Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 September 2021

Black Arrow Cyber Threat Briefing 17 September 2021

-Ransomware Preparedness Is Low Despite Executives’ Concerns

-MSPs That Cannot Modernize Will Find Themselves And Their Clients Falling Behind

-Two-Thirds Of Cloud Attacks Could Be Stopped By Checking Configurations, Research Finds

-Open Source Software Cyber Attacks Increasing By 650%, Popular Projects More Vulnerable

-Third-Party Cloud Providers: Expanding The Attack Surface

-Ransomware Encrypts South Africa's Entire Dept Of Justice Network

-2021’s Most Dangerous Software Weaknesses

-46% Of All On-Prem Databases Are Vulnerable To Attack, Breaches Expected To Grow

-Most Fortune 500 Companies’ External IT Infrastructure Considered At Risk

-Thousands Of Internet-Connected Databases Contain High Or Critical Vulnerabilities

-Only 30% Of Enterprises Use Cloud Services With End to End Encryption For External File Sharing

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.


Top Cyber Stories of the Last Week

Ransomware Preparedness Is Low Despite Executives’ Concerns

86.7% of C-suite and other executives say they expect the number of cyber attacks targeting their organisations to increase over the next 12 months, according to a recent poll conducted by researchers. While 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organisations over the next 12 months, only 33.3% say that their organisations have simulated ransomware attacks to prepare for such an incident. https://www.helpnetsecurity.com/2021/09/15/ransomware-preparedness/

MSPs That Cannot Modernize Will Find Themselves And Their Clients Falling Behind

Researchers sought feedback from IT professionals to explore the performance of modern (and not-so-modern) managed service providers (MSPs). The survey found that even satisfactory MSPs are falling short in certain key areas: cloud strategy, security, and IT spending. https://www.helpnetsecurity.com/2021/09/16/msps-falling-behind/

Two-Thirds Of Cloud Attacks Could Be Stopped By Checking Configurations, Research Finds

On Wednesday, researchers published its latest Cloud Security Threat Landscape report, spanning Q2 2020 through Q2 2021. According to the research, two out of three breached cloud environments observed by the tech giant "would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems." https://www.zdnet.com/article/two-thirds-of-cloud-attacks-could-be-stopped-by-checking-configurations-research-finds/

Open Source Software Cyber Attacks Increasing By 650%, Popular Projects More Vulnerable

Researchers released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. https://www.helpnetsecurity.com/2021/09/17/open-source-cyberattacks/

Third-Party Cloud Providers: Expanding The Attack Surface

In the era of digital transformation, which is essentially an organisation’s way of stating they are increasing their reliance on cloud-based services—enterprises’, digital landscapes are more interconnected than ever before. This means that the company you buy a technology function from may have downstream third-party providers that enable plumbing, infrastructure and development technology that drive their business. With modern computing environments moving further away from the enterprise, the safety assumption paradigm is shifting. This has impacted the threat landscape because as organisations increase migration to the cloud (a third party), they must now consider that these newly onboarded third parties may have serious security issues that could present adversaries with opportunities to infiltrate your network. https://www.helpnetsecurity.com/2021/09/13/third-party-cloud-providers/

Ransomware Encrypts South Africa's Entire Dept Of Justice Network

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online. https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/

2021’s Most Dangerous Software Weaknesses

Researchers recently updated a list of the top 25 most dangerous software bugs, and it’s little surprise that a number of them have been on that list for years. The Common Weakness Enumeration (CWE) list represents vulnerabilities that have been widely known for years, yet are still being coded into software and being bypassed by testing. Both developers and testers presumably know better by now, but keep making the same mistakes in building applications. https://threatpost.com/2021-angerous-software-weaknesses/169458/

46% Of All On-Prem Databases Are Vulnerable To Attack, Breaches Expected To Grow

A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ severity, aligned with guidelines from the National Institute of Standards and Technology (NIST). This indicates that many organisations are not prioritizing the security of their data and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years. https://www.helpnetsecurity.com/2021/09/15/on-prem-databases-vulnerable/

Most Fortune 500 Companies’ External IT Infrastructure Considered At Risk

Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organisation, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, as research reveal. https://www.helpnetsecurity.com/2021/09/15/external-it-infrastructure-risk/

Thousands Of Internet-Connected Databases Contain High Or Critical Vulnerabilities

After spending five years poring over port scan results, researchers reckon there's about 12,000 vulnerability-containing databases accessible through the internet. The study also found that of the 46 per cent of 27,000 databases scanned, just over half that number contained "high" or "critical" vulns as defined by their CVE score. https://www.theregister.com/2021/09/14/imperva_12k_database_vuln_report/

Only 30% Of Enterprises Use Cloud Services With End to End Encryption For External File Sharing

A recent study of enterprise IT security decision makers conducted by researchers shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. https://www.helpnetsecurity.com/2021/09/13/external-file-sharing/


Threats

Ransomware

BEC

Phishing

Other Social Engineering

Malware

Mobile

IOT

Vulnerabilities

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptojacking

DoS/DDoS

Nation State Actors

Cloud



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 September 2021

Black Arrow Cyber Threat Briefing 10 September 2021

-91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations

-Ransomware Attacks Increased Exponentially In 2021

-One In Three Suspect Phishing Emails Reported By Employees Really Are Malicious

-Hackers Shift From Malware To Credential Hijacking

-Attacker Breakout Time Now Less Than 30 Minutes

-Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

-The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge

-Hackers Exploit Camera Vulnerabilities To Spy On Parents

-39% Of All Internet Traffic Is From Bad Bots

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.


Top Cyber Stories of the Last Week

91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations

A new survey suggests that most IT staff have felt pressured to ignore security concerns in favour of business operations. On Thursday, a new study report was released, which combines data from an online YouGov survey targeting office workers that adopted WFH and global research conducted with IT decision-makers. In total, 91% of those surveyed said that they have felt "pressured" to compromise security due to the need for business continuity during the COVID-19 pandemic. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a "ticking time bomb" for corporate security incidents. https://www.zdnet.com/article/91-of-it-teams-have-felt-forced-to-trade-security-for-business-operations/

Ransomware Attacks Increased Exponentially In 2021

The growing threat of ransomware has been highlighted by NCC Group's Research Intelligence and Fusion Team (RIFT) analysis. Between January-March 2021 and April-June 2021, the number of ransomware assaults studied by the team climbed by 288%, indicating that enterprises are still facing waves of digital extortion in the form of targeted ransomware. https://www.ehackingnews.com/2021/09/ransomware-attacks-increased.html

Phishing Attacks: One In Three Suspect Emails Reported By Employees Really Are Malicious

All the time spent ticking boxes in cyber security training sessions seems to be paying off after all: according to a new report, about a third of emails reported by employees really are malicious or highly suspect, demonstrating the effectiveness of the well-established maxim "Think before you click".  Researchers analysed over 200,000 emails that were flagged by employees from organisations across the globe in the first half of 2021 and found that 33% of the reports could be classified as phishing. https://www.zdnet.com/article/phishing-attacks-one-in-three-suspect-emails-reported-by-employees-really-are-malicious/

Hackers Shift From Malware To Credential Hijacking

Adversaries are relying less on malware to conduct attacks that are consequently more difficult to detect, according to an annual report conducted by researchers. “According to data from our customer base indexed by Threat Graph, 68% of detections from the last three months were not malware-based,” reads the report released Wednesday. “Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint, using legitimate credentials and built-in tools (living off the land)—which are deliberate efforts to evade detection by traditional antivirus products.” https://www.nextgov.com/cybersecurity/2021/09/report-hackers-shift-malware-credential-hacking/185209/

Attacker Breakout Time Now Less Than 30 Minutes

The average time it takes threat actors to move from initial access to lateral movement has fallen by 67% over the past year, putting extra pressure on security operations (SecOps) teams, according to researchers. The findings come from researchers own investigations with customers across around 248,000 unique global endpoints. For incidents where this “breakout time” could be derived over the past year, it averaged just 1 hour 32 minutes. However, in over a third (36%) of intrusions, adversaries managed to move laterally to additional hosts in under 30 minutes. https://www.infosecurity-magazine.com/news/attacker-breakout-time-now-less/

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday. https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html

53% Find It Difficult To Prevent An Insider Attack During Data Aggregation

Recent data from researchers found that 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack. The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception. To fully understand any insider incident, visibility into the entire kill chain of an attack is imperative to preventing the exfiltration of critical data. https://venturebeat.com/2021/09/02/53-find-it-difficult-to-prevent-an-insider-attack-during-data-aggregation/

The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge

Not only have ransomware attacks spiked, the amount of ransom demanded has grown exponentially—to somewhere between $50 and $70 million dollars. Cyber Insurers can’t cover “whatever amount the hacker demands”—so major policies lost money. Insurers have responded by raising premiums, restricting coverage, or even getting out of the cyber-insurance game altogether in vulnerable markets. https://www.helpnetsecurity.com/2021/09/10/cyber-insurance-ransomware/

Hackers Exploit Camera Vulnerabilities To Spy On Parents

Various zero day vulnerabilities in home baby monitor could be compromised that lets threat actors hack into camera feed and put malicious codes like malware. The security issues were found in the IoT gadgets, made by China based developer Victure, that were found by researchers. In a security report, researchers revealed about the stack-based buffer flaw present in ONVIF server Victure PC420 component camera that allows hackers to plant remote codes on the victim device. When compromised, hacker can discover cameras (not owned by them) and command devices to broadcast camera feeds to third party and exploit the camera firmware. https://www.ehackingnews.com/2021/09/hackers-exploit-camera-vulnerabilities.html

39% Of All Internet Traffic Is From Bad Bots

Automated traffic takes up 64% of internet traffic – and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals.

These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots. These advanced bots try their best to evade standard defences and attempt to perform their malicious activities under the radar. The report revealed that the most common of these persistent bots were ones that went after e-commerce applications and login portals. https://www.helpnetsecurity.com/2021/09/07/bad-bots-internet-traffic/


Threats

Ransomware

BEC

Phishing

Other Social Engineering

Malware

Mobile

IOT

Vulnerabilities

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptojacking

Insider Threats

DoS/DDoS

Nation State Actors

Cloud

Privacy



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 12 March 2021

Black Arrow Cyber Threat Briefing 12 March 2021: ‘Really Messy’: Why The Hack of Microsoft’s Email System Is Getting Worse - Attacks Doubling Every Two Hours; Trickbot Malware Becoming Huge Security Headache; Criminals Targeting Browser Zero Days; More Than 1m Small Businesses ‘At Risk Of Collapse’ Due To Cyber Threats; Ransomware Attacks Up 150%; Massive Supply-Chain Cyber Attack Breaches Several Airlines; Millions Of Windows Devices Are Still Infested With Malware; Browser Extensions Looking at Bank Accounts?

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Image by Tumisu from Pixabay


Top Cyber Stories of the Last Week

‘Really Messy’: Why The Hack of Microsoft’s Email System Is Getting Worse, With Attacks Doubling Every Two Hours

The cyber security community sprang into action after Microsoft first announced a series of vulnerabilities that let hackers break into the company's Exchange email and calendar programs. China has used it to spy on a wide range of industries in the United States ranging from medical research to law firms to defence contractors, the company said. China has denied responsibility. In the past 24 hours, the team has observed "exploitation attempts on organizations doubling every two to three hours." The countries feeling the brunt of attack attempts are Turkey, the United States, and Italy, accounting for 19%, 18%, and 10% of all tracked exploit attempts, respectively.

https://www.nbcnews.com/tech/security/really-messy-hack-microsofts-email-system-getting-worse-rcna377

https://www.zdnet.com/article/microsoft-exchange-server-hacks-doubling-every-two-hours/

Trickbot Malware Is Now Your Biggest Security Headache

Trickbot malware has risen to fill the gap left by the takedown of the Emotet botnet, with a higher number of criminals shifting towards it to distribute malware attacks. Emotet was the world's most prolific and dangerous malware botnet before it was disrupted by an international law enforcement operation in January this year.

https://www.zdnet.com/article/this-trojan-malware-is-now-your-biggest-security-headache/

Cyber Criminals Are Increasingly Targeting Browser Zero Days

As more and more of our work is done within our browsers, cyber criminals have begun to leverage web browser exploits to compromise endpoint systems, according to new research from Menlo Security. At the same time, enterprises around the world were forced to make an almost overnight transition to remote work last year and this surge in employees working from home along with the shift to cloud computing have resulted in a greatly increased attack surface.

https://www.techradar.com/news/cybercriminals-are-increasingly-targeting-browser-zero-days

More Than 1m Small Businesses ‘At Risk Of Collapse’ Due To Cyber Threats

The research, commissioned by Vodafone, also showed that 16 per cent of firms would likely be forced to lay off staff in the event of a hack. As a result, the report called on ministers to beef up the country’s corporate cyber defences, warning that a failure to do so could hamper the post-pandemic economic recovery. It urged the government to expand a dedicated business cyber security within the National Cyber Security Centre (NCSC), which is part of GCHQ, and introduce a five per cent VAT cut on cybersecurity products for small companies.

Number Of Ransomware Attacks Grew By More Than 150%

By the end of 2020, the ransomware market, fueled by the pandemic turbulence, had turned into the biggest cyber crime money artery. Based on the analysis of more than 500 attacks observed during Group-IB’s own incident response engagements and cyber threat intelligence activity, researchers estimate that the number of ransomware attacks grew by more than 150% in 2020.

https://www.helpnetsecurity.com/2021/03/08/ransomware-attacks-grew-2020/

Hackers Are Using Home Office Selfies To Steal Your Personal Data

The pandemic has been the source of plenty of memes and new internet trends, not least the remote working selfie, which involves people taking photos of their home office setup or video conferencing sessions. However, a new blog suggests cyber criminals are capitalizing on this new genre of selfie to steal a range of personal data that could be used to execute identity or financial fraud.

https://www.techradar.com/uk/news/hackers-are-using-home-office-selfies-to-steal-your-personal-data

Massive Supply-Chain Cyber Attack Breaches Several Airlines

A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.” The affected servers are in Atlanta, and belong to the SITA Passenger Service System (SITA PSS).

https://threatpost.com/supply-chain-cyberattack-airlines/164549/

Millions Of Windows Devices Are Still Infested With Malware

Over 100 million Windows consumer and business devices across the world were infected with malware last year, new analysis has found. While examining the recent Malwarebytes "State of Malware" report, Atlas VPN noted that whilst the number of infected Windows machines seems high, this landmark figure was actually 12% drop when compared to 2019.

https://www.techradar.com/uk/news/millions-of-windows-devices-are-still-infested-with-malware

Did You Know Browser Extensions Are Looking at Your Bank Account?

Browser extensions have full access to all the web pages you visit. It can see which web pages you are browsing, read their contents, and watch everything you type. It could even modify the web pages—for example, by inserting extra advertisements. If the extension is malicious, it could gather all that private data of yours—from web browsing activity and the emails you type to your passwords and financial information—and send it to a remote server on the internet.

https://www.howtogeek.com/716771/did-you-know-browser-extensions-are-looking-at-your-bank-account/


Threats

Ransomware

Phishing

Malware

Mobile

Vulnerabilities

Organised Crime

Dark Web

OT, ICS, IIoT and SCADA

Nation-State Actors

Privacy



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More