Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 01 October 2021
Black Arrow Cyber Threat Briefing 01 October 2021:
-Cyber Second Only To Climate Change As Biggest Global Risk
-Businesses Unsure Which Tech Is Essential Against Ransomware
-Cyber Crime Awareness Heightened, Yet People Still Engage In Risky Online Behaviours
-Attacks Against Remote Desktop Protocol Endpoints Have Exploded This Year
-Ransomware Attacks Up 1,070% Year Over Year
-Baby’s Death Alleged To Be Linked To Ransomware
-Ransomware Shame: More Than Half Of Business Owners Conceal Cyber-Breach
-More Than 90% Of Q2 Malware Was Hidden In Encrypted Traffic
-Cyber Attack Floors British Payroll Firm
-GriftHorse Malware Infected More Than 10 Million Android Phones From 70 Countries
-50% Of Servers Have Weak Security Long After Patches Are Released
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Second Only To Climate Change As Biggest Global Risk
Cyber security has been ranked as the second largest threat to our way of life in a major new survey of 23,000 people, comprised of both experts and members of the public. Cyber came second only to climate change on the world stage, but was ranked as the number one risk in the Americas and second in Asia, Africa, and Europe. https://www.infosecurity-magazine.com/news/cyber-second-biggest-global-risk/
Businesses Unsure Which Tech Is Essential Against Ransomware
As ransomware attacks grow in number, a new report finds that many organisations are under the impression they have things in hand but most are unsure what protections they should have in place. The report, based on a survey of 455 business leaders and cyber security professionals, claims businesses are on top of employee training, risk assessments and cyber insurance. Where firms fall flat however is their “clear gap” in thinking, in what many respondents see as “essential tech” in the fight against ransomware – nearly half of respondents (49%) thought paying up was their best option. https://www.techradar.com/news/businesses-unsure-which-tech-is-essential-against-ransomware
Cyber Crime Awareness Heightened, Yet People Still Engage In Risky Online Behaviours
A survey of over 2,000 adults suggests that 76% of respondents recognise the severity of data breaches. This heightened awareness may be driven by constant news of major consumer, enterprise and infrastructural breaches over the last year alone. https://www.helpnetsecurity.com/2021/10/01/risky-online-behaviors/
Attacks Against Remote Desktop Protocol Endpoints Have Exploded This Year
A recent report warns of a huge increase in attacks on the Remote Desktop Protocol (RDP), an almost universal protocol used by nearly every business in operation today. The figures show attacks on RDP have jumped 103.9% since its T1 report in June and represents around 55 billion devices. The RDP protocol is leveraged by threat actors to deploy ransomware and has become a popular target due to both heavy use by IT service providers and common misconfigurations. https://www.theregister.com/2021/09/30/eset_threat_report/
Ransomware Attacks Up 1,070% Year Over Year
The prevalence of ransomware is growing rapidly, according to the 2021 Ransomware Survey Report. The report shockingly found many of the ransom demands are paid, and comes as a result in the rise of “ransomware as-a-service”. The report found 94% of businesses are concerned about ransomware, with 49% stating they would simply pay the ransom outright. Respondents in Europe were more concerned than those in North America, and around 67% felt they had already been the target of ransomware. https://www.msspalert.com/cybersecurity-research/fortinet-report-ransomware-attacks-up-1070-year-over-year/
Baby’s Death Alleged To Be Linked To Ransomware
A US hospital paralyzed by ransomware in 2019 will be defending itself in court this November over the death of a newborn. The baby was born amid the hospital’s eighth day of fending off the attack. Court filings show the hospital – Springhill Medical Center in Alabama – believes wireless tracking systems and heartbeat monitoring equipment were compromised by the ransomware, leading to the death.
https://threatpost.com/babys-death-linked-ransomware/175232/
Ransomware Shame: More Than Half Of Business Owners Conceal Cyber-Breach
Around a third (32%) of enterprises experienced a six-figure breach last year, but well over half (61%) admitted to concealing it. The findings come as a global survey of 1,400 decision makers in cyber is released. https://www.foxbusiness.com/technology/ransomware-cyber-breach-concealed
More Than 90% Of Q2 Malware Was Hidden In Encrypted Traffic
Around 91.5% of malware detections in Q1 2021 were concealed in HTTPS-encrypted connections. A ubiquitous protocol – used to secure traffic any time you open a web page – only 20% of organisations have mechanisms in place to scan the arriving HTTPS traffic. The terrifying result found that most firms are missing over nine-tenths of malware hitting their networks every day. https://www.darkreading.com/perimeter/more-than-90-of-q2-malware-was-hidden-in-encrypted-traffic
Cyber Attack Floors British Payroll Firm
A "sophisticated" cyber attack has forced a British payroll company to shut down its entire network, leaving some contractors without pay. Giant Group confirmed on September 24 that it had taken its network, fully integrated IT infrastructure, phone, and email systems offline last Wednesday after detecting suspicious activity. https://www.infosecurity-magazine.com/news/cyberattack-floors-british-payroll/#.YVQiuXlCjOA.twitter
GriftHorse Malware Infected More Than 10 Million Android Phones From 70 Countries
A malicious trojan has been making its way through the Google Play Store since at least November of 2020. The app, purportedly harmless on the surface, hijacks payments on the victim device, resulting in a series of hidden charges and a nasty surprise at the end of the month. Researchers who discovered the malware estimate its impact to be over 10 million victims in 70 countries, and several hundreds of millions of Euros in losses. https://securityaffairs.co/wordpress/122730/malware/grifthorse-malware-campaign.html
50% Of Servers Have Weak Security Long After Patches Are Released
Over 50% of servers scanned still have weak security, a new study suggests, even after patches have been issued. Researchers found that servers were still vulnerable weeks and even months after critical updates, leaving many businesses wide open to attack. https://www.darkreading.com/vulnerabilities-threats/50-of-servers-have-weak-security-long-after-patches-are-released
Threats
Ransomware
United Health Centres Reportedly Compromised By Ransomware Attack
JVCKenwood Hit By Conti Ransomware Claiming Theft Of 1.5TB Data
Ransomware Gangs Are Complaining That Other Crooks Are Stealing Their Ransoms
United Health Centers Reportedly Compromised By Ransomware Attack
REvil Customers Complain Ransomware Gang Uses Backdoors To Filch Ransoms
The Biggest Problem With Ransomware Is Not Encryption, But Credentials
Phishing
Other Social Engineering
Malware
Thousands Of Online Gaming Accounts Hit In Major Cyber Attack
Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers
New Malware Steals Steam, Epic Games Store, And EA Origin Accounts
Vulnerabilities
Threat Actors Use Recently Discovered CVE-2021-26084 Atlassian Confluence
New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
Thousands of University Wi-Fi Networks Expose Log-In Credentials
Exploit Released For VMware Vulnerability After CISA Warning
Outsourced Software Poses Greater Risks to Enterprise Application Security
Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw
Apple Responds To Security Researcher Who Found Multiple iOS 15 Zero-Day Flaws
Windows 10 Emergency Update Resolves KB5005565 App Freezes, Crashes
Cyber Security Vulnerability Could Affect Millions Of Hikvision Cameras
Data Breaches/Leaks
Anonymous: We've Leaked Disk Images Stolen From Far-Right-Friendly Web Host Epik
3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale
Emails, Chat Logs, More Leaked Online From Far-Right Militia Linked To US Capitol Riot
Cryptocurrency/Cryptojacking
Ethereum Dev Admits Helping North Korea Mine Crypto-Bucks, Faces 20 Years Jail
China Says All Crypto Currency-Related Transactions Are Illegal And Must Be Banned
Insider Threats
Dark Web
DoS/DDoS
Nation State Actors
APT Focus: ‘Noisy’ Russian Hacking Crews Are Among The World’s Most Sophisticated
APT29 Targets Active Directory Federation Services With Stealthy Backdoor
Nation-State Attacks Fears Grow, Execs Don’t Trust Governments To Protect Them From Cyber Threats
APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated
Cloud
Huawei Cloud Services: U.S. Lawmakers Express Security Concerns
Why CEOs Should Absolutely Concern Themselves With Cloud Security
Cloud Security: Report Finds 68% of Malware Delivered From Cloud Apps
Privacy
Reports Published in the Last Week
Other News
Revealed: How To Steal Money From Victims' Contactless Apple Pay Wallets
Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts
Report Highlights Cyber Security Dangers Of Elastic Stack Implementation Mistakes
Russian Authorities Arrest Cyber Security Giant Group-IB’s CEO On Treason Charges
Corporate Attack Surface Exploding As A Result Of Remote Work
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 06 August 2021
Black Arrow Cyber Threat Briefing 06 August 2021:
-Ransomware Volumes Hit Record High
-Ransomware Gangs Recruiting Insiders To Breach Corporate Networks
-More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021
-New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies
-Constant Review Of Third Party Security Critical As Ransomware Threat Climbs
-Kaseya Ransomware Attack Sets Off Race To Hack Service Providers
-Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Volumes Hit Record Highs As 2021 Wears On
Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020.
https://threatpost.com/ransomware-volumes-record-highs-2021/168327/
Ransomware Gangs Recruiting Insiders To Breach Corporate Networks
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims' networks and encrypt devices. Any ransom payments that victims make are then split between the core group and the affiliate, with the affiliate usually receiving 70-80% of the total amount. However, in many cases, the affiliates purchase access to networks from other third-party pentesters rather than breaching the company themselves. With LockBit 2.0, the ransomware gang is trying to remove the middleman and instead recruit insiders to provide them access to a corporate network.
More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021
Two new reports were released, covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the number of vulnerabilities disclosed. The company's data breach report found that there were 1,767 publicly reported breaches in the first six months of 2021, a 24% decline compared to the same period last year. The number of reported breaches grew in the US by 1.5% while 18.8 billion records were exposed year to date, a 32% decline compared to the 27.8 billion records leaked in the first half of 2020.
New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies
Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.
DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organisations that do not want to manage and secure yet another network asset on their own.
These DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration.
Constant Review Of Third Party Security Critical As Ransomware Threat Climbs
Enterprises typically would give their third-party suppliers "the keys to their castle" after carrying out the usual checks on the vendor's track history and systems, according to a New York-based Forrester analyst who focuses on security and risk. They believed they had done their due diligence before establishing a relationship with the supplier, but they failed to understand that they should be conducting reviews on a regular basis, especially with their critical systems suppliers. Third-party suppliers should have the ability to deal with irregular activities in their systems and the appropriate security architecture in place to prevent any downstream effects, he added.
Kaseya Ransomware Attack Sets Off Race To Hack Service Providers
A ransomware attack in July that paralyzed as many as 1,500 organisations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said. An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said. Now that criminals see how powerful MSP attacks can be, "they are already busy, they have already moved on and we don’t know where," said head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.
‘It’s Quite Feasible To Start A War’: Just How Dangerous Are Ransomware Hackers?
Secretive gangs are hacking the computers of governments, firms, even hospitals, and demanding huge sums. But if we pay these ransoms, are we creating a ticking time bomb? They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.
Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects
A joint advisory from law enforcement agencies in the US, UK, and Australia this week tallied the 30 most-frequently exploited vulnerabilities. Perhaps not surprisingly, the list includes a preponderance of flaws that were disclosed years ago; everything on the list has a patch available for whoever wants to install it. But as we've written about time and again, many companies are slow to push updates through for all kinds of reasons, whether it's a matter of resources, know-how, or an unwillingness to accommodate the downtime often necessary for a software refresh. Given how many of these vulnerabilities can cause remote code execution—you don't want this—hopefully they'll start to make patching more of a priority.
https://www.wired.com/story/top-vulnerabilities-russia-nso-group-iran-security-news/
Average Total Cost Of A Data Breach Increased By Nearly 10% Year Over Year
Based on in-depth analysis of real-world data breaches experienced by over 500 organisations, the global study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year. Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic. The new findings suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.
https://www.helpnetsecurity.com/2021/07/29/total-cost-data-breach/
65% Of All DDoS Attacks Target US And UK
Distributed denial of service (DDoS) attacks are common for cyber criminals who want to disrupt online-dependent businesses. According to the data analysed by a VPN team, 65% of all distributed denial of service (DDoS) attacks are directed at the US or UK. Computers and the internet industry are the favourite among cyber criminals. The United States was a target for 35% of all DDoS attacks in June 2021. Cyber criminals launched DDoS attacks against Amazon Web Services, Google, and other prominent US-based companies in the past. The United Kingdom comes second as it fell victim to 29% of all DDoS attacks. As the UK has many huge businesses, they often are targeted by hackers for valuable data or even a ransom. China was threatened by 18% of all DDoS attacks in June 2021. Assaults from and to China happen primarily due to political reasons, to interrupt some government agency.
https://www.pcr-online.biz/2021/08/05/65-of-all-ddos-attacks-target-us-and-uk/
Threats
Ransomware
Ransomware Attacks Rise Despite US Call For Clampdown On Cyber Criminals
BlackMatter Ransomware Gang Rises From The Ashes Of DarkSide, Revil
Criminals Are Using Call Centres To Spread Ransomware In A Crafty Scheme
Phishing
Microsoft Warns Office 365 Users Over This Sneaky Phishing Campaign
Spear Phishing Now Targets Employees Outside The Finance And Executive Teams, Report Says
Other Social Engineering
Malware
A Wide Range Of Cyber Attacks Leveraging Prometheus TDS Malware Service
Several Malware Families Targeting IIS Web Servers With Malicious Modules
Microsoft: This Windows And Linux Malware Does Everything It Can To Stay On Your Network
Mobile
An Explosive Spyware Report Shows Limits Of IOS, Android Security
This Android Malware Steals Your Data In The Most Devious Way
The Latest Android Bank-Fraud Malware Uses A Clever Tactic To Steal Credentials
Vulnerabilities
Code Execution Flaw Found In Cisco Firepower Device Manager On-Box Software
Cisco Issues Critical Security Patches To Fix Small Business VPN Router Bugs
Decade-Long Vulnerability In Multiple Routers Could Allow Network Compromise
Security Researchers Warn Of TCP/IP Stack Flaws In Operational Technology Devices
PwnedPiper PTS Security Flaws Threaten 80% of Hospitals In The U.S.
Data Breaches
Threat Actors Leaked Data Stolen From EA, Including FIFA Code
Hackers Breach San Diego Hospital, Gaining Access To Patients'... Well, Uh, Everything
OT, ICS, IIoT and SCADA
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
Supply Chain
Nation State Actors
Here's 30 Servers Russian Intelligence Uses To Fling Malware At The West, Beams RiskIQ
Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus
New Chinese Spyware Being Used In Widespread Cyber Espionage Attacks
Suspected Chinese Hackers Took Advantage Of Microsoft Exchange Vulnerability To Steal Call Records
Iranian APT Lures Defense Contractor In Catfishing-Malware Scam
Chinese Hackers Target Major Southeast Asian Telecom Companies
Cloud
Reports Published in the Last Week
Other News
Leaked Document Says Google Fired Dozens Of Employees For Data Misuse
Hybrid Work Is Here To Stay – But What Does That Mean For Cyber Security?
Huawei To America: You're Not Taking Cyber Security Seriously Until You Let China Vouch For Us
Trusted Platform Module Security Defeated In 30 Minutes, No Soldering Required
Credit-Card-Stealing, Backdoored Packages Found In Python's PyPi Library Hub
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 July 2021
Black Arrow Cyber Threat Briefing 02 July 2021: Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit; 71% Of Orgs Experienced BEC Attacks Over The Past Year; Cyber Insurance Making Ransomware Crisis Worse; Breach Exposes 92% Of LinkedIn Users; Users Clueless About Cyber Security Risks; Paying Ransoms Make You A Bigger Target; Cyber Crime Never Sleeps; Classified MOD Docs Found At Bus Stop; Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit
Hackers began a ransomware attack on Friday, hitting at least 200 companies, according to cyber security researchers.
In what appears to be one of the largest supply chain attacks to date, hackers compromised Kaseya, an IT management software supplier, in order to spread ransomware to the managed service providers that use its technology, as well as to their clients in turn.
The attacks have been attributed t=to REvil, the notorious Russia-linked ransomware cartel that the FBI claimed was behind recent crippling attack on beef supplier JBS.
The attack is the latest example of hackers weaponising the IT supply chain in order to attack victims at scale, by breaching just one provider. Last year, it emerged that Russian state-backed hackers had hijacked the SolarWinds IT software group in order to penetrate the email networks of US federal agencies and corporations, for example.
Late on Friday, Kaseya urged those using the compromised “VSA server” tool, which provides remote monitoring and patching capabilities, to shut it down immediately.
https://www.ft.com/content/a8e7c9a2-5819-424f-b087-c6f2e8f0c7a1
71% Of Organisations Experienced BEC Attacks Over The Past Year
Business email compromise (BEC) attacks are one of the most financially damaging cyber crimes and have been on the rise over the past year. This is according to a new report which revealed that spoofed email accounts or websites accounted for the highest number of BEC attack as 71% of organisations acknowledged they had seen one over the past year. This is followed by spear phishing (69%) and malware (24%). Data from 270 IT and cyber security professionals were collected to identify the latest enterprise adoption trends, gaps and solution preferences related to phishing attacks.
https://www.helpnetsecurity.com/2021/06/25/bec-attacks-past-year/
Cyber Insurance Isn't Helping With Cyber Security, And It Might Be Making The Ransomware Crisis Worse, Say Researchers
Cyber insurance is designed to protect organisations against the fallout of cyber attacks, including covering the financial costs of dealing with incidents. However, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it's the customer that makes any decision to pay the ransom, not the insurer.
LinkedIn Breach Reportedly Exposes Data Of 92% Of Users, Including Inferred Salaries
A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up to date. No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. https://9to5mac.com/2021/06/29/linkedin-breach/
Users Clueless About Cyber Security Risks
Organisations are facing yet another unprecedented threat to their cyber security now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new survey shows the mountains of work ahead for security teams in not just locking down their organisations’ systems but also in keeping users from getting duped into handing over the keys to the kingdom. 2,000 end users were surveyed in the U.S. and found the dangers to critical infrastructure, utilities and food supplies are not sinking in with the public, despite the deluge of headlines.
https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/
Ransomware: Paying Up Won't Stop You From Getting Hit Again, Says Cyber Security Chief
Ireland's Health Service Executive (HSE) has been praised for its response after falling victim to a major ransomware attack and for not giving into cyber criminals and paying a ransom. HSE was hit with Conti ransomware in May, significantly impacting frontline health services. The attackers initially demanded a ransom of $20 million in bitcoin for the decryption key to restore the network. While the gang eventually handed over a decryption key without receiving a ransom, they still published stolen patient data – a common technique by ransomware attackers, designed to pressure victims into paying.
Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk
Phishing attacks, insider threats, denial of service disruptions, malware and ransomware — cyber security incidents like these happen on a daily basis. For most of these incidents, the onsite IT team will remediate based on a pre-developed plan and process. And for many of these incidents, that’s a solid approach. But those incident response plans and strategies are IT oriented and geared toward short-term fixes and single incident responses. Meaning, if an incident accelerates beyond a handful of infected laptops or a compromised server and begins to affect operations of all or even part of the organisation, business itself can be disrupted — or even shut down entirely.
https://securityintelligence.com/posts/incident-response-vs-cyber-crisis-management-plan/
Cyber Crime Never Sleeps
When the Colonial Pipeline fell victim to a ransomware attack, people across the United States were shocked to find that a single episode of cyber crime could lead to widespread delays, gas shortages and soaring prices at the pump. But disruptive ransomware attacks like these are far from rare; in fact, they are becoming more and more frequent. Cyber crime is on the rise, and our cyber security infrastructure desperately needs to keep up. A quick look at the data from the last year confirms that cyber crime is a growing threat. Identity theft doubled in 2020 over 2019.
https://www.newsweek.com/cybercrime-never-sleeps-opinion-1603901
IT, Healthcare And Manufacturing Facing Most Phishing Attacks
Researchers examined more than 905 million emails for the H1 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. Researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked.
https://www.zdnet.com/article/it-healthcare-and-manufacturing-facing-most-phishing-attacks-report/
Classified Ministry Of Defence Documents Found At Bus Stop
Classified Ministry of Defence documents containing details about HMS Defender and the British military have been found at a bus stop in Kent. One set of documents discusses the likely Russian reaction to the ship's passage through Ukrainian waters off the Crimea coast on Wednesday. Another details plans for a possible UK military presence in Afghanistan after the US-led NATO operation there ends. The government said an investigation had been launched.
Cabinet Office Increases Cyber Security Training Budget By Almost 500%
The UK’s Cabinet Office increased its cyber security training budget to £274,142.85 in the fiscal year 2021 – a 483% increase from the £47,018 spent in the previous year. In its FOI response, the Cabinet Office detailed the cyber security courses attended by its staff, revealing that the number of booked courses grew from 35 in 2019-20 to 428 in the current fiscal year.
Threats
Ransomware
Increase In Ransomware Attacks ‘Absolutely Aligns’ With Rise Of Crypto, FireEye CEO Says
Ransomware Gangs Now Creating Websites To Recruit Affiliates
New Ransomware Highlights Widespread Adoption Of Golang Language By Cyber Attackers
This Major Ransomware Attack Was Foiled At The Last Minute. Here's How They Spotted It
Using VMs To Hide Ransomware Attacks Is Becoming More Popular
Phishing
Malware
Microsoft Admits To Signing Rootkit Malware In Supply-Chain Fiasco
The 'ChaChi' Trojan Is Helping A Ransomware Gang Target Schools
Mobile
IoT
Data Breaches
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
OT, ICS, IIoT and SCADA
Nation State Actors
Russian Hackers Had Months-Long Access To Denmark's Central Bank
Russian Hackers Are Trying To Brute-Force Hundreds Of Networks
US And UK Agencies Accuse Russia Of Political Cyber Campaign
Cloud
Privacy
Vulnerabilities
Microsoft Finds Netgear Router Bugs Enabling Corporate Breaches
Exploitable Critical RCE Vulnerability Allows Regular Users To Fully Compromise Active Directory
Critical VMware Carbon Black Bug Allows Authentication Bypass
My Book Live Users Wake Up To Wiped Devices, Active RCE Attacks
Flaws In FortiWeb WAF Expose Fortinet Devices To Remote Hack
Hackers Exploited 0-Day, Not 2018 Bug, To Mass-Wipe My Book Live Devices
A Second Exploit Has Emerged In The Sad WD My Book Live Data Deletion Saga
Microsoft Adds Second CVE For PrintNightmare Remote Code Execution
Zyxel Says A Threat Actor Is Targeting Its Enterprise Firewall And VPN Devices
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 June 2021
Black Arrow Cyber Threat Briefing 18 June 2021: Ransomware Now Ranks As UK’s Top Cyber Security Danger; 54% of all employees reuse passwords across accounts; Most Firms Face Second Ransomware Attack After Paying Off First; Bad Cyber Security Behaviours Plaguing The Remote Workforce; VPN Attacks Up Nearly 2000% As Companies Embrace A Hybrid Workplace; Over 65,000 Ransomware Attacks Expected In 2021; Business Leaders Now Feel More Vulnerable To Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Now Ranks As UK’s Top Cyber Security Danger
Ransomware hackers are now the biggest cyber security threat in the UK for the majority of individuals and businesses in the region, Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC), said in a speech. “For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,” Cameron said in the speech at the second annual cyber security meeting at the Royal United Services Institute (RUSI), the oldest independent defense and security think tank worldwide.
54% of all employees reuse passwords across multiple work accounts
Results of a study into current attitudes and adaptability to at-home corporate cyber security, employee training, and support in the current global hybrid working era revealed some interesting results. The report surveyed 3,006 employees, business owners, and C-suite executives at large organisations (250+ employees), who have worked from home and use work issued devices in the UK, France and Germany.
According to the findings 54% of all employees use the same passwords across multiple work accounts. 22% of respondents still keep track of passwords by writing them down, including 41% of business owners and 32% of C-level executives.
42% of respondents admit to using work-issued devices for personal reasons daily while working from home. Of these, 29% are using work devices for banking and shopping, and 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with 23% of business owners and 15% of C-level respondents using them for illegal streaming/watching TV.
A year after the pandemic began and work-from-home policies were implemented, 37% of all employees across all sectors are yet to receive cyber security training to work from home, leaving businesses largely exposed to evolving risks. 43% of all employees suggest that cyber security isn’t the responsibility of the workforce, with 60% believing this should be handled by IT teams.
https://www.helpnetsecurity.com/2021/06/10/employees-reuse-passwords-across-multiple-work-accounts/
VPN Attacks Up Nearly 2000% As Companies Embrace A Hybrid Workplace
In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware. “2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organisations, which is what we started to see in Q1 and are continuing to see today.”
https://www.helpnetsecurity.com/2021/06/15/vpn-attacks-up/
Most Firms Face Second Ransomware Attack After Paying Off First
Most businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack. And almost half of those that pay up say some or all their data retrieved were corrupted. Some 80% of organisations that paid ransom demands experienced a second attack, of which 46% believed the subsequent ransomware to be caused by the same hackers. Amongst those that paid to regain access to their systems, 46% said at least some of their data was corrupted, according to a survey released Wednesday. The study polled 1,263 security professionals in seven markets worldwide, including 100 in Singapore, as well as respondents in Germany, France, the US, and UK.
https://www.zdnet.com/article/most-firms-face-second-ransomware-attack-after-paying-off-first/
Over 65,000 Ransomware Attacks Expected In 2021: Former Cisco CEO
U.S. companies are expected to endure over 65,000 ransomware attacks this year — and that's “a conservative number,” according to John Chambers, former CEO of Cisco Systems. With McDonald’s, JBS, and Colonial Pipeline Co. all recently coming under cyber attacks, Chambers does not foresee an end to the onslaught of cyber security threats anytime soon. He estimated that the number of ransomware attacks in 2021 could end up being as high as 100,000, with each one costing companies an average of $170,000. In the case of Colonial, just one password was needed for hackers to compromise the entire company’s IT infrastructure. This led to Colonial and JBS paying a combined $15 million in ransom against FBI advice.
Business Leaders Now Feel More Vulnerable To Cyber Attacks
Geographically speaking, 55% of US and 49% of UK respondents have experienced the most severe impact to their network security due to these attacks (suggesting that their businesses are more of a target than those in continental Europe) which, in turn, has resulted in a clear majority of respondents (60%) increasing their investment in this area. A sizeable 68% of leaders said their company has experienced a DDoS attack in the last 12 months with the UK (76%) and the US (73%) experiencing a significantly higher proportion compared to 59% of their German and 56% French counterparts. Additionally, over half of the leaders who participated in the survey confirmed that they specifically experienced a DDoS ransom or extortion attack in that time, with a large number of them (65%) targeted at UK companies, compared with the relatively low number in France (38%).
https://www.helpnetsecurity.com/2021/06/14/business-leaders-feel-vulnerable-cyber-attacks/
Ransomware Gang Turns To Revenge Porn
At least one ransomware gang has taken a rare and highly invasive step in order to convince its victims to pay: leaking nude images allegedly uncovered as part of their hack of a target company. The news presents an escalation in the world of ransomware and digital extortion, and comes as the U.S. government and other countries discuss new measures to curb the spike in ransomware incidents. Ransomware groups have recently targeted, and in some cases extracted payment from, the Colonial Pipeline Company, meat producer JBS, and the Irish healthcare system. Locking down computers with ransomware can already have a substantial impact on business operations; leaking information on top of that can present victims with another risk. But posting nude images publicly on the internet threatens to make extortion of organisations a much more personal matter.
https://www.vice.com/en/article/z3xzby/ransomware-gang-revenge-porn-leaks-nude-images
Bank Of America Spends Over $1 Billion Per Year On Cyber Security
Bank of America CEO Brian Moynihan said Monday that the company has ramped its cyber security spending to over $1 billion a year. “I became CEO 11 and a half years ago, and we probably spent three to $400 million [per year] and we’re up over a billion now,” Moynihan said on CNBC’s “Squawk Box.” “The institutions around us, other institutions and my peers, spend like amounts, and our contracting parties spend like amounts,” he added. “In other words, we cause spending in third parties that provide services to us to protect us in the same way. So there’s a lot of money being spend on this, and I think one of the things our industry has done a great job of is work together.”
https://www.cnbc.com/2021/06/14/bank-of-america-spends-over-1-billion-per-year-on-cybersecurity.html
Bad Cyber Security Behaviours Plaguing The Remote Workforce
According to the report, younger employees are most likely to admit they cut cyber security corners, with 51% of 16-24 year olds and 46% of 25-34 year olds reporting they’ve used security workarounds. In addition, 39% say the cyber security behaviours they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.
https://www.helpnetsecurity.com/2021/06/16/cybersecurity-behaviors/
Threats
Ransomware
Why Backups Are Not The Panacea For Recovery From A Ransomware Attack
Ryuk Ransomware Recovery Cost Us $8.1m And Counting, Says Baltimore School Authority
Experts Shed Light On Distinctive Tactics Used By Hades Ransomware
The latest Revil Ransomware Victim? Sol Oriens. Oh, A US Nuclear Weapons Contractor
BEC
Phishing
Malware
Vulnerabilities
Update Your Chrome Browser To Patch Yet Another 0-Day Exploited In-The-Wild
Vulnerability In Microsoft Teams Granted Attackers Access To Emails, Messages, And Personal Files
Critical Remote Code Execution Flaw In Thousands Of VMWare vCenter Servers Remains Unpatched
Data Breaches
UK Listed Law Firm Gateley Admits Client Data Lost Through Cyber Attack
Alibaba Suffers Billion-Item Data Leak Of Usernames And Mobile Numbers
Maritime Firm HMM Suffers Security Breach And Cyber Attack On Its Email Systems
Mensa Data Spillage Was Due to 'Unauthorised Internal Download'
Volkswagen, Audi Disclose Data Breach Impacting Over 3.3 Million Customers, Interested Buyers
Organised Crime & Criminal Actors
Cryptocurrency
Supply Chain
OT, ICS, IIoT and SCADA
Nation State Actors
Biden Says He Told Putin U.S. Will Hack Back Against Future Russian Cyber Attacks
Little-Noticed Cyber Spying Campaign Blamed On China Was Much Wider Than Thought
Denial of Service
Cloud
Privacy
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.