Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Insight 06 July 2023 – NHS Trust Breached, Personal Information Leaked
Black Arrow Cyber Insight 06 July 2023 – NHS Trust Breached, Personal Information Leaked
Executive Summary
Last weekend, Barts Health NHS trust was breached in a cyber attack, with Russian-linked cyber crime gang ALPHV, also known as BlackCat. The attackers claimed to have acquired seven terabytes of internal documents from the trusts’ systems. A selection of files including copies of driving licenses, passports and correspondence have already been leaked. It is believed that more is to come. This comes after other recent cyber attacks, such as the MOVEit hack, which has impacted over 130 organisations and 15 million individuals.
What’s the risk to me or my business?
The availability of such detailed personal information poses an increased risk of threat actors exploiting it for phishing purposes, and also increases the likelihood that the information could be used for identity fraud. With access data such as previous email chains with an individual, phishing attacks can appear more authentic as responses to legitimate requests, making them more likely to succeed.
What can I do?
To help mitigate the risk, Black Arrow strongly recommend maintaining a high level of vigilance and awareness. It is crucial to understand that the presence of personal or confidential information alone does not guarantee authenticity. Take the time to double-check any suspicious communication or requests before sharing sensitive information. By remaining cautious and verifying the legitimacy of any unexpected or unusual messages, you can reduce the likelihood of falling victim to phishing attacks. It is also recommended that individuals monitor their own personal accounts for suspicious activity including the information stored with credit unions such as Equifax and Transunion to identify potential cases of identity theft.
More information on the NHS Breach can be found here: https://www.telegraph.co.uk/news/2023/06/30/russia-may-have-hacked-nhs-trust-with-two-million-patients/
More information on the MOVEit attack can be found here: https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 04 June 2021
Black Arrow Cyber Threat Briefing 04 June 2021: Cyber Insurers Recoil As Ransomware Attacks ‘Skyrocket’; US Puts Cyber Crime On Par With Terror After Ransomware Attacks; Cyber Attack Leaves 7,000 Out Of Work; Irish Health Service Patient Data Leaked Online; Enterprise Networks Vulnerable To 20-Year-Old Exploits; US Seize Domains Used By SolarWinds Intruders For Spear-Phishing; Hacker Group DarkSide Operates Like A Franchise; Interpol Intercepts $83M Fighting Financial Cyber Crime
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Insurers Recoil As Ransomware Attacks ‘Skyrocket’
The Great Fire of London helped forge the property insurance market, as residents feared a repeat of the savage destruction of 1666. In the absence of a state-backed fire service, some insurers even employed their own brigades, betting that limiting the damage to a property would be cheaper than rebuilding it. After a wave of high-profile cyber assaults, Graeme Newman, chief innovation officer at London-based insurance provider CFC, draws a parallel with today’s rapidly evolving market for cyber coverage. Insurance companies now provide emergency support services as well as financial compensation, so “the insurers own the digital fire trucks”, he said.
https://www.ft.com/content/4f91c4e7-973b-4c1a-91c2-7742c3aa9922
US Puts Cyber Crime On Par With Terror After Ransomware Attacks
The US government is raising the fight against cyber criminals to the same level as the battle against terrorists after a surge of ransomware attacks on large corporations. Internal guidance circulated by the Department of Justice instructs prosecutors to pool their information about hackers. The idea, said John Carlin, of the attorney-general’s office, is to “make the connections between actors and work your way up to disrupt the whole chain”.
https://www.thetimes.co.uk/article/us-cybercrime-terror-ransomware-attacks-joe-biden-pzrqbkfwt
Russia Under Fire As Cyber Attack Leaves 7,000 Out Of Work
An attack this week on JBS meatworks in North America and Australia brought the firm to a standstill, and now threatens to turn into a diplomatic row with Russia. JBS are reported to supply 20% of the world meat market and the ransomware attack has left 7,000 workers unable to do their jobs.
Irish Health Service Confirms Data Of Nearly 520 Patients Is Online After Cyber Attack
The Health Service Executive (HSE) has confirmed the data of nearly 520 patients is online after media reports of their publication. In a statement, the HSE said the data contains correspondence with patients, minutes of meetings and includes sensitive patient data. The HSE also confirmed corporate documents are among the HSE data illegally accessed. Confirmation of the authenticity of this data follows an analysis carried out by the agency and comments from the Minister for Communications, Eamon Ryan, that reports of patient data being shared online are "very credible".
https://www.irishexaminer.com/news/arid-40301054.html
Enterprise Networks Vulnerable To 20-Year-Old Exploits
While the industry focuses on exotic attacks – like the SolarWinds incident — the real risk to enterprises comes from older exploits, some as much as 20-years old. “While organisations always need to keep up with the latest security patches, it is also vital to ensure older system and well-known vulnerabilities from years past are monitored and patched as well,” says Etay Maor, senior director of security strategy at Cato Networks. “Threat actors are attempting to take advantage of overlooked, vulnerable systems.” Our research showed that attackers often scanned for end-of-life and unsupported systems. Common Vulnerability and Exposures (CVE) identified were exploits targeting software, namely vSphere, Oracle WebLogic, and Big-IP, as well as routers with remote administration vulnerabilities.
https://www.helpnetsecurity.com/2021/05/27/enterprise-networks-vulnerable/
US Authorities Seize Two Domains Used By SolarWinds Intruders For Malware Spear-Phishing Operation
Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development (USAID). The domain takeovers, which occurred on Friday, followed a court order issued in the wake of a Microsoft report warning about the spear-phishing campaign. The phishing effort relied on malware-laden messages sent via marketing service Constant Contact. "Cyber intrusions and spear-phishing email attacks can cause widespread damage throughout affected computer networks, and can result in significant harm to individual victims, government agencies, NGOs, and private businesses,” said Acting US Attorney Raj Parekh for the Eastern District of Virginia, in a statement. "As demonstrated by the court-authorized seizure of these malicious domains, we are committed to using all available tools to protect the public and our government from these worldwide hacking threats."
https://www.theregister.com/2021/06/02/feds_seize_nobelium/
Hacker Group DarkSide Operates In A Similar Way To A Franchise
DarkSide, the hacker group behind the recent Colonial Pipeline ransomware attack, has a business model that’s more familiar than people think, according to New York Times correspondent Andrew Kramer, “It operates something like a franchise, where individual hackers can come and receive the ransomware software and use it, as well as, use DarkSide’s reputation, as it were, to extract money from their targets, mostly in the United States,” Kramer said in an interview that aired Wednesday night.
Interpol Intercepts $83 Million Fighting Financial Cyber Crime
The Interpol (short for International Criminal Police Organisation) has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers. Over 40 law enforcement officers specialized in fighting cyber crime across the Asia Pacific region took part in the Interpol-coordinated Operation HAECHI-I spanning more than six months. Between September 2020 and March 2021, law enforcement focused on battling five types of online financial crimes: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.
Is It Really The Wild West In Cyber Crime? Why We Need To Re-Examine Our Approach To Ransomware
Once again, cyber security has become a headline topic within and well outside technology circles, along with the little-known operator of a significant fuel pipeline: Colonial Pipeline. A ransomware attack, and ensuing panic buying of gasoline, resulted in widespread fuel shortages on the east coast, thrusting the issue of cyber security into the lives of everyday Americans. Colonial Pipeline CEO Joseph Blount later acknowledged that his company ultimately paid the cybercriminals $4.4 million to unlock company systems, generating a great deal of controversy around the simple question (and associated complex potential answers), of whether companies should pay when their systems are held hostage by ransomware.
Threats
Ransomware
White House Contacts Russia After Hack Of World’s Largest Meatpacking Company
This New Ransomware Is Targeting Unpatched Microsoft Exchange Servers
Fujifilm Becomes Latest Ransomware Victim As White House Urges Business Leaders To Take Action
Cyber Crime Forum Advertises Alleged Database, Source Code From Russian Firm That Helped Parler
Phishing
Other Social Engineering
Malware
Mobile
IOT
Vulnerabilities
Huawei USB LTE Dongles Are Vulnerable To Privilege Escalation Attacks
Hackers Actively Exploiting 0-Day In WordPress Plugin Installed On Over 17,000 Sites
EPUB Vulnerabilities: Electronic Reading Systems Riddled With Browser-Like Flaws
SonicWall Urges Customers To 'Immediately' Patch NSM On-Prem Bug
Data Breaches
Supply Chain
Nation State Actors
Chinese Cyber Criminals Spent Three Years Creating A New Backdoor To Spy On Governments
Kimsuky APT Continues To Target South Korean Government Using Appleseed Backdoor
Russian Hacker Pavel Sitnikov Arrested For Sharing Malware Source Code
Privacy
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.