Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 28 April 2023
Black Arrow Cyber Threat Briefing 28 April 2023:
- Navigating The Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation Are Key
- Shadow IT, SaaS Pose Security Liability for Enterprises
- The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection
- Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks
- Over 70 billion Unprotected Files Available on Unsecured Web Servers
- Cyber Thieves Are Getting More Creative
- Modernising Vulnerability Management: The Move Toward Exposure Management
- Almost Three-quarters of Cyber Attacks Involve Ransomware
- Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts
- NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities
- Email Threat Report 2023: Key Takeaways
- 5 Most Dangerous New Attack Techniques
- Many Public Salesforce Sites are Leaking Private Data
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Navigating the Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation are Key
Cyber investments have become table stakes for businesses around the world. Cyber crime is increasing, with 91% of organisations reporting at least one cyber incident in the past year. Not only are they growing in numbers, but they are becoming more sophisticated and diverse, with new threats constantly emerging. According to the 2023 Deloitte Global Future of Cyber survey, business leaders are changing how they think of cyber, and it’s emerging as a larger strategic discussion tied to an organisation’s long-term success.
Cyber is about more than protecting information—risk management, incident response planning, threat intelligence and training can often be directly correlated to increasing trust within businesses.
Cyber security training is essential for employees to ensure the safety and security of a business. Employees are often the first line of defence against cyber-attacks and frequently the weakest link in an organisation's security posture. Cyber security training can help employees recognise and avoid common cyber threats, such as phishing attacks, malware, and social engineering. 89% of organisations cited as high-performing cyber organisations have implemented annual cyber awareness training among all employees. With increased digital dependency year over year—effective employee training can raise awareness, reduce risk, improve security posture, and support compliance.
Shadow IT, SaaS Pose Security Liability for Enterprises
There's no denying that software-as-a-service (SaaS) has entered its golden age. Software tools have now become essential to modern business operations and continuity. However, not enough organisations have implemented the proper procurement processes to ensure they're protecting themselves from potential data breaches and reputational harm.
A critical component contributing to concerns around SaaS management is the rising trend of shadow IT, which is when employees download and use software tools without notifying their internal IT teams. A recent study shows that 77% of IT professionals believe that shadow IT is becoming a major concern in 2023, with more than 65% saying their SaaS tools aren't being approved. Organisations are beginning to struggle with maintaining security as their SaaS usage continues to sprawl.
To combat shadow IT and the high risks that come along with it, organisations must gain greater visibility over their SaaS stacks and institute an effective procurement process when bringing on new software solutions.
https://www.darkreading.com/edge-articles/shadow-it-saas-pose-security-liability-for-enterprises
The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection
While indicators of compromise and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence needs have grown over the past few years, driven by things like digital transformation, cloud computing and remote working. In fact, these changes have led to a cyber threat intelligence (CTI) subcategory focused on digital risk protection (DRP). DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets”.
According to research provider ESG, the most important functions of DRP as part of a mature CTI programme are: vulnerability exploit intelligence, takedown services, leaked data monitoring, malicious mobile application monitoring, brand protection and attack surface management. It should be noted that a mature CTI programme can utilise service providers to help carry out threat intelligence, it doesn’t have to be spun up by the organisation from nothing. Regardless, an organisation employing these DRP functions as part of a CTI programme will be increasing its cyber resilience and reducing the chance of a cyber incident.
Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks
Threat actors are getting more adept at exploiting common everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments according to a recent report. The report, conducted by UNIT 42 analysed the workload of 210,000 cloud accounts across 1,300 organisations.
The report’s findings echoed similarities from the previous year, finding almost all cloud users, roles, services and resources grant excessive permissions. Some of the other key findings include as many as 83% of organisations having hard-coded credentials in their source control management systems, 53% of cloud accounts allowing weak password usage and 44% allowing password reuse and 71% of high or critical vulnerabilities exposed were at least two years old.
Over 70 Billion Unprotected Files Available on Unsecured Web Servers
A recent report found that more than 70 billion files, including intellectual property and financial information, are freely available and unprotected on unsecured web servers. Other key findings of the report included almost 1 in 10 of all detected internet-facing assets having an unpatched vulnerability, with the top 10 vulnerabilities found unpatched at least 12 million times each.
The report predicted that there will be a significant rise in information stealing malware; the report had found that 50% of emails associated with customers were plaintext and unencrypted. Additionally, there will be more incidents due to an increase in assets which are not known to IT, known as shadow IT.
Organisations should look to employ efficient patch management, have an up to date asset register, and use encryption to better increase their cyber defences.
https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/
Cyber Thieves Are Getting More Creative
Cyber criminals are constantly changing their tactics and finding new ways to steal money from organisations. An example of this can be seen where criminals are breaking into systems to learn who is authorised to send payments and what the procedures are. Eventually, this leads to the criminal instructing payment to their own account.
Unfortunately, it is only after such events that some organisations are taking actions, such as verifying payments through phone calls. Whilst it is important for organisations to learn from attacks, it is beneficial to take a pro-active approach and employ procedures such as call back procedures before an incident has occurred.
https://hbr.org/2023/04/cyber-thieves-are-getting-more-creative
Modernising Vulnerability Management: The Move Toward Exposure Management
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritisation, and understanding of attackers' motivations, opportunities and means. Vulnerabilities only represent a small part of the attack surface that attackers can leverage.
Exposures are broader and can encompass more than just vulnerabilities. Exposures can result from various factors, such as human error, improperly defined security controls, and poorly designed and unsecured architecture. Organisations should consider that an attacker doesn’t just look at one exposure; attackers will often use a combination of vulnerabilities, misconfigurations, permissions and other exposures to move across systems and reach valuable assets.
As such, organisations looking to improve their cyber resiliency should consider their vulnerability management system and assess both whether it is taking into account exposures and the context in relation to the organisation.
https://thehackernews.com/2023/04/modernizing-vulnerability-management.html
Two-thirds of Cyber Attacks Involve Ransomware
A report from Sophos focusing on recent incident response cases, found that 68.4% of incidents resulted from ransomware. This was followed by network breaches, accounting for 18.4%. Regarding threat actor access, the report found that unpatched vulnerabilities were the single most common access method, followed by compromised credentials.
Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts
A recent report found that the top challenges when implementing an effective cyber/IT risk management programme include an increase in the quantity (49%) and severity (49%) of cyber threats, a lack of funding (37%) and a lack of staffing/cyber risk talent (36%).
Cyber attacks have been increasing for several years now and resulting data breaches cost businesses an average of $4.35 million in 2022, according to the annual IBM ‘Cost of a Data Breach’ report. Given the financial and reputational consequences of cyber attacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.
When it came to reporting to the board, 30% of CIO and CISO respondents say they do not communicate risk around specific business initiatives to other company leaders, indicating they may not know how to share that information in a constructive way.
https://www.helpnetsecurity.com/2023/04/26/effective-it-risk-management/
NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities
According to the US National Security Agency (NSA), Russian hackers could be looking to attack logistics targets more broadly. The NSA have noted a significant amount of intelligence gathering into western countries, including the UK and the US.
Although there is no indication yet regarding attacks from Russia in connection with the logistics related to Ukraine, organisations should be aware and look to improve their cyber security practices to be best prepared.
https://cyberscoop.com/nsa-russian-ukraine-supply-chain-ransomware/
Email Threat Report 2023: Key Takeaways
According to a recent report, email phishing made up 24% of all spam types in 2022, a significant increase in proportion from 11% in 2021. The finance industry was the most targeted by far, accounting for 48% of phishing incidents. It is followed by the construction sector at 17%, overtaking 2021’s second-place industry, e-commerce. Both the finance and construction industries saw an increase in phishing since last year. Of all the emails analysed in 2022, an enormous 90% were spam emails.
With phishing as prevalent as ever, organisations should look to implement training for their staff to not only be able to spot phishing emails, but to be able to report these and aid in improving the cyber security culture of their organisation.
https://www.itsecurityguru.org/2023/04/27/email-threat-report-2023-key-takeaways/
5 Most Dangerous New Attack Techniques
Experts from security training provider SANS Institute have revealed the 5 most dangerous new attack techniques: adversarial AI, ChatGPT-powered social engineering, third-party developer attacks (also known as software supply chain attacks), SEO, and paid advertising attacks.
The new techniques highlight the ever changing environment of the attack environment. SEO and paid advertising attacks are leveraging fundamental marketing strategies to gain initial access, heightening the importance for organisations to incorporate scalable user awareness training programmes, tailored to new threats.
https://www.csoonline.com/article/3694892/5-most-dangerous-new-attack-techniques.html
Many Public Salesforce Sites are Leaking Private Data
A shocking number of organisations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.
This included the US State of Vermont who had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance programme that exposed the applicant’s full name, social security number, address, phone number, email, and bank account number. Similar information was leaked by TCF Bank on their Salesforce Community Website.
It's not just Salesforce though; misconfigurations in general are responsible for a number of leaked documents and or exposures relating to an organisation.
https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
Threats
Ransomware, Extortion and Destructive Attacks
New coercive tactics used to extort ransomware payments - Help Net Security
Almost three-quarters of cyber attacks involve ransomware | Computer Weekly
Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)
Effects of the Hive Ransomware Group Takedown (darkreading.com)
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (thehackernews.com)
Tank storage company Vopak hacked, Ransomware groups report | NL Times
Health insurer Point32Health suffered a ransomware attack-Security Affairs
Hacker demands ransom after 'taking control' of Wiltshire school's IT | Swindon Advertiser
RSAC speaker offers ransomware victims unconventional advice | TechTarget
How ransomware victims can make the best of a bad situation | TechTarget
Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse (gizmodo.com)
Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
CommScope employees left in the dark after ransomware attack | TechCrunch
Phishing & Email Based Attacks
How Dangerous Is Phishing in 2023? - Duo Blog | Duo Security
The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioural AI (darkreading.com)
BEC – Business Email Compromise
2FA/MFA
CrowdStrike details new MFA bypass, credential theft attack | TechTarget
Phishing-resistant MFA shapes the future of authentication forms - Help Net Security
Malware
Malware-Free Cyber attacks Are On the Rise; Here's How to Detect Them (darkreading.com)
Ex-Conti and FIN7 Actors Collaborate with New Backdoor (securityintelligence.com)
EvilExtractor malware activity spikes in Europe and the US (bleepingcomputer.com)
Zaraza Malware Exploits Web Browsers To Steal Stored Passwords (latesthackingnews.com)
This evil malware disables your security software, then goes in for the kill | TechRadar
Decoy Dog malware toolkit found after analysing 70 billion DNS queries (bleepingcomputer.com)
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)
A Security Team Is Turning This Malware Gang’s Tricks Against It | WIRED
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)
Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek
Chinese hackers launch Linux variant of PingPull malware | CSO Online
Mobile
WhatsApp used in BEC scam to pilfer $6.4M | SC Media (scmagazine.com)
35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)
Botnets
Denial of Service/DoS/DDOS
New SLP bug can lead to massive 2,200x DDoS amplification attacks (bleepingcomputer.com)
'Anonymous Sudan' Claims Responsibility for DDoS Attacks Against Israel (darkreading.com)
Internet of Things – IoT
Data Breaches/Leaks
Over 70 billion unprotected files available on unsecured web servers - Help Net Security
Many Public Salesforce Sites are Leaking Private Data – Krebs on Security
American Bar Association data breach hits 1.4 million members (bleepingcomputer.com)
American Bar Association (ABA) suffered a data breach-Security Affairs
Shields Health Breach Exposes 2.3M Users' Data (darkreading.com)
Serving UK Armed Forces member charged under Official Secrets Act (telegraph.co.uk)
Yellow Pages Canada confirms cyber attack as Black Basta leaks data (bleepingcomputer.com)
Vantage Travel Experiences Data Security Incident (darkreading.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
The IRS is sending four investigators across the world to fight cyber crime | TechCrunch
US deploys more cyber forces abroad to help fight hackers | Reuters
The ‘Your computer was locked’ scam is gaining traction (consumeraffairs.com)
Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)
Deepfakes
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks | WIRED
That 3CX supply chain attack keeps getting worse • The Register
NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop
North Korean hackers breach software firm in significant cyber attack | CNN Politics
SD Worx hack: Payroll firm for M&S hit by cyber attack (thetimes.co.uk)
A third-party’s perspective on third-party InfoSec risk management - Help Net Security
Software Supply Chain
Cloud/SaaS
Shadow IT, SaaS Pose Security Liability for Enterprises (darkreading.com)
14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)
Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform (thehackernews.com)
Saas Security: The Need For Continuous Sustenance (informationsecuritybuzz.com)
How CISOs navigate security and compliance in a multi-cloud world - Help Net Security
Security experts found a major bug in Google Cloud | TechRadar
Most SaaS adopters exposed to browser-borne attacks - Help Net Security
Exposed Artifacts Seen In Misconfigured Cloud Software Registries (informationsecuritybuzz.com)
Google accounts attacked and hijacked by this devious security flaw | TechRadar
Containers
Kubernetes RBAC abused to create persistent cluster backdoors (bleepingcomputer.com)
Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC-Security Affairs
Combating Kubernetes — the Newest IAM Challenge (darkreading.com)
Attack Surface Management
Over 70 billion unprotected files available on unsecured web servers - Help Net Security
Study of past cyber attacks can improve organisations' defence strategies - Help Net Security
Shadow IT
Identity and Access Management
Rethinking the effectiveness of current authentication initiatives - Help Net Security
Combating Kubernetes — the Newest IAM Challenge (darkreading.com)
Open Source
The double-edged sword of open-source software - Help Net Security
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)
Chinese hackers launch Linux variant of PingPull malware | CSO Online
Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Password reset woes could cost FTSE 100 companies $156 million each month - Help Net Security
A '!password20231#' password may not be as complex as you think (bleepingcomputer.com)
Social Media
Malvertising
Google ads push BumbleBee malware used by ransomware gangs (bleepingcomputer.com)
35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)
Training, Education and Awareness
Digital Transformation
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
Is your bank account safe? Mass layoffs weaken cyber security across finance sector | Fox Business
The strong link between cyber threat intelligence and digital risk protection | CSO Online
Organisations are stepping up their game against cyber threats - Help Net Security
CISOs: unsupported, unheard, and invisible - Help Net Security
The Relationship Between Security Maturity and Business Enablement | CSO Online
CISOs Rethink Data Security with Info-Centric Framework (darkreading.com)
UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)
Good, Better And Best Security (informationsecuritybuzz.com)
SANS Reveals Top 5 Most Dangerous Cyber attacks for 2023 (darkreading.com)
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)
How to Begin a Career in Ethical Hacking in the Year 2023? (analyticsinsight.net)
Law Enforcement Action and Take Downs
To combat cyber crime, US law enforcement increasingly prioritizes disruption | CyberScoop
US to focus on stifling cyber attacks, not convictions • The Register
US deploys more cyber forces abroad to help fight hackers | Reuters
Effects of the Hive Ransomware Group Takedown (darkreading.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
The Growing Need for Cyber Security in an Age of AI Disruption (analyticsinsight.net)
Cyber security Survival: Hide From Adversarial AI (darkreading.com)
AI Experts: Account for AI/ML Resilience & Risk While There's Still Time (darkreading.com)
NSA Cyber security Director Says ‘Buckle Up’ for Generative AI | WIRED
From ChatGPT to HackGPT: Meeting the Cyber security Threat of Generative AI (mit.edu)
ChatGPT fans need 'defensive mindset' to avoid scammers • The Register
DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)
The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioral AI (darkreading.com)
Nvidia releases a toolkit to make text-generating AI ‘safer’ | TechCrunch
Artificial intelligence takes RSA Conference by storm | SC Media (scmagazine.com)
Secureworks CEO weighs in on XDR landscape, AI concerns | TechTarget
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
FBI aiding Ukraine in collection of digital and physical war crime evidence | CyberScoop
NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop
UK undersea cables worth £7.4 trillion a day under ‘real threat’ from Russia | The Independent
Eurocontrol says website 'under attack' by pro-Russia crew • The Register
Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering (thehackernews.com)
CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert
Nation State Actors
Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek
North Korean hackers breach software firm in significant cyber attack | CNN Politics
China building cyber weapons to hijack enemy satellites, says US leak | Financial Times (ft.com)
NCSC raises alert on cyber threat to infrastructure | UKAuthority
Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online
DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)
North Korea's Kimsuky APT Keeps Growing, Despite Public Outing (darkreading.com)
APT 'Mint Sandstorm' quickly exploits new PoC hacks | SC Media (scmagazine.com)
Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (thehackernews.com)
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)
US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt - SecurityWeek
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)
Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks (thehackernews.com)
Iranian cyber spies deploy new malware implant on Microsoft Exchange Servers | CSO Online
Ukrainian arrested for selling data of 300M people to Russians (bleepingcomputer.com)
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek
Chinese hackers launch Linux variant of PingPull malware | CSO Online
CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert
Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive (darkreading.com)
Vulnerabilities
New Google Chrome Zero-Day Bug Actively Exploited in Wide (gbhackers.com)
Flaw in Microsoft Process Explorer under active attack • The Register
APC warns of critical unauthenticated RCE flaws in UPS software (bleepingcomputer.com)
Double zero-day in Chrome and Edge – check your versions now! – Naked Security (sophos.com)
Security experts found a major bug in Google Cloud | TechRadar
TP-Link Archer WiFi router flaw exploited by Mirai malware (bleepingcomputer.com)
SolarWinds Platform Update Patches High-Severity Vulnerabilities - SecurityWeek
VMware Releases Critical Patches for Workstation and Fusion Software (thehackernews.com)
Cisco discloses XSS zero-day flaw in server management tool (bleepingcomputer.com)
Microsoft removes LSA Protection from Windows settings to fix bug (bleepingcomputer.com)
PaperCut says hackers are exploiting ‘critical’ security flaws in unpatched servers | TechCrunch
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek
Tools and Controls
Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security
14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)
Six Key Considerations When Choosing a Web Application Firewall - Security Boulevard
The Complexities of Cyber Insurance | Cyber Risk Management (telos.com)
Unified Endpoint Management: A Powerful Tool for Your Cyber security Arsenal | CSO Online
GitLab’s new security feature uses AI to explain vulnerabilities to developers | TechCrunch
Google Authenticator finally, mercifully adds account syncing for two-factor codes - The Verge
The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)
Rethinking the effectiveness of current authentication initiatives - Help Net Security
Google will add End-to-End encryption to Google Authenticator (bleepingcomputer.com)
Google 2FA Syncing Feature Could Put Your Privacy at Risk (darkreading.com)
CISOs struggle to manage risk due to DevSecOps inefficiencies - Help Net Security
Generative AI and security: Balancing performance and risk - Help Net Security
CISA aims to reduce email threats with serial CDR prototype | TechTarget
Threat Actor Names Proliferate, Adding Confusion (darkreading.com)
Reports Published in the Last Week
Other News
The threat from commercial cyber proliferation - NCSC.GOV.UK
Hackers could learn how to send fake terror threats on YouTube, warn experts (telegraph.co.uk)
Government launches new cyber security measures to tackle ever growing threats - GOV.UK (www.gov.uk)
Attackers are logging in instead of breaking in - Help Net Security
38 Countries Take Part in NATO's 2023 Locked Shields Cyber Exercise - SecurityWeek
The White House National Cyber security Strategy Has a Fatal Flaw (darkreading.com)
Threat Actor Names Proliferate, Adding Confusion (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 February 2022
Black Arrow Cyber Threat Briefing 25 February 2022
-Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates
-Ransomware Extortion Doesn't Stop After Paying The Ransom
-Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces
-Study: UK Firms Most Likely To Pay Ransomware Hackers
-Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks
-91% of UK Organisations Compromised by an Email Phishing Attack in 2021
-Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021
-Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion
-Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds
-The Future of Cyber Insurance
-Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices
-Microsoft Teams Is The New Frontier For Phishing Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates
Britain warned of potential cyber attacks with "international consequences" this week after Russian President Vladimir Puitin ordered troops to two breakaway regions in eastern Ukraine.
Britain's National Cyber Security Centre (NCSC), a part of the GCHQ eavesdropping intelligence agency, called on British organisations to "bolster their online defences" following the developments.
"While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences," it said in a statement.
Last week, Ukranian banking and government websites were briefly knocked offline by a spate of distributed denial of service (DDoS) attacks which the United States and Britain said were carried out by Russian military hackers.
Ransomware Extortion Doesn't Stop After Paying The Ransom
A global survey that looked into the experience of ransomware victims highlights the lack of trustworthiness of ransomware actors, as in most cases of paying the ransom, the extortion simply continues.
This is not a surprising or new discovery, but when seeing it reflected in actual statistics, one can appreciate the scale of the problem in full.
The survey was conducted by cyber security specialist Venafi, and the most important findings that emerge from the respondents are the following:
18% of victims who paid the ransom still had their data exposed on the dark web.
8% refused to pay the ransom, and the attackers tried to extort their customers.
35% of victims paid the ransom but were still unable to retrieve their data.
As for the ransomware actor extortion tactics, these are summarized as follows:
83% of all successful ransomware attacks featured double and triple extortion.
38% of ransomware attacks threatened to use stolen data to extort customers.
35% of ransomware attacks threatened to expose stolen data on the dark web.
32% of attacks threatened to directly inform the victim's customers of the data breach incident.
Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces
The government of Ukraine is calling on the hacking community to volunteer its expertise and capabilities, following the invasion of the country by Russian forces.
Reuters reports that Yegor Aushev, the CEO of Kyiv-based Cyber Unit Technologies which has worked with Ukraine's government on the defence of critical infrastructure, claims to have been asked to post a digital call-to-arms after being asked by "a senior Defence Ministry official."
The message, which was posted on hacking forums by Aushev on Thursday, begins "Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country," and calls for cybersecurity experts and hackers to apply as a volunteer via a Google Docs link. The page volunteers are directed to asks applicants to list their specialities, such as if they have developed malware, and professional references.
According to Aushev, volunteers will be divided into two groups - tasked with offensive and defensive cyber operations.
Study: UK Firms Most Likely To Pay Ransomware Hackers
Some 82% of British firms which have been victims of ransomware attacks paid the hackers in order to get back their data, a new report suggests.
The global average was 58%, making the UK the most likely country to pay cyber-criminals.
Security firm Proofpoint's research also found that more than three-quarters of UK businesses were affected by ransomware in 2021.
Phishing attacks remain the key way criminals access networks, it found.
Phishing happens when someone in a firm is lured into clicking on a link in an email that contains malware, which in turn can help cyber-criminals access company networks.
https://www.bbc.co.uk/news/business-60478725
Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks
An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”
The gang said that it would use “all possible resources to strike back at the critical infrastructures” of any entity that organises a cyberattack “or any war activities against Russia.” The message appeared Friday on the dark-web site used by ransomware group Conti to post threats and its victims’ data. Security researchers believe the gang to be Russia-based.
Conti ransomware was part of more than 400 attacks against mostly U.S. targets between spring 2020 and spring 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September.
https://www.cyberscoop.com/conti-ransomware-russia-ukraine-critical-infrastructure/
91% of UK Organisations Compromised by an Email Phishing Attack in 2021
More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report.
The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business email compromise (BEC) attacks, the latter an 18% year-on-year increase from 2020.
The survey of 600 information and IT security professionals and 3500 workers in the US, Australia, France, Germany, Japan, Spain and the UK also found that attacks in 2021 were more likely to be successful than in 2020. More than four in five (83%) respondents said their organization experienced at least one successful email-based phishing attack last year, up from 57% in 2020. In addition, 68% of organizations admitted they had to deal with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery or other exploit.
Worryingly, 60% of organizations infected with ransomware admitted to paying a ransom, with around a third (32%) paying additional sums to regain access to data and systems.
https://www.infosecurity-magazine.com/news/uk-organizations-email-phishing/
Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021
Researchers have found almost 100,000 new variants of mobile banking Trojans in just a year.
As our digital lives have begun to centre more on handsets rather than just desktop PCs, many malware developers have shifted part of their focus to the creation of mobile threats.
Many of the traditional infection routes are still workable -- including phishing and the download and execution of suspicious software -- but cyber attackers are also known to infiltrate official app stores, including Google Play, to lure handset owners into downloading software that appears to be trustworthy.
This technique is often associated with the distribution of Remote Access Trojans (RATs). While Google maintains security barriers to stop malicious apps from being hosted in its store, there are methods to circumvent these controls quietly.
https://www.zdnet.com/article/almost-100000-new-mobile-banking-trojans-detected-in-2021/
Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion
A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion of Ukraine its members have taken down the website of the Russian propaganda station RT News and news of the day is the attack against the servers of the Russian Defense Ministry.
“Anonymous, a group of hacktivists, successfully hacked and leaked the database of the website of the Ministry of Defense of Russia.” reported the Pravda agency.
The website of the Kremlin (Kremlin.ru) is also unreachable, but it is unclear if it is the result of the Anonymous attack or if the government has taken offline it to prevent disruptive attacks.
The Russian Government’s portal, and the websites of other ministries are running very slow.
The collective is also threatening the Russian Federation and private organizations of attacks, it is a retaliation against Putin’s tyranny.
Anonymous pointed out that it is not targeting Russian citizens, but only their government.
“We want the Russian people to understand that we know it’s hard for them to speak out against their dictator for fear of reprisals.”
https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html
Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds
If you don’t know what it is, if you can’t identify it and if you can’t make sure you don’t topple into its traps, then you can’t fight it, suggests a new report by security provider Proofpoint in its eighth annual State of the Phish report.
The “it” is email-based malware attacks, the kingpin of all hacking methods, that victims often fall for out of a lack of awareness, inadequate training or risky behaviours, such as using a company mobile device for home use.
Proofpoint’s report takes an in-depth look at user phishing awareness, vulnerability and resilience and comes away with some startling numbers: More than three-quarters of organizations associated with the 4,100 IT security professionals and staffers in the worldwide study were hit by email-based ransomware attacks in 2021 and an equal number were victimized by business email compromise attacks, an 18 percent spike from 2020.
What explains the year-over-year climb? Answer: Cyber criminals continue to focus on compromising people, not necessarily systems, Proofpoint said. Email remains cyber criminals’ go-to attack strategy, said Alan Lefort, Proofpoint security awareness training senior vice president and general manager. “Infosec and IT survey participants experienced an increase in targeted attacks in 2021 compared to 2020, yet our analysis showed the recognition of key security terminology such as phishing, malware, smishing (text-based ruse), and vishing (telephone trickery) dropped significantly,” said Lefort. “The awareness gaps and lax security behaviors demonstrated by workers creates substantial risk for organizations and their bottom line.”
The Future of Cyber Insurance
In 2016, just 26% of insurance clients had cyber coverage. That number rose to 47% in 2020, according to a US Government Accountability Office (GAO) report. But the demand for cyber coverage isn't the only thing soaring.
At the end of 2020, insurance prices jumped anywhere from 10% to 30%. In the third quarter of 2021, the average cost of cyber insurance premiums climbed a record 27.6%.
If the rates continue to rise, companies might decide it's not worth the cost. That is, if insurers continue to cover their industry.
https://www.darkreading.com/risk/the-future-of-cyber-insurance
Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices
Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, and a division of TechTarget, Inc., today announced new research into security hygiene and posture management – a foundational part of a strong security program. The study reveals that many aspects of cyber security are managed independently and with antiquated tools, leaving organisations with limited visibility and weak defenses against an ever-evolving threat landscape. Since strong cybersecurity starts with the basics, like knowing about all IT assets deployed, this situation makes organisations vulnerable to advanced threats among strategic, yet often hurried, cloud and digital transformation initiatives.
The new report, Security Hygiene and Posture Management, summarizes a survey of 398 IT and cyber security professionals responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management, including vulnerability management, asset management, attack surface management, and security testing tools. The data reveals that organisations must aim to further assess security posture management processes, examine vendor risk management requirements, and test security tool and processes more frequently.
Microsoft Teams Is The New Frontier For Phishing Attacks
Even with email-based phishing attacks proving to be more successful than ever, cyberattackers are ramping up their efforts to target employees on additional platforms, such as Microsoft Teams and Slack.
One advantage is that in those applications, most employees still assume that they’re actually talking to their boss or coworker when they receive a message.
“The scary part is that we trust these programs implicitly — unlike our email inboxes, where we’ve learned to be suspicious of messages where we don’t recognize the sender’s address,” said anti-fraud technology firm Outseer.
Notably, traditional phishing has seen no slowdown: Proofpoint reported that 83% of organizations experienced a successful email-based phishing attack in 2021 — a massive jump from 57% in 2020. And outside of email, SMS attacks (smishing) and voice-based attacks (vishing) both grew in 2021, as well, according to the email security vendor.
However, it appears that attackers now view widely used collaboration platforms, such as Microsoft Teams and Slack, as another growing opportunity for targeting workers, security researchers and executives say. For some threat actors, it’s also a chance to leverage the additional capabilities of collaboration apps as part of the trickery.
https://venturebeat.com/2022/02/23/microsoft-teams-is-the-new-frontier-for-phishing-attacks/
Threats
Ransomware
Russia-Based Ransomware Group Conti Issues Warning To Kremlin Foes | Reuters
Conti Ransomware 'Acquires' TrickBot as It Thrives Amid Crackdowns | SecurityWeek.Com
Ransomware Is Top Attack Vector On Critical Infrastructure | CSO Online
TrickBot Malware Operation Shuts Down, Devs Move To Stealthier Malware (bleepingcomputer.com)
Microsoft Exchange Servers Hacked To Deploy Cuba Ransomware (bleepingcomputer.com)
Attackers Used Dridex To Deliver Entropy Ransomware, Code Resemblance Uncovered - Help Net Security
Expeditors Shuts Down Global Operations After Likely Ransomware Attack (bleepingcomputer.com)
Chipmaker Giant Nvidia Hit By A Ransomware Attack - Security Affairs
Backups ‘No Longer Effective’ For Stopping Ransomware Attacks (computerweekly.com)
BEC – Business Email Compromise
Phishing & Email
Cyber Attackers Leverage DocuSign to Steal Microsoft Outlook Logins | Threatpost
New Phishing Campaign Targets Monzo Online-Banking Customers (bleepingcomputer.com)
Devious Phishing Method Bypasses MFA Using Remote Access Software (bleepingcomputer.com)
Other Social Engineering
Malware
Over 2.7 Million Cases Of Emotet Malware Detected Globally - Japan Today
Jester Stealer Malware Adds More Capabilities To Entice Hackers (bleepingcomputer.com)
Beware: New Kraken Botnet Easily Fools Windows Defender And Steals Crypto Wallet Data - Neowin
Threat Actors Target Poorly Protected Microsoft SQL Servers - Security Affairs
New Golang Botnet Empties Windows Users’ Cryptocurrency Wallets (bleepingcomputer.com)
Revamped CryptBot Malware Spread By Pirated Software Sites (bleepingcomputer.com)
Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (thehackernews.com)
Mobile
New Xenomorph Android Malware Targets Customers Of 56 Banks (bleepingcomputer.com)
Gaming, Banking Trojans Dominate Mobile Malware Scene | Threatpost
Samsung Shipped '100m' Android Phones With Flawed Encryption • The Register
Data Breaches/Leaks
Organised Crime & Criminal Actors
Police Dismantled Gang That Used Phishing Sites To Steal Credit Cards - Security Affairs
Nigerian Hacker Pleads Guilty To Stealing Payroll Deposits (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking
Insider Risk and Insider Threats
Employees Are Often Using Devices In Seriously Risky Ways - Help Net Security
Insider Threats Are More Than Just Malicious Employees (darkreading.com)
83% Of Employees Continue Accessing Old Employer's Accounts - Help Net Security
Motorola Case Shows Importance Of Detecting Insider IP Theft Quickly | CSO Online
Fraud, Scams & Financial Crime
Think You Couldn't Be Duped By a Con Artist? Think Again | Psychology Today
French Speakers Blasted By Sextortion Scams With No Text Or Links – Naked Security (sophos.com)
Digital Ad Fraud Set to Hit $68bn in 2022 - Infosecurity Magazine
Supply Chain
Nation State Actors
Russia-Backed Hackers Behind Powerful New Malware, UK and US Say | Russia | The Guardian
Ransomware Used as Decoy in Destructive Cyber Attacks on Ukraine | SecurityWeek.Com
Data Wiper Attacks On Ukraine Were Planned At Least In November - Security Affairs
Russia’s Sandworm Hackers Have Built a Botnet of Firewalls | WIRED
China-linked APT10 Target Taiwan's Financial Trading Industry - Security Affairs
US and UK Details a New Python Backdoor Used by MuddyWater APT - Security Affairs
Privacy
Spyware, Espionage & Cyber Warfare
Sector Specific
Financial Services Sector
Defence
Health/Medical/Pharma Sector
Construction
Reports Published in the Last Week
Other News
War in Ukraine Risks Scrambling the Logic of Cyber Security | Financial Times (ft.com)
Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (thehackernews.com)
22 Very Bad Stats On The Growth Of Phishing, Ransomware | VentureBeat
Data Leaks And Shadow Assets Greatly Exposing Organisations To Cyber Attacks - Help Net Security
50% of Websites Vulnerable to Hacking All Year in 2021, New Report Says - MSSP Alert
Is Multifactor Authentication Less Effective Than It Used To Be? (slate.com)
How To Keep Pace With Rising Data Protection Demands - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 February 2022
Black Arrow Cyber Threat Briefing 18 February 2022
-Small Businesses Facing Upwards of 11 Cyber Threats Per Day Per Device
-As Ukraine Tensions Rise, UK Organisations Should Protect Themselves From Cyber Threats
-Microsoft Teams Targeted With Takeover Trojans
-The European Central Bank is Warning Banks of Possible Russia-Linked Cyber Attack Amid the Rising Crisis With Ukraine
-Companies Face Soaring Prices For Cyber Insurance
-Even When Warned, Businesses Ignore Critical Vulnerabilities And Hope For The Best
-Ransomware-Related Data Leaks Nearly Doubled in 2021: Report
-Online Fraud Skyrocketing: Gaming, Streaming, Social Media, Travel and Ecommerce Hit the Most
-Poor Security Hygiene Organisations and Ransomware Attacks: Painful Math
-Security Teams Expect Attackers to Go After End Users First
-US Warns of Imminent Russian Invasion of Ukraine With Tanks, Jet Fighters, Cyber Attacks
-TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
As Ukraine Tensions Rise, UK Organisations Should Protect Themselves From Cyber Threats
In a world that is so dependent on digital assets, cyber resilience is more important than ever. At the National Cyber Security Centre – a part of GCHQ – the mission is to make the UK the safest place to live and work online, but they have said they cannot do it alone.
Now, at a time of heightened cyber threats, the NCSC is urging all organisations to follow their advice on the steps they should take to improve their resilience.
The UK is closer to the crisis in Ukraine than you might think. While 2,000-odd miles separate us physically from their borders with Russia, that distance is much shorter in cyber space – and attacks targeting Ukraine’s digital infrastructure could be felt here in Britain.
Cyber attacks do not respect geographic boundaries. On a daily basis, businesses in the UK are targeted by ransomware attacks from criminals overseas.
And as tensions have risen in Ukraine in recent weeks, authorities have already seen a number of cyber attacks occurring. On Friday evening, the UK government judged that the Russian Main Intelligence Directorate (GRU) was involved in last week’s distributed denial of service attacks against the financial sector in Ukraine.
If the situation continues to escalate, we could see cyber attacks that have international consequences, intentional or not. Rising tensions in the region, with the risk of overspill, are why the National Cyber Security Centre (NCSC) has said that the UK’s cyber risk has heightened in the last month, although there is no evidence of the UK being specifically targeted.
Small Businesses Facing Upwards of 11 Cyber Threats Per Day Per Device
BlackBerry's 2022 Threat Report highlights growing threats to SMBs, calls on government to make cyber security top priority
BlackBerry Limited has released the 2022 BlackBerry Annual Threat Report, highlighting a cybercriminal underground which it says has been optimised to better target local small businesses. Small businesses will continue to be an epicentre for cybercriminal focus as SMBs facing upward of 11 cyber threats per device per day, which only stands to accelerate as cybercriminals increasingly adopt collaborative mindsets.
The report also uncovered cyber breadcrumbs from some of last year’s most notorious ransomware attacks, suggesting some of the biggest culprits may have simply been outsourced labour. In multiple incidents BlackBerry identified threat actors leaving behind playbook text files containing IP addresses and more, suggesting the authors of this year’s sophisticated ransomware are not the ones carrying out attacks. This highlights the growing shared economy within the cyber underground.
Microsoft Teams Targeted With Takeover Trojans
Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found.
Researchers began tracking the campaign in January, which drops malicious executable files in Teams conversations that, when clicked on, eventually take over the user’s computer, according to a report published Thursday.
Using an executable file, or a file that contains instructions for the system to execute, hackers can install DLL files and allow the program to self-administer and take control over the computer. By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users.
Cyber criminals long have targeted Microsoft’s ubiquitous document-creation and sharing suite – the legacy Office and its cloud-based version, Office 365 – with attacks against individual apps in the suite such as PowerPoint as well as business email compromise and other scams.
Now Microsoft Teams – a business communication and collaboration suite – is emerging as an increasingly popular attack surface for cybercriminals.
https://threatpost.com/microsoft-teams-targeted-takeover-trojans/178497/
The European Central Bank is Warning Banks of Possible Russia-Linked Cyber Attack Amid the Rising Crisis With Ukraine
The European Central Bank is warning banks of possible Russia-linked cyber attack amid the rising crisis with Ukraine and is inviting them to step up defences.
The news was reported by Reuters, citing two unnamed sources. The ECB pointed out that addressing cyber security is a top priority for the European agency.
“The European Central Bank is telling euro zone banks zone to step up their defences against cyber attacks, also in the context of geopolitical tensions such as the stand-off between Russia and Ukraine, the ECB’s top supervisor said on Thursday.” reported Reuters.
ECB warned that the rising risk from cyber attacks begun in 2020.
Companies Face Soaring Prices For Cyber Insurance
The cost of cyber insurance has risen steeply over the past year. According to Marsh, the price of cover in the US grew by 130 per cent in the fourth quarter of 2021 alone, while in the UK it grew by 92 per cent. That has increased pressure on companies who are facing cost inflation in other parts of their business.
The steep hikes in the cost of cyber insurance come against a backdrop of rising prices more broadly. According to Marsh, commercial insurance prices rose 13 per cent in the final quarter of 2021.
The hardening market from reduced capacity allied with increasing cyber fraud are potent forces. Pricing becomes more challenging, reinsurance appetite reduced whilst costs increasing and fraudsters have as much access to the latest technologies as do enterprises, the government sector and the insurance industry.
There may be limits to what insurers can cover. Speaking to the Financial Times last week the chief executive of Zurich said: “A connected economy offers lots of opportunities for cyber attacks.” A major cyber risk, he added, “is something only governments can manage”.
Companies will have to do more themselves to fight cyber fraud with technology partners. Meanwhile brokers and insurers must review underwriting data and practices and government raise effectiveness at prosecuting criminals.
https://www.ft.com/content/60ddc050-a846-461a-aa10-5aaabf6b35a5
Even When Warned, Businesses Ignore Critical Vulnerabilities And Hope For The Best
A Bulletproof research found the extent to which businesses are leaving themselves open to cyber attack. When tested, 28% of businesses had critical vulnerabilities – vulnerabilities that could be immediately exploited by cyber attacks.
A quarter of businesses neglected to fix those critical vulnerabilities, even though penetration testing had highlighted them to the business after a retest was completed.
The research analyzed data from over 3,800 days’ worth of penetration testing services. These tests are a means of identifying vulnerabilities within an organisation’s security systems by simulating how malicious actors would seek to exploit such shortcomings.
https://www.helpnetsecurity.com/2022/02/18/businesses-critical-vulnerabilities/
Ransomware-Related Data Leaks Nearly Doubled in 2021: Report
There was a significant increase in ransomware-related data leaks and interactive intrusions in 2021, according to the 2022 Global Threat Report released on Tuesday by endpoint security firm CrowdStrike.
The number of ransomware attacks that led to data leaks increased from 1,474 in 2020 to 2,686 in 2021, which represents an 82% increase. The sectors most impacted by data leaks in 2021 were industrial and engineering, manufacturing, and technology.
The growth and impact of big game hunting in 2021 was a palpable force felt across all sectors and in nearly every region of the world. Although some adversaries and ransomware ceased operations in 2021, the overall number of operating ransomware families increased,” CrowdStrike said in its report.
https://www.securityweek.com/ransomware-related-data-leaks-nearly-doubled-2021-report
Online Fraud Skyrocketing: Gaming, Streaming, Social Media, Travel and Ecommerce Hit the Most
An Arkose Labs report is warning UK commerce that it faces its most challenging year ever. Experts analyzed over 150 billion transaction requests across 254 countries and territories in 2021 over 12 months to discover that there has been an 85% increase in login attacks and fake consumer account creation at businesses.
Alongside this, it identified that one in four new online accounts created were fake. A further 21% of all traffic was confirmed as a fraudulent cyber attack.
From the earliest days of online information to the rapid evolution of today’s metaverses, the internet has come a long way. However, this latest data shows that it is more under attack than ever before.
Your digital identity is a currency for fraudsters and wherever there is online commerce, cyber criminals are quick to identify vulnerabilities.
https://www.helpnetsecurity.com/2022/02/14/fake-consumer-account/
Poor Security Hygiene Organisations and Ransomware Attacks: Painful Math
Poor cyber security hygiene is widely considered to be a major influencing factor for exposure to a ransomware attack. But is that an accurate assessment?
In a new study, RiskRecon, a security best practices specialist, investigated 600+ cyber hijacks to determine if companies victimized by a “detonation” had poor cyber security hygiene at the time and which factors, such as web encryption, application security and email security, are key gaps in coverage.
The answer: Cyber security hygiene does in fact play a large role in an organisation’s vulnerability to a ransomware attack. RiskRecon analyzed the cyber security hygiene on the day of ransomware incident for 622 organisations spanning 633 ransomware events occurring between 2017 and 2021. Based on a comparison population of cyber security ratings and assessments of some 100,000 entities, companies that have very poor cyber security hygiene in their internet-facing systems (a ‘D’ or ‘F’ RiskRecon rating) have about a 40 times higher rate of destructive ransomware events as compared to those with clean cyber security hygiene. Only .03 percent of ‘A-rated’ companies were victims of a destructive ransomware attack, compared with 1.08 percent of ‘D-rated’ and 0.91 percent of ‘F-rated’ companies.
The cyber security conditions underlying the RiskRecon rating reveal just how poor the cyber security hygiene is of companies, on average, that fall victim to a material system-encrypting ransomware attack. For example, ransomware victims have an average of 11 material software vulnerabilities in their internet-facing systems, in comparison with only one issue in the general population. Looking at network services that criminals commonly exploit, ransomware victims expose 3.3 times more unsafe network services to the internet than the general population.
Security Teams Expect Attackers to Go After End Users First
Phishing, malware, and ransomware have spurred organisations to increase their investments in endpoint security, according to Dark Reading’s Endpoint Security Survey.
The shift to a more distributed work environment and an increase in digital transformation initiatives have motivated organisations to bolster their endpoint security defences. However, end users continue to be a major source of worry for IT and security decision-makers, according to the latest Dark Reading survey.
Phishing, malware, and ransomware pose major threats to organisations, as do attacks involving credential theft. An overwhelming 93% of IT and security professionals in Dark Reading’s "2022 Endpoint Security Survey" cite the growing number of ransomware attacks as the reason behind increased investments in endpoint security. Similarly, 83% say the increase in attacks using end-user credentials spurred their endpoint investments.
End users pose one of the biggest threats to the organisation, as 87% expect that if attackers wanted to steal the organisation’s data, they would begin by targeting a single end user.
Concerns about the end user are not new. Verizon’s "2021 Data Breach Investigations Report" found that 85% of the breaches it investigated in 2020 involved end users in some way – such as stolen account credentials, incorrectly assigned privileges or elevated privileges, social engineering, and user error.
US Warns of Imminent Russian Invasion of Ukraine With Tanks, Jet Fighters, Cyber Attacks
President Biden said Friday he is convinced Russian President Vladimir Putin has decided to invade Ukraine and that he expects an attack in the coming days, with targets including the Ukrainian capital, Kyiv.
US officials said a Russian attack could involve a broad combination of jet fighters, tanks, ballistic missiles and cyberattacks, with the ultimate intention of rendering Ukraine’s leadership powerless.
The officials said Mr. Putin has laid the groundwork in recent days through a series of destabilizing activities and false-flag operations, long predicted by U.S. and allied officials and intended to make it look as if Ukraine has provoked Russia into a conflict, thus justifying the Russian invasion.
TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020
The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features.
TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand.
In addition to being both prevalent and persistent, TrickBot has continually evolved its tactics to go past security and detection layers. To that end, the malware's "injectDll" web-injects module, which is responsible for stealing banking and credential data, leverages anti-deobfuscation techniques to crash the web page and thwart attempts to scrutinize the source code.
Also put in place are anti-analysis guardrails to prevent security researchers from sending automated requests to command-and-control (C2) servers to retrieve fresh web injects.
https://thehackernews.com/2022/02/trickbot-malware-targeted-customers-of.html
Threats
Ransomware
Ransomware’s Savage Reign Continues As Attacks Increase 105% - Help Net Security
SonicWall CEO on ransomware: Every good vendor was hit in past 2 years - The Register
Are You Prepared for 2022's More Destructive Ransomware? | SecurityWeek.Com
CISA Advisory Cautions MSPs: Beware More Ransomware Attacks - MSSP Alert
Conti Ransomware Gang Takes Over Trickbot Malware Operation (bleepingcomputer.com)
FBI Eyes Ransomware Profits With New Cryptocurrency Crimes Unit | TechCrunch
FBI Warns BlackByte Ransomware Is Targeting US Critical Infrastructure | TechCrunch
BEC – Business Email Compromise
Phishing & Email
Malware
Emotet Now Spreading Through Malicious Excel Files | Threatpost
PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans (thehackernews.com)
Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators | Threatpost
25 Years On, Microsoft Makes Another Stab At Stopping Macro Malware • Graham Cluley
Three-Fifths of Cyber-Attacks in 2021 Were Malware-Free - Infosecurity Magazine
Data Breaches/Leaks
Organised Crime & Criminal Actors
74% of Ransomware Revenue Goes to Russia-Linked Hackers - BBC News
Interpol Must Change With Cyber Crime, Says Director • The Register
Attackers Hone Their Playbooks, Become More Agile (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking
SIM-Swapping Attacks, Many Aimed at Crypto Accounts, Are on the Rise - WSJ
FBI Says Crypto Payments Are a 'Huge Challenge' Amid Rise in Ransomware Attacks - Decrypt
Insider Risk and Insider Threats
The Rise Of The Super Malicious Insider: Yes, We Need To Worry - Help Net Security
Finance Officer Jailed After Stealing £200,000 from Charity - Infosecurity Magazine
Ex IT Tech Jailed For Wiping School Network During Lockdown • The Register
Fraud, Scams & Financial Crime
Barclays: Scams Surged in Final Quarter of 2021 - Infosecurity Magazine
Fraud and Scam Activity Hits All-Time High - Help Net Security
Soaring Losses Accelerate Investments In Anti-Fraud Tech - Help Net Security
Threat Actors Still Love a Romance Scam - Infosecurity Magazine
Singapore Introduces Strong Measures To Stop Online Scams • The Register
7 Tips for How To Spot a Scammer and Protect Yourself | Well+Good
DoS/DDoS
Nation State Actors
Russia’s Offensive Cyber Actions Should Be A Cause For Concern For CISOs | CSO Online
Russia Stole US Defense Data From IT Systems, Says CISA • The Register
Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA (thehackernews.com)
Chinese MI6 Informant Gave Information To MPs About Huawei Threat | Huawei | The Guardian
Red Cross Attributes Server Breach To Nation-State Actor - CyberScoop
Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware (thehackernews.com)
Cloud
Report: 63% of IT Pros Say Cyber Threats Are Top Obstacle To Cloud Adoption Strategy | VentureBeat
EU Watchdog To Probe Public Sector's Love Affair With Cloud • The Register
Privacy
Spyware, Espionage & Cyber Warfare
The Conflict In Ukraine Proves Cyber-Attacks Are Now Weapons Of War (thenextweb.com)
Cyber Warfare In Ukraine Poses A Threat To The Global System | Financial Times (ft.com)
EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware (thehackernews.com)
Using Mobile Networks For Cyber Attacks As Part Of A Warfare Strategy - Help Net Security
Moses Staff Hackers Targeting Israeli Organisations for Cyber Espionage (thehackernews.com)
Vulnerabilities
Squirrelwaffle, Microsoft Exchange Server Vulnerabilities Exploited For Financial Fraud | ZDNet
Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails (thehackernews.com)
New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP! (thehackernews.com)
Multiple Vulnerabilities Put 40 Million Ubuntu Users At Risk | TechRadar
Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites (thehackernews.com)
High-Severity Vulnerability Found in Apache Database System Used by Major Firms | SecurityWeek.Com
VMware Fixes Holes That Could Allow Virtual Machine Escapes – Naked Security (sophos.com)
Another Critical RCE Discovered in Adobe Commerce and Magento Platforms (thehackernews.com)
T2 Mac Security Vulnerability: Passwords Can Now Be Cracked - 9to5Mac
Sector Specific
Financial Services Sector
Open Banking Innovation: A Race Between Developers And Cyber Criminals - Help Net Security
Canada's Major Banks Go Offline In Mysterious Hours-Long Outage (bleepingcomputer.com)
Defence
Transport and Aviation
Energy & Utilities
Other News
Over 28,000 Vulnerabilities Disclosed in 2021: Report | SecurityWeek.Com
Web Application Firewalls (WAFs) Can't Give Organisations The Security They Need - Help Net Security
How Challenging Is Corporate Data Protection? - Help Net Security
Local Authority Sets Aside £380k for Cyber-Attack Recovery - Infosecurity Magazine
Traditional MFA Is Creating A False Sense Of Security - Help Net Security
Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry | Threatpost
Be Flexible About Where People Work — But Not on Data Privacy (darkreading.com)
Researchers Block “Largest Ever” Bot Attack - Infosecurity Magazine
BadUSB: The Cyber Threat That Gets You To Plug It In – CloudSavvy IT
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.