Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 05 February 2021
Black Arrow Cyber Threat Briefing 05 February 2021: Ransomware Gangs Made At Least $350 Million In 2020; Widening Security Shaped Gulf Between Firms And Remote Workers; 3.2 Billion Emails And Passwords Exposed; Account Takeover and Data Leakage Attacks Spiked In 2020; Automated Tools Increasingly Used to Launch Cyber Attacks; 93% Of Workers Overshare Online, Causing Social Engineering Risks;
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Gangs Made At Least $350 Million In 2020
Ransomware gangs made at least $350 million in ransom payments last year, in 2020, blockchain analysis. The figure was compiled by tracking transactions to blockchain addresses linked to ransomware attacks. Although Chainalysis possesses one of the most complete sets of data on cryptocurrency-related cybercrime, the company said its estimate was only a lower bound of the true total due.
https://www.zdnet.com/article/ransomware-gangs-made-at-least-350-million-in-2020/
Home Working Increases Cyber Security Fears
"We see tens of different hacking attacks every single week. It is never ending."A senior computer network manager says they are bombarded from all directions. "We see everything," he says. "Staff get emails sent to them pretending to be from the service desk, asking them to reset their log-in passwords. "We see workers being tricked into downloading viruses from hackers demanding ransoms, and we have even had employees sent WhatsApp messages pretending to be from the CEO, asking for money transfers.
https://www.bbc.co.uk/news/business-55824139
3.2 Billion Emails And Passwords Exposed Online
A whopping 3.2 billion password-username pairs are up for grabs in an unnamed online hacking forum. But don't panic — the data is nothing new. It's a compilation of stolen credentials from dozens of old data breaches, some going back ten years. That doesn't mean you shouldn't be aware that your old passwords are floating out there. Yes, your passwords, and ours too. Pretty much anyone who's ever created more than three online accounts has had a password compromised by now.
https://www.tomsguide.com/news/3-2-billion-passwords-leaked
Account Takeover Attacks Spiked In 2020
Occurring whenever a bad actor can steal login credentials and seize control of an online account, takeover attacks rose from 34% of fraud detected in 2019 to 54% by the end of December 2020. Other methods of fraud were blips on the radar compared to account takeovers: The next most popular method, at just 16% of detected fraud, was money laundering/mule transactions, followed by new account fraud (14%), and a mere 12% of instances used remote access or hacking tools to accomplish their goals.
https://www.techrepublic.com/article/account-takeover-attacks-spiked-in-2020-kaspersky-says/
30% Of “Solarwinds Hack” Victims Didn’t Actually Use Solarwinds
When security last week that it had been targeted by the same attacker that compromised SolarWinds' Orion software, it noted that the attack did not use SolarWinds itself. According to Malwarebytes, the attacker had used "another intrusion vector" to gain access to a limited subset of nearly a third of the organizations attacked had no direct connection to SolarWinds.
Data Leakage Attacks Saw Huge Rise In 2020
The number of data leakage incidents grew by an “unprecedented” rate in 2020, a new report from Imperva argues. Through online means alone, not counting leaks caused by lost hardware or word of mouth, Imperva researchers tracked a 93 percent rise. By the end of the year, Imperva had identified a total of 1.7 million leaks, with the the number growing even faster in the second half of the year. Between Q3 and Q4, there was a 47 percent increase.
https://www.itproportal.com/news/data-leakage-attacks-saw-huge-rise-in-2020/
Automated Tools Increasingly Used to Launch Cyber Attacks
Cyber-criminals are increasingly making use of automation and bots to launch attacks, according to a new analysis. revealed that over half (54%) of all cyber-attacks it blocked in November and December were web application attacks which involved the use of automated tools. The most prevalent form was fuzzing attacks, making up around one in five (19.5%). This uses automation to detect and exploit the points at which applications break. This was followed by injection attacks (12%), in which cyber-criminals make use of automation tools such as sqlmap to gain access to applications.
https://www.infosecurity-magazine.com/news/automated-tools-launch-cyber/
A Second SolarWinds Hack Deepens Third-Party Software Fears
It’s been more than two months since revelations that alleged Russia-backed hackers broke into the IT management firm SolarWinds and used that access to launch a massive software supply chain attack. It now appears that Russia was not alone; Reuters reports that suspected Chinese hackers independently exploited a different flaw in SolarWinds products last year at around the same time, apparently hitting the US Department of Agriculture's National Finance Center.
https://www.wired.com/story/solarwinds-hack-china-usda/
93% Of Workers Overshare Online, Causing Security Risks
Reveals just how much, and how often, people divulge about their lives online and how attackers take advantage of it. With insights from both professionals and hackers, the report explores how cybercriminals use an abundant and seemingly cheap resource — the personal information people share on social media and in out-of-office alerts — to craft social engineering attacks.
https://www.helpnetsecurity.com/2021/02/03/workers-overshare-online/
Is There A Widening Gulf Between You And Your Remote Workers? Yes – And It’s Security Shaped
It’s been almost a year since large parts of the workforce beat a hasty retreat from their offices, and began a mass experiment in working from home, often courtesy of Microsoft 365. And after 12 or so months, it’s safe to say that the case for productive remote working has been proved, and that many workers will continue to do so even when the all clear sounds. But is there a question as to whether remote working is as secure as the traditional, office bound, hard perimeter setup? Well, yes, and it’s fair to say the jury is still very much out.
https://www.theregister.com/2021/02/04/mind_the_security_gap_regcast/
Threats
Ransomware
Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains
2021's First Big Ransomware Gang Launches Sleek and Bigoted 'Leak' Site
Ransomware gangs now have industrial targets in their sights. That raises the stakes for everyone
Other Social Engineering
Malware
This malware abuses Tor and Telegram infrastructure to evade detection
Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET
Experts discovered a new Trickbot module used for lateral movement
Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection
Mobile
Vulnerabilities
Data Breaches
Security firm Stormshield discloses data breach, theft of source code
Female escort review site data breach affects 470,000 members
Nation-State Actors
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.