Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 19 April 2024
Black Arrow Cyber Threat Intelligence Briefing 19 April 2024:
-94% of Ransomware Victims Have Their Backups Targeted by Attackers
-Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability
-Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist
-Your Annual Cyber Security Is Not Working, but There is a Solution
-73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert
-Russia and Ukraine Top Inaugural World Cyber Crime Index
-Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?
-Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat
-The Threat from Inside: 14% Surge in Insider Threats Compared to Previous Year
-Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts
-Large Enterprises Experience Breaches, Despite Large Security Stacks - Report Finds 93% of Breaches Lead to Downtime and Data Loss
-Charities Doing Worse than Private Sector in Staving off Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
94% of Ransomware Victims Have Their Backups Targeted by Attackers
Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.
Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.
Source: [Tech Republic]
Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability
The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.
The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.
The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.
Sources: [The Banker] [IMF]
Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist
A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.
Source: [TechCrunch]
Your Annual Cyber Security Is Not Working, But There is a Solution
Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.
To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.
Source: [TechRadar]
73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert
A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.
Source: [Business Wire]
Russia and Ukraine Top Inaugural World Cyber Crime Index
The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.
Top ten Countries in full:
1. Russia
2. Ukraine
3. China
4. United States
5. Nigeria
6. Romania
7. North Korea
8. United Kingdom
9. Brazil
10. India
Source: [Infosecurity Magazine]
Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?
The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.
Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.
Sources: [ITPro] [The Guardian]
Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat
Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.
The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.
Sources: [Claims Journal] [Inc.com]
The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites
Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).
Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.
Source: [Infosecurity Magazine] [TechRadar]
Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts
Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.
Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.
Sources: [Ars Technica] [Data Breach Today]
Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss
93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.
Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.
Sources: [Infosecurity Magazine] [Help Net Security]
Charities Doing Worse than Private Sector in Staving off Cyber Attacks
Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.
Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.
Source: [TFN]
Governance, Risk and Compliance
Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
Security breaches are causing more damage than ever before | TechRadar
Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)
51% of enterprises experienced a breach despite large security stacks - Help Net Security
Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)
Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)
Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com
The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)
Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)
FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)
What if we made ransomware payments illegal? | SC Media (scmagazine.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)
Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)
A whole new generation of ransomware makers are attempting to shake up the market | TechRadar
Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly
Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)
Ransomware Victims
Change Healthcare’s ransomware attack costs reach nearly $1B • The Register
Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)
Ransomware attack compromises UN agency data | SC Media (scmagazine.com)
840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)
US think tank Heritage Foundation hit by cyber attack | TechCrunch
Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)
Ransomware feared as Octapharma Plasma closes 150+ centers • The Register
Cyber Attack Takes Frontier Communications Offline (darkreading.com)
Phishing & Email Based Attacks
FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)
FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)
Other Social Engineering
Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs
FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)
Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)
Artificial Intelligence
CISOs not changing priorities in response to AI threats (betanews.com)
92% of enterprises unprepared for AI security challenges - Help Net Security
AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)
Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)
C-suite weighs in on generative AI and security (securityintelligence.com)
2FA/MFA
Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)
Malware
LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)
Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)
Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week
New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)
Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)
Mobile
Government spyware is another reason to use an ad blocker | TechCrunch
iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena
Enterprises face significant losses from mobile fraud - Help Net Security
SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security
CISA warns of critical vulnerability in Chirp smart locks • The Register
New rules for security of connected products in the UK and EU - Lexology
Data Breaches/Leaks
CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)
Panama Papers: Money laundering trial of 27 defendants begins
Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)
5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)
Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)
Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)
Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch
Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)
Insider Risk and Insider Threats
Insurance
Cloud/SaaS
What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)
For Service Accounts, Accountability Is Key to Security (darkreading.com)
Identity and Access Management
Linux and Open Source
Open source groups say more software projects may have been targeted for sabotage (yahoo.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Attackers are pummelling networks around the world with millions of login attempts | Ars Technica
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)
Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)
For Service Accounts, Accountability Is Key to Security (darkreading.com)
Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)
Social Media
Malvertising
Government spyware is another reason to use an ad blocker | TechCrunch
Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)
Training, Education and Awareness
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
Cyber security training: How to make it more motivating (hrexecutive.com)
Regulations, Fines and Legislation
US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online
New rules for security of connected products in the UK and EU - Lexology
Congress votes to kick Uncle Sam’s data broker habit • The Register
Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica
Models, Frameworks and Standards
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
IT and security professionals demand more workplace flexibility - Help Net Security
National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)
Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)
Law Enforcement Action and Take Downs
Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)
Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
China
Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)
Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)
Risks are higher than ever for US- China cyber war | Responsible Statecraft
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
Singapore infosec boss: splinternet hinders interoperability • The Register
FBI says Chinese hackers preparing to attack US infrastructure | Reuters
Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)
Russia
Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)
CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)
Microsoft breach allowed Russia to steal Feds' emails • The Register
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch
Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes
Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget
Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register
Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)
Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)
Singapore infosec boss: splinternet hinders interoperability • The Register
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)
Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week
Iran
Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)
Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)
Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)
Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
How to conduct security patch validation and verification | TechTarget
Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack
The importance of the Vulnerability Operations Centre for cyber security | TechRadar
Vulnerabilities
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
“Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica
Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)
PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)
Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA
Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)
Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)
Juniper Networks Publishes Dozens of New Security Advisories - Security Week
Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)
Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week
iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena
Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)
Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard
Tools and Controls
Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)
CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)
Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud
Dark Web Monitoring: What's the Value? (bleepingcomputer.com)
Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)
Cyber security training: How to make it more motivating (hrexecutive.com)
The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)
AI set to enhance cyber security roles, not replace them - Help Net Security
Stateful vs. stateless firewalls: Understanding the differences | TechTarget
Reports Published in the Last Week
Other News
Charities doing worse than private sector in staving off cyber attacks - TFN
The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)
Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)
Geopolitical tensions escalate OT cyber attacks - Help Net Security
Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg
The invisible seafaring industry that keeps the internet afloat (theverge.com)
Do we have a plan on how to deal with subsea cables sabotage? | Euronews
Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week
University chiefs to get security service Cobra briefing on hostile states | The Argus
SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week
Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 09 April 2021
Black Arrow Cyber Threat Briefing 09 April 2021: Ransomware Attacks Grew By 485% In 2020; Cyber Insurance Firm Suffers Cyber Attack; Ransom Gangs Emailing Victim Customers For Leverage; 'We Have Your Porn Collection' - The Rise Of Extortionware; Should Firms Be More Worried About Firmware Cyber Attacks; Armed Conflict Draws Closer As State-Backed Cyber Attacks Intensify; Coca-Cola Trade Secret Theft Underscores Importance Of Insider Threat Early Detection; Attackers Blowing Up Discord, Slack With Malware
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Attacks Grew By 485% In 2020
Ransomware attacks increased by an astonishing 485% in 2020 compared to 2019, according to Bitdefender’s 2020 Consumer Threat Landscape Report, which highlighted the ways cyber criminals targeted the COVID-19 pandemic. Interestingly, nearly two-thirds (64%) of the ransomware attacks took place in the first two quarters of 2020.
https://www.infosecurity-magazine.com/news/ransomware-attacks-grow-2020/
Cyber Insurance Firm Suffers Sophisticated Ransomware Cyber Attack; Data Obtained May Help Hackers Better Target Firm’s Customers
One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cyber security attack” on March 21, 2021. The cyber attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.
Ransom Gangs Emailing Victim Customers For Leverage
Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organisations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.
https://krebsonsecurity.com/2021/04/ransom-gangs-emailing-victim-customers-for-leverage/
'We Have Your Porn Collection': The Rise Of Extortionware
Experts say the trend towards ransoming sensitive private information could affect companies not just operationally but through reputation damage. It comes as hackers bragged after discovering an IT Director's secret porn collection. The targeted US firm has not publicly acknowledged that it was hacked. In its darknet blog post about the hack last month, the cyber-criminal gang named the IT director whose work computer allegedly contained the files.
https://www.bbc.co.uk/news/technology-56570862
Should Firms Be More Worried About Firmware Cyber Attacks?
Microsoft recently put out a report claiming that businesses globally are neglecting a key aspect of their cyber security - the need to protect computers, servers, and other devices from firmware attacks. Its survey of 1,000 cyber security decision makers at enterprises across multiple industries in the UK, US, Germany, Japan, and China has revealed that 80% of firms have experienced at least one firmware attack in the past two years. Yet only 29% of security budgets have been allocated to protect firmware.
https://www.bbc.co.uk/news/business-56671419
Armed Conflict Draws Closer As State-Backed Cyber Attacks Intensify
The world is coming perilously close to nation states retaliating against cyber attacks with conventional weapons, according to a new HP report. Publicly available reports into state-sponsored attacks and interviews with scores of experts. It claimed there has been a 100% increase in “significant” state-backed attacks between 2017-20, and an average of over 10 publicly attributed attacks per month in 2020 alone.
https://www.infosecurity-magazine.com/news/armed-conflict-closer-state/
Coca-Cola Trade Secret Theft Underscores Importance Of Insider Threat Early Detection
The trial of Xiaorong You started in Greenville, TN, this week. She is accused of trade secret theft and economic espionage after allegedly stealing technologies owned by several companies, including her former employers Coca-Cola and Eastman Chemical Company. The value placed on the development of the stolen technologies is $119.6 million. Other affected companies include Azko-Nobel, Dow Chemical, PPG, TSI, Sherwin Williams and ToyoChem.
The details of the case suggest that the damages the accused is allegedly responsible for could have been minimized if better real-time insider threat detection methods had been in place. They also outline possible motives for the theft of the intellectual property: ego and money.
Attackers Blowing Up Discord, Slack With Malware
Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware. The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cyber criminal expertise in attacking them.
https://threatpost.com/attackers-discord-slack-malware/165295/
Scraped Data Of 500 Million LinkedIn Users Being Sold Online, 2 Million Records Leaked As Proof
An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author. The four leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more.
While users on the hacker forum can view the leaked samples for about $2 worth of forum credits, the threat actor appears to be auctioning the much-larger 500 million user database for at least a 4-digit sum, presumably in bitcoin.
Massive Facebook Data Breach Leaks Info On Millions Of Users
The personal information of hundreds of millions of Facebook users across the globe has been leaked online. Around 533 million Facebook users are thought to have been affected by the data breach, with phone numbers, Facebook ID, full name, location, past location, birthdate, email address, account creation date, relationship status, and personal bios all available. The data is thought to be the same set that was leaked in January 2021 and was available to purchase online, meaning Facebook has failed to secure its users once again.
https://www.techradar.com/uk/news/massive-facebook-data-breach-leaks-info-on-millions-of-users
Threats
Ransomware
Phishing
Malware
Mobile
IOT
Vulnerabilities
Critical Zoom vulnerability triggers remote code execution without user input
Bug allows attackers to hijack Windows time sync software used to track security incidents
AMD admits Zen 3 processors are vulnerable to Spectre-like side-channel attack
SAP Bugs Under Active Cyberattack, Causing Widespread Compromise
Data Breaches
Adult content from hundreds of OnlyFans creators leaked online
A huge trove of credit card records and Social Security numbers just got hacked
Booking.com fined €475,000 for late reporting of data breach
Nation State Actors
Privacy
Other News
Ubiquiti is accused of covering up a ‘catastrophic’ data breach — and it’s not denying it
VISA: Hackers increasingly using web shells to steal credit cards
Cloud-native watering hole attack: Simple and potentially devastating
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 January 2021
Black Arrow Cyber Threat Briefing 29 January 2021: Phishing Attacks Show High-Ranking Execs ‘Most Valuable Asset’ and ‘Greatest Vulnerability’; Paying Ransomware Funding Organised Crime; Police take down botnet that hacked millions of computers; After SolarWinds Hack, Who Knows What Cyber Dangers We Face; Russian businesses warned of retaliatory cyber attacks; iOS vulns actively exploited; Top Cyber Attacks of 2020
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
Phishing Attacks Show High-Ranking Execs May Be ‘Most Valuable Asset,’ and ‘Greatest Vulnerability’
Cyber criminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The scheme highlights the role and responsibility upper management plays in ensuring the security of their own company’s assets.
Insurers 'Funding Organised Crime' by Paying Ransomware Claims
Insurers are inadvertently funding organised crime by paying out claims from companies who have paid ransoms to regain access to data and systems after a hacking attack, Britain’s former top cybersecurity official has warned.
Emotet: Police raids take down botnet that hacked 'millions of computers worldwide'
Emotet, one of the world's most dangerous cyber crime services, has been taken down following one of the largest ever internationally-coordinated actions against cyber criminals. Although it began as banking malware designed to steal financial credentials, Emotet had become an infrastructure tool leased out to cyber criminals to break into victim computer networks and install additional malicious software.
After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face
Months before insurgents breached the Capitol and rampaged through the halls of Congress, a stealthier invader was muscling its way into the computers of government officials, stealing documents, monitoring e-mails, and setting traps for future incursions. Last March, a hacking team, believed to be affiliated with Russian intelligence, planted malware in a routine software upgrade from a Texas-based I.T. company called SolarWinds, which provides network-management systems to more than three hundred thousand clients.
FSB warns Russian businesses of cyber attacks as retaliation for SolarWinds hack
Russian authorities are alerting Russian organizations of potential cyberattacks launched by the United States in response to SolarWinds attack. The Russian intelligence agency FSB has issued a security alert this week warning Russian organizations of potential cyberattacks launched by the United States in response to the SolarWinds supply chain attack.
Update your iPhone — Apple just disclosed hackers may have 'actively exploited' a vulnerability in its iOS
On Tuesday released a new iOS software update that includes fixes for three security weaknesses in the former version. Its support website that it is aware of the three security bugs and that they "may have been actively exploited. “Also, it does not disclose details regarding security issues "until an investigation has occurred."
Top Cyber Attacks of 2020
"Zoombomb" became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images. Nation-state hacker groups mounted attacks against organisations involved in the coronavirus pandemic response, including the World Health Organization and Centres for Disease Control and Prevention, some in an attempt to politicize the pandemic.
https://thehackernews.com/2021/01/top-cyber-attacks-of-2020.html
Threats
Ransomware
Cyber Criminals use deceased staff accounts to spread Nemty ransomware
US and Bulgarian authorities disrupt NetWalker ransomware operation
Former UK Cyber Security Chief Says Laws Are Needed to Stop Ransomware Payouts
BEC
Phishing
Other Social Engineering
Malware
DreamBus botnet targets enterprise apps running on Linux servers
Trickbot is back again - with fresh phishing and malware attacks
Mobile
Vulnerabilities
Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges
Vulnerability found in top messaging apps let hackers eavesdrop
Experts Detail A Recent Remotely Exploitable Windows Vulnerability
Former LulzSec Hacker Releases VPN Exploit Used to Hack Hacking Team
KindleDrip exploit – Hacking a Kindle device with a simple email
Data Breaches
Charities
Insider Threats
Nation-State Actors
Denial of Service
Privacy
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.