capabilities will help address MI6’s four key priorities: Russia, China, Iran and global terrorism. It’s a challenge made more acute as technology rapidly advances, he said.
“The ‘digital attack surface’ that criminals, terrorists and hostile states threats seek to exploit against us is growing exponentially. We may experience more technological progress in the next ten years than in the last century, with a disruptive impact equal to the industrial revolution,” Moore argued.
https://www.infosecurity-magazine.com/news/mi6-digital-attack-surface-growing/
How Phishing Kits Are Enabling A New Legion Of Pro Phishers
Some cybercriminals are motivated by political ideals, others by malice or mischief, but most are only interested in cold, hard cash. To ensure their criminal endeavours are profitable, they need to balance the potential payday against the time, resources and risk required.
It’s no wonder then that so many use phishing as their default attack method. Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign.
https://www.helpnetsecurity.com/2021/12/02/phishing-kits-pro/
Crooks Are Selling Access To Hacked Networks. Ransomware Gangs Are Their Biggest Customers
Dark web forum posts offering compromised VPN, RDP credentials and other ways into networks have tripled in the last year.
There's been a surge in cyber criminals selling access to compromised corporate networks as hackers look to cash in on the demand for vulnerable networks from gangs looking to initiate ransomware attacks.
Researchers at cybersecurity company Group-IB analysed activity on underground forums and said there's been a sharp increase in the number of offers to sell access to compromised corporate networks, with the number of posts offering access tripling between 2020 and 2021
Omicron Phishing Scam Already Spotted in UK
The global pandemic has provided cover for all sorts of phishing scams over the past couple of years, and the rise in alarm over the spread of the latest COVID-19 variant, Omicron, is no exception.
As public health professionals across the globe grapple with what they fear could be an even more dangerous COVID-19 variant than Delta, threat actors have grabbed the opportunity to turn uncertainty into cash.
UK consumer watchdog “Which?” has raised the alarm that a new phishing scam, doctored up to look like official communications from the National Health Service (NHS), is targeting people with fraud offers for free PCR tests for the COVID-19 Omicron variant
https://threatpost.com/omicron-phishing-scam-uk/176771/
Phishing Remains the Most Common Cause of Data Breaches, Survey Says
Phishing, malware, and denial-of-service attacks remained the most common causes for data breaches in 2021. Data from Dark Reading’s latest Strategic Security Survey shows that more companies experienced a data breach over the past year due to phishing than any other cause. The percentage of organisations reporting a phishing-related breach is slightly higher in the 2021 survey (53%) than in the 2020 survey (51%). The survey found that malware was the second biggest cause of data breaches over the past year, as 41% of the respondents said they experienced a data breach where malware was the primary vector.
Ransomware Victims Increase Security Budgets Due To Surge In Attacks
As the end of 2021 approaches, there’s no doubt ransomware became a top cybersecurity concern across multiple industries. Successful ransomware attacks like the Colonial Pipeline, which took down critical US infrastructure, and Kaseya, which hit over 1,500 companies in a single attack, became a popular topic in the news.
Research conducted by Cymulate, however, shows that despite the increase in the number of attacks this past year, overall victims suffered limited damage in both severity and duration. Potential victims have improved their level of preparedness, with 70% reporting an increase of awareness at the boardroom and business management level. The majority (55%) undertook proactive measures to prevent ransomware attacks before they could cause any significant damage, and many of those respondents (38%) prevented attacks even before they could cause any serious downtime. Only 14% of respondents that experienced an attack were down for a week or more.
Control Failures Are Behind A Growing Number Of Cyber Security Incidents
Data from a survey of 1,200 enterprise security leaders reveals that an increase in tools and manual reporting combined with control failures are contributing to the success of threats such as ransomware, which costs organisations an average of $1.85 million in recovery, according to Panaseer.
Currently, only 36% of security leaders feel very confident in their ability to prove controls were working as intended. This is despite 99% of respondents believing it’s valuable to know that all controls are fully deployed and operating within policy, and cybersecurity control failures are currently being listed as the top emerging risk in the latest Gartner Emerging Risks Monitor Report. Attacks only succeed when they hit systems that haven’t been patched or don’t have security controls monitoring them.
https://www.helpnetsecurity.com/2021/12/01/control-failures-cybersecurity/
MI6 Spy Chief Says China, Russia, Iran Top UK Threat List
China, Russia and Iran pose three of the biggest threats to the U.K. in a fast-changing, unstable world, the head of Britain’s foreign intelligence agency said Tuesday.
MI6 chief Richard Moore said the three countries and international terrorism make up the “big four” security issues confronting Britain’s spies.
In his first public speech since becoming head of the Secret Intelligence Service, also known as MI6, in October 2020, Moore said China is the intelligence agency’s “single greatest priority” as the country’s leadership increasingly backs “bold and decisive action” to further its interests.
Calling China “an authoritarian state with different values than ours,” he said Beijing conducts “large-scale espionage operations” against the U.K. and its allies, tries to ”distort public discourse and political decision-making” and exports technology that enables a “web of authoritarian control” around the world.
Moore said the U.K. also continues “to face an acute threat from Russia.” He said Moscow has sponsored killing attempts, such as the poisoning of former spy Sergei Skripal in England in 2018, mounts cyber attacks and attempts to interfere in other countries’ democratic processes.
https://www.securityweek.com/mi6-spy-chief-says-china-russia-iran-top-uk-threat-list
Threats
Ransomware
Microsoft Exchange Servers Hacked To Deploy BlackByte Ransomware (Bleepingcomputer.Com)
New Ransomware Variant Could Become Next Big Threat (darkreading.com)
Yanluowang Ransomware Tied to Thieflock Threat Actor | Threatpost
Yanluowang Ransomware Operation Matures With Experienced Affiliates (Bleepingcomputer.Com)
Ransomware Attack On Planned Parenthood Exposes 400,000 Patients' Personal Data - CNN
Phishing
APT Groups Adopt New Phishing Method. Will Cybercriminals Follow? (darkreading.com)
Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks (thehackernews.com)
Malware
Emotet Now Spreads Via Fake Adobe Windows App Installer Packages (Bleepingcomputer.Com)
New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions (thehackernews.com)
Password-Stealing And Keylogging Malware Is Being Spread Through Fake Downloads | ZDNet
Malware Variants In 2021: Harder To Detect And Respond To - Help Net Security
Mobile
Surge Of Info-Stealing Android Malware FluBot Detected Again • The Register
Fake Support Agents Call Victims To Install Android Banking Malware (Bleepingcomputer.Com)
Multi-Platform Spyware Tracks Users Across Windows And Android | Techradar
IOT
Vulnerabilities
Pretty Much All Wi-Fi Routers Are Vulnerable To Attack, Study Finds | Techradar
Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks (thehackernews.com)
New Ubuntu Linux Kernel Security Patches Address 6 Vulnerabilities, Update Now - 9to5Linux
Netgear Router Vulnerabilities Affecting SME Products Fixed • The Register
Data Breaches/Leaks
UK Government Fined £500,000 For New Year Honours Data Breach - BBC News
Panasonic Discloses Four-Months-Long Data Breach - The Record By Recorded Future
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
Iranians Charged for Cryptojacking After U.S. Firm Gets $760,000 Cloud Bill | SecurityWeek.Com
Threat Actors Stole $120 M In Crypto From BadgerDAO DeFi Platform - Security Affairs
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify (trendmicro.com)
How Do Criminals Exploit Cryptocurrencies? | Financial Times (ft.com)
Insider Threats
Fraud & Financial Crime
Insurance
Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks | Threatpost
Cyber War Victims Might Not Get Payouts – Insurer • The Register
OT, ICS, IIoT and SCADA
Nation State Actors
MI6 Spy Chief Says China, Russia, Iran Top UK Threat List | SecurityWeek.Com
Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks | Threatpost
Jumping The Air Gap: 15 Years Of Nation‑State Effort | WeLiveSecurity
Israel and Iran Broaden Cyberwar to Attack Civilian Targets - The New York Times (nytimes.com)
North Korea-Linked Zinc APT Posed As Samsung Recruiters To Target Security Firms - Security Affairs
Cloud
Parental Controls
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 November 2021
Black Arrow Cyber Threat Briefing 12 November 2021:
-Covid Impact Heightens Risk Of Cyber Security Breaches
-81% of Organisations Experienced Increased Cyber-Threats During COVID-19
-Phishing Attacks Grow 31.5% Over 2020, Social Media Attacks Continue To Climb
-Threat from Organised Cybercrime Syndicates Is Rising
-Ransomware Gangs Are Using These 'Ruthless' Tactics As They Aim For Bigger Payouts
-Firms Will Struggle to Secure Extended Attack Surface in 2022
-Millions Of Home Wi-Fi Routers Threatened By Malware — What To Do
-Vulnerabilities Associated With Ransomware Increased 4.5% In Q3 2021
-80% Of Organisations Experienced Employees Misusing And Abusing Access To Business Apps
-Gen Z Is Behaving Recklessly Online - And Will Live To Regret It
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Covid Impact Heightens Risk Of Cyber Security Breaches
CYBER SECURITY breaches are the biggest staff-related risk as Covid-19 and recruitment difficulties continue to impact workplaces, according to a survey of Channel Island employers.
Seven out of ten senior HR professionals and business leaders saw a cyber security breach as the greatest staff-related risk for a regulated financial services business – way ahead of employees leaving (16%) and employees working from home (10%). Some 57% of employers said Covid-19 had changed their policies, procedures and systems ‘moderately’, with 29.5% reporting ‘significant’ changes, according to the research undertaken at a virtual employment conference organised by Walkers last month.
https://guernseypress.com/news/2021/11/12/covid-impact-heightens-risk-of-cyber-security-breaches/
81% of Organisations Experienced Increased Cyber Threats During COVID-19
More than four in five (81%) organisations experienced increased cyber-threats during the COVD-19 pandemic, according to a new study by McAfee and FireEye.
The global survey of 1451 IT and line of business decision-makers found that close to half (43%) have suffered from downtime due to a cyber concern. This resulted in costs of $100,000 for some organisations.
Despite the increased threat landscape and the fact that over half (57%) of organisations saw a rise in online/web activity, 24% of respondents revealed they have had their technology and security budgets reduced over this period.
https://www.infosecurity-magazine.com/news/81-orgs-cyber-threats-covid19/
Phishing Attacks Grow 31.5% Over 2020, Social Media Attacks Continue To Climb
Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020, according to a PhishLabs report. Notably, attacks in September 2021 were more than twice as high as the previous year.
https://www.helpnetsecurity.com/2021/11/11/phishing-attacks-grow-2020/
Threat from Organised Cyber Crime Syndicates Is Rising
Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.
From encrypting communications to fencing ill-gotten gains on underground sites, organised crime is cashing in on the digital revolution.
The latest organised crime threat assessment from Europol issues a dire warning about the corrosive effect the rising influence of criminal syndicates is having on both the economy and society of the European Union. And it’s all happening online.
https://threatpost.com/organised-cybercrime-syndicates-europol/176326/
Ransomware Gangs Are Using These 'Ruthless' Tactics As They Aim For Bigger Payouts
More sophisticated ransomware attacks are on the way as cyber criminals tailor campaigns to raise the chances of a ransom payment.
Ransomware attacks are becoming more sophisticated as cyber criminals continue to develop new techniques to make campaigns more effective and increase their chances of successfully demanding a ransom payment.
According to the European law enforcement agency Europol there was a 300% increase in the number of ransom payments between 2019 and 2020 alone – and that doesn't account for 2021 being another bumper year for cyber criminals launching ransomware attacks, as they've taken advantage of security vulnerabilities presented by the rise in remote working.
Europol's Internet Organised Crime Threat Assessment (IOCT) shows that while cybercrime, including malware and DDoS attacks, continues to evolve, it's ransomware attacks that have been a significant amount of disruption over the course of the past year.
Firms Will Struggle to Secure Extended Attack Surface in 2022
Companies are relying more heavily on third parties, remote employees, and partners, expanding their attack surface area beyond traditional boundaries.
In 2022, much of cybersecurity will boil down to managing the security of relationships, as companies adapt to the post-pandemic remote workforce and the increased use of third-party providers, a panel of analysts stated at the Forrester Research Security & Risk 2021 Conference.
Among five predictions for the coming year, the analysts argued that companies' attempts to manage remote employees would stray into intrusive territory, causing workers to push back and hampering security-focused monitoring, such as that for insider threats. Other predictions maintain that 60% of security incidents in the next year will come from issues with third parties, while the cybersecurity workforce will suffer from burnout and join what's been called the "Great Resignation," the recent trend of workers leaving the workforce.
https://www.darkreading.com/risk/firms-will-struggle-to-secure-extended-attack-surface-in-2022
Millions Of Home Wi-Fi Routers Threatened By Malware — What To Do
Netgear, Linksys, D-Link routers among those targeted
There's a nasty new piece of malware out there targeting Wi-Fi routers, and you'll want to make sure yours is fully updated so it doesn't get infected.
The AT&T researchers who discovered the malware are calling it BotenaGo, and it's apparently different from the Mirai botnet malware that's been attacking routers since 2016. BotenaGo packs in exploits for 33 different known vulnerabilities in 12 different router brands, including D-Link, Linksys, Netgear, Tenda, Totolink, Zyxel and ZTE. A full list is on the AT&T Cybersecurity blog post.
To avoid infection, ensure you update your router with the latest firmware.
https://www.tomsguide.com/uk/news/botenago-router-malware
Vulnerabilities Associated With Ransomware Increased 4.5% In Q3 2021
Ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021, a report by Ivanti, Cyber Security Works and Cyware reveals.
This last quarter saw a 4.5% increase in CVEs associated with ransomware, a 4.5% increase in actively exploited and trending vulnerabilities, a 3.4% increase in ransomware families, and a 1.2% increase in older vulnerabilities tied to ransomware compared to Q2 2021.
https://www.helpnetsecurity.com/2021/11/10/vulnerabilities-associated-with-ransomware/
80% Of Organisations Experienced Employees Misusing And Abusing Access To Business Apps
Organisations continue to operate with limited visibility into user activity and sessions associated with web applications, despite the ever-present risk of insider threats and credential theft, a CyberArk research reveals.
While the adoption of web applications has brought flexibility and increased productivity, organisations often lag in implementing the security controls necessary to mitigate risk of human error or malicious intent.
https://www.helpnetsecurity.com/2021/11/08/user-activity-visibility/
Gen Z Is Behaving Recklessly Online - And Will Live To Regret It
Handing out personal information could be a slippery slope
Members of Generation Z, the cohort of people born in the first decade of the 21st century, care about digital privacy, but their desire for online fame and popularity is greater, a new study from ExpressVPN suggests.
The VPN provider surveyed 1,500 young adults from the US to evaluate their online habits and attitudes towards social media, and identified a troubling pattern that could have dire consequences.
The survey found that Generation Z isn’t trusting of the social media platforms they frequent, expressing concern that platforms may be using their images for facial recognition (67%) and wariness about oversharing personal information (66%).
https://www.techradar.com/news/gen-z-is-behaving-recklessly-online-and-will-live-to-regret-it
Threats
Ransomware
Average Ransomware Payment For US Victims More Than $6 Million, Survey Says | ZDNet
Ransomware Disrupted Store Operations In The Netherlands And Germany - Security Affairs
Toronto’s Transit Agency Cyber Attack Exposes 25,000 Employees’ Data | Techcrunch
Comic Book Distributor Struggling With Shipments After Ransomware Attack | ZDNet
Ransomware Attack Hits UK Fertility Clinic - Infosecurity Magazine (infosecurity-magazine.com)
Spanish Brewery “Paralyzed” by Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)
TrickBot Teams Up With Shatak Phishers For Conti Ransomware Attacks (Bleepingcomputer.Com)
BEC
Interpol Closes in on Global BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Tiny Font Size Fools Email Filters in BEC Phishing | Threatpost
Phishing
How Cyber Criminals Use Bait Attacks To Gather Info About Their Intended Victims - TechRepublic
Microsoft Warns Of Surge In HTML Smuggling Phishing Attacks (Bleepingcomputer.Com)
Shadow IT Makes People More Vulnerable to Phishing (sans.edu)
Gmail Accounts Are Used In 91% Of All Baiting Email Attacks (Bleepingcomputer.Com)
Other Social Engineering
Malware
QAKBOT Loader Returns With New Techniques and Tools (trendmicro.com)
Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux (thehackernews.com)
GravityRAT Returns Disguised As An End-To-End Encrypted Chat App - Security Affairs
Report: 57% Of All Ecommerce Cyber Attacks Are Bot-Driven | Venturebeat
New BazarBackdoor Attack Discovered - Infosecurity Magazine (infosecurity-magazine.com)
Mobile
IOT
BotenaGo Botnet Targets Millions Of IoT Devices With 33 Exploits (Bleepingcomputer.Com)
Why the NSA Wants To Protect You From Your Toothbrush (msnbc.com)
Vulnerabilities
Intel And AMD Address High Severity Vulnerabilities In Products And Drivers - Security Affairs
Samba Update Patches Plaintext Passwork Plundering Problem – Naked Security (Sophos.Com)
Palo Alto Networks Patches Zero-Day Affecting Firewalls Using GlobalProtect Portal VPN | ZDNet
Researchers Wait 12 Months To Report Vulnerability With 9.8 Out Of 10 Severity Rating | Ars Technica
Google Warns Hackers Used MacOS Zero-Day Flaw, Could Capture Keystrokes, Screengrabs | ZDNet
Data Breaches/Leaks
Robinhood Discloses Data Breach Impacting 7 Million Customers (Bleepingcomputer.Com)
This Top VPN Provider May Have Leaked Millions Of User Details | Techradar
Organised Crime & Criminal Actors
UK Recorded 1.8m Computer Misuse Crimes During 2019 • The Register
These Are The Top-Level Domains Threat Actors Like The Most (Bleepingcomputer.Com)
Aleksandr Zhukov, Self-Described 'King Of Fraud,' Is Sentenced To 10 Years - Cyberscoop
Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash | Threatpost
Humanizing Hackers: Entering The Minds Of Those Behind The Attacks - Help Net Security
Cryptocurrency/Cryptojacking
Insider Threats
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
State Hackers Breach Defence, Energy, Healthcare Orgs Worldwide (Bleepingcomputer.Com)
China’s next generation of hackers won’t be criminals. That’s a problem. | TechCrunch
Russian Cyber Crime Group Exploits SolarWinds Serv-U Vulnerability | SecurityWeek.Com
North Korean Hackers Target The South's Think Tanks Through Blog Posts | ZDNet
Iranian Threat Actors Attempt To Buy Stolen Data Of US Orgs, FBI Warns - Security Affairs
'Lyceum' Threat Group Broadens Focus to ISPs (darkreading.com)
Cloud
Privacy
Reports Published in the Last Week
Other News
Booking.com Was Reportedly Hacked By A Us Intel Agency But Never Told Customers | Ars Technica
Younger Generations Care Little About Cybersecurity - Help Net Security
The Rising Threat Stemming From Identity Sprawl | SecurityWeek.Com
Playstation 5 Hacked—Twice! - Malwarebytes Labs | Malwarebytes Labs
Hong Kong Cyber Attack Reveals That Apple Favours Latest OS Versions For Security Updates | Techspot
Unique Challenges to Cyber-Security in Healthcare and How to Address Them (thehackernews.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 October 2021
Black Arrow Cyber Threat Briefing 22 October 2021
-Many Organisations Lack Basic Cyber Hygiene Despite High Confidence In Their Cyber Defences
-83% Of Ransomware Victims Paid Ransom: Survey
-Report: Ransomware Affected 72% Of Organizations In Past Year
-Ransomware: Looking For Weaknesses In Your Own Network Is Key To Stopping Attacks
-A Hacker Warns: Give Up Trying To Keep Me Out — And Focus On Your Data
-Cyber Risk Trends Driving The Surge In Ransomware Incidents
-US Ransomware Victims Paid $600 Million to Hackers in 1H of 2021
-Hacking Group Created Fake Cyber Security Companies To Hire Experts And Involve Them In Ransomware Attacks Tricking Them Of Conducting A Pentest
-Nearly Three-Quarters of Organizations Victimized by DNS Attacks in Past 12 Months
-Cyber Crime Matures As Hackers Are Forced To Work Smarter
-Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Many Organisations Lack Basic Cyber Hygiene Despite High Confidence In Their Cyber Defences
A new report released this week analysed IT security leaders’ perceived threat of ransomware attacks and the maturity of their cyber security defences. The report found that while 81% of those surveyed consider their security to be above average or exceptional, many lack basic cyber hygiene – 41% lack a password complexity requirement, one of the cheapest, easiest forms of protection, and only 55.6% have implemented multi-factor authentication (MFA). https://www.helpnetsecurity.com/2021/10/21/organizations-cyber-hygiene/
83% Of Ransomware Victims Paid Ransom
A new survey of 300 US-based IT decision-makers found that 64% have been victims of a ransomware attack in the last 12 months, and 83% of those attack victims paid the ransom demand.
Cybersecurity company ThycoticCentrify released its "2021 State of Ransomware Survey & Report" on Tuesday, featuring the insights of IT leaders who have dealt with ransomware attacks over the last year. https://www.zdnet.com/article/83-of-ransomware-victims-paid-ransom-survey/
Ransomware Affected 72% Of Organisations In Past Year
72% of organisations were affected by ransomware at least once within the past twelve months, with 18% impacted more than six times in the past year. Organizations of all sizes were affected nearly to the same extent, with the exception of those with more than 25,000 employees. https://venturebeat.com/2021/10/20/report-ransomware-affected-72-of-organizations-in-past-year/
Ransomware: Looking For Weaknesses In Your Own Network Is Key To Stopping Attacks
Ransomware is a major cybersecurity threat to organisations around the world, but it's possible to reduce the impact of an attack if you have a thorough understanding of your own network and the correct protections are in place.
While the best form of defence is to stop ransomware infiltrating the network in the first place, thinking about how the network is put together can help slow down or stop the spread of an attack, even if the intruders have successfully breached the perimeter. https://www.zdnet.com/article/ransomware-looking-for-weaknesses-in-your-own-network-is-key-to-stopping-attacks/
A Hacker Warns: Give Up Trying To Keep Me Out — And Focus On Your Data
There is a misconceived notion that the security arena is a battlefield. It is not. It is a chess board and requires foresight and calculated pawn placement to protect the king — your data. If your main focus lies on keeping hackers out of your environment, then it’s already check mate. Your mission should be to buy time, slow hackers down and ultimately contain an attack.
Businesses must therefore make it as hard as possible for adversaries to exploit the relationships that allow them to move laterally through the corporate network. They can do this by distrusting anyone within their data’s environment and repeatedly corroborating that all users are who they say they are, and that they act like it too. That last part is crucial, because while identities are easy to compromise and imitate, behaviours are not. https://www.ft.com/content/93cec8b6-3fe9-4e9e-800a-62e13a0e2eac
Cyber Risk Trends Driving The Surge In Ransomware Incidents
During the COVID-19 crisis, another outbreak took place in the cyber space: a digital pandemic driven by ransomware. In a recent report, Allianz Global Corporate & Specialty (AGCS) analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices
The increasing frequency and severity of ransomware incidents is driven by several factors:
· Growing number of different attack patterns such as double and triple extortion campaigns
· Criminal business model around ‘ransomware as a service’ and cryptocurrencies
· Recent skyrocketing of ransom demands
· Rise of supply chain attacks.
Not all attacks are targeted. Criminals also adopt a scattergun approach to exploit those businesses that aren’t addressing or understanding the vulnerabilities they may have. Businesses must understand the need to strengthen their controls.
Cyber intrusion activity globally jumped 125% in the first half of 2021 compared to the previous year, according to Accenture, with ransomware and extortion operations one of the major contributors behind this increase. According to the FBI, there was a 62% increase in ransomware incidents in the US in the same period that followed an increase of 20% for the full year 2020. https://www.helpnetsecurity.com/2021/10/18/five-ransomware-trends/
US Ransomware Victims Paid $600 Million to Hackers in 1H of 2021
US Ransomware victims coughed up nearly $600 million to cyber hijackers in the first six months of 2021, further stamping cyber extortionists as an “increasing threat” to the U.S. financial, business and public sectors, a recent report released by the Treasury Department said.
Data gathered by the Financial Crimes Enforcement Network (FinCEN) derived from financial institutions’ Suspicious Activity Reports (SARs) revealed that the 635 reports filed for the first six months of this year is already 30 percent greater than the 487 filed for all of last year. Some 458 financial transitions have been reported as of June 30, 2021 with the total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 amounting to $590 million, or 42 percent more than the $416 million filed for all of 2020. https://www.msspalert.com/cybersecurity-research/victims-paid-600-millon-1h-2021/
Hacking Group Created Fake Cyber Security Companies To Hire Experts And Involve Them In Ransomware Attacks Tricking Them Of Conducting A Pentest
The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang is creating fake cyber security companies that hire experts requesting them to carry out pen testing attacks under the guise of pentesting activities.
FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces.
One of the companies created by the cyber criminal organizations with this purpose is Combi Security, but researchers from Gemini Advisory discovered other similar organizations by analyzing the site of another fake cybersecurity company named Bastion Security. https://securityaffairs.co/wordpress/123673/cyber-crime/fin7-fake-cybersecurity-firm.html
Nearly Three-Quarters of Organisations Victimized by DNS Attacks in Past 12 Months
Domain name system (DNS) attacks are impacting organizations at worrisome rates. According to a new survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Among those targeted, 61% have seen multiple attacks and 11% said they have been victimized regularly. While one-third of respondents recovered within minutes, 58% saw their businesses disrupted for more than an hour, and 14% took several hours to recover. https://www.darkreading.com/attacks-breaches/nearly-three-quarters-of-organizations-victimized-by-dns-attacks-in-past-12-months
Cyber Crime Matures As Hackers Are Forced To Work Smarter
An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.
Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide.
One key finding of the study is that the level of security on office software, web services, email platforms, etc., is getting better, browser vulnerabilities have reduced in numbers, and websites are not as easy to compromise and use as infection vectors today.
This has resulted in making web infections too difficult to pursue for non-sophisticated threat groups.
The case is similar with vulnerabilities, which are fewer and more expensive to discover.
Instead, hacking groups are waiting for a PoC or patch to be released, and then use that information to create their own exploits. https://www.bleepingcomputer.com/news/security/cybercrime-matures-as-hackers-are-forced-to-work-smarter/
Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts
Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder.
That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting the video platform with cookie theft malware. The actors behind the infiltration have been attributed to a group of hackers recruited in a Russian-speaking forum. https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html
Threats
Ransomware
2021 Ransomware Transactions Already Exceed 2020 Numbers, Treasury Department Says - CyberScoop
DarkSide Ransomware Rushes To Cash Out $7 Million In Bitcoin (Bleepingcomputer.Com)
Gigabyte Allegedly Hit by AvosLocker Ransomware | Threatpost
Evil Corp Demands $40 Million In New Macaw Ransomware Attacks (Bleepingcomputer.com)
Olympus US Hack Tied To Sanctioned Russian Ransomware Group | Techcrunch
81% of UK Healthcare Organizations Hit by Ransomware in Last Year - Infosecurity Magazine
BEC
Phishing
Malware
Cyber Criminals Have Found A Way To Get Their Malware Certified By Microsoft | Techradar
Minecraft Declared The Most Malware-Infected Game (Hackread.Com)
Mobile
Vulnerabilities
Update Now! Chrome Fixes More Security Issues - Malwarebytes Labs
A Flaw In WinRAR Could Lead To Remote Code Execution - Security Affairs
SQL Is The Top Critical Risk In The Web Application Layer In Q3, 2021 - IT Security Guru
Data Breaches/Leaks
Organised Crime & Criminal Actors
Insider Threats
Dark Web
The Dark Web Has Become Darker And Busier, Cyber Crime Services Cost Less Than $500 | Techspot
Increased Activity Surrounding Stolen Data On The Dark Web - Help Net Security
The Truth About The Dark Web's Secret Red Rooms (grunge.com)
Supply Chain
OT, ICS, IIoT and SCADA
Nation State Actors
State-Backed Hackers Breach Telcos With Custom Malware (Bleepingcomputer.Com)
Suspected Chinese Hackers Behind Attacks On Ten Israeli Hospitals (Bleepingcomputer.Com)
Cloud
Privacy
Over 80% of Brits Deluged with Scam Calls and Texts - Infosecurity Magazine
How mobile devices can be tracked via Bluetooth analysis • The Register
Brave Ditches Google For Its Own Privacy-Centric Search Engine (Bleepingcomputer.Com)
A Massive ‘Stalkerware’ Leak Puts The Phone Data Of Thousands At Risk | Techcrunch
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 May 2021
Black Arrow Cyber Threat Briefing 21 May 2021: Ransomware Attacks Are Spiking. Is Your Company Prepared?; Ban Ransom Payments To Hackers, Urges Ex-GCHQ Boss; How Penetration Testing Can Promote A False Sense Of Security; Ransomware’s New Swindle - Triple Extortion; ‘It’s A Battle, It’s Warfare’ - Experts Seek To Defeat Ransomware Attackers; 5 Reasons Why Enterprises Need Cyber Security Awareness And Training; 10 Emerging Cyber Security Trends To Watch In 2021
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
5 Reasons Why Enterprises Need Cyber Security Awareness And Training
Research shows that most cyber attacks rely on exploiting the human factor with the help of creative and innovative phishing techniques and other attack vectors. Almost 90% of all data breaches are caused due to human error. Therefore, even if an organisation has a robust cyber security infrastructure in place, the absence of cyber security awareness among employees can leave a huge gap in its cyber security framework. This gap can be easily exploited by cyber criminals to launch various types of cyber attacks. Hence, cyber security awareness and training are very much needed for any enterprise to secure it against cyber attacks.
Ban Ransom Payments To Hackers, Urges Ex-GCHQ Boss
Britain’s former cyber security chief has called for a ban on ransomware payments after the Irish health service became the latest to be hit by a major attack from international criminals. Ciaran Martin, the founding chief executive of GCHQ’s National Cyber Security Centre (NCSC), said that making payments illegal would help to break the lucrative global hacking business model. Martin said that businesses were helping to fund the organised criminals who locked and stole their data. “At the moment you can pay to make it quietly go away. There’s no legal obligations involved,” he said. “There’s no obligation to report to anybody, there’s no traceability of payment of crypto currency. We have allowed this to spiral in an invisible way.”
Ransomware’s New Swindle: Triple Extortion
Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial breach to grab even more cash for their crimes. Check Point’s latest ransomware report found that over the past year, ransomware payments have spiked by 171 percent, averaging about $310,000 — and that globally, the number of attacks has surged by 102 percent.
https://threatpost.com/ransomwares-swindle-triple-extortion/166149/
‘It’s A Battle, It’s Warfare’: Experts Seek To Defeat Ransomware Attackers
Cyber security experts like to joke that the hackers who have turned ransomware attacks into a multibillion-dollar industry are often more professional than even their biggest victims. Ransomware attacks — when cyber attackers lock up their target’s computer systems or data until a ransom is paid — returned to the spotlight this week after attacks hit one of the biggest petroleum pipelines in the US, Toshiba’s European business, and Ireland’s health service. While governments have pledged to tackle the problem, experts said the criminal gangs have become more enterprising and continue to have the upper hand. For businesses, they said, there is more pain to come. “This is probably the biggest conundrum in security because companies have to decide how far they participate in this cat-and-mouse game,” said Myrna Soto, former chief strategy and trust officer at Forcepoint and current board member of gas and electricity group Consumers Energy. “It’s a battle, it’s warfare, to be honest.”
https://www.ft.com/content/b48a2d70-4a8c-4407-83a2-59cd055068f8
Colonial Pipeline Boss Confirms $4.4M Ransom Payment
Its boss told the Wall Street Journal he authorised the payment on 7 May because of uncertainty over how long the shutdown would continue. "I know that's a highly controversial decision," Joseph Blount said in his first interview since the hack. The 5,500-mile (8,900-km) pipeline carries 2.5 million barrels a day. According to the firm, it carries 45% of the East Coast's supply of diesel, petrol and jet fuel. Chief executive Mr Blount told the newspaper that the firm decided to pay the ransom after discussions with experts who had previously dealt with DarkSide, the criminal organisation behind the attack.
https://www.bbc.co.uk/news/business-57178503
10 Emerging Cyber Security Trends To Watch In 2021
A flurry of new threats, technologies and business models have emerged in the cyber security space as the world shifted to a remote work model in response to the COVID-19 pandemic. The lack of a network perimeter in this new world accelerated the adoption of SASE (secure access service edge), zero trust and XDR (extended detection and response) to ensure remote users and their data are protected. Adversaries have taken advantage of the complexity introduced by newly remote workforces to falsely impersonate legitimate users through credential theft and have upped the ante by targeting customers in the victim’s supply chain. The ability to monetize ransomware attacks by threatening to publicly leak victim data has made it more lucrative, while employers continue to fend off insiders with an agenda.
https://www.crn.com/news/security/10-emerging-cybersecurity-trends-to-watch-in-2021
How Penetration Testing Can Promote A False Sense Of Security
Rob Gurzeev is concerned about blind spots—past and present. In his DarkReading article Defending the Castle: How World History Can Teach Cyber security a Lesson, Gurzeev mentioned, "Military battles bring direct lessons and, I find, often serve as a reminder that attack surface blind spots have been an Achilles' heel for defenders for a long time." "Cyber security attackers follow this same principle today," wrote Gurzeev. "Companies typically have a sizable number of IT assets within their external attack surface they neither monitor nor defend and probably do not know about in the first place."
https://www.techrepublic.com/article/how-penetration-testing-can-promote-a-false-sense-of-security/
Ransomware Attacks Are Only Getting Worse, Darkside Group "Quits," But That May Just Be A Strategy
Earlier this month, a hacker group named DarkSide launched a ransomware attack against the business network of the Colonial Pipeline, forcing the company to shut down the 5,500-mile main pipeline and leading to fuel shortages in 17 states and Washington DC last week. According to a Bloomberg report, Colonial paid 75 Bitcoin (around $5 million on the day of the transaction) in ransom to the Eastern European hackers, but officially the company has maintained a different narrative of not having any intention of paying the extortion fee in crypto currency, as the DarkSide group had demanded. However, the Georgia-based company is said to have made the payment within hours of the attack, possibly using a cyber insurance policy to cover it.
https://www.techspot.com/news/89689-ransomware-attacks-only-getting-worse-darkside-group-quits.html
Learning From Cyber Attacks Could Be The Key To Stopping Them
Organisations should use major cyber incidents as a way to think through the core of their security strategies in order to prevent or recover better from similar attacks. "A significant cyber incident is really an opportunity; because it's an opportunity to focus on the core issues that led to these cyber incidents," said Anne Neuberger, deputy national security advisor for cyber and emerging technology at the White House, speaking at the UK National Cyber Security Centre's (NCSC) CYBERUK 21 virtual conference. Neuberger said that whether it's something like the SolarWinds sophisticated supply chain attack or the Colonial Pipeline ransomware incident, "we know that vulnerabilities across software and hardware can bring on larger concerns", but that looking at the core issues can help everyone improve their security.
https://www.zdnet.com/article/learning-from-cyber-attacks-could-be-the-key-to-stopping-them/
Microsoft Remote Desktop Protocol (RDP) Allegedly Has An Alarming Active Vulnerability
The Remote Desktop Protocol (RDP) is an incredibly useful feature used by likely millions of people every day. Considering it is free and preinstalled from Microsoft, it beats out most other Windows-based remote desktop software with ease. This, however, does not give it a free pass from having flaws; however, as a security researcher has discovered his password in cleartext within the RDP service’s memory. Researcher Jonas Lykkegård of the Secret Club, a group of hackers, seems to stumble across interesting things from time to time. He recently posted to Twitter about finding a password in cleartext in memory after using the RDP service. It seems he could not believe what he had found, as he tested it again and produced the same results using a new local account.
Amazon’s Ring Is The Largest Civilian Surveillance Network The US Has Ever Seen
In a 2020 letter to management, Max Eliaser, an Amazon software engineer, said Ring is “simply not compatible with a free society”. We should take his claim seriously. Ring video doorbells, Amazon’s signature home security product, pose a serious threat to a free and democratic society. Not only is Ring’s surveillance network spreading rapidly, it is extending the reach of law enforcement into private property and expanding the surveillance of everyday life. What’s more, once Ring users agree to release video content to law enforcement, there is no way to revoke access and few limitations on how that content can be used, stored, and with whom it can be shared.
Ransomware Attacks Are Spiking. Is Your Company Prepared?
With the migration to remote work over the last year, cyber attacks have increased exponentially. We saw more attacks of every kind, but the headline for 2020 was ransom attacks, which were up 150% over the previous year. The amount paid by victims of these attacks increased more than 300% in 2020. Already 2021 has seen a dramatic increase in this activity, with high-profile ransom attacks against critical infrastructure, private companies, and municipalities grabbing headlines on a daily basis. The amount of ransom demanded also has significantly increased this year, with some demands reaching tens of millions of dollars. And the attacks have become more sophisticated, with threat actors seizing sensitive company data and holding it hostage for payment.
https://hbr.org/2021/05/ransomware-attacks-are-spiking-is-your-company-prepared
Threats
Ransomware
Insurer AXA Hit By Ransomware After Dropping Support For Ransom Payments
One Of The US’s Largest Insurance Companies Reportedly Paid $40 Million To Ransomware Hackers
Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data
Phishing
Other Social Engineering
Malware
Mobile
IoT
Four New Video Doorbells And Home Security Cameras Are Vulnerable To Hacking
EufyCam Users Should Turn Off Their Security Cams Immediately
Vulnerabilities
QNAP Warns Of eCh0raix Ransomware Attacks, Roon Server Zero-Day
Cross-Browser Tracking Vulnerability Tracks You Via Installed Apps
Cryptocurrency
Supply Chain
Nation State Actors
Denial of Service
Cloud
Governance, Risk and Compliance
Reports Published in the Last Week
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 16 April 2021
Black Arrow Cyber Threat Briefing 16 April 2021: 61% Of Employees Fail Basic Cyber Security Quiz; More Than 1,900 Hacking Groups Active Today; Ransomware Crisis Worsens; Enterprise Security Attackers Are One Password Away From Your Worst Day; Microsoft’s April Update Patches 114 Bugs; Nation-State Attacks Targeting Businesses Rise; Criminals Installing Cryptojacking Malware On Unpatched Exchange Servers; Network Vulns Affect Over 100 Million Devices; Brits Still Confused By Multi-Factor Authentication
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
61 Percent Of Employees Fail Basic Cyber Security Quiz
Nearly 70% of employees polled in a new survey said they recently received cyber security training from their employers, yet 61% nevertheless failed when asked to take a basic quiz on the topic. This was one of the leading findings of a research study that sought to understand the cyber security habits of some 1,200 workers, as well as their knowledge of best practices and ability to recognize security threats.
https://www.scmagazine.com/home/security-news/61-percent-of-employees-fail-basic-cybersecurity-quiz/
More Than 1,900 Distinct Hacking Groups Are Active Today
There are currently more than 1,900 distinct hacking groups that are active today, a number that grew from 1,800 groups recorded at the end of 2019. In its yearly cyber crime report, the company said it discovered 650 new threat actors during 2020, but new evidence also allowed it to remove 500 groups from its threat actor tracker due to overlaps in activity and hacking infrastructure with previously known clusters.
https://therecord.media/fireeye-more-than-1900-distinct-hacking-groups-are-active-today/
Ransomware: The Internet's Biggest Security Crisis Is Getting Worse
Organisations continue to fall victim to ransomware, and yet progress on tackling these attacks, which now constitute one of the biggest security problems on the internet, remains slow. From small companies to councils, government agencies and big business, the number and range of organisations hit by ransomware is rising. One recent example; schools with 36,000 students have been hit, leaving pupils without access to email as attempts were made to get systems back online. That is at least four chains of schools attacked in the last month.
Enterprise Security Attackers Are One Password Away From Your Worst Day
If the definition of insanity is doing the same thing over and over and expecting a different outcome, then one might say the cyber security industry is insane.
Criminals continue to innovate with highly sophisticated attack methods, but many security organisations still use the same technological approaches they did 10 years ago. The world has changed, but cyber security hasn’t kept pace.
Distributed systems, with people and data everywhere, mean the perimeter has disappeared. And the hackers couldn’t be more excited. The same technology approaches, like correlation rules, manual processes and reviewing alerts in isolation, do little more than remedy symptoms while hardly addressing the underlying problem.
Credentials are supposed to be the front gates of the castle, but as the SOC is failing to change, it is failing to detect. The cyber security industry must rethink its strategy to analyse how credentials are used and stop breaches before they become bigger problems.
Microsoft’s April Update Patches 114 Bugs—Half Of Which Allow Remote Code Execution
The fourth Patch Tuesday of 2021 is another big one. Today, Microsoft revealed 114 vulnerabilities fixed in the monthly security, over half of which could potentially be exploited for remote code execution by attackers. Of the 55 remote execution bugs, over half were tied to Windows’ Remote Procedure Call (RPC) interface. Four more were Microsoft Exchange bugs (all urgent fixes) reported to Microsoft by the National Security Agency. In addition, six Chrome vulnerabilities that were previously addressed by Google are included in the roll-up.
Nation-State Cyber Attacks Targeting Businesses Are On The Rise
Businesses are increasingly coming under fire from nation state-backed hackers as governments around the world engage in attacks to steal secrets or lay the foundations for future attacks. Nation States, Cyberconflict and the Web of Profit, a study by cyber security researchers at HP and criminologists at the University of Surrey, warns that the number of key nation-state attacks has risen significantly over the past three years – and that enterprises and businesses are increasingly being targeted. An analysis of nation-state cyber attacks between 2017 and 2020 reveals that just over a third of organisations targeted were businesses: cyber defence, media, government, and critical infrastructure are all also common targets in these attacks, but enterprise has risen to the top of the list.
https://www.zdnet.com/article/nation-state-cyber-attacks-targeting-businesses-are-on-the-rise/
Cyber Criminals Are Installing Cryptojacking Malware On Unpatched Microsoft Exchange Servers
Cyber criminals are targeting vulnerable Microsoft Exchange servers with cryptocurrency mining malware in a campaign designed to secretly use the processing power of compromised systems to make money. Zero-day vulnerabilities in Microsoft Exchange Server were detailed last month when Microsoft released critical security updates to prevent the exploitation of vulnerable systems. Cyber attackers ranging from nation-state-linked hacking groups to ransomware gangs have rushed to take advantage of unpatched Exchange servers -- but they are not the only ones.
NAME:WRECK DNS Vulnerabilities Affect Over 100 Million Devices
Security researchers have disclosed nine vulnerabilities affecting network communication stacks running on at least 100 million devices. Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them. The vulnerabilities were found in a wide range of products, from high-performance servers and networking equipment to operational technology (OT) systems that monitor and control industrial equipment. According to researchers threat actors could exploit NAME:WRECK vulnerabilities to deal significant damage to government or enterprise servers, healthcare facilities, retailers, or companies in the manufacturing business by stealing sensitive data, modifying or taking equipment offline for sabotage purposes.
Brits Still Confused By Multi-Factor Authentication
The British public are still woefully underinformed and unaware of the security benefits of multi-factor authentication (MFA). The industry association, founded in 2012 to promote authentication standards and reduce global reliance on passwords, recently polled over 4000 consumers in the UK, France, Germany, and the US. It revealed that half (49%) UK consumers have had their social media accounts compromised or know a friend or family member who has. However, despite a continued number of high-profile account takeovers, 43% said this does not make them enhance security on their accounts, even though they “feel like” they should. Part of the problem seems to be a general lack of understanding about the benefits of MFA in protecting account holders from phishing, as well as credential stuffing and other brute force attack types. Although such features are offered by all social media companies today, over a quarter (26%) of respondents said they were not using or didn’t know about them.
https://www.infosecurity-magazine.com/news/brits-still-confused-by/
623K Payment Cards Stolen From Cyber Crime Forum
The Swarmshop cyber underground “card shop” has been hit by hackers, who lifted the site’s database of stolen payment-card data and leaked it online. That is according to researchers, who said that the database was posted on a rival underground forum. Card shops, are online cyber criminal forums where stolen payment-card data is bought and sold. Researchers said the database in question contains 623,036 payment-card records from card-issuers in Brazil, Canada, China, France, Mexico, Saudi Arabia, Singapore, the U.K., and the U.S.
https://threatpost.com/623m-payment-cards-stolen-from-cybercrime-forum/165336/
Threats
Ransomware
Dutch Supermarkets Run Out Of Cheese After Ransomware Attack
This Nasty Ransomware Hacks Your VPN To Break Into Your Device
Phishing
Other Social Engineering
7 New Social Engineering Tactics Threat Actors Are Using Now
Cloud-Native Watering Hole Attack: Simple And Potentially Devastating
Malware
Mobile
Vulnerabilities
Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop
Microsoft Security Update Fixes Zero-Day Vulnerabilities In Windows And Other Software
Data Breaches
Organised Crime & Criminal Actors
Nation State Actors
Iran Vows Revenge For 'Israeli' Attack On Natanz Nuclear Site
NSA: Top 5 Vulnerabilities Actively Abused By Russian Govt Hackers
Privacy
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 March 2021
Black Arrow Cyber Threat Briefing 19 March 2021: Tens Of Thousands Of Microsoft Exchange Customers Under Attack, Targeted By Multiple Hacker Groups; Over $4.2 Billion Officially Lost To Cyber Crime In 2020; Cyber Attacks Multiply On HNWIs; Largest Ransomware Demand Now Stands At $30 Million; 71 Percent Of Office 365 Users Suffer Malicious Account Takeovers; More Than 16 Million Covid-Themed Cyber Attacks Launched In 2020; Cyber Now Key To National Security;
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Tens Of Thousands Of Microsoft Exchange Customers Are Under Assault From Hackers, Experts Warning Of Unprecedented Damage, Exploits Being Targeted By "At Least 10 Hacker Groups"
Four exploits in Microsoft Exchange Server hit the news last week, when we heard that a Chinese hacking group had targeted the email servers of some 30,000 U.S. government and commercial organisations. The exploits had been patched by Microsoft, but the hacking group known as “Hafnium” had doubled-up on efforts targeting unpatched servers. Security researchers found that at least 10 APT groups are taking advantage of the exploits in an attempt to compromise servers around the world. Winniti Group, Calypso, Tick, and more are among the groups identified.
https://www.techspot.com/news/88913-microsoft-exchange-server-exploits-targeted-least-10-hacker.html
Over $4.2 Billion Officially Lost To Cyber Crime In 2020
Cyber crime affecting victims in the U.S., noting a record number of complaints and financial losses in 2020 compared to the previous year. The Internet Crime Complaint Center (IC3) received last year 791,790 complaints - up by 69% from 2019 - of suspected internet crime causing more than $4 billion in losses. While most complaints were for phishing, non-payment/non-delivery scams, and extortion, about half of the losses are accounted by business email compromise (BEC), romance and confidence scams, and investment fraud.
Cyber Attacks Multiply On Wealthy Investors
An email nearly cost a wealthy British art collector £6m, after hackers monitored email correspondence between the client and an art dealer the client had been negotiating with for a year, with hackers impersonating the genuine art dealer, learning to impersonate the tone and language used — even gleaning private family news and the names of partners and children.
Just when the collector and the art dealer finally reached a conclusion on price, the client received an email to say something along the lines of, I hope the children are recovering from their colds — we have just amended our bank details for security and here they are. As it matched the tone of previous emails the art-loving client didn't think anything was amiss.
Fortunately, his family office phoned the real dealer to check the transaction before approving a transfer and the scam was discovered in time, but many people are not so lucky.
https://www.ft.com/content/cdfe8d97-6431-48e2-a8a7-7d760c6e9ed6
Cyber Strength Now Key To National Security, Says UK
In what has been billed as the largest security and foreign policy strategy revamp since the Cold War, the UK government has outlined new defence priorities – with at their heart, the imperative to boost the use of new technologies to safeguard the country. Prime minister Boris Johnson unveiled the integrated review this week, which has been in the making for over a year and will be used as a guide for spending decisions in the future. Focusing on foreign policy, defense and security, the review sets goals for the UK to 2025; and underpinning many of the targets is the objective of modernizing the country's armed forces.
https://www.zdnet.com/article/cyber-strength-now-key-to-national-security-says-uk/
Largest Ransomware Demand Now Stands At $30 Million As Crooks Get Bolder
Ransomware shows no sign of slowing down as the average ransom paid to cyber criminals by organisations that fall victim to these attacks has nearly tripled over the past year. Cyber security researchers analysed ransomware attacks targeting organisations across North America and Europe and found that the average ransom paid in exchange for a decryption key to unlock encrypted networks rose from $115,123 in 2019 to $312,493 in 2020.
Mimecast: SolarWinds Attackers Stole Source Code
Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company. The email security firm initially reported that a certificate compromise in January was part of the sprawling SolarWinds supply-chain attack that also hit Microsoft, FireEye and several U.S. government agencies.
https://threatpost.com/mimecast-solarwinds-attackers-stole-source-code/164847/
71 Percent Of Office 365 Users Suffer Malicious Account Takeovers
88 percent of companies have accelerated their cloud and digital transformation projects due to COVID-19. But it also finds that 71 percent of Microsoft Office 365 deployments have suffered an account takeover of a legitimate user's account, not just once, but on average seven times in the last year.
https://betanews.com/2021/03/17/office-365-malicious-account-takeovers/
More Than 16 Million Covid-Themed Cyber Attacks Launched In 2020
COVID-19 dominated everyone's lives throughout 2020 but a new report from a cyber security company found that the pandemic was also the main theme of nearly 16.5 million threats and attacks launched against its customers. Researchers wrote that they dealt with 16,393,564 threats that had a COVID-19-related tint to them, with 88% of the threats coming in spam emails and another 11% coming in the form of URLs. Malware accounted for 0.2%, or nearly 33,000, of the threats
“Expert” Hackers Used 11 0-Days To Infect Windows, iOS, And Android Users
Using novel exploitation and obfuscation techniques, a mastery of a wide range of vulnerability types, and a complex delivery infrastructure, the group exploited four zero-days in February 2020. The hackers’ ability to chain together multiple exploits that compromised fully patched Windows and Android devices led members of Google’s Project Zero and Threat Analysis Group to call the group “highly sophisticated.”
Cyber Attacks: Is The ‘Big One’ Coming Soon?
2020 was the year that the COVID-19 crisis also brought a cyber pandemic. Late last year, the security industry’s top experts from global cyber security company leadership predicted even worse cyber security outcomes for 2021 compared to what we saw in 2020. In December, we learned about how SolarWinds’ Orion vulnerability was compromised, causing one of the worst data breaches in history that is still evolving for about 18,000 organisations.
Threats
Ransomware
Phishing
Ongoing Office 365-themed phishing campaign targets executives, assistants, financial departments
Phishing sites now detect virtual machines to bypass detection
Malware
New botnet targets network security devices with critical exploits
New ZHtrap botnet malware deploys honeypots to find more targets
Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices
IOT
Vulnerabilities
DuckDuckGo browser extension vulnerability leaves Edge users open to potential cyber-snooping
“Expert” hackers used 11 zerodays to infect Windows, iOS, and Android users
Google fixes the third actively exploited Chrome 0-Day since January
Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE
Microsoft Exchange Server: These quarterly updates include fixes for security flaws
Data Breaches
Journalists’ personal and bank details made public after publisher data breach
This years-old Microsoft Office vulnerability is still popular with hackers, so patch now
Organised Crime & Criminal Actors
18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter 'Bitcoin Scam' Hack
Criminal data breach site WeLeakInfo just leaked customer payment details
OT, ICS, IIoT and SCADA
Nation-State Actors
Denial of Service
Privacy
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Top Tips for Guernsey Businesses During the Second Coronavirus Lockdown, Cyber Tip Tuesday
Top Tips for Guernsey Businesses During the Second Coronavirus Lockdown, Cyber Tip Tuesday 26 January 2021
Top Tips for Guernsey Businesses During the Second Coronavirus Lockdown, Cyber Tip Tuesday 26 January 2021
Black Arrow Cyber Threat Briefing 18 December 2020
Black Arrow Cyber Threat Briefing 18 December 2020: The great hack attack - SolarWinds breach exposes big gaps in cyber security; A wake-up for the world on cyber security; White House activates cyber emergency response; US nuclear weapons agency targeted; UK companies targeted; Increasing Risk of Cyber Attacks; millions of users install malicious browser extensions; C19 Vaccines sold on dark web
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
The great hack attack: SolarWinds breach exposes big gaps in cyber security
Until this week, SolarWinds was a little known IT software group from Texas. Its deserted lobby has a framed magazine article from a few years ago when it was on a list of America’s “Best Small Companies”.
Now the Austin-based company is at the heart of one of the biggest and most startling cyber hacks in recent history, with ramifications that extend into the fields of geopolitics, espionage and national security.
For nine months, sophisticated state-backed hackers have exploited a ubiquitous SolarWinds software product in order to spy on government and business networks around the world, including in the US, UK, Israel and Canada. Wielding innovative tools and tradecraft, the cyber spies lurked in email services, and posed as legitimate staffers to tap confidential information stored in the cloud.
The bombshell revelations have sent 18,000 exposed SolarWinds customers scrambling to assess whether outsiders did indeed enter their systems, what the damage was and how to fix it.
https://www.ft.com/content/c13dbb51-907b-4db7-8347-30921ef931c2
A wake-up for the world on cyber security
Imagine intruders break into your home and loiter undetected for months, spying on you and deciding which contents to steal. This in essence is the kind of access that hackers, assumed to be Russian, achieved in recent months at US government institutions including the Treasury and departments of commerce and homeland security, and potentially many US companies. If the fear in the Cold War was of occasional “moles” gaining access to secrets, this is akin to a small army of moles burrowing through computer systems. The impact is still being assessed, but it marks one of the biggest security breaches of the digital era.
https://www.ft.com/content/d3fc0b14-4a82-4671-b023-078516ea714e
US government, thousands of businesses now thought to have been affected by SolarWinds security attack
Thousands of businesses and several branches of the US government are now thought to have been affected by the attack on software firm SolarWinds.
The Austin-based company has fallen victim to a massive supply chain attack believed to be the work of state-sponsored hackers.
Along with the US treasury and commerce departments, the Department of Homeland Security is now thought to have been affected by the attack. In a statement to the SEC today, SolarWinds said it had notified 33,000 customers of its recent hack, but that only 18,000 of these used the affected version of its Orion platform.
https://www.techradar.com/uk/news/solarwinds-suffers-massive-supply-chain-attack
White House activates cyber emergency response under Obama-era directive
In the wake of the SolarWinds breach, the National Security Council has activated an emergency cyber security process that is intended to help the government plan its response and recovery efforts, according to White House officials and other sources.
The move is a sign of just how seriously the Trump administration is taking the foreign espionage operation, former NSC officials told CyberScoop.
The action is rooted in a presidential directive issued during the Obama administration known as PPD-41, which establishes a Cyber Unified Coordination Group (UCG) that is intended to help the U.S. government coordinate multiple agencies’ responses to the significant hacking incident.
The UCG is generally led by the Department of Justice — through the FBI and the National Cyber Investigative Joint Task Force — as well as the Office of the Director of National Intelligence and the Department of Homeland Security.
https://www.cyberscoop.com/solarwinds-white-house-national-security-council-emergency-meetings/
Hackers targeted US nuclear weapons agency in massive cyber security breach, reports say
The National Nuclear Security Administration and Energy Department, which safeguard the US stockpile of nuclear weapons, have had their networks hacked as part of the widespread cyber espionage attack on a number of federal agencies.
Politico reports that officials have begun coordinating notifications about the security breach to the relevant congressional oversight bodies.
Suspicious activity was identified in the networks of the Federal Energy Regulatory Commission (FERC), Los Alamos and Sandia national laboratories in New Mexico and Washington, the Office of Secure Transportation, and the Richland Field Office of the Department of Energy.
Officials with direct knowledge of the matter said hackers have been able to do more damage to the network at FERC, according to the report.
Microsoft warns UK companies were targeted by SolarWinds hackers
Microsoft has warned that some of its UK customers have been exposed to the malware used in the Russia-linked SolarWinds hack that targeted US states and government agencies.
More than 40 of the tech giant's customers are thought to have used breached SolarWinds software, including clients in Britain, the US, Canada, Mexico, Belgium, Spain, Israel, and the UAE.
The company would not name the victims, but said they include government agencies, think tanks, non-governmental organisations and IT firms. Microsoft said four in five were in the US, with nearly half of them tech companies.
“This is not ‘espionage as usual,’ even in the digital age,” said Brad Smith, Microsoft's president. “Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world.”
The attackers, believed to be working for the Russian government, got into computer networks by installing a vulnerability in Orion software from SolarWinds.
Society at Increasingly High Risk of Cyber Attacks
Cyber attacks are becoming easier to conduct while conversely security is getting increasingly difficult, according to Kevin Curran, senior IEEE member and professor of cyber security, Ulster University, during a virtual media roundtable.
“Any company you can think of has had a data breach,” he commented. “Whenever a data breach happens it weakens our credentials because our passwords are often reused on different websites.”
He observed that the art of hacking doesn’t necessarily require a significant amount of technical expertise anymore, and bad actors can receive substantial help from numerous and readily accessible tools online. “You don’t have to spend seven years in college to learn how to hack, you just have to know about these sites and what terms to use,” noted Curran.
A number of legitimate online mechanisms that can help damaging attacks to be launched by hackers were highlighted by Curran in his presentation. These include Google Dorks, which are “search strings which point to website vulnerabilities.” This means vulnerable accounts can be identified simply via Google searches.
https://www.infosecurity-magazine.com/news/society-increasingly-risk-cyber/
Three million users installed 28 malicious Chrome or Edge extensions
More than three million internet users are believed to have installed 15 Chrome, and 13 Edge extensions that contain malicious code, security firm Avast said today.
The 28 extensions contained code that could perform several malicious operations, including:
-redirect user traffic to ads
-redirect user traffic to phishing sites
-collect personal data, such as birth dates, email addresses, and active devices
-collect browsing history
-download further malware onto a user's device
But despite the presence of code to power all the above malicious features, Avast researchers said they believe the primary objective of this campaign was to hijack user traffic for monetary gains.
https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/
Vaccines for sale on dark web as criminals target pandemic profits
Black market vendors were offering coronavirus vaccines for sale on hidden parts of the internet days after the first Covid-19 shot was approved this month, as criminals seek to profit from global demand for inoculations.
One such offer on the so-called dark web, traced by cyber security company Check Point Software, was priced at $250 with the seller promising “stealth” delivery in double-wrapped packaging. Shipping from the US via post or a leading courier company would cost $20, with an extra $5 securing overnight delivery.
https://www.ft.com/content/8bfc674e-efe6-4ee0-b860-7fcb5716bed6
Threats
Ransomware
FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay
House purchases in Hackney fall through following cyber attack against council
Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers
Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
Phishing
Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam
Microsoft Office 365 Credentials Under Attack By Fax ‘Alert’ Emails
IoT
Malware
New iOS and Android spyware responsible for multi-layered sextortion campaign
Google Chrome, Firefox, Edge hijacked by massive malware attack: What you need to know
This nasty malware is infecting every web browser — what to do now
Tor malware is becoming a worryingly popular ransomware tool
Vulnerabilities
Israeli Phone-hacking Firm Claims It Can Now Break Into Encrypted Signal App
PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs
Zero-day in WordPress SMTP plugin abused to reset admin account passwords
Sophos fixes SQL injection vulnerability in their Cyberoam OS
Wormable code-execution flaw in Cisco Jabber has a severity rating of 9.9 out of 10
Data Breaches
Twitter hit with €450,000 GDPR fine nearly two years after disclosing data breach
Data Leak Exposes Details of Two Million Chinese Communist Party Members
Organised Crime
Nation State Actors
Privacy
UK police unlawfully processing over a million people’s data on Microsoft 365
Sci-fi surveillance: Europe's secretive push into biometric technology
Other News
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 04 December 2020
Black Arrow Cyber Threat Briefing 4 December 2020: Covid vaccine supply chain targeted by hackers; Criminals Favour Ransomware and BEC; Bank Employee Sells Personal Data of 200,000 Clients; 2020 Pandemic changing short- and long-term approaches to risk; Cyber risks take the fun out of connected toys; Remote Workers Admit Lack of Security Training
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
Covid vaccine supply chain targeted by hackers, say security experts
Cyber attackers have targeted the cold supply chain needed to deliver Covid-19 vaccines, according to a report detailing a sophisticated operation likely backed by a nation state.
The hackers appeared to be trying to disrupt or steal information about the vital processes to keep vaccines cold as they travel from factories to hospitals and doctors’ offices.
https://www.ft.com/content/9c303207-8f4a-42b7-b0e4-cf421f036b2f
Criminals to Favour Ransomware and BEC Over Breaches in 2021
The era of the mega-breach may be coming to an end as cyber-criminals eschew consumers’ personal data and focus on phishing and ransomware.
Cyber-criminals are relying less on stolen personal information and more on “poor consumer behaviors” such as password reuse to monetize attacks.
https://www.infosecurity-magazine.com/news/criminals-favor-ransomware-bec/
Bank Employee Sells Personal Data of 200,000 Clients
South Africa–based financial services group Absa has stated that one of its employees sold the personal information of 200,000 clients to third parties.
The group confirmed on Wednesday that the illegal activity had occurred and that 2% of Absa's retail customer base had been impacted.
The employee allegedly responsible for it was a credit analyst who had access to the group's risk-modeling processes.
Data exposed as a result of the security incident included clients' ID numbers, addresses, contact details, and descriptions of vehicles that they had purchased on finance.
https://www.infosecurity-magazine.com/news/bank-employee-sells-personal-data/
LastPass review: Still the leading password manager, despite security history
"'Don't put all your eggs in one basket' is all wrong. I tell you 'put all your eggs in one basket, and then watch that basket,'" said industrialist Andrew Carnegie in 1885. When it comes to privacy tools, he's usually dead wrong. In the case of password managers, however, Carnegie is usually more dead than wrong. To wit, I have been using LastPass so long I don't know when I started using LastPass and, for now, I've got no reason to change that.
The most significant security innovations of 2020
Who gets access? That is the question that drives every security measure and innovation that’s landed on PopSci’s annual compendium since we launched the category in 2008. Every year, that question gets bigger and bigger. In 2020, the world quaked under a global pandemic that took 1.4 million lives, the US saw a rebirth in its civil rights movement, and a spate of record-breaking wildfires forced entire regions to evacuate. And those are just the new scares. A buildup of angst against ad trackers and app snooping led to major changes in hardware and software alike. It was a year full of lessons, nuances, and mini revolutions, and we strive to match that with our choices.
https://www.popsci.com/story/technology/most-important-security-innovations-2020/
2020 security priorities: Pandemic changing short- and long-term approaches to risk
Security planning and budgeting is always an adventure. You can assess current risk and project the most likely threats, but the only real constant in cybersecurity risk is its unpredictability. Layer a global pandemic on top of that and CISOs suddenly have the nearly impossible task of deciding where to request and allocate resources in 2021.
Show how the COVID pandemic has changed what security focuses on now and what will drive security priorities and spending in 2021. Based on a survey of 522 security professionals from the US, Asia/Pacific and Europe, the study reveals how the pandemic has changed the way organizations assess risk and respond to threats—permanently.
Cyber risks take the fun out of connected toys
As Christmas approaches, internet-enabled smart toys are likely to feature heavily under festive trees. While some dolls of decades past were only capable of speaking pre-recorded phrases, modern equivalents boast speech recognition and can search for answers online in real time.
Other connected gadgets include drones or cars such as Nintendo’s Mario Kart Live Home Circuit, where players race each other in a virtual world modelled after their home surroundings.
But for all the fun that such items can bring, there is a risk — poorly-secured Internet of Things toys can be turned into convenient tools for hackers.
https://www.ft.com/content/c653e977-435f-4553-8401-9fa9b0faf632
Remote Workers Admit Lack of Security Training
A third of remote working employees have not received security training in the last six months.
400 remote workers in the UK across multiple industries, while 83% have had access to security best practice training and 88% are familiar with IT security policies, 32% have received no security training in the last six months.
Also, 50% spend two or more hours a week on IT issues, and 42% felt they had to go around the security policies of their organization to do their job.
https://www.infosecurity-magazine.com/news/remote-workers-training/
Threats
Ransomware
Delaware County Pays $500,000 Ransom After Outages
A US county is in the process of paying half-a-million dollars to ransomware extorters who locked its local government network, according to reports.
Pennsylvania’s Delaware County revealed the attack last week, claiming in a notice that it had disrupted “portions of its computer network.
“We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems,” it said.
https://www.infosecurity-magazine.com/news/delaware-county-pays-500k-ransom/
MasterChef Producer Hit by Double Extortion Ransomware
A multibillion-dollar TV production company has become the latest big corporate name caught out by ransomware, it emerged late last week.
The firm owns over 120 production firms around the world, delivering TV shows ranging from MasterChef and Big Brother to Black Mirror and The Island with Bear Grylls.
In a short update last Thursday, it claimed to be managing a “cyber-incident” affecting the networks of Endemol Shine Group and Endemol Shine International, Dutch firms it acquired in a $2.2bn deal in July.
Although ransomware isn’t named in the notice, previous reports suggest the firm is being extorted.
https://www.infosecurity-magazine.com/news/masterchef-producer-double/
Sopra Steria to take multi-million euro hit on ransomware attack
The company revealed in October that it had been hit by hackers using a new version of Ryuk ransomware.
It now says that the fallout, with various systems out of action, is likely to have a gross negative impact on operating margin of between €40 million and €50 million.
The group's insurance coverage for cyber risks is EUR30 million, meaning that negative organic revenue growth for the year is now expected to be between 4.5% and five per cent (previously between two per cent and four per cent). Free cash flow is now expected to be between €50 million and €100 million (previously between €80 million and €120 million).
BEC
FBI: BEC Scams Are Using Email Auto-Forwarding
The agency notes in an alert made public this week that since the COVID-19 pandemic began, leading to an increasingly remote workforce, BEC scammers have been taking advantage of the auto-forwarding feature within compromised email inboxes to trick employees to send them money under the guise of legitimate payments to third parties.
This tactic works because most organizations do not sync their web-based email client forwarding features with their desktop client counterparts. This limits the ability of system administrators to detect any suspicious activities and enables the fraudsters to send malicious emails from the compromised accounts without being detected, the alert, sent to organizations in November and made public this week, notes.
https://www.bankinfosecurity.com/fbi-bec-scams-are-using-email-auto-forwarding-a-15498
Phishing
Phishing lures employees with fake 'back to work' internal memos
Scammers are trying to steal email credentials from employees by impersonating their organization's human resources (HR) department in phishing emails camouflaged as internal 'back to work' company memos.
These phishing messages have managed to land in thousands of targeted individuals' mailboxes after bypassing G Suite email defences according to stats provided by researchers at email security company Abnormal Security who spotted this phishing campaign.
There is a high probability that some of the targets will fall for the scammers' tricks given that during this year's COVID-19 pandemic most companies have regularly emailed their employees with updates regarding remote working policy changes.
Warning: Massive Zoom phishing targets Thanksgiving meetings
Everyone should be on the lookout for a massive ongoing phishing attack today, pretending to be an invite for a Zoom meeting. Hosted on numerous landing pages, BleepingComputer has learned that thousands of users' credentials have already been stolen by the attack.
With many in the USA hosting virtual Thanksgiving dinners and people in other countries conducting Zoom business meetings, as usual, today is a prime opportunity to perform a phishing attack using Zoom invite lures.
Malware
All-new Windows 10 malware is excellent at evading detection
Security researchers at Kaspersky have discovered a new malware strain developed by the hacker-for-hire group DeathStalker that has been designed to avoid detection on Windows PCs.
While the threat actor has been active since at least 2012, DeathStalker first drew Kaspersky's attention back in 2018 because of its distinctive attack characteristics which didn't resemble those employed by cybercriminals or state-sponsored hackers.
https://www.techradar.com/news/all-new-windows-10-malware-is-excellent-at-evading-detection
New TrickBot version can tamper with UEFI/BIOS firmware
The operators of the TrickBot malware botnet have added a new capability that can allow them to interact with an infected computer's BIOS or UEFI firmware.
The new capability was spotted inside part of a new TrickBot module, first seen in the wild at the end of October, security firms Advanced Intelligence and Eclypsium said in a joint report published today.
The new module has security researchers worried as its features would allow the TrickBot malware to establish more persistent footholds on infected systems, footholds that could allow the malware to survive OS reinstalls.
https://www.zdnet.com/article/new-trickbot-version-can-tamper-with-uefibios-firmware/
Russia-linked APT Turla used a new malware toolset named Crutch
Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country.
The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.
https://securityaffairs.co/wordpress/111813/apt/turla-crutch-malware-platform.html
MacBooks under attack by dangerous malware: What to do
a recent spate of malware attacks targeting macOS of late that installs backdoors to steal sensitive personal information. The security firm discovered that a new malware variant is being used online and backed by a rogue nation-state hacking group known as OceanLotus, which also operates under the name AKTP2 and is based in Vietnam.
The new malware was created by OceanLotus due to the “similarities in dynamic behavior and code” from previous malware connected to the Vietnamese-based hacking group.
https://www.laptopmag.com/news/macbooks-under-attack-by-dangerous-malware-what-to-do
Hackers Using Monero Mining Malware as Decoy, Warns Microsoft
The company’s intelligence team said a group called BISMUTH hit government targets in France and Vietnam with relatively conspicuous monero mining trojans this summer. Mining the crypto generated side cash for the group, but it also distracted victims from BISMUTH’s true campaign: credential theft.
Crypto-jacking “allowed BISMUTH to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re ‘commodity’ malware,” Microsoft concluded. It said the conspicuousness of monero mining fits BISMUTH’s “hide in plain sight” MO.
Microsoft recommended organizations stay vigilant against crypto-jacking as a possible decoy tactic.
https://www.coindesk.com/hackers-using-monero-mining-malware-as-decoy-warns-microsoft
Vulnerabilities
Zerologon is now detected by Microsoft Defender for Identity
There has been a huge focus on the recently patched CVE-2020-1472 Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While Microsoft strongly recommends that you deploy the latest security updates to your servers and devices, we also want to provide you with the best detection coverage possible for your domain controllers. Microsoft Defender for Identity along with other Microsoft 365 Defender solutions detect adversaries as they try to exploit this vulnerability against your domain controllers.
Privacy
'We've heard the feedback...' Microsoft 365 axes per-user productivity monitoring after privacy backlash
If you heard a strange noise coming from Redmond today, it was the sound of some rapid back-pedalling regarding the Productivity Score feature in its Microsoft 365 cloud platform.
Following outcry from subscribers and privacy campaigners, the Windows giant has now vowed to wind back the functionality so that it no longer produces scores for individual users, and instead just summarizes the output of a whole organization. It was feared the dashboard could have been used by bad bosses to measure the productivity of specific employees using daft metrics like the volume of emails or chat messages sent through Microsoft 365.
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.