Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 15 October 2021
Black Arrow Cyber Threat Briefing 15 October 2021
-The Human Element Is the Weakest Link
-Ransomware is the Biggest Cyber Threat to Business: Most Firms Still Aren't Ready for It
-Most Known Ransomware Targets Windows Devices
-67% of Organisations Have Been Hit by Ransomware at Least Once
-Russian Cyber Crime Gang Targets Finance Firms With Stealthy Macros
-70% of Businesses Can’t Ensure the Same Level of Protection for Every Endpoint
-Over 90% of Firms Suffered Supply Chain Breaches Last Year
-Ransomware Attacks Preparedness Lagging, Despite Organisations Being Aware of The Risks
-6 Things to Know About 'Killware,' Cyber Security's Next Big Threat
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
The Human Element Is the Weakest Link
Within the last week, Facebook has become the subject of a whistleblowing campaign featuring thousands of documents alleging malpractice. Despite their size and expected security controls, these documents have been exfiltrated without detection, lending credence to the idea of the insider threat. https://www.darkreading.com/risk/the-human-element-is-the-weakest-link
Ransomware is the Biggest Cyber Threat to Business But Most Firms Still Aren't Ready for It
Ransomware is still the most significant cyber security threat facing organisations – ranging from critical national infrastructure providers and large enterprises to schools and local businesses – but it's a threat that can be countered. https://www.zdnet.com/article/ransomware-is-now-the-most-urgent-cyber-threat-to-business-but-most-firms-arent-ready-for-it/
Most Known Ransomware Targets Windows Devices
Recently conducted research shows that 95% of identified ransomware is targeting Windows machines. Furthermore, the stats show that Israel are submitting by far the most ransomware samples, followed by South Korea, Vietnam, and China, with the UK in 10th place. https://www.theregister.com/2021/10/14/googles_virustotal_malware/
67% of Organisations Have Been Hit by Ransomware at Least Once
A recent report found that two-thirds of surveyed organizations have suffered a ransomware attack, with about half having been hit multiple times, and 16% having been hit three or more times. https://threatpost.com/podcast-67-percent-orgs-ransomware/175339/
Russian Cyber Crime Gang Targets Finance Firms With Stealthy Macros
A new phishing campaign dubbed MirrorBlast is deploying weaponized Excel documents that are extremely difficult to detect to compromise financial service organizations. The most notable feature of MirrorBlast is the low detection rates of the campaign's malicious Excel documents by security software, putting firms that rely solely upon detection tools at high risk. https://www.bleepingcomputer.com/news/security/russian-cybercrime-gang-targets-finance-firms-with-stealthy-macros/
70% of Businesses Can’t Ensure the Same Level of Protection for Every Endpoint
Recent research found that 86% of UK respondents believe it is not possible to fully prevent ransomware and malware attacks from compromising their organisations. It also found that the rise in the number of endpoints that businesses need to protect continues to be a key source of risk exposure. https://www.helpnetsecurity.com/2021/10/15/endpoint-protection-level/
Over 90% of Firms Suffered Supply Chain Breaches Last Year
A recent survey polled 1200 IT and procurement leaders responsible for supply chain and cyber risk management. Those polled came from global companies with 1,000+ employees and were used to compile its report: Managing Cyber Risk Across the Extended Vendor Ecosystem. The report revealed the average number of breaches experienced in the past 12 months grew from 2.7 in 2020 to 3.7 in 2021 – a 37% year-on-year increase. https://www.infosecurity-magazine.com/news/90-firms-supply-chain-breaches/
Cyber Security Shortcomings Exposed By The Pandemic
According to a survey by SecureAge, 48% of businesses have experienced a cyber breach during the COVID-19 pandemic and another 8% ‘were not sure’. In addition, 16% of employees said they personally had to deal with a cyber security incident during the same period. https://www.helpnetsecurity.com/2021/10/13/cybersecurity-shortcomings/
6 Things to Know About 'Killware,' Cyber Security's Next Big Threat
Threat actors are adopting a “killware” cyber model, which launches attacks on critical infrastructure with the intent to cause harm. Alejandro Mayorkas, secretary for Homeland Security, told USA Today he is worried about killware because it has the potential to kill. Hackers breached a water system in February this year, which was considered an unsuccessful attempt to distribute contaminated water to residents of Florida. "[The] attack was not for financial gain but rather purely to do harm,” he said. https://www.beckershospitalreview.com/cybersecurity/6-things-to-know-about-killware-cybersecurity-s-next-big-threat.html
2021 Nastiest Malware: Here to Stay and Ever Evolving
This year was yet another year with COVID-19 and malware running rampant in the headlines. Be it in person or online, the world is still struggling in the fight against viruses. This year took another turn for the worse when attacks on critical infrastructure and supply chains became a hot trend. https://www.helpnetsecurity.com/2021/10/12/nastiest-malware-2021/
Threats
Ransomware
Since 2020, At Least 130 Different Ransomware Families Have Been Active
This New Ransomware Encrypts Your Data And Makes Some Nasty Threats, Too
UK Cyber Head Says Russia Responsible For 'Devastating' Ransomware Attacks
US Ransomware Law Would Require Victims To Disclose Ransom Payments Within 48 Hours
Ransomware: Cyber Criminals Are Still Exploiting These Old Vulnerabilities, So Patch Now
BEC
Phishing
Malware
FontOnLake Malware Strikes Linux Systems In Targeted Attacks
Hackers Use Stealthy ShellClient Malware On Aerospace, Telco Firms
Vulnerabilities
NSA Warns Of Alpaca TLS Attack, Use Of Wildcard TLS Certificates[RP1]
Update Your Windows PCs Immediately To Patch New 0-Day Under Active Attack
Windows Zero-Day Actively Exploited In Widespread Espionage Campaign
Chinese Hackers Use Windows Zero-Day To Attack Defense, IT Firms
Apple Releases Urgent iPhone And iPad Updates To Patch New Zero-Day Vulnerability
Apache Patch Proves Patchy – Now You Need To Patch The Patch
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
CryptoRom Scam Rakes In $1.4m By Exploiting Apple Enterprise Features
Hackers Are Hijacking Copy And Paste To Steal Millions Of Dollars In Crypto Currency
Dark Web
Supply Chain
DoS/DDoS
Microsoft Says Azure Fended Off What Might Just Be The World's Biggest-Ever DDoS Attack
Ukrainian Police Arrest DDoS Operator Controlling 100,000 Bots
OT, ICS, IIoT and SCADA
Nation State Actors
Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries
Google Sent 50,000 Warnings Of State-Sponsored Attacks In 2021
How Shape-Shifting Threat Actors Complicate Attack Attribution
Google Warns Some Users That Fancybear’s Been Prowling Around
Microsoft: Iran-Linked Hackers Breached Office 365 Customer Accounts
We’re Not In Competition With China; We’re At War, Argues A Provocative New Book
Privacy
Amazon's Ring Doorbell Can Violate Your Neighbour’s Privacy, A UK Judge Rules
Amnesty International Links Cyber Security Firm To Spyware Operation
Study Reveals Android Phones Constantly Snoop On Their Users
Other News
Cyber Attack Shuts Down Ecuador's Largest Bank, Banco Pichincha[RP2]
30 Mins Or Less: Rapid Attacks Extort Orgs Without Ransomware
University Of Sunderland Is Latest To Be Hit By Cyber Attack
Russia Excluded From 30-Country Meeting To Fight Ransomware And Cyber Crime
Zero-Day Hunters Seek Laws To Prevent Vendors Suing Them For Helping Out And Doing Their Jobs
Google To Give Security Keys To ‘High Risk’ Users Targeted By Government Hackers
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 June 2021
Black Arrow Cyber Threat Briefing 11 June 2021: World’s Biggest Meat Producer JBS Pays $11m Ransom; New Type Of Ransomware Could Be 10 Times As Dangerous; Lewd Phishing Lures Aimed At Business Explode; UK Schools Forced To Shut Following Ransomware; COVID-19 Has Transformed Work, But Cyber Security Is Not Keeping Pace; Colonial Pipeline Ransomware Attack Stemmed From Old VPN Password; Evil Corp Rebrands Ransomware To Escape Sanctions; Billions Of Passwords Leaked Online From Past Data Breaches
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
World’s Biggest Meat Producer JBS Pays $11m Cyber Crime Ransom
JBS, the world’s biggest meat processor, has paid an $11m (£7.8m) ransom after a cyber attack shut down operations, including abattoirs in the US, Australia and Canada. While most of its operations have been restored, the Brazilian-headquartered company said it hoped the payment would head off any further complications including data theft. JBS, which supplies more than a fifth of all beef in the US, reportedly made the payment in bitcoin.
Jackware: A New Type Of Ransomware Could Be 10 Times As Dangerous
Between the attacks on Colonial Pipeline and JBS, which disrupted nearly half of the East Coast’s gasoline supply for a week and threatened 20% of the U.S. meat market, respectively, consumers are finally experiencing the first physical impacts to their daily lives from cyber attacks. As bad as these attacks are, they could get a lot worse. Cyber criminals are constantly evolving, and what is keeping many security professionals up at night is the growing risk of “jackware” — a new type of ransomware that could be 10 times more dangerous because instead of encrypting Windows computers and servers. Jackware hijacks the actual physical devices and machines that make modern life possible. It’s only a matter of when we will see these attacks happen
Lewd Phishing Lures Aimed At Business Explode
Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The Threat Intelligence team with GreatHorn made the discovery and explained it’s not simply libido driving users to click on these suggestive scams. Instead, these emails popping up on people’s screens at work are intended to shock the user, opening the door for them to make a reckless decision to click. It’s a tactic GreatHorn called “dynamite phishing.”
https://threatpost.com/lewd-phishing-lures-business-explode/166734/
UK Schools Forced To Shut Following Critical Ransomware Attack
Two schools in the south of England have been forced to temporarily close their doors after a ransomware attack that encrypted and stole sensitive data. The Skinners' Kent Academy and Skinners' Kent Primary School were attacked on June 2, according to a statement on the trust’s website which said it is currently working with third-party security experts, the police, and the National Cyber Security Centre (NCSC). It revealed that on-premises servers were targeted at the Tunbridge Well-based schools. As student and staff emergency contact details, medical records, timetables, and registers were encrypted by the attackers, the decision was taken to close on Monday.
https://www.infosecurity-magazine.com/news/schools-shut-ransomware-attacl/
Emerging Ransomware Targets Dozens Of Businesses Worldwide
An emerging ransomware strain in the threat landscape claims to have breached 30 organisations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organisations in the Middle East and North Africa last year. The affected entities are believed to be government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the U.S., U.K., and a dozen more countries in Asia, Europe, the Middle East, and South America.
https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html
COVID-19 Has Transformed Work, But Cyber Security Is Not Keeping Pace, Report Finds
An international survey of tech professionals from the Thales Group finds some bleak news for the current state of data security: the COVID-19 pandemic has upended cyber security norms, and security teams are struggling to keep up. The problems appear to be snowballing; lack of preparation has led to a scramble resulting in poor data protection practices, outdated security infrastructure not receiving needed overhauls, a jumble of new systems that only make matters worse and priority misalignment between security teams and leadership.
Colonial Pipeline Ransomware Attack Was The Result Of An Old VPN Password
It took only one dusty, no-longer-used password for the DarkSide cyber criminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cyber security experts. Attackers used the password to a VPN account that was no longer in use but still allowed them to remotely access Colonial Pipeline’s network, Charles Carmakal, senior vice president at FireEye’s cyber security consulting firm Mandiant, told Bloomberg in an interview, according to a published report on the news outlet’s website.
https://threatpost.com/darkside-pwned-colonial-with-old-vpn-password/166743/
Evil Corp Rebrands Ransomware To Escape Sanctions
Threat actors behind a notorious Russian cyber crime group appear to have rebranded their ransomware once again in a bid to escape US sanctions prohibiting victims from paying them. Experts took to Twitter to point out that a leak site previously run by the Babuk group, which famously attacked Washington DC’s Metropolitan Police Department (MPD), had rebranded to “PayloadBin.” The Babuk group claimed that it was shutting down its affiliate model for encrypting victims and moving to a new model back in April. A ‘new’ ransomware variant with the same name has also been doing the rounds of late, but according to CTO of Emsisoft, Fabian Wosar, it’s nothing more than a copycat effort by Evil Corp.
https://www.infosecurity-magazine.com/news/evil-corp-rebrands-ransomware/
Billions Of Passwords Leaked Online From Past Data Breaches
A list of leaked passwords discovered on a hacker forum may be one of the largest such collections of all time. A 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords, likely gathered from past data breaches.
https://www.techrepublic.com/article/billions-of-passwords-leaked-online-from-past-data-breaches/
Threats
Ransomware
Emerging 'Prometheus' Ransomware Claims 30 Victims In A Dozen Countries, Palo Alto Networks Says
Ransomware Gangs Are Increasingly Going After SonicWall Devices
A Deep Dive Into Nefilim, A Ransomware Group With An Eye For $1BN+ Revenue Companies
Fujifilm Refuses To Pay Ransomware Demand, Restores Network From Backups
Phishing
Phishing Emails Remain In User Inboxes Over 3 Days Before They're Removed
This Phishing Email Is Pushing Password-Stealing Malware To Windows PCs
Other Social Engineering
Malware
Pirated Games Helped A Malware Campaign Compromise 3.2 Million PCs
Mystery Malware Steals 26M Passwords From Millions Of PCs. Are You Affected?
Unit 42 Discovers First Known Malware Targeting Windows Containers
Freakout Malware Worms Its Way Into Vulnerable VMware Servers
Mobile
Vulnerabilities
Microsoft June 2021 Patch Tuesday: 50 Vulnerabilities Patched, Six Zero-Days Exploited In The Wild
Adobe Issues Security Updates For 41 Vulnerabilities In 10 Products
Update Google Chrome Right Now To Avoid A Zero-Day Vulnerability
Puzzlemaker Attacks Exploit Windows Zero-Day, Chrome Vulnerabilities
Another Brick In The Wall: eCrime Groups Leverage SonicWall VPN Vulnerability
Critical Zero-Day Vulnerabilities Found In ‘Unsupported’ Fedena School Management Software
Microsoft Office MSGraph Vulnerability Could Lead To Code Execution
WordPress Force Installs Jetpack Security Update On 5 Million Sites
Data Breaches
EA Got Hit By A Data Breach, And Hackers Are Selling Source Code
Dutch Pizza Chain Discloses Breach After Hacker Tries To Extort Company
Organised Crime & Criminal Actors
Cryptocurrency
Nation State Actors
Denial of Service
Charities
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 January 2021
Black Arrow Cyber Threat Briefing 22 January 2021: Ransomware Biggest Cyber Concern; Ransomware Payments Grew 311% In 2020; Cyber Security Spending To Soar In 2021; Ransomware Provides The Perfect Cover For Other Attacks; Gdpr Fines Skyrocket As Eu Gets Tough On Data Breaches; Popular Pdf Reader Has Database Of 77 Miliion Users Leaked Online; Malware Incidents On Remote Devices Increase
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
Ransomware is now the biggest Cyber Security concern for CISOs
Ransomware is the biggest cyber security concern facing businesses, according to those responsible for keeping organisations safe from hacking and cyberattacks. A survey of chief information security officers (CISOs) and chief security officers (CISOs found that ransomware is now viewed as the main cyber security threat to their organisation over the course of the next year. Almost half – 46% – of CISOs and CISOs surveyed said that ransomware or other forms of extortion by outsiders represents the biggest cyber security threat.
https://www.zdnet.com/article/ransomware-is-now-the-biggest-cybersecurity-concern-for-cisos/
Crypto ransomware payments grew 311% in 2020
Crypto payments associated with ransomware grew at least 311% in 2020. “Ransomware” refers to a category of malicious computer programs that force users into paying ransoms. Just 0.34% of all cryptocurrency transactions last year were criminal, down from 2.1% in 2019. But that number is bound to go up, said the firm.
https://decrypt.co/54648/crypto-crime-ransomware-chainalysis-report-2020
The SolarWinds hackers used tactics other groups will copy
One of the most chilling aspects of Russia's recent hacking spree—which breached numerous United States government agencies among other targets—was the successful use of a “supply chain attack” to gain tens of thousands of potential targets from a single compromise at the IT services firm SolarWinds. But this was not the only striking feature of the assault. After that initial foothold, the attackers bored deeper into their victims' networks with simple and elegant strategies. Now researchers are bracing for a surge in those techniques from other attackers.
https://www.wired.com/story/solarwinds-hacker-methods-copycats/
Global Cyber Security spending to soar in 2021
The worldwide cyber security market is set to grow by up to 10% this year to top $60bn, as the global economy slowly recovers from the pandemic. Double-digit growth from $54.7bn in 2020 would be its best-case scenario. However, even in the worst case, cyber security spending would reach 6.6%. That would factor in a deeper-than-anticipated economic impact from lockdowns, although the security market has proven to be remarkably resilient thus far to the pandemic-induced global economic crisis. That said, SMB spending was hit hard last year, along with certain sectors like hospitality, retail and transport.
https://www.infosecurity-magazine.com/news/global-cybersecurity-spending-to/
Cyber criminals publish more than 4,000 stolen Sepa files
Sepa rejected a ransom demand for the attack, which has been claimed by the international Conti ransomware group. Contracts, strategy documents and databases are among the 4,000 files released. The data has been put on the dark web - a part of the internet associated with criminality and only accessible through specialised software.
https://www.bbc.co.uk/news/uk-scotland-55757884
Ransomware provides the perfect cover for other attacks
Look at any list of security challenges that CISOs are most concerned about and you’ll consistently find ransomware on them. It’s no wonder: ransomware attacks cripple organizations due to the costs of downtime, recovery, regulatory penalties, and lost revenue. Unfortunately, cybercriminals have added an extra sting to these attacks: they are using ransomware as a smokescreen to divert security teams from other clandestine activities behind the scenes
https://www.helpnetsecurity.com/2021/01/21/ransomware-cover/
Popular PDF reader has database of 77 million users hacked and leaked online
A threat actor has leaked a 14 GB database online containing over 77 million records relating to thousands of users of the Nitro PDF reader software, with users' email addresses, full names, hashed passwords, company names, IP addresses, and other system-related information.
Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data
Some organisations that fall victim to ransomware attacks are paying ransoms to cyber-criminal gangs despite being able to restore their own networks from backups, in order to prevent hackers publishing stolen data. Over the course of the past year, many of the most successful ransomware gangs have added an additional technique in an effort to coerce victims into paying ransoms after compromising their networks – publishing stolen data if a payment isn't received.
GDPR fines skyrocket as EU gets tough on data breaches
Europe’s new privacy protection regime has led to a surge in fines for bad actors, according to research published today. Law firm DLA Piper says that, since January 28th, 2020, the EU has issued around €158.5 million (around $192 million) in financial penalties. That’s a 39-percent increase on the previous 20-month period Piper examined in its report, published this time last year. And as well as the increased fines, the number of breach notifications has shot up by 19 percent across the same 12-month period.
https://www.engadget.com/gdpr-fines-dla-piper-report-144510440.html
Malware incidents on remote devices increase
Devices compromised by malware in 2020, 37% continued accessing corporate emails after being compromised and 11% continued accessing cloud storage, highlighting a need for organizations to better determine how to configure business tools to ensure fast and safe connectivity for all users in 2021.
https://www.helpnetsecurity.com/2021/01/18/malware-incidents-remote-devices/
Threats
Phishing
Malware
Vulnerabilities
Signal and other video chat apps found to have some major security flaws
Automated exploit of critical SAP SolMan vulnerability detected in the wild
List of DNSpooq vulnerability advisories, patches, and update
Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning
New FreakOut botnet targets Linux systems running unpatched software
Data Breaches
Denial of Service
Cloud
Privacy
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.