Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 26 March 2021
Black Arrow Cyber Threat Briefing 26 March 2021: Cyber Warfare Will Grind Britain’s Economy To A Halt; $2 Billion Lost To BEC Scams In 2020; Ransomware Gangs Targets Firms With Cyber Insurance; Three Billion Phishing Emails Are Sent Every Day; $50 Million Ransomware For Computer Maker Acer; Office 365 Phishing Attack Targets Financial Execs; MS Exchange Hacking, Thousands Of Email Servers Still Compromised; Average Ransom Payment Surged 171% in 2020; Phishers’ Perfect Targets: Employees Getting Back To The Office; Nasty Malware Stealing Amazon, Facebook And Google Passwords
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Warfare Will Grind Britain’s Economy To A Halt
The UK Integrated Security, Defence, Development and Foreign Policy Review was published this week, reflecting on current concerns and previously announced initiatives. The policy made it clear that emerging networks and technologies, such as electric vehicle charging points, provide an opportunity for adversaries to unbalance, paralyse or even defeat us, and a large scale attack on the UK could grind Britain’s economy to a halt.
https://www.telegraph.co.uk/technology/2021/03/22/cyber-warfare-will-grind-britains-economy-halt/
Almost $2 Billion Lost To BEC Scams In 2020
Losses emanating from Business Email Compromise (BEC) and Email Account Compromise (EAC) scams surpassed US$1.86 billion last year, which is more than the combined losses stemming from the next six costliest types of cyber crime. 19,000 reports of BEC/EAC scams last year, a decrease compared to the almost 24,000 incidents reported in 2019. The associated losses, however, increased by over US$90 million and accounted for 45 percent of the total losses (US$4.2 billion).
https://www.welivesecurity.com/2021/03/23/almost-2billion-lost-bec-scams-2020/
Ransomware Gang Says It Targets Firms Who Have Cyber Insurance
What I found particularly fascinating was a claim made by “Unknown” that the REvil gang specifically targets firms who have taken out insurance against ransomware attacks – presumably in the understandable belief that those corporate victims are more likely to pay up.
https://grahamcluley.com/ransomware-gang-says-it-targets-firms-with-cyber-insurance/
Three Billion Phishing Emails Are Sent Every Day
Cyber criminals are sending over three billion emails a day as part of phishing attacks designed to look like they come from trusted senders. By spoofing the sender identity used in the 'from' field in messages, cyber criminals attempt to lure potential victims into opening emails from names they trust. This could be the name of a trusted brand like a retailer or delivery company, or even, in more sophisticated attacks, the name of their CEO or a colleague.
Ransomware Gang Demands $50 Million From Computer Maker Acer
Acer has suffered a ransomware attack over the past weekend at the hands of the REvil ransomware gang, which is now demanding a whopping $50 million ransom payment to decrypt the company’s computers and not leak its data on the dark web. The attack has not disrupted production systems but only hit the company’s back-office network. The security breach was not deemed disruptive enough to prevent or delay the computer maker from announcing its Q4 2020 financial results on Wednesday.
https://therecord.media/ransomware-gang-demands-50-million-from-computer-maker-acer/
Office 365 Phishing Attack Targets Financial Execs
A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise (BEC) attacks. These new, sophisticated attacks are aimed at C-suite executives, their assistants, and financial departments, and can work around email security and Office 365 defences.
https://threatpost.com/office-365-phishing-attack-financial-execs/164925/
Microsoft Exchange Hacking: Thousands Of Email Servers Still Compromised – Ransomware Operators Still Piling In On Already Hacked Servers
Thousands of Microsoft Exchange servers are still compromised by hackers even after applying fixes. Owners of email servers that were compromised before Microsoft Corp. issued a patch nearly three weeks ago must take additional measures to remove the hackers from their networks. Microsoft has previously warned that patching will not evict a hacker who has already compromised a server.
Average Ransom Payment Surged 171% in 2020
The average ransomware payment soared by 171% year-on-year in 2020 as cyber crime gangs queued up to exploit the pandemic. The security vendor’s Unit 42 division compiled its Ransomware Threat Report 2021 from analysis of over 19,000 network sessions, 252 ransomware leak sites and 337 victim organizations.
https://www.infosecurity-magazine.com/news/average-ransom-payment-surged-171/
Phishers’ Perfect Targets: Employees Getting Back To The Office
Phishers have been exploiting people’s fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start and will continue to do it for as long it affects out private and working lives. Cyber criminals continually exploit public interest in COVID-19 relief, vaccines, and variant news, spoofing the Centers for Disease Control (CDC), U.S. Internal Revenue Service (IRS), U.S. Department of Health and Human Services (HHS), World Health Organization (WHO), and other agencies and businesses.
https://www.helpnetsecurity.com/2021/03/22/phishers-employees/
Nasty Malware Stealing Amazon, Facebook And Google Passwords
A new piece of malware called CopperStealer is lurking in “cracked” software downloads available on pirated-content sites, and the malware can compromise your login info for Amazon, Apple, Facebook and Google, among other services. Notably, CopperStealer runs on the same basic principles as SilentFade, a pernicious piece of malware that ravaged Facebook accounts back in 2019.
https://www.tomsguide.com/news/cracked-software-copperstealer-malware
Threats
Ransomware
Phishing
9,000 Employees Targeted In Phishing Attack Against California Agency
Microsoft Warns Of Phishing Attacks Bypassing Email Gateways
Malware
Fraudsters Jump On Clubhouse Hype To Push Malicious Android App
Purple Fox Malware Evolves To Propagate Across Windows Machines
Nasty malware stealing Amazon, Facebook and Google passwords
IOT
Vulnerabilities
5G Network Slicing Vulnerability Leaves Enterprises Exposed To Cyber Attacks
Hackers Are Exploiting A Server Vulnerability With A Severity Of 9.8 Out Of 10
Openssl Fixes Severe Dos, Certificate Validation Vulnerabilities
Data Breaches
FatFace Tells Customers To Keep Its Data Breach ‘Strictly Private’
Energy giant Shell discloses data breach after Accellion hack
Organised Crime & Criminal Actors
OT, ICS, IIoT and SCADA
Nation State Actors
Privacy
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 January 2021
Black Arrow Cyber Threat Briefing 29 January 2021: Phishing Attacks Show High-Ranking Execs ‘Most Valuable Asset’ and ‘Greatest Vulnerability’; Paying Ransomware Funding Organised Crime; Police take down botnet that hacked millions of computers; After SolarWinds Hack, Who Knows What Cyber Dangers We Face; Russian businesses warned of retaliatory cyber attacks; iOS vulns actively exploited; Top Cyber Attacks of 2020
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
Phishing Attacks Show High-Ranking Execs May Be ‘Most Valuable Asset,’ and ‘Greatest Vulnerability’
Cyber criminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The scheme highlights the role and responsibility upper management plays in ensuring the security of their own company’s assets.
Insurers 'Funding Organised Crime' by Paying Ransomware Claims
Insurers are inadvertently funding organised crime by paying out claims from companies who have paid ransoms to regain access to data and systems after a hacking attack, Britain’s former top cybersecurity official has warned.
Emotet: Police raids take down botnet that hacked 'millions of computers worldwide'
Emotet, one of the world's most dangerous cyber crime services, has been taken down following one of the largest ever internationally-coordinated actions against cyber criminals. Although it began as banking malware designed to steal financial credentials, Emotet had become an infrastructure tool leased out to cyber criminals to break into victim computer networks and install additional malicious software.
After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face
Months before insurgents breached the Capitol and rampaged through the halls of Congress, a stealthier invader was muscling its way into the computers of government officials, stealing documents, monitoring e-mails, and setting traps for future incursions. Last March, a hacking team, believed to be affiliated with Russian intelligence, planted malware in a routine software upgrade from a Texas-based I.T. company called SolarWinds, which provides network-management systems to more than three hundred thousand clients.
FSB warns Russian businesses of cyber attacks as retaliation for SolarWinds hack
Russian authorities are alerting Russian organizations of potential cyberattacks launched by the United States in response to SolarWinds attack. The Russian intelligence agency FSB has issued a security alert this week warning Russian organizations of potential cyberattacks launched by the United States in response to the SolarWinds supply chain attack.
Update your iPhone — Apple just disclosed hackers may have 'actively exploited' a vulnerability in its iOS
On Tuesday released a new iOS software update that includes fixes for three security weaknesses in the former version. Its support website that it is aware of the three security bugs and that they "may have been actively exploited. “Also, it does not disclose details regarding security issues "until an investigation has occurred."
Top Cyber Attacks of 2020
"Zoombomb" became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images. Nation-state hacker groups mounted attacks against organisations involved in the coronavirus pandemic response, including the World Health Organization and Centres for Disease Control and Prevention, some in an attempt to politicize the pandemic.
https://thehackernews.com/2021/01/top-cyber-attacks-of-2020.html
Threats
Ransomware
Cyber Criminals use deceased staff accounts to spread Nemty ransomware
US and Bulgarian authorities disrupt NetWalker ransomware operation
Former UK Cyber Security Chief Says Laws Are Needed to Stop Ransomware Payouts
BEC
Phishing
Other Social Engineering
Malware
DreamBus botnet targets enterprise apps running on Linux servers
Trickbot is back again - with fresh phishing and malware attacks
Mobile
Vulnerabilities
Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges
Vulnerability found in top messaging apps let hackers eavesdrop
Experts Detail A Recent Remotely Exploitable Windows Vulnerability
Former LulzSec Hacker Releases VPN Exploit Used to Hack Hacking Team
KindleDrip exploit – Hacking a Kindle device with a simple email
Data Breaches
Charities
Insider Threats
Nation-State Actors
Denial of Service
Privacy
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 January 2021
Black Arrow Cyber Threat Briefing 15 January 2021: Two Thirds of Employees Don’t Consider Security Whilst Working from Home; Ransomware Gangs Targeting Top Execs; Microsoft emits 83 security fixes – and miscreants are already exploiting vulnerabilities in Windows Defender; Android malware gives hackers full control of your smartphone; Massive fraud campaign sees millions vanish from online bank accounts
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
Two-Thirds of Employees Don’t Consider Security Whilst Home Working
More than two-thirds (68%) of UK workers do not consider the cyber security impact of working from home, according to a new study. The survey of 2043 employees in the UK demonstrated a lack of awareness about how to stay secure whilst working remotely, which is putting businesses at risk of attacks. The shift to home working as a result of COVID-19 means that staff in many organizations are operating across insecure devices and networks, providing opportunities for cyber-criminals.
https://www.infosecurity-magazine.com/news/two-thirds-employees-security-home/
Ransomware Gangs Scavenge for Sensitive Data by Targeting Top Executives
In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm’s management team. And one of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom.
Microsoft emits 83 security fixes – and miscreants are already exploiting one of the vulnerabilities in Windows Defender
83 vulnerabilities in its software, which does not include the 13 flaws fixed in its Edge browser last week. That's up from 58 repairs made in December, 2020, a relatively light month by recent standards. Affected applications include: Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.
https://www.theregister.com/2021/01/12/patch_tuesday_fixes/
This Android malware claims to give hackers full control of your smartphone
The 'Rogue' remote administration tool (RAT) infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps in order to steal usernames and passwords, as well as financial data. The low cost of the malware reflects the increasing sophistication of the criminal ecosystem that is making it possible for wannabe crooks with limited technical skills to acquire the tools to stage attacks.
Massive fraud campaign sees millions vanish from online bank accounts
Researchers have uncovered an extensive fraud campaign that saw millions of dollars drained from victims’ online bank accounts. The operation was discovered by experts at IBM Trusteer, the IT giant’s security division, who described the attack as unprecedented in scale. To gain access to online banking accounts, the fraudsters are said to have utilized a piece of software known as a mobile emulator, which creates a virtual clone of a smartphone.
SolarWinds Hack Followed Years of Warnings of Weak Cyber Security
Congress and federal agencies have been slow or unwilling to address warnings about cyber security, shelving recommendations that are considered high priority while investing in programs that have fallen short. The massive cyber-attack by suspected Russian hackers, disclosed in December, came after years of warnings from a watchdog group and cyber security experts. For instance, the Cyberspace Solarium Commission, which was created by Congress to come up with strategies to thwart sizable cyber-attacks, presented a set of recommendations to Congress in March that included additional safeguards to ensure more trusted supply chains.
Threats
Ransomware
Hacker used ransomware to lock victims in their IoT chastity belt
Ransomware Attack Costs Health Network $1.5m a Day
Dassault Falcon Jet reports data breach after ransomware attack
IOT
Cyber experts say advice from breached IoT device company Ubiquiti falls short
Phishing
Iranian cyber spies behind major Christmas SMS spear-phishing campaign
Malware
macOS malware used run-only AppleScripts to avoid detection for five years
Going Rogue – a Mastermind Behind Android Malware Returns with a New Remote Access Trojan (RAT)
Emotet Tops Malware Charts in December After Reboot
Vulnerabilities
Windows 10 bug corrupts your hard drive on seeing this file's icon
Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
Adobe fixes critical code execution vulnerabilities in 2021's first major patch round
Data Breaches
Over 16,000 customers seeking compensation for British Airways data breach
New Zealand Central Bank Breach Hit Other Companies
Massive Parler data leak exposes millions of posts, messages and videos
Millions of Social Profiles Leaked by Chinese Data-Scrapers
Hackers leak stolen Pfizer COVID-19 vaccine data online
United Nations data breach exposed over 100k UNEP staff records
Organised Crime
Europol shuts down the world's largest dark web marketplace
Nation State Actors
Third malware strain discovered in SolarWinds supply chain attack
Privacy
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Why Execs Present One Of The Biggest Insider Risks to Any Organisation - Cyber Tip Tuesday Video Blog
Why Execs Present One Of The Biggest Insider Risks to Any Organisation - Cyber Tip Tuesday Video Blog