Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 06 August 2021

Black Arrow Cyber Threat Briefing 06 August 2021:

-Ransomware Volumes Hit Record High

-Ransomware Gangs Recruiting Insiders To Breach Corporate Networks

-More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021

-New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies

-Constant Review Of Third Party Security Critical As Ransomware Threat Climbs

-Kaseya Ransomware Attack Sets Off Race To Hack Service Providers

-Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.


Top Cyber Stories of the Last Week

Ransomware Volumes Hit Record Highs As 2021 Wears On

Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020.

https://threatpost.com/ransomware-volumes-record-highs-2021/168327/

Ransomware Gangs Recruiting Insiders To Breach Corporate Networks

The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims' networks and encrypt devices. Any ransom payments that victims make are then split between the core group and the affiliate, with the affiliate usually receiving 70-80% of the total amount. However, in many cases, the affiliates purchase access to networks from other third-party pentesters rather than breaching the company themselves. With LockBit 2.0, the ransomware gang is trying to remove the middleman and instead recruit insiders to provide them access to a corporate network.

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/

More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021

Two new reports were released, covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the number of vulnerabilities disclosed.  The company's data breach report found that there were 1,767 publicly reported breaches in the first six months of 2021, a 24% decline compared to the same period last year. The number of reported breaches grew in the US by 1.5% while 18.8 billion records were exposed year to date, a 32% decline compared to the 27.8 billion records leaked in the first half of 2020.

https://www.zdnet.com/article/more-than-12500-vulnerabilities-disclosed-in-first-half-of-2021-risk-based-security/

New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies

Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.

DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organisations that do not want to manage and secure yet another network asset on their own.

These DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration.

https://www.bleepingcomputer.com/news/security/new-dns-vulnerability-allows-nation-state-level-spying-on-companies/

Constant Review Of Third Party Security Critical As Ransomware Threat Climbs

Enterprises typically would give their third-party suppliers "the keys to their castle" after carrying out the usual checks on the vendor's track history and systems, according to a New York-based Forrester analyst who focuses on security and risk. They believed they had done their due diligence before establishing a relationship with the supplier, but they failed to understand that they should be conducting reviews on a regular basis, especially with their critical systems suppliers. Third-party suppliers should have the ability to deal with irregular activities in their systems and the appropriate security architecture in place to prevent any downstream effects, he added.

https://www.zdnet.com/article/constant-review-of-third-party-security-critical-as-ransomware-threat-climbs/

Kaseya Ransomware Attack Sets Off Race To Hack Service Providers

A ransomware attack in July that paralyzed as many as 1,500 organisations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said. An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said. Now that criminals see how powerful MSP attacks can be, "they are already busy, they have already moved on and we don’t know where," said head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.

https://www.reuters.com/technology/kaseya-ransomware-attack-sets-off-race-hack-service-providers-researchers-2021-08-03/

‘It’s Quite Feasible To Start A War’: Just How Dangerous Are Ransomware Hackers?

Secretive gangs are hacking the computers of governments, firms, even hospitals, and demanding huge sums. But if we pay these ransoms, are we creating a ticking time bomb? They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.

https://www.theguardian.com/technology/2021/aug/01/crypto-criminals-hack-the-computer-systems-of-governments-firms-even-hospitals

Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects

A joint advisory from law enforcement agencies in the US, UK, and Australia this week tallied the 30 most-frequently exploited vulnerabilities. Perhaps not surprisingly, the list includes a preponderance of flaws that were disclosed years ago; everything on the list has a patch available for whoever wants to install it. But as we've written about time and again, many companies are slow to push updates through for all kinds of reasons, whether it's a matter of resources, know-how, or an unwillingness to accommodate the downtime often necessary for a software refresh. Given how many of these vulnerabilities can cause remote code execution—you don't want this—hopefully they'll start to make patching more of a priority.

https://www.wired.com/story/top-vulnerabilities-russia-nso-group-iran-security-news/

Average Total Cost Of A Data Breach Increased By Nearly 10% Year Over Year

Based on in-depth analysis of real-world data breaches experienced by over 500 organisations, the global study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year. Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic. The new findings suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.

https://www.helpnetsecurity.com/2021/07/29/total-cost-data-breach/

65% Of All DDoS Attacks Target US And UK

Distributed denial of service (DDoS) attacks are common for cyber criminals who want to disrupt online-dependent businesses. According to the data analysed by a VPN team, 65% of all distributed denial of service (DDoS) attacks are directed at the US or UK. Computers and the internet industry are the favourite among cyber criminals. The United States was a target for 35% of all DDoS attacks in June 2021. Cyber criminals launched DDoS attacks against Amazon Web Services, Google, and other prominent US-based companies in the past. The United Kingdom comes second as it fell victim to 29% of all DDoS attacks. As the UK has many huge businesses, they often are targeted by hackers for valuable data or even a ransom. China was threatened by 18% of all DDoS attacks in June 2021. Assaults from and to China happen primarily due to political reasons, to interrupt some government agency.

https://www.pcr-online.biz/2021/08/05/65-of-all-ddos-attacks-target-us-and-uk/


Threats

Ransomware

Phishing

Other Social Engineering

Malware

Mobile

Vulnerabilities

Data Breaches

OT, ICS, IIoT and SCADA

Organised Crime & Criminal Actors

Cryptocurrency/Cryptojacking

Supply Chain

Nation State Actors

Cloud


Reports Published in the Last Week



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 09 July 2021

Black Arrow Cyber Threat Briefing 09 July 2021: Hackers Demand $70 Million To End Biggest Ransomware Attack On Record; Zero Day Malware Reached An All-Time High In Q1 2021; New Trojan Malware Steals Millions Of Login Credentials; MacOS Targeted In WildPressure APT Malware Campaign; The Cost Of Cyber Insurance Increased 32% Last Year And Shows No Signs Of Easing; Critical Flaws In Windows Print Spooler Service Could Allow For Remote Attacks; British Airways Settles Over Record Claim For Data Breach; Hackers On Loose As 9,000 Data Leaks A Year Recorded

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.


Top Cyber Stories of the Last Week

Hackers Demand $70 Million To End Biggest Ransomware Attack On Record

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers. REvil was demanding ransoms of up to $5 million, the researchers said. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in crypto currency.

https://www.cbsnews.com/news/ransomware-attack-revil-hackers-demand-70-million/


Zero Day Malware Reached An All-Time High Of 74% In Q1 2021

74% of threats detected in Q1 2021 were zero day malware – or those for which a signature-based antivirus solution did not detect at the time of the malware release – capable of circumventing conventional antivirus solutions. The report also covers new threat intelligence on rising network attack rates, how attackers are trying to disguise and repurpose old exploits, the quarter’s top malware attacks, and more.

https://www.helpnetsecurity.com/2021/06/29/zero-day-malware-q1-2021/


New Trojan Malware Steals Millions Of Login Credentials

There is a new custom Trojan-type malware that managed to infiltrate over three million Windows computers and steal nearly 26 million login credentials for about a million websites. The findings suggest that the Trojan classifies the websites into a dozen categories, which include virtually all popular email services, social media platforms, file storage and sharing services, ecommerce platforms, financial platforms, and more. In all, the unnamed malware managed to siphon away 1.2 terabytes of personal data including over a million unique email addresses, over two billion cookies, and more than six million other files.

https://www.techradar.com/news/malware-steals-millions-of-login-credentials-for-popular-websites


Ransomware As A Service: Negotiators Are Now In High Demand

The Ransomware-as-a-Service (RaaS) ecosystem is evolving into something akin to a corporate structure, with new openings available for "negotiators" -- a role focused on extorting victims to pay a ransom. A study in RaaS trends has recently come out saying that one-man-band operations have almost "completely dissolved" due to the lucrative nature of the criminal ransomware business. Showing the potential financial gains squeezed from companies desperate to unlock their systems have given rise to specialists in cyber crime and extortion and have also led to a high demand for individuals to take over the negotiation part of an attack chain.

https://www.zdnet.com/article/ransomware-as-a-service-negotiators-between-hackers-and-victims-are-now-in-high-demand/


MacOS Targeted In WildPressure APT Malware Campaign

Recently, threat actors known as WildPressure have added a MacOS malware variant to their latest campaign targeting energy sector businesses, while enlisting compromised WordPress websites to carry out attacks. Furthermore, known novel malware, initially identified in March 2020 and dubbed Milum, has now been retooled with a PyInstaller bundle containing a trojan dropper compatible with Windows and MacOS systems, according to researchers. Compromised endpoints allow the advanced persistent threat (APT) group to download and upload files and executing commands.

https://threatpost.com/macos-wildpressure-apt/167606/


The Cost Of Cyber Insurance Increased 32% Last Year And Shows No Signs Of Easing

The cost of insurance to protect businesses and organisations against the ever-increasing threat of cyber crimes has soared by a third in the last year. Also adding that global cyber insurance pricing has increased by an average of 32 percent in the year to June. Not only are premiums going through the roof, insurers are also attaching more strings to their policies, demanding ever more assurances that firms taking out cover have the necessary systems and processes in place to prevent a cyber mishap. Previous research also suggests that the upward squeeze on premiums shows no sign of easing, which, in turn, is putting more strain on the sector.

https://www.theregister.com/2021/07/05/cyber_insurance_report/


Critical Flaws In Windows Print Spooler Service Could Allow For Remote Attacks

Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing. This is because Microsoft is currently grappling with a couple of security holes in its Windows Print spooler service that could allow attackers to remotely control an affected system. Anyone able to exploit the more recent vulnerability of the two would be able to run code on the compromised computer with full system privileges. That attacker could then install software, modify data and create new user accounts.

https://www.techrepublic.com/article/critical-flaws-in-windows-print-spooler-service-could-allow-for-remote-attacks/


End Users In The Dark About Latest Cyber Threats, Attacks

According to a recent survey, which polled consumers and end users, high-profile incidents such as the ransomware attack on Colonial Pipeline Co. and the breach of a Florida city's water utilities were either overlooked or ignored by many outside the IT and information security fields. As a result, the responsibility for keeping users informed and aware of the need for heightened security appears to fall on administrators and IT staff.

https://searchsecurity.techtarget.com/news/252503223/End-users-in-the-dark-about-latest-cyber-threats-attacks


British Airways Settles Over Record Claim For Data Breach

British Airways has settled what is thought to be the biggest claim for a data breach in British legal history, involving 16,000 victims. However, the amount was not disclosed. When The breach took place three years ago, multiple data sources and customer data was leaked, including the leakage of names, addresses and card payment details which affected 420,000 customers and staff. As a result, in 2019 the Information Commissioner’s Office hit BA with its largest ever fine at £20 million.

https://www.thetimes.co.uk/article/british-airways-settles-over-record-claim-for-data-breach-g0f63dnst


Hackers On Loose As 9,000 Data Leaks A Year Recorded

Public bodies and the private sector suffered nearly 9,000 data security incidents in 12 months with sensitive and private information hacked, lost or accidentally given to the wrong people. This Data was seen to lists more than 500 organisations hit by ransomware attacks and a further 562 incidents of hacking. There was also a total of 8,815 data security incidents in 2020/21 with the most breaches in the health and education sectors. Furthermore, over the past three years, police forces across England and Wales suffered an average eight breaches a week. Even security experts announced that these figures were “alarming” and that the public would be “disturbed” to learn how often important information/data was being lost.

https://www.thetimes.co.uk/article/hackers-9000-data-leaks-recorded-cyber-crime-56nvs7t6w


Threats

Ransomware

Phishing

Malware

Vulnerabilities

Data Breaches

Organised Crime & Criminal Actors

Supply Chain

OT, ICS, IIoT and SCADA

Nation State Actors

Cloud

Privacy



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More