Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week 

Ransomware Attacks Soar 288% in First Half of 2021

The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew, according to the latest data.

Nearly a quarter (22%) of data leaks in the second quarter came from the Conti ransomware group, who typically gain initial network access to victim organisations via phishing emails.

It’s an unfortunate fact that no organisation in any sector is safe from ransomware today.

Targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model. https://www.infosecurity-magazine.com/news/ransomware-attacks-soar-half-2021/  

Ransomware Costs Expected To Reach $265 Billion By 2031

Think ransomware is expensive now? It’s not predicted to get any cheaper over the next decade. Ransoms could cost victims a collective total of $265 billion by 2031. The estimate is based on the prediction that the price tag will increase 30% every year over the next 10 years. https://securityintelligence.com/news/ransomware-costs-expected-265-billion-2031/ 

Brute Force Email Attacks and Account Takeover Attempts Rise 671%, Reaching Unprecedented Levels, Causing Financial And Reputational Damage

A new Email Threat Report for Q3 2021 examines the escalating adverse impact of socially-engineered and never-seen-before email attacks, and other advanced email threats—both financial and reputational—to organisations worldwide. The report surveyed advanced email attacks across eight major industry sectors, including retail and consumer goods, manufacturing, technology, energy and infrastructure services, medical, media and television, finance, and hospitality.

The report also finds 61% of organisations experienced a vendor email compromise/supply chain attack in Q2 2021.

Key report findings include:

• 32.5% of all companies were targeted by brute force attacks in early June 2021

• 137 account takeovers occurred per 100,000 mailboxes for members of the C-suite

• 61% of organisations experienced a vendor email compromise attack this quarter

• 22% more business email compromise attacks since Q4 2020

• 60% chance of a successful account takeover each week for organisations with 50,000+ employees

• 73% of all advanced threats were credential phishing attacks

• 80% probability of attack every week for retail and consumer goods, technology, and media and television companies

https://finance.yahoo.com/news/brute-force-email-attacks-account-120100299.html  

Investigation Into Hacked "Map" Of UK Gun Owners

Gun-selling site Guntrader announced a data breach affecting more than 100,000 customers in July. This week, reports emerged that an animal rights activist blog had published the information. The group had formatted the data so it could be easily imported into mapping software to show individual homes. The National Crime Agency, which has been investigating the data breach and its fallout, said it "is aware that information has been published online as a result of a recent data breach which impacted Guntrader". https://www.bbc.co.uk/news/technology-58413847 

Eight US Financial Services Firms Given Six-Figure Fines Over BEC Data Breaches

The US Securities and Exchange Commission (SEC) has sanctioned multiple financial services firms for cyber security failures that led to the compromise of corporate email accounts and the personal data of thousands of individuals. The case was brought after the unauthorised takeover of cloud-based email accounts at Seattle-based KMS Financial Services, and subsidiaries of California-headquartered Cetera Financial Group and Iowa-based Cambridge Investment Group. https://portswigger.net/daily-swig/eight-us-financial-services-firms-given-six-figure-fines-over-bec-data-breaches

Ransomware Has Been A ‘Game Changer’ For Cyber Insurance

Ransomware attacks accounted for nearly one quarter of all cyber incidents globally last year, according to a software company. The researchers “think of December 2019 as the tipping point for when we started to see ransomware take hold”. The U.S. was hit by a barrage of ransomware attacks in 2019 that impacted at least 966 government agencies, educational establishments, and healthcare providers at a potential cost in excess of $7.5 billion. All of this has a massive knock-on affect for the Insurance firms. https://www.insurancejournal.com/news/national/2021/08/30/628672.htm 

Getting Ahead Of A Major Blind Spot For CISOs: Third-Party Risk

For many CISOs and security leaders, it was not long ago that their remit focused on the networks and digital ecosystems for their organisation alone. In today’s digital world, those days are a thing of the past with a growing number of businesses relying on third-party vendors to scale, save time and outsource expertise to stay ahead. With this change, new security risks affiliated with third-party vendors are more prevalent than ever before. https://www.helpnetsecurity.com/2021/09/01/getting-ahead-of-a-major-blind-spot-for-cisos-third-party-risk/ 

WhatsApp Hit With $267 Million GDPR Fine For Bungling User Privacy Disclosure

Ireland’s Data Protection Commission fined Facebook-owned messenger WhatsApp for $225 million for failing to provide users enough information about the data it shared with other Facebook companies.

The fine is the largest penalty that the Irish regulator has waged since the European Union data protection law, the General Data Protection Regulation, or GDPR, went into effect in 2018. https://www.cyberscoop.com/whatsapp-hit-with-267-million-gdpr-fine-for-bungling-user-privacy-disclosure/  

Microsoft Warns About Open Redirect Phishing Campaign

Microsoft’s Security Intelligence team is warning over phishing campaigns using open redirector links, links crafted to subvert normal inspection efforts. Smart users know to hover over links to see where they're going to lead, but these links are prepared for that type of user and display a safe destination designed to lure targets into a false sense of security. Click the link and you'll be redirected to a domain that appears legit (such as a Microsoft 365 login page, for example) and sets the stage for you to voluntarily hand over credentials to bad actors without even realising it until it's too late. https://www.windowscentral.com/microsoft-warns-about-open-redirect-phishing-campaign

Previous Employees With Access To Corporate Data Remain A Threat To Businesses

Offboarding employees securely is a key problem for business leaders, with 40% concerned that employees who leave a company retain knowledge of passwords that grant access to corporate data. This is according to a report, which found few organisations are implementing access management solutions that work with all applications, meaning most lack the ability to revoke access to all corporate data as soon as an employee leaves. https://www.helpnetsecurity.com/2021/09/02/previous-employees-access-data/

BEC Scammers Seek Native English Speakers On Underground

Looking for work? Speak fluent English? Capable of convincingly portraying a professional – as in, somebody a highly ranked corporate leader would talk to? If you lack scruples and disregard those pesky things called “laws,” it could be your lucky day: Cyber Crooks are putting up help-wanted ads, looking for native English speakers to carry out the social-engineering elements of business email compromise (BEC) attacks. https://threatpost.com/bec-scammers-native-english-speakers/169092/

Half Of Businesses Can't Spot These Signs Of Insider Cyber Security Threats

Most businesses are struggling to identify and detect early indicators that could suggest an insider is plotting to steal data or carry out other cyber attacks. Research suggests that over half of companies find it impossible or very difficult to prevent insider attacks. These businesses are missing indicators that something might be wrong. Those include unusual amounts of files being opened, attempts to use USB devices, staff purposefully circumventing security controls, masking their online activities, or moving and saving files to unusual locations. All these and more might suggest that a user is planning malicious activity, including the theft of company data. https://www.zdnet.com/article/half-of-businesses-cant-spot-these-signs-of-insider-cybersecurity-threats/

Threats

Ransomware

• Conti Ransomware Now Hacking Exchange Servers With ProxyShell Exploits

• First Ransomware to Use Intermittent Encryption Revealed

• Ransomware: It's Only A Matter Of Time Before A Smart City Falls Victim, And We Need To Take Action Now

• LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

• FBI, CISA: Ransomware Attack Risk Increases On Holidays, Weekends

• How Ransomware Runs The Underground Economy

• LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files

Phishing

• This Phishing Attack Is Using A Sneaky Trick To Steal Your Passwords, Warns Microsoft

• Report Analysis On Phishing Campaign Utilizing Vzwpix

Malware

• Cyber Attackers Are Now Quietly Selling Off Their Victim's Internet Bandwidth

• Cyber Criminal Sells Tool To Hide Malware In AMD, NVIDIA GPUS

• Cyber Criminals Abusing Internet-Sharing Services To Monetise Malware Campaigns

Mobile

• Snowden Slams Apple CSAM: Warns iPad, iPhone, Mac Users Worldwide

• Kaspersky Lab Has Reported About Android Viruses Designed To Steal Money Automatically

• Dangerous Android Malware Is Spreading — Beware Of Text Message Scam

Vulnerabilities

• ProxyToken: Another Nail-Biter From Microsoft Exchange

• New BrakTooth Flaws Leave Millions Of Bluetooth-Enabled Devices Vulnerable

• Atlassian Confluence Flaw Under Active Attack

• Meltdown-Like Vulnerability Disclosed For AMD Zen+ And Zen 2 Processors

• NPM Package With 3 Million Weekly Downloads Had A Severe Vulnerability

• Cisco Patches Critical Authentication Bug With Public Exploit

• QNAP Working On Patches For OpenSSL Flaws Affecting Its NAS Devices

• This Top TP-Link Router Ships With Some Serious Security Flaws

Data Breaches/Leaks

Organised Crime & Criminal Actors

• The Consumerisation Of The Cyber Crime-As-A-Service Market

• Chinese Authorities Arrest Hackers Behind Mozi IOT Botnet Attacks

Dark Web

• Data From Fujitsu Is Being Sold On The Dark Web

DoS/DDoS

• Cloudflare Says It Stopped The Largest DDoS Attack Ever Reported

• UK VoIP Telco Receives 'Colossal Ransom Demand', Reveals REvil Cyber Crooks Suspected Of 'Organised' DDoS Attacks On UK VoIP Companies

OT, ICS, IIoT and SCADA

• Nine Cyber Attacks On UK's Transport Sector Missed By Mandatory Reporting Laws

Cloud

• “Worst Cloud Vulnerability You Can Imagine” Discovered In Microsoft Azure

Other News

• Why Zero-Trust Models Should Replace Legacy VPNs

• T-Mobile CEO Calls Latest Data Breach ‘Humbling,’ Claims It’s Committed To Security

• China Restricts Kids’ Online Gaming To Three Hours A Week

• Unpatched Exchange Servers An Overlooked Risk

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

40% Fell Victim To A Phishing Attack In The Past Month

The global shift to remote work has exacerbated the onslaught, sophistication, and impact of phishing attacks, according to Ivanti. Nearly three-quarters (74%) of respondents said their organisations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month.

Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85% said those attempts are getting more sophisticated. In fact, 73% of respondents said that their IT staff had been targeted by phishing attempts, and 47% of those attempts were successful.

Smishing and vishing scams are the latest variants to gain traction and target mobile users. According to recent research by Aberdeen, attackers have a higher success rate on mobile endpoints than on servers – a pattern that is trending dramatically worse. Meanwhile, the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M.

https://www.helpnetsecurity.com/2021/07/23/risk-phishing-attacks/

Traditional Ransomware Defences Are Failing Businesses

Traditional cyber security strategies are failing to protect organisations from ransomware attacks, new research suggests. Based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defences set up at the time of the attack. However, attack methods have grown too sophisticated for traditional security measures to keep up. Many attacks (24 percent) still start with a successful phishing attempt, while almost a third (31 percent) see attacker enter the network through public cloud.

https://www.itproportal.com/news/traditional-ransomware-defenses-are-failing-businesses/

Cyber Security Risk: The Number Of Employees Going Around IT Security May Surprise You

Last month, a report was published highlighting challenges associated with enabling IT freedoms while ensuring tight security procedures. The findings detail a complex balancing act between IT teams and network users. Calibrating this equilibrium is particularly challenging in the age of remote work as employees log on and virtually collaborate via a host of digital solutions. Overall, the survey found that virtually all employees (93%) "are working around IT restrictions," and a mere 7% said they were "satisfied with their corporate IT restrictions." Interestingly, this information about IT workarounds does not match security leaders' and IT expectations.

https://www.techrepublic.com/article/cybersecurity-risk-the-number-of-employees-going-around-it-security-may-surprise-you/

740 ransomware victims named on data leak sites in Q2 2021: report

More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cyber security firm Digital Shadows.

Out of the almost 2,600 victims listed on ransomware data leak sites, 740 of them were named in Q2 2021, representing a 47% increase compared to Q1.

https://www.zdnet.com/article/740-ransomware-victims-named-on-data-leak-sites-in-q2-2021-report/

A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats

For decades, the cyber security industry has followed a defense-in-depth strategy, which allowed organisations to designate the battlefield against bad actors at their edge firewall. Nowadays, cyber criminals have become as creative as ever. New cyber threats are emerging every day, and with the constantly increasing rate of Ransomware, Phishing, etc. We’re forced to take a more dynamic approach when tackling these cyber threats on a day to day basis. Recent statistics demonstrate the scale of the cyber security issues faced by companies. In 2020, malware attacks increased by 358% and ransomware increased by 435%, and the average cost of recovering from a ransomware attack has doubled in the last 12 months, reaching almost $2 million in 2021.

https://www.helpnetsecurity.com/2021/07/13/dynamic-approach-cybersecurity-threats/

Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack

Campbell Conroy & O'Neil, P.C., a law firm handling hundreds of cases for the world's leading companies, has announced a large data breach that resulted from a ransomware attack in February.  In a statement, the law firm said it noticed unusual activity on its network on February 27. The firm later realized it was being hit with a ransomware attack and contacted the FBI as well as cyber security companies for help.

https://www.zdnet.com/article/law-firm-for-ford-boeing-exxon-marriott-walgreens-and-more-hacked-in-ransomware-attack/

UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack

The Government was hinting yet again at covertly using Britain’s own offensive cyber capabilities – hitting back at cyber attacks with cyber attacks of our own. This approach goes all the way back to 2013, when then defence secretary told the Conservative Party conference that the UK would “build a dedicated capability to counter-attack in cyber space and, if necessary, to strike in cyber space”.

https://www.telegraph.co.uk/world-news/2021/07/19/uk-allies-accuse-china-reckless-cyber-extortion-microsoft-hack/

Even after Emotet takedown, Office docs deliver 43% of all malware downloads now

Malware delivered over the cloud increased by 68% in Q2, according to data from cyber security firm Netskope.

The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter.

The report noted that cloud storage apps account for more than 66% of cloud malware delivery.

"In Q2 2021, 43% of all malware downloads were malicious Office docs, compared to just 20% at the beginning of 2020. This increase comes even after the Emotet takedown, indicating that other groups observed the success of the Emotet crew and have adopted similar techniques," the report said.

https://www.zdnet.com/article/even-after-emotet-takedown-office-docs-deliver-43-of-all-malware-downloads-now/

Gun Owners' Fears After Firearms Dealer Data Breach

Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a "security breach".

Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner's Office.

Police, including the National Crime Agency, are investigating.

One affected gun owner said he was afraid the breach could lead to his family being targeted by criminals.

Gun ownership is tightly controlled in the UK, making guns difficult to acquire, and potentially valuable on the black market.

The individual, who did not wish to be named, told the BBC the breach "seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger".

https://www.bbc.co.uk/news/technology-57932823  

Threats

Ransomware

• SpearTip Finds New Diavol Ransomware Does Steal Data

• The Ransomware Point Of Attack Is Sharper

• Ransomware Incident At Major Cloud Provider Disrupts Real Estate, Title Industry

• In The Fight Against Ransomware, Microsoft Must Do More

• Tracking Malware And Ransomware Domains In 2021

BEC

Phishing

• Google Chrome Now Comes With Up To 50x Faster Phishing Detection

Malware

• Leaked NSO Group Data Hints At Widespread Pegasus Spyware Infections

• This New Malware Hides Itself Among Windows Defender Exclusions To Evade Detection

• MacBook Users Beware! Hackers Are Buying $49 Malware To Wreak Havoc On MacOS

• New MosaicLoader Malware Targets Software Pirates Via Online Ads

• CISA Warns Of Stealthy Malware Found On Hacked Pulse Secure Devices

• This Password-Stealing Windows Malware Is Distributed Via Ads In Search Results

• Pirate Gamers, Beware: This Malware Targets You

Mobile

• Joker Malware Returns To Target Millions More Android Devices

Vulnerabilities

• You'll Want To Shut Down The Windows Print Spooler Service (Yes, Again): Another Privilege Escalation Bug Found

• Google Patches Chrome Zero-Day, Eighth One In 2021

• Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

• 16-Year-Old Security Bug Affects Millions Of HP, Samsung, Xerox Printers

• Fortinet Fixes Bug Letting Unauthenticated Hackers Run Code As Root

• Windows 10 Vulnerability Lets Anyone Get Administrator Privileges

• Researchers Discover Security Flaws In Telegram Encryption Protocol

• New Sequoia Bug Gives You Root Access On Most Linux Systems

• Microsoft Shares Workaround For Windows 10 SeriousSAM Vulnerability

• Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

Data Breaches

• Aruba Waited Months To Notify Customers Regarding A Recent Data Breach

• Data Breach Claimants Lose Bid For Anonymity In Court

• Oil Giant Saudi Aramco Hit By 1TB Data Breach

Organised Crime & Criminal Actors

• Botnet Operator Who Proxied Traffic For Other Cybercrime Groups Pleads Guilty

Supply Chain

• NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

DoS/DDoS

• DDoS: Google Has A New Tool To Defend Against Attacks Launched By Botnets

OT, ICS, IIoT and SCADA

• Industrial Networks Exposed Through Cloud-Based Operational Tech

Nation State Actors

• Iranian State Sponsored Hacking Attempts

• UK And Allies Hold Chinese State Responsible For Pervasive Pattern Of Hacking

• China Accused Of Cyber-Attack On Microsoft Exchange Servers

• Chinese Hacking Group APT31 Uses Mesh Of Home Routers To Disguise Attacks

• France Warns Of APT31 Cyber Spies Targeting French Organisations

• APT Hackers Distributed Android Trojan Via Syrian E-Government Portal

Cloud

• Why The Bank Of England Has Its Head In The Cloud Over Data Security

Privacy

• FT Editor Among 180 Journalists Identified By Clients Of Spyware Firm

• Revealed: leak uncovers global abuse of cyber surveillance weapon

Other News

• Is Open-Source Software Secure?

• Application Security Tools Ineffective Against New And Growing Threats

• Pegasus: What Is The Israeli Spyware And How Can You Tell If It’s On Your Phone?

• UK.Gov's Huawei Watchdog Says Firm Made 'No Overall Improvement' On Firmware Security But Won't Say Why

• DHS Releases New Mandatory Cyber Security Rules For Pipelines After Colonial Ransomware Attack

• 1 in 5 companies fail PCI compliance assessments of their infrastructure

• Biden Puts a $10M Bounty on Foreign Hackers

• MITRE updates list of top 25 most dangerous software bugs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

BEC Losses Top $1.8B As Tactics Evolve

Business email compromise (BEC) attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organisations with these types of attacks last year alone — and things are getting worse. BEC attacks are carried out by cyber criminals either impersonating someone inside an organisation, or masquerading as a partner or vendor, bent on financial scamming. A new report from Cisco’s Talos Intelligence examined the tactics of some of the most dangerous BEC attacks observed in the wild in 2020 and reminded the security community that in addition to technology, smart users armed with a healthy scepticism of outside communications and the right questions to ask are the best line of defence. “The reality is, these types of emails and requests happen legitimately all over the world every day, which is what makes this such a challenge to stop,” the report said.

https://threatpost.com/bec-losses-top-18b/167148/

30M Dell Devices At Risk For Remote BIOS Attacks, Remote Code Execution

A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide. According to analysis the bugs affect 129 models of laptops, tablet, and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.

https://threatpost.com/dell-bios-attacks-rce/167195/

Bad Employee Behaviours Picked Up During Remote Working Pose Serious Security Risks in the New Hybrid Workplace

Most employers are wary that the post-pandemic hybrid workforce would bring bad cyber security behaviours. More than half (56%) of employers believed that employees had picked bad security practices while working remotely. Similarly, nearly two-fifths (39%) of employees also admitted that their employee behaviours differed significantly while working from home compared to the office. Additionally, nearly a third (36%) admitted discovering ‘workarounds’ since they started working remotely. Younger workers were more prone to these bad employee behaviours, with 51% of 16-24, 46% of 25-34, and 35% of 35-44-year-olds using ‘workarounds.’ Close to half (49%) of workers adopted the risky behaviour because they felt that they were not being watched by IT departments. Nearly a third (30%) said they felt that they could get away with the risky employee behaviours while working away from the office.

https://www.cpomagazine.com/cyber-security/bad-employee-behaviors-picked-up-during-remote-working-pose-serious-security-risks-in-the-new-hybrid-workplace/

7 Ways Technical Debt Increases Security Risk

Two in three CISOs believe that technical debt, the difference between what's needed in a project and what's finally deployed, to be a significant cause of security vulnerability, according to the 2021 Voice of the CISO report. Most technical debt is created by taking shortcuts while placing crucial aspects such as architecture, code quality, performance, usability, and, ultimately, security on hold. Many large organisations are carrying tens or hundreds of thousands of discovered but un-remediated risks in their vulnerability management systems,. In many sectors there's this insidious idea that underfunded security efforts, plus risk management, are almost as good as actually doing the security work required, which is dangerously wrong.

https://www.csoonline.com/article/3621754/7-ways-technical-debt-increases-security-risk.html

Organisations Ill-Equipped To Deal With Growing BYOD Security Threats

A report shows the rapid adoption of unmanaged personal devices connecting to work-related resources (aka BYOD) and why organisations are ill-equipped to deal with growing security threats such as malware and data theft. The study surveyed hundreds of cyber security professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced using personal mobile devices. The insights in this report are especially relevant as more enterprises are shifting to permanent remote work or hybrid work models, connecting more devices to corporate networks and, as a result, expanding the attack surface.

https://www.helpnetsecurity.com/2021/06/17/byod-security/

Firewall Manufacturer SonicWall Sees 226.3 Million Ransomware Attack Attempts This Year

Firewall manufacturer SonicWall said it saw dramatic increases in almost every market, even in those such as the US and UK, where ransomware attacks were already common. The US saw a 149% spike, and the UK 69%. “The bombardment of ransomware attacks is forcing organisations into a constant state of defence rather than an offensive stance,” said the SonicWall CEO. “And as the tidal wave of ransomware attacks continues to crush company after company, there is a lot of speculation on how to keep individual organisations safe, but no real consensus on how to move forward when it comes to combating ransomware.

https://www.computerweekly.com/news/252502854/SonicWall-sees-2263-million-ransomware-attack-attempts-this-year

Ransomware Criminals Look To Other Hackers To Provide Them With Network Access

According to a new report, cyber criminals distributing ransomware are increasingly turning to other hackers to buy access into corporate networks.

Researchers said a robust and lucrative criminal ecosystem exists where criminals work together to carry out ransomware attacks. In this ecosystem, ransomware operators buy access from independent cyber criminal groups who infiltrate major targets for part of the ransom proceeds.

Cyber criminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network said researchers.

https://www.itpro.co.uk/security/ransomware/359919/ransomware-criminals-look-to-other-hackers-to-provide-them-with-network

5 Biggest Healthcare Security Threats For 2021

Cyber Attacks targeting the healthcare sector have surged because of the COVID-19 pandemic and the resulting rush to enable remote delivery of healthcare services. Security vendors and researchers tracking the industry have reported a major increase in phishing attacks, ransomware, web application attacks, and other threats targeting healthcare providers. The trend has put enormous strain on healthcare security organisations that already had their hands full dealing with the usual volume of threats before the pandemic. “The healthcare industry is under siege from a range of complex security risks," says Terry Ray. Cyber Criminals are hunting for the sensitive and valuable data that healthcare has access to, both patient data and corporate data, he says. Many organisations are struggling to meet the challenge because they are under-resourced and rely on vulnerable systems, third-party applications, and APIs to deliver services.

https://www.csoonline.com/article/3262187/biggest-healthcare-security-threats.html

Threats

Ransomware

• What’s Making Your Company A Ransomware Sitting Duck

• Have We Reached Peak Ransomware? How The Internet's Biggest Security Problem Has Grown And What Happens Next

• Ransomware: Now Gangs Are Using Virtual Machines To Disguise Their Attacks

• Ransomware Gangs Get Paid Off As Officials Struggle For Fix

• Clop Ransomware Gang Doxes Two New Victims Days After Police Raids

• Wormable Bash DarkRadiation Ransomware Targets Linux Distros And Docker Containers

• Faux ‘DarkSide’ Gang Takes Aim At Global Energy, Food Sectors

• A Deep Dive Into The Operations Of The LockBIT Ransomware Group

• Fashion titan French Connection Says 'FCUK' Ss REvil-Linked Ransomware Makes Off With Data

BEC

• 71% Of Organisations Experienced BEC Attacks Over The Past Year

Phishing

• Phishing Attack's Unusual File Attachment Is A Double-Edged Sword

• Man Arrested After 26,000 'Phishing' Text Messages Sent Out In A Single Day

Other Social Engineering

• FIN7 Scammers Posed As Sec Officials, Sick Restaurant Customers To Hack Victims

Malware

• 50% Of Misconfigured Containers Hit By Botnets In Under An Hour

• Spam Downpour Drips New IcedID Banking Trojan Variant

• Dirtymoe Malware Has Infected More Than 100,000 Windows Systems

Mobile

• Flubot Seeks To Steal Financial Data On Android Phones

• 76% Of IT Decision Makers More Vulnerable To Mobile Attacks Than Just A Year Ago

Vulnerabilities

• Email Bug Allows Message Snooping, Credential Theft

• Google Confirms 7th Chrome ‘Zero Day’ Vulnerability, Upgrade Now

• Linux Marketplaces Vulnerable To RCE And Supply Chain Attacks

• Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

• Google Docs Is Being Weaponized By Hackers

• Sonicwall Bug Affecting 800k Firewalls Was Only Partially Fixed

• Hackers Are Using Unknown User Accounts To Target Zyxel Firewalls And VPNs

• SonicWall ‘Botches’ October Patch For VPN Bug

• Lexmark Printers Open To Arbitrary Code-Execution Zero-Day

• Misconfigurations In Most Active Directory Environments Create Serious Security Holes, Researchers Find

Data Breaches

• Tulsa’s Police-Citation Data Leaked By Conti Gang

• Cl0p Ransomware Group Dumps New Tranche Of Stolen Data

• Carnival Cruise Cyber-Torpedoed By Cyber Attack

Cryptocurrency

• Monero Emerges As Crypto Of Choice For Cyber Criminals

• Hackers Crack Pirated Games with Cryptojacking Malware

Dark Web

• Law Enforcement Secretly Ran Part Of The Dark Web, Again

OT, ICS, IIoT and SCADA

• Hackers Tried To Poison California Water Supply In Major Cyber Attack

Nation State Actors

• Cyber Attacks Are Primary Funding Source For North Korea

• The Lazarus Heist: How North Korea Almost Pulled Off A Billion-Dollar Hack

• South Korea's Nuclear Research Agency Hacked Using VPN Flaw

• Cyber Espionage By Chinese Hackers In Neighbouring Nations Is On The Rise

• Cyber Attack On Polish Government Officials Linked To Russian Hackers

Cloud

• NATO's Cloud Platform Has Been Hacked

Privacy

• I spy: are smart doorbells creating a global surveillance network?

• EU Data Protection Authorities Call For Ban On Facial Recognition

• All The Ways Amazon Tracks You And How To Stop It

Other News

• IT Leaders Say Cyber Security Funding Being Wasted On Remote Work Support

• Hackers Are Trying To Attack Big Companies. Small Suppliers Are The Weakest Link

• Only 7% Of Security Leaders Are Reporting To The CEO

• APNIC Left A Dump From Its WhoIS SQL Database In A Public Google Cloud bucket

• Average Time To Fix Critical Cyber Security Vulnerabilities Is 205 Days

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

61 Percent Of Employees Fail Basic Cyber Security Quiz

Nearly 70% of employees polled in a new survey said they recently received cyber security training from their employers, yet 61% nevertheless failed when asked to take a basic quiz on the topic. This was one of the leading findings of a research study that sought to understand the cyber security habits of some 1,200 workers, as well as their knowledge of best practices and ability to recognize security threats.

https://www.scmagazine.com/home/security-news/61-percent-of-employees-fail-basic-cybersecurity-quiz/

More Than 1,900 Distinct Hacking Groups Are Active Today

There are currently more than 1,900 distinct hacking groups that are active today, a number that grew from 1,800 groups recorded at the end of 2019. In its yearly cyber crime report, the company said it discovered 650 new threat actors during 2020, but new evidence also allowed it to remove 500 groups from its threat actor tracker due to overlaps in activity and hacking infrastructure with previously known clusters.

https://therecord.media/fireeye-more-than-1900-distinct-hacking-groups-are-active-today/

Ransomware: The Internet's Biggest Security Crisis Is Getting Worse

Organisations continue to fall victim to ransomware, and yet progress on tackling these attacks, which now constitute one of the biggest security problems on the internet, remains slow. From small companies to councils, government agencies and big business, the number and range of organisations hit by ransomware is rising. One recent example; schools with 36,000 students have been hit, leaving pupils without access to email as attempts were made to get systems back online. That is at least four chains of schools attacked in the last month.

https://www.zdnet.com/article/ransomware-the-internets-biggest-security-crisis-is-getting-worse-we-need-a-way-out/?&web_view=true

Enterprise Security Attackers Are One Password Away From Your Worst Day

If the definition of insanity is doing the same thing over and over and expecting a different outcome, then one might say the cyber security industry is insane.

Criminals continue to innovate with highly sophisticated attack methods, but many security organisations still use the same technological approaches they did 10 years ago. The world has changed, but cyber security hasn’t kept pace.

Distributed systems, with people and data everywhere, mean the perimeter has disappeared. And the hackers couldn’t be more excited. The same technology approaches, like correlation rules, manual processes and reviewing alerts in isolation, do little more than remedy symptoms while hardly addressing the underlying problem.

Credentials are supposed to be the front gates of the castle, but as the SOC is failing to change, it is failing to detect. The cyber security industry must rethink its strategy to analyse how credentials are used and stop breaches before they become bigger problems.

https://techcrunch.com/2021/04/16/enterprise-security-attackers-are-one-password-away-from-your-worst-day/

Microsoft’s April Update Patches 114 Bugs—Half Of Which Allow Remote Code Execution

The fourth Patch Tuesday of 2021 is another big one. Today, Microsoft revealed 114 vulnerabilities fixed in the monthly security, over half of which could potentially be exploited for remote code execution by attackers. Of the 55 remote execution bugs, over half were tied to Windows’ Remote Procedure Call (RPC) interface. Four more were Microsoft Exchange bugs (all urgent fixes) reported to Microsoft by the National Security Agency. In addition, six Chrome vulnerabilities that were previously addressed by Google are included in the roll-up.

https://news.sophos.com/en-us/2021/04/13/microsofts-april-update-patches-114-bugs-more-than-half-of-which-allow-remote-code-execution/

Nation-State Cyber Attacks Targeting Businesses Are On The Rise

Businesses are increasingly coming under fire from nation state-backed hackers as governments around the world engage in attacks to steal secrets or lay the foundations for future attacks. Nation States, Cyberconflict and the Web of Profit, a study by cyber security researchers at HP and criminologists at the University of Surrey, warns that the number of key nation-state attacks has risen significantly over the past three years – and that enterprises and businesses are increasingly being targeted. An analysis of nation-state cyber attacks between 2017 and 2020 reveals that just over a third of organisations targeted were businesses: cyber defence, media, government, and critical infrastructure are all also common targets in these attacks, but enterprise has risen to the top of the list.

https://www.zdnet.com/article/nation-state-cyber-attacks-targeting-businesses-are-on-the-rise/

Cyber Criminals Are Installing Cryptojacking Malware On Unpatched Microsoft Exchange Servers

Cyber criminals are targeting vulnerable Microsoft Exchange servers with cryptocurrency mining malware in a campaign designed to secretly use the processing power of compromised systems to make money. Zero-day vulnerabilities in Microsoft Exchange Server were detailed last month when Microsoft released critical security updates to prevent the exploitation of vulnerable systems. Cyber attackers ranging from nation-state-linked hacking groups to ransomware gangs have rushed to take advantage of unpatched Exchange servers -- but they are not the only ones.

https://www.zdnet.com/article/free-money-cyber-criminals-are-installing-cryptojacking-malware-on-unpatched-microsoft-exchange-servers/

NAME:WRECK DNS Vulnerabilities Affect Over 100 Million Devices

Security researchers have disclosed nine vulnerabilities affecting network communication stacks running on at least 100 million devices. Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them. The vulnerabilities were found in a wide range of products, from high-performance servers and networking equipment to operational technology (OT) systems that monitor and control industrial equipment. According to researchers threat actors could exploit NAME:WRECK vulnerabilities to deal significant damage to government or enterprise servers, healthcare facilities, retailers, or companies in the manufacturing business by stealing sensitive data, modifying or taking equipment offline for sabotage purposes.

https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/

Brits Still Confused By Multi-Factor Authentication

The British public are still woefully underinformed and unaware of the security benefits of multi-factor authentication (MFA). The industry association, founded in 2012 to promote authentication standards and reduce global reliance on passwords, recently polled over 4000 consumers in the UK, France, Germany, and the US. It revealed that half (49%) UK consumers have had their social media accounts compromised or know a friend or family member who has. However, despite a continued number of high-profile account takeovers, 43% said this does not make them enhance security on their accounts, even though they “feel like” they should. Part of the problem seems to be a general lack of understanding about the benefits of MFA in protecting account holders from phishing, as well as credential stuffing and other brute force attack types. Although such features are offered by all social media companies today, over a quarter (26%) of respondents said they were not using or didn’t know about them.

https://www.infosecurity-magazine.com/news/brits-still-confused-by/

623K Payment Cards Stolen From Cyber Crime Forum

The Swarmshop cyber underground “card shop” has been hit by hackers, who lifted the site’s database of stolen payment-card data and leaked it online. That is according to researchers, who said that the database was posted on a rival underground forum. Card shops, are online cyber criminal forums where stolen payment-card data is bought and sold. Researchers said the database in question contains 623,036 payment-card records from card-issuers in Brazil, Canada, China, France, Mexico, Saudi Arabia, Singapore, the U.K., and the U.S.

https://threatpost.com/623m-payment-cards-stolen-from-cybercrime-forum/165336/

Threats

Ransomware

• How The Kremlin Provides A Safe Harbour For Ransomware

• Dutch Supermarkets Run Out Of Cheese After Ransomware Attack

• This Nasty Ransomware Hacks Your VPN To Break Into Your Device

Phishing

• New Invoice Payment Phishing Attack

• Tax Phish Swims Past Google Workspace Email Security

Other Social Engineering

• 7 New Social Engineering Tactics Threat Actors Are Using Now

• Cloud-Native Watering Hole Attack: Simple And Potentially Devastating

Malware

• Hackers Using Website's Contact Forms to Deliver IcedID Malware

Mobile

• Joker Malware Infected 538,000 Huawei Android Devices

Vulnerabilities

• Chrome And Edge Hacked By New Zero-Day Flaw — What To Do

• Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop

• Microsoft Security Update Fixes Zero-Day Vulnerabilities In Windows And Other Software

• Critical Security Alert: If You Haven't Patched This Old Vpn Vulnerability, Assume Your Network Is Compromised

• WhatsApp Addressed Two Security Vulnerabilities In Its App For Android That Could Have Been Exploited To Remotely Hack The Victim’s Device.

• Security Bug Allows Attackers to Brick Kubernetes Clusters

• 84% Of Codebases Contain An Open Source Vulnerability

Data Breaches

• Clubhouse Data Breach: 1.3 Million Users Have Info Leaked Online

• Covid Results Emails May Breach GDPR

Organised Crime & Criminal Actors

• Coronavirus Triggers Epidemic Of Cyber Fraud

Nation State Actors

• Iran Vows Revenge For 'Israeli' Attack On Natanz Nuclear Site

• US Poised To Impose Sanctions On Russia For Cyber-Attacks

• NSA: Top 5 Vulnerabilities Actively Abused By Russian Govt Hackers

Privacy

• 24% Of Workers Spied On By Bosses

Reports Published in the Last Week

• SMB Cyber Security Trust & Confidence Report 2021

• Most Imitated Brands In Phishing Emails In First Quarter Of 2021: Report

Other News

• A Casino Gets Hacked Through a Fish-Tank Thermometer

• SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

• Detecting the "Next" SolarWinds-Style Cyber Attack

• The FBI Is Remotely Hacking Hundreds Of Computers To Protect Them From Hafnium

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Cybercrime Jumped 23% Over Past Year, Says ONS

Cybercrime offenses reported by individuals and businesses have risen 23% over the past year, according to the Office for National Statistics (ONS).

The UK government body explained that 26,215 incidents were referred to the National Fraud Intelligence Bureau (NFIB) by Action Fraud in the year ending March 2020.

The year-on-year increase was driven by a large uptick in the two highest-volume “computer misuse” types reported to Action Fraud. “Hacking – social media and email” saw a 55% increase from 12,894 offenses, and “computer viruses/malware” incidents soared by 61% to reach 6745 cases.

The double-digit increase in reported cybercrime came in spite of improvements to “internal case review processes” and an online reporting tool at Action Fraud in October 2018 which meant some offenses previously categorized as computer misuse are now being properly identified as fraud, ONS said.

Why this matters:

Any increase in reported cyber crime is significant, but such a large rise is even more alarming and demonstrates that firms and individuals need to make sure they are treating these threats seriously.

Read more here: https://www.infosecurity-magazine.com/news/cybercrime-jumped-23-over-past-year#disqus_thread

Nearly half of employees have made a serious security mistake at work

Distraction and burnout can lead to serious mistakes when working online

New research from an email security firm has revealed that almost half (43%) of employees in the US and UK have made mistakes at work that have resulted in cyber security repercussions for themselves or their company.

A survey of 2,000 professionals between the ages of 18 and 51 to find out more about why workers make mistakes and how they can be prevented before they end up turning into data breaches.

Of the employees surveyed, a quarter of them confessed to clicking on links in a phishing email at work. The research also found that employees between 31 and 40 years of age were four times more likely than employees over age 51 to click on a phishing email. At the same time, male employees were twice as likely to do so than their female coworkers.

Why does this matter:

Cyber and Information Security is fundamentally a human problem, not an IT problem, and all the IT controls in the world are worth very little if humans bypass them or fail to follow safe working practices. Ensure your users, at all levels, are aware of the role they play in securing your organisation and make sure they receive adequate and suitable training.

https://www.techradar.com/news/nearly-half-of-employees-have-made-a-mistake-that-had-cybersecurity-repercussions

99.9 Percent of Hacked Microsoft Accounts Don’t Use 2FA

Two-factor authentication (2FA) is the single most effective method of preventing unauthorised access to an online account as number from Microsoft prove.

Microsoft tracks over 1 billion active accounts monthly, which is nearly 1/8 of the world’s population. These generate more than 30 billion monthly login events. Every login to a corporate O365 account can generate multiple login entries across multiple apps, as well as additional events for other apps that use O365 for single sign-on.

If that number sounds big, bear in mind that Microsoft stops 300 million fraudulent sign-in attempts every day. Again, that’s not per year or per month, but 300 million per day.

In January 2020, 480,000 Microsoft accounts—0.048 percent of all Microsoft accounts—were compromised by spraying attacks. This is when an attacker runs a common password (like “Spring2020!”) against lists of thousands of accounts, in the hopes that some of those will have used that common password.

Sprays are just one form of attack; hundreds and thousands more were caused by credential stuffing. To perpetuate these, the attacker buys usernames and passwords on the dark web and tries them on other systems.

Then, there’s phishing, which is when an attacker convinces you to log in to a fake website to get your password. These methods are how online accounts are typically “hacked,” in common parlance.

In all, over 1 million Microsoft accounts were breached in January. That’s just over 32,000 compromised accounts per day, which sounds bad until you remember the 300 million fraudulent login attempts stopped per day.

But the most important number of all is that 99.9 percent of all Microsoft account breaches would have been stopped if the accounts had two-factor authentication enabled.

Why this matters:

Two-factor authentication (2FA) is the single most effective method of preventing unauthorised access to online accounts, remediating (or preventing) approximately 95% of attacks. That this simple step, normally available free of charge from online account providers, is so effective means it should be implemented wherever and whenever possible.

Read more here: https://www.howtogeek.com/681419/watch-out-99.9-of-hacked-microsoft-accounts-dont-use-2fa/

Adobe issues emergency fixes for critical vulnerabilities in Photoshop, Bridge, Prelude

Adobe has released an out-of-band emergency security update for Photoshop, Prelude, and Bridge.

On Tuesday, a week after issuing the firm's standard monthly security update, Adobe published security advisories revealing a total of 13 vulnerabilities, 12 of which are deemed critical.

Five vulnerabilities have now been resolved in Photoshop CC 2019 -- versions 20.0.9 and earlier -- and Photoshop 2020 -- versions 21.2 and earlier -- on Windows machines.

All of these vulnerabilities are considered critical, as if exploited, can lead to arbitrary code execution.

Why does this matter:

Vulnerabilities in software are exploited by attackers, patching these vulnerabilities means the vulnerabilities cannot then be exploited. Updates should always be installed as soon as possible to prevent them from being used in attacks.

Read more: https://www.zdnet.com/article/adobe-issues-emergency-fixes-for-vulnerabilities-in-photoshop-prelude/

Blackbaud Hack: Universities lose data to ransomware attack

At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked a cloud computing provider.

Human Rights Watch and the children's mental health charity, Young Minds, have also confirmed they were affected.

The hack targeted Blackbaud, one of the world's largest providers of education administration, fundraising, and financial management software.

The US-based company's systems were hacked in May and it has been criticised for not disclosing this externally until July and for having paid the hackers an undisclosed ransom.

In some cases, the data was limited to that of former students, who had been asked to financially support the establishments they had graduated from. But in others it extended to staff, existing students and other supporters.

The institutions the BBC has confirmed have been affected are:

·         University of York

·         Oxford Brookes University

·         Loughborough University

·         University of Leeds

·         University of London

·         University of Reading

·         University College, Oxford

·         Ambrose University in Alberta, Canada

·         Human Rights Watch

·         Young Minds

·         Rhode Island School of Design in the US

·         University of Exeter

In some cases, the stolen data included phone numbers, donation history and events attended. Credit card and other payment details do not appear to have been exposed.

Why does this matter:

Every entity, business, organisation and individual is at risk from ransomware, the bigger the organisation the more point of entries exist but this does not mean this is not a major threat to smaller businesses too. Nearly all these attacks stem from a user clicking on a link in a phishing email so make sure your staff are adept at spotting phishing emails.

https://www.bbc.co.uk/news/technology-53516413

Amazon Prime phishing scam returns - here's all you need to know

Shoppers warned of phone and email attacks against Amazon Prime users

Shoppers using Amazon Prime have been warned about a major phishing scam which appears to have resurfaced across the country

The scammers target victims via an automated telephone call claiming that they have opened an Amazon Prime account and that they should "press one" to cancel the transaction.

Doing so will connect the call to a fraudster posing as an Amazon customer service representative who then informs the recipient of the call that their subscription was purchased fraudulently due to a supposed "security flaw" on the targeted person's computer. The bogus Amazon representative then asks for remote access to the recipient's computer, supposedly to fix the security breach. Remote access gives control access allowing the scammers to steal personal information, including passwords and banking information.

There is also an email version of the same scam.

The email version of this scam sees the victim receiving a message stating they have started an Amazon Music subscription charged at £28.99 per month. The email then asks the recipient to click a link if they want to cancel the subscription and receive a refund - but the page they are taken to in order to input their card details and receive the refund will instead send their details to fraudsters.

Why does this matter:

Scammers only need a small number of people they target to fall for the scam for it to be profitable for them, so unfortunately these types of scams are not going to go away any time soon. Make sure you keep up to date with the latest and emerging scams and make sure relatives who might fall victim to these scams are also aware that these types of attacks are happening all the time so to exercise caution if they receive calls or emails of this nature.

Read more here: https://www.techradar.com/uk/news/amazon-prime-phishing-scam-returns-heres-all-you-need-to-know

Phishing attacks concealed in Google Cloud Services

Cyber criminals are increasingly concealing phishing efforts behind legitimate resources.

A lie is best concealed between two truths, an old saying goes, and it seems hackers are using this wisdom to better hide their phishing efforts.

Cyber security researchers are warning of a phishing campaign that utilises Google Cloud Services and offers legitimate PDF whitepapers to victims that give away their login credentials.

According to the researchers, it all starts with a PDF document uploaded to Google Drive, containing a link to a phishing page. The landing page requires the user to log in with their Office 365 or organisation email.

After the victim gives away their login credentials, they are redirected to a genuine PDF report published by a “renowned global consulting firm.”

Why does this matter:

Since the phishing page is hosted on Google Cloud Storage, the user might not become suspicious. Hackers are swarming around the cloud storage services that we rely on and trust, making it much tougher to identify actual phishing attacks. Traditional red flags of a phishing attack, such as look-alike domains or websites without certificates, won’t help us much as we enter a potential cyber pandemic. Users of Google Cloud Platform, even AWS and Azure users, should all beware of this fast-growing trend and learn how to protect themselves. It starts by thinking twice about the files you receive from senders.

Read more here: https://www.itproportal.com/news/phishing-attacks-concealed-in-google-cloud-services/

Analysts Detect New Banking Malware

A new strain of banking malware dubbed BlackRock has been detected by researchers

An investigation into its origins has revealed BlackRock to be derived from the Xerxes banking malware. Xerxes was in turn spawned out of the LokiBot Android banking Trojan, first detected around four years ago.

The source code of the Xerxes malware was made public by its author around May 2019, making it possible for any threat actor to get their hands on it. Despite the code's availability, researchers found that the only Android banking Trojan based on Xerxes' source code that is currently operating appears to be BlackRock.

Why this matters:

This malevolent malware steals credentials not only from banking apps but also from other apps designed to facilitate communication, shopping and business. In total, the researchers found 337 Android apps were impacted, including dating, social networking and cryptocurrency apps.

Read more here: https://www.infosecurity-magazine.com/news/analysts-detect-new-banking/#disqus_thread

Hackers wipe out more than 1,000 databases, leaving only the word 'meow'

Over 1000 unsecured databases have been permanently deleted, leaving only the word “meow” behind.

The attack saw a database that had details of the UFO VPN. UFO VPN, and other products from seemingly the same company, had recently been in the news for exposing user information.

Information exposed include unencrypted account passwords, location information, and IP addresses of user devices and VPN servers.

The VPN, and others like it, claimed that it was not logging user details. Reports alleged that this was not the case.

The attack seems to have come from a bot, according to Forbes, as the attack script overwrites database indexes with random numerical strings and the word ‘Meow’.

Why does this matter:

Unsecured databases are wide open to attackers and not only can the contents be read and information gleaned used in other attacks they can also, as was the case in this attack, be deleted, losing all data.

https://www.independent.co.uk/life-style/gadgets-and-tech/news/database-hack-meow-attack-security-ufo-vpn-a9634906.html

Is your smart home hosting malware attacks?

It’s not only computers that can be compromised by hackers, almost any electronic device can be compromised – including your smart home gadgets.

Researchers have discovered a new family of malware called Mozi that has been quickly spreading online since last year and appears to have been designed specifically to attack low-power smart devices. Once installed, the malware tries to make contact with other infected devices, adding itself to a botnet (a collection of other compromised devices).

Infected device continues to operate normally however the devices constantly ‘listening’ for instructions from the botnet. The botnet has been designed to launch Distributed Denial of Service attacks (DDoS) that can be used to attack and crash online services and websites. Once activated, your infected devices will be used by hackers to participate in large DDoS attacks.

Some variants can also steal data, or execute additional code, allowing hackers to gain control of your network.

As the malware evolves, the list of affected devices will undoubtedly grow.

Why does this matter:

Almost any electronic device can be compromised to serve malware, be co-opted into taking part in distributed denial of service attacks or otherwise be exploited or used as a point of entry into a network. As more and more of these devices appear in our homes and offices many people do not realise they are significantly increasing their potential attack surface.

Read more: https://www.pandasecurity.com/mediacenter/mobile-news/smart-home-hosting-malware/

Russian cyber attacks an 'urgent threat' to national security

Russia's cyber attack capabilities -- and its willingness to use them -- pose an "immediate and urgent threat" to the UK's national security, according to a report from a committee of MPs.

The long- delayed Russia report from the UK parliament's Intelligence and Security Committee (ISC) describes how it sees Russia's abilities to use malicious cyber activities to further its aims.

"Russia's cyber capability, when combined with its willingness to deploy it in a malicious capacity, is a matter of grave concern, and poses an immediate and urgent threat to our national security," the report said.

Why does this matter:

Given the immediate threat that Russia poses to UK national security, it is concerning that there is no clear coordination of the numerous organisations across the UK intelligence community working on this issue. The risks posed by Russia, and other nation states such as China, Iran and North Korea should not be understated or ignored.

Read more here: https://www.zdnet.com/article/russian-cyberattacks-an-urgent-threat-to-national-security/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.