Threat Intelligence Blog

Contact our Experts Now

Subscribe to our Weekly Cyber Threat Intelligence Briefing

Black Arrow Admin 06/07/2023 Black Arrow Admin 06/07/2023

Black Arrow Cyber Insight 06 July 2023 – NHS Trust Breached, Personal Information Leaked

Executive Summary

Last weekend, Barts Health NHS trust was breached in a cyber attack, with Russian-linked cyber crime gang ALPHV, also known as BlackCat. The attackers claimed to have acquired seven terabytes of internal documents from the trusts’ systems. A selection of files including copies of driving licenses, passports and correspondence have already been leaked. It is believed that more is to come. This comes after other recent cyber attacks, such as the MOVEit hack, which has impacted over 130 organisations and 15 million individuals.

What’s the risk to me or my business?

The availability of such detailed personal information poses an increased risk of threat actors exploiting it for phishing purposes, and also increases the likelihood that the information could be used for identity fraud. With access data such as previous email chains with an individual, phishing attacks can appear more authentic as responses to legitimate requests, making them more likely to succeed.

What can I do?

To help mitigate the risk, Black Arrow strongly recommend maintaining a high level of vigilance and awareness. It is crucial to understand that the presence of personal or confidential information alone does not guarantee authenticity. Take the time to double-check any suspicious communication or requests before sharing sensitive information. By remaining cautious and verifying the legitimacy of any unexpected or unusual messages, you can reduce the likelihood of falling victim to phishing attacks. It is also recommended that individuals monitor their own personal accounts for suspicious activity including the information stored with credit unions such as Equifax and Transunion to identify potential cases of identity theft.

More information on the NHS Breach can be found here: https://www.telegraph.co.uk/news/2023/06/30/russia-may-have-hacked-nhs-trust-with-two-million-patients/

More information on the MOVEit attack can be found here: https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 05/01/2023 Black Arrow Admin 05/01/2023

Black Arrow Cyber Informational 05/01/2023 – Twitter Data Leak

Executive Summary

A data leak containing the email addresses for over 200 million Twitter users has been published on a popular hacking forum for free. The leak appears to be the same as the one reported in December 2022, with a number of experts confirming the authenticity of entries in the leak.

What’s the risk to me or my business?

The leak contains details of Twitter users and their email addresses, which could be used by threat actors to conduct phishing attacks against accounts.

What can I do?

Although no immediate response is required, Black Arrow recommends that any individual or organisation which has used twitter remains vigilant and on the lookout for potential phishing attacks

Further information on the data leak be found here: https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatintelligence #cybersecurity

Black Arrow Admin 22/12/2022 Black Arrow Admin 22/12/2022

Black Arrow Cyber Alert 22/12/2022 – ACTION REQUIRED: LastPass Security Incident Update

Black Arrow Cyber Alert 22/12/2022 – ACTION REQUIRED: LastPass Security Incident Update

Executive Summary

LastPass has today provided an update to investigations of its security incident described in our Advisory of 02 December 2022. LastPass has now confirmed that customer data, including encrypted copies of password vaults, has been accessed and downloaded by malicious actors. While LastPass is still stating that the protected data should be secure if its best practice guidance was followed, we recommend, as advised by LastPass, that all users should reset the master password for their account and ensure that multi-factor authentication is enabled wherever possible. Given our focus on reducing risk, we also recommend that users should change the passwords stored within the service at the earliest opportunity, and prioritise those in the most critical accounts.

What’s the risk to me or my business?

LastPass has confirmed that the following un-encrypted data has been accessed during the data breach: “company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.” LastPass has also confirmed that website URLs for end user accounts were also copied, along with encrypted fields such as “website usernames and passwords, secure notes, and form-filled data”, but noted that these fields remain 256-bit AES encrypted, and should be protected from brute force attack.

LastPass also notes that customers may be targeted with phishing attacks, credential stuffing and other brute force attacks against online accounts associated with the LastPass Vault.

Although the latest information provided by LastPass is troubling, Black Arrow continues to recommend the use of password managers such as LastPass as part of a defence in depth approach to cyber security. Password managers can reduce the overall risks caused by practices such as using weak passwords, re-using passwords and writing down passwords.

What can I do?

LastPass notes that if the master password exceed 12 characters (as per LastPass’ default settings post-2018) and best practices, then end user master passwords should remain secure. However, LastPass notes that if the password did not meet its defaults then the number of attempts needed to brute force the password could be significantly reduced.

As above we recommend that all users should reset the master password for their account, and ensure that multi-factor authentication is enabled wherever possible. We also recommend that users should change the passwords stored within the service at the earliest opportunity, and prioritise those in the most critical accounts.

Further information on this security incident be found here: Notice of Recent Security Incident - The LastPass Blog

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 26/08/2022 Black Arrow Admin 26/08/2022

Black Arrow Cyber Advisory 26/08/2022 – Plex has suffered a data breach involving customer account information

Executive Summary

Plex, the streaming platform aggregate, has suffered a data breach on 22/08/2022 where customer information including emails, usernames and encrypted passwords were stolen. The organisation has advised that users reset their passwords immediately.

What’s the risk to me or my business?

While it has been specified that the passwords were encrypted, it still may be possible for a malicious attacker to brute force the password, which would allow them access to the account, and potentially any other account which also uses the same email and password combination. It is also likely that users will start receiving more phishing emails and spam, which is a frequent occurrence after a data breach.

What can I do?

It is recommended that the password for the account is changed. If that password is in use for any other account associated with the email address, then this should also be changed. As a reminder it is best practice and often organisational policy for users to have different passwords for different accounts for this very reason.

Further information on this specific data breach can be found here: Important notice of a potential data breach 24th of August 2022 - Announcements - Plex Forum

Need help understanding your gaps, or just want some advice? Get in touch with us.

Black Arrow Admin 10/09/2021 Black Arrow Admin 10/09/2021

Black Arrow Cyber Threat Briefing 10 September 2021

-91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations

-Ransomware Attacks Increased Exponentially In 2021

-One In Three Suspect Phishing Emails Reported By Employees Really Are Malicious

-Hackers Shift From Malware To Credential Hijacking

-Attacker Breakout Time Now Less Than 30 Minutes

-Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

-The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge

-Hackers Exploit Camera Vulnerabilities To Spy On Parents

-39% Of All Internet Traffic Is From Bad Bots

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Black Arrow Cyber Threat Briefing 06 August 2021

Black Arrow Cyber Threat Briefing 06 August 2021:

-Ransomware Volumes Hit Record High

-Ransomware Gangs Recruiting Insiders To Breach Corporate Networks

-More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021

-New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies

-Constant Review Of Third Party Security Critical As Ransomware Threat Climbs

-Kaseya Ransomware Attack Sets Off Race To Hack Service Providers

-Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects

Black Arrow Cyber Threat Briefing 09 July 2021

Black Arrow Cyber Threat Briefing 09 July 2021: Hackers Demand $70 Million To End Biggest Ransomware Attack On Record; Zero Day Malware Reached An All-Time High In Q1 2021; New Trojan Malware Steals Millions Of Login Credentials; MacOS Targeted In WildPressure APT Malware Campaign; The Cost Of Cyber Insurance Increased 32% Last Year And Shows No Signs Of Easing; Critical Flaws In Windows Print Spooler Service Could Allow For Remote Attacks; British Airways Settles Over Record Claim For Data Breach; Hackers On Loose As 9,000 Data Leaks A Year Recorded

Black Arrow Cyber Threat Briefing 02 July 2021

Black Arrow Cyber Threat Briefing 02 July 2021: Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit; 71% Of Orgs Experienced BEC Attacks Over The Past Year; Cyber Insurance Making Ransomware Crisis Worse; Breach Exposes 92% Of LinkedIn Users; Users Clueless About Cyber Security Risks; Paying Ransoms Make You A Bigger Target; Cyber Crime Never Sleeps; Classified MOD Docs Found At Bus Stop; Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk

Image by Clker-Free-Vector-Images from Pixabay

Black Arrow Cyber Threat Briefing 23 April 2021

Black Arrow Cyber Threat Briefing 23 April 2021: Cyber Attacks Rise For Businesses, Pushing Many To The Brink; MI5 Warns Of Spies Using LinkedIn To Trick Staff; Sonicwall Warns Customers To Patch 3 Zero-Days Exploited In The Wild; FBI Removed Backdoors From Vulnerable Exchange Servers, Not Everyone Likes The Idea; Pulse Secure VPN Zero-Day Used To Hack Defense Firms & Govt Orgs; Solarwinds Hack Could Cost Insurance Firms $90M; Mount Locker Ransomware Aggressively Changes Up Tactics; QR Codes Offer Easy Cyber Attack Avenues as Usage Spikes

Threats

Ransomware

Vulnerabilities

Data Breaches

Organised Crime & Criminal Actors

'High-Level' Organiser Of FIN7 Hacking Group Sentenced To 10 Years In Prison

Cryptocurrency

Natwest Will Refuse To Serve Business Customers Who Accept Cryptocurrencies

Supply Chain

Growing Reliance On Third-Party Suppliers Signals Increasing Security Risks

Nation State Actors

Denial of Service

Other News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 26/03/2021 Black Arrow Admin 26/03/2021

Black Arrow Cyber Threat Briefing 26 March 2021

Black Arrow Cyber Threat Briefing 26 March 2021: Cyber Warfare Will Grind Britain’s Economy To A Halt; $2 Billion Lost To BEC Scams In 2020; Ransomware Gangs Targets Firms With Cyber Insurance; Three Billion Phishing Emails Are Sent Every Day; $50 Million Ransomware For Computer Maker Acer; Office 365 Phishing Attack Targets Financial Execs; MS Exchange Hacking, Thousands Of Email Servers Still Compromised; Average Ransom Payment Surged 171% in 2020; Phishers’ Perfect Targets: Employees Getting Back To The Office; Nasty Malware Stealing Amazon, Facebook And Google Passwords

Threats

Ransomware

Phishing

Malware

IOT

The US Government Finally Gets Serious About IoT Security

Vulnerabilities

Data Breaches

Organised Crime & Criminal Actors

Russian Pleads Guilty To Conspiracy To Introduce Malware Into Tesla's Computer Network

OT, ICS, IIoT and SCADA

UK Cyber Security Law Forcing Energy Companies To Report Hacks Has Led To No Reports, Despite Numerous Hacks

Nation State Actors

Privacy

Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports

Other News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 06/02/2021 Black Arrow Admin 06/02/2021

Black Arrow Cyber Threat Briefing 05 February 2021

Black Arrow Cyber Threat Briefing 05 February 2021: Ransomware Gangs Made At Least $350 Million In 2020; Widening Security Shaped Gulf Between Firms And Remote Workers; 3.2 Billion Emails And Passwords Exposed; Account Takeover and Data Leakage Attacks Spiked In 2020; Automated Tools Increasingly Used to Launch Cyber Attacks; 93% Of Workers Overshare Online, Causing Social Engineering Risks;

Threats

Ransomware

Other Social Engineering

Many of us are sharing too much information on social media

Malware

Mobile

Android Devices Prone to Botnet’s DDoS Onslaught

Vulnerabilities

Data Breaches

Nation-State Actors

Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers

Other News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 23/01/2021 Black Arrow Admin 23/01/2021

Black Arrow Cyber Threat Briefing 22 January 2021

Black Arrow Cyber Threat Briefing 22 January 2021: Ransomware Biggest Cyber Concern; Ransomware Payments Grew 311% In 2020; Cyber Security Spending To Soar In 2021; Ransomware Provides The Perfect Cover For Other Attacks; Gdpr Fines Skyrocket As Eu Gets Tough On Data Breaches; Popular Pdf Reader Has Database Of 77 Miliion Users Leaked Online; Malware Incidents On Remote Devices Increase

Top Cyber Headlines of the Week

Ransomware is now the biggest Cyber Security concern for CISOs

Ransomware is the biggest cyber security concern facing businesses, according to those responsible for keeping organisations safe from hacking and cyberattacks. A survey of chief information security officers (CISOs) and chief security officers (CISOs found that ransomware is now viewed as the main cyber security threat to their organisation over the course of the next year. Almost half – 46% – of CISOs and CISOs surveyed said that ransomware or other forms of extortion by outsiders represents the biggest cyber security threat.

https://www.zdnet.com/article/ransomware-is-now-the-biggest-cybersecurity-concern-for-cisos/

Crypto ransomware payments grew 311% in 2020

Crypto payments associated with ransomware grew at least 311% in 2020. “Ransomware” refers to a category of malicious computer programs that force users into paying ransoms. Just 0.34% of all cryptocurrency transactions last year were criminal, down from 2.1% in 2019. But that number is bound to go up, said the firm.

https://decrypt.co/54648/crypto-crime-ransomware-chainalysis-report-2020

The SolarWinds hackers used tactics other groups will copy

One of the most chilling aspects of Russia's recent hacking spree—which breached numerous United States government agencies among other targets—was the successful use of a “supply chain attack” to gain tens of thousands of potential targets from a single compromise at the IT services firm SolarWinds. But this was not the only striking feature of the assault. After that initial foothold, the attackers bored deeper into their victims' networks with simple and elegant strategies. Now researchers are bracing for a surge in those techniques from other attackers.

https://www.wired.com/story/solarwinds-hacker-methods-copycats/

Global Cyber Security spending to soar in 2021

The worldwide cyber security market is set to grow by up to 10% this year to top $60bn, as the global economy slowly recovers from the pandemic. Double-digit growth from $54.7bn in 2020 would be its best-case scenario. However, even in the worst case, cyber security spending would reach 6.6%. That would factor in a deeper-than-anticipated economic impact from lockdowns, although the security market has proven to be remarkably resilient thus far to the pandemic-induced global economic crisis. That said, SMB spending was hit hard last year, along with certain sectors like hospitality, retail and transport.

https://www.infosecurity-magazine.com/news/global-cybersecurity-spending-to/

Cyber criminals publish more than 4,000 stolen Sepa files

Sepa rejected a ransom demand for the attack, which has been claimed by the international Conti ransomware group. Contracts, strategy documents and databases are among the 4,000 files released. The data has been put on the dark web - a part of the internet associated with criminality and only accessible through specialised software.

https://www.bbc.co.uk/news/uk-scotland-55757884

Ransomware provides the perfect cover for other attacks

Look at any list of security challenges that CISOs are most concerned about and you’ll consistently find ransomware on them. It’s no wonder: ransomware attacks cripple organizations due to the costs of downtime, recovery, regulatory penalties, and lost revenue. Unfortunately, cybercriminals have added an extra sting to these attacks: they are using ransomware as a smokescreen to divert security teams from other clandestine activities behind the scenes

https://www.helpnetsecurity.com/2021/01/21/ransomware-cover/

Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data

Some organisations that fall victim to ransomware attacks are paying ransoms to cyber-criminal gangs despite being able to restore their own networks from backups, in order to prevent hackers publishing stolen data. Over the course of the past year, many of the most successful ransomware gangs have added an additional technique in an effort to coerce victims into paying ransoms after compromising their networks – publishing stolen data if a payment isn't received.

https://www.zdnet.com/article/ransomware-victims-that-have-backups-are-paying-ransoms-to-stop-hackers-leaking-their-stolen-data/

GDPR fines skyrocket as EU gets tough on data breaches

Europe’s new privacy protection regime has led to a surge in fines for bad actors, according to research published today. Law firm DLA Piper says that, since January 28th, 2020, the EU has issued around €158.5 million (around $192 million) in financial penalties. That’s a 39-percent increase on the previous 20-month period Piper examined in its report, published this time last year. And as well as the increased fines, the number of breach notifications has shot up by 19 percent across the same 12-month period.

https://www.engadget.com/gdpr-fines-dla-piper-report-144510440.html

Malware incidents on remote devices increase

Devices compromised by malware in 2020, 37% continued accessing corporate emails after being compromised and 11% continued accessing cloud storage, highlighting a need for organizations to better determine how to configure business tools to ensure fast and safe connectivity for all users in 2021.

https://www.helpnetsecurity.com/2021/01/18/malware-incidents-remote-devices/

Threats

Phishing

Malware

Vulnerabilities

Data Breaches

Denial of Service

Windows RDP servers are being abused to amplify DDoS attacks

Cloud

Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years

Privacy

Is your boss spying on you as you work from home? One in five firms admit using secret software

Other News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 16/01/2021 Black Arrow Admin 16/01/2021

Black Arrow Cyber Threat Briefing 15 January 2021

Black Arrow Cyber Threat Briefing 15 January 2021: Two Thirds of Employees Don’t Consider Security Whilst Working from Home; Ransomware Gangs Targeting Top Execs; Microsoft emits 83 security fixes – and miscreants are already exploiting vulnerabilities in Windows Defender; Android malware gives hackers full control of your smartphone; Massive fraud campaign sees millions vanish from online bank accounts

Top Cyber Headlines of the Week

Two-Thirds of Employees Don’t Consider Security Whilst Home Working

More than two-thirds (68%) of UK workers do not consider the cyber security impact of working from home, according to a new study. The survey of 2043 employees in the UK demonstrated a lack of awareness about how to stay secure whilst working remotely, which is putting businesses at risk of attacks. The shift to home working as a result of COVID-19 means that staff in many organizations are operating across insecure devices and networks, providing opportunities for cyber-criminals.

https://www.infosecurity-magazine.com/news/two-thirds-employees-security-home/

Ransomware Gangs Scavenge for Sensitive Data by Targeting Top Executives

In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm’s management team. And one of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom.

https://www.tripwire.com/state-of-security/featured/ransomware-gangs-scavenge-sensitive-data-targeting-executives/

Microsoft emits 83 security fixes – and miscreants are already exploiting one of the vulnerabilities in Windows Defender

83 vulnerabilities in its software, which does not include the 13 flaws fixed in its Edge browser last week. That's up from 58 repairs made in December, 2020, a relatively light month by recent standards. Affected applications include: Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.

https://www.theregister.com/2021/01/12/patch_tuesday_fixes/

This Android malware claims to give hackers full control of your smartphone

The 'Rogue' remote administration tool (RAT) infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps in order to steal usernames and passwords, as well as financial data. The low cost of the malware reflects the increasing sophistication of the criminal ecosystem that is making it possible for wannabe crooks with limited technical skills to acquire the tools to stage attacks.

https://www.zdnet.com/article/this-android-malware-claims-to-give-hackers-full-control-of-your-smartphone/

Massive fraud campaign sees millions vanish from online bank accounts

Researchers have uncovered an extensive fraud campaign that saw millions of dollars drained from victims’ online bank accounts. The operation was discovered by experts at IBM Trusteer, the IT giant’s security division, who described the attack as unprecedented in scale. To gain access to online banking accounts, the fraudsters are said to have utilized a piece of software known as a mobile emulator, which creates a virtual clone of a smartphone.

https://www.techradar.com/uk/news/massive-fraud-campaign-sees-millions-vanish-from-online-bank-accounts

SolarWinds Hack Followed Years of Warnings of Weak Cyber Security

Congress and federal agencies have been slow or unwilling to address warnings about cyber security, shelving recommendations that are considered high priority while investing in programs that have fallen short. The massive cyber-attack by suspected Russian hackers, disclosed in December, came after years of warnings from a watchdog group and cyber security experts. For instance, the Cyberspace Solarium Commission, which was created by Congress to come up with strategies to thwart sizable cyber-attacks, presented a set of recommendations to Congress in March that included additional safeguards to ensure more trusted supply chains.

https://www.bloomberg.com/news/articles/2021-01-13/solarwinds-hack-followed-years-of-warnings-of-weak-cybersecurity

Threats

Ransomware

Hacker used ransomware to lock victims in their IoT chastity belt

Ransomware Attack Costs Health Network $1.5m a Day

Dassault Falcon Jet reports data breach after ransomware attack

IOT

Cyber experts say advice from breached IoT device company Ubiquiti falls short

Phishing

Iranian cyber spies behind major Christmas SMS spear-phishing campaign

Malware

macOS malware used run-only AppleScripts to avoid detection for five years

Going Rogue – a Mastermind Behind Android Malware Returns with a New Remote Access Trojan (RAT)

Emotet Tops Malware Charts in December After Reboot

Vulnerabilities

Windows 10 bug corrupts your hard drive on seeing this file's icon

Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove

Adobe fixes critical code execution vulnerabilities in 2021's first major patch round

Data Breaches

Over 16,000 customers seeking compensation for British Airways data breach

New Zealand Central Bank Breach Hit Other Companies

Massive Parler data leak exposes millions of posts, messages and videos

Millions of Social Profiles Leaked by Chinese Data-Scrapers

Hackers leak stolen Pfizer COVID-19 vaccine data online

United Nations data breach exposed over 100k UNEP staff records

Organised Crime

Europol shuts down the world's largest dark web marketplace

Nation State Actors

Third malware strain discovered in SolarWinds supply chain attack

Privacy

Whatsapp Privacy Controversy Causes ‘Largest Digital Migration In Human History’, Telegram Boss Says As He Welcomes World Leaders

Reports Published in the Last Week

Microsoft Digital Defense Report

Other News

Nissan NA source code leaked due to default admin:admin credentials

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 03/01/2021 Black Arrow Admin 03/01/2021

Black Arrow Cyber Threat Briefing 31 December 2020

Black Arrow Cyber Threat Briefing 31 December 2020: SolarWinds hack may be much worse than originally feared; Threat actor selling 368.8 million records from 26 data breaches; The Worst Hacks of 2020; Nasty Strain of malware is back and hits 100K recipients per day; Ransomware in 2020: A Banner Year for Extortion; Russia’s global hacking efforts are going to unwind in 2021

Top Cyber Headlines of the Week

SolarWinds hack may be much worse than originally feared

The Russia-linked SolarWinds hack which targeted US government agencies and private corporations may be even worse than officials first realized, with some 250 federal agencies and business now believed affected.

Microsoft has said the hackers compromised SolarWinds’ Orion monitoring and management software, allowing them to “impersonate any of the organisation’s existing users and accounts, including highly privileged accounts.” The Times reports that Russia exploited layers of the supply chain to access the agencies’ systems.

https://www.theverge.com/2021/1/2/22210667/solarwinds-hack-worse-government-microsoft-cybersecurity

Threat actor is selling 368.8 million records from 26 data breaches

Security experts reported that a threat actor is selling user records allegedly stolen from twenty-six companies on a hacker forum.

The total volume of data available for sale is composed of 368.8 million stolen user records.

For some of these companies, the data breaches have not been previously disclosed, including Teespring.com, MyON.com, Chqbook.com, Anyvan.com, Eventials.com, Wahoofitness.com, Sitepoint.com, and ClickIndia.com.

https://securityaffairs.co/wordpress/112842/data-breach/data-breaches-records-sale.html

The Worst Hacks of 2020, a Surreal Pandemic Year

WHAT A WAY to kick off a new decade. 2020 showcased all of the digital risks and cybersecurity woes you've come to expect in the modern era, but this year was unique in the ways Covid-19 radically and tragically transformed life around the world. The pandemic also created unprecedented conditions in cyberspace, reshaping networks by pushing people to work from home en masse, creating a scramble to access vaccine research by any means, generating new fodder for criminals to launch extortion attempts and scams, and producing novel opportunities for nation-state espionage.

https://www.wired.com/story/worst-hacks-2020-surreal-pandemic-year/

A Nasty Strain of malware is back and hits 100K recipients per day

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information, resumes, financial documents, or scanned documents.

https://securityaffairs.co/wordpress/112650/malware/december-emotet-redacted.html

Ransomware in 2020: A Banner Year for Extortion

From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020. Remote learning platforms shut down. Hospital chemotherapy appointments cancelled. Ransomware attacks in 2020 dominated as a top threat vector this past year. Couple that with the COVID-19 pandemic, putting strains on the healthcare sector, and we witnessed ransomware exact a particularly cruel human toll as well. Attacks had an impact on nearly all sectors of the global economy – costing business $20 billion collectively and creating major cybersecurity headaches for others.

https://threatpost.com/ransomware-2020-extortion/162319/

Ransomware Is Headed Down a Dire Path

AT THE END of September, an emergency room technician in the United States gave WIRED a real-time account of what it was like inside their hospital as a ransomware attack raged. With their digital systems locked down by hackers, health care workers were forced onto backup paper systems. They were already straining to manage patients during the pandemic; the last thing they needed was more chaos. "It is a life-or-death situation," the technician said at the time.

The same scenario was repeated around the country this year, as waves of ransomware attacks crashed down on hospitals and health care provider networks, peaking in September and October. School districts, meanwhile, were walloped by attacks that crippled their systems just as students were attempting to come back to class, either in person or remotely. Corporations and local and state governments faced similar attacks at equally alarming rates.

https://www.wired.com/story/ransomware-2020-headed-down-dire-path/

Russia’s global hacking efforts are going to unwind in 2021

Russia has become adept at using cyberattacks and digital-media manipulation to influence events in other countries. We know there was Russian digital interference in the 2016 US general election and the 2017 presidential election in France: both involved fake social-media accounts and “hack-and-leak” operations to steal emails. The UK government has not investigated whether, as must be probable, Russia had also been using its tools of covert subversion during the Scottish independence and Brexit referenda, but it has said that it is almost certain that Russian actors sought to interfere in the 2019 general election through the online dissemination of illicitly acquired government documents, thought to relate to US/UK trade negotiations.

https://www.wired.co.uk/article/uk-us-russia-hacking

Threats

IOT

FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’

Malware

New Golang worm turns Windows and Linux servers into monero miners

Emotet malware hits Lithuania's National Public Health Centre

GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic

Vulnerabilities

Cross-layer attacks: New hacking technique raises DNS cache poisoning, user tracking risk

Windows Zero-Day Still Circulating After Faulty Fix

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

Data Breaches

T-Mobile warns customers of second data breach in less than a year

Kawasaki discloses security breach, potential data leak

Finland says hackers accessed MPs' emails accounts

Organised Crime

21 arrests in nationwide cyber crackdown

Nation State Actors

India: A Growing Cyber Security Threat

Denial of Service

Citrix devices are being abused as DDoS attack vectors

Privacy

Mapped: The Top Surveillance Cities Worldwide

Cryptocurrency

Voyager cryptocurrency broker halted trading due to cyber attack

Other News

Brexit deal mentions Netscape browser and Mozilla Mail

6 Questions Attackers Ask Before Choosing an Asset to Exploit

Deepfake queen to deliver Channel 4 Christmas message

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 26/12/2020 Black Arrow Admin 26/12/2020

Black Arrow Cyber Threat Briefing 25 December 2020

Black Arrow Cyber Threat Briefing 25 December 2020: The Cyber Threat Is Real and Growing; Ransomware Attacks Surge in Q3; In 2021 there will be a cyber attack every 11 seconds; The West has suffered a massive cyber breach and it's hard to overstate how bad it is; Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack

Top Cyber Headlines of the Week

The Cyber Threat Is Real and Growing

The SolarWinds breach could be one of the most significant cyber incidents in history. Russian intelligence—likely the SVR, the foreign-intelligence branch—infiltrated and sat undetected on U.S. and other government networks for nearly 10 months. It was a sophisticated, smart and savvy attack that should alarm the public and private sectors.

We may not know the full extent of the damage for some time. Don’t be surprised if more government entities disclose that they too were victims of this attack. Don’t be surprised either if it emerges that private companies were hit. SolarWinds says it has more than 300,000 customers, including 400 companies in the Fortune 500. That’s a lot of potential victims.

https://www.wsj.com/articles/the-cyber-threat-is-real-and-growing-11608484291

Ransomware Attacks Surge in Q3 as Cyber Criminals Shift Tactics

A record growth in ransomware attacks took place in Q3 of 2020 compared to Q2, from 39% to 51% of all malware attempts according to a new study. The study also found that hacking accounted for 30% of all attacks during Q3, with cyber criminals reducing their emphasis on social engineering tactics compared with earlier this year. The researchers noted that the percentage of social engineering attacks using COVID-19 as a lure fell from 16% in Q2 to just 4% in Q3, which they attribute to people becoming more accustomed to this crisis. Additionally, social engineering attacks targeting organizations fell from 67% of all attempts in Q1 to under half (45%) in Q3.

https://www.infosecurity-magazine.com/news/ransomware-attacks-surge-q3/

In 2021, there will be a cyber attack every 11 seconds. Here’s how to protect yourself

Experienced outdoor athletes know that with winter rapidly approaching, the secret to success lies in protecting the core. That is, the body’s core temperature through layering, wicking and a host of ever-improving technical fabrics that prevent the cold, snow and ice from affecting performance. The same could be said for cyber security. With organizations and workers now in their ninth month of COVID-19, the time has come to prepare as the threat of cyber attacks becomes even more menacing.

https://theprint.in/tech/in-2021-there-will-be-a-cyberattack-every-11-seconds-heres-how-to-protect-yourself/565616/

The US, and much of the West, has suffered a massive cyber breach. It's hard to overstate how bad it is

Recent news articles have all been talking about the massive Russian cyber-attack against the United States, but that’s wrong on two accounts. It wasn’t a cyber-attack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous.

Espionage is internationally allowed in peacetime. The problem is that both espionage and cyber-attacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk – and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack.

https://www.theguardian.com/commentisfree/2020/dec/23/cyber-attack-us-security-protocols

Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack

Last week, news broke that IT management company SolarWinds had been hacked, possibly by the Russian government, and the US Treasury, Commerce, State, Energy, and Homeland Security departments have been affected — two of which may have had emails stolen as a result of the hack. Other government agencies and many companies are investigating due to SolarWinds’ extensive client list. The Wall Street Journal is now reporting that some big tech companies have been infected, too.

Cisco, Intel, Nvidia, Belkin, and VMware have all had computers on their networks infected with the malware. There could be far more: SolarWinds had stated that “fewer than 18,000” companies were impacted, as if that number is supposed to be reassuring, and it even attempted to hide the list of clients who used the infected software. Today’s news takes some of SolarWinds’ big-name clients from “possibly affected’’ to “confirmed affected.”

https://www.theverge.com/2020/12/21/22194183/intel-nvidia-cisco-government-infected-solarwinds-hack

Researchers share the lists of victims of SolarWinds hack

Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations. Researchers from multiple cybersecurity firms published a list that contains major companies, including Cisco, Deloitte, Intel, Mediatek, and Nvidia. The researchers decoded the DGA algorithm used by the backdoor to assign a subdomain of the C2 for each of the compromised organizations.

https://securityaffairs.co/wordpress/112555/hacking/solarwinds-victims-lists.html

Threats

Ransomware

Ransomware: Attacks could be about to get even more dangerous and disruptive

IOT

New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices

Malware

Emotet Returns to Hit 100K Mailboxes Per Day

Microsoft has discovered yet more SolarWinds malware

3 million users hit with infected Google Chrome and Microsoft Edge extensions

Vulnerabilities

Windows zero-day with bad patch gets new public exploit code

Script for detecting vulnerable TCP/IP stacks released

New SUPERNOVA backdoor found in SolarWinds cyberattack analysis

Smart Doorbell Disaster: Many Brands Vulnerable to Attack

Zero-day exploit used to hack iPhones of Al Jazeera employees

Signal: Cellebrite claimed to have 'cracked' chat app's encryption

Data Breaches

There's been a Nintendo Switch data leak, according to reports

Data breach hits 30,000 signed up to workplace pensions provider

Thousands of customer records exposed after serious data breach

Organised Crime

Cyber criminals have started indexing the dark web

Joker’s Stash Carding Site Taken Down

International sting shuts down 'favourite' VPN of cyber criminals

Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data

NSA Warns of Hacking Tactics That Target Cloud Resources

Denial of Service

Cloudflare has identified a new type of DDoS attack inspired by an acoustic beat

Privacy

The pandemic has taken surveillance of workers to the next level

Other News

Dozens of Al Jazeera journalists allegedly hacked using Israeli firm's spyware

Cyber Insurance Market Expected to Surge in 2021

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 12/12/2020 Black Arrow Admin 12/12/2020

Black Arrow Cyber Threat Briefing 11 December 2020

Black Arrow Cyber Threat Briefing 11 December 2020: Cyber crime costs the world more than $1 trillion, 50% increase from 2018; One of the world's largest security firms breached; Chinese Breakthrough in Quantum Computing a Warning for Security Teams; Ransom payouts hit record-highs, surging 178% in a year; Ransomware Set to Continue to Evolve

Top Cyber Headlines of the Week

Cyber crime costs the world more than $1 trillion, a 50% increase from 2018

Cyber crime costs the world economy more than $1 trillion, or just more than one percent of global GDP, which is up more than 50 percent from a 2018 study that put global losses at close to $600 billion. Beyond the global figure, the report also explored the damage reported beyond financial losses, finding 92 percent of companies felt effects beyond monetary losses.

https://www.helpnetsecurity.com/2020/12/07/cybercrime-costs-world/

FireEye, one of the world's largest security firms, discloses security breach

FireEye, one of the world largest security firms, said today it was hacked and that a "highly sophisticated threat actor" accessed its internal network and stole hacking tools FireEye uses to test the networks of its customers.

The firm said the threat actor also searched for information related to some of the company's government customers.

The attacker was described as a "highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack."

https://www.zdnet.com/article/fireeye-one-of-the-worlds-largest-security-firms-discloses-security-breach/

Chinese Breakthrough in Quantum Computing a Warning for Security Teams

China’s top quantum-computer researchers have reported that they have achieved quantum supremacy, i.e., the ability to perform tasks a traditional supercomputer cannot. And while it’s a thrilling development, the inevitable rise of quantum computing means security teams are one step closer to facing a threat more formidable than anything before.

https://threatpost.com/chinese-quantum-computing-warning-security/161935/

Ransom payouts hit record-highs, surging 178% in a year

Average ransom payouts increased by 178% in the third quarter of this year, from $84,000 (£63,000) to almost £234,000, compared with the year before. Ransomware payments reached record-highs in 2020 as employees shifted to remote working to curb the spread of the coronavirus pandemic, creating more attack vectors for hackers.

https://uk.finance.yahoo.com/news/ransomware-payouts-hacking-computers-hit-record-highs-surging-134527988.html

Ransomware Set for Evolution in Attack Capabilities in 2021

Ransomware is set to evolve into a greater threat in 2021 as service offerings and collaborations increase. The year turned out “different than predicted” and the shift to working from home also impacted the e-crime landscape. “This created an industrialization of e-crime groups and their abilities to extend from single groups into business pipelines”

https://www.infosecurity-magazine.com/news/ransomware-evolution-capabilities/

How Organisations Can Prevent Users from Using Breached Passwords

There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door?

https://thehackernews.com/2020/12/how-organizations-can-prevent-users.html

Threats

Ransomware

Phishing

IOT

Millions of IoT devices could be vulnerable to these unfixable security bugs

Malware

Vulnerabilities

Data Breaches

Threat Actors

Norway says Russian hacking group APT28 is behind August 2020 Parliament hack

Insider Threats

Bank Employee Sells Personal Data of 200,000 Clients

Other News

Reports Published in the Last Week

Sophos 2021 Threat Report

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 13/09/2020 Black Arrow Admin 13/09/2020

Cyber Weekly Flash Briefing 11 September 2020: Ransomware 41% of H1 2020 cyber insurance claims, MS Critical RCE Bugs, 60% of emails May/June fraudulent, Insider Data Breaches, Linux Targeting More

Cyber Weekly Flash Briefing 11 September 2020: Ransomware 41% of all H1 2020 cyber insurance claims, MS Patch Tuesday Critical RCE Bugs, 60 percent of emails May/ June were fraudulent, Insider-Enabled Data Breaches, Linux-Based Devices Targeted More, Chilean bank shut down following ransomware, meddling in US politics by Russia, China & Iran, TikTok battles to remove video of livestreamed suicide

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Ransomware accounted for 41% of all cyber insurance claims in H1 2020

Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by one of the largest providers of cyber insurance services in North America.

The high number of claims comes to confirm previous reports from multiple cyber-security firms that ransomware is one of today's most prevalent and destructive threats.

Ransomware doesn't discriminate by industry. An increase in ransom attacks has been seen across almost every industry.

In the first half of 2020 alone, they observed a 260% increase in the frequency of ransomware attacks amongst their policyholders, with the average ransom demand increasing 47%.

Among the most aggressive gangs, the cyber insurer listed Maze and DoppelPaymer, which have recently begun exfiltrating data from hacked networks, and threatening to release data on specialized leak sites, as part of double extortion schemes.

Why this matters:

Ransomware remains, and is likely to remain, by far one of the biggest menaces on the web, it is indiscriminate, anyone can be affected, it can be business destroying, and it is getting worse all the time.

Microsoft’s Patch Tuesday Packed with Critical RCE Bugs

Microsoft has released patches for 129 security bugs in its September Patch Tuesday update. These include 23 critical flaws, 105 that are important in severity and one moderate bug. Fortunately, none are publicly known or under active exploitation, Microsoft said.

The most severe issue in the bunch is CVE-2020-16875, according to researchers. This is a memory-corruption problem in Microsoft Exchange that allows remote code-execution (RCE) just by sending an email to a target. Running arbitrary code could grant attackers the access they need to create new accounts, access, modify or remove data, and install programs.

Why this matters:

Many organisations are struggling to keep up with the volume of updates and keeping on top of them, or knowing which to prioritise, is critical for firms. At a time while many organisations continue to struggle to support the ongoing distribution of remote workers, Microsoft continues to pile on the updates and finding an efficient method for rolling out these patches has become even more imperative as companies begin to abandon the idea of a short-term fix and shift operations to embrace remote work as part of a lasting, long-term progression of how organisations operate moving forward.

Firms are beginning to realise the negative outcomes of the lenient security measures put in place to quickly adapt to a decentralised workforce and it’s become more important than ever to establish patching policies that can securely support remote endpoints for the foreseeable future.

60 percent of emails in May and June were fraudulent

The COVID-19 pandemic has seen a spike in scams, phishing and malware across all platforms and attack vectors. The latest mid-year threat landscape report from Bitdefender shows that in May and June, an average of 60 percent of all received emails were fraudulent.

In addition there’s been a five-fold increase in the number of coronavirus-themed attacks and a 46 percent increase in attacks aimed at home IoT devices.

IoT malware has become versatile, robust, and is constantly updated. IrcFlu, Dark_Nexus7 and InterPLanetary Storm are some of the examples malware that gained in popularity during the first half of 2020.

Mobile malware has been quick to capitalise too, with malware developers rushing to weaponise popular applications, such as the Zoom video conferencing application, used by employees now working from home. Packing RAT (Remote Access Trojan) capabilities, or bundling them with ransomware, banking malware, or even highly aggressive adware, Android malware developers were also fully exploiting the pandemic wave.

Why this matters:

As we keep saying malicious actors never let a good crisis or tragedy go to waste and will exploit whatever is going on in the world or anything there is a collective interest in to real in unsuspecting victims.

Good awareness and education are key in keeping your employees and users safe and ensuring users at all levels, including board members – who present a significant risk, are up to date with latest tactics and threats.

Email in particular will remain primary vector for attack and this is unlikely to change any time soon.

Businesses [should] Fear Insider-Enabled Data Breaches

Businesses fear suffering a data breach and expect it to be caused by an insider or internal error.

A survey of 500 IT professionals found that 94% of respondents have experienced a data breach, and 79% were worried their organisation could be next.

The fear associated with breaches stems from the security culture within the organisation, along with the security reporting structure.

Having security teams in close dialogue with executive leadership, supporting the leadership to make informed risk-based decisions and driving the business strategy, including the technologies used, reduces this fear significantly.

Secondly, not understanding information security, its components and principles drives fear and anxiety of the unknown, so having security education training, and developing awareness and consciousness of threats, will enable and empower the entire organisation to act with a ‘security first’ mindset.

Finally, recognising the importance of access control to protect systems and data is a foundational level control that organisations can apply to reduce the risk of a data breach. Hand in hand with this is partnering with trusted identity and access control platform providers who can provide enterprises with that security expertise and industry leadership.

Why this matters:

In terms of what is causing the breaches, 40% of respondents to the survey said accidental employee incidents were to blame, compared to 21% who said it is external attackers. Asked if this is a case of businesses not having a handle on what leaves their organisations (either intentionally or accidentally), insiders already have access and can leave with data invisibly, which might turn up somewhere embarrassing later.

4 top vulnerabilities ransomware attackers exploited in 2020

As more employees work from home, attackers have more endpoints to target. These unpatched vulnerabilities in remote access tools and Windows makes their job easier.

The biggest security trend for 2020 has been the increase of COVID-19-related phishing and other attacks targeting remote workers. New York City, for example, has gone from having to protect 80,000 endpoints to around 750,000 endpoints in its threat management since work-from-home edicts took place.

As noted in a recent Check Point Software Technologies mid-year review, “The first impact of the pandemic was the proliferation of malware attacks that used social engineering techniques with COVID-19 thematic lures for the delivery stage.” Domain names were set up and parked with names relating to the pandemic. As workers started to use videoconferencing platforms, attacks moved to attacking Zoom, Teams and other videoconferencing platforms.

One disturbing trend is that 80% of the observed attacks in the first half of 2020 used vulnerabilities reported and registered in 2017 and earlier, according to the Check Point report, and more than 20% of the attacks used vulnerabilities that are at least seven years old. This showcases that we have a problem in keeping our software up to date.

Why this matters:

Ransomware remains a big threat 2020 and expanding attack surfaces with staff working from home is making the situation worse. Attackers use vulnerabilities in tools used for remote access into Windows networks.

Click read more below to find out the top four vulnerabilities the researchers identified.

APT Groups Increasingly Targeting Linux-Based Devices

APT groups are increasingly executing targeted attacks against Linux-based devices as well as developing more Linux-focused tools, according to an investigation by Kaspersky.

This is as a result of a growing number of organisations’ selecting Linux ahead of Windows to run their strategically important servers and systems, and the perception that the Linux operating system is safer and less likely to be targeted by malware as it is less popular.

However, threat-actors have been observed to adapt their tactics to take advantage of this trend, and Kaspersky noted that “over a dozen APT actors have been observed to use Linux malware or some Linux-based modules” during the past eight years.

These include notorious groups such as Turla, Lazarus, Barium, Sofacy, the Lamberts and Equation. Kaspersky highlighted the example of Russian speaking APT group Turla using Linux backdoors as part of its changing toolset in recent years.

Why this matters:

Attacks that target Linux-based systems are still fewer in number than attacks on Windows based systems, but there is still malware designed to target them, including webshells, backdoors, rootkits and even custom-made exploits.

Major Chilean bank shuts down all branches following ransomware attack

Banco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil.

According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident.

Sources close to the investigation reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and proceeded to open.

The incident was reported to the Chilean authorities, who issued a cyber-security alert that warned about a massive ransomware campaign targeting the private sector in the country.

Why this matters:

As above ransomware is not going away and is getting worse all the time. Too many users don’t realise that simply opening a document or clicking on a link in an email could bring down their entire organisations. Staff and users need to be educated about the role they play in securing their organisations.

Vulnerabilities discovered in PAN-OS, which powers Palo Alto Networks’ firewalls

Palo Alto Networks this week remediated vulnerabilities in PAN-OS (operating systems version 8.1 or later) which command injection, cross site scripting and the ability to upload unauhtoised files to a directory which might lead to denial of service.

Why this matters:

Attackers can use these vulnerabilities to gain access to sensitive data or develop the attack to gain access to the internal segments of the network of a company that uses vulnerable protection tools.

Any security fixes for known vulnerabilities across any different product, software or firmware should be tested and applied as soon as possible, so those vulnerabilities cannot be used against you or your organisation.

Russia, China and Iran hackers target Trump and Biden, Microsoft says

Hackers with ties to Russia, China and Iran are attempting to snoop on people and groups involved with the US 2020 presidential election, Microsoft says.

The Russian hackers who breached the 2016 Democratic campaign are again involved, said the US tech firm.

Microsoft said it was "clear that foreign activity groups have stepped up their efforts" targeting the election.

Both President Donald Trump and Democrat Joe Biden's campaigns are in the cyber-raiders' sights.

Russian hackers from the Strontium group have targeted more than 200 organisations, many of which are linked to US political parties - both Republicans and Democrats, Microsoft said in a statement.

Why this matters:

The same attackers have also targeted British political parties, said Microsoft, without specifying which ones. Any meddling in politics by foreign states is a clear threat to the democratic process and shows that unfriendly states will interfere to further their own agendas.

TikTok battles to remove video of livestreamed suicide

TikTok is battling to remove a graphic video of a livestreamed suicide, after the footage was uploaded to the service on Sunday night from Facebook, where it was initially broadcast.

Although the footage was rapidly taken down from TikTok, users spent much of Monday re-uploading it, initially unchanged, but later incorporated into so-called bait-and-switch videos, which are designed to shock and upset unsuspecting users.

One such video, for instance, begins with a conventional video of an influencer talking to camera, before cutting without warning to the graphic footage.

Why this matters:

Parents, especially of younger children, may think that certain sites and social media channels are safe for children and the content is suitable vetted and controlled, but as this illustrates that is often not the case and caution should be exercised in allow young children unfettered access to social media.

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 23/08/2020 Black Arrow Admin 23/08/2020

Cyber Weekly Flash Brief 21 August 2020: Uber infosec exec charged with cover-up, 50% anti-malware products fail, WFH security breach surge, 40% of firms sacked staff for cyber breaches during Covid

Cyber Weekly Flash Briefing 21 August 2020: Former Uber security exec charged with cover-up, half of anti-malware products fail to recognise threats, millions of social media accounts compromised by data breach, WFH causes surge in security breaches, staff 'oblivious' to best practices, 40% of firms have sacked staff for cyber security breaches during Covid, HMRC Investigating Over 10,000 COVID-Related Phishing Scams

Former Uber security executive charged with data breach cover-up

Uber’s former chief security officer has been charged with obstruction of justice over accusations that he attempted to cover up a 2016 hack of the company, which exposed the personal details of 57m users and drivers.

Prosecutors said Joseph Sullivan, 52, hid the breach from the relevant authorities, and instead paid a ransom to the hackers and had them sign non-disclosure agreements stating, falsely, that they had not stolen personal information.

“The agreements contained a false representation that the hackers did not take or store any data,” prosecutors said in a press release. “When an Uber employee asked Sullivan about this false promise, Sullivan insisted that the language stay in the non-disclosure agreements.”

Mr Sullivan, who worked at Facebook prior to Uber, is said to have authorised the payment to the hackers of $100,000 in bitcoin, disguising the fee as coming via the company’s legitimate “bug bounty” programme — normally used to pay well-intentioned cyber security experts for discovering flaws and vulnerabilities.

It was not until November 2017, almost a year after Mr Sullivan allegedly knew the attack took place, that Uber revealed its knowledge of the breach and Mr Sullivan was dismissed.

Why this matters?

Not only was a criminal act conducted against Uber but a further criminal act was then conducted within the firm to cover it up. This shows what is at stake, that people will go to lengths to cover things up and that strong governance is needed and appropriate controls, and rewards, need to be in place across the organisation to encourage good behaviours.

Half of anti-malware products fail to recognize notable threats

Many of the most popular, well-established cyber security solutions do not protect their users from all notable threats, according to new analysis from SE Labs.

The security firm tested 14 of the world’s most popular cyber security solutions and, while products from Microsoft and Kaspersky Lab scored 100 percent, more than half failed to identify all threats.

"While the numbers of 'misses' are not out of this world, it's disappointing to see big brand products miss well-known threats," said Simon Edwards, CEO at SE Labs.

"Although we do 'create' threats by using publicly available free hacking tools, we don't write unique malware so there is no technical reason why any vendor being tested should do poorly."

According to SE Labs, the firm used common threats that affect the general public to conduct the tests, as well as more targeted forms of attack.

"In some cases the bad guys actually help us out, by sending our own organization the same types of malware that they use to target other potential victims. The Emotet malware campaign that ran in July of this year was a notable example," Edwards added.

With the Covid-19 pandemic forcing employees to remain at home, it has never been more important to protect devices and data from cyberthreats. Businesses and consumers alike are advised to keep their operating systems, applications and cybersecurity solutions up to date.

Why this matters:

Many firms put too much faith in technical controls, yet reports like this prove the point that technical controls are not as good as many people believe.Technical controls, even the best technical controls, only go so far when information security is a whole of business risk and people controls are needed in addition to technical controls to keep a firm safe.

Hundreds of millions of Instagram, TikTok, YouTube accounts compromised by data breach

Security researchers have discovered an exposed database online which contains scraped data from the social media profiles of nearly 235m Instagram, TikTok and YouTube users.

For those unfamiliar with the practice, web scraping is an automated technique used to gather data from websites that is often employed by analytics firms who use it to create large databases of user information. Although the practice is legal, it is strictly prohibited by social media companies as it puts the privacy of their users and their data at risk.

Researchers discovered three identical copies of the exposed database online at the beginning of August. After examining the database they learned that it belonged to a company called Deep Social which has shut down its operations.

Why this matters

Big beaches like these, where data has been taken from different sources, breaches and public databases, can give attackers an incredible amount of data on you, probably enough to then start attacking your home or your employer. Even as far as identity theft type attacks.

Working from home causes surge in security breaches, staff 'oblivious' to best practices

The COVID-19 pandemic shows little sign of slowing down, and for many businesses, employees are still working remotely and from home offices.

While some companies are gearing towards reopening their standard office spaces in the coming months -- and have all the challenges associated with how to do so safely to face -- they may also be facing repercussions of the rapid shift to remote working models in the cyber security space.

In the clamor to ensure employees could do their jobs from home, the enterprise needed to make sure members of staff had the right equipment as well as network and resource access.

However, according to Malwarebytes, the rushed response to COVID-19 in the business arena has created massive gaps in cyber security -- and security incidents have increased as a result.

On Thursday, the cyber security firm released a report (.PDF), "Enduring from Home: COVID-19's Impact on Business Security," examining the impact of the novel coronavirus in the security world.

Company telemetry and a survey conducted with 200 IT and cyber security professionals suggest that since the start of the pandemic, remote workers have caused a security breach in 20% of organisations.

As a result, 24% of survey respondents added that their organizations had to pay unexpected costs to address cyber security breaches or malware infections after shelter-in-place orders were imposed.

Why this matters:

Months into this pandemic and staff working from home many staff are still oblivious to what they should and should not be doing and some firms are not doing a good enough job of getting their staff to appreciate the role they playing in helping to keep their firm’s safe.

Two-fifths of firms have sacked staff for cybersecurity breaches during Covid, poll shows

Almost two-fifths of business decision-makers (39 per cent) have dismissed employees because of a cyber security policy breach since the pandemic began, a survey has found.

The research polled 200 UK business decision-makers and found more than half (58 per cent) of firms believed that working from home made employees more likely to circumvent security protocols – including through the use of personal laptops and failing to change passwords.

To combat poor employee security practices, more than half (55 per cent) of those surveyed had banned, or planned to ban, staff from using personal devices to work from home.

Meanwhile, 57 per cent were implementing more measures to securely authenticate employees, including biometric data checks such as fingerprint and facial recognition technology, and multi-factor authentication steps to access certain files, applications and accounts.

The poll found that almost two-thirds (65 per cent) had made substantial changes to their cybersecurity policies in response to breaches and to Covid-19.

Why this matters:

It is imperative employers revisited their data security protocols in light of widespread home working. Employers need to communicate that the same principles of data protection apply at home as in the office, including that a breach could lead to severe disciplinary action. The importance of securing data and directing employees accordingly cannot be underestimated as the employer could find themselves responsible for significant data breaches if they have not taken appropriate steps to protect it.

Separately, a report by recruitment firm Robert Walters has found that up to 65,000 cyber attacks take place on UK SMEs every day, with 4,500 successful. The report, Cyber security: Building Business Resilience, found that almost half (48 per cent) of UK companies admitted to not having adequate cyber security provision to maintain a fully remote working model.

We are at the mercy of Google's cloud services – and it could cost us dearly

If the internet is our information superhighway, this week's mass outage of Google services represents the sudden and total closure of the M25.

Users up and down the country who rely on the system for their livelihoods found themselves confronted with the simple Gmail message: “Oops, something went wrong”. It was the digital equivalent of the Road Closed sign.

Such is the public and private sector’s dependence on software services provided by Google and its rivals Amazon, Microsoft and Alibaba that the five-hour outage will likely be felt at GDP level.

Never mind the frustration felt by hundreds of thousands of homeworkers, think of all the lost opportunities from meetings unattended, the lost confidence from work unsent and the lost productivity from reduced output.

It all adds up: a temporary internet shutdown costs an advanced economy like Britain’s £107m per day according to a report from Deloitte and Facebook into the economic impact of disruptions to connectivity.

That’s equivalent to 1.9 per cent of daily GDP. A big hit, especially in a recession when companies small and large are fighting for their lives and public services are stretched to the limit.

Why this matters

Firms are increasing reliant on a small number of providers and a loss of any one of those providers could have serious ramifications for any business operating online. It is always best to diversify your critical systems across different providers such that a loss of one does not have such wide reaching impact.

Four million Britons with Huawei phones risk their devices becoming obsolete

Up to four million British consumers could be stuck with increasingly useless and vulnerable Huawei mobiles after the Chinese firm was blocked from receiving future software updates due to US sanctions.

The crisis-hit company's phones are in danger of rapidly becoming obsolete following the expiry of a temporary licence allowing it to use apps and Android updates from Google - raising fears they could become increasingly slow and laden with bugs.

Huawei is at risk of being unable to renew the licence after being blacklisted by the Trump administration in May last year, with US companies barred from selling technology to it without explicit government approval.

As a result, Huawei phones using Google Mobile Services could stop getting new features and security updates from the US company.

The US claims that Huawei equipment can be used by the Chinese government for espionage – something which Huawei has repeatedly denied. Older Huawei phones, developed before May 2019, are still expected to have the support of critical security features.

Why this matters:

Security updates need to rolled out to keen devices and software secure once vulnerabilities have been found and fixed by vendors. If Huawei phones are no longer able to receive these security updates any vulnerabilities in the underlying operating system will be able to continue being exploited by cyber criminals or ironically nation state actors.

HMRC Investigating Over 10,000 COVID-Related Phishing Scams

More than 10,000 email, SMS, social media and phone scams exploiting the COVID-19 pandemic are being investigated by Her Majesty’s Revenue and Customs (HMRC) in the UK.

The official figures, published following a Freedom of Information (FOI) request highlight how the health and economic crisis has provided major scamming opportunities for cyber criminals.

The data showed that May was the month in which the highest number of phishing scams were reported by members of the public to HMRC, at 5152, representing a 337% rise compared to March when lockdown measures were first introduced in the UK. This was followed by 2558 reports in June, and 2105 in April. The total since March comes to 10,428.

Government programs introduced to support businesses and workers impacted by the lockdown have been a common target for scammers. Examples include an email purporting to be from HMRC regarding the government’s Coronavirus Job Retention Scheme, which attempted to get business owners to reveal their bank account information, while another offered a bogus tax rebate under the guise of the Self-Employment Income Support Scheme.

The FOI also showed that 106 COVID-related websites have been requested for removal since March, with April the highest month at 42, followed by 24 in May and 17 in March. In May, it was revealed that HMRC formally asked internet service providers (ISPs) to remove 292 scam web addresses exploiting the coronavirus outbreak.

Why this matters:

Cyber criminals will always take advantage of current events, crises and tragedies to exploit unsuspecting victims. This has never been so evident as with the current Coronavirus pandemic, especially with the shift to more staff working from home.

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 31/07/2020 Black Arrow Admin 31/07/2020

Cyber Weekly Flash Briefing 31 July 2020: 386M user records stolen, Twitter spear-phishing, Garmin may have paid ransom, 27% of consumers hit with Covid19 phishing scams, Netflix phishing scam

Cyber Weekly Flash Briefing 31 July 2020: 386M user records stolen, Twitter says attack was spear-phishing, Criminals still exploiting COVID19, Netwalker ransomware, Garmin may have paid ransom, QNAP NAS devices infected, Hackers exploit networking vulns, 27% of consumers hit with pandemic-themed phishing scams, New Netflix phishing scam

386 million user records stolen in data breaches — and they're being given away for free

A notorious hacker or group of hackers is giving away copies of databases said to contain 386 million user records, after posting links to the databases on a marketplace used by cyber criminals.

The threat actor, who goes by the name ShinyHunters, claims to have data stolen from 18 different websites in the past seven months. According to reports, ShinyHungers last week began uploading the databases to a forum where anyone can download them free of charge.

ShinyHunters is believed to have played a role in high-profile data breaches at HomeChef, Promo.com, Mathway, Chatbooks, Dave.com, Wattpad and even Microsoft's GitHub account. Many of these records were previously offered for sale online.

Why this matters:

Any details stolen from one site or service will be used against other sites and services, this is why it is critical that passwords are not reused across different sites and that all passwords are unique. Using multi factor authentication is also very effective at safeguarding against these types of attacks.

Twitter says spear-phishing attack on employees led to breach

Twitter said a large hack two weeks ago targeted a small number of employees through a phone “spear-phishing” attack.

The social media platform said the hackers targeted about 130 accounts, tweeted from 45, accessed the inboxes of 36, and were able to download Twitter data from seven.

Attackers also targeted specific employees who had access to account support tools, Twitter said. The company added it has since restricted access to its internal tools and systems.

Twitter suffered a major security breach on 15 July that saw hackers take control of the accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple.

The hack unfolded over the course of several hours, and in the course of halting it, Twitter stopped all verified accounts from tweeting – an unprecedented measure.

Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency.

Why this matters?

It is nearly always a lot easier for attackers to attack your users than it is to attack your systems. IT controls alone cannot protect against social engineering attacks so making sure your staff are trained so they don’t fall for social engineering attacks is a critical part of your defence.

Cyber-Criminals Continue to Exploit #COVID19 During Q2

Cyber-criminals’ exploitation of the COVID-19 pandemic to target individuals and businesses has continued unabated during the second quarter of 2020, according to one Cyber Security firm’s Q2 2020 Threat Report published today. The findings highlight how the crisis is defining the cybersecurity landscape in Q2 in a similar way as it did in Q1 after the pandemic first struck.

The firm observed a continuous focus on phishing using COVID-19 lures in this period. This included criminals taking advantage of the rise in online shopping that has occurred during the pandemic, with a 10-fold increase in phishing emails impersonating one of the world’s leading package delivery services found in comparison to Q1.

The shift to remote working as a result of the pandemic has also led to increased targeting of Remote Desktop Protocol’s in recent months.

Ransomware tactics were found to be “rapidly developing” in this period, with operators moving away from doxing and random data leaking towards auctioning the stolen data on dedicated underground sites.

Why does this matter?

The Coronavirus crisis gave criminals an efficient lure to bait phishing emails with and for as long as it is working they will continue to exploit this crisis. It’s like we always say “cyber criminals will never let a good crisis or tragedy go to waste”

FBI Releases Flash Alert on Netwalker Ransomware

The US Federal Bureau of Investigations (FBI) released a flash alert in which it warned organisations about the dangers of Netwalker ransomware.

The FBI said that it had received notifications of attacks involving Netwalker against U.S. and foreign government organisations along with entities operating in the healthcare and education sectors.

In its alert, the FBI noted that those responsible for Netwalker had used COVID-19 phishing emails and unpatched vulnerabilities affecting VPN apps to gain entry into an organisation. The malicious actors had then used their crypto-malware to harvest administrator credentials and steal data from their victims. Ultimately, the attackers uploaded that stolen information to a file-sharing service.

Once they had come into possession of a victim’s data, the nefarious individuals activated the ransomware’s encryption routine. This step led the threat to encrypt all connected Windows-based devices and information before dropping a ransom note on the infected machine.

Why does this matter?

Ransomware remains one of the biggest risks for all firms, organisations and individuals, and the majority of the time the ransomware infection will stem from a phishing email that a user within an organisation clicked on. As with all social engineering attacks IT controls alone are of limited effectiveness and defending against these attacks comes down to educating your users and instilling in them the importance of the role they play in defending an organisation.

Garmin may have paid hackers ransom, reports suggest

Fitness wearable and Navtech supplier Garmin may have given in to the demands of cyber criminals who encrypted its systems with ransomware, according to news reports that suggest the firm has obtained a decryption key to recover its files, strongly suggesting it has either paid up, or brokered some kind of deal.

In a statement issued four days after its services first went offline, Garmin finally confirmed it had been the victim of a cyber attack, having previously limited its response to saying it was experiencing an outage. It has not yet confirmed it was the victim of a ransomware incident, although this is now all but certain.

A spokesperson said: “Garmin today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer-facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation,” said the firm.

“We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

Why does this matter?

Ransomware can affect firms of any size, from the smallest to the largest, no firm or organisation is immune and even firms that are spending millions or tens of millions on advanced protections and controls can still fall victim. These types of attacks go after the people working for an organisation, not the organisations technical infrastructure and technical controls are of limited use in defending against these types of attacks. An organisation needs to ensure their users are efficient at spotting phishing emails, it only takes one user clicking on one malicious email to take down a multinational corporation.

Cyber-security agencies from the UK and the US say 62,000 QNAP NAS devices have been infected with the QSnatch malware

The UK NCSC and US CISA published a joint security alert this week about QSnatch, a strain of malware that has been infecting network-attached storage (NAS) devices from Taiwanese device maker QNAP.

In alerts by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC), the two agencies say that attacks with the QSnatch malware have been traced back to 2014, but attacks intensified over the last year when the number of reported infections grew from 7,000 devices in October 2019 to more than 62,000 in mid-June 2020.

Of these, CISA and the NSCS say that approximately 7,600 of the infected devices are located in the US, and around 3,900 in the UK.

Why this matters?

Vulnerable devices can be used to steal credentials (usernames and passwords) and exfiltrate information from devices on the network. It is important to keep devices up to date with the latest security patches to close any vulnerabilities before they can be exploited.

Hackers actively exploit high-severity networking vulnerabilities

Hackers are actively exploiting two unrelated high-severity vulnerabilities that allow unauthenticated access or even a complete takeover of networks run by FTSE100/Fortune 500 companies and government organisations.

The most serious exploits are targeting a critical vulnerability in F5’s Big-IP advanced delivery controller, a device that’s typically placed between a perimeter firewall and a Web application to handle load balancing and other tasks. The vulnerability, which F5 patched three weeks ago, allows unauthenticated attackers to remotely run commands or code of their choice. Attackers can then use their control of the device to hijack the internal network it’s connected to.

Why this matters?

Vulnerable devices such as this can be used to gain access to internal networks. It is important to keep devices up to date with the latest security patches to close any vulnerabilities before they can be exploited. When a vendor releases updates they should be installed as soon as possible, ideally having been tested before updates are applied in your live environment.

27% of consumers hit with pandemic-themed phishing scams

Phishing is the top digital fraud scheme worldwide related to the COVID-19 pandemic, according to new research.

Among consumers reporting being targeted with digital COVID-19 schemes globally, 27% said they were hit with pandemic-themed phishing scams.

Identity fraud is a primary way fraudsters leverage stolen consumer data from phishing and other social engineering schemes. It can have long-term impacts for consumers such as the compromise of multiple online accounts and bringing down credit scores, which we anticipate will increase during pandemic reconstruction.

To better understand the impacts of COVID-19 on consumers, 7,384 adults in Canada, Colombia, Hong Kong, South Africa, the U.K., and the U.S. have been surveyed between June 30 and July 6, 2020.

It asked the consumers if they had been targeted by digital COVID-19 fraud and if so, which digital fraud scheme(s) related to COVID-19 were they targeted with. Globally, 32% said they had been targeted by digital fraud related to COVID-19 with the below being the top types of COVID-19 fraud they faced:

Top global online COVID-19 scams targeting consumers:

Why this matters?

Whatever works for criminals they will continue doing. Until consumers, as well as businesses, get better at detecting these scams and get better at spotting phishing emails criminals will carry on using the latest crisis or tragedy to get users to click on malicious emails and open their networks to attackers.

New Netflix phishing scam uncovered - here’s how to stay safe

Security analysts have uncovered a dangerous and highly convincing new Netflix phishing scam, capable of evading traditional email security software.

The phishing email masquerades as a billing error alert, pressing the victim to update their payment details within 24 hours or have their Netflix subscription voided.

The link provided in the email redirects to a functioning CAPTCHA form, used in legitimate scenarios to distinguish between humans and AI. Although this step adds a layer of friction to the process, it serves to enhance the sense of legitimacy the attacker is attempting to cultivate.

After handing over account credentials, billing address and payment card information, the victim is then redirected to the genuine Netflix home page, unaware their data has been compromised.

Why does this matter?

Phishing campaigns like this cast a wide net and only need a small number of victims to fall for it to turn a profit, and that means these types of scams are not going to go away any time soon. If no one fell for them they would stop. Always question any email that urges you to take action quickly under the guise of some threat.

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 10/07/2020 Black Arrow Admin 10/07/2020

Cyber Weekly Flash Briefing 10 July 2020: firms concerned by cloud security: most already breached, 15 Billion passwords on sale, routers present huge risk, BMW cust breach, NK hackers target retail

Majority of firms concerned about public cloud security, most have suffered breach

Most businesses are worried about the current state of their public cloud security, with 70% admitting they have experienced a breach over the past year including 93% in India, where this figure is highest worldwide. Companies that used more than one public cloud platforms reported more security incidents than their peers that used only one platform.

In addition, system misconfigurations enabled 66% of cyber attacks either because attackers were able to exploit a misconfigured system or tap flaws in the firewall applications to steal credentials of cloud provider accounts. Data loss or leak was the biggest security concern, with 44% of organisations pointing to this as a top focus area, according to Sophos' State of Cloud Security 2020 study.

The survey polled 3,521 IT managers across 26 markets including 158 in Singapore, 227 in India, 162 in China, 148 in Australia, 126 in Japan, 191 in the UK, and 413 in the US. These respondents used services from at least one of the following public cloud providers: Amazon Web Services (AWS) and VMWare Cloud on AWS, Microsoft Azure, Alibaba Cloud, and Oracle Cloud. They also might have used Google Cloud and IBM Cloud.

15 Billion Stolen Passwords On Sale On The Dark Web, Research Reveals

There are more than 15 billion stolen account credentials circulating on criminal forums within the dark web, a new study has revealed.

Researchers discovered usernames, passwords and other login information for everything from online bank accounts, to music and video streaming services.

The majority of exposed credentials belong to consumers rather than businesses, the researchers found, resulting from hundreds of thousands of data breaches.

Unsurprisingly, the most expensive credentials for sale were those for bank and financial services. The average listing for these was £56 on the dark web – a section of the internet notorious for criminal activity that is only accessible using specialist software.

Researched stated that the sheer number of credentials available is staggering.

Check your router now - it could be a huge security risk

Many of the most popular home routers available to buy today feature a worrying number of security flaws and vulnerabilities, new research has found and your router might be the biggest security hole in your network.

A report from Germany discovered that the firmware present in a large number of leading routers was susceptible to hugely damaging security issues.

Many routers were found to never have received a single security firmware update in their lifetime, despite the risk that this could pose to users at home and at work, and were vulnerable to hundreds of well-known security issues.

The study looked at 127 home routers from seven brands (Netgear, ASUS, AVM, D-Link, Linksys, TP-Link and Zyxel), examining the product firmware for any known security vulnerabilities.

46 of the products it tested had not received any kind of security update within the past 12 months, with some vendors shipping firmware updates without fixing known vulnerabilities, and one set of products not seeing a firmware update for more than five years.

Data Breach Affects 384,319 BMW Customers in the U.K.

Researchers at an intelligence firm discovered that a hacker group “KelvinSecurity” compromised the personal information of 384,319 BMW customers in the U.K. and put them for sale on various darknet forums.

The hacker group claimed that they got the BMW database from a call centre that handles customers’ information of various automobile brands. The stolen database contains over 500,000 customer records dated between 2016 and 2018, affecting U.K. owners of other car manufacturers, including Honda, Mercedes, SEAT, and Hyundai in the U.K.

The exposed BMW owners’ information included sensitive information such as surnames, emails, vehicle registration numbers, residential address, dealer names, car registration information, names of dealerships. The researchers also discovered multiple databases exposed by KelvinSecurity, including data related to the U.S. government contractors and the Russian military weapons development. The hacker group also exposed over 28 databases on various darknet forums for free, affecting organizations in Iran, Australia, Mexico, U.S., Sweden, Indonesia, and France.

SurveyMonkey Phishers Go Hunting for Office 365 Credentials

Security researchers are warning of a new phishing campaign that uses malicious emails from legitimate SurveyMonkey domains in a bid to bypass security filters.

The phishing emails in question are sent from a real SurveyMonkey domain but crucially have a different reply-to domain.

Within the body of the email is a hidden redirect link appearing as the text ‘Navigate to access statement’ with a brief message ‘Please do not forward this email as its survey link is unique to you’” it explained. Clicking on the link redirects to a site hosted on a Microsoft form submission page. This form asks the user to enter their Office 365 email and password. If the user is not vigilant and provides their credentials, the user account would be compromised.

The attack is effective for several reasons: its use of a legitimate SurveyMonkey email sender, the concealing of the phishing site URL and the description of the email as unique to every user.

Microsoft takes legal action against COVID-19-related cybercrime

This week a Court in the US unsealed documents detailing Microsoft’s work to disrupt cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world. The civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks.

Microsoft’s Digital Crimes Unit (DCU) first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise Microsoft customer accounts. The criminals attempted to gain access to customer email, contact lists, sensitive documents and other valuable information. Based on patterns discovered at that time, Microsoft utilized technical means to block the criminals’ activity and disable the malicious application used in the attack. Recently, Microsoft observed renewed attempts by the same criminals, this time using COVID-19-related lures in the phishing emails to target victims.

North Korea's Lazarus hackers are planting skimmers on US and European retail websites, researchers warn

Researchers claim to have found evidence to suggest that North Korean state-sponsored actors are planting skimmers on the web stores of many American and European retailers in efforts to steal payment card details of unsuspecting shoppers.

The activities have been ongoing since at least May 2019, the researchers say, and can be attributed to hackers linked with the North Korean-backed Lazarus group.

The new research shows that in the last year, Lazarus has been able to infiltrate web stores of many retailers, such as international fashion chain Claire's. The group has also developed a global exfiltration network that uses authentic websites to transfer stolen assets to attackers. These websites are first hijacked and then repurposed to mask the malicious activities of the hackers.

British Army ‘to be slashed by 20,000 troops to make way for cyber warfare’

In a clear indication of the expectations of how future conflicts will be fought the British Army could be cut by more than a quarter under spending review plans dawn up by UK defence chiefs.

Up to 20,000 troops could be let go, while airfields are closed and helicopters are taken out of service. The Royal Marines commando brigade may also be disbanded and Royal Navy minesweepers could also be axed.

Security sources have claimed Johnson’s top adviser Dominic Cummings has been pushing to divert a sizeable amount of money from the army to fund cyber warfare, space and artificial intelligence projects.

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Threat Intelligence Blog

Top Cyber Stories of the Last Week

91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations

Ransomware Attacks Increased Exponentially In 2021

Phishing Attacks: One In Three Suspect Emails Reported By Employees Really Are Malicious

Hackers Shift From Malware To Credential Hijacking

Attacker Breakout Time Now Less Than 30 Minutes

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

53% Find It Difficult To Prevent An Insider Attack During Data Aggregation

The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge

Hackers Exploit Camera Vulnerabilities To Spy On Parents

39% Of All Internet Traffic Is From Bad Bots

Threats

Ransomware

BEC

Phishing

Other Social Engineering

Malware

Mobile

IOT

Vulnerabilities

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptojacking

Insider Threats

DoS/DDoS

Nation State Actors

Cloud

Privacy

Other News

Top Cyber Stories of the Last Week

Ransomware Volumes Hit Record Highs As 2021 Wears On

Ransomware Gangs Recruiting Insiders To Breach Corporate Networks

More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021

New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies

Constant Review Of Third Party Security Critical As Ransomware Threat Climbs

Kaseya Ransomware Attack Sets Off Race To Hack Service Providers

‘It’s Quite Feasible To Start A War’: Just How Dangerous Are Ransomware Hackers?

Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects

Average Total Cost Of A Data Breach Increased By Nearly 10% Year Over Year

65% Of All DDoS Attacks Target US And UK

Threats

Ransomware

Phishing

Other Social Engineering

Malware

Mobile

Vulnerabilities

Data Breaches

OT, ICS, IIoT and SCADA

Organised Crime & Criminal Actors

Cryptocurrency/Cryptojacking

Supply Chain

Nation State Actors

Cloud

Reports Published in the Last Week

Other News

Top Cyber Stories of the Last Week

Hackers Demand $70 Million To End Biggest Ransomware Attack On Record

Zero Day Malware Reached An All-Time High Of 74% In Q1 2021

New Trojan Malware Steals Millions Of Login Credentials

Ransomware As A Service: Negotiators Are Now In High Demand

MacOS Targeted In WildPressure APT Malware Campaign

The Cost Of Cyber Insurance Increased 32% Last Year And Shows No Signs Of Easing

Critical Flaws In Windows Print Spooler Service Could Allow For Remote Attacks

End Users In The Dark About Latest Cyber Threats, Attacks

British Airways Settles Over Record Claim For Data Breach

Hackers On Loose As 9,000 Data Leaks A Year Recorded

Threats

Ransomware

Phishing

Malware

Vulnerabilities

Data Breaches

Organised Crime & Criminal Actors

Supply Chain

OT, ICS, IIoT and SCADA

Nation State Actors

Cloud

Privacy