Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 17 March 2023
Black Arrow Cyber Threat Briefing 17 March 2023:
-Almost Half of IT Leaders Consider Security as an Afterthought
-Over $10bn Lost To Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says
-Over 721 Million Passwords Were Leaked in 2022
-How Much of a Cyber Security Risk are Suppliers?
-90% of £5m+ Businesses Hit by Cyber Attacks
-Rushed Cloud Migrations Result in Escalating Technical Debt
-17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
-Microsoft Warns of Large-Scale Use of Phishing Kits
-BEC Volumes Double on Phishing Surge
-The Risk of Pasting Confidential Company Data in ChatGPT
-Ransomware Attacks have Entered a New Phase
-MI5 Launches New Agency to Tackle State-Backed Attacks
-Why Cyber Awareness Training is an Ongoing Process
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Almost Half of IT Leaders Consider Security as an Afterthought
A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.
Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says
According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.
Over 721 Million Passwords were Leaked in 2022
A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.
https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/
How Much of a Cyber Security Risk are Suppliers?
When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.
https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2
90% of £5m+ Businesses Hit by Cyber Attacks
A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.
https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/
Rushed Cloud Migrations Result in Escalating Technical Debt
A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.
https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.
Microsoft Warns of Large-Scale Use of Phishing Kits
Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.
https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html
BEC Volumes Double on Phishing Surge
The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.
https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/
The Risk of Pasting Confidential Company Data in ChatGPT
Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.
https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html
Ransomware Attacks have Entered a Heinous New Phase
With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.
https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/
MI5 Launches New Agency to Tackle State-Backed Attacks
British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.
https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/
Why Cyber Awareness Training is an Ongoing Process
A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.
Threats
Ransomware, Extortion and Destructive Attacks
BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)
Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru
FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)
Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)
Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)
Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)
CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)
Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs
Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register
Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)
5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert
Dish customers kept in the dark as ransomware fallout continues | TechCrunch
Cancer patient sues hospital over stolen naked photos • The Register
ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)
Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert
Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)
Universities and colleges cope silently with ransomware attacks | CSO Online
Phishing & Email Based Attacks
Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica
Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)
6 reasons why your anti-phishing strategy isn’t working | CSO Online
Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)
Botnet that knows your name and quotes your email is back with new tricks | Ars Technica
Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)
How two-step phishing attacks evade detection and what you can do about it - Help Net Security
BEC – Business Email Compromise
Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)
Organizations need to re-examine their approach to BEC protection - Help Net Security
BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)
2FA/MFA
Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)
Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica
Malware
Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)
Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)
Law enforcement seized the website selling the NetWire RAT- - Security Affairs
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)
Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)
Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)
Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)
New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)
Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)
Mobile
Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)
GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET
FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)
Botnets
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)
Botnet that knows your name and quotes your email is back with new tricks | Ars Technica
Denial of Service/DoS/DDOS
Internet of Things – IoT
Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)
Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)
Data Breaches/Leaks
Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert
Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)
BMW exposes data of clients in Italy, experts warn- - Security Affairs
Acronis states that only one customer's account was compromised- - Security Affairs
Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch
LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek
Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru
CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)
Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto
UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)
CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs
Claim: FTX leaders helped themselves to $3.2B in cash • The Register
Feds charge exiled Chinese billionaire over crypto fraud • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek
Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru
ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET
Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)
The SVB demise is a fraudster's paradise, so take precautions - Help Net Security
Fighting financial fraud through fusion centers - Help Net Security
UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)
UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Claim: FTX leaders helped themselves to $3.2B in cash • The Register
Feds charge exiled Chinese billionaire over crypto fraud • The Register
Impersonation Attacks
Deepfakes
AML/CFT/Sanctions
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Dark Web
Supply Chain and Third Parties
Top 10 operational risks: focus on third-party risk - Risk.net
How much of a cyber security risk are my suppliers? (thetimes.co.uk)
Software Supply Chain
We can't wait for SBOMs to be demanded by regulation - Help Net Security
Best practices for securing the software application supply chain - Help Net Security
Cloud/SaaS
Rushed cloud migrations result in escalating technical debt - Help Net Security
CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat
How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)
Navigating the future of digital identity - Help Net Security
Encryption
Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
Passwords, Credential Stuffing & Brute Force Attacks
Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert
Study: Over 721 million passwords were leaked in 2022 - Neowin
Social Media
UK bans TikTok from government mobile phones | TikTok | The Guardian
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop
Governance, Risk and Compliance
Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)
Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)
6 principles for building engaged security governance | TechTarget
Models, Frameworks and Standards
How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)
Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)
Data Protection
Law Enforcement Action and Take Downs
International authorities bring NetWire's malware infrastructure to a standstill | TechSpot
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
Privacy, Surveillance and Mass Monitoring
German states rethink reliance on Palantir technology | Financial Times (ft.com)
Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert
Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)
Artificial Intelligence
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)
ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek
How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)
UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News
Why red team exercises for AI should be on a CISO's radar | CSO Online
GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop
UK bans TikTok from government mobile phones | TikTok | The Guardian
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek
Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)
Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert
YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)
China sought control of telecoms to spy on Micronesia • The Register
Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian
This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Polish intelligence dismantled a network of Russian spies- Security Affairs
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs
Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ
Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Nation State Actors
UK bans TikTok from government mobile phones | TikTok | The Guardian
North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop
A new Chinese era: security and control | Financial Times (ft.com)
Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)
Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online
Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)
China sought control of telecoms to spy on Micronesia • The Register
CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop
APT29 abuses EU information exchange systems in recent attacks- Security Affairs
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)
Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian
This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs
Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ
Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Vulnerabilities
Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)
Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)
Microsoft and Fortinet fix bugs under active exploit • The Register
CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)
Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs
Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto
SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)
Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek
Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)
Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)
Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)
Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek
Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)
Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica
Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET
Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Tools and Controls
Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)
What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)
Set up PowerShell script block logging for added security | TechTarget
Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)
Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)
5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert
5 Steps to Effective Cloud Detection and Response - The New Stack
Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)
ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)
Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)
Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 March 2022
Black Arrow Cyber Threat Briefing 18 March 2022
-Guernsey Cyber Security Warning For Islanders And Businesses
-CISOs Face 'Perfect Storm' Of Ransomware And State-Supported Cyber Crime
-Four Key Risks Exacerbated By Russia’s Invasion Of Ukraine
-These Four Types Of Ransomware Make Up Nearly Three-Quarters Of Reported Incidents
-Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'
-Cyber Insurance War Exclusions Loom Amid Ukraine Crisis
-Zelenskyy Deepfake Crude, But Still Might Be A Harbinger Of Dangers Ahead
-Cyber Crooks’ Political In-Fighting Threatens the West
-Cloud-Based Email Threats Surge 50% in 2021
-Millions of New Mobile Malware Strains Blitzed Enterprise in 2021
-UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit
-Russian Ransomware Gang Retool Custom Hacking Tools Of Other APT Groups
-The Massive Impact of Vulnerabilities In Critical Infrastructure
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Guernsey Cyber Security Warning for Islanders and Businesses
There has been a rise in cyber-attacks since the war in Ukraine began, according to the States of Guernsey and a cyber-security firm.
The States said: "We have seen a noticeable increase in the number of phishing emails since the war began."
The Channel Islands see more than 10 million cyber attacks every month, according to research by Guernsey firm Black Arrow Cyber Consulting.
It encouraged vigilance, as the islands are not immune to these attacks.
A States spokesman said: "The whole community needs to remain vigilant against such emails, which are designed to appear to be from reputable sources in order to dupe people into providing personal information or access to their device via the clicking of a link."
Bruce McDougall, from Black Arrow Cyber Consulting, said: "Criminals don't let a good opportunity go to waste. So they're conducting scams encouraging people to make false payments in the belief they're collecting for charities."
https://www.bbc.co.uk/news/world-europe-guernsey-60763398
CISOs Face 'Perfect Storm' Of Ransomware and State-Supported Cyber Crime
As some nations turn a blind eye, defence becomes life-or-death matter
With ransomware gangs raiding network after network, and nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.
"There's this marriage right now of financially motivated cyber crime that can have a critical infrastructure and economic impact," Curry said during a CISO roundtable hosted by his endpoint security shop. "And there are some nation states that do what we call state-ignored sanctioning," he continued, using Russia-based REvil and Conti ransomware groups as examples of criminal operations that benefit from their home governments looking the other way.
"You get the umbrella of sovereignty, and you get the free license to be a privateer in essence," Curry said. "It's not just an economic threat. It's not just a geopolitical threat. It's a perfect storm."
It's probably not a huge surprise to anyone that destructive cyber attacks keep CISOs awake at night. But as chief information security officers across industries — in addition to Curry, the four others on the roundtable spanned retail, biopharmaceuticals, electronics manufacturing, and a cruise line — have watched threats evolve and criminal gangs mature, it becomes a battle to see who can innovate faster; the attackers or the defenders.
https://www.theregister.com/2022/03/18/ciso_security_storm/
Four Key Risks Exacerbated by Russia’s Invasion of Ukraine
Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.
“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.
“As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”
There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues: Talent Risk, Cyber Security Risk, Financial Risk and Supply Chain Risk
https://www.helpnetsecurity.com/2022/03/17/erm-leaders-risk/
These Four Types of Ransomware Make Up Nearly Three-Quarters of Reported Incidents
Any ransomware is a cyber security issue, but some strains are having more of an impact than others.
Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.
According to analysis by cyber security company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice.
Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare Executive. The group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each.
"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.
Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'
The cyber crime underground has fractured into pro-Ukraine and pro-Russia camps, with the latter increasingly focused on critical national infrastructure (CNI) targets in the West, according to a new report from Accenture.
The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm warned that the ideological schism could spell mounting risk for Western organisations as pro-Kremlin criminal groups adopt quasi-hacktivist tactics to choose their next victims.
Organisations in the government, media, finance, insurance, utilities and resources sectors should be braced for more attacks, said ACTI.
https://www.infosecurity-magazine.com/news/critical-infrastructure-threat/
Cyber Insurance War Exclusions Loom Amid Ukraine Crisis
An expanding threat landscape is testing the limits of cyber insurance coverage.
The industry experienced a rapid maturation over the past three years as enterprises required a broader umbrella of insurance coverage to combat increasing cyber risks. While demands and premiums continue to rise, one recent area of contention involves war and hostile acts, an exclusion that's becoming harder to categorize.
A judgment in December, coupled with the Russian invasion last month that posed potential cyber retaliations to Ukraine allies, highlighted shortcomings in insurance policies when it comes to cyber conflicts.
Zelenskyy Deepfake Crude, But Still Might Be a Harbinger of Dangers Ahead
Several deepfake video experts called a doctored video of Ukrainian President Volodymyr Zelenskyy that went viral this week before social media platforms removed it a poorly executed example of the form, but nonetheless damaging.
Elements of the Zelenskyy deepfake — which purported to show him calling for surrender — made it easy to debunk, they said. But that won’t always be the case.
https://www.cyberscoop.com/zelenskyy-deepfake-troubles-experts/
Cyber Crooks’ Political In-Fighting Threatens the West
They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.
A rift has formed in the cyber crime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware.
According to a report, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along ideological factions.”
“Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine,” wrote researchers from Accenture’s Cyber Threat Intelligence (ACTI). “However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering.”
What might otherwise seem like a good thing – bad guys fighting bad guys – may in fact pose an increased threat to the West.
https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/
Cloud-Based Email Threats Surge 50% in 2021
There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro.
The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence.
It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020.
The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed.
https://www.infosecurity-magazine.com/news/cloudbased-email-threats-surge-2021/
Millions of New Mobile Malware Strains Blitzed Enterprise in 2021
Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.
Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.
UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit
Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.
The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018.
The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.
https://www.theregister.com/2022/03/15/brit_solicitor_fined_for_failing/
Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups
A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found.
The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.
Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack.
The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as ADFind, NetScan, SoftPerfect, and LaZagne. Also employed is an AccountRestore executable to brute-force administrator credentials and a forked version of a reverse tunneling tool called Ligolo.
https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html
The Massive Impact of Vulnerabilities in Critical Infrastructure
Recent cyber events have shown how extremely vulnerable critical infrastructure is. What are the biggest security concerns?
In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is that there will be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict.
Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyber attacks. Though businesses are ramping up their security initiatives and investments to defend and protect, their efforts have largely been siloed, reactive, and lack business context. Lack of visibility of risk across the estate is a huge problem for this sector.
https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/
Threats
Ransomware
Nearly 34 Ransomware Variants Observed in Hundreds of Cyber Attacks in Q4 2021 (thehackernews.com)
Franchises, Partnerships Emerge in Ransomware-as-a-Service Operations | ZDNet
Dozens of Ransomware Variants Used In 722 Attacks Over 3 Months (bleepingcomputer.com)
Conti Leak: A Ransomware Gang's Chats Expose Its Crypto Plans | WIRED
Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops | Threatpost
SEC Filings Show Hidden Ransomware Costs And Losses | CSO Online
Exotic Lily Sells Ransomware Groups Access To Targets • The Register
New "Initial Access Broker" Working with Conti gang - IT Security Guru
Google Exposes Tactics Of A Conti Ransomware Access Broker (bleepingcomputer.com)
Avoslocker Ransomware Gang Targets US Critical Infrastructure - Security Affairs
How Prepared Are Organisations To Face A Ransomware Attack On Kubernetes? - Help Net Security
Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware (thehackernews.com)
Bridgestone Cyber Attack Timeline and Ransomware Recovery Details - MSSP Alert
Automotive Giant Denso Confirms Hack, Pandora Ransomware Group Takes Credit | ZDNet
Phishing & Email
Massive Phishing Campaign Uses 500+ Domains To Steal Credentials (bleepingcomputer.com)
How CAPTCHA Puzzles Cloak Phishing Page URLs In Emails • The Register
Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks (darkreading.com)
76,000 Scams Taken Down Through Email Reporting - IT Security Guru
Phony Instagram ‘Support Staff’ Emails Hit Insurance Company | Threatpost
This Browser-In-The-Browser Attack Is Perfect For Phishing • The Register
Malware
New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw (thehackernews.com)
Attacker Uses Websites' Contact Forms To Spread BazarLoader Malware | TechRepublic
Gh0stCringe RAT Targeting Database Servers in Recent Attacks | SecurityWeek.Com
Cyclops Blink Malware Sets Up Shop in ASUS Routers • The Register
DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (thehackernews.com)
Linux Botnet Exploits Log4j Flaw To Hijack Arm, x86 Systems • The Register
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel (360.com)
Russian Cyclops Blink Botnet Launches Assault Against Asus Routers | ZDNet
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control (thehackernews.com)
Mobile
2021 Mobile Security: Android More Vulnerabilities, iOS More Zero-Days (bleepingcomputer.com)
Thousands of Secret Keys Found in Leaked Samsung Source Code | SecurityWeek.Com
Scammers Have 2 Clever New Ways To Install Malicious Apps on iOS Devices | Ars Technica
Threat Intel Report: Who Is Behind Staggering 190GB Samsung Galaxy Hack? (forbes.com)
Android Trojan Persists On The Google Play Store Since January (bleepingcomputer.com)
IoT
Organised Crime & Criminal Actors
Financially Motivated Threat Actors Willing To Go After Russian Targets - Help Net Security
A Third of Malicious Logins Originate in Nigeria - Infosecurity Magazine
Phishers Exploit Ukraine Conflict To Solicit Crypto - IT Security Guru
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Supply Chain
DoS/DDoS
Cloud
How Cloud Services Become Weapons In Russia-Ukraine Cyber Conflict | ZDNet
The Next Big Cyber Security Threat Is Connected SaaS Platforms (thenextweb.com)
Privacy
Passwords & Credential Stuffing
Regulations, Fines and Legislation
CafePress Fined For Covering Up Customer Info Leak • The Register
Meta Fined €17 Million by Irish Regulator for GDPR Violations | CSO Online
Spyware, Espionage & Cyber Warfare
Nation State Actors
Nation State Actors – Russia
Conti Leaks Reveal the Ransomware Group’s Links to Russia | WIRED
How The Cyber World Can Support Ukraine | World Economic Forum (weforum.org)
FBI Warns of MFA Flaw Used By State Hackers For Lateral Movement (bleepingcomputer.com)
Ukraine Secret Service Arrests Hacker Helping Russian Invaders (thehackernews.com)
Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers (vice.com)
German Government Advises Against Using Kaspersky Antivirus (bleepingcomputer.com)
Ukraine's "IT Army" Hit With Info-Stealing Malware- IT Security Guru
Mozilla Firefox Removes Russian Search Providers Over Misinformation Concerns (bleepingcomputer.com)
Fake Antivirus Updates Used To Deploy Cobalt Strike in Ukraine (bleepingcomputer.com)
Ukrainian Hacktivists Allegedly Dumps Kaspersky Product Source Code Online (Updated) - Lowyat.NET
New CaddyWiper Data Wiping Malware Hits Ukrainian Networks (bleepingcomputer.com)
Top Ukrainian Cyber Official Praises Volunteer Hacks On Russian Targets, Offers Updates - CyberScoop
Anonymous Sent A Message To Russians: "Remove Putin" - Security Affairs
Cyber Attacks Cripple Russian Websites After Ukraine Invasion (gizmodo.com)
Russia Faces IT Crisis With Just Two Months Of Data Storage Left (bleepingcomputer.com)
Russia Labels Meta 'Extremist Organisation, Bans Instagram • The Register
Nation State Actors – China
China-Linked Threat Actors Are Targeting The Government Of Ukraine - Security Affairs
China Claims It Captured NSA Spy Tool That Already Leaked • The Register
Nation State Actors – Iran
Vulnerabilities
CISA Adds 15 Vulnerabilities To List Of Flaws Exploited In Attacks (bleepingcomputer.com)
New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access (thehackernews.com)
Apple Patch Day: Gaping Security Holes in iOS, macOS, iPadOS | SecurityWeek.Com
OpenSSL Patches Denial-Of-Service Certificate Flaw • The Register
OpenSSL Patches Infinite-Loop DoS Bug In Certificate Verification – Naked Security (sophos.com)
SolarWinds Warns Of Attacks Targeting Web Help Desk Instances (bleepingcomputer.com)
High-Severity Vulnerabilities Patched in BIND Server | SecurityWeek.Com
QNAP Warns Severe Linux Bug Affects Most Of Its NAS Devices (bleepingcomputer.com)
Sector Specific
Financial Services Sector
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines (thehackernews.com)
Banks on Alert For Russian Reprisal Cyber Attacks on Swift | Ars Technica
Fraudsters Use Intelligent Bots To Attack Financial Institutions (scmagazine.com)
70% of Financial Service Providers Are Implementing API Security - Help Net Security
Health/Medical/Pharma Sector
Transport and Aviation
Reports Published in the Last Week
Other News
Does the Free World Need a Global Cyber Alliance? | SecurityWeek.Com
Why EDR Is Not Sufficient To Protect Your Organisation - Help Net Security
Public and Private Sector Security: Better Protection by Collaboration | SecurityWeek.Com
The Importance Of Building In Security During Software Development - Help Net Security
How Fast Can Organisations Respond To A Cyber Security Crisis? - Help Net Security
Researcher Uses 379-Year-Old Algorithm To Crack Crypto Keys Found In The Wild | Ars Technica
How Pen Testing Gains Critical Security Buy-in and Defence Insight (darkreading.com)
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data | Threatpost
When IT Spending Plans Don't Reflect Security Priorities (darkreading.com)
Half of People Accept All Cookies Despite The Security Risk | TechRadar
Business Is At Last Collaborating On Cyber Security | Financial Times (ft.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.