Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week 

Half of Regulated Firms See Pandemic Spike in Financial Crime

Around half of firms in the financial services, property and legal sectors have reported rising levels of financial crime over the past 12 months, according to new data from an anti-money laundering (AML) specialist which polled 500 regulated businesses in the UK to better understand the levels of risk facing players in each vertical.

Overall, 48% of respondents said they’d seen a rise in financial crime, and a quarter (26%) admitted they’d been a victim of attacks. Legal firms, including conveyancers, experienced the most significant number of compromises, with a third (33%) saying they had been a victim of financial crime.

The sector is an increasingly attractive target for both state-backed and financially motivated cyber-criminals, given the wealth of sensitive client information that legal practices typically hold. https://www.infosecurity-magazine.com/news/half-firms-pandemic-spike/  

Large Ransom Demands And Password-Guessing Attacks Escalate

ESET released a report that summarizes key statistics from its detection systems and highlights notable examples of its cyber security research.

The latest issue of the report highlights several concerning trends that were recorded by ESET telemetry, including increasingly aggressive ransomware tactics, intensifying brute-force attacks, and deceptive phishing campaigns targeting people working from home who have gotten used to performing many administrative tasks remotely.

Ransomware, showing three major detection spikes during T2, saw the largest ransom demands to date. The attack shutting down the operations of Colonial Pipeline – the largest pipeline company in the US – and the supply-chain attack leveraging a vulnerability in the Kaseya VSA IT management software, sent shockwaves that were felt far beyond the cybersecurity industry. https://www.helpnetsecurity.com/2021/10/05/large-ransom-demands/

Malicious Hackers Are Exploiting Known Vulnerabilities Because Organizations Aren’t Quick Enough To Patch – Report

Organizations are urged to be more proactive when it comes to protecting against vulnerabilities, after a report found that malicious attackers routinely exploit unpatched systems.

The 2021 Trustwave SpiderLabs Telemetry Report, released this week, found that a huge number of companies are falling foul to cyber-attacks despite having ready access to suitable fixes.

This is happening because malicious actors are using Shodan to scan for networks that are exposed to known vulnerabilities and exploit them before the victim can apply the patch. https://portswigger.net/daily-swig/malicious-hackers-are-exploiting-known-vulnerabilities-because-organizations-arent-quick-enough-to-patch-report  

Ransomware: Cyber Criminals Are Still Exploiting These Old Vulnerabilities, So Patch Now

Some of the cyber security vulnerabilities most commonly exploited by cybercriminals to help distribute ransomware are years old -- but attackers are still able to take advantage of them because security updates aren't being applied.

Cybersecurity researchers at Qualys examined the Common Vulnerabilities and Exposures (CVEs) most used in ransomware attacks in recent years. They found that some of these vulnerabilities have been known for almost a decade and had vendor patches available. But because many organizations still haven't applied the available security updates, they remain vulnerable to ransomware attacks. https://www.zdnet.com/article/ransomware-cyber-criminals-are-still-exploiting-years-old-vulnerabilities-to-launch-attacks/

How Insurers Play a Big Role in Spurring Cyber Crime

Ransomware extracted $18 billion in payments last year, and it’s expected there will be an attack every 11 seconds by this year’s end, a problem that some security experts and academic researchers say is exacerbated by the system meant to protect against cybercrime: the insurance industry.

Organizations with cyber insurance are more than twice as likely to pay ransoms as those without, according to a global survey commissioned by UK-based cyber security and software firm Sophos of 1,823 companies, governments, health systems, and other organizations that had been hit by ransomware. This is one of the first times such data have been gathered that show the extent of the relationship between cyber insurance and ransomware payments. Critics say that relationship helps fuel a ransomware economy that the federal government estimates causes $445 billion in damages to the global economy every year. https://www.barrons.com/articles/ransomware-attack-cyber-insurance-industry-51633075202

Why Today’s Cyber Security Threats Are More Dangerous

Over the past two years, the rise of big-ticket ransomware attacks and revelations of harmful software supply chain infections have elevated cyber security to the top of governments’ and corporate agendas.

The opportunities for threat actors are growing faster than firms are able to mitigate them.

Unlike 20 years ago, when even extensive IT systems were comparatively standalone and straightforward, the interdependencies of systems now make dealing with and defending against threats a much more difficult proposition. The core problems being complexity and interdependence and neither are going away because that is what is providing organisations with the flexibility, functionality and all these other critical functions that they need. https://www.csoonline.com/article/3635097/why-today-s-cybersecurity-threats-are-more-dangerous.html

How Fraudsters Can Use The Forgotten Details Of Your Online Life To Reel You In

You may think you’ve been careful, but a determined scammer can probably find enough to manipulate you. https://www.theguardian.com/money/2021/oct/03/how-fraudsters-can-use-the-forgotten-details-of-your-online-life-to-reel-you-in  

One In Three IT Security Managers Don’t Have A Formal Cybersecurity Incident Response Plan

Regardless of industry, information security incidents have become more of a targeted threat for businesses, increasing in amount and efficacy, according to a new report.

Of all the security incidents identified by over 900 surveyed employees at U.S. businesses, the three most threatening incidents were: increasingly severe ransomware attacks, more effective phishing schemes, and rampant reusing of passwords.

·         Respondents reported phishing emails have nearly tripled in effectiveness over the past two years. Phishing emails are rapidly becoming more difficult to spot and thus far more destructive.

·         Over the past year, ransomware attacks have increased by 25%. Ransom demands were significantly higher than average for businesses in specific industries, such as banking and financial services and construction, with higher payouts.

·         The report found that password reuse is strongly associated with higher incidences of security breaches. Reported account takeovers were three times as common among people who reuse passwords as those who don’t.

Alarmingly, 23% of the IT security managers surveyed say their company doesn’t have protocols in place to report a suspected cyberattack and 33% don’t have a formal cybersecurity incident response plan. https://www.helpnetsecurity.com/2021/10/06/response-plan-cybersecurity/  

Cyber Security Best Practices Lagging, Despite People Being Aware Of The Risks

The National Cybersecurity Alliance and CybSafe announced the release of a report which polled 2,000 individuals across the U.S. and UK. The report examined key cybersecurity trends, attitudes, and behaviours ahead of Cybersecurity Awareness Month this month.

The daily headlines of data breaches and ransomware attacks is a testament to the problem getting worse, yet most people aren’t aware of the simple steps they can take to be a part of the solution. It’s critical to have a deeper understanding of both the challenges we face and the prevailing attitudes and behaviors among the public.

Too often people are forgotten in cybersecurity conversations and this is borne out by cyber crime being more common among Millenials and Gen Z, and the public not embracing cyber security best practices.

The report also found that many users had limited access to cyber training, with  64% of respondents having no access to cybersecurity training, while 27% of those who do have access choose not to use it. https://www.helpnetsecurity.com/2021/10/07/cybersecurity-best-practices-lagging/

Threats

Ransomware

• Ransomware: Cyber Criminals Are Still Exploiting These Old Vulnerabilities, So Patch Now | ZDNet

• Ransomware: Police Arrest Two In Operation Against 'Prolific' Gang That Targeted Big Businesses | ZDNet

• Revil Alone Accounts For A Significant Portion Of Q2 2021 Ransomware Attacks | Techspot

• Behind the Crypto Broker Accused of Enabling Ransomware Hackers - Bloomberg

• Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack – Sophos News

• US Ransomware Law Would Require Victims To Disclose Ransom Payments Within 48 Hours | ZDNet

• Ransomware Group FIN12 Aggressively Going After Healthcare Targets (thehackernews.com)

Other Social Engineering

• Smishing On The Rise - Infosecurity Magazine (Infosecurity-Magazine.Com)

Malware

• Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012 (thehackernews.com)

• 91.5% Of Malware Arrived Over Encrypted Connections During Q2 2021 - Help Net Security

IOT

• IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft | Threatpost

BYOD

• NCSC: Revoke Admin Access for BYOD Users Immediately - Infosecurity Magazine (infosecurity-magazine.com)

• BYOD Security Warning: You Can't Do Everything Securely With Just Personal Devices | ZDNet

Vulnerabilities

• Patch Apache HTTP Servers Now to Avoid Zero Day Exploit - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• The Telegraph Exposed A 10tb Database With Subscriber Data - Security Affairs

Cryptocurrency/Cryptojacking

• Hackers Rob Thousands Of Coinbase Customers Using MFA Flaw (Bleepingcomputer.Com)

Insider Threats

• Fired IT Admin Revenge-Hacks School By Wiping Data, Changing Passwords (Bleepingcomputer.Com)

Dark Web

• Over A Billion Facebook Users Have Data Sold On The Dark Web | Techradar

Nation State Actors

• Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users (thehackernews.com)

• Microsoft: 58% of Nation-State Cyber Attacks Come From Russia (darkreading.com)

• Google Warns 14,000 Gmail Users Targeted By Russian Hackers (Bleepingcomputer.Com)

• Solarwinds Hack Saw Russia Steal Us Anti-Spy Probe Details • The Register

• A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries (thehackernews.com)

• New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers (thehackernews.com)

• Iranian APT Targets Aerospace And Telecom Firms With Stealthy ShellClient Trojan | CSO Online

Cloud

• How Should Banks Grapple With Regulation When Crafting Their Cloud Strategy? (finextra.com) 

Reports Published in the Last Week

• Russian Cyber Attacks Pose Greater Risk To Governments And Other Insights From Microsoft’s Annual Report - Microsoft On The Issues 

Other News

• Patch Management Complexity Increased By Remote Work Is Putting Organizations At Risk - Help Net Security

• The Cyber Security Issues Organizations Deal With Remain Complex And Numerous - Help Net Security

• Security Experts Aghast At The Scale Of Twitch Hack: 'This Is As Bad As It Could Possibly Be' | PC Gamer

• Botnet Abuses TP-Link Routers For Years In SMS Messaging-As-A-Service Scheme - The Record By Recorded Future

• Company That Routes SMS For All Major US Carriers Was Hacked For Five Years | Ars Technica

• New £5 Billion GCHQ Digital Warfare Centre Capable Of 'Cyber Attacks' Set For Lancashire - Lancslive

• Superhero Passwords Pose Serious Risk to Personal, Enterprise Accounts | SecurityWeek.Com

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

5 Reasons Why Enterprises Need Cyber Security Awareness And Training

Research shows that most cyber attacks rely on exploiting the human factor with the help of creative and innovative phishing techniques and other attack vectors. Almost 90% of all data breaches are caused due to human error. Therefore, even if an organisation has a robust cyber security infrastructure in place, the absence of cyber security awareness among employees can leave a huge gap in its cyber security framework. This gap can be easily exploited by cyber criminals to launch various types of cyber attacks. Hence, cyber security awareness and training are very much needed for any enterprise to secure it against cyber attacks.

https://securityboulevard.com/2021/04/5-reasons-why-enterprises-need-cyber-security-awareness-and-training/

Ban Ransom Payments To Hackers, Urges Ex-GCHQ Boss

Britain’s former cyber security chief has called for a ban on ransomware payments after the Irish health service became the latest to be hit by a major attack from international criminals. Ciaran Martin, the founding chief executive of GCHQ’s National Cyber Security Centre (NCSC), said that making payments illegal would help to break the lucrative global hacking business model. Martin said that businesses were helping to fund the organised criminals who locked and stole their data. “At the moment you can pay to make it quietly go away. There’s no legal obligations involved,” he said. “There’s no obligation to report to anybody, there’s no traceability of payment of crypto currency. We have allowed this to spiral in an invisible way.”

https://www.thetimes.co.uk/article/stop-paying-hackers-ransom-demands-ex-gchq-cybersecurity-chief-warns-323fqg8zt

Ransomware’s New Swindle: Triple Extortion

Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial breach to grab even more cash for their crimes. Check Point’s latest ransomware report found that over the past year, ransomware payments have spiked by 171 percent, averaging about $310,000 — and that globally, the number of attacks has surged by 102 percent.

https://threatpost.com/ransomwares-swindle-triple-extortion/166149/

‘It’s A Battle, It’s Warfare’: Experts Seek To Defeat Ransomware Attackers

Cyber security experts like to joke that the hackers who have turned ransomware attacks into a multibillion-dollar industry are often more professional than even their biggest victims. Ransomware attacks — when cyber attackers lock up their target’s computer systems or data until a ransom is paid — returned to the spotlight this week after attacks hit one of the biggest petroleum pipelines in the US, Toshiba’s European business, and Ireland’s health service. While governments have pledged to tackle the problem, experts said the criminal gangs have become more enterprising and continue to have the upper hand. For businesses, they said, there is more pain to come. “This is probably the biggest conundrum in security because companies have to decide how far they participate in this cat-and-mouse game,” said Myrna Soto, former chief strategy and trust officer at Forcepoint and current board member of gas and electricity group Consumers Energy. “It’s a battle, it’s warfare, to be honest.”

https://www.ft.com/content/b48a2d70-4a8c-4407-83a2-59cd055068f8

Colonial Pipeline Boss Confirms $4.4M Ransom Payment

Its boss told the Wall Street Journal he authorised the payment on 7 May because of uncertainty over how long the shutdown would continue. "I know that's a highly controversial decision," Joseph Blount said in his first interview since the hack. The 5,500-mile (8,900-km) pipeline carries 2.5 million barrels a day. According to the firm, it carries 45% of the East Coast's supply of diesel, petrol and jet fuel. Chief executive Mr Blount told the newspaper that the firm decided to pay the ransom after discussions with experts who had previously dealt with DarkSide, the criminal organisation behind the attack.

https://www.bbc.co.uk/news/business-57178503

10 Emerging Cyber Security Trends To Watch In 2021

A flurry of new threats, technologies and business models have emerged in the cyber security space as the world shifted to a remote work model in response to the COVID-19 pandemic. The lack of a network perimeter in this new world accelerated the adoption of SASE (secure access service edge), zero trust and XDR (extended detection and response) to ensure remote users and their data are protected. Adversaries have taken advantage of the complexity introduced by newly remote workforces to falsely impersonate legitimate users through credential theft and have upped the ante by targeting customers in the victim’s supply chain. The ability to monetize ransomware attacks by threatening to publicly leak victim data has made it more lucrative, while employers continue to fend off insiders with an agenda.

https://www.crn.com/news/security/10-emerging-cybersecurity-trends-to-watch-in-2021

How Penetration Testing Can Promote A False Sense Of Security

Rob Gurzeev is concerned about blind spots—past and present. In his DarkReading article Defending the Castle: How World History Can Teach Cyber security a Lesson, Gurzeev mentioned, "Military battles bring direct lessons and, I find, often serve as a reminder that attack surface blind spots have been an Achilles' heel for defenders for a long time." "Cyber security attackers follow this same principle today," wrote Gurzeev. "Companies typically have a sizable number of IT assets within their external attack surface they neither monitor nor defend and probably do not know about in the first place."

https://www.techrepublic.com/article/how-penetration-testing-can-promote-a-false-sense-of-security/

Ransomware Attacks Are Only Getting Worse, Darkside Group "Quits," But That May Just Be A Strategy

Earlier this month, a hacker group named DarkSide launched a ransomware attack against the business network of the Colonial Pipeline, forcing the company to shut down the 5,500-mile main pipeline and leading to fuel shortages in 17 states and Washington DC last week. According to a Bloomberg report, Colonial paid 75 Bitcoin (around $5 million on the day of the transaction) in ransom to the Eastern European hackers, but officially the company has maintained a different narrative of not having any intention of paying the extortion fee in crypto currency, as the DarkSide group had demanded. However, the Georgia-based company is said to have made the payment within hours of the attack, possibly using a cyber insurance policy to cover it.

https://www.techspot.com/news/89689-ransomware-attacks-only-getting-worse-darkside-group-quits.html

Learning From Cyber Attacks Could Be The Key To Stopping Them

Organisations should use major cyber incidents as a way to think through the core of their security strategies in order to prevent or recover better from similar attacks. "A significant cyber incident is really an opportunity; because it's an opportunity to focus on the core issues that led to these cyber incidents," said Anne Neuberger, deputy national security advisor for cyber and emerging technology at the White House, speaking at the UK National Cyber Security Centre's (NCSC) CYBERUK 21 virtual conference. Neuberger said that whether it's something like the SolarWinds sophisticated supply chain attack or the Colonial Pipeline ransomware incident, "we know that vulnerabilities across software and hardware can bring on larger concerns", but that looking at the core issues can help everyone improve their security.

https://www.zdnet.com/article/learning-from-cyber-attacks-could-be-the-key-to-stopping-them/

Microsoft Remote Desktop Protocol (RDP) Allegedly Has An Alarming Active Vulnerability

The Remote Desktop Protocol (RDP) is an incredibly useful feature used by likely millions of people every day. Considering it is free and preinstalled from Microsoft, it beats out most other Windows-based remote desktop software with ease. This, however, does not give it a free pass from having flaws; however, as a security researcher has discovered his password in cleartext within the RDP service’s memory. Researcher Jonas Lykkegård of the Secret Club, a group of hackers, seems to stumble across interesting things from time to time. He recently posted to Twitter about finding a password in cleartext in memory after using the RDP service. It seems he could not believe what he had found, as he tested it again and produced the same results using a new local account.

https://hothardware.com/news/remote-desktop-protocol-storing-passwords-in-cleartext-in-accessible-memory

Amazon’s Ring Is The Largest Civilian Surveillance Network The US Has Ever Seen

In a 2020 letter to management, Max Eliaser, an Amazon software engineer, said Ring is “simply not compatible with a free society”. We should take his claim seriously. Ring video doorbells, Amazon’s signature home security product, pose a serious threat to a free and democratic society. Not only is Ring’s surveillance network spreading rapidly, it is extending the reach of law enforcement into private property and expanding the surveillance of everyday life. What’s more, once Ring users agree to release video content to law enforcement, there is no way to revoke access and few limitations on how that content can be used, stored, and with whom it can be shared.

https://www.theguardian.com/commentisfree/2021/may/18/amazon-ring-largest-civilian-surveillance-network-us

Ransomware Attacks Are Spiking. Is Your Company Prepared?

With the migration to remote work over the last year, cyber attacks have increased exponentially. We saw more attacks of every kind, but the headline for 2020 was ransom attacks, which were up 150% over the previous year. The amount paid by victims of these attacks increased more than 300% in 2020. Already 2021 has seen a dramatic increase in this activity, with high-profile ransom attacks against critical infrastructure, private companies, and municipalities grabbing headlines on a daily basis. The amount of ransom demanded also has significantly increased this year, with some demands reaching tens of millions of dollars. And the attacks have become more sophisticated, with threat actors seizing sensitive company data and holding it hostage for payment.

https://hbr.org/2021/05/ransomware-attacks-are-spiking-is-your-company-prepared

Threats

Ransomware

• Insurer AXA Hit By Ransomware After Dropping Support For Ransom Payments

• The Bizarre Story Of The Inventor Of Ransomware

• One Of The US’s Largest Insurance Companies Reportedly Paid $40 Million To Ransomware Hackers

• Cyber Attack 'Most Significant On Irish State'

• Double-Extortion Ransomware Attacks On The Rise

• Darkside Ransomware Made $90 Million In Just Nine Months

• Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data

Phishing

• Microsoft, Google Clouds Hijacked For Gobs Of Phishing

• Ofwat Reveals It Has Received 20,000 Spam And Phishing Emails So Far This Year

Other Social Engineering

• Fraudsters Employ Amazon ‘Vishing’ Attacks In Fake Order Scams

Malware

• Experts Warn About Ongoing AutoHotKey-Based Malware Attacks

• Microsoft Warns: Watch Out For This New Malware That Steals Passwords, Webcam And Browser Data

• FIN7 Backdoor Masquerades As Ethical Hacking Tool

Mobile

• 4 Vulnerabilities Under Attack Give Hackers Full Control Of Android Devices

• Take Action Now – Flubot Malware May Be On Its Way

• Bizarro Banking Trojan Sports Sophisticated Backdoor

• 100M Android Users Hit By Rampant Cloud Leaks

IoT

• Four New Video Doorbells And Home Security Cameras Are Vulnerable To Hacking

• EufyCam Users Should Turn Off Their Security Cams Immediately

Vulnerabilities

• Windows PoC Exploit Released For Wormable RCE

• Windows 10 Security Targeted Via New Critical Vulnerability

• Exploit Released For Wormable Windows HTTP Vulnerability

• QNAP Warns Of eCh0raix Ransomware Attacks, Roon Server Zero-Day

• Cross-Browser Tracking Vulnerability Tracks You Via Installed Apps

• More Security Flaws Found In Apple Airtags

Cryptocurrency

• Elon Musk Impersonators Stole More Than $2M In Crypto Currency Scams

Supply Chain

• Rapid7 Is The Latest Victim Of A Software Supply Chain Breach

Nation State Actors

• Ireland’s Health Service: Russian Hackers Made Their First Attack Two Weeks Ago

Denial of Service

• Keksec Cyber Gang Debuts Simps Botnet for Gaming DDoS

Cloud

• Cloud Compromise Now The Biggest Cyber Security Issue For Financial Institutions

• Privacy Regulations Making Cloud Migration Complex

Governance, Risk and Compliance

• Cyber Security Spending To Hit $150 Billion This Year

Reports Published in the Last Week

• DDoS Attacks Up 31% In Q1 2021: Report

Other News

• Hackers Used To Be Humans. Soon, AIs Will Hack Humanity

• Solarwinds CEO Reveals Much Earlier Hack Timeline, Regrets Company Blaming Intern

• Cyber Criminals Scanned For Vulnerable Microsoft Exchange Servers Within Five Minutes Of News Going Public

• The Moral Underground? Ransomware Operators Retreat

• Verizon: Pandemic Ushers In ⅓ More Cyber Misery

• The Bizarre Story Of The Inventor Of Ransomware

• Should Encryption Be Curbed To Combat Child Abuse?

• 5 Ways Hackers Hide Their Tracks

• The Next Big Gasoline Shortage Is Coming

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.