Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Morgan Stanley Client Accounts Breached in Social Engineering Attacks

Morgan Stanley Wealth Management says some of its customers had their accounts compromised in social engineering attacks.

The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a voice call to convince their targets into revealing sensitive information such as banking or login credentials.

The company said in a notice sent to affected clients that, "on or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.

After successfully breaching their accounts, the attacker also electronically transferred money to their own bank account by initiating payments using the Zelle payment service.

https://www.bleepingcomputer.com/news/security/morgan-stanley-client-accounts-breached-in-social-engineering-attacks/

• Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More

Business email compromise (BEC) remains the biggest source of financial losses, which totalled $2.4 billion in 2021, up from an estimated $1.8 billion in 2020, according to the Federal Bureau of Investigation's (FBI) Internet Crime Center (IC3).

The FBI says in its 2021 annual report that Americans last year lost $6.9 billion to scammers and cyber criminals through ransomware, BEC, and cryptocurrency theft related to financial and romance scams. In 2020, that figure stood at $4.2 billion.

Last year, FBI's Internet Crime Complaint Center (IC3) received 847,376 complaints about cybercrime losses, up 7% from 791,790 complaints in 2020.

BEC has been the largest source of fraud for several years despite ransomware attacks grabbing most headlines.

https://www.zdnet.com/article/ransomware-is-scary-but-another-scam-is-costing-victims-much-much-more-says-fbi/#ftag=RSSbaffb68

• Phishing Kits Constantly Evolve to Evade Security Software

Modern phishing kits sold on cybercrime forums as off-the-shelf packages feature multiple, sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won’t mark them as a threat.

Fake websites that mimic well-known brands are abundant on the internet to lure victims and steal their payment details or account credentials.

Most of these websites are built using phishing kits that feature brand logos, realistic login pages, and in cases of advanced offerings, dynamic webpages assembled from a set of basic elements.

https://www.bleepingcomputer.com/news/security/phishing-kits-constantly-evolve-to-evade-security-software/

• Ransomware Payment Demands Rose Dramatically in 2021

Ransomware attackers demanded dramatically higher ransom fees last year, and the average ransom payment rose by 78% to $541,010, according to data from incident response (IR) cases investigated by Palo Alto Networks Unit 42.

IR cases by Unit 42 also saw a whopping 144% increase in ransom demands, to $2.2 million. According to the report, the most victimised sectors were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.

Cyber extortion spiked, with 85% of ransomware victims — some 2, 556 organisations — having their data dumped and exposed on leak sites, according to the "2022 Unit 42 Ransomware Threat Report."

Conti led the ransomware attack volume, representing some one in five cases Unit 42 investigated, followed by REvil, Hello Kitty, and Phobos.

https://www.darkreading.com/attacks-breaches/ransomware-payments-demands-rose-dramatically-in-2021

• 7 Suspected Members of LAPSUS$ Hacker Gang, aged 16 to 21, Arrested in UK

The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.

"The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector, Michael O'Sullivan, said in a statement shared with The Hacker News. "Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."

The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based teenager is the mastermind of the group. It's not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is alleged to have accumulated about $14 million in Bitcoin from hacking.

https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html

• Here's How Fast Ransomware Encrypts Files

Forty-two minutes and 54 seconds: that's how quickly the median ransomware variant can encrypt and lock out a victim from 100,000 of their files.

The data point came from Splunk's SURGe team, which analysed in its lab how quickly the 10 biggest ransomware strains — Lockbit, REvil, Blackmatter, Conti, Ryuk, Avaddon, Babuk, Darkside, Maize, and Mespinoza — could encrypt 100,000 files consisting of some 53.93 gigabytes of data. Lockbit won the race, with speeds of 86% faster than the median. One Lockbit sample was clocked at encrypting 25,000 files per minute.

Splunk's team found that ransomware variants are all over the map speed-wise, and the underlying hardware can dictate their encryption speeds.

https://www.darkreading.com/application-security/here-s-how-fast-ransomware-encrypts-files

• HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For

Web malware (47%) and ransomware (42%) now top the list of security threats that organisations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.

This is according to research published by Menlo Security, exploring what steps organisations are taking to secure themselves in the wake of a new class of cyber threats – known as Highly Evasive Adaptive Threats (HEAT).

As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.

https://www.helpnetsecurity.com/2022/03/22/web-security-threats/

• The Cyber Warfare Predicted in Ukraine May Be Yet to Come

In the build-up to Russia’s invasion of Ukraine, the national security community braced for a campaign combining military combat, disinformation, electronic warfare and cyber attacks. Vladimir Putin would deploy devastating cyber operations, the thinking went, to disable government and critical infrastructure, blind Ukrainian surveillance capabilities and limit lines of communications to help invading forces. But that’s not how it has played out. At least, not yet.

The danger is that as political and economic conditions deteriorate, the red lines and escalation judgments that kept Moscow’s most potent cyber capabilities in check may adjust. Western sanctions and lethal aid support to Ukraine may prompt Russian hackers to lash out against the west. Russian ransomware actors may also take advantage of the situation, possibly resorting to cyber crime as one of the few means of revenue generation.

https://www.ft.com/content/2938a3cd-1825-4013-8219-4ee6342e20ca

• The Three Russian Cyber Attacks the West Most Fears

The UK's cyber authorities are supporting the White House's calls for "increased cyber-security precautions", though neither has given any evidence that Russia is planning a cyber-attack.

Russia has previously stated that such accusations are "Russophobic".

However, Russia is a cyber-superpower with a serious arsenal of cyber-tools, and hackers capable of disruptive and potentially destructive cyber-attacks.

Ukraine has remained relatively untroubled by Russian cyber-offensives but experts now fear that Russia may go on a cyber-offensive against Ukraine's allies.

"Biden's warnings seem plausible, particularly as the West introduced more sanctions, hacktivists continue to join the fray, and the kinetic aspects of the invasion seemingly don't go to plan," says Jen Ellis, from cyber-security firm Rapid7.

This article from the BCC outlines the hacks that experts most fear, and they are repeats of things we have already seen coming out of Russia, only potentially a lot more destructive this time around.

https://www.bbc.co.uk/news/technology-60841924

• Do These 8 Things Now to Boost Your Security Ahead of Potential Russian Cyber Attacks

The message comes as the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) ramp up warnings about Russian hacking of everything from online accounts to satellite broadband networks. CISA's current campaign is called Shields Up, which urges all organisations to patch immediately and secure network boundaries. This messaging is being echoed by UK and other Western Cyber authorities:

The use of Multi-Factor Authentication (MFA) is being very strongly advocated. The White House and other agencies both sides of the Atlantic also urged companies to take seven other steps:

• Deploy modern security tools on your computers and devices to continuously look for and mitigate threats

• Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors

• Back up your data and ensure you have offline backups beyond the reach of malicious actors

• Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack

• Encrypt your data so it cannot be used if it is stolen

• Educate your employees to common tactics that attackers will use over email or through websites

• Work with specialists to establish relationships in advance of any cyber incidents.

https://www.zdnet.com/article/white-house-warns-do-these-8-things-now-to-boost-your-security-ahead-of-potential-russian-cyberattacks/

• Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone

The FBI's Internet Crime Complaint Center (IC3) reported a record-breaking year for 2021 in the number of complaints it received, among which business email compromise (BEC) attacks made up the majority of incidents.

IC3 handled 847,376 complaint reports last year — an increase of 7% over 2020 — which mainly revolved around phishing attacks, nonpayment/nondelivery scams, and personal data breaches. Overall, losses amounted to more than $6.9 billion.

BEC and email account compromises ranked as the No. 1 attack, accounting for 19,954 complaints and losses of around $2.4 billion.

"In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them," Paul Abbate, deputy director of the FBI wrote in the IC3's newly published annual report.

https://www.darkreading.com/attacks-breaches/fbi-cybercrime-victims-suffered-losses-of-over-6-9b-in-2021

• Expanding Threat Landscape: Cyber Criminals Attacking from All Sides

Research from Trend Micro warns of spiralling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organisations and individuals.

“Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks,” said Jon Clay, VP of threat intelligence at Trend Micro.

“Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted.”

Ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit. Ransomware-as-a-service offerings have opened the market to attackers with limited technical knowledge – but also given rise to more specialisation, such as initial access brokers who are now an essential part of the cybercrime supply chain.

Threat actors are also getting better at exploiting human error to compromise cloud infrastructure and remote workers. Trend Micro detected and prevented 25.7 million email threats in 2021 compared to 16.7 million in 2020, with the volume of blocked phishing attempts nearly doubling over the period. Research shows home workers are often prone to take more risks than those in the office, which makes phishing a particular risk.

https://www.helpnetsecurity.com/2022/03/22/threat-actors-increase-attack/

Threats

Ransomware

• Ransomware Infections Follow Precursor Malware – Lumu • The Register

• Ransomware, Malware-as-a-Service Dominate Threat Landscape | SecurityWeek.Com

• Serious Security: DEADBOLT – The Ransomware That Goes Straight For Your Backups – Naked Security (sophos.com)

• AvosLocker Ransomware - What You Need To Know | The State of Security (tripwire.com)

• What the Conti Ransomware Group Data Leak Tells Us (darkreading.com)

• Ransomware Demands And Payments Increase With Use Of Leak Sites (computerweekly.com)

• Ten Notorious Ransomware Strains Put to The Encryption Speed Test (bleepingcomputer.com)

• Lockbit Wins Ransomware Speed Test, Encrypts 25k Files/Min • The Register

• Talos warns of BlackMatter-linked BlackCat Ransomware • The Register

• Report: 89% of Organizations Say Kubernetes Ransomware Is A Problem Today | VentureBeat

• Top Russian Meat Producer Hit with Windows BitLocker Encryption Attack (bleepingcomputer.com)

• Greece's Public Postal Service Offline Due To Ransomware Attack (bleepingcomputer.com)

• Hackers Demand $15 Million Ransom from TransUnion After Cracking "password" Password (bitdefender.com)

• Lawsuit Claims Kronos Breach Exposed Data For 'Millions' (techtarget.com)

• Estonian Man Sentenced To Prison For Role In Cyber Intrusions, Ransomware Attacks - CyberScoop

Phishing & Email

• New Phishing Toolkit Lets Anyone Create Fake Chrome Browser Windows (bleepingcomputer.com)

• Browser-in-the-Browser Attack Makes Phishing Nearly Invisible | Threatpost

• 'Unique Attack Chain' Drops Backdoor in New Phishing Campaign (darkreading.com)

Other Social Engineering

• Social Engineering Attacks To Dominate Web3, The Metaverse | ZDNet

Malware

• Malicious Microsoft Excel Add-Ins Used to Deliver RAT Malware (bleepingcomputer.com)

• BitRAT Malware Now Spreading As A Windows 10 License Activator (bleepingcomputer.com)

Mobile

• URL Rendering Trick Enabled WhatsApp, Signal, iMessage Phishing (bleepingcomputer.com)

• Downloaders Currently the Most Prevalent Android Malware (darkreading.com)

• Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users (thehackernews.com)

• Android Password-Stealing Malware Infects 100,000 Google Play Users (bleepingcomputer.com)

IoT

• Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns (thehackernews.com)

• Honda Civics Vulnerable To Remote Unlock, Start Hack • The Register

• How to Secure Your Home WiFi Router - The Washington Post

Data Breaches/Leaks

• UK MoD's Capita-Run Recruitment Portal Support Offline • The Register

• Background Check Company Sued Over Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Over 40,000 London Voters Have Data Leaked to Strangers - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Who is LAPSUS$, the Gang Hacking Microsoft, Samsung, and Okta? (gizmodo.com)

• Hackers Are Targeting European Refugee Charities -Ukrainian Official | Reuters

• Hackers Steal From Hackers By Pushing Fake Malware On Forums (bleepingcomputer.com)

• Oxford Teen Accused Of Making More Than £10m As A Leader Of International Cyber Gang (telegraph.co.uk)

Cryptocurrency/Cryptomining/Cryptojacking

• An Investigation of Cryptocurrency Scams and Schemes (trendmicro.com)

• Global Regulators Monitor Crypto Use in Ukraine War | Reuters

• Cryptocurrency Companies Impacted by HubSpot Breach (techtarget.com)

Insider Risk and Insider Threats

• 6 Types Of Insider Threats And How To Prevent Them (techtarget.com)

• HP Staffer Blew $5m On Personal Expenses With Company Card • The Register

Fraud, Scams & Financial Crime

• Internet Crime in 2021: Investment Fraud Losses Soar - Help Net Security

• NFT Fraud in the UK Soars 400% in 2021 - Infosecurity Magazine (infosecurity-magazine.com)

• DeFiance Capital Founder Loses $1.7M in NFTs To Phishing Scam - Decrypt

Insurance

• How The Increase in Ransomware Has Impacted The Cyber Insurance Market - Help Net Security

• Cyber Insurance and War Exclusions (darkreading.com)

Dark Web

• Dark Web Drug Peddler Gets Nine Years - Infosecurity Magazine

Supply Chain

• 'Secrets Sprawl' Haunts Software Supply Chain Security | SecurityWeek.Com

Cloud

• As Breaches Soar, Companies Must Turn to Cloud-Native Security Solutions For Protection - Help Net Security

Passwords & Credential Stuffing

• The Top 5 Things the 2022 Weak Password Report Means for IT Security (bleepingcomputer.com)

Spyware, Espionage & Cyber Warfare

• Russia Preparing To Conduct Cyber Attacks, White House warns - IT Security Guru

• New Mustang Panda Hacking Campaign Targets Diplomats, ISPs (bleepingcomputer.com)

• Vidar Spyware Is Now Hidden in Microsoft Help Files | ZDNet

• FCC Adds Kaspersky To Covered List Due To Unacceptable Risks To Security - Security Affairs

Nation State Actors

Nation State Actors – Russia

• Internet Sanctions Against Russia Pose Risks, Challenges For Businesses | CSO Online

• Is It Safe To Use Russian-Based Kaspersky Antivirus? No, And Here's Why (komando.com)

• Anonymous Leaked 28gb of Data Stolen from The Central Bank of Russia - Security Affairs

• President Biden Says Russia Exploring Revenge Cyber Attacks • The Register

• Analysis: Putin's next escalation could be a direct cyberattack on the West - CNNPolitics

• Russia-backed Hackers Bypassed MFA, Exploited Print Vulnerability - MSSP Alert

• Hackers Around The World Deluge Russia's Internet With Simple, Effective Cyber Attacks (nbcnews.com)

• Anonymous Targets Western Companies Still Active in Russia - Security Affairs

• Ukrainian Enterprises Hit with the DoubleZero Wiper - Security Affairs

• NATO, G-7 Leaders Promise Bulwark Against Retaliatory Russian Cyber Attacks (cyberscoop.com)

• Russia Hacked Ukrainian Satellite Communications, Officials Believe - BBC News

• Russia-linked InvisiMole APT Targets State Organizations Of Ukraine - Security Affairs

• Corrupted Open-Source Software Enters the Russian Battlefield | ZDNet

• Nestlé Says 'Anonymous' Data Leak Actually A Self-Own • The Register

Nation State Actors – China

• Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion (thehackernews.com)

• Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection | Threatpost

• Mustang Panda Hacking Group Takes Advantage Of Ukraine Crisis In New Attacks | ZDNet

Nation State Actors – North Korea

• Dual North Korean Hacking Efforts Found Attacking Google Chrome Vulnerability for 6 Weeks - CyberScoop

Vulnerabilities

• CISA Adds 66 Vulnerabilities To List Of Bugs Exploited In Attacks (bleepingcomputer.com)

• Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability (thehackernews.com)

• Three Critical RCE Flaws Affect Hundreds of HP Printer Models - Security Affairs

• Critical Sophos Firewall vulnerability allows remote code execution (bleepingcomputer.com)

• Vulnerabilities Found in 250 HP Printer Models | CSO Online

• VMware Fixes Carbon Black Command Injection, Upload Bugs • The Register

• Western Digital Fixes Critical Bug Giving Root On My Cloud NAS Devices (bleepingcomputer.com)

Sector Specific

Health/Medical/Pharma Sector

• Scottish Mental Health Charity SAMH Targeted In Cyber Attack - BBC News

• 12,000 Sensitive Patient Images Leaked - IT Security Guru

• Over 1 Million Impacted in Data Breach at Texas Dental Services Provider | SecurityWeek.Com

Retail/eCommerce

• For Magecart groups and other credit-card skimmers, old and new opportunities abound - CyberScoop

Transport and Aviation

• SATCOM Networks on High Alert After US Govt Warning • The Register

Energy & Utilities

• US Charges Four Russians Over Hacking Campaign on Energy Sector - BBC News

Education and Academia

• Heriot-Watt University in Second Week of Outage • The Register

Reports Published in the Last Week

• The 2022 State of Cyber Assets Report (jupiterone.com)

• 2022 Weak Password Report - Specops Software

Other News

• A Better Grasp of Cyber Attack Tactics Can Stop Criminals Faster (bleepingcomputer.com)

• The Chaos (and Cost) of the Lapsus$ Hacking Carnage | SecurityWeek.Com

• Soldiers told to use Signal instead of WhatsApp for security | The Times

• Cyber Security Compliance: Start With Proven Best Practices - Help Net Security

• Only 27% of Orgs Have Advanced Threat Protection on Endpoints | VentureBeat

• Okta Breach Leads To Questions On Disclosure, Reliance On Third-Party Vendors - CyberScoop

• The Challenges Audit Leaders Need To Look Out For This Year - Help Net Security

• South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau (thehackernews.com)

• ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed - Infosecurity Magazine

• Security Teams are Responsible for Over 165k Assets - Infosecurity Magazine

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Guernsey Cyber Security Warning for Islanders and Businesses

There has been a rise in cyber-attacks since the war in Ukraine began, according to the States of Guernsey and a cyber-security firm.

The States said: "We have seen a noticeable increase in the number of phishing emails since the war began."

The Channel Islands see more than 10 million cyber attacks every month, according to research by Guernsey firm Black Arrow Cyber Consulting.

It encouraged vigilance, as the islands are not immune to these attacks.

A States spokesman said: "The whole community needs to remain vigilant against such emails, which are designed to appear to be from reputable sources in order to dupe people into providing personal information or access to their device via the clicking of a link."

Bruce McDougall, from Black Arrow Cyber Consulting, said: "Criminals don't let a good opportunity go to waste. So they're conducting scams encouraging people to make false payments in the belief they're collecting for charities."

https://www.bbc.co.uk/news/world-europe-guernsey-60763398

CISOs Face 'Perfect Storm' Of Ransomware and State-Supported Cyber Crime

As some nations turn a blind eye, defence becomes life-or-death matter

With ransomware gangs raiding network after network, and nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.

"There's this marriage right now of financially motivated cyber crime that can have a critical infrastructure and economic impact," Curry said during a CISO roundtable hosted by his endpoint security shop. "And there are some nation states that do what we call state-ignored sanctioning," he continued, using Russia-based REvil and Conti ransomware groups as examples of criminal operations that benefit from their home governments looking the other way. 

"You get the umbrella of sovereignty, and you get the free license to be a privateer in essence," Curry said. "It's not just an economic threat. It's not just a geopolitical threat. It's a perfect storm."

It's probably not a huge surprise to anyone that destructive cyber attacks keep CISOs awake at night. But as chief information security officers across industries — in addition to Curry, the four others on the roundtable spanned retail, biopharmaceuticals, electronics manufacturing, and a cruise line — have watched threats evolve and criminal gangs mature, it becomes a battle to see who can innovate faster; the attackers or the defenders.

https://www.theregister.com/2022/03/18/ciso_security_storm/

Four Key Risks Exacerbated by Russia’s Invasion of Ukraine

Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.

“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.

“As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”

There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues: Talent Risk, Cyber Security Risk, Financial Risk and Supply Chain Risk

https://www.helpnetsecurity.com/2022/03/17/erm-leaders-risk/

These Four Types of Ransomware Make Up Nearly Three-Quarters of Reported Incidents

Any ransomware is a cyber security issue, but some strains are having more of an impact than others.

Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.

According to analysis by cyber security company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice. 

Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare Executive. The group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each.

"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.

https://www.zdnet.com/article/these-four-types-of-ransomware-make-up-nearly-three-quarters-of-reported-incidents/

Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'

The cyber crime underground has fractured into pro-Ukraine and pro-Russia camps, with the latter increasingly focused on critical national infrastructure (CNI) targets in the West, according to a new report from Accenture.

The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm warned that the ideological schism could spell mounting risk for Western organisations as pro-Kremlin criminal groups adopt quasi-hacktivist tactics to choose their next victims.

Organisations in the government, media, finance, insurance, utilities and resources sectors should be braced for more attacks, said ACTI.

https://www.infosecurity-magazine.com/news/critical-infrastructure-threat/

Cyber Insurance War Exclusions Loom Amid Ukraine Crisis

An expanding threat landscape is testing the limits of cyber insurance coverage.

The industry experienced a rapid maturation over the past three years as enterprises required a broader umbrella of insurance coverage to combat increasing cyber risks. While demands and premiums continue to rise, one recent area of contention involves war and hostile acts, an exclusion that's becoming harder to categorize.

A judgment in December, coupled with the Russian invasion last month that posed potential cyber retaliations to Ukraine allies, highlighted shortcomings in insurance policies when it comes to cyber conflicts.

https://www.techtarget.com/searchsecurity/news/252514592/Cyber-insurance-war-exclusions-loom-amid-Ukraine-crisis

Zelenskyy Deepfake Crude, But Still Might Be a Harbinger of Dangers Ahead

Several deepfake video experts called a doctored video of Ukrainian President Volodymyr Zelenskyy that went viral this week before social media platforms removed it a poorly executed example of the form, but nonetheless damaging.

Elements of the Zelenskyy deepfake — which purported to show him calling for surrender — made it easy to debunk, they said. But that won’t always be the case.

https://www.cyberscoop.com/zelenskyy-deepfake-troubles-experts/

Cyber Crooks’ Political In-Fighting Threatens the West

They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.

A rift has formed in the cyber crime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware.

According to a report, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along ideological factions.”

“Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine,” wrote researchers from Accenture’s Cyber Threat Intelligence (ACTI). “However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering.”

What might otherwise seem like a good thing – bad guys fighting bad guys – may in fact pose an increased threat to the West.

https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/

Cloud-Based Email Threats Surge 50% in 2021

There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro.

The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence.

It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020.

The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed.

https://www.infosecurity-magazine.com/news/cloudbased-email-threats-surge-2021/

Millions of New Mobile Malware Strains Blitzed Enterprise in 2021

Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.

Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/millions-of-new-mobile-malware-strains-blitzed-enterprises-in-2021/

UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit

Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.

The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018.

The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.

https://www.theregister.com/2022/03/15/brit_solicitor_fined_for_failing/

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found.

The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.

Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack.

The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as ADFind, NetScan, SoftPerfect, and LaZagne. Also employed is an AccountRestore executable to brute-force administrator credentials and a forked version of a reverse tunneling tool called Ligolo.

https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html

The Massive Impact of Vulnerabilities in Critical Infrastructure

Recent cyber events have shown how extremely vulnerable critical infrastructure is. What are the biggest security concerns?

In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is that there will be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict.

Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyber attacks. Though businesses are ramping up their security initiatives and investments to defend and protect, their efforts have largely been siloed, reactive, and lack business context. Lack of visibility of risk across the estate is a huge problem for this sector.

https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/

Threats

Ransomware

• Nearly 34 Ransomware Variants Observed in Hundreds of Cyber Attacks in Q4 2021 (thehackernews.com)

• Franchises, Partnerships Emerge in Ransomware-as-a-Service Operations | ZDNet

• Dozens of Ransomware Variants Used In 722 Attacks Over 3 Months (bleepingcomputer.com)

• Conti Leak: A Ransomware Gang's Chats Expose Its Crypto Plans | WIRED

• 6 Reasons Not to Pay Ransomware Attackers (darkreading.com)

• Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops | Threatpost

• SEC Filings Show Hidden Ransomware Costs And Losses | CSO Online

• Exotic Lily Sells Ransomware Groups Access To Targets • The Register

• New "Initial Access Broker" Working with Conti gang - IT Security Guru

• Google Exposes Tactics Of A Conti Ransomware Access Broker (bleepingcomputer.com)

• Avoslocker Ransomware Gang Targets US Critical Infrastructure - Security Affairs

• How Prepared Are Organisations To Face A Ransomware Attack On Kubernetes? - Help Net Security

• Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware (thehackernews.com)

• The Lapsus$ Hacking Group Is Off to a Chaotic Start | WIRED

• Bridgestone Cyber Attack Timeline and Ransomware Recovery Details - MSSP Alert

• Automotive Giant Denso Confirms Hack, Pandora Ransomware Group Takes Credit | ZDNet

Phishing & Email

• Massive Phishing Campaign Uses 500+ Domains To Steal Credentials (bleepingcomputer.com)

• How CAPTCHA Puzzles Cloak Phishing Page URLs In Emails • The Register

• Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks (darkreading.com)

• 76,000 Scams Taken Down Through Email Reporting - IT Security Guru

• Phony Instagram ‘Support Staff’ Emails Hit Insurance Company | Threatpost

• NCSC Catches 10 Million Phishes (computerweekly.com)

• This Browser-In-The-Browser Attack Is Perfect For Phishing • The Register

Malware

• New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw (thehackernews.com)

• Attacker Uses Websites' Contact Forms To Spread BazarLoader Malware | TechRepublic

• Gh0stCringe RAT Targeting Database Servers in Recent Attacks | SecurityWeek.Com

• Cyclops Blink Malware Sets Up Shop in ASUS Routers • The Register

• DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (thehackernews.com)

• Linux Botnet Exploits Log4j Flaw To Hijack Arm, x86 Systems • The Register

• New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel (360.com)

• Russian Cyclops Blink Botnet Launches Assault Against Asus Routers | ZDNet

• Uncovering Trickbot’s Use of IoT Devices In Command-And-Control Infrastructure - Microsoft Security Blog

• TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control (thehackernews.com)

Mobile

• Mobile Threats Skyrocket (darkreading.com)

• 2021 Mobile Security: Android More Vulnerabilities, iOS More Zero-Days (bleepingcomputer.com)

• Mobile Devices See 466% Annual Increase in Zero-Day Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• 'Escobar' Android malware steals your 2FA codes — and takes over your phone | Tom's Guide (tomsguide.com)

• Thousands of Secret Keys Found in Leaked Samsung Source Code | SecurityWeek.Com

• Scammers Have 2 Clever New Ways To Install Malicious Apps on iOS Devices | Ars Technica

• Threat Intel Report: Who Is Behind Staggering 190GB Samsung Galaxy Hack? (forbes.com)

• Android Trojan Persists On The Google Play Store Since January (bleepingcomputer.com)

• Mobile App Data Found Exposing API’s & Data In 1,000’s Of Cloud Databases - Information Security Buzz

IoT

• Smart Devices Spy On You – 2 Computer Scientists Explain How The Internet Of Things Can Violate Your Privacy (theconversation.com)

Organised Crime & Criminal Actors

• Who's Who In The Cyber Criminal Underground | CSO Online

• Financially Motivated Threat Actors Willing To Go After Russian Targets - Help Net Security

• A Third of Malicious Logins Originate in Nigeria - Infosecurity Magazine

• Phishers Exploit Ukraine Conflict To Solicit Crypto - IT Security Guru

Insider Risk and Insider Threats

• MITRE and Partners Build Insider Threat Knowledge Base | CSO Online

Fraud, Scams & Financial Crime

• UK Shoppers Face More Identity Checks When Buying Online | Consumer affairs | The Guardian

Supply Chain

• Container Vulnerability Opens Door For Supply Chain Attacks (techtarget.com)

DoS/DDoS

• Israeli Govt Sites Hit By Huge DDoS Attack • The Register

Cloud

• How Cloud Services Become Weapons In Russia-Ukraine Cyber Conflict | ZDNet

• The Next Big Cyber Security Threat Is Connected SaaS Platforms (thenextweb.com)

Privacy

• Smart Devices Are Spying on You Everywhere, And That's a Problem (sciencealert.com)

Passwords & Credential Stuffing

• NVIDIA Staff Shouldn’t Have Chosen Passwords Like These… • Graham Cluley

• Attackers Using Default Credentials To Target Businesses, Raspberry Pi And Linux Top Targets - Help Net Security

Regulations, Fines and Legislation

• CafePress Fined For Covering Up Customer Info Leak • The Register

• Meta Fined €17 Million by Irish Regulator for GDPR Violations | CSO Online

Spyware, Espionage & Cyber Warfare

• Would 'Cyber Geneva Conventions' Defuse Online Aggression? (darkreading.com)

Nation State Actors

Nation State Actors – Russia

• Conti Leaks Reveal the Ransomware Group’s Links to Russia | WIRED

• How The Cyber World Can Support Ukraine | World Economic Forum (weforum.org)

• Russia's Disinformation Uses Deepfake Video Of Zelenskyy Telling People To Lay Down Arms - Security Affairs

• FBI Warns of MFA Flaw Used By State Hackers For Lateral Movement (bleepingcomputer.com)

• Ukraine Secret Service Arrests Hacker Helping Russian Invaders (thehackernews.com)

• Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers (vice.com)

• German Government Advises Against Using Kaspersky Antivirus (bleepingcomputer.com)

• Russia Could Use Kaspersky Antivirus Software In Cyber Attacks In Europe, German Agency Warns | Euronews

• ‘It’s The Right Thing To Do’: The 300,000 Volunteer Hackers Coming Together To Fight Russia | Ukraine | The Guardian

• Ukraine's "IT Army" Hit With Info-Stealing Malware- IT Security Guru

• Viasat, Rosneft Hit By Cyber Attacks • The Register

• Mozilla Firefox Removes Russian Search Providers Over Misinformation Concerns (bleepingcomputer.com)

• Fake Antivirus Updates Used To Deploy Cobalt Strike in Ukraine (bleepingcomputer.com)

• Ukrainian Hacktivists Allegedly Dumps Kaspersky Product Source Code Online (Updated) - Lowyat.NET

• New CaddyWiper Data Wiping Malware Hits Ukrainian Networks (bleepingcomputer.com)

• Top Ukrainian Cyber Official Praises Volunteer Hacks On Russian Targets, Offers Updates - CyberScoop

• Anonymous Sent A Message To Russians: "Remove Putin" - Security Affairs

• Cyber Attacks Cripple Russian Websites After Ukraine Invasion (gizmodo.com)

• Russia Faces IT Crisis With Just Two Months Of Data Storage Left (bleepingcomputer.com)

• Russia Labels Meta 'Extremist Organisation, Bans Instagram • The Register

Nation State Actors – China

• China-Linked Threat Actors Are Targeting The Government Of Ukraine - Security Affairs

• China Claims It Captured NSA Spy Tool That Already Leaked • The Register

Nation State Actors – Iran

• Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers (thehackernews.com)

Vulnerabilities

• CISA Adds 15 Vulnerabilities To List Of Flaws Exploited In Attacks (bleepingcomputer.com)

• New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access (thehackernews.com)

• Apple Patch Day: Gaping Security Holes in iOS, macOS, iPadOS | SecurityWeek.Com

• OpenSSL Patches Denial-Of-Service Certificate Flaw • The Register

• OpenSSL Patches Infinite-Loop DoS Bug In Certificate Verification – Naked Security (sophos.com)

• Nasty Linux Netfilter Firewall Security Hole Found | ZDNet

• SolarWinds Warns Of Attacks Targeting Web Help Desk Instances (bleepingcomputer.com)

• High-Severity Vulnerabilities Patched in BIND Server | SecurityWeek.Com

• QNAP Warns Severe Linux Bug Affects Most Of Its NAS Devices (bleepingcomputer.com)

Sector Specific

Financial Services Sector

• Top Threats For The Financial Sector - Help Net Security

• Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines (thehackernews.com)

• Banks on Alert For Russian Reprisal Cyber Attacks on Swift | Ars Technica

• Fraudsters Use Intelligent Bots To Attack Financial Institutions (scmagazine.com)

• 70% of Financial Service Providers Are Implementing API Security - Help Net Security

• Report: Payment Fraud Attacks Against Fintech Companies Soar By 70% In 2021 - Information Security Buzz

Health/Medical/Pharma Sector

• Healthcare Cyber Security Trends: Organisations Not Quite Ready To Deal With Threats - Help Net Security

• Hospitals Warned Of 'Phone Calls And Emails From Hackers' As Russia-Ukraine War Rages - Manchester Evening News

• Nearly 300k Heart Patients’ Data Exposed - Infosecurity Magazine

Transport and Aviation

• Aircraft Disrupted by Satellite Jamming Following Russian Invasion - Infosecurity Magazine

• EU & US Agencies Warn That Russia Could Attack Satellite Communications - Security Affairs

Reports Published in the Last Week

• 2022 Global Mobile Threat Report: Key Insights on the State of Mobile Security - Zimperium Mobile Security Blog

Other News

• Does the Free World Need a Global Cyber Alliance? | SecurityWeek.Com

• Why EDR Is Not Sufficient To Protect Your Organisation - Help Net Security

• Public and Private Sector Security: Better Protection by Collaboration | SecurityWeek.Com

• The Importance Of Building In Security During Software Development - Help Net Security

• How Fast Can Organisations Respond To A Cyber Security Crisis? - Help Net Security

• Researcher Uses 379-Year-Old Algorithm To Crack Crypto Keys Found In The Wild | Ars Technica

• How Pen Testing Gains Critical Security Buy-in and Defence Insight (darkreading.com)

• DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data | Threatpost

• When IT Spending Plans Don't Reflect Security Priorities (darkreading.com)

• Half of People Accept All Cookies Despite The Security Risk | TechRadar

• Business Is At Last Collaborating On Cyber Security | Financial Times (ft.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Sharp Rise in SMB Cyber Attacks by Russia and China

SaaS Alerts, a cloud security company, unveiled the findings of its latest report which analysed approximately 136 million security events across 2,100 small and medium businesses (SMBs) globally and identified cyber trends negatively impacting businesses.

The findings of the report take into account security events occurring across more than 120,000 user accounts during the period of January 1st to December 31st, 2021 and shows that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are originating from Russia and China. The data set is statistically significant and enables solution providers managing a portfolio of SaaS applications with pertinent data and trends to support defensive IT security re-alignments as required.

https://www.helpnetsecurity.com/2022/03/09/saas-security-events-smbs/

We're Seeing An 800% Increase in Cyber Attacks, Says One Managed Service Provider

Revenge and inflation are believed to be key drivers behind an 800 percent increase in cyber attacks seen by a single managed services provider since the days before the onset of Russia's invasion of Ukraine last month.

The attacks are coming not only from groups inside of Russia but also from elsewhere within the region as well from Russia allies like North Korea and Iran, historically sources of global cyber-threats.

The MSP serves about 2,400 companies around the world, most of them small businesses and midsize enterprises and most in North America. The MSP said it has seen the spike in cyber attacks throughout its customer base.

The sharp rise has been attributed to pro-Russian cyber criminal groups linked to nation states lashing out at countries – first Ukraine and then Western countries – angry at the sanctions being levelled against Russia. At the same time, the sharp inflation that is spreading around the world is also hitting hackers, who need to make money to keep up with rising costs.

https://www.theregister.com/2022/03/11/russia-invasion-cyber-war-rages/

Internet Warfare: How the Russians Could Paralyse Britain

The collapse of critical national infrastructure is a science fiction staple. Fifty years ago, actively switching off a country’s water and power networks would have required huge physical damage to power stations and the sources of those services. Today, however, many of the tools we use every day are connected to the internet.

All of those things now have remote access — and therefore, all of them could be vulnerable.

Ukraine has been blitzed by cyber attacks since the annexation of Crimea in 2014 and they have increased in the lead-up to the invasion. As Russia marched into Ukraine, British officials were concerned about “spillover” from any cyber offensives targeted thousands of miles away.

In today’s interconnected digital world, the reality is that distance from the conflict zone makes no difference.

As the West fears a cyber-reprisal, what would a successful attack look like in Britain — and how likely is a complete “network failure”?

https://www.thetimes.co.uk/article/russia-cyberattack-uk-what-would-happen-l3dt98dmb

Just 3% Of Employees Cause 92% Of Malware Events

A small group of employees is typically responsible for most of the digital risk in an organisation, according to new research.

The report, from cybersecurity company Elevate Security and cyber security research organisation Cyentia, also found that those putting their companies at risk from phishing, malware, and insecure browsing are often repeat offenders.

The research found that 4% of employees clicked 80% of phishing links, and 3% were responsible for 92% of malware events.

Four in five employees have never clicked on a phishing email, according to the research. In fact, it asserts that half of them never see one, highlighting the need to focus anti-phishing efforts on at-risk workers.

The malware that phishing and other attack vectors deliver also affects a small group of employees. The research found that 96% of users have never suffered from a malware event. Most malware events revolve around the 3% of users who suffered from two malware events or more, reinforcing the notion that security awareness messages just aren't getting through to some.

https://www.itpro.co.uk/security/malware/366011/just-3-of-employees-cause-92-of-malware-events

70% Of Breached Passwords Are Still in Use

A new report examines trends related to exposed data. Researchers identified 1.7 billion exposed credentials, a 15% increase from 2020, and 13.8 billion recaptured Personally Identifiable Information (PII) records obtained from breaches in 2021.

Through its analysis of this data, it was found that despite increasingly sophisticated and targeted cyber attacks, consumers continue to engage in poor cyber practices regarding passwords, including the use of similar passwords for multiple accounts, weak or common passwords and passwords containing easy-to-guess words or phrases connected to pop culture.

https://www.helpnetsecurity.com/2022/03/08/exposed-data-trends/

Organisations Taking Nearly Two Months to Remediate Critical Risk Vulnerabilities

Edgescan announces the findings of a report which offers a comprehensive view of the state of vulnerability management globally. This year’s report takes a more granular look at the trends by industry, and provides details on which of the known, patchable vulnerabilities are currently being exploited by threat actors.

The report reveals that organisations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days.

High rates of “known” (i.e. patchable) vulnerabilities which have working exploits in the wild, used by known nation state and cybercriminal groups are not uncommon.

Crucially, 57% of all observed vulnerabilities are more than two years old, with as many as 17% being more than five years old. These are all vulnerabilities that have working exploits in the wild, used by known nation state and cybercriminal groups. Edgescan also observed a concerning 1.5% of known, unpatched vulnerabilities that are over 20 years old, dating back to 1999.

https://www.helpnetsecurity.com/2022/03/10/state-of-vulnerability-management/

Android Malware Escobar Steals Your Google Authenticator MFA Codes

The Aberebot Android banking trojan has returned under the name 'Escobar' with new features, including stealing Google Authenticator multi-factor authentication codes.

The new features in the latest Aberebot version also include taking control of the infected Android devices using VNC, recording audio, and taking photos, while also expanding the set of targeted apps for credential theft.

The main goal of the trojan is to steal enough information to allow the threat actors to take over victims' bank accounts, siphon available balances, and perform unauthorised transactions.

Like most banking trojans, Escobar displays overlay login forms to hijack user interactions with e-banking apps and websites and steal credentials from victims.

The malware also packs several other features that make it potent against any Android version, even if the overlay injections are blocked in some manner.

The authors have expanded the set of targeted banks and financial institutions to a whopping 190 entities from 18 countries in the latest version.

https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/

Smartphone Malware Is on The Rise - Here's How to Stay Safe

The volume of malware attacks targeting mobile devices has skyrocketed so far this year, cyber security researchers are saying.

A new report from security company Proofpoint claims that the number of detected mobile malware attacks has spiked 500% in the first few months of 2022, with peaks at the beginning and end of February.

Much of this malware aims to steal usernames and passwords from mobile banking applications, Proofpoint says. But some strains are even more sinister, recording audio and video from infected devices, tracking the victim's location, or exfiltrating and deleting data.

https://www.techradar.com/nz/news/smartphone-malware-is-coming-for-more-and-more-of-us

Russia May Use Ransomware Payouts to Avoid Sanctions’ Financial Harm

FinCEN warns financial institutions to be wary of unusual cryptocurrency payments or illegal transactions Russia may use to ease financial hurt from Ukraine-linked sanctions.

Russia may ramp up ransomware attacks against the United States as a way to ease the financial hurt it’s under due to sanctions, U.S. federal authorities are warning. Those sanctions have been levied against the nation and Vladimir Putin’s government due to its invasion of Ukraine.

The Financial Crimes Enforcement Network (FinCEN) issued a FinCEN Alert (PDF) on Wednesday advising all financial institutions to remain vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions related to the current conflict. One way this may be done is to move cryptocurrency funds through ransomware payments collected after Russian state-sponsored actors carry out cyberattacks.

“In the face of mounting economic pressure on Russia, it is vitally important for financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs,” said FinCEN Acting Director Him Das in a press statement.

https://threatpost.com/russia-ransomware-payouts-avoid-sanctions/178854/

How An 8-Character Password Could Be Cracked in Less Than an Hour

Security experts keep advising us to create strong and complex passwords to protect our online accounts and data from savvy cybercriminals. And “complex” typically means using lowercase and uppercase characters, numbers and even special symbols. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems.

As described in a recent report, Hive found that an 8-character complex password could be cracked in just 39 minutes if the attacker were to take advantage of the latest graphics processing technology. A seven-character complex password could be cracked in 31 seconds, while one with six or fewer characters could be cracked instantly. Shorter passwords with only one or two character types, such as only numbers or lowercase letters, or only numbers and letters, would take just minutes to crack.

https://www.techrepublic.com/article/how-an-8-character-password-could-be-cracked-in-less-than-an-hour/

Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance

Cyber insurance is a significant industry and growing fast — according to GlobalData, it was worth $7 billion in gross written premiums in 2020. The cyber-insurance market is expected to reach $20.6 billion by 2025. Over the past few years, the cyber-insurance market was competitive, so premiums were low and policies were comprehensive. Over the past year, that has changed — the volume of claims has gone up and led to more payouts, which affected the insurance companies' profitability.

The recent Log4j issue will affect how insurance and reinsurance companies write their policies in future. Already, we're seeing discussions about Log4j-related issues being excluded from reinsurance policies in 2022, as many policies came up for renewal on Dec. 31, 2021. This will affect the policies that insurance companies can offer to their customers.

What does this mean for IT security teams? For practitioners, it will make their work more important than before, as preventing possible issues would be more valuable to the business. Carrying out standard security practices like asset inventory and vulnerability management will be needed, while examining software bills of materials for those same issues will help on the software supply chain security side. These practices will also need to be highly automated, as business must be able to gain accurate insights within hours, not months, to deal with future threats while reducing the cost impact.

For those responsible for wider business risk, these developments around cyber insurance will present a more significant problem. Cyber-insurance policies will still be available — and necessary where needed — but the policies themselves will cover less ground. While the past few years had pretty wide-ranging policies that would pay out on a range of issues, future policies will deliver less coverage.

https://www.darkreading.com/risk/cyber-insurance-and-business-risk-how-the-relationship-is-changing-reinsurance-policy-guidance-

Security Teams Prep Too Slowly for Cyber Attacks

Attackers typically take days or weeks to exploit new vulnerabilities, but defenders are slow to learn about critical issues and take action, requiring 96 days on average to learn to identify and block current cyber threats, according to a new report analysing training and crisis scenarios.

The report, Cyber Workforce Benchmark 2022, found that cybersecurity professionals are much more likely to focus on vulnerabilities that have garnered media attention, such as Log4j, than more understated issues, and that different industries develop their security capabilities at widely different rates. Security professionals in some of the most crucial industries, such as transport and critical infrastructure, are twice as slow to learn skills compare to their colleagues in the leisure, entertainment, and retail sectors.

The amount of time it takes for security professionals to get up to speed on new threats matters. CISA says that patches should be applied within 15 days, sooner than that if the vulnerability is being exploited, says Kevin Breen, director of cyber threat research at Immersive Labs.

https://www.darkreading.com/risk/security-teams-prep-too-slowly-for-cyberattacks

Threats

Ransomware

• Inside Conti leaks: The Panama Papers of Ransomware - The Record by Recorded Future

• Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up... Sort Of - Check Point Research

• Oh, The Irony! Conti Ransomware Gang, Which Leaked Ransomware Victims’ Data, Has Its Own Data Leaked (grahamcluley.com)

• CISA Added 98 Domains To The Joint Alert Related To Conti Ransomware Gang - Security Affairs

• Ragnar Locker Ransomware - What You Need To Know (tripwire.com)

• Conti Ransomware Group Spent Millions In 2021 - IT Security Guru

• Ragnar Locker Ransomware Hits Critical Infrastructure • The Register

• Ukrainian Man Arrested for Alleged Role in Ransomware Attack on Kaseya, Others (darkreading.com)

• FBI: Ransomware Gang Breached 52 US Critical Infrastructure Orgs (bleepingcomputer.com)

• Alleged REvil Ransomware Hacker Extradited And Arraigned In Texas | CSO Online

• Bridgestone Americas Confirms Ransomware Attack, LockBit Leaks Data (bleepingcomputer.com)

Phishing & Email

• How Phishing Email Are Evading Email Security - MSSP Alert

• Watch Out For This Phishing Attack That Hijacks Your Email Chats To Spread Malware | ZDNet

• The Most Impersonated Brands In Phishing Attacks - Help Net Security

Malware

• Nvidia's Stolen Data Is Being Used To Disguise Malware As GPU Drivers | PC Gamer

• Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads | Threatpost

• Emotet Botnet Is Rapidly Growing, +130K Bots Spread Across 179 Countries - Security Affairs

• Raccoon Stealer Crawls Into Telegram | Threatpost

• All About the Bots: What Botnet Trends Portend for Security Pros | SecurityWeek.Com

Mobile

• Smartphone malware is on the rise, here's what to watch out for | ZDNet

• Samsung Confirms Hackers Stole Galaxy Devices Source Code (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Cyber Criminals Are Posing As Ukraine Fundraisers To Steal Cryptocurrency - CyberScoop

• Cyber Criminals Compromise Users With Malware Disguised As Pro-Ukraine Cyber Tools - Cisco Talos Intelligence Group

Cryptocurrency/Cryptomining/Cryptojacking

• Russians Liquidating Crypto In The UAE As They Seek Safe Havens | Reuters

Fraud, Scams & Financial Crime

• Consumers Worried About Digital Banking Security - Infosecurity Magazine (infosecurity-magazine.com)

• Shipping Fraud Quickly Emerging As One Of The Top Fraud Types - Help Net Security

Insurance

• The Cyber Insurance Market Needs More Money (hbr.org)

Supply Chain

• Major Tech Firms Launch Security First Initiative To Combat Third-Party Data Breaches - Help Net Security

DoS/DDoS

• Mitel VoIP Systems Used In Staggering DDoS Attacks • The Register

• In-The-Wild DDoS Attack Can Be Launched From A Single Packet To Create Terabytes Of Traffic | ZDNet

• Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers | Threatpost

• The Fight Against the Hydra: New DDoS Report from Link11 (darkreading.com)

• Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks (thehackernews.com)

Parental Controls and Child Safety

• Still Too Many Parents Don't Monitor Their Children's Online Activity - Help Net Security

Spyware, Espionage & Cyber Warfare

• ‘We are not ready’: a Cyber Expert on US Vulnerability to a Russian Attack | Cyberwar | The Guardian

• China-Aligned APT Renews Cyber Attack On European Diplomats, As War Rages | CSO Online

• European Lawmakers Launch Investigation Into Use Of Pegasus Spyware By EU States | TechCrunch

Nation State Actors

Nation State Actors - Russia

• Jump In Cyber Attacks Since Start Of Ukraine Invasion (rte.ie)

• Will Russian Oil Ban Spur Increased Cyber-Attacks (trendmicro.com)

• Russia to Create Its Own Security Certificate Authority, Alarming Experts - CyberScoop

• Russian APTs Furiously Phish Ukraine – Google | Threatpost

• Russia Mulls Legalizing Software Piracy As It’s Cut Off From Western Tech | Ars Technica

• Ukrainian IT Army Hijacked by Infostealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks (thehackernews.com)

• French Bank Denies Access to Russian Workforce - Infosecurity Magazine (infosecurity-magazine.com)

• New RURansom Wiper Targets Russia (trendmicro.com)

• Anonymous & its Affiliates Hacked 90% of Russian Misconfigured Databases (hackread.com)

• Anonymous Claims to Have Leaked Over 360,000 Files From Russian Federal Agency - Infosecurity Magazine

Nation State Actors - China

• Chinese Phishing Actors Consistently Targeting EU Diplomats (bleepingcomputer.com)

• Comment: Chinese Spies Hacked A Livestock App To Breach US State Networks - Information Security Buzz

• Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant (thehackernews.com)

Nation State Actors – North Korea

• Targeted APT Activity: BABYSHARK Is Out for Blood - MSSP Alert

Nation State Actors - Iran

• Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign (thehackernews.com)

Vulnerabilities

• Linux Has Been Bitten By Its Most High-Severity Vulnerability In Years | Ars Technica

• High Rates Of Known, Exploitable Vulnerabilities Still Found In The Wild, Report Reveals - IT Security Guru

• Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday | Threatpost

• New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs (thehackernews.com)

• Google Attempts to Explain Surge in Chrome Zero-Day Exploitation | SecurityWeek.Com

• “Dirty Pipe” Linux Kernel Bug Lets Anyone Write To Any File – Naked Security (sophos.com)

• Microsoft Azure Flaw Allowed Unauthorized Account Access • The Register

• Intel, AMD, Arm Warn Of New Speculative Execution CPU Bugs (bleepingcomputer.com)

• Adobe Patches 'Critical' Security Flaws in Illustrator, After Effects | SecurityWeek.Com

• Up to 30% of WordPress Plugin Bugs Don't Get Patched - IT Security Guru

• Within Hours of the Log4j Flaw Being Revealed, These Hackers Were Using It | ZDNet

• Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape | Threatpost

• Microsoft Warns of Spoofing Vulnerability in Defender for Endpoint | SecurityWeek.Com

• Microsoft Fixes Critical Azure Bug That Exposed Customer Data (bleepingcomputer.com)

• Researchers Disclose New Spectre V2 Vulnerabilities (techtarget.com)

• Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices (thehackernews.com)

• Over 40% of Log4j Downloads Are Vulnerable Versions of the Software (darkreading.com)

• HP Patches 16 UEFI Firmware Bugs Allowing Stealthy Malware Infections (bleepingcomputer.com)

• Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses (thehackernews.com)

Sector Specific

Health/Medical/Pharma Sector

• Medical and IoT Devices From More Than 100 Vendors Vulnerable to Attack (darkreading.com)

• Oklahoma Hospital Data Breach Impacts 92,000 People - Infosecurity Magazine

Transport and Aviation

• Finnish Govt Agency Warns Of Unusual Aircraft GPS Interference (bleepingcomputer.com)

Automotive

• Small Business Owners Worried About The Cyber Security Of Their Commercial Vehicles - Help Net Security

CNI, OT, ICS, IIoT and SCADA

• ICS Vulnerability Disclosures Surge 110% Over The Last Four Years - Help Net Security

• New Security Threats Target Industrial Control And OT Environments - CyberScoop

Reports Published in the Last Week

• 2022 Vulnerability Statistics Report - Edgescan

• Pinpoint the Origins of Workforce Risk - Elevate Security

Other News

• Why You Should Be Using CISA's Catalog of Exploited Vulns (darkreading.com)

• How Attackers Sidestep The Cyber Kill Chain | CSO Online

• How to Combat the No. 1 Cause of Security Breaches: Complexity (darkreading.com)

• Every Business Is A Cyber Security Business - Help Net Security

• Operationalising a “Think Like The Enemy” Strategy | CSO Online

• SpaceX Shifts Resources To Cyber Security To Address Starlink Jamming - SpaceNews

• Report: Cyber Security Teams Need Nearly 100 Days To Develop Threat Defenses | VentureBeat

• 6 Potential Enterprise Security Risks With NFC Technology (techtarget.com)

• BBC Targeted With 383,278 Spam, Phishing And Malware Attacks Every Day - Help Net Security

• Ubisoft Says It Experienced A ‘Cyber Security Incident’, And The Purported Nvidia Hackers Are Taking Credit - The Verge

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Preparedness Is Low Despite Executives’ Concerns

86.7% of C-suite and other executives say they expect the number of cyber attacks targeting their organisations to increase over the next 12 months, according to a recent poll conducted by researchers. While 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organisations over the next 12 months, only 33.3% say that their organisations have simulated ransomware attacks to prepare for such an incident. https://www.helpnetsecurity.com/2021/09/15/ransomware-preparedness/

MSPs That Cannot Modernize Will Find Themselves And Their Clients Falling Behind

Researchers sought feedback from IT professionals to explore the performance of modern (and not-so-modern) managed service providers (MSPs). The survey found that even satisfactory MSPs are falling short in certain key areas: cloud strategy, security, and IT spending. https://www.helpnetsecurity.com/2021/09/16/msps-falling-behind/

Two-Thirds Of Cloud Attacks Could Be Stopped By Checking Configurations, Research Finds

On Wednesday, researchers published its latest Cloud Security Threat Landscape report, spanning Q2 2020 through Q2 2021. According to the research, two out of three breached cloud environments observed by the tech giant "would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems." https://www.zdnet.com/article/two-thirds-of-cloud-attacks-could-be-stopped-by-checking-configurations-research-finds/

Open Source Software Cyber Attacks Increasing By 650%, Popular Projects More Vulnerable

Researchers released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. https://www.helpnetsecurity.com/2021/09/17/open-source-cyberattacks/

Third-Party Cloud Providers: Expanding The Attack Surface

In the era of digital transformation, which is essentially an organisation’s way of stating they are increasing their reliance on cloud-based services—enterprises’, digital landscapes are more interconnected than ever before. This means that the company you buy a technology function from may have downstream third-party providers that enable plumbing, infrastructure and development technology that drive their business. With modern computing environments moving further away from the enterprise, the safety assumption paradigm is shifting. This has impacted the threat landscape because as organisations increase migration to the cloud (a third party), they must now consider that these newly onboarded third parties may have serious security issues that could present adversaries with opportunities to infiltrate your network. https://www.helpnetsecurity.com/2021/09/13/third-party-cloud-providers/

Ransomware Encrypts South Africa's Entire Dept Of Justice Network

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online. https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/

2021’s Most Dangerous Software Weaknesses

Researchers recently updated a list of the top 25 most dangerous software bugs, and it’s little surprise that a number of them have been on that list for years. The Common Weakness Enumeration (CWE) list represents vulnerabilities that have been widely known for years, yet are still being coded into software and being bypassed by testing. Both developers and testers presumably know better by now, but keep making the same mistakes in building applications. https://threatpost.com/2021-angerous-software-weaknesses/169458/

46% Of All On-Prem Databases Are Vulnerable To Attack, Breaches Expected To Grow

A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ severity, aligned with guidelines from the National Institute of Standards and Technology (NIST). This indicates that many organisations are not prioritizing the security of their data and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years. https://www.helpnetsecurity.com/2021/09/15/on-prem-databases-vulnerable/

Most Fortune 500 Companies’ External IT Infrastructure Considered At Risk

Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organisation, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, as research reveal. https://www.helpnetsecurity.com/2021/09/15/external-it-infrastructure-risk/

Thousands Of Internet-Connected Databases Contain High Or Critical Vulnerabilities

After spending five years poring over port scan results, researchers reckon there's about 12,000 vulnerability-containing databases accessible through the internet. The study also found that of the 46 per cent of 27,000 databases scanned, just over half that number contained "high" or "critical" vulns as defined by their CVE score. https://www.theregister.com/2021/09/14/imperva_12k_database_vuln_report/

Only 30% Of Enterprises Use Cloud Services With End to End Encryption For External File Sharing

A recent study of enterprise IT security decision makers conducted by researchers shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. https://www.helpnetsecurity.com/2021/09/13/external-file-sharing/

Threats

Ransomware

• The State Of Ransomware: National Emergencies And Million-Dollar Blackmail

• Ransomware Attackers Targeted App Developers With Malicious Office Docs, Says Microsoft

• Microsoft: Windows MSHTML Bug Now Exploited By Ransomware Gangs

• Ransomware Gang Threatens To Wipe Decryption Key If Negotiator Hired

• US General In Charge Of Cyber Security Pledges ‘Surge’ To Address Ransomware Attacks

• Technology Giant Olympus Hit By BlackMatter Ransomware

• Ransomware: A Market Problem Deserves A Market Solution

• REvil Ransomware Is Back In Full Attack Mode And Leaking Data

• Ransomware-Hit Law Firm Secures High Court Judgment Against Unknown Criminals

• Ransomware Encrypts South Africa's Entire Dept Of Justice Network

BEC

• Romance, BEC Scams Lands Soldier In Jail For 46 Months

Phishing

• The Top Keywords Used In Phishing Email Subject Lines

• Banks Confront New Type Of Phishing: 'Salami' Attacks

• Malware Attack On Aviation Sector Uncovered After Going Unnoticed For 2 Years

• Phishers Impersonate US DOT To Target Contractors After Senate Passed $1 Trillion Infrastructure Bill

Other Social Engineering

• Brits Open Doors For Tech-Enabled Fraudsters Because They 'Don't Want To Seem Rude'

• Scammers In Russia Offer Free Bitcoin On A Hacked Government Website

• FBI: $113 Million Lost To Online Romance Scams This Year

Malware

• Attackers Use Crypto Mining Malware to Target Organisations

• New Zloader attacks disable Windows Defender to evade detection

Mobile

• Cyber Security Expert: Israeli Spyware Company NSO Group Poses ‘A Serious Threat To Phone Users’

• This US Company Sold iPhone Hacking Tools To UAE Spies

• After The T-Mobile Breach, Companies Are Preventing Customers From Securing Their Accounts

IOT

• IOT Device Attacks Double In The First Half Of 2021, And Remote Work May Shoulder Some Of The Blame

• Smart TVs Are Everywhere But Many Remain Unprotected

Vulnerabilities

• Microsoft September 2021 Patch Tuesday Fixes 2 Zero-Days, 60 Flaws

• Pair of Google Chrome Zero-Day Bugs Actively Exploited

• HP Omen Hub Exposes Millions of Gamers To Cyber Attack

• Third Critical Bug Affects Netgear Smart Switches — Details And PoC Released

• Patch Now! PrintNightmare Over, MSHTML Fixed, A New Horror Appears … OMIGOD

• No Patch For High-Severity Bug In Legacy IBM System X Servers

• Experts Warn About Vulnerabilities of U.S. GPS System To Cyber Terrorists

• Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

• Apple Patches An NSO Zero-Day Flaw Affecting All Devices

• AMD CPU Driver Bug Can Break KASLR, Expose Passwords

Data Breaches/Leaks

• Over 60 Million Wearable, Fitness Tracking Records Exposed Via Unsecured Database

• Hackers Leak Passwords For 500,000 Fortinet VPN Accounts

• Stolen Credentials Led To Data Theft At United Nations

Organised Crime & Criminal Actors

• Telegram Emerges As New Dark Web For Cyber Criminals

• Russia Is Fully Capable Of Shutting Down Cyber Crime

• Criminal Hacking Is on the Rise. Microsoft’s President Says This Is How to Fight It

Cryptocurrency/Cryptojacking

• US Will Reportedly Impose Crypto Sanctions Amid Ransomware Attacks

DoS/DDoS

• Powerful Botnet Found To Be Launching Some Of The Biggest DDoS Attacks Ever

Nation State Actors

• Years-Long Attack By Chinese-Linked APT Groups Discovered By McAfee

• UK, US And Australia Launch Pact To Counter China

Cloud

• Misconfigured APIs Account for Two-Thirds of Cloud Breaches

• Zero Trust Requires Cloud Data Security With Integrated Continuous Endpoint Risk Assessment

Other News

• Facebook Says It Will Step Up Efforts To Stop Coordinated Campaigns That Cause Harm

• Healthcare Cyber Security: How To Prevent The Compromise Of Patient Records?

• Security Experts Predict A Global AI-Related Cyber Attack Before Year-End

• Japan Is Belatedly Recognising The Risks Of Cyber War

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Two Thirds Of CISOs Across World Expect Damaging Cyber Attack In Next 12 Months

More than 1,000 CISOs around the world have expressed concerns about the security ramifications of the massive shift to remote work since the beginning of the pandemic. One hundred CISOs from the US, Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, and Singapore were interviewed for the report, with many highlighting significant problems in the current cyber security landscape.

https://www.zdnet.com/article/two-thirds-of-cisos-across-world-expect-damaging-cyberattack-in-next-12-months/

Ransomware: Don't Pay Up, It Just Shows Cyber Criminals That Attacks Work, Warns Home Secretary

For victims of ransomware attacks, paying the ransom does not guarantee that their network will be restored – and handing money to criminals only encourages them to try their luck infecting more companies with the file-encrypting malware. The impact of ransomware attacks continues to rise as cyber criminals encrypt networks, while also blackmailing victims with the prospect of stolen data being published, to generate as much money as possible from extortion.

https://www.zdnet.com/article/ransomware-dont-pay-the-ransom-it-just-encourage-cyber-criminals-that-attacks-work-warns-home-secretary/

The Most Significant Cyber Attacks From 2006-2020, By Country

Committing a cyber crime can have serious consequences. In the US, a cyber criminal can receive up to 20 years in prison for hacking into a government institution if it compromises national security. Yet, despite the consequences, cyber criminals continue to wreak havoc across the globe. But some countries seem to be targeted more than others. Using data from SpecOps Software, this graphic looks at the countries that have experienced the most significant cyber attacks over the last two decades.

https://www.visualcapitalist.com/cyber-attacks-worldwide-2006-2020/

The Shape Of Fraud And Cyber Crime: 10 Things We Learned From 2020

While it remains true that the older you are, the greater the financial loss, why would fraudsters target the young, who are arguably less well off? The answer lies in volume. Criminals have been offsetting higher monetary gain for higher attack rates, capitalising on the fact that the young are perhaps both more liberal with personal information (and privacy in general) and, at the same time, heavy digital users (social media, surveys, games, and so on). In fact, it is scary to see how much value the humble email address can have for criminals. We often forget that once obtained, it can be used further down the line to commit more fraud.

https://www.computerweekly.com/opinion/The-shape-of-fraud-and-cyber-crime-10-things-we-learned-from-2020

Is Third-Party Software Leaving You Vulnerable To Cyber Attacks?

When companies buy digital products, they expect them to be secure. In most cases, they do not test for vulnerabilities down the digital supply chain — and do not even have adequate processes or tools to do so. Hackers have taken note, and incidents of supply chain cyber attacks, which exploit weaknesses within the digital supply chain to break into organisations’ internal networks, are on the rise. As a result, there have been many headline incidents that not only bring shame to the companies involved, but rachet up the visibility of these threats to top executives who want to know their offerings are secure.

https://hbr.org/2021/05/is-third-party-software-leaving-you-vulnerable-to-cyberattacks

US Pipeline Ransomware Attack Serves As Fair Warning To Persistent Corporate Inertia Over Security

Organisations that continue to disregard the need to ensure they have adopted basic cyber security hygiene practices should be taken to task. This will be critical, especially as cyber criminals turn their attention to sectors where cyber threats can result in real-world risks, as demonstrated in the US Colonial Pipeline attack. In many of my conversations with cyber security experts, there is a shared sense of frustration that businesses still are failing to get some of the most basic things right. Default passwords are left unchanged, frontline staff and employees are still falling for common scams and phishing attacks, and major businesses think nothing of using technology that are decades old.

https://www.zdnet.com/article/us-pipeline-ransomware-attack-serves-as-fair-warning-to-persistent-corporate-inertia-over-security/

Ransomware Attackers Are Now Using Triple Extortion Tactics

The number of organisations affected by ransomware so far this year has more than doubled, compared with the same period in 2020, according to the report. Since April, Check Point researchers have observed an average of 1,000 organisations impacted by ransomware every week. For all of 2020, ransomware cost businesses worldwide around $20 billion, more than 75% higher than the amount in 2019. The healthcare sector has been seeing the highest volume of ransomware with around 109 attacks per organization each week. Amid news of a ransomware attack against gas pipeline company Colonial Pipeline, the utilities sector has experienced 59 attacks per organization per week. Organisations in the insurance and legal sector have been affected by 34 such attacks each week.

https://www.techrepublic.com/article/ransomware-attackers-are-now-using-triple-extortion-tactics/

AXA Pledges To Stop Reimbursing Ransom Payments For French Ransomware Victims

Insurance company AXA has revealed that, at the request of French government officials, it will end cyber insurance policies in France that pay ransomware victims back for ransoms paid out to cyber criminals. While unconfirmed, the Associated Press reported that the move was an industry first. AXA is one of the five biggest insurers in Europe and made the decision as ransomware attacks become a daily occurrence for organisations across the world.

https://www.zdnet.com/article/axa-pledges-to-stop-reimbursing-ransom-payments-for-french-ransomware-victims/

The Dystopic Future Of Cyber Security And The Importance Of Empowering CISOs

Over a decade ago, in 2007, the first iPhone was released and with it emerged an ecosystem of apps that continues to expand to this day. This was a watershed moment, not solely for the technology industry, but civilization. It was a catalyst for what was to come. Suddenly, every consumer could access the internet at a touch of a button, and the accumulation of their data by private companies began en masse. It was at this point that data was established as an increasingly valuable commodity, and in turn, became a heightened exploitation risk. It also instigated a wave of innovation that has yet to break and is only growing rapidly in pace. In this state, technology providers, users, and manufacturers get excited about new functionalities, new features, new developments, while little thought is given to the negative consequences that could arise as a result. Indeed, fear has no place in the state of innovation as it is this primal thinking that inhibits creativity.

https://www.infosecurity-magazine.com/blogs/the-dystopic-future-of/

Cyber Security Experts Warn Over Online Wine Scams

Online wine scams became a bigger threat as cyber criminals sought to take advantage of more people and businesses organising virtual drinks and ordering bottles on the internet in the wake of Covid-19 restrictions, suggests the report. So-called ‘phishing emails’ were a particular concern, according to findings published in April by US-based group Recorded Future in partnership with Area 1 Security. From January 2020 onwards, the authors found a significant rise in legitimate wine-themed web domain registrations using terms like Merlot, Pinot, Chardonnay or Vino.

https://www.decanter.com/wine-news/cyber-security-experts-warn-over-online-wine-scams-457647/

Threats

Ransomware

• New Ransomware: CISA Warns Over Fivehands File-Encrypting Malware Variant

• Energy Companies Are The Firms Most Likely To Pay Cyber Attack Ransoms

• A Student Pirating Software Led To A Full-Blown Ryuk Ransomware Attack

• MTR In Real Time: Pirates Pave Way For Ryuk Ransomware

• Ransomware Going For $4K On The Cyber Underground

• Foreign Secretary Issues Warning To Russia On Ransomware

• Anatomy Of A $2 Million Darkside Ransomware Breach

BEC

• Business Email Compromise Attack Targeted Dozens Of Orgs

Phishing

• Phishing Attacks Exploit Cognitive Biases, Research Finds

• AI Discovers A Complex Phishing Crypto Currency Scam Campaign

Other Social Engineering

• Coronavirus-Related Cyber Crime Contributes To 15-Fold Surge In Scam Takedowns

• She Responded To A Smishing Scam. Then The Spam Texts Got Worse.

Malware

• Emails Reveal 128 Million iOS Users Were Affected By ‘Xcodeghost’ Malware

Mobile

• A New Smishing Trojan Is Out And About

• New Android Malware Targeting Banks In Italy, Spain, Germany, Belgium, And The Netherlands

IOT

• How To Apply A Zero Trust Approach To Your IoT Solutions

• Troy Hunt At Black Hat Asia: ‘We’re Making It Very Difficult For People To Make Good Security Decisions’

Vulnerabilities

• Don’t Delay Installing Your Windows 10 May Patch Tuesday Update – It Fixes 3 Zero-Day Exploits

• Patch Adobe Reader Now Or Risk A Major Security Attack

• WiFi Vulnerability May Leave Millions Of Devices Open To 'Frag Attacks'

• Remote Mouse Mobile App Contains Raft Of Zero-Day RCE Vulnerabilities

• Lemon Duck Hacking Group Adopts Microsoft Exchange Server Vulnerabilities In New Attacks

Data Breaches

• Hackers release personal info of 22 DC Police officers

• Anatomy Of A $2 Million Darkside Ransomware Breach

Organised Crime & Criminal Actors

• Bulletproof Hosting Admins Plead Guilty To Running Cyber Crime Safe Haven

Supply Chain

• Rapid7 Source Code, Credentials Accessed In Codecov Supply-Chain Attack

Nation State Actors

• Russian Hackers Are Targeting These Vulnerabilities, So Patch Now

• NCSC Warns British Start-Ups Of Threat From Chinese And Russian Hackers

• NCSC, CISA publish new information on Russia’s Cozy Bear

Privacy

• Your Employer May Be Spying On You — Here Are 3 Ways To Stop It

Reports Published in the Last Week

• DDOS Attacks In Q1 2021

• Verizon 2021 Data Breach Investigations Report (DBIR)

Other News

• University Cancels Exams After Cyber Attack

• Your Old Mobile Phone Number Could Compromise Your Cyber Security

• Microsoft's New Security Feature Locks Hackers Out With GPS

• Biden Signs Executive Order Aiming To Prevent Future Cyber Security Disasters

• Cyber Security And Compliance For Healthcare Organizations

• Train Firm’s ‘Worker Bonus’ Email Is Actually Cyber Security Test

• Half Of Government Security Incidents Caused By Missing Patches

• 90% Of Security Leaders View Bot Management As A Top Priority

• 'Everyone Had To Rethink Security': What Microsoft Learned In Last Year

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.