Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 04 March 2022
Black Arrow Cyber Threat Briefing 04 March 2022
-Cyber Criminals Exploit Invasion of Ukraine
-UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat
-Phishing - Still a Problem, Despite All The Work
-Phishing Attacks Hit All-Time High In December 2021
-Ransomware Infections Top List Of The Most Common Results Of Phishing Attacks
-Social Media Phishing Attacks Are at An All Time High
-Insurance Giant AON Hit by a Cyber Attack
-How Prepared Are Organisations To Face Email-Based Ransomware Attacks?
-The Most Impersonated Brands in Phishing Attacks
-As War Escalates In Europe, It’s ‘Shields Up’ For The Cyber Security Industry
-2022 May Be The Year Cyber Crime Returns Its Focus To Consumers
-Kaspersky Neutral Stance In Doubt As It Shields Kremlin
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Criminals Exploit Invasion of Ukraine
Cyber criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.
In a blog, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.
Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos remote access Trojans.
Agent Tesla is a malware-as-a-service (MaaS) Remote Access Trojan (RAT) and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.
Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.
https://www.infosecurity-magazine.com/news/cyber-criminals-invasion-ukraine/
UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat
The UK’s Information Commissioner’s Office (ICO) reports a ‘steady and significant’ increase in cyber-attacks against UK firms over the past two years.
Employees should report any suspicious emails rather than delete them and firms must step up their vigilance against cyber-attacks in the face of a heightened threat from Russian hackers, the UK’s data watchdog has said.
John Edwards, the Information Commissioner, said a new era of security had begun where instead of blacking out windows, people needed to maintain vigilance over their inboxes.
Experts including the UK’s cyber security agency have said Russian hackers could target Britain, and the imposition of sanctions by London on Moscow has increased those fears.
Asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK, Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.”
Phishing - Still a Problem, Despite All The Work
Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.
Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?
https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work
Phishing Attacks Hit All-Time High in December 2021
The Anti-Phishing Working Group international consortium (APWG) saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it began its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.
In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.
Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.
The solution provider Abnormal Security observed 4,200 companies, organisations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.
“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.
https://www.helpnetsecurity.com/2022/03/03/phishing-attacks-december-2021/
Ransomware Infections Top List of The Most Common Results of Phishing Attacks
A report from insider threat management software company Egress found some startling conclusions when it spoke to IT leadership: Despite the pervasive and very serious threat of ransomware, very few boards of directors consider it a top priority.
Eighty-four percent of organisations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren’t hit with a phishing attack, and you still end up at around 50% of all organisations having been hit with ransomware in 2021.
Egress said that its data shows there has been a 15% increase in successful phishing attacks over the past 12 months, with the bulk of the attacks utilising malicious links and attachments. Those methods aren’t new, but a 15% increase in successful attacks means that something isn’t working.
Social Media Phishing Attacks Are at An All Time High
Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.
The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analysed phishing attack patterns that unfolded throughout 2021.
As part of their report, Vade analysed 184,977 phishing pages to create stats based on a billion corporate and consumer mailboxes that the cyber security firm protects.
Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures.
Insurance Giant AON Hit by a Cyber Attack
Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.
AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cyber security consulting, risk solutions, healthcare insurance, and wealth management products.
AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.
In a filing with the US SEC, AON has disclosed that they suffered a cyberattack on February 25th, 2022.
AON has not provided any details of the attack other than that it occurred and affected a limited number of systems.
The company stated that although in the early stages of assessing the incident, based on the information currently known, the company did not expect the incident to have a material impact on its business, operations or financial condition.
In addition to being an insurance broker, AON is also a leading reinsurance company, meaning that they insure the insurance companies.
How Prepared Are Organisations to Face Email-Based Ransomware Attacks?
Proofpoint released a report which provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cyber criminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities
This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses data from nearly 100 million simulated phishing attacks sent by customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.
Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. In line with this, 68% of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.
https://www.helpnetsecurity.com/2022/02/28/email-based-ransomware-attacks/
The Most Impersonated Brands in Phishing Attacks
Vade announced its annual ranking of the top 20 most impersonated brands in phishing. Facebook, which was in the second spot in 2020, rose to the top spot for 2021, representing 14% of phishing pages, followed by Microsoft, with 13%.
The report analysed 184,977 phishing pages linked from unique phishing emails between January 1, 2021 and December 31, 2021.
Key findings:
· Financial services is the most impersonated industry
· Microsoft is the most impersonated cloud brand and the top corporate brand
· Facebook dominates social media phishing
· 35% of all phishing pages impersonated financial services brands
· Mondays and Tuesdays are the top days for phishing
· 78% of phishing attacks occur on weekdays
· Monday and Thursday are the top days for Facebook phishing
· Thursday and Friday are the top days for Microsoft phishing
https://www.helpnetsecurity.com/2022/03/04/most-impersonated-brands-phishing/
As War Escalates in Europe, It’s ‘Shields Up’ For The Cyber Security Industry
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the US Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organisations — regardless of size — adopt a heightened posture when it comes to cyber security and protecting their most critical assets.”
The blanket warning is for all industries to take notice. Indeed, it’s a juxtaposition of sorts to think the cyber security industry is vulnerable to cyber attack, but for many nation state groups, this is their first port of call.
Inspired by the spike in attacks on cyber security agencies globally, a report from Reposify assessed the state of the cyber security industry’s external attack surface (EAS). It coincides with CISA’s warning, and highlights critical areas of concern for the sector and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organisations can focus their efforts, and reinforce the digital perimeter.
2022 May Be The Year Cyber Crime Returns Its Focus to Consumers
Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.
This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.
ReasonLabs has compiled a detailed report on the status of consumer-level cyber security and what trends are most likely to emerge this year.
Kaspersky Neutral Stance in Doubt As It Shields Kremlin
Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.
The company insists that they ‘never provide any law enforcement or government organisation with access to user data or the company's infrastructure.”
Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cyber security community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.
"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.
https://cybernews.com/security/kaspersky-neutral-stance-in-doubt-as-it-shields-kremlin/
Threats
Ransomware
Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response (darkreading.com)
Toyota Japan Shutters 14 Plants After Probable Cyber Attack • The Register
Bridgestone Still Struggling With Plant Closures Across North America After Cyber Attack | ZDNet
Cyber Criminals Who Breached Nvidia Issue One Of The Most Unusual Demands Ever | Ars Technica
Conti Ransomware's Internal Chats Leaked After Siding With Russia (bleepingcomputer.com)
Conti Group Encrypts Karma Ransomware Extortion Notes - Infosecurity Magazine
Phishing & Email
Other Social Engineering
'Several Combinations Of Social Engineering' Used During Cyber Attack On Camera Maker Axis | ZDNet
Instagram Scammers As Busy As Ever: Passwords And 2FA Codes At Risk – Naked Security (sophos.com)
Malware
TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (thehackernews.com)
Rebirth of Emotet: New Features of the Botnet and How to Detect it (thehackernews.com)
Mobile
How Much Do Different Generations Trust Their Mobile Devices' Security? - Help Net Security
TeaBot Android Banking Trojan Continues Its Global Conquest With New Upgrades | ZDNet
SharkBot Malware Hides As Android Antivirus In Google Play (bleepingcomputer.com)
Data Breaches/Leaks
Hackers Leak 190GB Of Alleged Samsung Data, Source Code (bleepingcomputer.com)
NVIDIA Data Breach Exposed Credentials Of Over 71,000 Employees (bleepingcomputer.com)
250,000-Plus Lawyer Disciplinary Records Leak • The Register
Swiss Bank Requests Destruction of Documents - Infosecurity Magazine
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Hackers Threaten To Turn Every Nvidia GPU Into A Bitcoin Mining Machine | TechRadar
Beware of Ongoing Crypto Cyber War Amidst the Ukraine Russian War in 2022 (analyticsinsight.net)
Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)
Fraud, Scams & Financial Crime
DoS/DDoS
DDoSers Are Using A Potent New Method To Deliver Attacks Of Unthinkable Size | Ars Technica
DDoS Attackers Have Found This New Trick To Knock Over Websites | ZDNet
Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks (thehackernews.com)
Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)
Nation State Actors
Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation | Mandiant
Charities, Aid Orgs In Ukraine Attacked With Malware (bleepingcomputer.com)
Cyber Attacks In Ukraine Could Reach Other Countries - IT Security Guru
Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (thehackernews.com)
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar | SecurityWeek.Com
Ukraine Security Agencies Warn Of Ghostwriter Threat Activity, Phishing Campaigns | ZDNet
Ukraine Asks ICANN To Revoke Russian Domains And Shut Down DNS Root Servers | Ars Technica
IsaacWiper, The Third Wiper Spotted Since The Beginning Of Russian Invasion - Security Affairs
Ukrainian Sites Saw A 10x Increase In Attacks When Invasion Started (bleepingcomputer.com)
Chinese Malware Targeted Multiple Governments • The Register
Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (thehackernews.com)
Passwords & Credential Stuffing
Spyware, Espionage & Cyber Warfare
Cyber Attack on NATO Could Trigger Collective Defence Clause - Official | Reuters
Ukraine Conflict Spurs Questions Of How To Define Cyberwar - CyberScoop
How China Built A One-Of-A-Kind Cyber-Espionage Behemoth To Last | MIT Technology Review
Russia's Space Chief Says Hacking Satellites 'A Cause For War' - POLITICO
Ukraine Is Building An 'It Army' Of Volunteers, Something That's Never Been Tried Before | ZDNet
China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (thehackernews.com)
Vulnerabilities
Get Patching Now: CISA Adds Another 95 Flaws To Its Known Exploited Vulnerabilities List | ZDNet
Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products | SecurityWeek.Com
Firefox Patches Two In-The-Wild Exploits – Update Now! – Naked Security (sophos.com)
New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container (thehackernews.com)
Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (thehackernews.com)
New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances (thehackernews.com)
Sector Specific
Financial Services Sector
Health/Medical/Pharma Sector
CNI, OT, ICS, IIoT and SCADA
Reports Published in the Last Week
Other News
Ukraine Conflict Puts Organisations’ Cyber-resilience To The Test - Information Security Buzz
The Cyber Security Implications Of The Russia-Ukraine Conflict (forbes.com)
Multifactor Authentication Is Being Targeted by Hackers – The New Stack
Attacks Abusing Programming APIs Grew Over 600% In 2021 (bleepingcomputer.com)
Soaring Cyber Attacks On BBC – ‘No Industry Is Untouchable’ - Information Security Buzz
Bad Actors Are Becoming More Successful At Evading AI/ML Technologies - Help Net Security
Why the Shifting Nature of Endpoints Requires a New Approach to Security (darkreading.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 February 2022
Black Arrow Cyber Threat Briefing 25 February 2022
-Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates
-Ransomware Extortion Doesn't Stop After Paying The Ransom
-Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces
-Study: UK Firms Most Likely To Pay Ransomware Hackers
-Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks
-91% of UK Organisations Compromised by an Email Phishing Attack in 2021
-Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021
-Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion
-Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds
-The Future of Cyber Insurance
-Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices
-Microsoft Teams Is The New Frontier For Phishing Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates
Britain warned of potential cyber attacks with "international consequences" this week after Russian President Vladimir Puitin ordered troops to two breakaway regions in eastern Ukraine.
Britain's National Cyber Security Centre (NCSC), a part of the GCHQ eavesdropping intelligence agency, called on British organisations to "bolster their online defences" following the developments.
"While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences," it said in a statement.
Last week, Ukranian banking and government websites were briefly knocked offline by a spate of distributed denial of service (DDoS) attacks which the United States and Britain said were carried out by Russian military hackers.
Ransomware Extortion Doesn't Stop After Paying The Ransom
A global survey that looked into the experience of ransomware victims highlights the lack of trustworthiness of ransomware actors, as in most cases of paying the ransom, the extortion simply continues.
This is not a surprising or new discovery, but when seeing it reflected in actual statistics, one can appreciate the scale of the problem in full.
The survey was conducted by cyber security specialist Venafi, and the most important findings that emerge from the respondents are the following:
18% of victims who paid the ransom still had their data exposed on the dark web.
8% refused to pay the ransom, and the attackers tried to extort their customers.
35% of victims paid the ransom but were still unable to retrieve their data.
As for the ransomware actor extortion tactics, these are summarized as follows:
83% of all successful ransomware attacks featured double and triple extortion.
38% of ransomware attacks threatened to use stolen data to extort customers.
35% of ransomware attacks threatened to expose stolen data on the dark web.
32% of attacks threatened to directly inform the victim's customers of the data breach incident.
Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces
The government of Ukraine is calling on the hacking community to volunteer its expertise and capabilities, following the invasion of the country by Russian forces.
Reuters reports that Yegor Aushev, the CEO of Kyiv-based Cyber Unit Technologies which has worked with Ukraine's government on the defence of critical infrastructure, claims to have been asked to post a digital call-to-arms after being asked by "a senior Defence Ministry official."
The message, which was posted on hacking forums by Aushev on Thursday, begins "Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country," and calls for cybersecurity experts and hackers to apply as a volunteer via a Google Docs link. The page volunteers are directed to asks applicants to list their specialities, such as if they have developed malware, and professional references.
According to Aushev, volunteers will be divided into two groups - tasked with offensive and defensive cyber operations.
Study: UK Firms Most Likely To Pay Ransomware Hackers
Some 82% of British firms which have been victims of ransomware attacks paid the hackers in order to get back their data, a new report suggests.
The global average was 58%, making the UK the most likely country to pay cyber-criminals.
Security firm Proofpoint's research also found that more than three-quarters of UK businesses were affected by ransomware in 2021.
Phishing attacks remain the key way criminals access networks, it found.
Phishing happens when someone in a firm is lured into clicking on a link in an email that contains malware, which in turn can help cyber-criminals access company networks.
https://www.bbc.co.uk/news/business-60478725
Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks
An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”
The gang said that it would use “all possible resources to strike back at the critical infrastructures” of any entity that organises a cyberattack “or any war activities against Russia.” The message appeared Friday on the dark-web site used by ransomware group Conti to post threats and its victims’ data. Security researchers believe the gang to be Russia-based.
Conti ransomware was part of more than 400 attacks against mostly U.S. targets between spring 2020 and spring 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September.
https://www.cyberscoop.com/conti-ransomware-russia-ukraine-critical-infrastructure/
91% of UK Organisations Compromised by an Email Phishing Attack in 2021
More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report.
The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business email compromise (BEC) attacks, the latter an 18% year-on-year increase from 2020.
The survey of 600 information and IT security professionals and 3500 workers in the US, Australia, France, Germany, Japan, Spain and the UK also found that attacks in 2021 were more likely to be successful than in 2020. More than four in five (83%) respondents said their organization experienced at least one successful email-based phishing attack last year, up from 57% in 2020. In addition, 68% of organizations admitted they had to deal with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery or other exploit.
Worryingly, 60% of organizations infected with ransomware admitted to paying a ransom, with around a third (32%) paying additional sums to regain access to data and systems.
https://www.infosecurity-magazine.com/news/uk-organizations-email-phishing/
Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021
Researchers have found almost 100,000 new variants of mobile banking Trojans in just a year.
As our digital lives have begun to centre more on handsets rather than just desktop PCs, many malware developers have shifted part of their focus to the creation of mobile threats.
Many of the traditional infection routes are still workable -- including phishing and the download and execution of suspicious software -- but cyber attackers are also known to infiltrate official app stores, including Google Play, to lure handset owners into downloading software that appears to be trustworthy.
This technique is often associated with the distribution of Remote Access Trojans (RATs). While Google maintains security barriers to stop malicious apps from being hosted in its store, there are methods to circumvent these controls quietly.
https://www.zdnet.com/article/almost-100000-new-mobile-banking-trojans-detected-in-2021/
Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion
A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion of Ukraine its members have taken down the website of the Russian propaganda station RT News and news of the day is the attack against the servers of the Russian Defense Ministry.
“Anonymous, a group of hacktivists, successfully hacked and leaked the database of the website of the Ministry of Defense of Russia.” reported the Pravda agency.
The website of the Kremlin (Kremlin.ru) is also unreachable, but it is unclear if it is the result of the Anonymous attack or if the government has taken offline it to prevent disruptive attacks.
The Russian Government’s portal, and the websites of other ministries are running very slow.
The collective is also threatening the Russian Federation and private organizations of attacks, it is a retaliation against Putin’s tyranny.
Anonymous pointed out that it is not targeting Russian citizens, but only their government.
“We want the Russian people to understand that we know it’s hard for them to speak out against their dictator for fear of reprisals.”
https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html
Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds
If you don’t know what it is, if you can’t identify it and if you can’t make sure you don’t topple into its traps, then you can’t fight it, suggests a new report by security provider Proofpoint in its eighth annual State of the Phish report.
The “it” is email-based malware attacks, the kingpin of all hacking methods, that victims often fall for out of a lack of awareness, inadequate training or risky behaviours, such as using a company mobile device for home use.
Proofpoint’s report takes an in-depth look at user phishing awareness, vulnerability and resilience and comes away with some startling numbers: More than three-quarters of organizations associated with the 4,100 IT security professionals and staffers in the worldwide study were hit by email-based ransomware attacks in 2021 and an equal number were victimized by business email compromise attacks, an 18 percent spike from 2020.
What explains the year-over-year climb? Answer: Cyber criminals continue to focus on compromising people, not necessarily systems, Proofpoint said. Email remains cyber criminals’ go-to attack strategy, said Alan Lefort, Proofpoint security awareness training senior vice president and general manager. “Infosec and IT survey participants experienced an increase in targeted attacks in 2021 compared to 2020, yet our analysis showed the recognition of key security terminology such as phishing, malware, smishing (text-based ruse), and vishing (telephone trickery) dropped significantly,” said Lefort. “The awareness gaps and lax security behaviors demonstrated by workers creates substantial risk for organizations and their bottom line.”
The Future of Cyber Insurance
In 2016, just 26% of insurance clients had cyber coverage. That number rose to 47% in 2020, according to a US Government Accountability Office (GAO) report. But the demand for cyber coverage isn't the only thing soaring.
At the end of 2020, insurance prices jumped anywhere from 10% to 30%. In the third quarter of 2021, the average cost of cyber insurance premiums climbed a record 27.6%.
If the rates continue to rise, companies might decide it's not worth the cost. That is, if insurers continue to cover their industry.
https://www.darkreading.com/risk/the-future-of-cyber-insurance
Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices
Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, and a division of TechTarget, Inc., today announced new research into security hygiene and posture management – a foundational part of a strong security program. The study reveals that many aspects of cyber security are managed independently and with antiquated tools, leaving organisations with limited visibility and weak defenses against an ever-evolving threat landscape. Since strong cybersecurity starts with the basics, like knowing about all IT assets deployed, this situation makes organisations vulnerable to advanced threats among strategic, yet often hurried, cloud and digital transformation initiatives.
The new report, Security Hygiene and Posture Management, summarizes a survey of 398 IT and cyber security professionals responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management, including vulnerability management, asset management, attack surface management, and security testing tools. The data reveals that organisations must aim to further assess security posture management processes, examine vendor risk management requirements, and test security tool and processes more frequently.
Microsoft Teams Is The New Frontier For Phishing Attacks
Even with email-based phishing attacks proving to be more successful than ever, cyberattackers are ramping up their efforts to target employees on additional platforms, such as Microsoft Teams and Slack.
One advantage is that in those applications, most employees still assume that they’re actually talking to their boss or coworker when they receive a message.
“The scary part is that we trust these programs implicitly — unlike our email inboxes, where we’ve learned to be suspicious of messages where we don’t recognize the sender’s address,” said anti-fraud technology firm Outseer.
Notably, traditional phishing has seen no slowdown: Proofpoint reported that 83% of organizations experienced a successful email-based phishing attack in 2021 — a massive jump from 57% in 2020. And outside of email, SMS attacks (smishing) and voice-based attacks (vishing) both grew in 2021, as well, according to the email security vendor.
However, it appears that attackers now view widely used collaboration platforms, such as Microsoft Teams and Slack, as another growing opportunity for targeting workers, security researchers and executives say. For some threat actors, it’s also a chance to leverage the additional capabilities of collaboration apps as part of the trickery.
https://venturebeat.com/2022/02/23/microsoft-teams-is-the-new-frontier-for-phishing-attacks/
Threats
Ransomware
Russia-Based Ransomware Group Conti Issues Warning To Kremlin Foes | Reuters
Conti Ransomware 'Acquires' TrickBot as It Thrives Amid Crackdowns | SecurityWeek.Com
Ransomware Is Top Attack Vector On Critical Infrastructure | CSO Online
TrickBot Malware Operation Shuts Down, Devs Move To Stealthier Malware (bleepingcomputer.com)
Microsoft Exchange Servers Hacked To Deploy Cuba Ransomware (bleepingcomputer.com)
Attackers Used Dridex To Deliver Entropy Ransomware, Code Resemblance Uncovered - Help Net Security
Expeditors Shuts Down Global Operations After Likely Ransomware Attack (bleepingcomputer.com)
Chipmaker Giant Nvidia Hit By A Ransomware Attack - Security Affairs
Backups ‘No Longer Effective’ For Stopping Ransomware Attacks (computerweekly.com)
BEC – Business Email Compromise
Phishing & Email
Cyber Attackers Leverage DocuSign to Steal Microsoft Outlook Logins | Threatpost
New Phishing Campaign Targets Monzo Online-Banking Customers (bleepingcomputer.com)
Devious Phishing Method Bypasses MFA Using Remote Access Software (bleepingcomputer.com)
Other Social Engineering
Malware
Over 2.7 Million Cases Of Emotet Malware Detected Globally - Japan Today
Jester Stealer Malware Adds More Capabilities To Entice Hackers (bleepingcomputer.com)
Beware: New Kraken Botnet Easily Fools Windows Defender And Steals Crypto Wallet Data - Neowin
Threat Actors Target Poorly Protected Microsoft SQL Servers - Security Affairs
New Golang Botnet Empties Windows Users’ Cryptocurrency Wallets (bleepingcomputer.com)
Revamped CryptBot Malware Spread By Pirated Software Sites (bleepingcomputer.com)
Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (thehackernews.com)
Mobile
New Xenomorph Android Malware Targets Customers Of 56 Banks (bleepingcomputer.com)
Gaming, Banking Trojans Dominate Mobile Malware Scene | Threatpost
Samsung Shipped '100m' Android Phones With Flawed Encryption • The Register
Data Breaches/Leaks
Organised Crime & Criminal Actors
Police Dismantled Gang That Used Phishing Sites To Steal Credit Cards - Security Affairs
Nigerian Hacker Pleads Guilty To Stealing Payroll Deposits (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking
Insider Risk and Insider Threats
Employees Are Often Using Devices In Seriously Risky Ways - Help Net Security
Insider Threats Are More Than Just Malicious Employees (darkreading.com)
83% Of Employees Continue Accessing Old Employer's Accounts - Help Net Security
Motorola Case Shows Importance Of Detecting Insider IP Theft Quickly | CSO Online
Fraud, Scams & Financial Crime
Think You Couldn't Be Duped By a Con Artist? Think Again | Psychology Today
French Speakers Blasted By Sextortion Scams With No Text Or Links – Naked Security (sophos.com)
Digital Ad Fraud Set to Hit $68bn in 2022 - Infosecurity Magazine
Supply Chain
Nation State Actors
Russia-Backed Hackers Behind Powerful New Malware, UK and US Say | Russia | The Guardian
Ransomware Used as Decoy in Destructive Cyber Attacks on Ukraine | SecurityWeek.Com
Data Wiper Attacks On Ukraine Were Planned At Least In November - Security Affairs
Russia’s Sandworm Hackers Have Built a Botnet of Firewalls | WIRED
China-linked APT10 Target Taiwan's Financial Trading Industry - Security Affairs
US and UK Details a New Python Backdoor Used by MuddyWater APT - Security Affairs
Privacy
Spyware, Espionage & Cyber Warfare
Sector Specific
Financial Services Sector
Defence
Health/Medical/Pharma Sector
Construction
Reports Published in the Last Week
Other News
War in Ukraine Risks Scrambling the Logic of Cyber Security | Financial Times (ft.com)
Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (thehackernews.com)
22 Very Bad Stats On The Growth Of Phishing, Ransomware | VentureBeat
Data Leaks And Shadow Assets Greatly Exposing Organisations To Cyber Attacks - Help Net Security
50% of Websites Vulnerable to Hacking All Year in 2021, New Report Says - MSSP Alert
Is Multifactor Authentication Less Effective Than It Used To Be? (slate.com)
How To Keep Pace With Rising Data Protection Demands - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.