Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 17 December 2021
Black Arrow Cyber Threat Briefing 17 December 2021:
-Employees Think They’re Safe From Cyber Threats On Company Devices
-Internet Is Scrambling To Fix Log4shell, The Worst Hack In History
-Apache Log4j Flaw: A Fukushima Moment for the Cyber Security Industry
-60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low
-Ransomware in 2022: We're All Screwed
-Attacks on UK Firms Increase Five-Fold During Pandemic
-The Log4J Software Flaw Is ‘Christmas Come Early’ for Cyber Criminals
-Why Cloud Storage Isn't Immune to Ransomware
-400 Banks’ Customers Targeted with Anubis Trojan
-Sites Hacked With Credit Card Stealers Undetected For Months
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Employees Think They’re Safe From Cyber Threats On Company Devices
A research launched by Menlo Security reveals increased cyber security risks posed to employees and organisations during the 2021 holiday shopping season.
The research – which surveyed 2,000 employed people in the United States and the United Kingdom – found that while employees are concerned about threats and are taking some measures to mitigate them, they often have false confidence in their security posture.
There are now more threats to corporate devices and networks than ever as hybrid work models blur the boundaries between work and home. More than half of respondents (56% US; 53% UK) reported performing non-work-related tasks – such as online shopping – on company devices.
Furthermore, the survey found that 65% of people in the US (63% UK) are doing more online holiday shopping in 2021 compared to previous years, and nearly half of respondents (48% US; 45% UK), reported shopping for gifts this holiday season on a work-issued device such as a laptop or mobile phone.
Workers are also noticing a rise in cyber threats this holiday season, with 58% of respondents in the US (48% UK) observing an increase in scams and fraudulent messages, exemplifying that threats are rampant worldwide. This is worrying many people, as the vast majority of respondents (80% US & UK) report being somewhat to very concerned about their personal data being stolen while online shopping.
However, despite workers’ recognition and concern of cyber threats, 60% of people (65% UK) still believe they’re secure from cyberthreats if they’re using a company device.
https://www.helpnetsecurity.com/2021/12/14/employees-cybersecurity-risks/
Internet Is Scrambling To Fix Log4shell, The Worst Hack In History
Massive data breaches have become so common that we’ve gotten numb to reports detailing another hack or 0-day exploit. That doesn’t reduce the risk of such events happening, as the cat-and-mouse game between security experts and hackers continues. As some vulnerabilities get fixed, others pop up requiring attention from product and service providers. The newest one has a name that will not mean anything to most people. They call the hack Log4Shell in security briefings, which doesn’t sound very scary. But the new 0-day attack is so significant that some people see it as the worst internet hack in history.
Malicious individuals are already exploiting the Log4Shell attack, which allows them to get into computer systems and servers without a password. Security experts have seen Log4Shell in action in Minecraft, the popular game that Microsoft owns. A few lines of text passed around in a chat might be enough to penetrate the defences of a target computer. The same ease of access would allow hackers to go after any computer out there using the Log4J open-sourced java-based logging utility.
https://bgr.com/tech/internet-is-scrambling-to-fix-log4shell-the-worst-hack-in-history/
Apache Log4j Flaw: A Fukushima Moment for the Cyber Security Industry
Organisations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come.
The discovery of a critical flaw in the Apache Log4j software is nothing short of a Fukushima moment for the cybersecurity industry.
Ten years ago, an earthquake and subsequent tidal wave triggered the meltdown of the Fukushima nuclear power plant that continues to plague the region today. Similarly, the early exploitation of Log4j, during which attackers will go after the low-hanging fruit exposed by the vulnerability, will evolve over time to take the form of more complex attacks on more sensitive systems that have less exposure to the internet. And, just as Fukushima brought to light significant issues with longstanding processes in place at the plant, so too does the Log4j vulnerability, known as Log4Shell, highlight two crucial practices of concern:
· How organisations capture and protect their massive troves of log data; and
· The use of open-source code libraries as the building blocks for major enterprise applications.
The paradox of Log4j: the more you log, the worse it gets
We’re discovering new apps every minute which use Log4j in one way or another. It affects not only the code you build, but also the third-party systems you have in place. Everything from the new printer you’ve bought for the office to the ticketing system you’ve just deployed is potentially affected by this flaw. Some affected systems may be on premises, others may be hosted in the cloud but no matter where they are, the flaw is likely to have an impact.
https://www.theregister.com/2021/12/17/vmware_criticial_uem_flaw/
60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low
There is a “dangerous” lack of awareness among UK workers towards cybersecurity, leaving businesses at risk of attacks, according to a new study by Armis. This is despite 60% of workers admitting they have fallen victim to a cyber-attack.
The nationwide survey of 2000 UK employees found that only around a quarter (27%) are aware of the associated cyber risks, while one in 10 (11%) don’t worry about them at all.
Even more worryingly, just one in five people said they paid for online security, putting businesses at high risk of attacks amid the shift to remote working during COVID-19.
The most prevalent types of attacks experienced by workers or their organisations were phishing (27%), data breaches (23%) and malware (20%).
The study also revealed growing concerns about the scale of the cyber-threats facing the UK. A large-scale cyber-attack was ranked as the fourth biggest future concern (21%) among the respondents, equal to the UK going to war. Two-fifths (40%) said they would like to see a minister for cyber security installed to ensure the issue is focused on more at a government level.
Russian-backed cyber-criminals were considered the biggest threat to the UK’s cybersecurity (20%) by the respondents, followed by financially motivated cyber-criminals (17%) and Chinese-backed cyber-criminals (16%).
https://www.infosecurity-magazine.com/news/uk-workers-victim-cyber-attack/
Ransomware in 2022: We're All Screwed
Ransomware is now a primary threat for businesses, and with the past year or so considered the "golden era" for operators, cybersecurity experts believe this criminal enterprise will reach new heights in the future.
Kronos. Colonial Pipeline. JBS. Kaseya. These are only a handful of 2021's high-profile victims of threat groups including DarkSide, REvil, and BlackMatter.
According to Kela's analysis of dark web forum activity, the "perfect" prospective ransomware victim in the US will have a minimum annual revenue of $100 million and preferred access purchases include domain admin rights, as well as entry into Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) services.
Over the past few years, we've seen ransomware operators evolve from disorganised splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains.
Ransomware infection is no longer an end goal of a cyberattack. Instead, malware families in this arena -- including WannaCry, NotPetya, Ryuk, Cerber, and Cryptolocker -- can be one component of attacks designed to elicit a blackmail payment from a victim organisation.
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Attacks on UK Firms Increase Five-Fold During Pandemic
Attacks on UK firms surged five-fold during the pandemic and now cost way more than the global average, according to Accenture.
The global consultancy polled 500 UK executives to compile its State of Cybersecurity Resilience 2021 study.
It found that large organisations experienced 885 attempted cyber-attacks in 2020 – up from 156 the previous year and more than triple the global average of 270.
They’re also more expensive than elsewhere. Accenture calculated that incidents and breaches cost over £1.3m a year – £350,000 more than the global average.
Over 80% of respondents said the cost of staying ahead of cyber-criminals is unsustainable, a fifth more than the previous year, and a quarter said they’ve been forced to increase cybersecurity budgets by 10% or more.
Worryingly, supply chain attacks accounted for 64% of breaches in the UK last year, up by a quarter (26%) from the previous year.
https://www.infosecurity-magazine.com/news/attacks-on-uk-firms-increase/
The Log4J Software Flaw Is ‘Christmas Come Early’ for Cyber Criminals
Researchers have just identified a security flaw in a software program called Log4J, widely used by a host of private, commercial and government entities to record details ranging from usernames and passwords to credit card transactions. Since the glitch was found last weekend, the cybersecurity community has been scrambling to protect applications, services, infrastructure and even Internet of Things devices from criminals—who are already taking advantage of the vulnerability.
“For cybercriminals this is Christmas come early, because the sky’s the limit,” says Theresa Payton, a former White House chief information officer and the CEO of Fortalice Solutions, a cybersecurity consulting company. “They’re really only limited by their imagination, their technical know-how and their own ability to exploit this flaw.” Payton spoke with Scientific American about what Log4J does, how criminals can use its newly discovered weakness, and what it will take to repair the problem.
Why Cloud Storage Isn't Immune to Ransomware
Ransomware is the flavour of the month for cybercriminals. The FBI reports that ransomware attacks rose 20% and losses almost tripled in 2020. And our increased use of the cloud may have played a part in that spike. A survey of CISOs conducted by IDC earlier this year found that 98% of their companies suffered at least one cloud data breach in the previous 18 months as opposed to 79% last year, and numbers got worse the more exposure they had to the cloud.
Organisations now use hundreds of cloud-based apps, which adds thousands of new identities logging in to their systems. This opens almost unlimited possibilities for hackers. Even if cloud vendors have their own identity and access management controls, vulnerabilities will emerge. In fact, recent research into cloud security found that over 70% of organisations had machines open to the public that were linked to identities whose permissions were vulnerable, under the right conditions, to being exploited to launch ransomware attacks.
A number of reasons could explain why security falls through the cracks of many cloud systems, and leaves them more vulnerable to ransomware attacks.
https://www.darkreading.com/attacks-breaches/why-cloud-storage-isn-t-immune-to-ransomware
400 Banks’ Customers Targeted with Anubis Trojan
Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A.
Researchers say this is just the beginning.
Once downloaded, the malware – a variant of banking trojan Anubis – steals the user’s personal data to rip them off, researchers at Lookout warned in a new report. And it’s not just customers of big banks at risk, the researchers added: Virtual payment platforms and crypto wallets are also being targeted.
“As a banking trojan malware, Anubis’ goal is to collect significant data about the victim from their mobile device for financial gain,” the Lookout report said. “This is done by intercepting SMSs, keylogging, file exfiltration, screen monitoring, GPS data collection and abuse of the device’s accessibility services.”
https://threatpost.com/400-banks-targeted-anubis-trojan/177038/
Sites Hacked With Credit Card Stealers Undetected For Months
Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers.
Magecart skimming is an attack that involves the injection of malicious JavaScript code on a target website, which runs when the visitor is at the checkout page.
The code can steal payment details such as credit card number, holder name, addresses, and CVV, and send them to the actor.
Threat actors may then use this information for purchasing goods online or sold to other actors on underground forums and dark web marketplaces known as "carding" sites.
Threats
Ransomware
Why Ransomware Attacks Happen Out Of Hours Or During The Holidays • The Register
Conti Ransomware Gang Exploits Log4Shell Bug In Its Operations - Security Affairs
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware (thehackernews.com)
HR Management Firm Kronos Needs Weeks to Recover From Ransomware Attack | SecurityWeek.Com
Ransomware Affiliate Arrested In Romania - The Record By Recorded Future
Police Arrests Ransomware Affiliate Behind High-Profile Attacks (Bleepingcomputer.Com)
All Change at the Top as New Ransomware Groups Emerge - Infosecurity Magazine
Hive Ransomware Enters Big League With Hundreds Breached In Four Months (Bleepingcomputer.Com)
Ransomware Suspect Arrested Over Attacks On 'High-Profile' Organisations | Zdnet
BEC – Business Email Compromise
Phishing
How A Phishing Campaign Is Able To Exploit Microsoft Outlook - Techrepublic
Phishing Campaign Uses PowerPoint Macros To Drop Agent Tesla (Bleepingcomputer.Com)
New Microsoft Exchange Credential Stealing Malware Could Be Worse Than Phishing - TechRepublic
Other Social Engineering
Malware
Hackers Start Pushing Malware In Worldwide Log4shell Attacks (Bleepingcomputer.Com)
Hackers’ Log4Shell Malware Attacks Shuts Down Thousands of Government Websites | Tech Times
A Practical and Detailed Look at Cobalt Strike Threat Actors - MSSP Alert
New Fileless Malware Uses Windows Registry as Storage to Evade Detection (thehackernews.com)
‘DarkWatchman’ RAT Shows Evolution in Fileless Malware | Threatpost
New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 (thehackernews.com)
Mobile
China: Man Lifts Sleeping Ex's Eyelids, Unlocks Phone, Steals $24k (insider.com)
Malicious Joker App Scores Half-Million Downloads on Google Play | Threatpost
Apple Patches 42 Security Flaws in Latest iOS Refresh | SecurityWeek.Com
IoT
Modern Cars: A Growing Bundle Of Security Vulnerabilities - Help Net Security
Are Your Home Security Cameras Vulnerable To Hacking? - cnet
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Log4j Attackers Switch To Injecting Monero Miners Via RMI (bleepingcomputer.com)
Hackers Are Using the Blockchain to Make Bulletproof Botnets (gizmodo.com)
Botnet Steals Half A Million Dollars In Cryptocurrency From Victims - Techrepublic
Hackers Steal $140 Million From Users of Crypto Gaming Company (vice.com)
Insider Risk and Insider Threats
Fraud & Financial Crime
“Sadistic” Online Extortionist Jailed for 32 Years - Infosecurity Magazine
Experts: Public Should Freeze Credit Post-Breach - Infosecurity Magazine
Nation State Actors
China, Iran Among Those Exploiting Apache Cyber Vulnerability, Researchers Say (Yahoo.Com)
Documents Link Huawei To Uyghur Surveillance Projects, Report Claims | Huawei | The Guardian
Russian Cyberspy Groups Start Exploiting Log4Shell Vulnerability | SecurityWeek.Com
Cloud
Privacy
Spyware and Espionage
Vulnerabilities
4 Ways To Properly Mitigate The Log4j Vulnerabilities (And 4 To Skip) | CSO Online
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges (thehackernews.com)
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability (thehackernews.com)
Patching Isn't Enough For December's Patch Tuesday | Computerworld
Windows 10 Patch Tuesday (Kb5008212) Is Out — Here's What's New And What's Broken - Neowin
Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware (thehackernews.com)
Adobe Addresses Over 60 Vulnerabilities In Multiple Products - Security Affairs
Hackers Launch More Than 1.2m Attacks Through Log4J Flaw | Financial Times (ft.com)
Google Pushes Emergency Chrome Update To Fix Zero-Day Used In Attacks (Bleepingcomputer.Com)
Over Log4j? VMware Has Another Critical Flaw For You To Fix - The Register
CISA Urges VMware Admins To Patch Critical Flaw In Workspace ONE UEM (bleepingcomputer.com)
Sector Specific
SMBs – Small and Medium Businesses
What the Log4Shell Bug Means for SMBs: Experts Weigh In | Threatpost
Security Priorities Are Geared Toward Ongoing Remote And Hybrid Work - Help Net Security
Transport and Aviation
Nation State Threat Group Targets Airline with Aclip Backdoor (securityintelligence.com)
Other News
Why Tech Companies Must Come Clean About The Latest Cyber Security Crisis | Fortune
“Worst-Case Scenario” Exploit Travels the Globe - Infosecurity Magazine
Log4j Hack Raises Serious Questions About Open-Source Software | Financial Times
Why Log4j Mitigation Is Fraught With Challenges (darkreading.com)
Security Flaws Found In A Popular Guest Wi-Fi System Used In Hundreds Of Hotels | TechCrunch
Experts: Log4j Bug Could Be Exploited for “Years” - Infosecurity Magazine
2022: Supply-Chain Chronic Pain & SaaS Security Meltdowns | Threatpost
Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips (thehackernews.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 December 2021
Black Arrow Cyber Threat Briefing 10 December 2021
-Beware Of Ransomware Attacks Between Christmas and New Year’s!
-Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)
-Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool
-SolarWinds Attackers Spotted Using New Tactics, Malware
-Cyber Crime Supply Chain: Fueling The Rise In Ransomware
-Weak Passwords Caused 30% Of Security Breaches
-Work-from-Anywhere Requires "Work-from-Anywhere Security"
-Just 3% of UK Firms Escaped a Supply Chain Breach in 2021
-Critical Flaw In ManageEngine Desktop Central MSP Tool Exploited In The Wild
-New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security
-UK’s Poor Cyber Risk Planning Could “Wreak Havoc”
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Beware Of Ransomware Attacks Between Christmas And New Year’s!
Darktrace reported that its security researchers discovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average.
The researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February. Following a record number of ransomware attacks this year, the company expects the spike to be higher over the 2021 holiday period.
https://www.helpnetsecurity.com/2021/12/09/ransomware-attacks-holiday/
Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)
It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks.
So how can you take precautions to protect your organisation during these times?
Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. On the contrary, any time of the year where companies may be less prepared to fend off a cyberattack is an opportunity for successful compromise. As a result, the holidays put your company at a higher risk of cyberattack.
https://thehackernews.com/2021/12/why-holidays-put-your-company-at-risk.html
Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool
Security experts are sounding the equivalent of a five-alarm fire on a critical new zero-day vulnerability in Log4j, a logging framework that is ubiquitously present in Java software.
The flaw (CVE-2021-44228) could allow remote attackers to run arbitrary code on any application that uses Log4j and is already being actively exploited. Some vendors have observed mass scanning activity — presumably by threat actors — for vulnerable applications, and there are some reports of exploit activity against organisations. Attacks against the flaw take little skill to execute and are being fueled by proof-of-concept code in the wild.
SolarWinds Attackers Spotted Using New Tactics, Malware
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.
One year after the notorious and far-reaching SolarWinds supply-chain attacks, its orchestrators are on the offensive again. Researchers said they’ve seen the threat group – which Microsoft refers to as “Nobelium” and which is linked to Russia’s spy agency – compromising global business and government targets with novel tactics and custom malware, stealing data and moving laterally across networks.
https://threatpost.com/solarwinds-attackers-new-tactics-malware/176818/
Cyber Crime Supply Chain: Fuelling The Rise In Ransomware
Trend Micro released a research detailing the murky cybercrime supply chain behind much of the recent surge in ransomware attacks. Demand has increased so much over the past two years that many cybercriminal markets now have their own “Access-as-a-Service” sections.
https://www.helpnetsecurity.com/2021/12/06/cybercrime-supply-chain/
Weak Passwords Caused 30% Of Security Breaches
A recent survey assessed the risk factors associated with password management and how to safeguard them from attacks or breaches. The results revealed that 30% of respondents reported password leaks and security breaches as a result of poor password practices. Respondees admitted to making poor password choices, such as sharing them with colleagues, family members or friends; writing them on sticky notes, papers, planners; re-using passwords across multiple sites and only changing them when prompted.
Consequently, researchers revealed some of the best password practices to create unhackable passwords. These practices include using secure VPNs, two-factor authentication, using a password management software and creating unique passwords that aren’t easily deduced .
https://www.itsecurityguru.org/2021/12/10/weak-passwords-caused-30-of-security-breaches/
Work-from-Anywhere Requires "Work-from-Anywhere Security"
Securing today's expanding networks often includes adding additional technologies to an already overburdened security environment. With organisations already struggling to manage an average of 45 security tools, with each incident requiring coordination across 19 different devices, adding new technologies to the mix may be the straw that breaks the camel's back.
The most recent example of the rapid expansion of the network's attack surface has been remote work. The COVID-19 pandemic accelerated the need for a work-from-anywhere (WFA) strategy. And now, as workers begin to return to the office, a hybrid approach to work has become the new status quo. According to Accenture, 83% of workers prefer a hybrid work model that allows them to work remotely between 25% and 75% of the time. And businesses are listening. 63% of high-revenue growth companies have already enabled productivity anywhere workforce models.
One of the biggest security challenges of a hybrid workforce is that employees need to move seamlessly between the corporate office, their home network, and other remote locations. Applications, whether deployed in the data centre, SaaS, or cloud, not only need to be available from anywhere, but user experience—and security—needs to be consistent from any location as well.
https://www.securityweek.com/work-anywhere-requires-work-anywhere-security
Just 3% of UK Firms Escaped a Supply Chain Breach in 2021
Some 97% of UK organisations suffered a supply chain breach over the past year, up from 82% in 2020 and the second highest figure globally, according to BlueVoyant.
The security firm polled 1200 C-level executives with responsibility for managing risk in supply chains, across the UK, US, Singapore, Canada, Germany and the Netherlands.
UK firms also experienced a higher-than-average percentage of breaches: 59% suffered between two and five supply chain incidents compared to an overall average of 49%. The average number of breaches in the country grew from 2.64 in 2020 to 3.57 in 2021.
Perhaps unsurprisingly given these figures, only a quarter (27%) of UK respondents said they consider third-party cyber risk a key priority versus a 42% global average.
https://www.infosecurity-magazine.com/news/just-3-uk-firms-escaped-supply/
Critical Flaw In ManageEngine Desktop Central MSP Tool Exploited In The Wild
News of this latest zero-day vulnerability comes after hackers exploited at least two other flaws in ManageEngine products this year. Attacks against MSPs and their tools have seen a rise over the past several years due to hackers realizing that compromising such organisations can provide an easy way into the networks of thousands of businesses that rely on them to manage their IT assets.
News of this latest zero-day vulnerability comes after hackers exploited at least two other flaws in ManageEngine products this year. Attacks against MSPs and their tools have seen a rise over the past several years due to hackers realizing that compromising such organisations can provide an easy way into the networks of thousands of businesses that rely on them to manage their IT assets.
New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security
Continuity™, the first dedicated storage and backup security provider, this week announced findings from its Security Intelligence Report: Analysis of Storage and Backup Security in the Financial Services & Banking Sector. This extensive study – the first of its kind – explores the security posture of storage and backup environments in the global financial services industry.
The survey of 200 financial services firms and banks from 45 countries revealed that most of these organisations have not yet reached a satisfactory level of storage and backup maturity. Notably, more than half (52%) of the respondents were not strongly confident about their storage and backup security, and a quarter (25%) noted they were significantly concerned (low or no confidence).
UK’s Poor Cyber Risk Planning Could “Wreak Havoc”
The UK’s long-term risk planning is under-powered and could expose the nation if it is struck by a serious cyber-threat, a new House of Lords (HoL) report has found.
The study, Preparing for Extreme Risks: Building a Resilient Society, was produced by the upper chamber’s Select Committee on Risk Assessment and Risk Planning after interviews with 85 expert witnesses.
It claimed that the government spends too much of its time reacting to crises and emergencies, neglecting the kind of long-term planning which would have prepared the country better for the COVID-19 pandemic.
“The UK’s unpreparedness to manage the outbreak of the COVID-19 virus was and is clear. More broadly, our inquiry has analyzed the UK’s risk assessment process and found that our current system is deficient at assessing and addressing future threats and hazards,” it argued.
“However, pandemics are only one of a number of extreme risks facing the UK. Severe space weather events could render smart technologies on which much of society relies inoperable for weeks or longer; this would include GPS, the internet, communications systems and power supplies. A cyber or physical attack on our critical national infrastructure could wreak havoc.”
https://www.infosecurity-magazine.com/news/uks-poor-cyber-risk-planning-could/
Threats
Ransomware
Ransomware Attacks Soar, Hackers Set To Become More Aggressive | Reuters
Emotet’s Behaviour & Spread Are Omens of Ransomware Attacks | Threatpost
Ireland Conti Ransomware Attack Vector Was Spam Email • The Register
Crackdown On Crypto Firms Needed To ‘Wreck’ Ransomware, Says Ex-GCHQ Boss (telegraph.co.uk)
Companies Linked to Russian Ransomware Hide in Plain Sight - The New York Times (nytimes.com)
New 'Karakurt' Cyber Crime Gang Focuses On Data Theft And Extortion - Security Affairs
More Than 300 Spar Shops In North Of England Hit By Cyber Attack | Hacking | The Guardian
New Cerber Ransomware Targets Confluence And GitLab Servers (Bleepingcomputer.Com)
Ransomware Attack Locks Hotel Guests Out Of Rooms - IT Security Guru
BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild (thehackernews.com)
ALPHV BlackCat - This Year's Most Sophisticated Ransomware (Bleepingcomputer.Com)
Phishing
Microsoft, Google OAuth Flaws Can Be Abused In Phishing Attacks (Bleepingcomputer.Com)
Researchers Explore Microsoft Outlook Phishing Techniques (darkreading.com)
Convincing Microsoft Phishing Uses Fake Office 365 Spam Alerts (Bleepingcomputer.Com)
Study: Most Phishing Pages Are Abandoned Or Disappear In A Matter Of Days - Techrepublic
Phishing Attacks Use QR Codes To Steal Banking Credentials (Bleepingcomputer.Com)
Malware
Emotet Is Back and More Dangerous Than Before (darkreading.com)
Malicious Notepad++ Installers Push StrongPity Malware (bleepingcomputer.com)
Mobile
IOT
IoT Under Attack: Security Is Still Not Good Enough On These Edge Devices | ZDNet
Three-Quarters of Firms Admit to Sub-Optimal IoT Security - Infosecurity Magazine
Data Breaches/Leaks
Organised Crime & Criminal Actors
Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers (thehackernews.com)
Google Disrupts Massive Glupteba Botnet, Sues Russian Operators (Bleepingcomputer.Com)
Cyber Criminals Are Using Fake Advertising To Distribute Malware | Techspot
Cryptocurrency/Cryptojacking
Hackers Are Minting Their Own Crypto To Use In Elaborate Phishing Scams | Techradar
Tor2Mine Cryptominer Is Warning Sign Of Network Exploitation • The Register
QNAP Warns Users Of Bitcoin Miner Targeting Their NAS Devices (Bleepingcomputer.com)
Insider Risk and Insider Threats
Fraud & Financial Crime
Dark Web
OT, ICS, IIoT and SCADA
Nation State Actors
UK Spy Chief Raises Fears Over China’s Digital Renminbi | Financial Times (FT.com)
Russia Blocks Tor Privacy Service in Latest Censorship Move (thehackernews.com)
Cloud
Vulnerabilities
Your Microsoft Network Is Only As Secure As Your Oldest Server | CSO Online
Lack of Patching Leaves 300,000 Routers at Risk for Attack (darkreading.com)
Vulnerability In Windows 10 URI Handler Leads To Remote Code Execution | Malwarebytes Labs
Dark Mirai Botnet Targeting RCE On Popular TP-Link Router (Bleepingcomputer.Com)
Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites | Threatpost
Sector Specific
Financial Services Sector
US Bank Regulator Urges Vigilance As Ransomware Attacks On The Rise | Reuters
Israel Leads 10-Country Simulation Of Major Cyber Attack On World Markets | The Times Of Israel
Health/Medical/Pharma Sector
Retail
Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity | Threatpost
Hackers Infect Random WordPress Plugins To Steal Credit Cards (Bleepingcomputer.Com)
Transport and Aviation
Other News
Google, Microsoft: Internet Whac-a-Mole vs. Cyber Criminals - MSSP Alert
Are You Guilty of These 8 Network-Security Bad Practices? | Threatpost
1.6 Million WordPress Sites Under Cyber Attack From Over 16,000 IP Addresses (thehackernews.com)
Next-Gen Maldocs & How to Solve the Human Vulnerability | Threatpost
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.