Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 17 September 2021
Black Arrow Cyber Threat Briefing 17 September 2021
-Ransomware Preparedness Is Low Despite Executives’ Concerns
-MSPs That Cannot Modernize Will Find Themselves And Their Clients Falling Behind
-Two-Thirds Of Cloud Attacks Could Be Stopped By Checking Configurations, Research Finds
-Open Source Software Cyber Attacks Increasing By 650%, Popular Projects More Vulnerable
-Third-Party Cloud Providers: Expanding The Attack Surface
-Ransomware Encrypts South Africa's Entire Dept Of Justice Network
-2021’s Most Dangerous Software Weaknesses
-46% Of All On-Prem Databases Are Vulnerable To Attack, Breaches Expected To Grow
-Most Fortune 500 Companies’ External IT Infrastructure Considered At Risk
-Thousands Of Internet-Connected Databases Contain High Or Critical Vulnerabilities
-Only 30% Of Enterprises Use Cloud Services With End to End Encryption For External File Sharing
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Preparedness Is Low Despite Executives’ Concerns
86.7% of C-suite and other executives say they expect the number of cyber attacks targeting their organisations to increase over the next 12 months, according to a recent poll conducted by researchers. While 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organisations over the next 12 months, only 33.3% say that their organisations have simulated ransomware attacks to prepare for such an incident. https://www.helpnetsecurity.com/2021/09/15/ransomware-preparedness/
MSPs That Cannot Modernize Will Find Themselves And Their Clients Falling Behind
Researchers sought feedback from IT professionals to explore the performance of modern (and not-so-modern) managed service providers (MSPs). The survey found that even satisfactory MSPs are falling short in certain key areas: cloud strategy, security, and IT spending. https://www.helpnetsecurity.com/2021/09/16/msps-falling-behind/
Two-Thirds Of Cloud Attacks Could Be Stopped By Checking Configurations, Research Finds
On Wednesday, researchers published its latest Cloud Security Threat Landscape report, spanning Q2 2020 through Q2 2021. According to the research, two out of three breached cloud environments observed by the tech giant "would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems." https://www.zdnet.com/article/two-thirds-of-cloud-attacks-could-be-stopped-by-checking-configurations-research-finds/
Open Source Software Cyber Attacks Increasing By 650%, Popular Projects More Vulnerable
Researchers released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. https://www.helpnetsecurity.com/2021/09/17/open-source-cyberattacks/
Third-Party Cloud Providers: Expanding The Attack Surface
In the era of digital transformation, which is essentially an organisation’s way of stating they are increasing their reliance on cloud-based services—enterprises’, digital landscapes are more interconnected than ever before. This means that the company you buy a technology function from may have downstream third-party providers that enable plumbing, infrastructure and development technology that drive their business. With modern computing environments moving further away from the enterprise, the safety assumption paradigm is shifting. This has impacted the threat landscape because as organisations increase migration to the cloud (a third party), they must now consider that these newly onboarded third parties may have serious security issues that could present adversaries with opportunities to infiltrate your network. https://www.helpnetsecurity.com/2021/09/13/third-party-cloud-providers/
Ransomware Encrypts South Africa's Entire Dept Of Justice Network
The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online. https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/
2021’s Most Dangerous Software Weaknesses
Researchers recently updated a list of the top 25 most dangerous software bugs, and it’s little surprise that a number of them have been on that list for years. The Common Weakness Enumeration (CWE) list represents vulnerabilities that have been widely known for years, yet are still being coded into software and being bypassed by testing. Both developers and testers presumably know better by now, but keep making the same mistakes in building applications. https://threatpost.com/2021-angerous-software-weaknesses/169458/
46% Of All On-Prem Databases Are Vulnerable To Attack, Breaches Expected To Grow
A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ severity, aligned with guidelines from the National Institute of Standards and Technology (NIST). This indicates that many organisations are not prioritizing the security of their data and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years. https://www.helpnetsecurity.com/2021/09/15/on-prem-databases-vulnerable/
Most Fortune 500 Companies’ External IT Infrastructure Considered At Risk
Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organisation, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, as research reveal. https://www.helpnetsecurity.com/2021/09/15/external-it-infrastructure-risk/
Thousands Of Internet-Connected Databases Contain High Or Critical Vulnerabilities
After spending five years poring over port scan results, researchers reckon there's about 12,000 vulnerability-containing databases accessible through the internet. The study also found that of the 46 per cent of 27,000 databases scanned, just over half that number contained "high" or "critical" vulns as defined by their CVE score. https://www.theregister.com/2021/09/14/imperva_12k_database_vuln_report/
Only 30% Of Enterprises Use Cloud Services With End to End Encryption For External File Sharing
A recent study of enterprise IT security decision makers conducted by researchers shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. https://www.helpnetsecurity.com/2021/09/13/external-file-sharing/
Threats
Ransomware
The State Of Ransomware: National Emergencies And Million-Dollar Blackmail
Ransomware Attackers Targeted App Developers With Malicious Office Docs, Says Microsoft
Microsoft: Windows MSHTML Bug Now Exploited By Ransomware Gangs
Ransomware Gang Threatens To Wipe Decryption Key If Negotiator Hired
US General In Charge Of Cyber Security Pledges ‘Surge’ To Address Ransomware Attacks
REvil Ransomware Is Back In Full Attack Mode And Leaking Data
Ransomware-Hit Law Firm Secures High Court Judgment Against Unknown Criminals
Ransomware Encrypts South Africa's Entire Dept Of Justice Network
BEC
Phishing
Other Social Engineering
Brits Open Doors For Tech-Enabled Fraudsters Because They 'Don't Want To Seem Rude'
Scammers In Russia Offer Free Bitcoin On A Hacked Government Website
Malware
Mobile
Cyber Security Expert: Israeli Spyware Company NSO Group Poses ‘A Serious Threat To Phone Users’
After The T-Mobile Breach, Companies Are Preventing Customers From Securing Their Accounts
IOT
Vulnerabilities
Microsoft September 2021 Patch Tuesday Fixes 2 Zero-Days, 60 Flaws
Third Critical Bug Affects Netgear Smart Switches — Details And PoC Released
Patch Now! PrintNightmare Over, MSHTML Fixed, A New Horror Appears … OMIGOD
No Patch For High-Severity Bug In Legacy IBM System X Servers
Experts Warn About Vulnerabilities of U.S. GPS System To Cyber Terrorists
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
DoS/DDoS
Nation State Actors
Cloud
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 September 2021
Black Arrow Cyber Threat Briefing 10 September 2021
-91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations
-Ransomware Attacks Increased Exponentially In 2021
-One In Three Suspect Phishing Emails Reported By Employees Really Are Malicious
-Hackers Shift From Malware To Credential Hijacking
-Attacker Breakout Time Now Less Than 30 Minutes
-Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices
-The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge
-Hackers Exploit Camera Vulnerabilities To Spy On Parents
-39% Of All Internet Traffic Is From Bad Bots
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations
A new survey suggests that most IT staff have felt pressured to ignore security concerns in favour of business operations. On Thursday, a new study report was released, which combines data from an online YouGov survey targeting office workers that adopted WFH and global research conducted with IT decision-makers. In total, 91% of those surveyed said that they have felt "pressured" to compromise security due to the need for business continuity during the COVID-19 pandemic. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a "ticking time bomb" for corporate security incidents. https://www.zdnet.com/article/91-of-it-teams-have-felt-forced-to-trade-security-for-business-operations/
Ransomware Attacks Increased Exponentially In 2021
The growing threat of ransomware has been highlighted by NCC Group's Research Intelligence and Fusion Team (RIFT) analysis. Between January-March 2021 and April-June 2021, the number of ransomware assaults studied by the team climbed by 288%, indicating that enterprises are still facing waves of digital extortion in the form of targeted ransomware. https://www.ehackingnews.com/2021/09/ransomware-attacks-increased.html
Phishing Attacks: One In Three Suspect Emails Reported By Employees Really Are Malicious
All the time spent ticking boxes in cyber security training sessions seems to be paying off after all: according to a new report, about a third of emails reported by employees really are malicious or highly suspect, demonstrating the effectiveness of the well-established maxim "Think before you click". Researchers analysed over 200,000 emails that were flagged by employees from organisations across the globe in the first half of 2021 and found that 33% of the reports could be classified as phishing. https://www.zdnet.com/article/phishing-attacks-one-in-three-suspect-emails-reported-by-employees-really-are-malicious/
Hackers Shift From Malware To Credential Hijacking
Adversaries are relying less on malware to conduct attacks that are consequently more difficult to detect, according to an annual report conducted by researchers. “According to data from our customer base indexed by Threat Graph, 68% of detections from the last three months were not malware-based,” reads the report released Wednesday. “Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint, using legitimate credentials and built-in tools (living off the land)—which are deliberate efforts to evade detection by traditional antivirus products.” https://www.nextgov.com/cybersecurity/2021/09/report-hackers-shift-malware-credential-hacking/185209/
Attacker Breakout Time Now Less Than 30 Minutes
The average time it takes threat actors to move from initial access to lateral movement has fallen by 67% over the past year, putting extra pressure on security operations (SecOps) teams, according to researchers. The findings come from researchers own investigations with customers across around 248,000 unique global endpoints. For incidents where this “breakout time” could be derived over the past year, it averaged just 1 hour 32 minutes. However, in over a third (36%) of intrusions, adversaries managed to move laterally to additional hosts in under 30 minutes. https://www.infosecurity-magazine.com/news/attacker-breakout-time-now-less/
Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices
Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday. https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html
53% Find It Difficult To Prevent An Insider Attack During Data Aggregation
Recent data from researchers found that 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack. The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception. To fully understand any insider incident, visibility into the entire kill chain of an attack is imperative to preventing the exfiltration of critical data. https://venturebeat.com/2021/09/02/53-find-it-difficult-to-prevent-an-insider-attack-during-data-aggregation/
The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge
Not only have ransomware attacks spiked, the amount of ransom demanded has grown exponentially—to somewhere between $50 and $70 million dollars. Cyber Insurers can’t cover “whatever amount the hacker demands”—so major policies lost money. Insurers have responded by raising premiums, restricting coverage, or even getting out of the cyber-insurance game altogether in vulnerable markets. https://www.helpnetsecurity.com/2021/09/10/cyber-insurance-ransomware/
Hackers Exploit Camera Vulnerabilities To Spy On Parents
Various zero day vulnerabilities in home baby monitor could be compromised that lets threat actors hack into camera feed and put malicious codes like malware. The security issues were found in the IoT gadgets, made by China based developer Victure, that were found by researchers. In a security report, researchers revealed about the stack-based buffer flaw present in ONVIF server Victure PC420 component camera that allows hackers to plant remote codes on the victim device. When compromised, hacker can discover cameras (not owned by them) and command devices to broadcast camera feeds to third party and exploit the camera firmware. https://www.ehackingnews.com/2021/09/hackers-exploit-camera-vulnerabilities.html
39% Of All Internet Traffic Is From Bad Bots
Automated traffic takes up 64% of internet traffic – and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals.
These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots. These advanced bots try their best to evade standard defences and attempt to perform their malicious activities under the radar. The report revealed that the most common of these persistent bots were ones that went after e-commerce applications and login portals. https://www.helpnetsecurity.com/2021/09/07/bad-bots-internet-traffic/
Threats
Ransomware
BEC
Phishing
Other Social Engineering
Malware
Traffic Exchange Networks Distributing Malware Disguised As Cracked Software
New Malware Uses Novel Fileless Technique To Evade Detection
Mobile
IOT
Vulnerabilities
Zoho ManageEngine Password Manager Zero-Day Gets A Fix, Amid Attacks
New CPU Side-Channel Attack Takes Aim At Chrome’s Site Isolation Feature
Microsoft, CISA Urge Mitigations For Zero-Day RCE Flaw In Windows
Atlassian CISO Defends Company's Confluence Vulnerability Response, Urges Patching
PoC Released For GhostScript Vulnerability That Exposed Airbnb, Dropbox
New 0-Day Attack Targeting Windows Users With Microsoft Office Documents
Cisco Patches Critical Authentication Bug With Public Exploit
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
Insider Threats
DoS/DDoS
Nation State Actors
Cloud
Privacy
Other News
OWASP Shakes Up Web App Threat Categories With Release Of Draft Top 10
A Zero-Trust Future: Why Cyber Security Should Be Prioritized For The Hybrid Working World
Microsoft Has A $20 Billion Hacking Plan, But Cyber Security Has A Big Spending Problem
Misbehaving Microsoft Teams Ad Brings Down The Entire Windows 11 Desktop
This Seemingly Normal Lightning Cable Will Leak Everything You Type
HSE Cyber Attack: Irish Health Service Still Recovering Months After Hack
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 March 2021
Black Arrow Cyber Threat Briefing 12 March 2021: ‘Really Messy’: Why The Hack of Microsoft’s Email System Is Getting Worse - Attacks Doubling Every Two Hours; Trickbot Malware Becoming Huge Security Headache; Criminals Targeting Browser Zero Days; More Than 1m Small Businesses ‘At Risk Of Collapse’ Due To Cyber Threats; Ransomware Attacks Up 150%; Massive Supply-Chain Cyber Attack Breaches Several Airlines; Millions Of Windows Devices Are Still Infested With Malware; Browser Extensions Looking at Bank Accounts?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
‘Really Messy’: Why The Hack of Microsoft’s Email System Is Getting Worse, With Attacks Doubling Every Two Hours
The cyber security community sprang into action after Microsoft first announced a series of vulnerabilities that let hackers break into the company's Exchange email and calendar programs. China has used it to spy on a wide range of industries in the United States ranging from medical research to law firms to defence contractors, the company said. China has denied responsibility. In the past 24 hours, the team has observed "exploitation attempts on organizations doubling every two to three hours." The countries feeling the brunt of attack attempts are Turkey, the United States, and Italy, accounting for 19%, 18%, and 10% of all tracked exploit attempts, respectively.
https://www.zdnet.com/article/microsoft-exchange-server-hacks-doubling-every-two-hours/
Trickbot Malware Is Now Your Biggest Security Headache
Trickbot malware has risen to fill the gap left by the takedown of the Emotet botnet, with a higher number of criminals shifting towards it to distribute malware attacks. Emotet was the world's most prolific and dangerous malware botnet before it was disrupted by an international law enforcement operation in January this year.
https://www.zdnet.com/article/this-trojan-malware-is-now-your-biggest-security-headache/
Cyber Criminals Are Increasingly Targeting Browser Zero Days
As more and more of our work is done within our browsers, cyber criminals have begun to leverage web browser exploits to compromise endpoint systems, according to new research from Menlo Security. At the same time, enterprises around the world were forced to make an almost overnight transition to remote work last year and this surge in employees working from home along with the shift to cloud computing have resulted in a greatly increased attack surface.
https://www.techradar.com/news/cybercriminals-are-increasingly-targeting-browser-zero-days
More Than 1m Small Businesses ‘At Risk Of Collapse’ Due To Cyber Threats
The research, commissioned by Vodafone, also showed that 16 per cent of firms would likely be forced to lay off staff in the event of a hack. As a result, the report called on ministers to beef up the country’s corporate cyber defences, warning that a failure to do so could hamper the post-pandemic economic recovery. It urged the government to expand a dedicated business cyber security within the National Cyber Security Centre (NCSC), which is part of GCHQ, and introduce a five per cent VAT cut on cybersecurity products for small companies.
Number Of Ransomware Attacks Grew By More Than 150%
By the end of 2020, the ransomware market, fueled by the pandemic turbulence, had turned into the biggest cyber crime money artery. Based on the analysis of more than 500 attacks observed during Group-IB’s own incident response engagements and cyber threat intelligence activity, researchers estimate that the number of ransomware attacks grew by more than 150% in 2020.
https://www.helpnetsecurity.com/2021/03/08/ransomware-attacks-grew-2020/
Hackers Are Using Home Office Selfies To Steal Your Personal Data
The pandemic has been the source of plenty of memes and new internet trends, not least the remote working selfie, which involves people taking photos of their home office setup or video conferencing sessions. However, a new blog suggests cyber criminals are capitalizing on this new genre of selfie to steal a range of personal data that could be used to execute identity or financial fraud.
https://www.techradar.com/uk/news/hackers-are-using-home-office-selfies-to-steal-your-personal-data
Massive Supply-Chain Cyber Attack Breaches Several Airlines
A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.” The affected servers are in Atlanta, and belong to the SITA Passenger Service System (SITA PSS).
https://threatpost.com/supply-chain-cyberattack-airlines/164549/
Millions Of Windows Devices Are Still Infested With Malware
Over 100 million Windows consumer and business devices across the world were infected with malware last year, new analysis has found. While examining the recent Malwarebytes "State of Malware" report, Atlas VPN noted that whilst the number of infected Windows machines seems high, this landmark figure was actually 12% drop when compared to 2019.
https://www.techradar.com/uk/news/millions-of-windows-devices-are-still-infested-with-malware
Did You Know Browser Extensions Are Looking at Your Bank Account?
Browser extensions have full access to all the web pages you visit. It can see which web pages you are browsing, read their contents, and watch everything you type. It could even modify the web pages—for example, by inserting extra advertisements. If the extension is malicious, it could gather all that private data of yours—from web browsing activity and the emails you type to your passwords and financial information—and send it to a remote server on the internet.
https://www.howtogeek.com/716771/did-you-know-browser-extensions-are-looking-at-your-bank-account/
Threats
Ransomware
Capcom reportedly forced employees to work in the office following ransomware attack
Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection
New ransomware only decrypts victims who join their Discord server
Phishing
Malware
Mobile
Vulnerabilities
Microsoft's March Patch Tuesday: Critical remote code execution flaws, IE zero-day fixed
F5 issues BIG-IP patches to tackle unauthenticated remote code execution, critical flaws
Hackers Exploit QNAP Vulnerabilities to Turn NAS Devices Into Crypto Miners
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect
Critical 0-day that targeted security researchers gets a patch
Intel CPU interconnects can be exploited by malware to leak encryption keys and other info
Organised Crime
Dark Web
OT, ICS, IIoT and SCADA
Nation-State Actors
Researchers Unveil New Linux Malware Linked to Chinese Hackers
United States considering cyber war on Russia in retaliation for SolarWinds hack
Privacy
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.