Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Ransomware Attacks Surged to New Highs in 2021

Ransomware attacks are getting more frequent, more successful and more expensive.

Sixty-six percent of the organisations surveyed by Sophos for its annual State of Ransomware report admitted that they were hit with a ransomware attack last year, up from 37% in 2020. And 65 percent of those attacks were successful in encrypting their victims' data, up from 54 percent the year before.

On top of that, the average ransom paid by organisations for their most significant ransomware attack grew by nearly five times, to just over $800,000, while the number of organisations that paid ransoms of $1 million or more tripled to 11%, the UK-based cybersecurity company said. For its annual report, Sophos surveyed 5,600 organisations from 31 countries. A total of 965 of those polled shared details of their ransomware attacks.

The numbers aren't a huge surprise after a year of epic ransomware attacks that shut down everything from a major oil pipeline to one of the largest meat processors in the US. While both Colonial Pipeline and JBS US Holdings paid millions in ransom, the attacks paused their operations long enough to spark panic buying and drive prices up for consumers.

https://www.cnet.com/tech/services-and-software/ransomware-attacks-surged-to-new-highs-in-2021/#ftag=CAD-09-10aai5b

• NCSC and Allies Publish Advisory on The Most Commonly Exploited Vulnerabilities In 2021

The UK and international partners have published an advisory for public and private sector organisations on the 15 most commonly exploited vulnerabilities in 2021.

The National Cyber Security Centre (NCSC), a part of GCHQ, has jointly published an advisory with agencies in the US, Australia, Canada and New Zealand, showing that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities across the public and private sectors worldwide.

Threat actors often geared their efforts towards targeting internet-facing systems, such as email and virtual private network (VPN) servers.

It also indicates that, to a lesser extent, actors continue to exploit publicly known – and often dated – vulnerabilities, some of which were routinely exploited in 2020 or earlier.

The advisory directs organisations to follow specific mitigation advice to protect against exploitation, which includes applying timely patches, using a centralised patch management system and replacing any software no longer supported by the vendor.

https://www.ncsc.gov.uk/news/ncsc-and-allies-publish-advisory-on-the-most-commonly-exploited-vulnerabilities-in-2021

•  Network Attacks Increased to a 3-Year High

WatchGuard Technologies’ Internet Security Report for Q4 2021 revealed all threats were up, whether they’re network attacks or malware.

When the pandemic started, their research team saw a big drop in malware being detected by network security devices. In this period, tech based jobs moved to remote work, which meant a lot of users were no longer browsing the internet and encountering bad things through the network security control at the office. That’s probably why network detection for malware dropped quite a bit at the beginning of the pandemic.

Meanwhile, network attacks continued to rise even through the pandemic, since the servers still lived at the offices and the cloud, and network security still protected those.

The big takeaway in Q4 2021 is that malware rose significantly, returning to normal levels. The reason might be the holiday season, but it’s most probably the fact that, at the end of last year, a lot of tech-based offices started reopening and offering employees to come back in, and thus there’s a bigger chance for network security controls to catch malware.

https://www.helpnetsecurity.com/2022/04/25/network-attacks-q4-2021-video/

• World War Three Is Far More Likely Than Anyone Is Prepared to Admit

A Telegraph article looks at the Russia-Ukraine conflict and considers risks posed by new weapons and how the West’s failure to understand our enemies are raising the chances of a horrific conflict.

The fact is the world is becoming more, rather than less, dangerous: there are plenty of other wannabe Putins, and they are better equipped to sow death and destruction. Not only traditional and nuclear threats but bioterrorism is a growing worry and a major cyber attack or assault on transatlantic cables could be so devastating to an internet-based economy as to be seen as a declaration of war.

https://www.telegraph.co.uk/news/2022/04/27/world-war-three-far-likely-anyone-prepared-admit/

• The Ransomware Crisis Deepens, While Data Recovery Stalls

Higher probabilities of attack, soaring ransoms, and less chance of getting data back — the ransomware plague gets worse, and cyber insurance fails to be a panacea.

When it comes to ransomware, more companies are seeing attacks and have had data encrypted, according to research out this week. And even though more companies are backing up or paying ransom demands, less data was recovered in 2021 compared with the previous year.

For instance, in its "State of Ransomware 2022" report, cybersecurity firm Sophos found that 66% of surveyed companies had encountered ransomware in 2021, with two-thirds of those firms — or 43% overall — suffering from an actual attack that encrypted data. In its previous report covering 2020, the frequency of successful attacks was much smaller, with about 20% overall resulting in encryption.

The deteriorating cyberthreat landscape is largely due to the evolution of ransomware groups and their techniques, says Sean Gallagher, senior threat researcher with Sophos.

"Over the past couple of years, there has been a massive transition from ransomware to ransomware-as-a-service," he says. "There are very well-established [groups] that are doing these attacks, and as a result, the number of attacks companies are seeing has gone up."

Ransomware continues to plague companies with business-disrupting attacks and defy efforts by cybersecurity experts to rein in the operators behind the criminals’ campaigns. Not only did the portion of companies affected by ransomware more than double last year, but the mean ransomware payment more than quadrupled to $812,000, according to the Sophos report.

https://www.darkreading.com/attacks-breaches/ransomware-crisis-deepens-data-recovery-stalls

• Ransoms Only Make Up 15% of Ransomware Costs

New research suggests that paying ransoms is only the tip of the cost iceberg when it comes to ransomware attacks.

Researchers at Check Point have revealed that the collateral damage of ransomware attacks make up costs roughly seven times higher than the ransom demanded by threat actors.

The costs include financial implications caused by incident response efforts, system restoration, legal fees, monitoring costs and the overall impact of business disruption.

Ransomware attacks are an increasingly popular attack method, typically involving stealing data from the victim, encrypting data and forcing them to pay for decryption and avoiding a data leak.

Check Point said in the report:

“Most other losses, including response and restoration costs, legal fees, monitoring costs, etc., are applied whether the extortion demand was paid or not. The year 2020 showed that the average total cost of a ransomware attack was more than seven times higher than the average ransom paid.”

https://www.itsecurityguru.org/2022/04/28/ransoms-only-make-up-15-of-ransomware-costs/

• Defending Your Business Against Russian Cyber Warfare

We are likely to see Russian state sponsored attacks escalate as the West continues to increase sanctions and support Ukraine.

The eyes of the world are focused on the war in Ukraine. As expected, Russia has targeted Ukraine with cyber attacks first, and much of the West is wondering when Russia will also retaliate against countries supporting Ukraine. Most agree that some attacks are already in progress, and the attacks against western entities are sure to escalate as the war continues and more sanctions are put in place. 

The first wave of companies targeted by the Russian state, and threat actors it supports, will be those that suspend Russian operations or take direct action to support Ukraine. Information operations and subversion against these companies will likely ensue. In the event of Russian cyberwarfare, reviewing the industries, styles, and objectives of their attacks can help organisations to prepare and implement more robust defences. These defences include actions both inside and outside an enterprise's perimeter.

https://www.securityweek.com/defending-your-business-against-russian-cyberwarfare

• 5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable

What 5,800+ pentests show us: Companies have been struggling with the same known and preventable security bugs year over year. Bandwidth stands at the heart of the problem.

Cyber crime can cause major disruption when it comes to the sustainability and long-term success of companies. Teams want to have robust security but often struggle to meet that objective. It's crucial for security professionals to leverage insights into emerging trends in cybersecurity to pinpoint which vulnerabilities put organisations at the greatest risk, and Cobalt's "State of Pentesting" reports explore how to achieve efficiency to strengthen security.

The "State of Pentesting 2022" surveyed 602 cybersecurity and software development professionals and analysed data from 2,380 pentests conducted over the course of 2021 to pull key insights that are relevant to security and development teams when it comes to fixing vulnerabilities.

As a result of the data collected, the top five most common vulnerability categories outlined in this year's "State of Pentesting" report include:

·       Server Security Misconfigurations

·       Cross-Site Scripting (XSS)

·       Broken Access Control

·       Sensitive Data Exposure

·       Authentication and Sessions

Surprisingly — yet predictably — these vulnerability categories have stayed at the top of the list for at least the last five years in a row. They're also recognisable to those who are familiar with OWASP Top 10 list for Web Application Security Risks.

The majority of these findings are connected to missing configurations, outdated software, and a lack of access management controls — all common and easily preventable security flaws. So, what's holding companies back from preventing well-known security flaws? Why does this come as a surprise?

https://www.darkreading.com/vulnerabilities-threats/5-year-vulnerability-trends-are-both-surprising-and-sadly-predictable

• Cisco Talos Observes 'Novel Increase' in APT Activity in Q1

Advanced persistent threat actors have been busy over the past few months, according to Cisco Talos.

The security vendor released its Quarterly Trends report, which examined incident response trends from engagements in the first quarter of 2022. While ransomware remained the top threat, as it has for the past two years now, Cisco observed a new trend of increased APT activity. The Cisco Talos Incident Response (CTIR) team attributed some of the increase to groups like Iranian state-sponsored Muddywater and China-based Mustang Panda.

One suspected Chinese APT, dubbed "Deep Panda," was connected to exploitation of the Log4j flaw that was discovered last year in the widely used Java logging tool. Log4j exploitation was the second most common threat for Q1 behind ransomware, indicating the bug is a growing threat despite a patch being available.

https://www.techtarget.com/searchsecurity/news/252516380/Cisco-Talos-observes-novel-increase-in-APT-activity-in-Q1

• Deepfakes Set to Be Used in Organised Crime

New research from Europol suggests that deepfakes will be used extensively in organised crime operations.

Europol has warned of a projected rise in the use of deepfake technology by organised crime organisations.

Deepfakes involve the use of artificial intelligence to create realistic audio and audio-visual content “that convincingly shows people saying or doing things they never did, or create personas that never existed in the first place.”

Law enforcement and the challenge of deepfakes is the first published analysis of the Europol Innovation Lab’s Observatory function, warning that law enforcement agencies must rapidly improve skills and technologies utilised by officers in order to keep up with criminal deepfake use.

The analysis report highlighted how deepfakes are used primarily in disinformation, non-consensual pornography and document fraud campaigns, which will grow more realistic in years to come.

https://www.itsecurityguru.org/2022/04/29/deepfakes-set-to-be-used-in-organised-crime/

• Smart Contract Developers Not Really Focused on Security. Who Knew?

"Smart contracts," which consist of self-executing code on a blockchain, are not nearly as smart as the label suggests.

They are at least as error-prone as any other software, where historically the error rate has been about one bug per hundred lines of code.

And they may be shoddier still due to disinterest in security among smart contract developers, and perhaps inadequate technical resources.

Multi-million dollar losses attributed to smart contract bugs – around $31m stolen from MonoX via smart contract exploit and ~$34m locked into a contract forever due to bad increment math, to name a few – illustrate the consequences.

https://www.theregister.com/2022/04/26/smart_contract_losses/

• Tractor-Trailer Brake Controllers Vulnerable to Remote Hacker Attacks

We’ve been predicting this for a while now and the move to more and more connected systems, autonomous and semi-autonomous vehicles, how long until someone is subject to threats to disconnect a vehicle’s brakes as they are driving along a motorway? Who wouldn’t pay the ransom demand in that scenario?

A report this week is related to articulated lorries but this is something that will be affecting all vehicles unless safeguards are put in place.

Researchers have analysed the cyber security of heavy vehicles and discovered that the brake controllers found on many tractor-trailers in North America are susceptible to remote hacker attacks.

The research was conducted by the US National Motor Freight Traffic Association (NMFTA), which is a non-profit organisation that represents roughly 500 motor freight carriers, in collaboration with Assured Information Security, Inc.

NMFTA has been analysing the cyber security of heavy vehicles since 2015 and it has periodically disclosed its findings. The latest report from the organisation came in early March, when the US Cybersecurity and Infrastructure Security Agency (CISA) also issued an advisory to describe two vulnerabilities affecting trailer brake controllers.

The flaws described in the CISA advisory are related to the power line communications (PLC) between tractors and trailers, specifically the PLC4TRUCKS technology, which uses a standard named J2497 for bidirectional communications between the tractor and trailer without adding new wires.

https://www.securityweek.com/tractor-trailer-brake-controllers-vulnerable-remote-hacker-attacks

Threats

Ransomware

• Prevent HEAT Attacks to Foil Ransomware Incidents - Help Net Security

• 4-Hour Time-to-Ransom Seen in Quantum Attack as Accelerated Ransomware Increasingly Common | SecurityWeek.Com

• Conti Ransomware Operations Surge Despite Recent Leak - Security Affairs

• Beware: Onyx Ransomware Destroys Files Instead of Encrypting Them (bleepingcomputer.com)

• FBI says BlackCat Rust-Based Ransomware Scratched 60+ Orgs • The Register

• REvil Ransomware Attacks Resume, But Operators Are Unknown (techtarget.com)

• Fake Windows 10 Updates Infect You with Magniber Ransomware (bleepingcomputer.com)

• New Black Basta Ransomware Springs into Action with A Dozen Breaches (bleepingcomputer.com)

• Companies Can't Get Enough of Good Ol' Tape Storage For Ransomware Resistance | PC Gamer

Phishing & Email Based Attacks

• Phishing Goes KISS: Don’t Let Plain and Simple Messages Catch You Out! – Naked Security (sophos.com)

• Phishing Attacks Benefiting from Shady SEO Practices (techtarget.com)

• Cyber Criminals Deliver IRS Tax Scams and Phishing Campaigns by Mimicking Government Vendors - Help Net Security

Malware

• Emotet Malware Now Installs Via Powershell in Windows Shortcut Files (bleepingcomputer.com)

• It’s Called BadUSB for a Reason - Security Affairs

• New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer (thehackernews.com)

• Emotet Tests New Attack Techniques: Sign of Things to Come? | CSO Online

• Cyber Criminals Using New Malware Loader 'Bumblebee' in the Wild (thehackernews.com)

• New Powerful Prynt Stealer Malware Sells for Just $100 Per Month (bleepingcomputer.com)

Mobile

• These Are Signs That Your Phone Could Be Infected with Malware - PhoneArena

Organised Crime & Criminal Actors

• Interpol: We Can't Arrest Our Way Out of Cyber Crime • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

• Scammers Are Copying News Sites To Push Elon Musk-themed Crypto Scams - Information Security Buzz

• Why Did Hackers Target DeFi L1, L2 Solutions for a $1.2 Billion Theft in 2022? (watcher.guru)

• Intuit Sued Over Phishing Attack Targeting Trezor Crypto Wallet Users - Decrypt

• Crypto Trading Fund Partners Accused of Fraud - Infosecurity Magazine

• LemonDuck Botnet Evades Detection in Cryptomining Attacks (techtarget.com)

• Bored Ape Yacht Club Instagram Hacked, NFTs Worth Millions Stolen (vice.com)

Insider Risk and Insider Threats

• Don't Ignore Risks Lurking Within Your Own Network - Help Net Security

AML/CFT

• Two More Indicted Over North Korean Sanctions Evasion Plot - Infosecurity Magazine

• FCA: Challenger Banks Failing to Spot Money Launderers - Infosecurity Magazine

Denial of Service DoS/DDoS

• Cloudflare Stomps On 15.3 Million Requests Per Second DDoS • The Register

• How a New Generation of IoT Botnets Is Amplifying DDoS Attacks | CSO Online

• Attackers Remain Persistent and Indiscriminate As Multi-Vector DDoS Attacks Continue To Rise - Help Net Security

• DDoS Attacks Target Healthcare, Education Markets, Research Finds - MSSP Alert

Cloud

• Is Cloud Critical Infrastructure? Prep Now for Provider Outages (techtarget.com)

• Shadow IT Is A Top Concern Related To SaaS Adoption - Help Net Security

• Security Turbulence in the Cloud: Survey Says… | Threatpost

Travel

• Finnish Hotels' Data Compromised - Infosecurity Magazine

Parental Controls and Child Safety

• Hackers Sexually Extort Kids with Stolen Data: Report (gizmodo.com)

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• The Hybrid War in Ukraine - Microsoft On the Issues

• Data-Wiper Malware Strains Surge Amid Ukraine Invasion • The Register

• Russia Is Being Hacked at an Unprecedented Scale | WIRED

• Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware (thehackernews.com)

• Cyber Attacks Rage in Ukraine, Support Military Operations | Threatpost

• Ongoing DDoS Attacks from Compromised Sites Hit Ukraine - Security Affairs

• Anonymous Hacked Russian PSCB Commercial Bank and Energy Firms - Security Affairs

• Russia-Linked Threat Actors Launched Hundreds of Cyber Attacks on Ukraine - Security Affairs

• Russian Hacktivists Launch DDoS Attacks on Romanian Govt Sites (bleepingcomputer.com)

• Cyber Espionage APT Now Identified as Three Separate Actors | Threatpost

Nation State Actors

Nation State Actors – Russia

• Microsoft Documents Over 200 Cyber Attacks by Russia Against Ukraine (thehackernews.com)

• Russian Govt Impersonators Target Telcos in Phishing Attacks (bleepingcomputer.com)

• The Subject of Trusting ‘Russian’ Applications - Information Security Buzz

Nation State Actors – North Korea

• Nation-state Hackers Target Journalists with Goldbackdoor Malware | Threatpost

Nation State Actors – Iran

• Iran's Rocket Kitten Likely Behind VMware Exploitation • The Register

Nation State Actors – Misc

• Case Study: Why It's Difficult To Attribute Nation-State Attacks (techtarget.com)

• Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group (thehackernews.com)

Vulnerability Management

• Five Eyes Nations Reveal 2021's Fifteen Most-Exploited Flaws • The Register

• Experts Warn of A Surge In Zero-Day Flaws Observed And Exploited in 2021 - Security Affairs

• Cyber Criminals are Feasting Over 'Zero-day Hacks' While the World Watches (analyticsinsight.net)

Vulnerabilities

• CISA Adds 7 Vulnerabilities to List Of Bugs Exploited In Attacks (bleepingcomputer.com)

• Cisco Patches 11 High-Severity Vulnerabilities in Security Products | SecurityWeek.Com

• Update Now! Critical Patches for Chrome and Edge | Malwarebytes Labs

• Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL (darkreading.com)

• Log4j Attack Surface Remains Massive (darkreading.com)

• Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System (thehackernews.com)

• Millions of Java Apps Remain Vulnerable to Log4Shell | Threatpost

• Organisations Warned of Attacks Exploiting WSO2 Vulnerability | SecurityWeek.Com

• Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack (darkreading.com)

• Vulnerability Found in WordPress Anti-Malware Firewall (searchenginejournal.com)

Sector Specific

Financial Services Sector

• Private Investigator Admits Role in Hedge Fund Hack - Infosecurity Magazine

Government

• Governments Under Attack Must Think Defensively - Help Net Security

• Data Breach Disrupts UK Army Recruitment - Infosecurity Magazine

Health/Medical/Pharma Sector

• French Hospital Group Disconnects Internet After Hackers Steal Data (bleepingcomputer.com)

• Medical Software Firm Fined €1.5M for Leaking Data of 490k Patients (bleepingcomputer.com)

• Data breach at US healthcare provider ARcare impacts 345,000 individuals | The Daily Swig (portswigger.net)

• DDoS Attacks Target Healthcare, Education Markets, Research Finds - MSSP Alert

• Smile Brands Breach Impacts 2.5 Million Individuals - Infosecurity Magazine

CNI, OT, ICS, IIoT and SCADA

• Why Is It So Easy To Break Into The Systems That Run The World’s Most Critical, Expert Weighs In - Information Security Buzz

• Chickens Baked Alive Due to Computer Glitch - Infosecurity Magazine

Education and Academia

• Universities Lose Over £2m to Ransomware - IT Security Guru

• DDoS Attacks Target Healthcare, Education Markets, Research Finds - MSSP Alert

Gaming/Gambling

• New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware (trendmicro.com)

Reports Published in the Last Week

• Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Quarterly Report: Incident Response trends in Q1 2022

• Internet Security Report - Q4 2021 | WatchGuard Technologies

• State of Pentesting Report 2022 | Cobalt

Other News

• SolarWinds Breach Lawsuits: 6 Takeaways for CISOs | CSO Online

• 41% Of Businesses Had an API Security Incident Last Year - Help Net Security

• Security Leaders Relying More Heavily on MSPs Amid Talent Crunch - Help Net Security

• 2022 Security Priorities: Staffing and Remote Work (darkreading.com)

• GitHub: How Stolen OAuth Tokens Helped Breach Dozens of Orgs (bleepingcomputer.com)

• Why Companies Should Focus on Preventing Privilege Escalation (techtarget.com)

• German Wind Turbine Firm Hit by 'Targeted, Professional Cyber Attack' | SecurityWeek.Com

• 308,000 Exposed Databases Discovered, Proper Management Is Key - Help Net Security

• Lapsus$ targeting SharePoint, VPNs and virtual machines (techtarget.com)

• Indian Govt Orders Organisations to Report Security Breaches Within 6 Hours to CERT-In (thehackernews.com)

• Top Five Post-Pandemic Priorities for Cyber Security Leaders - Help Net Security

• Security Spending Set to Hit $198bn by 2025 - Infosecurity Magazine

• Companies Poorly Prepared to Meet CCPA, CPRA and GDPR Compliance Requirements - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Why Ransomware Attacks Prefer Small Business Targets Rather Than Rich Enterprises

Enterprise businesses with 25,000 employees+ are less likely to get hit by a ransomware attack than smaller businesses — even though big companies typically can afford to pay higher ransoms, the 2022 CyberEdge Cyberthreat Defense Report concluded.

What explains hackers taking aim at small businesses more frequently than enterprise giants?  The answer: Damaging a critical infrastructure facility or similar disruptions are certain to catch the eye of federal law enforcement, or national governments — something that no hacker wants, CyberEdge said. Smaller to medium-sized firms, as it turns out, get hit more frequently by ransomware attacks, on average at roughly 70 percent, the report said.

Overall, some 71 percent of organisations have been bitten by ransomware in 2022, up a point and a half from last year and by 8.5 points in 2020. It’s companies of 10,000 to 24,999 employees that are the sweet spot for ransomware hackers, nearly 75 percent of which are victimised by cyber extortionists.

The extensive study, which surveyed 1,200 security decision makers and practitioners employed by companies of greater than 500 people in 17 countries across 19 industries, is geared to helping gauge their internal practices and investments against those of their counterparts in other parts of the world.

https://www.msspalert.com/cybersecurity-research/why-ransomware-attacks-prefer-small-business-targets-rather-than-rich-enterprises/

• Ransomware Plagues Finance Sector as Cyber Attacks Get More Complex

Cyber criminals have evolved from hacking wire transfers to targeting market data, as ransomware continues to hit financial firms, says a new VMware report. Here's what to do about it.

Ransomware plagues financial institutions as they face increasingly complex threats over previous years owing to the changing behaviour of cyber criminal cartels, according to VMware's latest Modern Bank Heists report.

This has happened as the cyber crime cartels have evolved beyond wire transfer frauds to target market strategies, take over brokerage accounts, and island-hop into banks, according to the report.

For the report, VMware surveyed 130 financial sector CISOs and security leaders from across different regions including North America, Europe, Asia Pacific, Central and South America, and Africa.

Report findings were consistent with observations by other security experts. "The Secret Service, in its investigative capacity to protect the nation's financial payment systems and financial infrastructure, has seen an evolution and increase in complex cyber-enabled fraud," says Jeremy Sheridan, former assistant director at the US Secret Service. "The persistent, inadequate security of systems connected to the internet provides opportunity and methodology."

https://www.csoonline.com/article/3657875/ransomware-plagues-finance-sector-as-cyberattacks-get-more-complex.html

• 76% of Organisations Worldwide Expect to Suffer a Cyber Attack This Year

Ransomware, phishing/social engineering, denial of service (DoS) attacks, and the business fallout of a data breach rank as the top concerns of global organisations, a new study shows.

The newly published Cyber Risk Index, a study by Trend Micro and the Ponemon Institute, shows that more than three-quarters of global organisations expect to suffer a cyber attack in the next 12 months — 25% of which say an attack is "very likely."

More than 80% of the 3,400 CISO and IT professionals and managers surveyed say their organisations were hit with one or more successful cyber attacks in the past 12 months, and 35% suffered seven or more attacks, according to the report, which covers the second half of 2021.

https://www.darkreading.com/attacks-breaches/76-of-organizations-worldwide-expect-to-suffer-a-cyberattack-this-year

• Most Email Security Approaches Fail to Block Common Threats

A full 89 percent of organisations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs.

On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware.

That’s according to a survey of business customers using Microsoft 365 for email commissioned by Cyren and conducted by Osterman Research, which examined concerns with phishing, business email compromise (BEC), and ransomware threats, attacks that became costly incidents, and preparedness to deal with attacks and incidents.

“Security team managers are most concerned that current email security solutions do not block serious inbound threats (particularly ransomware), which requires time for response and remediation by the security team before dangerous threats are triggered by users,” according to the report, released Wednesday.

Less than half of those surveyed said that their organisations can block delivery of email threats. And, correspondingly, less than half of organisations rank their currently deployed email security solutions as effective.

https://threatpost.com/email-security-fail-block-threats/179370/

• Financial Leaders Grappling with More Aggressive and Sophisticated Attack Methods

VMware released a report which takes the pulse of the financial industry’s top CISOs and security leaders on the changing behaviour of cyber criminal cartels and the defensive shift of the financial sector.

The report found that financial institutions are facing increased destructive attacks and falling victim to ransomware more than in years past, as sophisticated cyber crime cartels evolve beyond wire transfer fraud to now target market strategies, take over brokerage accounts and island hop into banks.

In the Modern Bank Heists report, 63% of financial institutions admitted experiencing an increase in destructive attacks, with cyber criminals leveraging this method as a means to burn evidence as part of a counter incident response.

Additionally, 74% experienced at least one ransomware attack over the past year, with 63% paying the ransom. When asked about the nation-state actors behind these attacks, the majority of financial instructions stated that Russia posed the greatest concern, as geopolitical tension continues to escalate in cyberspace.

https://www.helpnetsecurity.com/2022/04/21/cybercriminal-cartels-financial-sector/

• Hackers Sneak Malware into Resumes Sent to Corporate Hiring Managers

A new set of phishing attacks delivering the ‘more_eggs’ malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponised job offers.

"This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting jobseekers with fake job offers," eSentire's research and reporting lead, Keegan Keplinger, said in a statement.

The Canadian cyber security company said it identified and disrupted four separate security incidents, three of which occurred at the end of March. Targeted entities include a US-based aerospace company, an accounting business located in the UK, a law firm, and a staffing agency, both based out of Canada.

The malware, suspected to be the handiwork of a threat actor called Golden Chickens (aka Venom Spider), is a stealthy, modular backdoor suite capable of stealing valuable information and conducting lateral movement across the compromised network.

"More_eggs achieves execution by passing malicious code to legitimate windows processes and letting those windows processes do the work for them," Keplinger said. The goal is to leverage the resumes as a decoy to launch the malware and sidestep detection.

https://thehackernews.com/2022/04/hackers-sneak-moreeggs-malware-into.html

• West Warns of Russian Cyber Attacks as Concerns Rise Over Putin’s Nuclear Rhetoric

Cyber crime groups have publicly pledged support for Russia, western officials worry about Putin’s reliance on nuclear threats and the battle for Mariupol in Ukraine grinds on.

The US and four of its closest allies have warned that “evolving intelligence” shows that Russia is contemplating cyber attacks on countries backing Ukraine, as the Kremlin’s frustration grows at its failure to make military gains.

Vladimir Putin used the launch on Wednesday of a powerful new Sarmat intercontinental ballistic missile (ICBM), capable of carrying ten or more warheads, to make nuclear threats against western countries.

The Sarmat has long been in development and test flights were initially due to start in 2017. The Pentagon confirmed that the US had been given notice of the test and was not alarmed. Western officials are more concerned by the increasing emphasis Moscow puts on its nuclear arsenal as its conventional forces have faltered in Ukraine.

The Ukrainian army continued to put up resistance in the besieged and devastated city of Mariupol, but Putin’s Chechen ally, Ramzan Kadyrov, predicted that the last stand of the port’s defenders at the Azovstal steel works would fall on Thursday.

The Kremlin has made repeated threats against the many countries that have been supplying Ukraine’s army with modern weapons, and members of the “Five Eyes” intelligence sharing network – the US, Britain, Canada, Australia and New Zealand – predicted Moscow could also work with cyber crime groups to launch attacks on governments, institutions and businesses.

https://www.theguardian.com/world/2022/apr/21/west-warns-of-russian-cyber-attacks-as-concerns-rise-over-putins-nuclear-rhetoric

• Criminals Adopting New Methods To Bypass Improved Defences, Says Zscaler

The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defences with newer methods, according to researchers with Zscaler's ThreatLabz research team.

Cyber criminals have adapted to multi-factor authentication (MFA), employee security awareness training, and security controls by broadening who and where they will attack.

While the United States remained the country with the most phishing attempts, others are seeing faster growth in the number of incidents – exploiting new vectors like SMS and lowering the barrier of entry for launching attacks through pre-built tools made available on the market.

"Phishing attacks continue to remain one of the most prevalent attack vectors, often serving as a starting point for more advanced next stage attacks that may result in a large-scale breach," Deepen Desai, CISO and vice president of security research and operations at Zscaler, told The Register.

https://www.theregister.com/2022/04/20/phishing-attempts-on-rise-zscaler/

• Cyber Criminals Are ‘Drinking the Tears’ of Ukrainians

In biology, when an insect drinks the tears of a large creature, it is called lachryphagy. And in cyberspace, malicious actors are likewise “drinking tears” by exploiting humanitarian concerns about the war in Ukraine for profit. Different forms of deception include tricking people into donating to bogus charities, clicking on Ukraine-themed malicious links and attachments, and even impersonating officials to extort payment for rescuing loved ones.

It is an unfortunate reality that cyber opportunists are engaging in lachryphagy to exploit humanitarian concerns about the war for profit or data collection. To date, one of the largest cryptocurrency scams involving fraudulent Ukrainian relief payments totalled $50 million in March, the Wall Street Journal reports.

Immediately following Russia’s invasion of Ukraine, cybersecurity companies warned the public that criminals were preying on Ukrainian relief fundraising efforts with cryptocurrency scams. Bitdefender Labs reports that cyber criminals have impersonated Ukrainian government entities and charitable organisations such as UNICEF, and the Australian humanitarian agency, Act for Peace. “Some [scammers] are even pretending to be Wladimir Klitschko, whose brother Vitali is mayor of Ukraine’s capital, Kyiv,” according to the BBC.

https://thehill.com/opinion/cybersecurity/3273636-cyber-criminals-are-drinking-the-tears-of-ukrainians/?rl=1

• Hackers For Hire Attempt to Destroy Hedge Fund Manager's Reputation

Hackers bombarded a British hedge fund manager with 3,000 emails and fake news stories about his mortgage in an effort to destroy his reputation after being hired by a corporate rival.

Criminals even sought to gain personal information about Matthew Earl by pretending to be his sister in a three-year campaign when he raised concerns over the controversial German payments company Wirecard.

Mr Earl, a former City analyst who runs the hedge fund ShadowFall, said he was targeted by a group called Dark Basin.

This group has been linked to Aviram Azari, who this week pleaded guilty in New York to a conspiracy to target journalists and critics of Wirecard using phishing emails.

Mr Earl said the hacking attempts started in 2016 after ShadowFall, nicknamed the “dark destroyer” in the City, criticised the financial performance of Wirecard. The German company was later mired in a series of accounting scandals and went bust.

He said: “I was being sent very targeted emails, which were crafted with personal information about my interests, friends and family’s details. They were very specific.”

Mr Earl received news stories that appeared to be from media outlets such as Reuters and Bloomberg. Another email appeared to be sent by his sister, sharing family photographs, he added.

https://www.telegraph.co.uk/business/2022/04/21/reign-terror-hackers-hire-ramp-corporate-espionage/

• New Threat Groups and Malware Families Emerging

Mandiant announced the findings of an annual report that provides timely data and insights based on frontline investigations and remediations of high-impact cyber attacks worldwide. The 2022 report––which tracks investigation metrics between October 1, 2020 and December 31, 2021—reveals over 1,100 new threat groups and 733 new malware families.

The report also notes a realignment and retooling of China cyber espionage operations to align with the implementation of China’s 14th Five-Year Plan in 2021. The report warns that the national-level priorities included in the plan “signal an upcoming increase in China-nexus actors conducting intrusion attempts against intellectual property or other strategically important economic concerns, as well as defence industry products and other dual-use technologies over the next few years.”

https://www.helpnetsecurity.com/2022/04/22/adversaries-innovating-and-adapting/

Economic Warfare: Attacks on Critical Infrastructure Part of Geopolitical Conflict

We’ve known for years that since at least March of 2016, Russian government threat actors have been targeting multiple U.S. critical infrastructure sectors including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. The Department of Homeland Security (DHS), the Federal Bureau of Investigations (FBI), and other agencies have acknowledged this for quite some time in many of their technical alerts and statements.

In the intervening years, with the acceleration of digital transformation, cyber criminals and nation-state actors have increasingly set their sights on these sectors. The convergence of physical and digital assets brings competitive advantage but also inevitable risks. Attacks against hospitals, oil pipelines, food supply chains, and other critical infrastructure, have brought into sharp focus the vulnerability of cyber-physical systems (CPS) and the impact on lives and livelihoods when they are disrupted. Now, overwhelming signs indicate critical infrastructure companies are in the bullseye of geopolitical conflict.

https://www.securityweek.com/economic-warfare-attacks-critical-infrastructure-part-geopolitical-conflict

Threats

Ransomware

• How Ready Are Organisations to Manage and Recover From A Ransomware Attack? - Help Net Security

• FBI: BlackCat Ransomware Breached At Least 60 Entities Worldwide (bleepingcomputer.com)

• Ransomware: This Gang Is Getting a Lot Quicker at Encrypting Networks | ZDNet

• Hive Hackers Are Exploiting Microsoft Exchange Servers in Ransomware Spree | ZDNet

• REvil's TOR Sites Come Alive to Redirect To New Ransomware Operation (bleepingcomputer.com)

• PYSA Ransomware Attacks: Here's What MSSPs Need to Know - MSSP Alert

• An Investigation of the BlackCat Ransomware via Trend Micro Vision One

• REvil Resurrected? Ransomware Crew Appears to Be Back • The Register

• FBI Warning: Ransomware Gangs Are Going After This Lucrative but Unexpected Target | ZDNet

Phishing & Email Based Attacks

• LinkedIn Brand Takes Lead as Most Impersonated In Phishing Attacks (bleepingcomputer.com)

• FBI Warns of 'Reverse' Instant Payments Phishing Schemes | SecurityWeek.Com

• Spreading Malware Through Community Phishing - Help Net Security

Malware

• Windows Malware Can Steal Social Media Credentials and Banking Logins (komando.com)

• Emotet Botnet Switches to 64-bit Modules, Increases Activity (bleepingcomputer.com)

• New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar (thehackernews.com)

• Emotet Reestablishes Itself at The Top Of The Malware World • The Register

Mobile

• Millions of Android Users at Risk Of Attack After Widespread Security Issue Uncovered | TechRadar

BYOD

• 60% of Companies using BYOD Face Serious Security Risks - Help Net Security

IoT

• How to Secure Smart Home (IOT) Devices | Reviews by Wirecutter (nytimes.com)

• New Stealthy BotenaGo Malware Variant Targets DVR Devices (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Hackers Are Seeking Alternative Money-Laundering Options (bleepingcomputer.com)

• How Russia Is Isolating Its Own Cyber Criminals (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking

• Hackers Hammer SpringShell Vulnerability In Attempt To Install Cryptominers | Ars Technica

• Beanstalk DeFi Platform Loses $182 Million In Flash-Loan Attack (bleepingcomputer.com)

• Yet Another Phishing Attack? Terra Users Lose $4.3 Million, According To Security Firm (watcher.guru)

• Hackers Steal $655K After Picking MetaMask Seed from iCloud Backup (bleepingcomputer.com)

• LemonDuck Botnet Plunders Docker Cloud Instances in Cryptocurrency Crime Wave | ZDNet

Fraud, Scams & Financial Crime

• Security Lessons From a Payment Fraud Attack (darkreading.com)

• Scammers Snatch Up Expired Domains, Vexing Google | TechCrunch

Insurance

• Cyber Insurance and the Changing Global Risk Environment - Security Affairs

Dark Web

• Experts Spotted Industrial Spy, A New Stolen Data Marketplace - Security Affairs

Supply Chain and Third Parties

• Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now (darkreading.com)

• More Than Half of Initial Infections in Cyber Attacks Come Via Exploits, Supply Chain Compromises (darkreading.com)

Cloud

• IT Leaders Require Deeper Security Insights to Confidently Manage Multi-Cloud Workloads - Help Net Security

• Rethinking Cyber-Defence Strategies in the Public-Cloud Age | Threatpost

• Cyber Criminals Are Shifting Their Gaze To Kubernetes - Information Security Buzz

Passwords & Credential Stuffing

• What Is Peppering in Password Security and How Does It Work? (makeuseof.com)

Digital Transformation

• The Price of An Accelerated Digital Transformation - Help Net Security

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Moving Towards Defence in Depth Under The Grey Skies Of Conflict - Help Net Security

• Locked Shields ‘Live Fire’ Cyber Drills to be Held as War in Ukraine Continues - Bloomberg

• Russian-Linked Shuckworm Crew Ups Attacks on Ukraine • The Register

• Russian Gamaredon APT Continues to Target Ukraine - Security Affairs

• Phishing Attacks Using the Topic "Azovstal" Targets Entities in Ukraine - Security Affairs

• Hackers Claim to Target Russia with Cyber Attacks and Leaks - The New York Times (nytimes.com)

• The Anonymous Collective Hacked Other Russian Organisations - Security Affairs

• Spyware Was Used Against Catalan Targets and UK Prime Minister and Foreign Office | CSO Online

• Stalkerware Detection Trends: Monitor and Spyware Findings - MSSP Alert

• Catalan Chief Accuses Spain's Intelligence Agency of Hacking | SecurityWeek.Com

• Anomaly 6 Tracked NSA and CIA Spies as Product Demo: Report (gizmodo.com)

Nation State Actors

Nation State Actors – Russia

• Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure (thehackernews.com)

• NATO Locked Shields War Games Prep for Real Russian Cyber Attack (gizmodo.com)

• The Russian Cyber Threat Is Here to Stay and NATO Needs To Understand It | Fox News

• A Russian Cyber Attack Is Coming —Lawmakers and Citizens Must Prepare | The Hill

• US Officials Increase Warnings About Russian Cyber-Attacks - Infosecurity Magazine

• Work From Home Software 'At Risk of Russian Cyber Attacks' (telegraph.co.uk)

• US Officials Preparing for Potential Russian Cyber Attacks - CBS News

• After Foiled Sandworm Attack, US Critical Infrastructure Should Stand Guard | CSO Online

Nation State Actors – China

• Chinese Hackers Behind Most Zero-Day Exploits During 2021 (bleepingcomputer.com)

Nation State Actors – North Korea

• North Korea Funds Nuclear Program with Cyber Crime- IT Security Guru

• North Korea Aims 'TraderTraitor' Malware at Cryptocurrency Workers (cyberscoop.com)

• Blockchain Companies Warned of North Korean Hackers - IT Security Guru

Nation State Actors – Misc

• State Actors Drive Record Number of Zero-Day Exploits in 2021 - Infosecurity Magazine

Vulnerability Management

• Vulnerabilities That Kept Security Leaders Busy in Q1 2022 - Help Net Security

• How Fast Do Cyber Criminals Capitalize on New Security Weaknesses? - Help Net Security

• Zero-Day Exploit Use Exploded in 2021 (darkreading.com)

Vulnerabilities

• VMware, Chrome Flaws Added to Known Exploited Vulnerabilities Catalogue - Security Affairs

• Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild (thehackernews.com)

• Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA (thehackernews.com)

• Time to get patching: Oracle's quarterly Critical Patch Update arrives with 520 fixes | ZDNet

• 7-Zip Zero-Day Vulnerability Grants Privilege Escalation | TechSpot

• When “Secure” Isn’t Secure at All: High‑Impact UEFI Vulnerabilities Discovered in Lenovo Consumer Laptops | WeLiveSecurity

• QNAP Warns of New Bugs in Its Network Attached Storage Devices – Naked Security (sophos.com)

• Cisco Umbrella Default SSH Key Allows Theft of Admin Credentials (bleepingcomputer.com)

• Researcher Releases PoC for Recent Java Cryptographic Vulnerability (thehackernews.com)

• Critical Cryptographic Java Security Blunder Patched – Update Now! – Naked Security (sophos.com)

• Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability (thehackernews.com)

• Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails (thehackernews.com)

• Zero-Day Exploits Found And Disclosed Hit A Record High In 2021, Google Project Zero says - CyberScoop

Sector Specific

Financial Services Sector

• Modern Bank Heists 5.0: The Escalation from Dwell to Destruction (vmware.com)

• Two-Thirds of Global Banks Witness Surge in Destructive Attacks - Infosecurity Magazine

FinTech

• Ransomware in Fintech: Cyber Criminals Adopt New Means as Theft Gives Way To Sabotage - Help Net Security

Health/Medical/Pharma Sector

• The New Cyberthreat To Healthcare: Killware - Information Security Buzz

• Many Medical Device Makers Skimp on Security Practices (darkreading.com)

Transport and Aviation

• Cyber-Attackers Hit Sunwing Airlines - Infosecurity Magazine (infosecurity-magazine.com)

Reports Published in the Last Week

• Modern Bank Heist 5.0 (vmware.com)

• 3 Key Takeaways from the 2022 ConnectWise MSP Threat Report - MSSP Alert

• Discover The Anatomy of An External Cyber Attack Surface With New RiskIQ Report - Microsoft Security Blog

Other News

• Why Companies Should Make ERP Security a Top Priority (techtarget.com)

• The Evolving Role of The Lawyer in Cyber Security - Help Net Security

• Cyber Security Litigation Risks: 4 Top Concerns for CISOs | CSO Online

• Ponemon Research - Businesses to Invest $172b On Cyber Security In 2022 - Information Security Buzz

• T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code (thehackernews.com)

• Funkypigeon.com Suspends Orders After 'Cyber Security Incident' | Business News | Sky News

• The SEC Is About To Force CISOs Into America’s Boardrooms (forbes.com)

• Data Breaches, Ransomware Attacks Leave Security Teams “Exhausted” - MSSP Alert

• When Attacks Surge, Turn to Data to Strengthen Detection and Response | SecurityWeek.Com

• What Can Someone Do with Your IP Address? (makeuseof.com)

• Attacker Accessed Dozens of Repositories After OAuth Token Theft - Information Security Buzz

• 7 Best Practices for Web3 Security Risk Mitigation (techtarget.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Workers Ignore Security Risks To Maximize Productivity

A large proportion of employees often take shortcuts to optimize productivity at work, despite understanding the security risks, new data suggests. According to a survey which polled 8,000 workers worldwide, almost four in five (79%) have engaged in one or more “risky activity” in the past twelve months. In a third of cases (35%), this involved saving passwords to their browser. A similar percentage admitted to using a single password across multiple online accounts, while 23% connected personal devices to corporate networks.

https://www.itproportal.com/news/many-workers-ignore-security-risks-to-maximize-productivity/

Financial Services Accounting For Nearly 40% Of All Phishing URLs

A report was released for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected for June alone. For this 6-month window researchers identified Crédit Agricole as the most impersonated brand, with 17,555 unique phishing URLs, followed by Facebook, with 17,338, and Microsoft, with 12,777.

https://www.helpnetsecurity.com/2021/07/22/financial-services-phishing/

Half Of Organisations Are Ineffective At Countering Phishing And Ransomware Threats

Half of organisations are not effective at countering phishing and ransomware threats. The findings come from a study compiled from interviews with 130 cyber security professionals in mid-sized and large organisations. “Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,”. “Organisations need multi-layered defences in place to mitigate these risks.”

https://www.helpnetsecurity.com/2021/07/19/countering-phishing-and-ransomware/

36% Of Organisations Suffered A Serious Cloud Security Data Leak Or A Breach In The Past Year

As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks—and the costs of addressing them—are increasing. The findings are part of the State of Cloud Security 2021 survey. The survey of 300 cloud pros (including cloud engineers; security engineers; DevOps; architects) found that 36% of organisations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they’re vulnerable to a major data breach related to cloud misconfiguration. 64% say the problem will get worse or remain unchanged over the next year.

https://www.helpnetsecurity.com/2021/07/27/cloud-security-data-leak/

HP Finds 75% Of Threats Were Delivered By Email In First Six Months Of 2021

According to the latest HP Report, email is still the most popular way for malware and other threats to be delivered, with more than 75% of threats being sent through email messages.  The report -- covering the first half of 2021 -- is compiled based on customers who opt to share their threat alerts with the company. HP's researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools can solve CAPTCHA challenges using computer vision techniques.

https://www.zdnet.com/article/hp-finds-75-of-threats-were-delivered-by-email-in-first-six-months-of-2021/

Data Breach Costs Hit Record High Due To Pandemic

Data breaches have always proved costly for victimized organisations. But the coronavirus pandemic made a bad situation even worse. A report released Wednesday looks at how and why the average cost of dealing with a data breach has jumped to a new high. The average cost of a data breach among companies surveyed reached $4.24 million per incident, the highest in 17 years.

https://www.techrepublic.com/article/data-breach-costs-hit-record-high-due-to-pandemic/

Top 30 Critical Security Vulnerabilities Most Exploited By Hackers

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors can swiftly weaponize publicly disclosed flaws to their advantage. The top 30 vulnerabilities span a wide range of software, including remote work, virtual private networks (VPNs), and cloud-based technologies, that cover a broad spectrum of products from Microsoft, VMware, Pulse Secure, Fortinet, Accellion, Citrix, F5 Big IP, Atlassian, and Drupal.

https://thehackernews.com/2021/07/top-30-critical-security.html

Average Time To Fix High Severity Vulnerabilities Grows From 197 Days To 246 Days In 6 Months: Report

A recent report has found that the remediation rate for severe vulnerabilities is on the decline, while the average time to fix is on the rise. The report, which is compiled monthly, covers window of exposure, vulnerability by class and time to fix. The latest report found that the window of exposure for applications has increased over the last six months while the top-5 vulnerability classes by prevalence remain constant, which the researchers behind the report said was a "systematic failure to address these well-known vulnerabilities." According to researchers, the time to fix vulnerabilities has dropped 3 days, from 205 days to 202 days. The average time to fix is 202 days, the report found, representing an increase from 197 days at the beginning of the year. The average time to fix for high vulnerabilities grew from 194 days at the beginning of the year to 246 days at the end of June.

https://www.zdnet.com/article/average-time-to-fix-high-vulnerabilities-grows-from-197-days-to-246-days-in-6-months-report/

Why Remote Working Leaves Us Vulnerable To Cyber Attacks

An industry survey found 56% of senior IT technicians believe their employees have picked up bad cyber security habits while working from home. For Example. A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack - US Independence Day, 4 July. They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers. Many firms were forced into a costly downtime period as a result. Among those targeted during the incident was a well-known software provider, Kaseya. REvil used Kaseya as a conduit to spread its ransomware - a malware that can scramble and steal an organisation's computer data - through other corporate and cloud-based networks that use the software.

https://www.bbc.co.uk/news/business-57847652

Stop Mitigating Cyber Security Threats And Start Preventing Them

The impacts of a successful cyber attack can be devastating. Through multiple forms of extortion, criminals can use stolen data and other business-critical assets, including sensitive financial and customer data to hold companies hostage with just one campaign. The average cost of a phishing attack last year was $832,500, with zero-day attacks costing around $1,238,000. Spending this amount of money to recover from a cyber attack could bring a company to its knees. Today’s cyber attacks present very real existential threats to businesses and C-level executives are beginning to fully realize the gravity of these threats. It is critical that organizations invest in solutions that are going to help stop these attackers before they enter their environments.

https://www.itproportal.com/features/stop-mitigating-cybersecurity-threats-and-start-preventing-them/

Threats

Ransomware

• Babuk Ransomware Decryptor Causes Encryption 'Beyond Repair'

• Ransomware Can Penetrate Quickly, Significantly Damaging An Organisation

• BlackMatter Ransomware Targets Companies With Revenue Of $100 Million And More

• LockBit Ransomware Now Encrypts Windows Domains Using Group Policies

• FBI Tracking More Than 100 Active Ransomware Groups

• The World's Top Ransomware Gangs Have created A cyber Crime "Cartel"

Social Engineering

• Average Organisation Targeted By Over 700 Social Engineering Attacks Each Year: Report

• These Hackers Built An Elaborate Online Profile To Fool Their Targets Into Downloading Malware

• FIN7’s Liquor Lure Compromises Law Firm With Backdoor

Malware

• Cisco Researchers Spotlight Solarmarker Malware

• Hackers Exploit Microsoft Browser Bug To Deploy VBA Malware On Targeted PCs

• Some Windows 11 Installers Infect Your PC With Malware

• Microsoft Warns Of LemonDuck Malware Targeting Windows and Linux Systems

• Discord CDN And API Abuses Drive Wave Of Malware Detections

• Japanese Computers Hit By A Wiper Malware Ahead Of 2021 Tokyo Olympics

Mobile

• New Android Malware Uses VNC To Spy And Steal Passwords From Victims

• UBEL Is The New Oscorp — Android Credential Stealing Malware Active In The Wild

Vulnerabilities

• Microsoft Warns Of Credential Stealing NTLM Relay Attacks Against Windows Domain Controllers

• VPN Servers Seized By Ukrainian Authorities Weren’t Encrypted

• Web Applications Have Become A Security Liability

• Hackers Have Found Yet Another Way To Attack Kubernetes Clusters

• Windows 10 Printer Problems Persist Following Latest Security Update

• Microsoft Rushes Fix For ‘PetitPotam’ Attack PoC

• Apple Releases Urgent 0-Day Bug Patch For Mac, iPhone And iPad Devices

• Researchers Warn Of Unpatched Kaseya Unitrends Backup Vulnerabilities

• New Linux Kernel Bug Lets You Get Root On Most Modern Distros

• Dozens Of Web Apps Vulnerable To DNS Cache Poisoning Via ‘Forgot Password’ Feature

• Nasty MacOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Data Breaches

• Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable In Massive Data Breach

• Gun Owners' Fears After Firearms Dealer Data Breach

Organised Crime & Criminal Actors

• Threat Actor Offers Clubhouse Secret Database Containing 3.8b Phone Numbers

• Number Of Hacking Tools Increasing As Cyber Criminals Become More Organised

Dark Web

• How The Dark Web Enables Access To Corporate Networks

Supply Chain

• Kaseya Denies Paying Ransom For Decryptor, Refuses Comment On NDA

DoS/DDoS

• DSoS Attacks Are Up, With Ever-Greater Network Impact

Nation State Actors

• Chinese Hackers Implant PlugX Variant On Compromised MS Exchange Servers

• APT Group Hits IIS Web Servers With Deserialization Flaws And Memory-Resident Malware

Privacy

• Behind The Mercenary Spyware Industry

Reports Published in the Last Week

• DDoS Attack Trends For 2021 Q2

• Spear Phishing: Top Threats And Trends Volume 6

Other News

• PunkSpider—The Search Engine For Web Exploits—Rises From the Dead

• Biden Warns A ‘Real Shooting War’ Could Come From Cyber Breach

• Hackers Turning To 'Exotic' Programming Languages For Malware Development

• Discord Is Now An Essential Tool For Hackers

• Research Roadblock? Security Pros Weigh In On China’s New Vulnerability Disclosure Law

• For Hackers, Space Is The Final Frontier

• A DNS Outage Just Took Down A Large Chunk Of The Internet

• Ireland Sees Biggest Rise In Cyber Security Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.