Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Cyber Breaches Survey Finds Business Falling Short on Cyber, as Half Suffer Breach and Many Fail to Report

Half of UK businesses experienced a cyber breach last year, according to a survey by the UK Government. The figure could be much higher however, as the survey found only 34% report breaches externally.

It is said that a cyber incident is a matter of when, not if. Nonetheless, 78% of organisations lack a dedicated response plan outlining actions to be taken in the event of a cyber incident and only 11% review their immediate suppliers for risks. To improve cyber resilience, there needs to be a paradigm shift.

Sources: [Computer Weekly] [Computing] [Infosecurity Magazine] [Info Risk Today]

Cyber Attacks Cost Financial Firms $12bn Says IMF

A recent International Monetary Fund (IMF) report has highlighted significant financial losses in the financial services sector, totalling $12 billion over the last two decades due to cyber attacks, with losses accelerating post-pandemic. The number of incidents and the scale of extreme losses have sharply increased, prompting the IMF to urge enhanced cross-border cooperation to uphold the stability of the global financial system.

The report underscores the critical threat that cyber attacks pose to financial stability, particularly for banks in advanced economies which are more exposed to such risks. With major institutions like JP Morgan facing up to 45 billion cyber threats daily, the IMF emphasises the need for international collaboration to effectively manage and mitigate these risks.

Source: [Finextra]

The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realise

A critical security breach was narrowly avoided when a Microsoft developer detected suspicious activity in XZ Utils, an open-source library crucial to internet infrastructure. This discovery revealed that a new developer had implanted a sophisticated backdoor in the software, potentially giving unauthorised access to millions of servers worldwide. This incident has intensified scrutiny on the vulnerabilities of open-source software, which is largely maintained by unpaid or underfunded volunteers and serves as a backbone for the internet economy. The situation has prompted discussions among government officials and cyber security experts about enhancing the protection of open-source environments. This close call, described by some as a moment of "unreasonable luck," underscores the pressing need for sustainable support and rigorous security measures in the open-source community.

Source: [Inc.com]

UK Government Urged to Get on ‘Front Foot’ with Ransomware Instead of ‘Absorbing the Punches’

Amidst a rising tide of ransomware attacks affecting wide range of UK services, officials in Westminster are being pressured to enhance funding for operations aimed at disrupting ransomware gangs. The current strategy focuses on bolstering organisational cyber security and recovery preparedness, a stance under the second pillar of the UK's National Cyber Strategy known as resilience. However, this approach has not curbed the frequency of incidents, which have steadily increased over the past five years, impacting sectors including the NHS and local governments. In contrast to the proactive disruption efforts seen in the US, the UK has yet to allocate new funds for such measures, despite successful disruptions like the recent takedown of the LockBit gang by the US National Crime Agency, which underscored the potential benefits of increased resources for cyber crime disruption.

Source: [The Record Media]

74% of Employees Falling Victim to Phishing Attacks Hit with Disciplinary Actions

The Egress 'Email Threat Landscape 2024' report reveals a surge in phishing attacks, with 94% of companies falling victim to this type of crime in this past year alone, leading to increasingly complex cyber security challenges. According to the report, 96% of these companies suffered significant repercussions, including operational disruption and data breaches, with common attack vectors being malicious URLs, and malware or ransomware attachments.

The human cost is also notable, with 74 per cent of employees involved in attacks having faced disciplinary actions, dismissals, or voluntary departures, underscoring the severity of the issue and the heightened vigilance among companies in addressing the phishing threat. Financial losses primarily stem from customer churn, which accounts for nearly half of the total impact. Amidst rising attacks through compromised third-party accounts, Egress advocates for stronger monitoring and defence strategies to protect critical data and reduce organisational and individual hardships.

Source: [The Fintech Times]

Why Are Many Businesses Turning to Third-Party Security Partners?

In 2023, 71% of organisations reported being impacted by a cyber security skills shortage, leading many to scale back their cyber security initiatives amid escalating threats. To bridge the gap, businesses are increasingly turning to third-party security partnerships, reflecting a shift towards outsourcing crucial cyber security operations to handle complex challenges more efficiently. This approach is driven by the need to fill technical and resource gaps in the face of a severe workforce shortfall, with an estimated 600,000 unfilled security positions in the US alone. Moreover, these strategic partnerships allow organisations to leverage external expertise for scalable and effective security solutions, alleviating the burden of staying updated with the rapidly evolving threat landscape.

Source: [Help Net Security]

74% of Businesses with up to 500 Employees are Concerned About Cyber Security as Attacks Rise

According to a recent poll by the US Chamber of Commerce, 60% of small businesses expressed concerns about threats, with 58% concerned about a supply chain breakdown. The highest concern came from businesses with 20-500 employees (74%). Despite such concern, only 49% had trained staff on cyber security. When it came to the impact of a cyber event, 27% of respondents say they are one disaster or threat away from shutting down their business.

Sources: [Malwcv arebytes][Marketplace] [US Chamber]

LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call

LastPass recently reported a thwarted voice phishing attack targeting one of its employees using deepfake audio technology to impersonate CEO Karim Toubba. The attack, conducted via WhatsApp, was identified by the employee as suspicious due to the unusual communication channel and clear signs of social engineering, such as forced urgency. Despite the failure of this particular attempt, LastPass has shared the incident publicly to highlight the growing use of AI-generated deepfakes in executive impersonation schemes. This incident underscores a broader trend, as indicated by alerts from both the US Department of Health and Human Services and the FBI, pointing to an increase in sophisticated cyber attacks employing deepfake technology for fraud, social engineering, and potential influence operations.

Source: [Bleepingcomputer]

Most Cyber Criminal Threats are Concentrated in Just a Few Countries

Oxford researchers have developed the world's first cyber crime index to identify global hotspots of cyber criminal activity, ranking countries based on the prevalence and sophistication of cyber threats. The index reveals that a significant portion of cyber threats is concentrated in a few countries, with Russia and Ukraine positioned at the top, with the USA and the UK also ranking prominently. The results indicate that countries like China, Russia, Ukraine, the US, Romania, and Nigeria are among the top hubs for activities ranging from technical services to money laundering. This tool aims to refine the focus for cyber crime research and prevention efforts, although the study acknowledges the need for a broader and more representative sample of expert opinions to enhance the accuracy and applicability of the findings. The index underscores that while cyber crime may appear globally fluid, it has pronounced local concentrations.

Sources: [ThisisOxfordshire] [Phys Org]

Why Incident Response is the Best Cyber Security ROI

The Microsoft Incident Response Reference Guide predicts that most organisations will encounter one or more major security incidents where attackers gain administrative control over crucial IT systems and data. While complete prevention of cyber attacks may not be feasible, prompt and effective incident response is essential to mitigate damage and protect reputations. However, many organisations may not be adequately budgeting for incident response, and the recent UK Government report found that 78% of organisations do not have formalised incident response plans, risking prolonged recovery and increased costs. Cyber crime damages hit $23b in 2023, but the true costs of incidents includes non-financial damage such as reputational harm. If a cyber incident is a matter of when, not if, then a prepared incident response plan is the best cyber security ROI.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [CSO Online]

Ransomware Attacks are the Canaries in the Cyber Coal Mine

A recent report has found that ransomware attacks were up 110% compared to the prior month, stating that unreported attacks were up to 6 times higher. The report found that tactics are increasingly using data extortion, with 92% of attacks utilising this method.

Sources: [Silicon Republic] [The Hill]

Cyber Security is Crucial, but What is Risk and How do You Assess it?

Cyber security is an increasingly sophisticated game of cat and mouse, where the landscape is constantly shifting. Your cyber risk is the probability of negative impacts stemming from a cyber incident, but how do you assess risk?

One thing to understand is that there are a multitude of risks: risks from phishing, risks from insiders, risks from network attacks, risks of supply chain compromise, and of course, nation states. To understand risk, an organisation must first identify the information that it needs to protect, to avoid only learning of the information asset’s existence from a successful attacker. Once all assets are identified, then organisations should conduct risk assessments to identify threats and an evaluation the potential damage that can be done.

Sources: [Security Boulevard] [International Banker]

Governance, Risk and Compliance

• Cyber attacks cost financial firms $12bn says IMF (finextra.com)

• UK business falling short on cybersecurity warns government report (computing.co.uk)

• Half of UK Businesses Hit by Cyber Incident in Past Year - Infosecurity Magazine (infosecurity-magazine.com)

• 60% of small businesses are concerned about cyber security threats | Malwarebytes

• Cyber attacks on small businesses are on the rise - Marketplace

• What is cyber security risk & how to assess - Security Boulevard

• Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)

• Why Cyber Security Is More Crucial Today Than Ever Before (internationalbanker.com)

• Large cyber attack could cause 'cyber run' or market sell-offs, warns IMF - FStech Financial Sector Technology

• Why are many businesses turning to third-party security partners? - Help Net Security

• CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)

• Why incident response is the best cyber security ROI | CSO Online

• Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defence Program -  Security Week

• Privacy Versus Cyber – What is the Bigger Risk? | Jackson Lewis P.C. - JDSupra

• Large businesses struggle to tackle cyber threats (betanews.com)

• Resilience And Antifragility Are The Best Strategies For 2024 (forbes.com)

• The state of secrets security: 7 action items for better managing risk - Security Boulevard

• Board Oversight and Cyber Breach Response: What Involvement Strikes the Right Balance? | Alston & Bird - JDSupra

• Compliance & Cyber Security – Working and Worrying Together About the Intersection of People and Technology | NAVEX - JDSupra

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• Why cyberpsychology is such an important part of effective cyber security | CSO Online

• Cyber Security in the Evolving Threat Landscape (securityaffairs.com)

• How CISOs can make themselves ready to serve on the board | CSO Online

• CISOs Need A Data-Driven Approach To Offensive Security (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware surged 110pc last month, report claims (siliconrepublic.com)

• UK government urged to get on ‘forward foot’ with ransomware instead of ‘absorbing the punches’ (therecord.media)

• Ransomware attacks are the canaries in the cyber coal mine | The Hill

• Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch

• Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware (darkreading.com)

• Ransomware group maturity should influence ransom payment decision - Help Net Security

• Proactive and Reactive Ransomware Protection Strategies - Security Boulevard

• How can the energy sector bolster its resilience to ransomware attacks? - Help Net Security

• CL0P's Ransomware Rampage - Security Measures for 2024 (thehackernews.com)

• Should You Pay a Ransomware Attacker? - Security Boulevard

• LockBit struggles to maintain relevance amid rise of impersonators and new ransomware groups - SiliconANGLE

• DragonForce Ransomware - What You Need To Know | Tripwire

• LockBit copycat DarkVault spurs rebranding rumour | SC Media (scmagazine.com)

• Ransomware payouts hit all-time high, but that’s not the whole story (securityintelligence.com)

Ransomware Victims

• Vet chain CVS hit by cyber attack | Evening Standard

• Second ransomware gang says it’s extorting Change Healthcare • The Register

• Targus says it is facing major cyber attack, global operations hit | TechRadar

• Optics giant Hoya hit with $10 million ransomware demand (bleepingcomputer.com)

• Panera Bread week-long IT outage caused by ransomware attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing (thehackernews.com)

• 74% of Employees Falling Victim to Phishing Attacks Hit With Disciplinary Actions; Egress Reveals | The Fintech Times

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• How malicious email campaigns continue to slip through the cracks - Help Net Security

• TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)

• Cyber Criminals Invade Inboxes: What Small Businesses Can Do (pymnts.com)

• Phishing Detection and Response: What You Need to Know - Security Boulevard

Other Social Engineering

• Cyber Criminals Target Victims Using Social Engineering Techniques (ic3.gov)

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)

Artificial Intelligence

• UK Warned Of AI Misinformation Targeting 2024 Polls, Nation-State Hackers Raise Stakes - Microsoft (NASDAQ:MSFT) - Benzinga

• China is using generative AI to carry out influence operations (securityaffairs.com)

• What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru

• AI risks under the auditor's lens more than ever - Help Net Security

• Speed of AI development is outpacing risk assessment | Ars Technica

• AI and GDPR: How is AI being regulated? | TechTarget

• Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)

• LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)

• AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)

• How Artificial Intelligence Is Fuelling Incel Communities (yahoo.com)

2FA/MFA

• How Hackers Can Hijack 2FA Calls with Sneaky Call Forwarding (404media.co)

Malware

• Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing (thehackernews.com)

• From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware (thehackernews.com)

• Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)

• 1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Sophisticated Latrodectus Malware Linked to 2017 Strain (inforisktoday.com)

• Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)

• Famous YouTube Channels Hacked to Distribute Infostealers - Infosecurity Magazine (infosecurity-magazine.com)

• Bing ad posing as NordVPN aims to spread SecTopRAT malware | SC Media (scmagazine.com)

• ScrubCrypt used to drop VenomRAT along with many malicious plugins (securityaffairs.com)

• Hackers Use Malware to Hunt Software Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Unit 42: Malware-initiated scanning attacks on the rise | TechTarget

• RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)

• Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files (thehackernews.com)

• Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)

• TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)

Mobile

• Our phones are under threat more than ever — but many of us still don't have mobile security protection | TechRadar

• Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)

• The next wave of mobile threats - Help Net Security

Denial of Service/DoS/DDOS

• How Nation-State DDoS Attacks Impact Us All (darkreading.com)

• DDoS Protection Needs Detective and Preventive Controls (darkreading.com)

• French cities knocked offline by 'large-scale cyber attack' • The Register

Internet of Things – IoT

• Amazon Removes a Feature From Fire TVs Over Security Concerns | Cord Cutters News

• Over 90,000 LG Smart TVs may be exposed to remote attacks (bleepingcomputer.com)

• EV Charging Stations Still Riddled With Cyber Security Vulnerabilities (darkreading.com)

• UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO

• Hotel check-in terminal leaks rafts of guests' room codes • The Register

Data Breaches/Leaks

• Many of the world's biggest companies reported data breaches last year | TechRadar

• US Data Breach Reports Surge 90% Annually in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• 37% of publicly shared files expose personal information - Help Net Security

• Acuity confirms hackers stole non-sensitive govt data from GitHub repos (bleepingcomputer.com)

• Home Depot confirms third-party data breach exposed employee info (bleepingcomputer.com)

• AT&T now says data breach impacted 51 million customers (bleepingcomputer.com)

• DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)

• Taxi software vendor exposes personal details of nearly 300K • The Register

• Employee credentials leaked in Microsoft security lapse (techmonitor.ai)

Organised Crime & Criminal Actors

• Russia ranked biggest cyber crime threat to rest of the world | Tech News | Metro News

• Oxford research uncovers world cyber crime hotspots | thisisoxfordshire

• Cyber crooks poison GitHub search to fool developers | Computer Weekly

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Google sues crypto investment app makers over alleged massive "pig butchering" scam (bitdefender.com)

• Fugitive CEO at the center of 2022 crypto crash found liable for fraud | Cryptocurrencies | The Guardian

• Hackers deploy crypto drainers on thousands of WordPress sites (bleepingcomputer.com)

• RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)

Insider Risk and Insider Threats

• 74% of Employees Falling Victim to Phishing Attacks Hit With Disciplinary Actions; Egress Reveals | The Fintech Times

• Microsoft employees exposed internal passwords in security lapse | TechCrunch

• Insider Threats Surge Amid Growing Foreign Interference - Security Boulevard

Insurance

• US insurers using drones to deny home insurance policies • The Register

• Cyber Insurance: Sexy? No. Important? Critically yes. - Security Boulevard

Supply Chain and Third Parties

• Why a near-miss cyber attack put US officials and the tech industry on edge - The Japan Times

• DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)

• Combatting Supply Chain Cyber Threats: Safeguarding Data and Protecting Digital Supply Chains | Foley & Lardner LLP - JDSupra

Encryption

• How cryptographers finally cracked one of the Zodiac Killer’s hardest codes | Popular Science (popsci.com)

Linux and Open Source

• The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realize | Inc.com

• Supply chain attack sends shockwaves through open-source community | CyberScoop

• German state ditches Microsoft for Linux and LibreOffice | ZDNET

• Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch

• Who’s the bigger cyber security risk – Microsoft or open source? (reason.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Reusing passwords: The hidden cost of convenience (bleepingcomputer.com)

• Microsoft employees exposed internal passwords in security lapse | TechCrunch

• CISA says Sisense hack impacts critical infrastructure orgs (bleepingcomputer.com)

Social Media

• A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED

• 1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Famous YouTube Channels Hacked to Distribute Infostealers - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)

• Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch

• Understanding CISA’s New Draft Rules for Cyber Attack Reporting | Morgan Lewis - Tech & Sourcing - JDSupra

• Spy Law Needs Fixing Now to Stop Overreach—Not a Backdoor Boost (bloomberglaw.com)

• AI and GDPR: How is AI being regulated? | TechTarget

• CISA: 300,000+ Small Entities Covered By Proposed Cyber Reporting Regs | MSSP Alert

• CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)

Models, Frameworks and Standards

• HIPAA Fundamentals for Providers | Tucker Arensberg, P.C. - JDSupra

• Process and Control Today | NIS2 – cyber security directive from the EU. Get ready! (pandct.com)

• DORA Compliance Checklist | UpGuard

Backup and Recovery

• Seven ways to be sure you can restore from backup | Computer Weekly

Data Protection

• 37% of publicly shared files expose personal information - Help Net Security

Careers, Working in Cyber and Information Security

• Want to make cyber security much stronger? Become a mentor | CSO Online

Law Enforcement Action and Take Downs

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

Misinformation, Disinformation and Propaganda

• UK Warned Of AI Misinformation Targeting 2024 Polls, Nation-State Hackers Raise Stakes - Microsoft (NASDAQ:MSFT) - Benzinga

• State-backed cyber attacks, AI deepfakes: Top UK election cyber risks (cnbc.com)

• China is using generative AI to carry out influence operations (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

• How Nation-State DDoS Attacks Impact Us All (darkreading.com)

• Foreign Interference Drives Record Surge in IP Theft - Infosecurity Magazine (infosecurity-magazine.com)

China

• A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED

• Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• China is using generative AI to carry out influence operations (securityaffairs.com)

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• How China is Hacking America (newsweek.com)

• UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO

• China flooding Britain with fake stamps in act of 'economic warfare' (telegraph.co.uk)

Russia

• Germany to launch cyber military branch to combat Russian threats (therecord.media)

• US says Russian hackers stole federal government emails during Microsoft cyber attack | TechCrunch

• Macron: Russia will target Paris Olympics (insidethegames.biz)

• Cyber attack on TV channel BabyTV: Toddlers suddenly exposed to Russian propaganda | NL Times

• Czechia explains how Russia is trying to arrange sabotage on European railways | European Pravda (eurointegration.com.ua)

• Cyber security in 2023: Estonia's year of advanced threats (e-estonia.com)

• Oxford research uncovers world cyber crime hotspots | thisisoxfordshire

• Most cyber criminal threats are concentrated in just a few countries, new index shows (phys.org)

• Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Top Israeli spy chief exposes his true identity in online security lapse | Israel | The Guardian

• Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)

• Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (thehackernews.com)

• Apple mercenary spyware attack: Exclusive: Apple warns users of "mercenary spyware" attack; India, 91 other countries impacted - The Economic Times (indiatimes.com)

• Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)

Vulnerability Management

• Zero-Day Attacks on the Rise: Google Reports 50% Increase in 2023 - Security Boulevard

• How exposure management elevates cyber resilience - Help Net Security

• Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits -  Security Week

• Hackers Use Malware to Hunt Software Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Unit 42: Malware-initiated scanning attacks on the rise | TechTarget

Vulnerabilities

• Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (thehackernews.com)

• Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products -  Security Week

• Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• SAP's April 2024 Updates Patch High-Severity Vulnerabilities -  Security Week

• Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers -  Security Week

• Two new bugs can bypass detection and steal SharePoint data | SC Media (scmagazine.com)

• New SharePoint flaws help hackers evade detection when stealing files (bleepingcomputer.com)

• Hackers Claiming of Working Windows 0-Day LPE Exploit (cybersecuritynews.com)

• Microsoft fixes five security vulnerabilities in Edge 123 - Neowin

• Cisco Warns of Vulnerability in Discontinued Small Business Routers -  Security Week

• Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)

• +16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 (securityaffairs.com)

• Over 92,000 exposed D-Link NAS devices have a backdoor account (bleepingcomputer.com)

• Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits -  Security Week

• Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (thehackernews.com)

• Intel and Lenovo servers impacted by 6-year-old BMC flaw (bleepingcomputer.com)

• Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)

• Fortinet Patches Critical RCE Vulnerability in FortiClientLinux -  Security Week

• Researchers Resurrect Spectre v2 Attack Against Intel CPUs -  Security Week

• AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)

• Severe Vulnerabilities Discovered in Software to Protect Internet Routing (prleap.com)

Tools and Controls

• Seven ways to be sure you can restore from backup | Computer Weekly

• Why incident response is the best cyber security ROI | CSO Online

• Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defence Program -  Security Week

• Improving Dark Web Investigations with Threat Intelligence | Recorded Future

• What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru

• What is cyber security risk & how to assess - Security Boulevard

• Your Guide to Threat Detection and Response - Security Boulevard

• Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)

• How exposure management elevates cyber resilience - Help Net Security

• Phishing Detection and Response: What You Need to Know - Security Boulevard

• The state of secrets security: 7 action items for better managing risk - Security Boulevard

• How Red Team Exercises Increases Your Cyber Health | Trend Micro (US)

• How Google’s 90-day TLS certificate validity proposal will affect enterprises - Help Net Security

Reports Published in the Last Week

• Cyber security breaches survey 2024 - GOV.UK (www.gov.uk)

Other News

• Third of charities experienced a cyber breach last year, government reports (civilsociety.co.uk)

• Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (thehackernews.com)

• OODA Loop - The Water Sector Is Being Threatened.  That Should Worry Everyone

• Anticipated Cyber Threats During the 2024 Olympics & How to Proactively Secure Your Business - Security Boulevard

• France Bracing for Cyber Attacks During Summer Olympics - The New York Times (nytimes.com)

• Risk & Repeat: Cyber Safety Review Board takes Microsoft to task | TechTarget

• The Baltimore Bridge Collapse Is a Warning | Proceedings - April 2024 Vol. 150/4/1,454 (usni.org)

• Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)

• Scandal and cyber security in Westminster | Crooked Media

• Financial sector cyber security at the helm of investor protection | Mint (livemint.com)

• US Health Dept warns hospitals of hackers targeting IT help desks (bleepingcomputer.com)

• Only 1% Singapore companies are “mature” in cyber threat readiness but 99% plan to increase their cyber security budget in the next 12 months - Singapore News (theindependent.sg)

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• Software-Defined Vehicle Fleets Face a Twisty Road on Cyber Security (darkreading.com)

• Independent Pharmacies Must Prioritize Cyber Security (drugtopics.com)

• Devious 'man in the middle' hacks on the rise: How to stay safe | PCWorld

• Top 10 Attacker Techniques: What do They Mean for MSSPs? | MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report"

CyberEdge Group, a leading research and marketing firm serving the cyber security industry’s top vendors, announced the launch of its ninth annual Cyberthreat Defense Report (CDR). The award-winning CDR is the standard for assessing organisations’ security posture, gauging perceptions of information technology (IT) security professionals, and ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions.

A record 71% of organisations were impacted by successful ransomware attacks last year, according to the 2022 CDR, up from 55% in 2017. Of those that were victimised, nearly two-thirds (63%) paid the requested ransom, up from 39% in 2017.

https://www.darkreading.com/attacks-breaches/nearly-two-thirds-of-ransomware-victims-paid-ransoms-last-year-finds-2022-cyberthreat-defense-report-

• New Android Banking Malware Remotely Takes Control of Your Device

A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud.

Octo is an evolved Android malware based on ExoCompact, a malware variant based on the Exo trojan that quit the cyber crime space and had its source code leaked in 2018.

The new variant has been discovered by researchers at ThreatFabric, who observed several users looking to purchase it on darknet forums.

https://www.bleepingcomputer.com/news/security/new-android-banking-malware-remotely-takes-control-of-your-device/

• Network Intrusion Detections Skyrocketing

A WatchGuard report shows a record number of evasive network malware detections with advanced threats increasing by 33%, indicating a higher level of zero day threats than ever before.

Researchers detected malware threats in EMEA at a much higher rate than other regions of the world in Q4 2021, with malware detections per Firebox at 49%, compared to Americas at 23% and APAC at 29%. The trajectory of network intrusion detections also continued its upward climb with the largest total detections of any quarter in the last three years and a 39% increase quarter over quarter.

Researchers suggest that this may be due to the continued targeting of old vulnerabilities as well as the growth in organisations’ networks. As new devices come online and old vulnerabilities remain unpatched, network security is becoming more complex.

https://www.helpnetsecurity.com/2022/04/08/network-malware-detections/

• Organisations Underestimating the Seriousness of Insider Threats

Imperva releases data that shows organisations are failing to address the issue of insider threats during a time when the risk is at its greatest.

New research, conducted by Forrester, found that 59% of incidents in EMEA organisations that negatively impacted sensitive data in the last 12 months were caused by insider threats, and yet 59% do not prioritise insider threats the way they prioritise external threats. Despite the fact that insider events occur more often than external ones, they receive lower levels of investment.

This approach is at odds with today’s threat landscape where the risk of malicious insiders has never been higher. The rapid shift to remote working means many employees are now outside the typical security controls that organisations employ, making it harder to detect and prevent insider threats.

Further, the Great Resignation is creating an environment where there is a higher risk of employees stealing data. This data could be stolen intentionally by people looking to help themselves in future employment, because they are disgruntled and want revenge, or it could be taken unintentionally when a careless employee leaves the business with important information.

https://www.helpnetsecurity.com/2022/04/08/organizations-insider-threats-issue/

• Watch Out for Phishing Emails from Genuine Mailing Lists, Following Mailchimp Hack

A Mailchimp hack means that you’ll want to be even more vigilant than usual about phishing emails. Attackers have taken a clever approach to making their emails appear genuine …

When you subscribe to an email list, there’s a decent chance that the emails you received are actually sent by a company called Mailchimp, rather than directly by the company itself. Mailchimp offers companies a range of tools that make it easy to manage email databases, and send marketing emails and newsletters.

Hackers managed to gain access to more than 100 Mailchimp customer accounts, giving them the ability to send emails that would appear to have come from any one of those businesses.

Users will need to be more vigilant when receiving emails and avoid clicking on links in emails, even if they appear genuine.

https://9to5mac.com/2022/04/05/mailchimp-hack-phishing-alert/

• SpringShell Attacks Target About One in Six Vulnerable Orgs

Roughly one out of six organisations worldwide that are impacted by the Spring4Shell zero-day vulnerability have already been targeted by threat actors, according to statistics from one cyber security company.

The exploitation attempts took place in the first four days since the disclosure of the severe remote code execution (RCE) flaw, tracked as CVE-2022-22965, and the associated exploit code.

According to Check Point, who compiled the report based on their telemetry data, 37,000 Spring4Shell attacks were detected over the past weekend alone.

https://www.bleepingcomputer.com/news/security/springshell-attacks-target-about-one-in-six-vulnerable-orgs/

• New Threat Group Underscores Mounting Concerns Over Russian Cyber Threats

Crowdstrike says Ember Bear is likely responsible for the wiper attack against Ukrainian networks and that future Russian cyber attacks might target the West.

As fears mount over the prospects of a “cyberwar” initiated by the Russian government, the number of identified Russian threat actors also continues to climb. Last week CrowdStrike publicly revealed a Russia-nexus state-sponsored actor that it tracks as Ember Bear.

CrowdStrike says that Ember Bear (also known as UAC-0056, Lorec53, Lorec Bear, Bleeding Bear, Saint Bear) is likely an intelligence-gathering adversary group that has operated against government and military organisations in eastern Europe since early 2021. The group seems “motivated to weaponize the access and data obtained during their intrusions to support information operations (IO) aimed at creating public mistrust in targeted institutions and degrading government ability to counter Russian cyber operations,” according to CrowdStrike intelligence.

Despite its state-sponsored Russia nexus, Ember Bear differs from its better-known kin such as Fancy Bear or Voodoo Bear because CrowdStrike can’t tie it to a specific Russian organisation. Its target profile, assessed intent, and technical tactics, techniques, and procedures (TTPs) are consistent with other Russian GRU cyber operations.

https://www.csoonline.com/article/3655976/new-threat-group-underscores-mounting-concerns-over-russian-cyber-threats.html

• Consumer Fraud Tripled in The Last Two Years

Reported cases of consumer fraud more than tripled in the years 2020-2021 from prior years, finds a new report by Accenture, presenting a growing challenge for public safety agencies to find new strategies to counter the trend.

The report compiled data from eight developed nations (Australia, Canada, France, Germany, Italy, Singapore, the United Kingdom, and the United States) on consumer fraud, defined as any fraud directly targeting citizens and excluding fraud targeting government agencies and companies. Reports of such fraud increased at an estimated 6.8% rate annually during 2013-2019 and then increased to a 22.5% annual growth rate yearly during 2020-2021 in parallel with the large shift of workers and consumers to digital channels and greater use of technology during the pandemic.

https://www.helpnetsecurity.com/2022/04/08/consumer-fraud-tripled/

• Borat RAT: Multiple Threat of Ransomware, DDoS and Spyware

A new remote access trojan (RAT) dubbed "Borat" doesn't come with many laughs but offers bad actors a menu of cyberthreats to choose from.

RATs are typically used by cyber criminals to get full control of a victim's system, enabling them to access files and network resources and manipulate the mouse and keyboard. Borat does all this and also delivers features to enable hackers to run ransomware, distributed denial of service attacks (DDoS) and other online assaults and to install spyware, according to researchers at cyber security biz Cyble.

"The Borat RAT provides a dashboard to Threat Actors (TAs) to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim's machine," the researchers wrote in a blog post, noting the malware is being made available for sale to hackers.

Borat – named after the character made famous by actor Sacha Baron Cohen in two comedy films – comes with the standard requisite of RAT features in a package that includes such functions as builder binary, server certificate and supporting modules.

https://www.theregister.com/2022/04/04/borat-rat-ransomware-ddos/

• Bank Had No Firewall License, Intrusion or Phishing Protection – Guess the Rest

An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees.

The unfortunate institution is called the Andra Pradesh Mahesh Co-Operative Urban Bank. Its 45 branches and just under $400 million of deposits make it one of India's smaller banks.

It certainly thinks small about security – at least according to Hyderabad City Police, which last week detailed an attack on the Bank that started with over 200 phishing emails being sent across three days in November 2021. At least one of those mails succeeded in fooling staff, resulting in the installation of a Remote Access Trojan (RAT).

Another technology the bank had chosen not to adopt was virtual LANs, so once the RAT went to work the attackers gained entry to the Bank's systems and were able to roam widely – even in its core banking application

https://www.theregister.com/2022/04/05/mahesh_bank_no_firewall_attack/

• Global APT Groups Use Ukraine War for Phishing Lures

Security researchers have detected multiple APT campaigns leveraging Ukraine war-themed documents and news sources to lure victims into clicking on spear-phishing links.

Check Point Research said victim locations ranged from South America to the Middle East, with malware downloads designed to perform keylogging and screenshotting and execute commands.

The threat groups in question include El Machete, which is targeting the financial and government sectors in Nicaragua and Venezuela with malicious macro-laden Word documents containing articles on the war.

One of the docs was an article written by the Russian ambassador to Nicaragua titled: “Dark plans of the neo-Nazi regime in Ukraine.”

Another is Lyceum, an Iranian state-linked group targeting the energy sector with emails about war crimes in Ukraine that link to a malicious document hosted elsewhere. Its victims so far have been in Israel and Saudi Arabia, according to Check Point.

One email contained a link to an article from The Guardian hosted on the news-spot[.]live domain, alongside several malicious docs about the war.

https://www.infosecurity-magazine.com/news/global-apt-ukraine-war-phishing/

• Paying Ransom Doesn’t Guarantee Data Recovery

OwnBackup announced the findings of a global survey conducted by Enterprise Strategy Group (ESG) that reveals a staggering 79% of respondent organisations have been targeted by ransomware within the past 12 months. Of those organisations, nearly three quarters said the attack was successful, meaning that it disrupted business operations.

Other key findings

·       Of the respondents that said their organisation paid a cyber ransom to regain access to data, applications, and/or systems after an attack, only 14% were able to recover all of their data.

·       87% of respondents who made ransom payments said that they experienced additional extortion attempts beyond the initial ransomware demand.

·       31% of respondent organisations targeted by ransomware indicated that application user and permission misconfigurations were the initial point of compromise.

·       87% of respondents are very or somewhat concerned about their backups being infected by ransomware attacks.

https://www.helpnetsecurity.com/2022/04/07/organizations-targeted-by-ransomware/

Threats

Ransomware

• March Ransomware Attacks Strike Finance, Government Targets (techtarget.com)

• Why Paying The Ransom Isn’t The Answer For Ransomware Victims - Information Security Buzz

• Companies Are More Prepared to Pay Ransoms Than Ever Before (tripwire.com)

• Conti Ransomware Deployed in IcedID Banking Trojan Attack (techtarget.com)

• Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (thehackernews.com)

• Notorious Hacking Group FIN7 Adds Ransomware to Its Repertoire - CyberScoop

• BlackCat Purveyor Shows Ransomware Operators Have 9 Lives (darkreading.com)

• FIN7 Hackers Evolve Toolset, Work with Multiple Ransomware Gangs (bleepingcomputer.com)

• LockBit Ransomware Attack Costs CRM Services Provider Over $42 Million - MSSP Alert

• Snap-on Discloses Data Breach Claimed by Conti Ransomware Gang (bleepingcomputer.com)

Phishing & Email Based Attacks

• Phishing Hook: Are you on the line? Cyber Security Experts Explain How the Criminals Lure You In. (winknews.com)

Other Social Engineering

• Hackers Employ Voicemail Phishing Attacks On WhatsApp Users | TechRepublic

Malware

• Borat RAT Malware: A 'Unique' Triple Threat That Is Far from Funny | ZDNet

• Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware (thehackernews.com)

• Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums (thehackernews.com)

• Malicious Web Redirect Service Infects 16,500 Sites to Push Malware (bleepingcomputer.com)

• Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems (thehackernews.com)

Mobile

• 44 Vulnerabilities Patched in Android With April 2022 Security Updates | SecurityWeek.Com

• Fake Versions of Real Smartphone Apps Are Being Used To Spread Malware. Here's How to Stay Safe | ZDNet

• Samsung Security Flaw Left Phones Exposed for Years (androidpolice.com)

• Six 'Antivirus' Apps Were Caught Spreading Malware That Steals Banking Info — Here Are the Culprits | Laptop Mag

• SharkBot Android Malware Continues Popping Up on Google Play | SecurityWeek.Com

• Android Apps With 45 Million Installs Used Data Harvesting SDK (bleepingcomputer.com)

• New Android Spyware Uses Turla-Linked Infrastructure | SecurityWeek.Com

Organised Crime & Criminal Actors

• Cyber Criminals Taking Advantage of The Ukraine Crisis To Create Charity Donation Scams - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking

• Crypto 2022: Hackers Have Nabbed $1.22 Billion Already (yahoo.com)

• Malicious Crypto Miners Can Make A Profit In A Few Hours - Help Net Security

• Malicious Actors Targeting the Cloud For Cryptocurrency-Mining Activities - Help Net Security

• Cryptocurrency-Mining AWS Lambda-Specific Malware Spotted • The Register

• MailChimp Breached, Intruders Conducted Phishing Attacks Against Crypto Customers - Security Affairs

• Turkey Seeks 40,000-Year Sentences for Alleged Cryptocurrency Exit Scammers | ZDNet

Insider Risk and Insider Threats

• New Insider Threat: Bad Business Decisions That Put IP At Risk | CSO Online

Fraud, Scams & Financial Crime

• Traditional Identity Fraud Losses Soar, Totalling $52 Billion in 2021 - Help Net Security

• Online Fraud Up 233% - Infosecurity Magazine

• Internal Auditors Stepping Up to Become Strategic Advisors In The Fight Against Fraud - Help Net Security

• South African and US Officers Swoop on Fraud Gang - Infosecurity Magazine

Insurance

• 18% Of the Top 99 Insurance Carriers Have A High Susceptibility To Ransomware - Help Net Security

Supply Chain

• The Blurring Line, and Growing Risk, Between Physical and Digital Supply Chains (darkreading.com)

Cloud

• The Importance of Understanding Cloud Native Security Risks - Help Net Security

• 15 Cyber Security Measures for the Cloud Era - Security Affairs

Privacy

• How You’re Still Being Tracked on the Internet - The New York Times (nytimes.com)

• Using Google's Chrome Browser? This New Feature Will Help You Fix Your Security Settings | ZDNet

Passwords & Credential Stuffing

• Attack on Ukraine Telecoms Provider Caused by Compromised Employee Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks (thehackernews.com)

Travel

• Hotels In Hackers’ Sights as Technology Replaces Personal Touch | Financial Times (ft.com)

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Hackers Use Conti's Leaked Ransomware to Attack Russian Companies (bleepingcomputer.com)

• Hacking Group Claim It Has Leaked More Than 900,000 Emails from Russian State Media | The Independent

• What Is the Risk Of Retaliation For Taking A Corporate Stance on Russia? | CSO Online

• Anonymous and the IT ARMY of Ukraine Continue to Target Russian Entities - Security Affairs

Nation State Actors

Nation State Actors – Russia

• The Russian Cyber Attack Threat Might Force a New IT Stance | Computerworld

• FBI Operation Aims to Take Down Massive Russian GRU Botnet | TechCrunch

• Microsoft Sinkholes Russian Hacking Group's Domains Targeting Ukraine (darkreading.com)

• FBI Disrupts Russian Military Hackers, Preventing Botnet Amid Ukraine War | Fox News

• Russia (still) Trying To Weaponize Facebook Amid Ukraine War • The Register

Nation State Actors – China

• Symantec: Chinese APT Group Targeting Global MSPs | SecurityWeek.Com

• Chinese Hackers Are Using VLC Media Player to Launch Malware Attacks (androidpolice.com)

• Hacked: Inside the US-China Cyberwar | Cybersecurity | Al Jazeera

• China Uses AI Software to Improve Its Surveillance Capabilities | Reuters

Nation State Actors – Misc

• Israeli Officials Are Being Catfished by APT-C-23 Hackers | ZDNet

Vulnerabilities

• CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability (thehackernews.com)

• Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug (bleepingcomputer.com)

• A Vulnerability in Zyxel Firewall Could Allow for Authentication Bypass (cisecurity.org)

• Citrix Releases Security Updates for Hypervisor | CISA

• Spring4Shell Patching Is Going Slow but Risk Not Comparable To Log4Shell | CSO Online

• VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products (thehackernews.com)

• Apple Leaves Big Sur, Catalina Exposed to Critical Flaws: Intego | SecurityWeek.Com

• A Mirai-Based Botnet Is Exploiting the Spring4Shell Vulnerability - Security Affairs

• Steady Rise in Severe Web Vulnerabilities - Help Net Security

• ACF WordPress Plugin Vulnerability Affects Up To +2 Million Sites (searchenginejournal.com)

• Zero Days Are for Life, Not Just For Christmas. Here’s How to Deal With Them • The Register

Sector Specific

Financial Services Sector

• March Ransomware Attacks Strike Finance, Government Targets (techtarget.com)

FinTech

• Server-Side-Request-Forgery Enabled Administrative Account Takeover on FinTech Platform - IT Security Guru

Health/Medical/Pharma Sector

• 49% of Small Medical Practices Lack a Cyber Attack Response Plan - Help Net Security

Manufacturing

• A Cyber Attack Forced The Wind Turbine Manufacturer Nordex Group To Shut Down Some of IT Systems - Security Affairs

CNI, OT, ICS, IIoT and SCADA

• Europe Warned About Cyber Threat to Industrial Infrastructure | SecurityWeek.Com

• BlackCat Ransomware Targets Industrial Companies | SecurityWeek.Com

Energy & Utilities

• Spanish Energy Giant Hit by Data Breach - IT Security Guru

Reports Published in the Last Week

• Cyberthreat Defense Report 2021 - CyberEdge Group (cyber-edge.com)

Other News

• Okta CEO Says Lapsus$ Hack is 'Big Deal,' Aims to Restore Trust (yahoo.com)

• 86% of Developers Don't Prioritise Application Security - Help Net Security

• Digital Transformation Requires Security Intelligence - Help Net Security

• Government Officials: AI Threat Detection Still Needs Humans (techtarget.com)

• The Original APT: Advanced Persistent Teenagers – Krebs on Security

• Scan This: There's Danger in QR Codes (darkreading.com)

• How Many Steps Does It Take for Attackers To Compromise Critical Assets? - Help Net Security

• Cyber Talent Shortage Remains A Top Problem For Sec Pros – CEO Perspective - Information Security Buzz

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Guernsey Cyber Security Warning for Islanders and Businesses

There has been a rise in cyber-attacks since the war in Ukraine began, according to the States of Guernsey and a cyber-security firm.

The States said: "We have seen a noticeable increase in the number of phishing emails since the war began."

The Channel Islands see more than 10 million cyber attacks every month, according to research by Guernsey firm Black Arrow Cyber Consulting.

It encouraged vigilance, as the islands are not immune to these attacks.

A States spokesman said: "The whole community needs to remain vigilant against such emails, which are designed to appear to be from reputable sources in order to dupe people into providing personal information or access to their device via the clicking of a link."

Bruce McDougall, from Black Arrow Cyber Consulting, said: "Criminals don't let a good opportunity go to waste. So they're conducting scams encouraging people to make false payments in the belief they're collecting for charities."

https://www.bbc.co.uk/news/world-europe-guernsey-60763398

CISOs Face 'Perfect Storm' Of Ransomware and State-Supported Cyber Crime

As some nations turn a blind eye, defence becomes life-or-death matter

With ransomware gangs raiding network after network, and nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.

"There's this marriage right now of financially motivated cyber crime that can have a critical infrastructure and economic impact," Curry said during a CISO roundtable hosted by his endpoint security shop. "And there are some nation states that do what we call state-ignored sanctioning," he continued, using Russia-based REvil and Conti ransomware groups as examples of criminal operations that benefit from their home governments looking the other way. 

"You get the umbrella of sovereignty, and you get the free license to be a privateer in essence," Curry said. "It's not just an economic threat. It's not just a geopolitical threat. It's a perfect storm."

It's probably not a huge surprise to anyone that destructive cyber attacks keep CISOs awake at night. But as chief information security officers across industries — in addition to Curry, the four others on the roundtable spanned retail, biopharmaceuticals, electronics manufacturing, and a cruise line — have watched threats evolve and criminal gangs mature, it becomes a battle to see who can innovate faster; the attackers or the defenders.

https://www.theregister.com/2022/03/18/ciso_security_storm/

Four Key Risks Exacerbated by Russia’s Invasion of Ukraine

Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.

“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.

“As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”

There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues: Talent Risk, Cyber Security Risk, Financial Risk and Supply Chain Risk

https://www.helpnetsecurity.com/2022/03/17/erm-leaders-risk/

These Four Types of Ransomware Make Up Nearly Three-Quarters of Reported Incidents

Any ransomware is a cyber security issue, but some strains are having more of an impact than others.

Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.

According to analysis by cyber security company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice. 

Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare Executive. The group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each.

"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.

https://www.zdnet.com/article/these-four-types-of-ransomware-make-up-nearly-three-quarters-of-reported-incidents/

Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'

The cyber crime underground has fractured into pro-Ukraine and pro-Russia camps, with the latter increasingly focused on critical national infrastructure (CNI) targets in the West, according to a new report from Accenture.

The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm warned that the ideological schism could spell mounting risk for Western organisations as pro-Kremlin criminal groups adopt quasi-hacktivist tactics to choose their next victims.

Organisations in the government, media, finance, insurance, utilities and resources sectors should be braced for more attacks, said ACTI.

https://www.infosecurity-magazine.com/news/critical-infrastructure-threat/

Cyber Insurance War Exclusions Loom Amid Ukraine Crisis

An expanding threat landscape is testing the limits of cyber insurance coverage.

The industry experienced a rapid maturation over the past three years as enterprises required a broader umbrella of insurance coverage to combat increasing cyber risks. While demands and premiums continue to rise, one recent area of contention involves war and hostile acts, an exclusion that's becoming harder to categorize.

A judgment in December, coupled with the Russian invasion last month that posed potential cyber retaliations to Ukraine allies, highlighted shortcomings in insurance policies when it comes to cyber conflicts.

https://www.techtarget.com/searchsecurity/news/252514592/Cyber-insurance-war-exclusions-loom-amid-Ukraine-crisis

Zelenskyy Deepfake Crude, But Still Might Be a Harbinger of Dangers Ahead

Several deepfake video experts called a doctored video of Ukrainian President Volodymyr Zelenskyy that went viral this week before social media platforms removed it a poorly executed example of the form, but nonetheless damaging.

Elements of the Zelenskyy deepfake — which purported to show him calling for surrender — made it easy to debunk, they said. But that won’t always be the case.

https://www.cyberscoop.com/zelenskyy-deepfake-troubles-experts/

Cyber Crooks’ Political In-Fighting Threatens the West

They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.

A rift has formed in the cyber crime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware.

According to a report, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along ideological factions.”

“Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine,” wrote researchers from Accenture’s Cyber Threat Intelligence (ACTI). “However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering.”

What might otherwise seem like a good thing – bad guys fighting bad guys – may in fact pose an increased threat to the West.

https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/

Cloud-Based Email Threats Surge 50% in 2021

There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro.

The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence.

It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020.

The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed.

https://www.infosecurity-magazine.com/news/cloudbased-email-threats-surge-2021/

Millions of New Mobile Malware Strains Blitzed Enterprise in 2021

Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.

Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/millions-of-new-mobile-malware-strains-blitzed-enterprises-in-2021/

UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit

Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.

The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018.

The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.

https://www.theregister.com/2022/03/15/brit_solicitor_fined_for_failing/

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found.

The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.

Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack.

The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as ADFind, NetScan, SoftPerfect, and LaZagne. Also employed is an AccountRestore executable to brute-force administrator credentials and a forked version of a reverse tunneling tool called Ligolo.

https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html

The Massive Impact of Vulnerabilities in Critical Infrastructure

Recent cyber events have shown how extremely vulnerable critical infrastructure is. What are the biggest security concerns?

In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is that there will be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict.

Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyber attacks. Though businesses are ramping up their security initiatives and investments to defend and protect, their efforts have largely been siloed, reactive, and lack business context. Lack of visibility of risk across the estate is a huge problem for this sector.

https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/

Threats

Ransomware

• Nearly 34 Ransomware Variants Observed in Hundreds of Cyber Attacks in Q4 2021 (thehackernews.com)

• Franchises, Partnerships Emerge in Ransomware-as-a-Service Operations | ZDNet

• Dozens of Ransomware Variants Used In 722 Attacks Over 3 Months (bleepingcomputer.com)

• Conti Leak: A Ransomware Gang's Chats Expose Its Crypto Plans | WIRED

• 6 Reasons Not to Pay Ransomware Attackers (darkreading.com)

• Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops | Threatpost

• SEC Filings Show Hidden Ransomware Costs And Losses | CSO Online

• Exotic Lily Sells Ransomware Groups Access To Targets • The Register

• New "Initial Access Broker" Working with Conti gang - IT Security Guru

• Google Exposes Tactics Of A Conti Ransomware Access Broker (bleepingcomputer.com)

• Avoslocker Ransomware Gang Targets US Critical Infrastructure - Security Affairs

• How Prepared Are Organisations To Face A Ransomware Attack On Kubernetes? - Help Net Security

• Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware (thehackernews.com)

• The Lapsus$ Hacking Group Is Off to a Chaotic Start | WIRED

• Bridgestone Cyber Attack Timeline and Ransomware Recovery Details - MSSP Alert

• Automotive Giant Denso Confirms Hack, Pandora Ransomware Group Takes Credit | ZDNet

Phishing & Email

• Massive Phishing Campaign Uses 500+ Domains To Steal Credentials (bleepingcomputer.com)

• How CAPTCHA Puzzles Cloak Phishing Page URLs In Emails • The Register

• Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks (darkreading.com)

• 76,000 Scams Taken Down Through Email Reporting - IT Security Guru

• Phony Instagram ‘Support Staff’ Emails Hit Insurance Company | Threatpost

• NCSC Catches 10 Million Phishes (computerweekly.com)

• This Browser-In-The-Browser Attack Is Perfect For Phishing • The Register

Malware

• New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw (thehackernews.com)

• Attacker Uses Websites' Contact Forms To Spread BazarLoader Malware | TechRepublic

• Gh0stCringe RAT Targeting Database Servers in Recent Attacks | SecurityWeek.Com

• Cyclops Blink Malware Sets Up Shop in ASUS Routers • The Register

• DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (thehackernews.com)

• Linux Botnet Exploits Log4j Flaw To Hijack Arm, x86 Systems • The Register

• New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel (360.com)

• Russian Cyclops Blink Botnet Launches Assault Against Asus Routers | ZDNet

• Uncovering Trickbot’s Use of IoT Devices In Command-And-Control Infrastructure - Microsoft Security Blog

• TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control (thehackernews.com)

Mobile

• Mobile Threats Skyrocket (darkreading.com)

• 2021 Mobile Security: Android More Vulnerabilities, iOS More Zero-Days (bleepingcomputer.com)

• Mobile Devices See 466% Annual Increase in Zero-Day Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• 'Escobar' Android malware steals your 2FA codes — and takes over your phone | Tom's Guide (tomsguide.com)

• Thousands of Secret Keys Found in Leaked Samsung Source Code | SecurityWeek.Com

• Scammers Have 2 Clever New Ways To Install Malicious Apps on iOS Devices | Ars Technica

• Threat Intel Report: Who Is Behind Staggering 190GB Samsung Galaxy Hack? (forbes.com)

• Android Trojan Persists On The Google Play Store Since January (bleepingcomputer.com)

• Mobile App Data Found Exposing API’s & Data In 1,000’s Of Cloud Databases - Information Security Buzz

IoT

• Smart Devices Spy On You – 2 Computer Scientists Explain How The Internet Of Things Can Violate Your Privacy (theconversation.com)

Organised Crime & Criminal Actors

• Who's Who In The Cyber Criminal Underground | CSO Online

• Financially Motivated Threat Actors Willing To Go After Russian Targets - Help Net Security

• A Third of Malicious Logins Originate in Nigeria - Infosecurity Magazine

• Phishers Exploit Ukraine Conflict To Solicit Crypto - IT Security Guru

Insider Risk and Insider Threats

• MITRE and Partners Build Insider Threat Knowledge Base | CSO Online

Fraud, Scams & Financial Crime

• UK Shoppers Face More Identity Checks When Buying Online | Consumer affairs | The Guardian

Supply Chain

• Container Vulnerability Opens Door For Supply Chain Attacks (techtarget.com)

DoS/DDoS

• Israeli Govt Sites Hit By Huge DDoS Attack • The Register

Cloud

• How Cloud Services Become Weapons In Russia-Ukraine Cyber Conflict | ZDNet

• The Next Big Cyber Security Threat Is Connected SaaS Platforms (thenextweb.com)

Privacy

• Smart Devices Are Spying on You Everywhere, And That's a Problem (sciencealert.com)

Passwords & Credential Stuffing

• NVIDIA Staff Shouldn’t Have Chosen Passwords Like These… • Graham Cluley

• Attackers Using Default Credentials To Target Businesses, Raspberry Pi And Linux Top Targets - Help Net Security

Regulations, Fines and Legislation

• CafePress Fined For Covering Up Customer Info Leak • The Register

• Meta Fined €17 Million by Irish Regulator for GDPR Violations | CSO Online

Spyware, Espionage & Cyber Warfare

• Would 'Cyber Geneva Conventions' Defuse Online Aggression? (darkreading.com)

Nation State Actors

Nation State Actors – Russia

• Conti Leaks Reveal the Ransomware Group’s Links to Russia | WIRED

• How The Cyber World Can Support Ukraine | World Economic Forum (weforum.org)

• Russia's Disinformation Uses Deepfake Video Of Zelenskyy Telling People To Lay Down Arms - Security Affairs

• FBI Warns of MFA Flaw Used By State Hackers For Lateral Movement (bleepingcomputer.com)

• Ukraine Secret Service Arrests Hacker Helping Russian Invaders (thehackernews.com)

• Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers (vice.com)

• German Government Advises Against Using Kaspersky Antivirus (bleepingcomputer.com)

• Russia Could Use Kaspersky Antivirus Software In Cyber Attacks In Europe, German Agency Warns | Euronews

• ‘It’s The Right Thing To Do’: The 300,000 Volunteer Hackers Coming Together To Fight Russia | Ukraine | The Guardian

• Ukraine's "IT Army" Hit With Info-Stealing Malware- IT Security Guru

• Viasat, Rosneft Hit By Cyber Attacks • The Register

• Mozilla Firefox Removes Russian Search Providers Over Misinformation Concerns (bleepingcomputer.com)

• Fake Antivirus Updates Used To Deploy Cobalt Strike in Ukraine (bleepingcomputer.com)

• Ukrainian Hacktivists Allegedly Dumps Kaspersky Product Source Code Online (Updated) - Lowyat.NET

• New CaddyWiper Data Wiping Malware Hits Ukrainian Networks (bleepingcomputer.com)

• Top Ukrainian Cyber Official Praises Volunteer Hacks On Russian Targets, Offers Updates - CyberScoop

• Anonymous Sent A Message To Russians: "Remove Putin" - Security Affairs

• Cyber Attacks Cripple Russian Websites After Ukraine Invasion (gizmodo.com)

• Russia Faces IT Crisis With Just Two Months Of Data Storage Left (bleepingcomputer.com)

• Russia Labels Meta 'Extremist Organisation, Bans Instagram • The Register

Nation State Actors – China

• China-Linked Threat Actors Are Targeting The Government Of Ukraine - Security Affairs

• China Claims It Captured NSA Spy Tool That Already Leaked • The Register

Nation State Actors – Iran

• Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers (thehackernews.com)

Vulnerabilities

• CISA Adds 15 Vulnerabilities To List Of Flaws Exploited In Attacks (bleepingcomputer.com)

• New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access (thehackernews.com)

• Apple Patch Day: Gaping Security Holes in iOS, macOS, iPadOS | SecurityWeek.Com

• OpenSSL Patches Denial-Of-Service Certificate Flaw • The Register

• OpenSSL Patches Infinite-Loop DoS Bug In Certificate Verification – Naked Security (sophos.com)

• Nasty Linux Netfilter Firewall Security Hole Found | ZDNet

• SolarWinds Warns Of Attacks Targeting Web Help Desk Instances (bleepingcomputer.com)

• High-Severity Vulnerabilities Patched in BIND Server | SecurityWeek.Com

• QNAP Warns Severe Linux Bug Affects Most Of Its NAS Devices (bleepingcomputer.com)

Sector Specific

Financial Services Sector

• Top Threats For The Financial Sector - Help Net Security

• Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines (thehackernews.com)

• Banks on Alert For Russian Reprisal Cyber Attacks on Swift | Ars Technica

• Fraudsters Use Intelligent Bots To Attack Financial Institutions (scmagazine.com)

• 70% of Financial Service Providers Are Implementing API Security - Help Net Security

• Report: Payment Fraud Attacks Against Fintech Companies Soar By 70% In 2021 - Information Security Buzz

Health/Medical/Pharma Sector

• Healthcare Cyber Security Trends: Organisations Not Quite Ready To Deal With Threats - Help Net Security

• Hospitals Warned Of 'Phone Calls And Emails From Hackers' As Russia-Ukraine War Rages - Manchester Evening News

• Nearly 300k Heart Patients’ Data Exposed - Infosecurity Magazine

Transport and Aviation

• Aircraft Disrupted by Satellite Jamming Following Russian Invasion - Infosecurity Magazine

• EU & US Agencies Warn That Russia Could Attack Satellite Communications - Security Affairs

Reports Published in the Last Week

• 2022 Global Mobile Threat Report: Key Insights on the State of Mobile Security - Zimperium Mobile Security Blog

Other News

• Does the Free World Need a Global Cyber Alliance? | SecurityWeek.Com

• Why EDR Is Not Sufficient To Protect Your Organisation - Help Net Security

• Public and Private Sector Security: Better Protection by Collaboration | SecurityWeek.Com

• The Importance Of Building In Security During Software Development - Help Net Security

• How Fast Can Organisations Respond To A Cyber Security Crisis? - Help Net Security

• Researcher Uses 379-Year-Old Algorithm To Crack Crypto Keys Found In The Wild | Ars Technica

• How Pen Testing Gains Critical Security Buy-in and Defence Insight (darkreading.com)

• DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data | Threatpost

• When IT Spending Plans Don't Reflect Security Priorities (darkreading.com)

• Half of People Accept All Cookies Despite The Security Risk | TechRadar

• Business Is At Last Collaborating On Cyber Security | Financial Times (ft.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Second Only To Climate Change As Biggest Global Risk

Cyber security has been ranked as the second largest threat to our way of life in a major new survey of 23,000 people, comprised of both experts and members of the public. Cyber came second only to climate change on the world stage, but was ranked as the number one risk in the Americas and second in Asia, Africa, and Europe. https://www.infosecurity-magazine.com/news/cyber-second-biggest-global-risk/

Businesses Unsure Which Tech Is Essential Against Ransomware

As ransomware attacks grow in number, a new report finds that many organisations are under the impression they have things in hand but most are unsure what protections they should have in place. The report, based on a survey of 455 business leaders and cyber security professionals, claims businesses are on top of employee training, risk assessments and cyber insurance. Where firms fall flat however is their “clear gap” in thinking, in what many respondents see as “essential tech” in the fight against ransomware – nearly half of respondents (49%) thought paying up was their best option. https://www.techradar.com/news/businesses-unsure-which-tech-is-essential-against-ransomware

Cyber Crime Awareness Heightened, Yet People Still Engage In Risky Online Behaviours

A survey of over 2,000 adults suggests that 76% of respondents recognise the severity of data breaches. This heightened awareness may be driven by constant news of major consumer, enterprise and infrastructural breaches over the last year alone. https://www.helpnetsecurity.com/2021/10/01/risky-online-behaviors/

Attacks Against Remote Desktop Protocol Endpoints Have Exploded This Year

A recent report warns of a huge increase in attacks on the Remote Desktop Protocol (RDP), an almost universal protocol used by nearly every business in operation today. The figures show attacks on RDP have jumped 103.9% since its T1 report in June and represents around 55 billion devices. The RDP protocol is leveraged by threat actors to deploy ransomware and has become a popular target due to both heavy use by IT service providers and common misconfigurations.  https://www.theregister.com/2021/09/30/eset_threat_report/

Ransomware Attacks Up 1,070% Year Over Year

The prevalence of ransomware is growing rapidly, according to the 2021 Ransomware Survey Report. The report shockingly found many of the ransom demands are paid, and comes as a result in the rise of “ransomware as-a-service”. The report found 94% of businesses are concerned about ransomware, with 49% stating they would simply pay the ransom outright. Respondents in Europe were more concerned than those in North America, and around 67% felt they had already been the target of ransomware.  https://www.msspalert.com/cybersecurity-research/fortinet-report-ransomware-attacks-up-1070-year-over-year/

Baby’s Death Alleged To Be Linked To Ransomware

A US hospital paralyzed by ransomware in 2019 will be defending itself in court this November over the death of a newborn. The baby was born amid the hospital’s eighth day of fending off the attack. Court filings show the hospital – Springhill Medical Center in Alabama – believes wireless tracking systems and heartbeat monitoring equipment were compromised by the ransomware, leading to the death.

https://threatpost.com/babys-death-linked-ransomware/175232/

Ransomware Shame: More Than Half Of Business Owners Conceal Cyber-Breach

Around a third (32%) of enterprises experienced a six-figure breach last year, but well over half (61%) admitted to concealing it. The findings come as a global survey of 1,400 decision makers in cyber is released. https://www.foxbusiness.com/technology/ransomware-cyber-breach-concealed

More Than 90% Of Q2 Malware Was Hidden In Encrypted Traffic

Around 91.5% of malware detections in Q1 2021 were concealed in HTTPS-encrypted connections. A ubiquitous protocol – used to secure traffic any time you open a web page – only 20% of organisations have mechanisms in place to scan the arriving HTTPS traffic. The terrifying result found that most firms are missing over nine-tenths of malware hitting their networks every day. https://www.darkreading.com/perimeter/more-than-90-of-q2-malware-was-hidden-in-encrypted-traffic

Cyber Attack Floors British Payroll Firm

A "sophisticated" cyber attack has forced a British payroll company to shut down its entire network, leaving some contractors without pay.  Giant Group confirmed on September 24 that it had taken its network, fully integrated IT infrastructure, phone, and email systems offline last Wednesday after detecting suspicious activity. https://www.infosecurity-magazine.com/news/cyberattack-floors-british-payroll/#.YVQiuXlCjOA.twitter

GriftHorse Malware Infected More Than 10 Million Android Phones From 70 Countries

A malicious trojan has been making its way through the Google Play Store since at least November of 2020. The app, purportedly harmless on the surface, hijacks payments on the victim device, resulting in a series of hidden charges and a nasty surprise at the end of the month. Researchers who discovered the malware estimate its impact to be over 10 million victims in 70 countries, and several hundreds of millions of Euros in losses. https://securityaffairs.co/wordpress/122730/malware/grifthorse-malware-campaign.html

50% Of Servers Have Weak Security Long After Patches Are Released

Over 50% of servers scanned still have weak security, a new study suggests, even after patches have been issued. Researchers found that servers were still vulnerable weeks and even months after critical updates, leaving many businesses wide open to attack. https://www.darkreading.com/vulnerabilities-threats/50-of-servers-have-weak-security-long-after-patches-are-released

Threats

Ransomware

• United Health Centres Reportedly Compromised By Ransomware Attack

• JVCKenwood Hit By Conti Ransomware Claiming Theft Of 1.5TB Data

• Ransomware Gangs Are Complaining That Other Crooks Are Stealing Their Ransoms

• Ransomware Gangs Are Starting More Drama On Cyber Crime Forums, Upending 'Honor Among Thieves' Conventions

• Conti Ransomware Expands Ability To Blow Up Backups

• United Health Centers Reportedly Compromised By Ransomware Attack

• REvil Customers Complain Ransomware Gang Uses Backdoors To Filch Ransoms

• The Biggest Problem With Ransomware Is Not Encryption, But Credentials

Phishing

• 75K Email Inboxes Hit in New Credential Phishing Campaign

• Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

• LinkedIn URLs are being hijacked For phishing

Other Social Engineering

• Scammers Capitalize on Release of New Bond Movie

Malware

• FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

• Thousands Of Online Gaming Accounts Hit In Major Cyber Attack

• Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers

• New Malware Steals Steam, Epic Games Store, And EA Origin Accounts

Vulnerabilities

• Google Emergency Update Fixes Two Chrome Zero Days

• Threat Actors Use Recently Discovered CVE-2021-26084 Atlassian Confluence

• Apple AirTag Zero-Day Weaponizes Trackers

• New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

• Thousands of University Wi-Fi Networks Expose Log-In Credentials

• Exploit Released For VMware Vulnerability After CISA Warning

• Apple Pay Users ‘Vulnerable To Security Hack’

• Outsourced Software Poses Greater Risks to Enterprise Application Security

• Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

• Apple Responds To Security Researcher Who Found Multiple iOS 15 Zero-Day Flaws

• Windows 10 Emergency Update Resolves KB5005565 App Freezes, Crashes

• Cyber Security Vulnerability Could Affect Millions Of Hikvision Cameras

Data Breaches/Leaks

• Mental Healthcare Providers Report Data Breaches

• Anonymous: We've Leaked Disk Images Stolen From Far-Right-Friendly Web Host Epik

• 3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale

• Emails, Chat Logs, More Leaked Online From Far-Right Militia Linked To US Capitol Riot

Cryptocurrency/Cryptojacking

• Ethereum Dev Admits Helping North Korea Mine Crypto-Bucks, Faces 20 Years Jail

• China Says All Crypto Currency-Related Transactions Are Illegal And Must Be Banned

Insider Threats

• 10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage

Dark Web

• Computer Scientist Jailed Over Dark Web Conspiracy

DoS/DDoS

• Bandwidth.com Is Latest Victim Of DDoS Attacks Against VoIP Providers

Nation State Actors

• APT Focus: ‘Noisy’ Russian Hacking Crews Are Among The World’s Most Sophisticated

• APT29 Targets Active Directory Federation Services With Stealthy Backdoor

• GhostEmperor Hackers Use New Windows 10 Rootkit In Attacks

• Nation-State Attacks Fears Grow, Execs Don’t Trust Governments To Protect Them From Cyber Threats

• APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated

Cloud

• Huawei Cloud Services: U.S. Lawmakers Express Security Concerns

• Cloud Security is the Weak Link

• Why CEOs Should Absolutely Concern Themselves With Cloud Security

• Cloud Security: Report Finds 68% of Malware Delivered From Cloud Apps

Privacy

• Which? Survey Finds People Would Actually Pay The Online Giants Not To Take Their Data

Reports Published in the Last Week

ESET Threat Report T2 2021

Other News

• Revealed: How To Steal Money From Victims' Contactless Apple Pay Wallets

• Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts

• Cyber Security Experts Have Discovered A New Hacker Group

• The Return Of The Hacktivists

• Report Highlights Cyber Security Dangers Of Elastic Stack Implementation Mistakes

• Russian Authorities Arrest Cyber Security Giant Group-IB’s CEO On Treason Charges

• US Deports Convicted Cyber Criminal to Russia

• OWASP Toasts 20th Anniversary With Revised Top 10 For 2021

• New Emergency Fraud Hotline Launched in UK

• Corporate Attack Surface Exploding As A Result Of Remote Work 

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.