Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 15 December 2023
Black Arrow Cyber Threat Intelligence Briefing 15 December 2023:
-MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment
-Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions
-Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies
-81% of Companies had Malware, Phishing and Password Attacks in 2023
-Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors
-Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact
-Why Cyber Security Is a Competitive Advantage: Reaching Digital Success
-Ransomware-as-a-Service: The Growing Threat You Can't Ignore
-66% of Employees Prioritise Daily Tasks Over Cyber Security
-Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days
-Who Is Responsible for Cyber Security? You.
-Many Popular Websites Still Cling to Password Creation Policies From 1985
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment
According to the UK Parliament’s Joint Committee on the National Security Strategy (JCNSS), the UK is one of the most targeted countries in the world for cyber attacks, predominantly coming from Russian-linked threat actors. The report describes the UK as being at high risk from catastrophic ransomware attacks, and warns that the country could face significant challenges in managing future attacks.
Further, the report noted that the UK’s regulatory frameworks are insufficient and large amounts of national infrastructure are still vulnerable to ransomware because of their reliance on legacy IT systems.
Sources: [ITPro] [Emerging Risks Media Ltd]
Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions
Despite increased investments in third-party cyber security risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions, according to a new Gartner survey. This is reinforced by a separate survey, in which 97% of respondents reported having suffered negative impacts from a breach in a third party or supplier partner in the last year; a figure that has remained unchanged for the past three years.
The results show that despite the increase in attention and investments in third party risk management, organisations are not carrying these out in a way that is decreasing the risk.
Sources: [CIR Magazine] [Gartner]
Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies
Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. Its mobile app and website were down but they managed to restore some of its landline services on the same day of the attack. 24 million Kyivstar users have been urged to change all passwords following the attack.
So far, two Russia-aligned hacker groups have claimed responsibility for the hack: Killnet and Solntsepek. While Killnet have not provided any evidence of the attack, Solntsepek posted several screenshots of Kyivstar systems that it allegedly hacked, on its Telegram channel. The group said it “destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage, and backup systems”.
Further, Russia is expected to ramp up their cyber campaign efforts targeting Ukraine’s allies as part of the ongoing conflict in the region. Last winter saw an increase in attacks that is likely to be repeated this year. The use of wiper malware to target critical national infrastructure (CNI) outside of Ukraine), similar to the attack on Kyivstar above, is just one tactic that could be deployed to disrupt Western allies’ ability, and motivation, to continue military support to Ukraine.
Sources: [Record Media] [New Voice of Ukraine] [Hacker news] [Infosecurity Magazine] [Gov Info Security]
81% of Companies had Malware, Phishing and Password Attacks in 2023
According to Verizon, 81% of organisations faced malware, phishing and password attacks last year, and these attacks were mainly targeted at users. Further, it was found that 62% percent of companies suffered a security breach connected to remote working. Certainly, attacks are not limited to particular sectors or organisations. Everyone can be a target and it is important to keep that in mind when focusing on securing the organisation; yet despite cyber security affecting everyone, 91% of CEOs/CFOs put the responsibility for cyber security squarely with IT.
Source: [Security Magazine]
Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors
According to SentinelOne, mid-sized businesses are being targeted by cyber criminals who are displaying skills previously limited to expert government hackers. Cyber criminals are more organised than ever and have a better understanding of how businesses run; this, paired with technical acumen and AI, has created a difficult environment for medium-sized businesses who don’t possess the budget of a large organisation.
Sources: [Washington Times] [SiliconANGLE]
Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact
The US National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that the Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and allied countries. To raise awareness and help organisations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released a Cyber Security Advisory (CSA) on SVR’s exploiting of JetBrain’s TeamCity software, widely used by developers and software providers.
The advisory warns that APT29, the notorious Russian group behind the 2020 SolarWinds hack, are actively exploiting this vulnerability, joining state-sponsored actors from North Korea. The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes.
Sources: [NSA] [Dark Reading] [The Register]
Why Cyber Security Is a Competitive Advantage: Reaching Digital Success
In the tech-driven world, cyber security’s importance is paramount for protecting sensitive data and critical systems. Significant increases in vulnerabilities and breaches have led to stricter guidelines and regulations for most sectors; a trend we expect to see increasing with regulations becoming more and more stringent. Increased regulation can only be good for affected industries and sectors to drive increased security.
However, beyond regulatory compliance, cyber security is a critical competitive differentiator and should be seen as such, rather than simply as a tick box exercise to satisfy a regulator or viewed as an increase in regulatory burden. Data breaches can lead to severe financial setbacks and damage to a company's reputation and customer trust. The legal and financial consequences of non-compliance with cyber security regulations are significant.
Building a comprehensive cyber security strategy that includes risk assessments, incident response plans, and proactive measures is essential in this era of rapid vulnerability exploitation. Embracing cyber security is not just a choice but a necessity for success in the digital age.
Source: [Forbes]
Ransomware-as-a-Service: The Growing Threat You Can't Ignore
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cyber security. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This latest ransomware business model allows inexperienced hackers to use on-demand tools for attacks, reducing time and cost. They pay a fee, choose a target, and launch an attack with the provider’s tools. The effects of RaaS are starting to be noticed, as a recent survey showed the time from network breach to file encryption has dropped below 24 hours for the first time.
Source: [Hacker News]
66% of Employees Prioritise Daily Tasks Over Cyber Security
According to a recent survey, 66% of respondents stated that completing daily tasks is more crucial than cyber security, such as cyber security training. The tasks that were being prioritised over cyber security training include monthly targets, manager-assigned tasks and emails.
The survey highlights the need for improved cyber security training in organisations, with 64% of employees wanting time for this training during work hours, and 43% referring more engaging methods like videos and interactive sessions. The data suggests a shift from the annual training model, with 29% receiving quarterly training, 13% semi-quarterly, and 11% monthly. Addressing these needs is crucial for cyber security readiness.
Source: [Security Magazine]
Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days
Last week, a cyber attack on a small Irish water utility disrupted the water supply for two days, affecting 180 people. The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed devices or controllers that are either not protected at all or protected by a default password. This follows a warning from the US Government about the CyberAv3ngers group, an Iranian affiliated threat actor, which has been actively attacking water facilities in multiple US states.
Source: [Security Week]
Who Is Responsible for Cyber Security? You.
Cyber security is a concern that should resonate with every member of the C-suite and senior staff because when it fails, the entire business is impacted. Recent examples like the “bleach breach” at Clorox and the cyber attack on MGM Resorts illustrate the financial and reputational consequences of cyber security incidents, with losses estimated in the hundreds of millions of dollars. To effectively address this, C-suite executives and their teams must actively support cyber security initiatives led by CIOs and CISOs. The introduction of new government regulations, such as those from the US Securities and Exchange Commission (SEC), require organisations to swiftly report and manage cyber security incidents, impacting various departments beyond just the security team. To succeed in this environment, organisations must make cyber security information accessible across teams, allocate budgets for cyber security, and view cyber security as a catalyst for innovation and growth rather than a burden. For this to happen every single person within an organisation, from the very top to the very bottom, has a role to play in keeping the organisation secure and no one can think that security is someone else’s job.
Source: [Forbes]
Many Popular Websites Still Cling to Password Creation Policies From 1985
Website security, particularly password creation policies and login practices, requires immediate attention. A study of over 20,000 websites uncovers significant vulnerabilities with 75% of websites permitting passwords even shorter than 8 characters (which was the recommendation all the way back in 2012), and 12% even allow single-character passwords. Furthermore, 40% limit password length to being far shorter than current recommendations, and worse 72% permit dictionary words or known breached passwords.
The study also reveals that a third of websites do not support special characters in passwords. Remarkably, many websites continue to adhere to outdated password policies from 2004 or even 1985, and only 5.5% comply with stricter modern guidelines. This underscores the immediate need for standardising and strengthening password policies across the web, as well as enhancing education and outreach efforts to address these critical security weaknesses. Such passwords can influence people’s password choice, which can then enter the corporate environment. This can lead to their account having a higher risk of compromise, and in turn, risks to the data belonging to the organisation.
Source: [Help Net Security]
Governance, Risk and Compliance
How C-Level Executives Can Increase Cyber Resilience (forbes.com)
Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)
Ex-Uber CSO: Lessons Learned from the Breach and Legal Case (darkreading.com)
The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online
How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast
7 Must-Ask Questions for Leaders on Security Culture | MSSP Alert
Why Cyber Security Is A Competitive Advantage: Reaching Digital Success (forbes.com)
Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur
Tech prediction #2: Businesses will turn to Cyber Security as a Service - Digital Journal
Is Cyber Security as a Service (CSaaS) the Answer? (automation.com)
Threats
Ransomware, Extortion and Destructive Attacks
UK Downplays Ransomware Threat at Its Peril, Says Committee (inforisktoday.com)
Ransomware Groups' Latest Tactic: Weaponized Marketing (inforisktoday.com)
Ransomware-as-a-Service: The Growing Threat You Can't Ignore (thehackernews.com)
Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)
The end of ransomware payments: how businesses fit into the fight | ITPro
OpenText Cyber Security 2023 Global Ransomware Survey | MSSP Alert
Russian banker of Hive ransomware network arrested in Paris (databreaches.net)
US reveals email addresses used to send ransomware demands • The Register
Virtual Kidnapping: The Dark World of Cyber Extortion (govinfosecurity.com)
Ransomware Victims
Kraft Heinz launches investigation after ransomware gang claims to have stolen data - SiliconANGLE
Norton Healthcare disclosed a data breach after ransomware attack (securityaffairs.com)
Insomniac Reportedly Hacked, Blackmailed With Game Leaks And Doxing (thegamer.com)
BAUER Group is operational again after cyber attack | Corporate - EQS News (eqs-news.com)
Phishing & Email Based Attacks
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
39% of security leaders cite phishing as most feared cyber attack | Security Magazine
Quishing is the new phishing: Why you need to think before you scan that QR code | ZDNET
Cyber Criminals Exploit OAuth Apps for BEC, Phishing Attacks (petri.com)
US reveals email addresses used to send ransomware demands • The Register
Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)
Artificial Intelligence
SMEs "losing" battle against AI-powered cyber attacks, say experts - Tech Monitor
ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)
AI in 2024: More business use, more fraud risks | Premium | Compliance Week
Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week
The White House's private fears over the rise of AI in the Middle East (telegraph.co.uk)
Holiday Scams Propelled By Artificial Intelligence | Foodman CPAs & Advisors - JDSupra
Responsibly Implementing AI, the Unstoppable Force (darkreading.com)
How to stop Dropbox from sharing your personal files with OpenAI (cnbc.com)
Malware
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques (thehackernews.com)
Hacker Uses Infostealer Data to Gain Access to Brazil’s Police Portal | Info Stealers
Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans (thehackernews.com)
Recruiters, beware of cyber crooks posing as job applicants! - Help Net Security
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)
29 malware families targeted 1800 banking apps in 61 countries | Security Magazine
Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar
Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)
Surge in deceptive simplicity exploitation by cyber attackers (securitybrief.co.nz)
Mobile
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)
Apple Testing New Stolen Device Protection Feature for iPhones - Security Week
Hackers outsmart Apple to install keyloggers on iPhones - PhoneArena
Android barcode scanner app exposes user passwords (securityaffairs.com)
New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands (thehackernews.com)
Six of the most popular Android password managers are leaking data | ZDNET
SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users (thehackernews.com)
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week
29 malware families targeted 1800 banking apps in 61 countries | Security Magazine
Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches (darkreading.com)
DNA companies should receive severe penalties for losing our data | TechCrunch
Why the 23andMe Data Breach Is Such a Disaster (gizmodo.com)
US nuclear research lab data breach impacts 45,000 people (bleepingcomputer.com)
Ubiquiti users claim to have access to other people’s devices (securityaffairs.com)
2.5m people's data lost in Norton hospital ransomware hit • The Register
Dubai’s largest taxi app exposes 220K+ users (securityaffairs.com)
Toyota Financial Services discloses data breach (securityaffairs.com)
DonorView exposes 1M records for unknown time frame • The Register
Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)
Organised Crime & Criminal Actors
Cyber Crime Orgs Increasingly Use Human Trafficking to Staff Scam Mills (darkreading.com)
Interpol strikes slavers who force people to scam you online • The Register
Cyber criminals and nation states up their game in persistent global attacks - SiliconANGLE
Dark web forums reveal next year’s cyber security threats - Digital Journal
Trafficking for cyberfraud an increasingly globalized crime, Interpol says (nbcnews.com)
Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)
Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)
New cyber crime market 'OLVX' gains popularity among hackers (bleepingcomputer.com)
How cyber criminals are using Wyoming shell companies for global hacks | Reuters
Exploitation of the internet and the mind: How cyber criminals operate | TechRadar
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Startup Ledger Users’ Wallets Drained in Hack - Bloomberg
Ledger says attacker conducted phishing attack on former employee - Blockworks
Insider Risk and Insider Threats
66% of employees prioritize daily tasks over cyber security | Security Magazine
Privilege elevation exploits used in over 50% of insider attacks (bleepingcomputer.com)
Employees are weaponizing private emails with colleagues | Fortune
Insurance
Supply Chain and Third Parties
UK firms increasing their focus on supply chain cyber risk – report - CIR Magazine
Manchester Public Schools Lose $180K to Hacked Vendor (govtech.com)
Software & Security: How to Move Supply Chain Security Up the Agenda (darkreading.com)
Cloud/SaaS
Multi-Cloud vs. Hybrid Cloud: The Main Difference (techtarget.com)
SAP's attempt to migrate security tools to cloud failed • The Register
Cloud engineer wreaks havoc on bank's network after firing • The Register
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
Android barcode scanner app exposes user passwords (securityaffairs.com)
Six of the most popular Android password managers are leaking data | ZDNET
Many popular websites still cling to password creation policies from 1985 - Help Net Security
Social Media
Regulations, Fines and Legislation
Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)
ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)
How European countries are implementing new cyber security framework – EURACTIV.com
Cyber Solidarity Act moves ahead in EU Parliament with key committee vote – EURACTIV.com
Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week
FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure - Security Week
The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online
SEC Cyber Security Breach Rule: What it Means for MSSPs | MSSP Alert
Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction | TechCrunch
Government plans to regulate to tackle datacentre threats | Computer Weekly
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)
Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register
Nation State Actors
China
Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs (darkreading.com)
China’s cyber intrusions have hit ports and utilities, officials say - The Washington Post
CISA unveils Google Workspace guidelines informed by Chinese breach of Microsoft | CyberScoop
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Security Week
Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar
China warns its geographic data breach puts industry at risk (techinformed.com)
Russia
Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator (thehackernews.com)
Hackers damaged some infrastructure of Ukraine’s Kyivstar telecom company (therecord.media)
Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)
UK government takes steps to thwart Russia's FSB hackers (techmonitor.ai)
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign (thehackernews.com)
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare (darkreading.com)
Ukrainian intelligence takes down Russia's tax system in major cyber warfare operation
Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)
Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)
Russian banker of Hive ransomware network arrested in Paris (databreaches.net)
Iran
Two-day water outage in remote Irish region caused by pro-Iran hackers (therecord.media)
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)
North Korea
Lazarus sub-group targets South Korean defence firms | SC Media (scmagazine.com)
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)
Lazarus Operation Blacksmith Attacking Organisations Worldwide (cybersecuritynews.com)
Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical (thehackernews.com)
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) - Help Net Security
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)
Adobe Releases Security Updates for Multiple Products | CISA
Chrome 120 Update Patches High-Severity Vulnerabilities - Security Week
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin (bleepingcomputer.com)
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)
Sophos backports RCE fix after attacks on unsupported firewalls (bleepingcomputer.com)
Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)
This is how to protect your computers from LogoFAIL attacks | ZDNET
Over 1,450 pfSense servers exposed to RCE attacks via bug chain (bleepingcomputer.com)
Tools and Controls
Attacks abuse Microsoft DHCP to spoof DNS records • The Register
Balancing AI advantages and risks in cyber security strategies - Help Net Security
What is Cyber security threat intelligence sharing (att.com)
The Cyber Security Conundrum: Best-Of-Breed Vs. Single Pane Of Glass (forbes.com)
Discord adds Security Key support for all users to enhance security (bleepingcomputer.com)
Modern Attack Surface Management (ASM) for SecOps (trendmicro.com)
Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur
Are business cyber security measures really fit for purpose? - Digital Journal
Which cyber security controls are organisations struggling with? - Help Net Security
Other News
UK must improve cyber risk management in face of catastrophic threats - Emerging Risks Media Ltd
Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)
Is macOS as secure as its users think? | Kaspersky official blog
The 3 Most Prevalent Cyber Threats of the Holidays (darkreading.com)
Over 3,800 Ministry of Defence passes lost or stolen (ukdefencejournal.org.uk)
NCSC CEO Lindy Cameron to step down in 2024 | Computer Weekly
Reflecting On The Evolution Of Cyber Security In 2023 (forbes.com)
Unveiling the Cyber Threats to Healthcare: Beyond the Myths (thehackernews.com)
This is how to protect your computers from LogoFAIL attacks | ZDNET
Polish train maker denies claims it geofenced trains • The Register
Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)
Cyber criminals continue targeting open remote access products - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 June 2021
Black Arrow Cyber Threat Briefing 18 June 2021: Ransomware Now Ranks As UK’s Top Cyber Security Danger; 54% of all employees reuse passwords across accounts; Most Firms Face Second Ransomware Attack After Paying Off First; Bad Cyber Security Behaviours Plaguing The Remote Workforce; VPN Attacks Up Nearly 2000% As Companies Embrace A Hybrid Workplace; Over 65,000 Ransomware Attacks Expected In 2021; Business Leaders Now Feel More Vulnerable To Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Now Ranks As UK’s Top Cyber Security Danger
Ransomware hackers are now the biggest cyber security threat in the UK for the majority of individuals and businesses in the region, Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC), said in a speech. “For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,” Cameron said in the speech at the second annual cyber security meeting at the Royal United Services Institute (RUSI), the oldest independent defense and security think tank worldwide.
54% of all employees reuse passwords across multiple work accounts
Results of a study into current attitudes and adaptability to at-home corporate cyber security, employee training, and support in the current global hybrid working era revealed some interesting results. The report surveyed 3,006 employees, business owners, and C-suite executives at large organisations (250+ employees), who have worked from home and use work issued devices in the UK, France and Germany.
According to the findings 54% of all employees use the same passwords across multiple work accounts. 22% of respondents still keep track of passwords by writing them down, including 41% of business owners and 32% of C-level executives.
42% of respondents admit to using work-issued devices for personal reasons daily while working from home. Of these, 29% are using work devices for banking and shopping, and 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with 23% of business owners and 15% of C-level respondents using them for illegal streaming/watching TV.
A year after the pandemic began and work-from-home policies were implemented, 37% of all employees across all sectors are yet to receive cyber security training to work from home, leaving businesses largely exposed to evolving risks. 43% of all employees suggest that cyber security isn’t the responsibility of the workforce, with 60% believing this should be handled by IT teams.
https://www.helpnetsecurity.com/2021/06/10/employees-reuse-passwords-across-multiple-work-accounts/
VPN Attacks Up Nearly 2000% As Companies Embrace A Hybrid Workplace
In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware. “2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organisations, which is what we started to see in Q1 and are continuing to see today.”
https://www.helpnetsecurity.com/2021/06/15/vpn-attacks-up/
Most Firms Face Second Ransomware Attack After Paying Off First
Most businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack. And almost half of those that pay up say some or all their data retrieved were corrupted. Some 80% of organisations that paid ransom demands experienced a second attack, of which 46% believed the subsequent ransomware to be caused by the same hackers. Amongst those that paid to regain access to their systems, 46% said at least some of their data was corrupted, according to a survey released Wednesday. The study polled 1,263 security professionals in seven markets worldwide, including 100 in Singapore, as well as respondents in Germany, France, the US, and UK.
https://www.zdnet.com/article/most-firms-face-second-ransomware-attack-after-paying-off-first/
Over 65,000 Ransomware Attacks Expected In 2021: Former Cisco CEO
U.S. companies are expected to endure over 65,000 ransomware attacks this year — and that's “a conservative number,” according to John Chambers, former CEO of Cisco Systems. With McDonald’s, JBS, and Colonial Pipeline Co. all recently coming under cyber attacks, Chambers does not foresee an end to the onslaught of cyber security threats anytime soon. He estimated that the number of ransomware attacks in 2021 could end up being as high as 100,000, with each one costing companies an average of $170,000. In the case of Colonial, just one password was needed for hackers to compromise the entire company’s IT infrastructure. This led to Colonial and JBS paying a combined $15 million in ransom against FBI advice.
Business Leaders Now Feel More Vulnerable To Cyber Attacks
Geographically speaking, 55% of US and 49% of UK respondents have experienced the most severe impact to their network security due to these attacks (suggesting that their businesses are more of a target than those in continental Europe) which, in turn, has resulted in a clear majority of respondents (60%) increasing their investment in this area. A sizeable 68% of leaders said their company has experienced a DDoS attack in the last 12 months with the UK (76%) and the US (73%) experiencing a significantly higher proportion compared to 59% of their German and 56% French counterparts. Additionally, over half of the leaders who participated in the survey confirmed that they specifically experienced a DDoS ransom or extortion attack in that time, with a large number of them (65%) targeted at UK companies, compared with the relatively low number in France (38%).
https://www.helpnetsecurity.com/2021/06/14/business-leaders-feel-vulnerable-cyber-attacks/
Ransomware Gang Turns To Revenge Porn
At least one ransomware gang has taken a rare and highly invasive step in order to convince its victims to pay: leaking nude images allegedly uncovered as part of their hack of a target company. The news presents an escalation in the world of ransomware and digital extortion, and comes as the U.S. government and other countries discuss new measures to curb the spike in ransomware incidents. Ransomware groups have recently targeted, and in some cases extracted payment from, the Colonial Pipeline Company, meat producer JBS, and the Irish healthcare system. Locking down computers with ransomware can already have a substantial impact on business operations; leaking information on top of that can present victims with another risk. But posting nude images publicly on the internet threatens to make extortion of organisations a much more personal matter.
https://www.vice.com/en/article/z3xzby/ransomware-gang-revenge-porn-leaks-nude-images
Bank Of America Spends Over $1 Billion Per Year On Cyber Security
Bank of America CEO Brian Moynihan said Monday that the company has ramped its cyber security spending to over $1 billion a year. “I became CEO 11 and a half years ago, and we probably spent three to $400 million [per year] and we’re up over a billion now,” Moynihan said on CNBC’s “Squawk Box.” “The institutions around us, other institutions and my peers, spend like amounts, and our contracting parties spend like amounts,” he added. “In other words, we cause spending in third parties that provide services to us to protect us in the same way. So there’s a lot of money being spend on this, and I think one of the things our industry has done a great job of is work together.”
https://www.cnbc.com/2021/06/14/bank-of-america-spends-over-1-billion-per-year-on-cybersecurity.html
Bad Cyber Security Behaviours Plaguing The Remote Workforce
According to the report, younger employees are most likely to admit they cut cyber security corners, with 51% of 16-24 year olds and 46% of 25-34 year olds reporting they’ve used security workarounds. In addition, 39% say the cyber security behaviours they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.
https://www.helpnetsecurity.com/2021/06/16/cybersecurity-behaviors/
Threats
Ransomware
Why Backups Are Not The Panacea For Recovery From A Ransomware Attack
Ryuk Ransomware Recovery Cost Us $8.1m And Counting, Says Baltimore School Authority
Experts Shed Light On Distinctive Tactics Used By Hades Ransomware
The latest Revil Ransomware Victim? Sol Oriens. Oh, A US Nuclear Weapons Contractor
BEC
Phishing
Malware
Vulnerabilities
Update Your Chrome Browser To Patch Yet Another 0-Day Exploited In-The-Wild
Vulnerability In Microsoft Teams Granted Attackers Access To Emails, Messages, And Personal Files
Critical Remote Code Execution Flaw In Thousands Of VMWare vCenter Servers Remains Unpatched
Data Breaches
UK Listed Law Firm Gateley Admits Client Data Lost Through Cyber Attack
Alibaba Suffers Billion-Item Data Leak Of Usernames And Mobile Numbers
Maritime Firm HMM Suffers Security Breach And Cyber Attack On Its Email Systems
Mensa Data Spillage Was Due to 'Unauthorised Internal Download'
Volkswagen, Audi Disclose Data Breach Impacting Over 3.3 Million Customers, Interested Buyers
Organised Crime & Criminal Actors
Cryptocurrency
Supply Chain
OT, ICS, IIoT and SCADA
Nation State Actors
Biden Says He Told Putin U.S. Will Hack Back Against Future Russian Cyber Attacks
Little-Noticed Cyber Spying Campaign Blamed On China Was Much Wider Than Thought
Denial of Service
Cloud
Privacy
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.