Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Second Only To Climate Change As Biggest Global Risk

Cyber security has been ranked as the second largest threat to our way of life in a major new survey of 23,000 people, comprised of both experts and members of the public. Cyber came second only to climate change on the world stage, but was ranked as the number one risk in the Americas and second in Asia, Africa, and Europe. https://www.infosecurity-magazine.com/news/cyber-second-biggest-global-risk/

Businesses Unsure Which Tech Is Essential Against Ransomware

As ransomware attacks grow in number, a new report finds that many organisations are under the impression they have things in hand but most are unsure what protections they should have in place. The report, based on a survey of 455 business leaders and cyber security professionals, claims businesses are on top of employee training, risk assessments and cyber insurance. Where firms fall flat however is their “clear gap” in thinking, in what many respondents see as “essential tech” in the fight against ransomware – nearly half of respondents (49%) thought paying up was their best option. https://www.techradar.com/news/businesses-unsure-which-tech-is-essential-against-ransomware

Cyber Crime Awareness Heightened, Yet People Still Engage In Risky Online Behaviours

A survey of over 2,000 adults suggests that 76% of respondents recognise the severity of data breaches. This heightened awareness may be driven by constant news of major consumer, enterprise and infrastructural breaches over the last year alone. https://www.helpnetsecurity.com/2021/10/01/risky-online-behaviors/

Attacks Against Remote Desktop Protocol Endpoints Have Exploded This Year

A recent report warns of a huge increase in attacks on the Remote Desktop Protocol (RDP), an almost universal protocol used by nearly every business in operation today. The figures show attacks on RDP have jumped 103.9% since its T1 report in June and represents around 55 billion devices. The RDP protocol is leveraged by threat actors to deploy ransomware and has become a popular target due to both heavy use by IT service providers and common misconfigurations.  https://www.theregister.com/2021/09/30/eset_threat_report/

Ransomware Attacks Up 1,070% Year Over Year

The prevalence of ransomware is growing rapidly, according to the 2021 Ransomware Survey Report. The report shockingly found many of the ransom demands are paid, and comes as a result in the rise of “ransomware as-a-service”. The report found 94% of businesses are concerned about ransomware, with 49% stating they would simply pay the ransom outright. Respondents in Europe were more concerned than those in North America, and around 67% felt they had already been the target of ransomware.  https://www.msspalert.com/cybersecurity-research/fortinet-report-ransomware-attacks-up-1070-year-over-year/

Baby’s Death Alleged To Be Linked To Ransomware

A US hospital paralyzed by ransomware in 2019 will be defending itself in court this November over the death of a newborn. The baby was born amid the hospital’s eighth day of fending off the attack. Court filings show the hospital – Springhill Medical Center in Alabama – believes wireless tracking systems and heartbeat monitoring equipment were compromised by the ransomware, leading to the death.

https://threatpost.com/babys-death-linked-ransomware/175232/

Ransomware Shame: More Than Half Of Business Owners Conceal Cyber-Breach

Around a third (32%) of enterprises experienced a six-figure breach last year, but well over half (61%) admitted to concealing it. The findings come as a global survey of 1,400 decision makers in cyber is released. https://www.foxbusiness.com/technology/ransomware-cyber-breach-concealed

More Than 90% Of Q2 Malware Was Hidden In Encrypted Traffic

Around 91.5% of malware detections in Q1 2021 were concealed in HTTPS-encrypted connections. A ubiquitous protocol – used to secure traffic any time you open a web page – only 20% of organisations have mechanisms in place to scan the arriving HTTPS traffic. The terrifying result found that most firms are missing over nine-tenths of malware hitting their networks every day. https://www.darkreading.com/perimeter/more-than-90-of-q2-malware-was-hidden-in-encrypted-traffic

Cyber Attack Floors British Payroll Firm

A "sophisticated" cyber attack has forced a British payroll company to shut down its entire network, leaving some contractors without pay.  Giant Group confirmed on September 24 that it had taken its network, fully integrated IT infrastructure, phone, and email systems offline last Wednesday after detecting suspicious activity. https://www.infosecurity-magazine.com/news/cyberattack-floors-british-payroll/#.YVQiuXlCjOA.twitter

GriftHorse Malware Infected More Than 10 Million Android Phones From 70 Countries

A malicious trojan has been making its way through the Google Play Store since at least November of 2020. The app, purportedly harmless on the surface, hijacks payments on the victim device, resulting in a series of hidden charges and a nasty surprise at the end of the month. Researchers who discovered the malware estimate its impact to be over 10 million victims in 70 countries, and several hundreds of millions of Euros in losses. https://securityaffairs.co/wordpress/122730/malware/grifthorse-malware-campaign.html

50% Of Servers Have Weak Security Long After Patches Are Released

Over 50% of servers scanned still have weak security, a new study suggests, even after patches have been issued. Researchers found that servers were still vulnerable weeks and even months after critical updates, leaving many businesses wide open to attack. https://www.darkreading.com/vulnerabilities-threats/50-of-servers-have-weak-security-long-after-patches-are-released

Threats

Ransomware

• United Health Centres Reportedly Compromised By Ransomware Attack

• JVCKenwood Hit By Conti Ransomware Claiming Theft Of 1.5TB Data

• Ransomware Gangs Are Complaining That Other Crooks Are Stealing Their Ransoms

• Ransomware Gangs Are Starting More Drama On Cyber Crime Forums, Upending 'Honor Among Thieves' Conventions

• Conti Ransomware Expands Ability To Blow Up Backups

• United Health Centers Reportedly Compromised By Ransomware Attack

• REvil Customers Complain Ransomware Gang Uses Backdoors To Filch Ransoms

• The Biggest Problem With Ransomware Is Not Encryption, But Credentials

Phishing

• 75K Email Inboxes Hit in New Credential Phishing Campaign

• Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

• LinkedIn URLs are being hijacked For phishing

Other Social Engineering

• Scammers Capitalize on Release of New Bond Movie

Malware

• FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

• Thousands Of Online Gaming Accounts Hit In Major Cyber Attack

• Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers

• New Malware Steals Steam, Epic Games Store, And EA Origin Accounts

Vulnerabilities

• Google Emergency Update Fixes Two Chrome Zero Days

• Threat Actors Use Recently Discovered CVE-2021-26084 Atlassian Confluence

• Apple AirTag Zero-Day Weaponizes Trackers

• New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

• Thousands of University Wi-Fi Networks Expose Log-In Credentials

• Exploit Released For VMware Vulnerability After CISA Warning

• Apple Pay Users ‘Vulnerable To Security Hack’

• Outsourced Software Poses Greater Risks to Enterprise Application Security

• Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

• Apple Responds To Security Researcher Who Found Multiple iOS 15 Zero-Day Flaws

• Windows 10 Emergency Update Resolves KB5005565 App Freezes, Crashes

• Cyber Security Vulnerability Could Affect Millions Of Hikvision Cameras

Data Breaches/Leaks

• Mental Healthcare Providers Report Data Breaches

• Anonymous: We've Leaked Disk Images Stolen From Far-Right-Friendly Web Host Epik

• 3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale

• Emails, Chat Logs, More Leaked Online From Far-Right Militia Linked To US Capitol Riot

Cryptocurrency/Cryptojacking

• Ethereum Dev Admits Helping North Korea Mine Crypto-Bucks, Faces 20 Years Jail

• China Says All Crypto Currency-Related Transactions Are Illegal And Must Be Banned

Insider Threats

• 10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage

Dark Web

• Computer Scientist Jailed Over Dark Web Conspiracy

DoS/DDoS

• Bandwidth.com Is Latest Victim Of DDoS Attacks Against VoIP Providers

Nation State Actors

• APT Focus: ‘Noisy’ Russian Hacking Crews Are Among The World’s Most Sophisticated

• APT29 Targets Active Directory Federation Services With Stealthy Backdoor

• GhostEmperor Hackers Use New Windows 10 Rootkit In Attacks

• Nation-State Attacks Fears Grow, Execs Don’t Trust Governments To Protect Them From Cyber Threats

• APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated

Cloud

• Huawei Cloud Services: U.S. Lawmakers Express Security Concerns

• Cloud Security is the Weak Link

• Why CEOs Should Absolutely Concern Themselves With Cloud Security

• Cloud Security: Report Finds 68% of Malware Delivered From Cloud Apps

Privacy

• Which? Survey Finds People Would Actually Pay The Online Giants Not To Take Their Data

Reports Published in the Last Week

ESET Threat Report T2 2021

Other News

• Revealed: How To Steal Money From Victims' Contactless Apple Pay Wallets

• Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts

• Cyber Security Experts Have Discovered A New Hacker Group

• The Return Of The Hacktivists

• Report Highlights Cyber Security Dangers Of Elastic Stack Implementation Mistakes

• Russian Authorities Arrest Cyber Security Giant Group-IB’s CEO On Treason Charges

• US Deports Convicted Cyber Criminal to Russia

• OWASP Toasts 20th Anniversary With Revised Top 10 For 2021

• New Emergency Fraud Hotline Launched in UK

• Corporate Attack Surface Exploding As A Result Of Remote Work 

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Volumes Hit Record Highs As 2021 Wears On

Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020.

https://threatpost.com/ransomware-volumes-record-highs-2021/168327/

Ransomware Gangs Recruiting Insiders To Breach Corporate Networks

The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims' networks and encrypt devices. Any ransom payments that victims make are then split between the core group and the affiliate, with the affiliate usually receiving 70-80% of the total amount. However, in many cases, the affiliates purchase access to networks from other third-party pentesters rather than breaching the company themselves. With LockBit 2.0, the ransomware gang is trying to remove the middleman and instead recruit insiders to provide them access to a corporate network.

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/

More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021

Two new reports were released, covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the number of vulnerabilities disclosed.  The company's data breach report found that there were 1,767 publicly reported breaches in the first six months of 2021, a 24% decline compared to the same period last year. The number of reported breaches grew in the US by 1.5% while 18.8 billion records were exposed year to date, a 32% decline compared to the 27.8 billion records leaked in the first half of 2020.

https://www.zdnet.com/article/more-than-12500-vulnerabilities-disclosed-in-first-half-of-2021-risk-based-security/

New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies

Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.

DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organisations that do not want to manage and secure yet another network asset on their own.

These DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration.

https://www.bleepingcomputer.com/news/security/new-dns-vulnerability-allows-nation-state-level-spying-on-companies/

Constant Review Of Third Party Security Critical As Ransomware Threat Climbs

Enterprises typically would give their third-party suppliers "the keys to their castle" after carrying out the usual checks on the vendor's track history and systems, according to a New York-based Forrester analyst who focuses on security and risk. They believed they had done their due diligence before establishing a relationship with the supplier, but they failed to understand that they should be conducting reviews on a regular basis, especially with their critical systems suppliers. Third-party suppliers should have the ability to deal with irregular activities in their systems and the appropriate security architecture in place to prevent any downstream effects, he added.

https://www.zdnet.com/article/constant-review-of-third-party-security-critical-as-ransomware-threat-climbs/

Kaseya Ransomware Attack Sets Off Race To Hack Service Providers

A ransomware attack in July that paralyzed as many as 1,500 organisations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said. An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said. Now that criminals see how powerful MSP attacks can be, "they are already busy, they have already moved on and we don’t know where," said head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.

https://www.reuters.com/technology/kaseya-ransomware-attack-sets-off-race-hack-service-providers-researchers-2021-08-03/

‘It’s Quite Feasible To Start A War’: Just How Dangerous Are Ransomware Hackers?

Secretive gangs are hacking the computers of governments, firms, even hospitals, and demanding huge sums. But if we pay these ransoms, are we creating a ticking time bomb? They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.

https://www.theguardian.com/technology/2021/aug/01/crypto-criminals-hack-the-computer-systems-of-governments-firms-even-hospitals

Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects

A joint advisory from law enforcement agencies in the US, UK, and Australia this week tallied the 30 most-frequently exploited vulnerabilities. Perhaps not surprisingly, the list includes a preponderance of flaws that were disclosed years ago; everything on the list has a patch available for whoever wants to install it. But as we've written about time and again, many companies are slow to push updates through for all kinds of reasons, whether it's a matter of resources, know-how, or an unwillingness to accommodate the downtime often necessary for a software refresh. Given how many of these vulnerabilities can cause remote code execution—you don't want this—hopefully they'll start to make patching more of a priority.

https://www.wired.com/story/top-vulnerabilities-russia-nso-group-iran-security-news/

Average Total Cost Of A Data Breach Increased By Nearly 10% Year Over Year

Based on in-depth analysis of real-world data breaches experienced by over 500 organisations, the global study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year. Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic. The new findings suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.

https://www.helpnetsecurity.com/2021/07/29/total-cost-data-breach/

65% Of All DDoS Attacks Target US And UK

Distributed denial of service (DDoS) attacks are common for cyber criminals who want to disrupt online-dependent businesses. According to the data analysed by a VPN team, 65% of all distributed denial of service (DDoS) attacks are directed at the US or UK. Computers and the internet industry are the favourite among cyber criminals. The United States was a target for 35% of all DDoS attacks in June 2021. Cyber criminals launched DDoS attacks against Amazon Web Services, Google, and other prominent US-based companies in the past. The United Kingdom comes second as it fell victim to 29% of all DDoS attacks. As the UK has many huge businesses, they often are targeted by hackers for valuable data or even a ransom. China was threatened by 18% of all DDoS attacks in June 2021. Assaults from and to China happen primarily due to political reasons, to interrupt some government agency.

https://www.pcr-online.biz/2021/08/05/65-of-all-ddos-attacks-target-us-and-uk/

Threats

Ransomware

• Ransomware Attempt Volume Sets Record, Reaches More Than 300 Million For First Half Of 2021: SonicWall

• Ransomware Attacks Rise Despite US Call For Clampdown On Cyber Criminals

• Isle Of Wight Schools Hit By Ransomware Attack

• BlackMatter Ransomware Gang Rises From The Ashes Of DarkSide, Revil

• Criminals Are Using Call Centres To Spread Ransomware In A Crafty Scheme

Phishing

• Phishing Campaign Dangles SharePoint File-Shares

• Microsoft Warns Office 365 Users Over This Sneaky Phishing Campaign

• Spear Phishing Now Targets Employees Outside The Finance And Executive Teams, Report Says

Other Social Engineering

• Bazarcaller – The Malware Gang That Talks You Into Infecting Yourself

Malware

• A Wide Range Of Cyber Attacks Leveraging Prometheus TDS Malware Service

• Several Malware Families Targeting IIS Web Servers With Malicious Modules

• Cyber Criminals Spoof Brave Browser Website To Push Malware

• Microsoft: This Windows And Linux Malware Does Everything It Can To Stay On Your Network

• Discord Once Again Found To Be Hosting Malware Payloads

Mobile

• An Explosive Spyware Report Shows Limits Of IOS, Android Security

• This Android Malware Steals Your Data In The Most Devious Way

• The Latest Android Bank-Fraud Malware Uses A Clever Tactic To Steal Credentials

Vulnerabilities

• Code Execution Flaw Found In Cisco Firepower Device Manager On-Box Software

• Cisco Issues Critical Security Patches To Fix Small Business VPN Router Bugs

• Decade-Long Vulnerability In Multiple Routers Could Allow Network Compromise

• Security Researchers Warn Of TCP/IP Stack Flaws In Operational Technology Devices

• PwnedPiper PTS Security Flaws Threaten 80% of Hospitals In The U.S.

• Researchers Highlight Windows Laptop TPM Vulnerabilities

Data Breaches

• Threat Actors Leaked Data Stolen From EA, Including FIFA Code

• Hackers Breach San Diego Hospital, Gaining Access To Patients'... Well, Uh, Everything

• Amazon Fined $886M For Alleged Data Breach

OT, ICS, IIoT and SCADA

• Novel Meteor Wiper Used In Attack That Crippled Iranian Train System

Organised Crime & Criminal Actors

• Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown

Cryptocurrency/Cryptojacking

• Raccoon Stealer-As-A-Service Will Now Try To Grab Your Crypto Currency

Supply Chain

• Supply Chain Attacks Are Getting Worse, And You Are Not Ready For Them

Nation State Actors

• Here's 30 Servers Russian Intelligence Uses To Fling Malware At The West, Beams RiskIQ

• Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus

• New Chinese Spyware Being Used In Widespread Cyber Espionage Attacks

• Suspected Chinese Hackers Took Advantage Of Microsoft Exchange Vulnerability To Steal Call Records

• Iranian APT Lures Defense Contractor In Catfishing-Malware Scam

• Chinese Hackers Target Major Southeast Asian Telecom Companies

Cloud

• The Rise Of Cloud Is Creating Security Blind Spots

Reports Published in the Last Week

• APT Trends Report Q2 2021

• Spam and Phishing in Q2 2021

Other News

• It's Time To Improve Linux's Security

• Leaked Document Says Google Fired Dozens Of Employees For Data Misuse

• Hybrid Work Is Here To Stay – But What Does That Mean For Cyber Security?

• Huawei To America: You're Not Taking Cyber Security Seriously Until You Let China Vouch For Us

• Windows 11's Strict Hardware Requirements Cannot Be Bypassed, Microsoft Admits, "We Know It Sucks... We Will Still Block You"

• Trusted Platform Module Security Defeated In 30 Minutes, No Soldering Required

• NSA Warns Public Networks Are Hacker Hotbeds

• Credit-Card-Stealing, Backdoored Packages Found In Python's PyPi Library Hub

• Apple Plans To Scan US IPhones For Child Abuse Imagery

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit

Hackers began a ransomware attack on Friday, hitting at least 200 companies, according to cyber security researchers. 

In what appears to be one of the largest supply chain attacks to date, hackers compromised Kaseya, an IT management software supplier, in order to spread ransomware to the managed service providers that use its technology, as well as to their clients in turn. 

The attacks have been attributed t=to REvil, the notorious Russia-linked ransomware cartel that the FBI claimed was behind recent crippling attack on beef supplier JBS. 

The attack is the latest example of hackers weaponising the IT supply chain in order to attack victims at scale, by breaching just one provider. Last year, it emerged that Russian state-backed hackers had hijacked the SolarWinds IT software group in order to penetrate the email networks of US federal agencies and corporations, for example. 

Late on Friday, Kaseya urged those using the compromised “VSA server” tool, which provides remote monitoring and patching capabilities, to shut it down immediately. 

https://www.ft.com/content/a8e7c9a2-5819-424f-b087-c6f2e8f0c7a1

71% Of Organisations Experienced BEC Attacks Over The Past Year

Business email compromise (BEC) attacks are one of the most financially damaging cyber crimes and have been on the rise over the past year. This is according to a new report which revealed that spoofed email accounts or websites accounted for the highest number of BEC attack as 71% of organisations acknowledged they had seen one over the past year. This is followed by spear phishing (69%) and malware (24%). Data from 270 IT and cyber security professionals were collected to identify the latest enterprise adoption trends, gaps and solution preferences related to phishing attacks.

https://www.helpnetsecurity.com/2021/06/25/bec-attacks-past-year/

Cyber Insurance Isn't Helping With Cyber Security, And It Might Be Making The Ransomware Crisis Worse, Say Researchers

Cyber insurance is designed to protect organisations against the fallout of cyber attacks, including covering the financial costs of dealing with incidents. However, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it's the customer that makes any decision to pay the ransom, not the insurer.

https://www.zdnet.com/article/ransomware-has-become-anc`-existential-threat-that-means-cyber-insurance-is-about-to-change/

LinkedIn Breach Reportedly Exposes Data Of 92% Of Users, Including Inferred Salaries

A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up to date. No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. https://9to5mac.com/2021/06/29/linkedin-breach/

Users Clueless About Cyber Security Risks

Organisations are facing yet another unprecedented threat to their cyber security now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new survey shows the mountains of work ahead for security teams in not just locking down their organisations’ systems but also in keeping users from getting duped into handing over the keys to the kingdom. 2,000 end users were surveyed in the U.S. and found the dangers to critical infrastructure, utilities and food supplies are not sinking in with the public, despite the deluge of headlines.

https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/

Ransomware: Paying Up Won't Stop You From Getting Hit Again, Says Cyber Security Chief

Ireland's Health Service Executive (HSE) has been praised for its response after falling victim to a major ransomware attack and for not giving into cyber criminals and paying a ransom. HSE was hit with Conti ransomware in May, significantly impacting frontline health services. The attackers initially demanded a ransom of $20 million in bitcoin for the decryption key to restore the network. While the gang eventually handed over a decryption key without receiving a ransom, they still published stolen patient data – a common technique by ransomware attackers, designed to pressure victims into paying.

https://www.zdnet.com/article/ransomware-paying-up-wont-stop-you-from-getting-hit-again-says-cybersecurity-chief/

Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk

Phishing attacks, insider threats, denial of service disruptions, malware and ransomware — cyber security incidents like these happen on a daily basis. For most of these incidents, the onsite IT team will remediate based on a pre-developed plan and process. And for many of these incidents, that’s a solid approach. But those incident response plans and strategies are IT oriented and geared toward short-term fixes and single incident responses. Meaning, if an incident accelerates beyond a handful of infected laptops or a compromised server and begins to affect operations of all or even part of the organisation, business itself can be disrupted — or even shut down entirely.

https://securityintelligence.com/posts/incident-response-vs-cyber-crisis-management-plan/

Cyber Crime Never Sleeps

When the Colonial Pipeline fell victim to a ransomware attack, people across the United States were shocked to find that a single episode of cyber crime could lead to widespread delays, gas shortages and soaring prices at the pump. But disruptive ransomware attacks like these are far from rare; in fact, they are becoming more and more frequent. Cyber crime is on the rise, and our cyber security infrastructure desperately needs to keep up. A quick look at the data from the last year confirms that cyber crime is a growing threat. Identity theft doubled in 2020 over 2019.

https://www.newsweek.com/cybercrime-never-sleeps-opinion-1603901

IT, Healthcare And Manufacturing Facing Most Phishing Attacks

Researchers examined more than 905 million emails for the H1 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. Researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked.

https://www.zdnet.com/article/it-healthcare-and-manufacturing-facing-most-phishing-attacks-report/

Classified Ministry Of Defence Documents Found At Bus Stop

Classified Ministry of Defence documents containing details about HMS Defender and the British military have been found at a bus stop in Kent. One set of documents discusses the likely Russian reaction to the ship's passage through Ukrainian waters off the Crimea coast on Wednesday. Another details plans for a possible UK military presence in Afghanistan after the US-led NATO operation there ends. The government said an investigation had been launched.

https://www.bbc.co.uk/news/uk-57624942

Cabinet Office Increases Cyber Security Training Budget By Almost 500%

The UK’s Cabinet Office increased its cyber security training budget to £274,142.85 in the fiscal year 2021 – a 483% increase from the £47,018 spent in the previous year. In its FOI response, the Cabinet Office detailed the cyber security courses attended by its staff, revealing that the number of booked courses grew from 35 in 2019-20 to 428 in the current fiscal year.

https://www.itpro.co.uk/security/cyber-security/360039/cabinet-office-increases-cyber-spending-by-almost-500-amid-cctv

Threats

Ransomware

• Ransomware Funds More Ransomware, So How Do We Stop It?

• Cyber Security Chief Warns ‘Ransomware As A Service’ Scam

• New Ransomware Group Hive Leaks Altus Group Sample Files

• Increase In Ransomware Attacks ‘Absolutely Aligns’ With Rise Of Crypto, FireEye CEO Says

• Ransomware Gangs Now Creating Websites To Recruit Affiliates

• New Ransomware Highlights Widespread Adoption Of Golang Language By Cyber Attackers

• $12 Billion Government Contractor Booz Allen Facilitates Ransomware Payments—Even Though The FBI Says Never Pay

• Ransomware: A Thriving Business

• This Major Ransomware Attack Was Foiled At The Last Minute. Here's How They Spotted It

• Babuk Ransomware Builder Mysteriously Appears In VirusTotal

• Using VMs To Hide Ransomware Attacks Is Becoming More Popular

Phishing

• Phishing Most Common Cyber Incident Faced By SMEs

• HMRC-Branded Phishing Scams Up 87% In A Year

Malware

• Microsoft Admits To Signing Rootkit Malware In Supply-Chain Fiasco

• The 'ChaChi' Trojan Is Helping A Ransomware Gang Target Schools

• Indexsinas SMB Worm Campaign Infests Whole Enterprises

Mobile

• Carrier Suspected Of Injecting Ads Into Two-Factor SMS Messages

IoT

• Homes Filled With Smart Devices Could Be Exposed To Thousands Of Hacking Attacks In A Week

Data Breaches

• Tulsa Police Say 18,000 Files Are Leaked After Conti Ransomware Hack

Organised Crime & Criminal Actors

• Cobalt Strike Usage Explodes Among Cybercrooks

• FIN7 ‘Pen Tester’ Headed To Jail Amid $1B In Payment-Card Losses

 Cryptocurrency/Cryptojacking

• Hackers Crack Pirated Games With Crypto Jacking Malware

• Crackonosh Malware Abuses Windows Safe Mode To Quietly Mine For Crypto Currency

OT, ICS, IIoT and SCADA

• USB Threats Could Critically Impact Business Operations

Nation State Actors

• Russian Hackers Had Months-Long Access To Denmark's Central Bank

• Russian Hackers Are Trying To Brute-Force Hundreds Of Networks

• US And UK Agencies Accuse Russia Of Political Cyber Campaign

Cloud

• Cloud Security Is Still A Work In Progress

• 50% Of CISOs Say The Push For Rapid Growth And Digital Transformation Stalls Cloud Security

Privacy

• Data Collected To Promote Public Health Must Never Be Surrendered To Police

Vulnerabilities

• Microsoft Finds Netgear Router Bugs Enabling Corporate Breaches

• Cisco ASA Bug Now Actively Exploited As PoC Drops

• June 2021 Quarterly Exchange Updates

• Exploitable Critical RCE Vulnerability Allows Regular Users To Fully Compromise Active Directory

• Critical VMware Carbon Black Bug Allows Authentication Bypass

• My Book Live Users Wake Up To Wiped Devices, Active RCE Attacks

• Flaws In FortiWeb WAF Expose Fortinet Devices To Remote Hack

• NFC Flaws Let Researchers Hack ATMs By Waving A Phone

• 5G Security Vulnerabilities Fluster Mobile Operators

• Hackers Exploited 0-Day, Not 2018 Bug, To Mass-Wipe My Book Live Devices

• A Second Exploit Has Emerged In The Sad WD My Book Live Data Deletion Saga

• Microsoft Adds Second CVE For PrintNightmare Remote Code Execution

• Zyxel Says A Threat Actor Is Targeting Its Enterprise Firewall And VPN Devices

Other News

• Microsoft Says SolarWinds Hacking Group Has Breached Three New Victims

• Cyber Security Study: SolarWinds Attack Cost Affected Companies An Average Of $12 Million

• EA Ignored Domain Vulnerabilities For Months Despite Warnings And Breaches

• Hackney Blames A Cyber Attack For Not Issuing Council Tax Refund

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Now Ranks As UK’s Top Cyber Security Danger

Ransomware hackers are now the biggest cyber security threat in the UK for the majority of individuals and businesses in the region, Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC), said in a speech. “For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,” Cameron said in the speech at the second annual cyber security meeting at the Royal United Services Institute (RUSI), the oldest independent defense and security think tank worldwide.

https://www.pymnts.com/news/security-and-risk/2021/ransomware-now-ranks-as-uks-top-cybersecurity-danger/

54% of all employees reuse passwords across multiple work accounts

Results of a study into current attitudes and adaptability to at-home corporate cyber security, employee training, and support in the current global hybrid working era revealed some interesting results. The report surveyed 3,006 employees, business owners, and C-suite executives at large organisations (250+ employees), who have worked from home and use work issued devices in the UK, France and Germany.

According to the findings 54% of all employees use the same passwords across multiple work accounts. 22% of respondents still keep track of passwords by writing them down, including 41% of business owners and 32% of C-level executives.

42% of respondents admit to using work-issued devices for personal reasons daily while working from home. Of these, 29% are using work devices for banking and shopping, and 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with 23% of business owners and 15% of C-level respondents using them for illegal streaming/watching TV.

A year after the pandemic began and work-from-home policies were implemented, 37% of all employees across all sectors are yet to receive cyber security training to work from home, leaving businesses largely exposed to evolving risks. 43% of all employees suggest that cyber security isn’t the responsibility of the workforce, with 60% believing this should be handled by IT teams.

https://www.helpnetsecurity.com/2021/06/10/employees-reuse-passwords-across-multiple-work-accounts/

VPN Attacks Up Nearly 2000% As Companies Embrace A Hybrid Workplace

In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware. “2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organisations, which is what we started to see in Q1 and are continuing to see today.”

https://www.helpnetsecurity.com/2021/06/15/vpn-attacks-up/

Most Firms Face Second Ransomware Attack After Paying Off First

Most businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack. And almost half of those that pay up say some or all their data retrieved were corrupted. Some 80% of organisations that paid ransom demands experienced a second attack, of which 46% believed the subsequent ransomware to be caused by the same hackers. Amongst those that paid to regain access to their systems, 46% said at least some of their data was corrupted, according to a survey released Wednesday. The study polled 1,263 security professionals in seven markets worldwide, including 100 in Singapore, as well as respondents in Germany, France, the US, and UK.

https://www.zdnet.com/article/most-firms-face-second-ransomware-attack-after-paying-off-first/

Over 65,000 Ransomware Attacks Expected In 2021: Former Cisco CEO

U.S. companies are expected to endure over 65,000 ransomware attacks this year — and that's “a conservative number,” according to John Chambers, former CEO of Cisco Systems. With McDonald’s, JBS, and Colonial Pipeline Co. all recently coming under cyber attacks, Chambers does not foresee an end to the onslaught of cyber security threats anytime soon. He estimated that the number of ransomware attacks in 2021 could end up being as high as 100,000, with each one costing companies an average of $170,000. In the case of Colonial, just one password was needed for hackers to compromise the entire company’s IT infrastructure. This led to Colonial and JBS paying a combined $15 million in ransom against FBI advice.

https://finance.yahoo.com/news/over-65000-ransomware-attacks-expected-in-2021-former-cisco-ceo-125100793.html

Business Leaders Now Feel More Vulnerable To Cyber Attacks

Geographically speaking, 55% of US and 49% of UK respondents have experienced the most severe impact to their network security due to these attacks (suggesting that their businesses are more of a target than those in continental Europe) which, in turn, has resulted in a clear majority of respondents (60%) increasing their investment in this area. A sizeable 68% of leaders said their company has experienced a DDoS attack in the last 12 months with the UK (76%) and the US (73%) experiencing a significantly higher proportion compared to 59% of their German and 56% French counterparts. Additionally, over half of the leaders who participated in the survey confirmed that they specifically experienced a DDoS ransom or extortion attack in that time, with a large number of them (65%) targeted at UK companies, compared with the relatively low number in France (38%).

https://www.helpnetsecurity.com/2021/06/14/business-leaders-feel-vulnerable-cyber-attacks/

Ransomware Gang Turns To Revenge Porn

At least one ransomware gang has taken a rare and highly invasive step in order to convince its victims to pay: leaking nude images allegedly uncovered as part of their hack of a target company. The news presents an escalation in the world of ransomware and digital extortion, and comes as the U.S. government and other countries discuss new measures to curb the spike in ransomware incidents. Ransomware groups have recently targeted, and in some cases extracted payment from, the Colonial Pipeline Company, meat producer JBS, and the Irish healthcare system. Locking down computers with ransomware can already have a substantial impact on business operations; leaking information on top of that can present victims with another risk. But posting nude images publicly on the internet threatens to make extortion of organisations a much more personal matter.

https://www.vice.com/en/article/z3xzby/ransomware-gang-revenge-porn-leaks-nude-images

Bank Of America Spends Over $1 Billion Per Year On Cyber Security

Bank of America CEO Brian Moynihan said Monday that the company has ramped its cyber security spending to over $1 billion a year. “I became CEO 11 and a half years ago, and we probably spent three to $400 million [per year] and we’re up over a billion now,” Moynihan said on CNBC’s “Squawk Box.” “The institutions around us, other institutions and my peers, spend like amounts, and our contracting parties spend like amounts,” he added. “In other words, we cause spending in third parties that provide services to us to protect us in the same way. So there’s a lot of money being spend on this, and I think one of the things our industry has done a great job of is work together.”

https://www.cnbc.com/2021/06/14/bank-of-america-spends-over-1-billion-per-year-on-cybersecurity.html

Bad Cyber Security Behaviours Plaguing The Remote Workforce

According to the report, younger employees are most likely to admit they cut cyber security corners, with 51% of 16-24 year olds and 46% of 25-34 year olds reporting they’ve used security workarounds. In addition, 39% say the cyber security behaviours they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.

https://www.helpnetsecurity.com/2021/06/16/cybersecurity-behaviors/

Threats

Ransomware

• Why Backups Are Not The Panacea For Recovery From A Ransomware Attack

• Microsoft Systems Targeted By 'Black Kingdom' Ransomware

• Takeaways From The Colonial Pipeline Ransomware Attack

• Police Bust Major Ransomware Gang Cl0p

• Ryuk Ransomware Recovery Cost Us $8.1m And Counting, Says Baltimore School Authority

• Paradise Ransomware Source Code Released On A Hacking Forum

• Experts Shed Light On Distinctive Tactics Used By Hades Ransomware

• How Remote Work Opened The Floodgates To Ransomware

• The latest Revil Ransomware Victim? Sol Oriens. Oh, A US Nuclear Weapons Contractor

• Ransomware Attackers Are Leveraging Old SonicWall SRA Flaw

BEC

• Microsoft Takes Down Large‑Scale BEC Operation

• Behind The Scenes Of Business Email Compromise: Using Cross-Domain Threat Data To Disrupt A Large BEC Campaign

• Microsoft: Scammers Bypass Office 365 MFA In BEC Attacks

Phishing

• Threat Actors Use Google Docs To Host Phishing Attacks

Malware

• Malicious PDFs Flood the Web, Lead To Password-Snarfing

• Alarming Malware Discovery Reveals 1.2 TB Data Theft From Millions Of Windows PCs

Vulnerabilities

• Update Your Chrome Browser To Patch Yet Another 0-Day Exploited In-The-Wild

• Vulnerability In Microsoft Teams Granted Attackers Access To Emails, Messages, And Personal Files

• McAfee Finds Security Vulnerability In Peloton Products

• Critical Remote Code Execution Flaw In Thousands Of VMWare vCenter Servers Remains Unpatched

Data Breaches

• UK Listed Law Firm Gateley Admits Client Data Lost Through Cyber Attack

• Alibaba Suffers Billion-Item Data Leak Of Usernames And Mobile Numbers

• Maritime Firm HMM Suffers Security Breach And Cyber Attack On Its Email Systems

• Mensa Data Spillage Was Due to 'Unauthorised Internal Download'

• Volkswagen, Audi Disclose Data Breach Impacting Over 3.3 Million Customers, Interested Buyers

Organised Crime & Criminal Actors

• Police Grab Slilpp, Biggest Stolen-Logins Market

Cryptocurrency

• Criminals Are Mailing Altered Ledger Devices To Steal Crypto Currency

Supply Chain

• NoxPlayer Supply-Chain Attack Is Likely The Work Of Gelsemium Hackers

OT, ICS, IIoT and SCADA

• Utilities ‘Concerningly’ At Risk from Active Exploits

Nation State Actors

• Biden Says He Told Putin U.S. Will Hack Back Against Future Russian Cyber Attacks

• Little-Noticed Cyber Spying Campaign Blamed On China Was Much Wider Than Thought

Denial of Service

• 100% Increase In Daily DDoS Traffic In 2020 As Potential Grows For 10 TBPS Attack

Cloud

• Unsecured Servers And Cloud Services: How Remote Work Has Increased The Attack Surface That Hackers Can Target

• Complexity Is The Biggest Threat To Cloud Success And Security

Privacy

• Amazon To Let Customers Sue After Thousands Of Alexa Complaints

Other News

• Airline And Bank Websites Go Down In Another Major Internet Failure

• Corporate Attack Surfaces Growing Concurrently With A Dispersed Workforce

• This Secretive Firm Has Powerful New Hacking Tools

• Vigilante Malware Rats Out Software Pirates While Blocking The Pirate Bay

• Fallout Of EA Source Code Breach Could Be Severe, Cyber Security Experts Say

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.