Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 15 March 2024
Black Arrow Cyber Threat Intelligence Briefing 15 March 2024:
-Mind The Gap - Mimecast Report Finds Humans Are Biggest Security Flaw
-Three-Quarters of Cyber Victim Are SMBs - Why SMBs are Becoming More Vulnerable
-Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc
-UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’
-Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024
-Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture
-Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
-Independent Cyber Security Audits Are Powerful Tools for Boards
-Navigating Cyber Security in The Era of Mergers
-Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Mind The Gap: Mimecast Report Finds Humans Are Biggest Security Flaw
A global report from Mimecast has found that 74% of all cyber breaches are caused by human factors, including errors, misuse of access privileges or social engineering. Email remains the primary attack vector for cyber threats. Further, 67% of respondents expect AI-driven attacks to soon be the norm and 69% believe their company will be harmed by an attack.
No matter the size, sector or budget of an organisation, people remain a consistent risk factor. Even with strong technology controls, people can still be the risk that brings down the organisation. It is therefore important for organisations to integrate people into their cyber security investments. This should include awareness and education training, and fostering a cyber secure culture in the organisation.
Sources: [IT Security Guru] [Beta News] [Verdict]
Three-Quarters of Cyber Victim Are SMBs: Why SMBs are Becoming More Vulnerable
According to a recent Sophos report, over three-quarters of cyber incidents impacted smaller businesses in 2023, with ransomware having the largest impact. The research also found that in 90% of attacks, data or credential theft was involved and in 43%, data theft was the main focus.
The report found significant usage of initial access brokers; these are attackers whose speciality is to break into computer networks and sell ready-to-go access to other attackers. In fact, the report found that almost half of all malware detected in SMBs were malicious programs used to steal sensitive data and login credentials. Unfortunately, many SMBs struggle to keep up due to a lack of resources and budget; instead, they must be able to prioritise their cyber security efforts to get the most return on investment.
Sources: [Infosecurity Magazine] [Help Net Security] [TechRadar] [Nairametrics] [TechTarget]
Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc
The Ipsos report on Cyber Security Skills in the UK Labour Market 2023 sheds light on the persistent challenges faced in recruiting, training, and retaining cyber security professionals across various domains. With approximately 739,000 businesses lacking basic cyber skills and 487,000 facing advanced skills gaps, the demand for trained professionals is escalating. The shortage of incident response skills highlights the need for comprehensive education and training programs. Senior management and board-level executives must also be equipped with the knowledge to manage incidents effectively, emphasising reporting, seeking external assistance, and maintaining a no-blame culture. Understanding cyber risks at the business level is crucial, as cyber crime has evolved into a well-organised industry with distinct roles and profit-sharing mechanisms among cyber criminal groups. Conducting tabletop incident response exercises can effectively prepare senior leadership for cyber incidents, ensuring a proactive and coordinated response to mitigate risks and safeguard organisational resilience.
Source: [TechRadar]
UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’
The recent response from the British government to warnings about the looming ransomware threat has sparked criticism, with accusations of adopting an "ostrich strategy" by downplaying the severity of the national cyber threat. Despite alarming assessments from the Joint Committee on the National Security Strategy (JCNSS) regarding the high risk of a catastrophic ransomware attack, the government's formal response has been met with scepticism. Key recommendations, such as reallocating responsibility for tackling ransomware away from the Home Office, were rejected, with the government arguing that its existing regulations and the current National Cyber Strategy were sufficient. This argument has raised concerns about the government's preparedness and resource allocation. With ransomware attacks escalating in the UK, the Committee underscores the urgency for a proactive national security response to mitigate the potentially devastating impacts on the economy and national security.
Source: [The Record Media]
Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024
Research conducted by the Identity Theft Resource Center (ITRC) found that 2023 set an all time high in data breaches, 72% more than the prior year. Separately, the Allianz Risk Barometer identified cyber incidents as the biggest global business threat for 2024, ranking above regulatory concerns, climate change and a shortage of skilled workers. It is crucial that the severity of this risk is reflected in the actions taken by organisations, who must effectively govern and implement their cyber security strategy.
Sources: [JDSupra]
Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture
Cyber security has become a pressing issue on financial institutions due to the rise in cyber attacks, as highlighted by the February attack on Bank of America via a third-party service. The involvement of the LockBit ransomware group underlines the persistent nature of these threats, particularly targeting the financial sector. These attacks disrupt services and undermine trust in the financial system, necessitating robust cyber security frameworks. The new US Securities and Exchange Commission (SEC) rule requiring immediate disclosure of cyber security incidents presents both benefits and challenges, calling for clear guidelines and industry-wide collaboration. BlackBerry’s Global Threat Intelligence Report revealed a staggering million attacks globally in just 120 days last year. These attacks, often using commodity malware, make up almost two-thirds of all industry-related incidents. The 27% increase in novel malware samples highlights the need for improved defences. These findings emphasise the need for AI-driven detection and defence strategies. While critical infrastructure remains a primary focus, commercial enterprises must remain vigilant, with a third of threats targeting various sectors, emphasising the pervasive nature of cyber threats across industries.
Source:[ SC Media] [TechRadar]
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
In a recent revelation, Microsoft disclosed that the Kremlin-backed threat group known as Midnight Blizzard successfully accessed some of Microsoft’s source code repositories and internal systems following a hack in January 2024. The breach, believed to have originally occurred in November 2023, exploited a legacy test account lacking multi-factor authentication by employing a password spray attack. Microsoft assured no compromise to customer-facing systems but warned of ongoing attempts by Midnight Blizzard to exploit stolen corporate email data. The extent of the breach remains under investigation, with concerns raised over the potential accumulation of attack vectors by the threat actor. The incident underscores the escalating sophistication of nation-state cyber threats and prompts a re-evaluation of security measures, highlighting the imperative for robust defences against such adversaries.
Source: [The Hacker News]
Independent Cyber Security Audits Are Powerful Tools for Boards
Board members are increasingly held accountable for their organisation's cyber posture, facing personal liability for lapses. To gain insight and demonstrate proactive leadership, independent cyber security audits have become indispensable. These audits not only aid in regulatory compliance but also uncover blind spots in the organisation's security measures. Recent regulations, such as by the US Securities and Exchange Commission (SEC) underscore the imperative for robust cyber security oversight at the board level. The audit process involves defining the scope, conducting assessments, validating findings through simulations, and presenting comprehensive reports to leadership. By embracing cyber security audits, boards can fulfil their duty of overseeing and enhancing the organisation's cyber resilience in an ever-evolving threat landscape.
Source: [Bloomberg Law]
Navigating Cyber Security in The Era of Mergers
In today's landscape of frequent mergers and acquisitions (M&A), organisations grapple with the challenge of aligning cyber security measures across subsidiaries, posing a risk to overall security. According to an IBM survey, over one in three executives attribute data breaches to M&A activity during integration. This complexity arises as security teams may lack insight into subsidiary infrastructure, hindering risk assessment and mitigation efforts. Historical incidents like the NotPetya attack on Merck and the Talk Talk hack highlight vulnerabilities post-acquisition, emphasising the need for a proactive approach to subsidiary cyber security. To address these challenges, organisations must conduct comprehensive risk assessments, standardise security protocols, foster collaboration, and consider unified security platforms. By proactively addressing visibility gaps and implementing standardised protocols, organisations can fortify their defences against evolving cyber threats amidst M&A activities.
Source: [Forbes]
Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm
According to a recent report, 76% of organisations were compromised by QR-code phishing in the last 12 months. Along with this, there has also been a rise in the number of sophisticated vishing attacks, with recent attacks costing organisations millions. The introduction of artificial intelligence has only added fuel to this fire already impacting security controls such as call-back procedures. With the tactics of phishing evolving, organisations need to ensure they are up-to-date and that employees are trained effectively to mitigate the risk of these.
Sources: [Help Net Security] [Dark Reading]
Governance, Risk and Compliance
Cyber Security skills gap and boardroom blindness invite hacker havoc | TechRadar
Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)
Navigating Cyber Security In The Era Of Mergers (forbes.com)
SMEs invest in tech opportunities but risk missing security safeguards (betanews.com)
Your tech tools won’t save you from cyber threats | TechRadar
The CISO Role Is Changing. Can CISOs Themselves Keep Up? (darkreading.com)
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
How enterprises can tackle risky cyber security behavior and improve workforce resilience | ITPro
Building a Security Culture of Shared Responsibility - Security Boulevard
MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense
Threats
Ransomware, Extortion and Destructive Attacks
Sophos: Remote ransomware attacks on SMBs increasing | TechTarget
UK government’s ransomware failings leave country ‘exposed and unprepared’ (therecord.media)
Understanding the multi-tiered impact of ransomware. (thecyberwire.com)
Ransomware tracker: The latest figures [March 2024] (therecord.media)
The effects of law enforcement takedowns on the ransomware landscape - Help Net Security
UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)
Businesses leaving their Kubernetes containers exposed to ransomware | TechRadar
StopCrypt: Most widely distributed ransomware now evades detection (bleepingcomputer.com)
Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica
Ransomware Victims
British Library’s legacy IT blamed for lengthy rebuild • The Register
British Library shares lessons from cyber attack | UKAuthority
Stanford University failed to detect intruders for 4 months • The Register
Stanford says data from 27,000 people leaked in September ransomware attack (therecord.media)
Law Firm Sues MSP Over Black Basta Ransomware Attack | MSSP Alert
Play ransomware group stole 65,000 Swiss government files • The Register
Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care (claimsjournal.com)
Nissan confirms ransomware attack exposed data of 100,000 people (bleepingcomputer.com)
Equilend warns employees their data was stolen by ransomware gang (bleepingcomputer.com)
Phishing & Email Based Attacks
Phishing Threats Rise as Malicious Actors Target Messaging Platforms - Security Boulevard
MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)
What is phishing? Examples, types, and techniques | CSO Online
Other Social Engineering
Sophisticated Vishing Campaigns Take World by Storm (darkreading.com)
Your tech tools won’t save you from cyber threats | TechRadar
Artificial Intelligence
AI Poses Extinction-Level Risk, State-Funded Report Says | TIME
Cyber crime underworld has removed all the guardrails on AI frontier
Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data (darkreading.com)
Cyber attackers are threatening businesses with AI, says Microsoft (qz.com)
Intelligence officials warn pace of innovation in AI threatens US | CyberScoop
How advances in AI are impacting business cyber security - Help Net Security
NCSC Blog - AI and cyber security: what you need to know (techuk.org)
4 types of prompt injection attacks and how they work | TechTarget
Former Google engineer charged with stealing AI trade secrets | TechTarget
How to craft a generative AI security policy that works | TechTarget
2FA/MFA
Malware
Keyloggers, spyware, and stealers dominate SMB malware detections - Help Net Security
SMBs are being hit with more malware attacks than ever, and many can't keep up | TechRadar
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)
Botnets: The uninvited guests that just won’t leave | CSO Online
Hackers using Weaponized PDF Files to Deliver Remcos RAT (cybersecuritynews.com)
RedLine malware top credential stealer of last 6 months | SC Media (scmagazine.com)
Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT (darkreading.com)
Mobile
Blog: Why Hackers Love Phones - Keep your Eye on the Device - Security Boulevard
SIM swappers hijacking phone numbers in eSIM attacks (bleepingcomputer.com)
PixPirate Android malware uses new tactic to hide on phones (bleepingcomputer.com)
Denial of Service/DoS/DDOS
French government sites disrupted by très grande DDOS • The Register
Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)
RIA: Estonia's state institutions hit by largest cyber attack to date | News | ERR
DDoS attacks reach critical levels in 14 seconds | Security Magazine
Internet of Things – IoT
Internet of Risks: Cyber Security Risk in the Internet of Things | UpGuard
Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors - Security Week
Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk (darkreading.com)
Chinese spies want to steal IP by backdooring safe locks • The Register
Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)
MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)
Data Breaches/Leaks
Data Breaches up 72% From Record High: Cyber Incident Readiness Must be Top of Mind | Epiq - JDSupra
Jersey regulator's data breach leaks names and addresses - BBC News
Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware (bleepingcomputer.com)
Okta denies it was hacked again after data appears on hacking site | TechRadar
Over 12 million auth secrets and keys leaked on GitHub in 2023 (bleepingcomputer.com)
French unemployment agency data breach impacts 43 million people (bleepingcomputer.com)
Organised Crime & Criminal Actors
How to Identify a Cyber Adversary: Standards of Proof (darkreading.com)
How to Identify a Cyber Adversary: What to Look For (darkreading.com)
Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)
Bitcoin Fog mixer operator convicted for laundering $400 million (bleepingcomputer.com)
US Seizes $1.4 Million in Cryptocurrency From Tech Scammers - Security Week
Insider Risk and Insider Threats
Insider threats can damage even the most secure organisations - Help Net Security
Your tech tools won’t save you from cyber threats | TechRadar
Former Google engineer charged with stealing AI trade secrets | TechTarget
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Building a Security Culture of Shared Responsibility - Security Boulevard
How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur
Insurance
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)
Supply Chain and Third Parties
Play ransomware group stole 65,000 Swiss government files • The Register
Industry: Act Now To Secure the Solutions You Offer the Military | AFCEA International
Cloud/SaaS
EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch
Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)
How Not to Become the Target of the Next Microsoft Hack (darkreading.com)
Cloud Account Attacks Surged 16-Fold in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)
Cloud security vs. network security: What's the difference? | TechTarget
Encryption
Linux and Open Source
How to Ensure Open Source Packages Are Not Landmines (darkreading.com)
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Russian Hackers Are Weaponizing Stolen Microsoft Passwords (claimsjournal.com)
Overcoming the threat of account takeover fraud (securitybrief.co.nz)
LastPass suffers worldwide outage causing site 404 error - 9to5Mac
Social Media
Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)
Meta sues “brazenly disloyal” former exec over stolen confidential docs | Ars Technica
TikTok Ban Raises Data Security, Control Questions (darkreading.com)
Training, Education and Awareness
Your tech tools won’t save you from cyber threats | TechRadar
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Regulations, Fines and Legislation
Everything you need to know about the EU's Cyber Solidarity Act | ITPro
The New Hacker Playbook: Weaponizing the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra
Models, Frameworks and Standards
4 Security Tips From PCI DSS 4.0 Anyone Can Use (darkreading.com)
Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)
Backup and Recovery
Data Protection
EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch
How do you lot feel about Pay or OK model, ICO asks Brits • The Register
Careers, Working in Cyber and Information Security
Half of firms struggling to hire cyber security experts (securitybrief.co.nz)
UK Council's Vision: Set High Standards in Cyber Security (govinfosecurity.com)
How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur
Cyber security skills gap and boardroom blindness invite hacker havoc | TechRadar
Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)
How To Overcome The Machismo Problem In Cyber Security (forbes.com)
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
TikTok Ban Raises Data Security, Control Questions (darkreading.com)
Lithuania security services warn of China's espionage against the country (securityaffairs.com)
Chinese Cyber Crime: Discretion Is the Better Part of Valor (databreachtoday.co.uk)
Chinese spies want to steal IP by backdooring safe locks • The Register
Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)
Russia
Microsoft says Russian hackers stole source code after spying on its executives - The Verge
Microsoft says Russian hackers breached its systems, accessed source code (bleepingcomputer.com)
Microsoft: Russians are using stolen information to breach company’s systems (therecord.media)
Microsoft says it hasn't been able to evict Russian state hackers | AP News
Kremlin accuses US of plotting election-day cyber attack • The Register
Major operation under way to identify source of Russian attack that 'jammed signals' on... - LBC
First-ever South Korean national detained for espionage in Russia (securityaffairs.com)
Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)
North Korea
Vulnerability Management
How to Streamline the Vulnerability Management Life Cycle - Security Boulevard
Researchers expose Microsoft SCCM misconfigs usable in cyber attacks (bleepingcomputer.com)
Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)
Vulnerabilities
Adobe Patches Critical Flaws in Enterprise Products - Security Week
Major CPU, Software Vendors Impacted by New GhostRace Attack - Security Week
Critical Fortinet flaw may impact 150,000 exposed devices (bleepingcomputer.com)
Fortinet Releases Security Updates for Multiple Products | CISA
SAP Patches Critical Command Injection Vulnerabilities - Security Week
Cisco addressed severe flaws in its Secure Client (securityaffairs.com)
5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw - Security Boulevard
New cyber crime crew Magnet Goblin caught exploiting Ivanti • The Register
Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory (darkreading.com)
Threat actors breached two crucial systems of the US CISA (securityaffairs.com)
Researchers found multiple flaws in ChatGPT plugins (securityaffairs.com)
Exploited Building Access System Vulnerability Patched 5 Years After Disclosure - Security Week
Tools and Controls
Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)
NSA's Zero-Trust Guidelines Focus on Segmentation (darkreading.com)
Expert Cyber Security Strategies For Protecting Remote Businesses (forbes.com)
Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Cloud security vs. network security: What's the difference? | TechTarget
Immutability: A boost to your security backup (betanews.com)
MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense
How teams can improve incident recovery time to minimize damages - Help Net Security
Reports Published in the Last Week
Other News
Finance sector facing huge amount of cyber attacks that could leave it on its knees | TechRadar
French state services hit by cyber attacks of 'unprecedented intensity' (france24.com)
Better Safe Than Sorry: Making Cyber Security a Priority | HealthLeaders Media
How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)
Pi Day: How Hackers Slice Through Security Solutions - Security Boulevard
78% of MSPs state cyber security is a prominent IT challenge | Security Magazine
No, 'Leave the World Behind' and 'Civil War' Aren’t Happening Before Your Eyes | WIRED
Maritime cyber security: threats and challenges - Port Technology International
What resources do small utilities need to defend against cyber attacks? | CyberScoop
10 free cyber security guides you might have missed - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 July 2022
Black Arrow Cyber Threat Briefing 15 July 2022:
-10,000 Organisations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication
-Businesses Are Adding More Endpoints, But Can’t Manage Them All
-Ransomware Activity Resurges in Q2
-North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware
-One-Third of Users Without Security Awareness Training Click on Phishing URLs
-Ransomware Scourge Drives Price Hikes in Cyber Insurance
-Conventional Cyber Security Approaches Are Falling Short
-Virtual CISOs Are the Best Defence Against Accelerating Cyber Risks
-Firms Not Planning for Supply Chain Threats
-Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?
-Security Culture: Fear of Cyber Warfare Driving Initiatives
-Cryptocurrency 'Mixers' See Record Transactions from Sanctioned Actors
-Online Payment Fraud Expected to Cost $343B Over Next 5 Years
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
10,000 Organisations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.
The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into the genuine site.
According to Microsoft’s detailed report on the campaign, once hackers had broken into email inboxes via the use of stolen passwords and session cookies, they would exploit their access to launch Business Email Compromise (BEC) attacks on other targets.
By creating rules on victims’ email accounts, the attackers are able to then ensure that they maintain access to incoming email even if a victim later changes their password.
The global pandemic, and the resulting increase in staff working from home, has helped fuel a rise in the adoption of multi-factor authentication.
Cyber criminals, however, haven’t thrown in the towel when faced with MFA-protected accounts. Accounts with MFA are certainly less trivial to break into than accounts which haven’t hardened their security, but that doesn’t mean that it’s impossible.
Reverse-proxy phishing kits like Modlishka, for instance, impersonate a login page, and ask unsuspecting users to enter their login credentials and MFA code. That collected data is then passed to the genuine website – granting the cyber criminal access to the site.
As more and more people recognise the benefits of MFA, we can expect a rise in the number of cyber criminals investing effort into bypassing MFA.
Microsoft’s advice is that organisations should complement MFA with additional technology and best practices.
Businesses Are Adding More Endpoints, But Can’t Manage Them All
Most enterprises struggle to maintain visibility and control of their endpoint devices, leading to increased security breaches and impaired ability to ward off outside attacks, according to a survey conducted by Ponemon Institute.
Findings show that the average enterprise now manages approximately 135,000 endpoint devices. Despite $4,252,500 of annual budget spent on endpoint protection, an average of 48 percent of devices – or 64,800 per enterprise – are at risk because they are no longer detected by the organisation’s IT department or the endpoints’ operating systems have become outdated.
Additionally, 63 percent of respondents find that the lack of visibility into their endpoints is the most significant barrier to achieving a strong security posture.
IT organisations are facing unprecedented rates of distribution point sprawl, which has grown rapidly since the onset of the COVID-19 pandemic. 61 percent of respondents say distribution points have increased in the last two years, and the average endpoint has as many as 7 agents installed for remote management, further adding to management complexity.
https://www.helpnetsecurity.com/2022/07/14/businesses-are-adding-more-endpoints/
Ransomware Activity Resurges in Q2
Ransomware activity rose by a fifth in the last quarter, according to a report from security firm Digital Shadows.
The company, which monitors almost 90 data leak sites on the dark web, observed ransomware groups name 705 victims in Q2 2022, representing a 21% increase over last quarter’s 582. This was a resurgence in activity following a 25.3% decline quarter-on-quarter during Q1.
The LockBit ransomware group overtook Conti in victim numbers as Conti ceased operations following the leak of internal chat logs. Conti had reached almost 900 victims during its operations, but LockBit is now closing in on 1,000 after a 13% growth in activity during the quarter.
LockBit also continued to innovate, releasing version 3 of its ransomware with new features, including support for payments using the Zcash cryptocurrency. It also launched a reward program for any information on high-value targets, along with a data leak site that allows anyone to purchase victim data.
At around 230, Lockbit’s quarterly victim numbers far exceeded any other group in Q2. It was accountable for almost a third of all postings to leak sites in Q2. Conti, which had limped along for several weeks after its own data leak, managed just over 50. In third place was Alphv, which grew 118% during the quarter. Basta came in fourth.
Some other smaller groups are also growing rapidly, according to the report. Vice Society, in fifth place this quarter, doubled its activity.
https://www.infosecurity-magazine.com/news/ransomware-activity-resurges-q2/
One-Third of Users Without Security Awareness Training Click on Phishing URLs
Phishing attacks just won't die, and new data underscores their effectiveness among users who have not been provided security awareness training.
According to data pulled from security awareness training provider KnowBe4's clients, 32.4% of users will fall for a phish — clicking on a link or following a phony request — if those users have not had any official training. The disconnect is worse in some industry sectors, including consulting, energy and utilities, and healthcare and pharmaceuticals, where half of all untrained users fall for phishing attacks.
The data was pulled from 23.4 million simulated phishing tests conducted at more than 30,000 organisations, encompassing some 9.5 million users. According to KnowBe4, 90 days after monthly or more training, the number of phishing test fails dropped to around 17.6%, and to 5% after one year of regular awareness training.
https://www.darkreading.com/remote-workforce/one-third-of-users-click-on-phishing
Ransomware Scourge Drives Price Hikes in Cyber Insurance
Cyber security insurance costs are rising, and insurers are likely to demand more direct access to organisational metrics and measures to make more accurate risk assessments.
The rising cost of ransomware attacks is helping push significant premium increases in cyber insurance policies in the UK and US, new data shows.
With the average payouts across the past two years averaging more than $3.5 million in the US, a growing number of cyber security insurers want direct access to customer security metrics and measures. This would help prove the status of security controls, according to a Panaseer report on the state of the cyber insurance industry.
However, insurance firms are struggling to accurately understand a customer's security posture, which is in turn affecting price increases.
Panaseer notes that 82% of insurers surveyed said they expect the rise in premiums to continue. The increasing cost of ransomware is putting premiums up, and the increase in the number of attacks, as well as the number of successful attacks, means insurance is getting harder to get and is getting more expensive.
Meanwhile, 87% of insurers surveyed say they want a more consistent approach to analysing cyber-risk. Fundamentally, insurers need better information in order to price the risk — questionnaires aren't going to cut it. Having real live data coming from a customer about their security posture is what's going to be required for them to accurately price risk, in the same way that telematics did for car insurance.
Conventional Cyber Security Approaches Are Falling Short
Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can’t keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organisations are not well prepared for today’s rapidly shifting threat landscape.
On average, organisations experienced 15% more cyber security incidents in 2021 than in 2020. In addition, “material breaches”— defined as “those generating a large loss, compromising many records, or having a significant impact on business operations” — jumped 24.5%.
The top four causes of the most significant breaches reported by the affected organisations were:
Human error
Misconfigurations
Poor maintenance/lack of cyber hygiene
Unknown assets.
https://www.helpnetsecurity.com/2022/07/14/conventional-cybersecurity-approaches/
Virtual CISOs Are the Best Defence Against Accelerating Cyber-Risks
The cyber security challenges that companies are facing today are vast, multidimensional, and rapidly changing. Exacerbating the issue is the relentless evolution of threat actors and their ability to outmanoeuvre security controls effortlessly.
As technology races forward, companies without a full-time CISO (Chief Information Security Officer) are struggling to keep pace. For many, finding, attracting, retaining, and affording the level of skills and experience needed is out of reach or simply unrealistic. Enter the virtual CISO (vCISO). These on-demand experts provide security insights to companies on an ongoing basis and help ensure that security teams have the resources they need to be successful.
Typically, an engagement with a vCISO is long lasting, but in a fractional delivery model. This is very different from a project-oriented approach that requires a massive investment and results in a stack of deliverables for the internal team to implement and maintain. A vCISO not only helps to form the approach, define the action plan, and set the road map but, importantly, stays engaged throughout the implementation and well into the ongoing management phases.
The best vCISO engagements are long-term contracts. Typically, there's an upfront effort where the vCISO is more engaged in the first few months to establish an understanding, develop a road map, and create a rhythm with the team. Then, their support drops into a regular pace which can range from two to three days per week or five to ten days per month.
Firms Not Planning for Supply Chain Threats
Enterprises are failing to plan properly for supply chain risks and cyber security threats from the wider digital ecosystem, a leading technology consultancy has warned.
According to Tata Consultancy Services (TCS), firms put the risks posed by ecosystem partners at the bottom of a list of 10 key threats. CISOs and chief risk officers believed that financial systems, customer databases and R&D were the systems most likely to be targeted. Supply chain and distribution was placed in ninth.
The report, based on a survey of larger firms with annual revenues of $1bn or more, found that only 16% of chief risk officers believed the digital ecosystem was a concern when it comes to cyber risks, and only 14% said those ecosystems were a priority for board level discussions.
The research also found that a small number of enterprises fail to focus on cyber risk, with one in six boards discussing it only “occasionally, as necessary or never.” TCS found, though, that organisations with above-average profit and revenue growth were more likely to put cyber security on the agenda at board meetings.
TCS also found that enterprises view the cloud as a more secure environment than conventional data centres and on-premises systems. Additionally, the research highlighted ongoing concerns about skills and the need to attract and retain talented security staff. Firms where senior leaders focus on cyber security are more likely to be able to close the skills gap, according to the study.
https://www.infosecurity-magazine.com/news/planning-supply-chain-threats/
Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?
IT service provider and consulting firm Capgemini is facing a lawsuit related to a June 2020 data breach. The plaintiff — gaming company Razer — is seeking $7 million in damages. A trial in Singapore’s High Court regarding the dispute is underway, according to Vulcan Post.
Razer claims it has suffered approximately $6.85 million in profit losses from its online website due to the data breach. Razer is pursuing damages for an unquantified sum for profit losses from the rejection of its digital bank license application.
The Razer data breach occurred due to an issue with an IT system. It may have exposed the personal information of about 100,000 Razer customers.
The Razer data breach may have occurred due to a misconfigured Elasticsearch cluster. It also was exposed to the public and indexed by public search engines and took more than three weeks to fix.
Experts from Razer and Capgemini agreed that the data breach was caused by a security misconfiguration. However, Razer now claims that a Capgemini employee recommended the IT system that led to the breach and is therefore responsible for the incident.
Security Culture: Fear of Cyber Warfare Driving Initiatives
KnowBe4, the provider of security awareness training and simulated phishing platform, has conducted a survey during Infosecurity Europe, which evaluated the opinions of nearly 200 security professionals towards security culture, or more specifically: the ideas, customs and social behaviours of an organisation that influence their security practices.
The research found the threat of cyber warfare (30%) or experiencing a data breach or cyber attack (30%) were the two biggest reasons why security professionals wanted to improve security culture at their organisations. Given the current invasion of Ukraine by Russia and the resulting cyber security warnings announced by many of the world’s leading governments, improving current cyber security efforts has continued to be a top priority for many.
The study also revealed just over two thirds (67%) answered that a strong security culture would very likely reduce the risk of security incidents, with the majority (85%) directing their efforts into both improving security awareness training and communicating values expected from employees regarding security.
However, there are many obstacles when attempting to create a strong security culture, with the main issue being a lack of budget (26%) which was followed security professionals facing indifference from fellow employees (24%) and a lack of senior management support (16%).
Interestingly, just under three quarters (73%) admitted to putting an increased effort into measuring employees understanding of security – this still leaves a considerable gap of 27% that do not, something many security professionals will want to consider closing. Thankfully, 38% agree this aspect of security culture would be an area they want to improve in their organisation. When witnessing a colleague display poor security practises, 67% of UK security experts would prefer to tell the individual discreetly, while just under a third (31%) would send the member of staff training material to review. Only 18% would report the individual to the security team.
Cryptocurrency 'Mixers' See Record Transactions from Sanctioned Actors
Use of so-called cryptocurrency “mixers,” which combine various types of assets to mask their origin, peaked at a 30-day average of nearly $52 million worth of digital currency in April, representing an unprecedented volume of funds moving through those services, researchers at cryptocurrency research firm Chainalysis found.
A near two-fold increase in funds sent from illicit addresses has accelerated the increase, indicating that the technology that can obfuscate the currency continues to be highly attractive to cyber criminals.
Cryptocurrency mixers work by taking an individual’s cryptocurrency and combining it with a larger pool before returning units equivalent to the original amount minus a service fee to the original account. As a result, it makes it harder for law enforcement and cryptocurrency analysts to trace the currency.
Mixers aren’t solely used by criminals, but they are extremely popular with them. 10% of all funds from illicit wallets are sent to mixers, while mixers received less than 0.5% of the share of other sources of funds tracked by the firm, including decentralised finance projects.
The bulk of illicit funds transferred to mixers came from sanctioned actors, primarily Russian dark net market Hydra and more recently the Lazarus Group, a group of North Korean state-backed hackers. International law enforcement took out Hydra, which had been responsible for 80% of dark web transactions involving cryptocurrency, in May. The US Treasury’s Office of Foreign Assets Control followed with sanctions on more than 100 of its cryptocurrency addresses.
The use of mixers by North Korea state-backed hackers, and a popular mixer they employed to launder funds, made up the rest of the transfers.
https://www.cyberscoop.com/cryptocurrency-mixers-see-record-transactions-from-sanctioned-actors/
Online Payment Fraud Expected to Cost $343B Over Next 5 Years
Despite ratcheted-up efforts to prevent account takeover, fraudsters are cashing in on a range of online payment fraud schemes, which researchers predict will cost retail organisations more than $343 billion over the next five years.
Physical good purchases are loss leaders, making up 49% of online payment fraud, driven in large part by developing markets with little address verification, according to a new Juniper Research report.
Fundamentally, no two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution. Payment fraud detection and prevention vendors must build a multitude of verification capabilities, and intelligently orchestrate different solutions depending on circumstances, in order to correctly protect both merchants and users.
Threats
Ransomware
Paying ransomware crooks won’t reduce your legal risk, warns regulator – Naked Security (sophos.com)
New Lilith ransomware emerges with extortion site, lists first victim (bleepingcomputer.com)
Experts warn of the new 0mega ransomware operation - Security Affairs
Organisations Warned of New Lilith, RedAlert, 0mega Ransomware | SecurityWeek.Com
Microsoft links H0ly Gh0st ransomware operation to North Korean hackers (bleepingcomputer.com)
Feds Issue Warning for North Korean-backed Ransomware Hijackers - MSSP Alert
Ransomware gang now lets you search their stolen data (bleepingcomputer.com)
Rise in ransomware drives IT leaders to implement data encryption - Help Net Security
Bandai Namco confirms hack after ALPHV ransomware data leak threat (bleepingcomputer.com)
1.9m patients' medical data exposed in PFC ransomware attack • The Register
Phishing & Email Based Attacks
Email scams are getting more personal – they even fool cyber security experts (theconversation.com)
Hackers impersonate cyber security firms in callback phishing attacks (bleepingcomputer.com)
$8 million stolen in large-scale Uniswap airdrop phishing attack (bleepingcomputer.com)
Almost a third of untrained users will click a phishing link - KnowBe4 research - IT Security Guru
PayPal phishing kit added to hacked WordPress sites for full ID theft (bleepingcomputer.com)
Other Social Engineering
Rise In Smishing Scams, Why And How To Protect? (informationsecuritybuzz.com)
How Hackers Create Fake Personas for Social Engineering (darkreading.com)
How attackers abuse Quickbooks to send phone scam emails - Help Net Security
Malware
Mobile
New Android malware on Google Play installed 3 million times (bleepingcomputer.com)
The weaponizing of smartphone location data on the battlefield - Help Net Security
Internet of Things – IoT
Honda Admits Hackers Could Unlock Car Doors, Start Engines | SecurityWeek.Com
Watch This $80,000 Tesla Model Y Get Hacked With $20 Hardware - autoevolution
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Scams Soar Despite Crash (informationsecuritybuzz.com)
Cryptocurrency flowing into “mixers” hits an all-time high. Wanna guess why? | Ars Technica
Hackers stole $620 million from Axie Infinity via fake job interviews (bleepingcomputer.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Insurance
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Identity and Access Management
Encryption
Social Media
Training, Education and Awareness
Privacy
New Cache Side Channel Attack Can De-Anonymize Targeted Online Users (thehackernews.com)
Amazon handed Ring video to police without warrant, consent • The Register
TikTok Chief Security Officer Steps Down Amid Concerns About Privacy (businessinsider.com)
Regulations, Fines and Legislation
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber espionage groups increasingly target journalists and media organisations | CSO Online
Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine (darkreading.com)
Lithuanian Energy Firm Disrupted by DDOS Attack - Infosecurity Magazine (infosecurity-magazine.com)
Security vendor splits to address Russia’s war in Ukraine • The Register
Apple previews Lockdown Mode, a new extreme security feature | ZDNet
Nation State Actors
Nation State Actors – North Korea
Nation State Actors – Misc APT
Vulnerabilities
DHS warns: Expect Log4j risks for 'a decade or longer' • The Register
Microsoft's Patch Tuesday fixes one bug under active exploit • The Register
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution (cisecurity.org)
CISA orders agencies to patch new Windows zero-day used in attacks (bleepingcomputer.com)
Flaw in Netwrix Auditor application allows arbitrary code execution - Security Affairs
Elastix VoIP systems hacked in massive campaign to install PHP web shells (bleepingcomputer.com)
Hackers Targeting VoIP Servers by Exploiting Digium Phone Software (thehackernews.com)
Anvil Mobile Hit By New Exploit - DNS Hijacking. (informationsecuritybuzz.com)
Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now (darkreading.com)
Buggy WordPress plugin allows complete site takeover • The Register
VMware patches vCenter Server flaw disclosed in November (bleepingcomputer.com)
AMD, Intel chips vulnerable to 'Retbleed' Spectre variant • The Register
Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs (bleepingcomputer.com)
Microsoft releases PoC exploit for macOS sandbox escape vulnerability (bleepingcomputer.com)
AWS squashes authentication bugs in Kubernetes service • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Other News
5 key considerations for your 2023 cyber security budget planning | CSO Online
What Are the Risks of Employees Going on a 'Hybrid Holiday'? (darkreading.com)
New ‘Luna Moth’ hackers breach orgs via fake subscription renewals (bleepingcomputer.com)
Experian accounts could still be at risk from hackers | TechRadar
Mergers and acquisitions are a strong zero-trust use case • The Register
Recruitment agency Morgan Hunt confirms 'cyber incident' • The Register
New Exploit Attacks UK Routers and Runs Up Mobile Data Bills - ISPreview UK
How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub (darkreading.com)
Data breaches explained: Types, examples, and impact | CSO Online
President of European Central Bank Christine Lagarde targeted by hackers - Security Affairs
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 July 2022
Black Arrow Cyber Threat Briefing 08 July 2022:
-Businesses Urged Not To Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts
-People Are the Primary Attack Vector Around the World
-Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams
-54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)
-New Cyber Threat Emerges from the Inside, Research Report Finds
-Ransomware: Why it's still a big threat, and where the gangs are going next
-NCSC: Prepare for Protected Period of Heightened Cyber-Risk
-69% Of Employees Need to Deal With More Security Measures In A Hybrid Work Environment
-FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying
-As Cyber Criminals Recycle Ransomware, They're Getting Faster
-UK Military Investigates Hacks on Army Social Media Accounts
-APT Campaign Targeting SOHO Routers Highlights Risks to Remote Workers
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Businesses Urged Not to Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts
While there have been arguments made for criminalising the payment of ransoms, it poses a number of additional risks such as providing the criminals with an additional factor they could use to extort their victims.
Businesses are being urged not to pay cyber extortionists as authorities say they are seeing evidence of a rise in ransomware payments.
In a joint letter to the Law Society, the National Cyber Security Centre (NCSC) and the Information Commissioner's Office are warning solicitors who may have been advising their clients to pay.
It follows warnings earlier this year by cyber security experts from the UK, US, and Australia of a "growing wave of increasingly sophisticated ransomware attacks" which could have "devastating consequences".
The joint letter states that while ransomware payments are "not unusually unlawful" those who pay them "should be mindful of how relevant sanctions regimes (particularly those related to Russia)" when considering making the payment.
The US sanctioned in December 2019 any financial dealings with a Russian cyber crime group that was accused of working with Russian intelligence to steal classified government documents.
Despite the spillover from the Russian war in Ukraine - in one case knocking 5,800 wind turbines in Germany offline - the NCSC says it has not detected any increase in hostile activity targeting Britain during the conflict.
Businesses however had been warned that there is a heightened threat level when it comes to cyber attacks due to the conflict which is likely to be here "for the long-haul".
People Are the Primary Attack Vector Around the World
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber secure workforce and an engaged security culture.
People have become the primary attack vector for cyber-attackers around the world. Humans, rather than technology, represent the greatest risk to organisations and the professionals who oversee security awareness programs are the key to effectively managing that risk.
Awareness programs enable security teams to effectively manage their human risk by changing how people think about cyber security and help them exhibit secure behaviours, from the Board of Directors on down.
Effective and mature security awareness programs not only change their workforce’s behaviour and culture but also measure and demonstrate their value to leadership via a metrics framework. Organisations can no longer justify an annual training to tick the compliance box, and it remains critical for organisations to dedicate enough personnel, resources, and tools to manage their human risk effectively.
https://www.helpnetsecurity.com/2022/07/05/people-primary-attack-vector/
Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails.
Avoiding a costly social engineering attack often requires employees to spot suspicious emails before threat actors request sensitive information or access.
Cofense Intelligence published new research Thursday that showed most business email compromise (BEC) scams can be thwarted in their initial stages when the attackers are not asking for money or a transfer of funds. The cyber security vendor analysed hundreds of BEC emails sent to customers during March and April, and engaged with the threat actors in approximately half the cases.
The company found that only 36% of attackers looking to conduct fraud attacks opened with a cordial greeting and request for cash, gift cards or confidential payment information. Most BEC scams, Cofense found, attempt to slowly build up trust over the course of multiple email exchanges with the target and ingratiate them with common phrases like "sorry to bother you."
Once they realise they can get money out of you, they will do everything they can to drain you dry. For many of the scammers, this becomes a literal hustle, where they will quickly pivot to other cash-out methods. Just because something starts as a wire transfer doesn't mean they won't ask you to send cryptocurrency, gift cards, a cheque, or use your personal Venmo or PayPal to wire them money.
54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)
SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business Multi-Factor Authentication (MFA) Study released by the Cyber Readiness Institute (CRI).
Services that enforce MFA require users to present more than one piece of evidence whenever they log in to a business account (e.g., company email, payroll, human resources, etc.).
MFA has been in use for decades and is widely recommended by cyber security experts, yet 55% of SMBs surveyed are not “very aware” of MFA and its security benefits, and 54% do not use it for their business. Of the businesses that have not implemented MFA, 47% noted they either didn’t understand MFA or didn’t see its value. In addition, nearly 60% of small business and medium-sized owners have not discussed MFA with their employees.
Nearly all account compromise attacks can be stopped outright, just by using MFA. It’s a proven, effective way to thwart bad actors.
Of the companies that have implemented some form of MFA, many still seem to have done so haphazardly. Only 39% of those who offer MFA have a process for prioritising critical hardware, software, and data, with 49% merely “encouraging the use of MFA when it is available.”
https://www.helpnetsecurity.com/2022/07/08/smb-implement-mfa/
New Cyber Threat Emerges from the Inside, Research Report Finds
In its 2022 Insider Risk Intelligence & Research Report, DTEX Systems, a workforce cyber intelligence and security company, identifies a new cyber threat: the “Super Malicious Insider.”
Just what is a Super Malicious Insider and where does it come from? Well, it comes from inside your own organisation or someone who recently worked for you — a threat actor who may be truly of your own making.
“It was the year (2021) we all came to realise the Work-from-Anywhere (WFA) movement was here to stay,” DTEX reports. “For security and risk professionals, this hastened the end of corporate perimeter-centric security, and a requirement to protect hundreds of thousands of ‘remote offices’ outside of traditional corporate controls. To make matters worse, a measurable increase in employee attrition toward the end of 2021 created the perfect storm for insider threats.”
So, if your organisation didn’t observe a proportional increase in attempted or actual data loss, then you were likely not looking, DTEX asserts.
Critically your insiders know your vulnerabilities and can exploit them, for example, when an employee quits to join a competitor, it is often tempting to take proprietary information with them. This can include customer lists, product plans, financial data and other intellectual property.
The Super Malicious Insider is better able to hide their activities, obfuscate data and exfiltrate sensitive information without detection. Importantly, in numerous insider incidents reviewed in 2021, the Super Malicious Insider had made significant efforts to appear normal by not straying outside of their day-to-day routine, DTEX reports.
Here are some key statistics from the report:
Industrial espionage is at an all-time high. In 2021, 72% of respondents saw an increase in actionable insider threat incidents. IP or data theft led the list at 42% of incidents, followed by unauthorised or accidental disclosure (23%), sabotage (19%), fraud (%) and other (7%). In fact, 42% of all DTEX i3 investigations involved theft of IP or customer data.
The technology industry (38%), followed by pharma/life sciences (21%), accounted for the most IP theft incidents. In addition, technology (33%) had the most super malicious incidents, followed by critical infrastructure (24%) and government (11%).
Investigations that led to criminal prosecution occurred within someone’s home 75% of the time. More telling, 32% of malicious incident incidents included sophisticated insider techniques.
Ransomware: Why It's Still A Big Threat, And Where The Gangs Are Going Next
Ransomware attacks are still lucrative for cyber criminals because victims pay ransoms - and the threat is still evolving.
Ransomware has been a cyber security issue for a long time, but last year it went mainstream. Security threats like malware, ransomware and hacking gangs are always evolving.
Major ransomware attacks like those on Colonial Pipeline, the Irish Healthcare Executive and many others demonstrated how significant the problem had become as cyber attacks disrupted people's lives.
What was once a small cyber-criminal industry based around encrypting files on personal computers and demanding a ransom of a few hundred dollars for a decryption key had evolved into a massive ecosystem designed around holding critical services and infrastructure to ransom - and making extortion demands of millions of dollars.
No wonder Lindy Cameron, head of the UK's National Cyber Security Centre (NCSC), has described ransomware as "the biggest global cyber threat".
Ransomware is continually evolving, with new variants appearing, new ransomware groups emerging, and new techniques and tactics designed to make the most money from attacks.
And as the recent Conti ransomware leaks showed, the most successful ransomware gangs are organised as if they were any other group of software developers.
They are really acting like a business. Aside from the fact they're not legitimately registered, they really are. They're functioning like a real business and sometimes the number of people within these organisations is bigger than some startups. They have shown a lot of resilience and a lot of agility in adapting to what's new.
NCSC: Prepare for Protracted Period of Heightened Cyber Risk
The UK’s leading cyber security agency has urged organisations to follow best practices and take care of their infosecurity staff in order to weather an extended period of elevated cyber risk due to the ongoing war in Ukraine.
The National Cyber Security Centre (NCSC) guide, Maintaining A Sustainable Strengthened Cyber Security Posture, comes on the back of warnings that organisations must “prepare for the long haul” as the conflict enters its fifth month.
Alongside basic hygiene controls, the strengthening of cyber-resilience and revisiting of risk-based decisions made in the earlier acute phase of the war, organisations should pay special attention to their security staff, the NCSC said.
“Increased workloads for cyber security staff over an extended period can harm their wellbeing and lead to lower productivity, with a potential rise in unsafe behaviours or errors,” it said.
With this in mind, the guide highlighted several steps IT security managers should consider:
Empower staff to make decisions in order to improve agility and free-up leaders to focus on medium-term priorities
Spread workloads evenly across a wider pool of staff to reduce the risk of burnout and enable less experienced employees to benefit from development opportunities
Provide opportunities for staff to recharge through more frequent breaks and time away from the office, as well as work on less pressured tasks
Look after each other by watching for signs that colleagues are struggling and ensuring they always have the right resources to hand
Engage the entire workforce with the right internal communications processes, and support so that all staff are able to identify and report suspicious behaviour
https://www.infosecurity-magazine.com/news/ncsc-prepare-cyber-risk/
69% Of Employees Need to Deal with More Security Measures In A Hybrid Work Environment
Security firm Ivanti worked with global digital transformation experts and surveyed 10,000 office workers, IT professionals, and the C-Suite to evaluate the level of prioritisation and adoption of digital employee experience in organisations and how it shapes the daily working experiences for employees. The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe that the way they interact with technology directly impacts morale.
One of the biggest challenges facing IT leaders today is the need to enable a seamless end user experience while maintaining robust security. The challenge becomes more complex when there is pressure from the top to bypass security measures, with 49% of C-level executives reporting they have requested to bypass one or more security measures in the last year.
Maintaining a secure environment and focusing on the digital employee experience are two inseparable elements of any digital transformation. In the war for talent a key differentiator for organisations is providing an exceptional and secure digital experience. Ivanti, a cyber security software provider, says “We believe that organisations not prioritising how their employees experience technology is a contributing factor for the Great Resignation”.
https://www.helpnetsecurity.com/2022/07/04/security-measures-hybrid-work-environment/
FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying
The head of the FBI and the leader of Britain’s domestic intelligence agency have delivered an unprecedented joint address, raising fresh alarm about the Chinese government, warning business leaders that Beijing is determined to steal their technology for competitive gain.
In a speech at MI5’s London headquarters intended as a show of western solidarity, Christopher Wray, the FBI director, stood alongside the MI5 director general, Ken McCallum. Wray reaffirmed longstanding concerns about economic espionage and hacking operations by China, as well as the Chinese government’s efforts to stifle dissent abroad.
“We consistently see that it’s the Chinese government that poses the biggest long-term threat to our economic and national security, and by ‘our’, I mean both of our nations, along with our allies in Europe and elsewhere,” Wray said.
He told the audience the Chinese government was “set on stealing your technology, whatever it is that makes your industry tick, and using it to undercut your business and dominate your market”.
Ken McCallum said MI5 was running seven times as many investigations into China as it had been four years ago and planned to “grow as much again” to tackle the widespread attempts at inference which pervade “so many aspects of our national life”.
https://www.theguardian.com/world/2022/jul/06/fbi-mi5-china-spying-cyberattacks-business-economy
As Cyber Criminals Recycle Ransomware, They're Getting Faster
Like history, ransomware repeats itself. Researchers recently encountered a new variant of a ransomware campaign and observed that it has been improving itself by reusing code from publicly available sources.
Nokoyawa is a new ransomware for Windows that first appeared at the beginning of this year. The first samples found by researchers were gathered in February 2022 and contain significant coding similarities with other older ransomware strains, some going back to 2019.
These new variants had been improving themselves by reusing code from publicly available sources. The April 2022 samples include three new features that increase the number of files that Nokoyawa can encrypt. These features already existed in recent ransomware families, and their addition just indicates that Nokoyawa developers are trying to match pace with other operators in terms of technological capability.
https://www.securityweek.com/cybercriminals-recycle-ransomware-theyre-getting-faster
UK Military Investigates Hacks on Army Social Media Accounts
British military authorities are trying to find out who hacked the army’s social media accounts over the weekend, flooding them with cryptocurrency videos and posts related to collectible electronic art.
The investigation was launched after authorised content on the army’s YouTube account was replaced with a video feed promoting cryptocurrencies that included images of billionaire Elon Musk. The Army’s Twitter account retweeted a number of posts about non-fungible tokens, unique digital images that can be bought and sold but have no physical counterpart.
“Apologies for the temporary interruption to our feed,” the Army said in a tweet posted after the Twitter account was restored on Sunday. “We will conduct a full investigation and learn from this incident. Thanks for following us, and normal service will now resume.”
The Ministry of Defence said late Sunday that both breaches had been “resolved.”
While internet users were unable to access the Army’s YouTube site on Monday, a spokesperson said the site was down for standard maintenance. The Twitter feed was operating normally.
Although U.K. officials have previously raised concerns about state-sponsored Russian hacking, the military did not speculate on who was responsible for Sunday’s breaches.
“The Army takes information security extremely seriously, and until their investigation is complete it would be inappropriate to comment further,” the Ministry of Defence said.
https://www.securityweek.com/uk-military-investigates-hacks-army-social-media-accounts
Campaign Targeting SOHO Routers Highlights Risks to Remote Workers
A targeted attack campaign has been compromising small office/home office (SOHO) routers since late 2020, with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself.
"The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defence-in-depth protections by targeting the weakest points of the new network perimeter - devices that are routinely purchased by consumers but rarely monitored or patched - small office/home office (SOHO) routers," researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.
Threats
Ransomware
Lawyers Urged to Stop Advising Clients to Pay Ransomware Demands - Infosecurity Magazine
Ransomware in 2022: Evolving threats, slow progress (techtarget.com)
AstraLocker ransomware closes doors to pursue cryptojacking • The Register
Ransomware gangs are feeling the crypto winter's impact | TechSpot
LockBit explained: How it has become the most popular ransomware | CSO Online
Hive ransomware gang turns to Rust, more complex encryption • The Register
New RedAlert Ransomware targets Windows, Linux VMware ESXi servers (bleepingcomputer.com)
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)
North Korean ransomware dubbed Maui active since May 2021 • The Register
Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method (thehackernews.com)
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)
New 'HavanaCrypt' Ransomware Distributed as Fake Google Software Update | SecurityWeek.Com
As New Clues Emerges, Experts Wonder: Is REvil Back? (thehackernews.com)
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)
New 0mega ransomware targets businesses in double-extortion attacks (bleepingcomputer.com)
Evolution of the LockBit Ransomware operation relies on new techniques - Security Affairs
AstraLocker ransomware shuts down and releases decryptors (bleepingcomputer.com)
QNAP warns of new Checkmate ransomware targeting NAS devices (bleepingcomputer.com)
Quantum ransomware attack affects 657 healthcare orgs (bleepingcomputer.com)
How Conti ransomware group crippled Costa Rica — then fell apart | Financial Times (ft.com)
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)
EternalBlue 5 years after WannaCry and NotPetya - SANS Internet Storm Center
Phishing & Email Based Attacks
Malware
Hackers Exploiting Follina Bug to Deploy Rozena Backdoor (thehackernews.com)
Dangerous new malware dances past more than 50 antivirus services | TechRadar
Raspberry Robin campaign leverages compromised QNAP devicesSecurity Affairs
Malware knocks IT services vendor SHI offline • The Register
Near-undetectable malware linked to Russia's Cozy Bear • The Register
New stealthy OrBit malware steals data from Linux devices (bleepingcomputer.com)
Hackers are using YouTube videos to trick people into installing malware | TechRadar
Mobile
This WhatsApp scam promises big, but just sends you into a spiral | ZDNet
Android malware subscribes you to premium services without you knowing - GSMArena.com news
Free smartphone stalkerware detection tool gets dedicated hub (bleepingcomputer.com)
Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)
Internet of Things – IoT
Data Breaches/Leaks
Marriott Data Breach Exposes PII, Credit Cards (darkreading.com)
Aon Hack Exposed Sensitive Information of 146,000 Customers - Infosecurity Magazine
Hackers Claim to Have Stolen Police Data in China’s Largest Cyber Security Breach - Bloomberg
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ransomware gangs are feeling the crypto winter's impact | TechSpot
AstraLocker ransomware closes doors to pursue cryptojacking • The Register
Hackers are using YouTube videos to trick people into installing malware | TechRadar
PennyWise crypto-stealing malware spreads through YouTube (cointelegraph.com)
US urges Japan to step up pressure on crypto miners with links to Russia | Financial Times (ft.com)
Large-scale cryptomining campaign is targeting the NPM repositorySecurity Affairs
ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru
Insider Risk and Insider Threats
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost
HackerOne incident raises concerns for insider threats (techtarget.com)
Fraud, Scams & Financial Crime
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru
What Do All of Those Cloud Cyber Security Acronyms Mean? (darkreading.com)
Identity and Access Management
Asset Management
Encryption
Encryption is high up on corporate priority lists - Help Net Security
Quantum-resistant encryption recommended for standardization • The Register
The threat of quantum computing to sensitive data - Help Net Security
Inside NIST's 4 Crypto Algorithms for a Post-Quantum World (darkreading.com)
End-to-end encryption’s central role in modern self-defence | Ars Technica
API
Open Source
Social Media
Digital Transformation
Travel
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
ICO Set to Scale Back Public Sector Fines - Infosecurity Magazine
ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)
Wegmans hit with $400,000 data-breach penalty (democratandchronicle.com)
Models, Frameworks and Standards
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware (thehackernews.com)
Pro-Kremlin hackers Killnet hit Latvia with biggest cyber attack in its history | World | The Times
TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (thehackernews.com)
NATO Announce Plans to Develop Cyber Rapid Response Capabilities - IT Security Guru
FBI and MI5 bosses: China cheats and steals at massive scale • The Register
Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop
In Switch, Trickbot Group Now Attacking Ukrainian Targets (darkreading.com)
Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)
Nation State Actors
Nation State Actors – Russia
Russian Info Ops Ramp Up Effort to Divide West on Ukraine - Infosecurity Magazine
Near-undetectable malware linked to Russia's Cozy Bear • The Register
Nation State Actors – China
China Censors What Could Be Biggest Data Hack in History (gizmodo.com)
Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop
China’s Cabinet Stresses Cyber Security After Data Leak - Bloomberg
Security warning after sale of stolen Chinese data - BBC News
Five accused of trying to silence China critics in US • The Register
50 Chinese students leave UK in three years after spy chiefs’ warning | Espionage | The Guardian
More UK calls for ban of CCTV makers Hikvision, Dahua • The Register
Nation State Actors – North Korea
Russian information operations focus on dividing Western coalition supporting Ukraine - CyberScoop
North Korean ransomware dubbed Maui active since May 2021 • The Register
Nation State Actors – Iran
Vulnerabilities
Cisco and Fortinet Release Security Patches for Multiple Products (thehackernews.com)
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE - Security Affairs
Django fixes SQL Injection vulnerability in new releases (bleepingcomputer.com)
Google fixes the fourth Chrome zero-day in 2022 - Security Affairs - Security Affairs
Tens of Jenkins plugins are affected by zero-day vulnerabilities - Security Affairs
OpenSSL fixes two “one-liner” crypto bugs – what you need to know – Naked Security (sophos.com)
Fortinet addressed multiple vulnerabilities in several products - Security Affairs
There’s a Nasty Security Hole in the Apache Webserver – The New Stack
Sector Specific
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
We currently provide tailored threat intelligence based on the following sectors, additional sectors by arrangement:
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Other News
These are the cyber security threats of tomorrow that you should be thinking about today | ZDNet
Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk (darkreading.com)
Microsoft rolls back plan to block macros by default • Graham Cluley
Attacker groups adopt new penetration testing tool Brute Ratel | CSO Online
Security tester says he broke into datacenter via toilets • The Register
SQL injection, XSS vulnerabilities continue to plague organisations | CSO Online
Imagination is key to effective data loss prevention - Help Net Security
The Age of Collaborative Security: What Tens of Thousands of Machines Witness (thehackernews.com)
Maintaining a sustainable strengthened cyber security posture - NCSC.GOV.UK
Zero Trust Bolsters Our National Defence Against Rising Cyber Threats (darkreading.com)
Security advisory accidentally exposes vulnerable systems (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 June 2022
Black Arrow Cyber Threat Briefing 24 June 2022:
-The NCSC Sets Out the UK’s Cyber Threat Landscape
-We're Now Truly in The Era of Ransomware as Pure Extortion Without the Encryption
-5 Social Engineering Assumptions That Are Wrong
-Gartner: Regulation, Human Costs Will Create Stormy Cyber Security Weather Ahead
-Ransomware Attacks - This Is the Data That Cyber Criminals Really Want to Steal
-Cloud Email Threats Soar 101% in a Year
-80% of Firms Suffered Identity-Related Breaches in Last 12 Months
-After Being Breached Once, Many Companies Are Likely to Be Hit Again
-Do You Have Ransomware Insurance? Look at the Fine Print
-The Price of Stolen Info: Everything on Sale On The Dark Web
-How Companies Are Prioritizing Infosec and Compliance
-Businesses Risk ‘Catastrophic Financial Loss’ from Cyber Attacks, US Watchdog Warns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
The NCSC Sets Out the UK’s Cyber Threat Landscape
The current state of the UK’s cyber threat landscape was outlined by the National Cyber Security Centre (NCSC), during a keynote address on the final day of Infosecurity Europe 2022.
They described the cyber threats posed by nation-states, particularly Russia and China. Russia remains “one of the world’s most prolific cyber actors and dedicates significant resources to conducting cyber operations across the globe.” The NCSC and international partner organisations have attributed a number of high-profile attacks related to the conflict to Russian state actors, including the Viasat incident on the eve of the invasion of Ukraine on February 24. Therefore, the NCSC recommends that organisations prepare for a dynamic situation that is liable to change rapidly.
The NCSC emphasised that a more significant long-term threat comes from China, citing GCHQ director Jeremy Fleming’s assertion that “Russia is affecting the weather, but China is shaping the climate.” She described the nation’s “highly sophisticated” activities in cyberspace, born out of its “increasing ambitions to project its influence beyond its borders.” This includes a keen interest in the UK’s commercial secrets.
In addition to nation-state attacks, the NCSC noted that cyber crime is continuing to rise, with ransomware a continuing concern. Attacks are expected to grow in scale, with threat actors likely to increasingly target managed service providers (MSPs) to gain access to a wider range of targets. More generally, cyber capabilities will become more commoditised over the next few years, meaning they are increasingly available to a larger group of would-be attackers who are willing to pay.
https://www.infosecurity-magazine.com/news/ncsc-uk-cyber-threat-landscape/
We're Now Truly in The Era of Ransomware as Pure Extortion Without the Encryption
Increasingly cyber crime rings tracked as ransomware operators are turning toward primarily data theft and extortion – and skipping the encryption step altogether. Rather than scramble files and demand payment for the decryption keys, and all the faff in between in facilitating that, simply exfiltrating the data and demanding a fee to not leak it all is just as effective. This shift has been ongoing for many months, and is now virtually unavoidable.
The FBI and CISA this month warned about a lesser-known extortion gang called Karakurt, which demands ransoms as high as $13 million. Karakurt doesn't target any specific sectors or industries, and the gang's victims haven't had any of their documents encrypted and held to ransom. Instead, the crooks claim to have stolen data, with screenshots or copies of exfiltrated files as proof, and they threaten to sell it or leak it publicly if they don't receive a payment.
Some of these thieves offer discounted ransoms to corporations to encourage them to pay sooner, with the demanded payment getting larger the longer it takes to cough up the cash (or Bitcoin, as the case may be).
Additionally, some crime groups offer sliding-scale payment systems. So you pay for what you get, and depending on the amount of ransom paid you get a control panel, you get customer support, you get all of the tools you need."
https://www.theregister.com/2022/06/25/ransomware_gangs_extortion_feature/
5 Social Engineering Assumptions That Are Wrong
Social engineering is involved in the vast majority of cyber attacks, but a new report from Proofpoint has revealed five common social engineering assumptions that are not only wrong but are repeatedly subverted by malicious actors in their attacks.
Threat actors don’t have conversations with targets.
Legitimate services are safe from social engineering abuse.
Attackers only use computers, not telephones.
Replying to existing email conversations is safe.
Fraudsters only use business-related content as lures.
Commenting on the report’s findings, Sherrod DeGrippo, Proofpoint’s Vice-President Threat Research and Detection, stated that the vendor has attempted to debunk faulty assumptions made by organisations and security teams so they can better protect employees against cyber crime. “Despite defenders’ best efforts, cyber criminals continue to defraud, extort and ransom companies for billions of dollars annually. Security-focused decision makers have prioritised bolstering defences around physical and cloud-based infrastructure, which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviours and interests.”
Indeed, cyber criminals will go to creative and occasionally unusual lengths to carry out social engineering campaigns, making it more difficult for users to avoid falling victim to them.
Gartner: Regulation, Human Costs Will Create Stormy Cyber Security Weather Ahead
Security teams should prepare for what researchers say will be a challenging environment through 2023, with increased pressure from government regulators, partners, and threat actors.
Gartner kicked off its Security & Risk Management Summit with the release of its analysts' assessments of the work ahead, which Richard Addiscott, the company's senior director analyst, discussed during his opening keynote address.
“We can’t fall into old habits and try to treat everything the same as we did in the past,” Addiscott said. “Most security and risk leaders now recognise that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program, and our architecture.”
Topping Gartner's list of eight predictions is a rise in the government regulation of consumer privacy rights and ransomware response, a widespread shift by enterprises to unify security platforms, more zero trust, and, troublingly, the prediction that by 2025 threat actors will likely have figured out how to "weaponise operational technology environments successfully to cause human casualties”, the cyber security report said.
Ransomware Attacks - This Is the Data That Cyber Criminals Really Want to Steal
There are certain types of data that criminals target the most, according to an analysis of attacks.
Data theft and extortion has become a common – and unfortunately effective – part of ransomware attacks, where in addition to encrypting data and demanding a ransom payment for the decryption key, gangs steal information and threaten to publish it if a payment isn't received.
These so-called double extortion attacks have become an effective tool in the arsenal of ransomware gangs, who leverage them to force victims to pay up, even in cases where data could be restored from offline backups, because the threat of sensitive information being published is too great.
Any stolen data is potentially useful to ransomware gangs, but according to analysis by researchers at cyber security company Rapid7, of 161 disclosed ransomware incidents where data was published, some data is seen as more valuable than others.
According to the report, financial services is the sector that is most likely to have customer data exposed, with 82% of incidents involving ransomware gangs accessing and making threats to release this data. Stealing and publishing sensitive customer information would undermine consumer trust in financial services organisations: while being hacked in the first place would be damaging enough, some business leaders might view paying a ransom to avoid further damage caused by data leaks to be worth it.
The second most-leaked type of file in ransomware attacks against financial services firms, featuring in 59% of disclosures from victims, is employee personally identifiable information (PII) and data related to human resources.
Cloud Email Threats Soar 101% in a Year
The number of email-borne cyber-threats blocked by Trend Micro surged by triple digits last year, highlighting the continued risk from conventional attack vectors.
The vendor stopped over 33.6 million such threats reaching customers via cloud-based email in 2021, a 101% increase. This included 16.5 million phishing emails, a 138% year-on-year increase, of which 6.5 million were credential phishing attempts.
Trend Micro also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware.
The news comes as Proofpoint warned in a new report of the continued dangers posed by social engineering, and the mistaken assumptions many users make.
Many users don’t realise that threat actors may spend considerable time and effort building a rapport over email with their victims, especially if they’re trying to conduct a business email compromise (BEC) attack, it said.
https://www.infosecurity-magazine.com/news/cloud-email-threats-soar-101-in-a/
80% of Firms Suffered Identity-Related Breaches in Last 12 Months
Rapidly growing employee identities, third-party partners, and machine nodes have companies scrambling to secure credential information, software secrets, and cloud identities, according to researchers.
In a survey of IT and identity professionals from Dimensional Research, almost every organisation — 98% — experienced rapid growth in the number of identities that have to be managed, with that growth driven by expanding cloud usage, more third-party partners, and machine identities. Furthermore, businesses are also seeing an increase in breaches because of this, with 84% of firms suffering an identity-related breach in the past 12 months, compared with 79% in a previous study covering two years.
The number and complexity of identities organisations are having to manage and secure is increasing. Whenever there is an increase in identities, there is a corresponding heightened risk of identity-related breaches due to them not being properly managed and secured, and with the attack surfaces also growing exponentially, these breaches can occur on multiple fronts.
For the most part, organisations focus on employee identities, which 70% consider to be the most likely to be breached and 58% believe to have the greatest impact, according to the 2022 "Trends in Securing Digital Identities" report based on the survey. Yet third-party partners and business customers are significant sources of risk as well, with 35% and 25% of respondents considering those to be a major source of breaches, respectively.
https://www.darkreading.com/operations/identity-related-breaches-last-12-months
After Being Breached Once, Many Companies Are Likely to Be Hit Again
Cymulate announced the results of a survey, revealing that two-thirds of companies who have been hit by cyber crime in the past year have been hit more than once, with almost 10% experiencing 10 or so more attacks a year.
Research taken from 858 security professionals surveyed across North America, EMEA, APAC and LATAM across a wide range of industries including technology, banking, finance and government, also highlighted larger companies hit by cyber crime are experiencing shorter disruption time and damage to business with 40% reported low damage compared with medium-size businesses (less than 2,500 employees) which had longer recovery times and more business affecting damage.
Other highlights
40% of respondents admitted to being breached over the past 12 months.
After being breached once, statistics showed they were more likely to be hit again than not (66%).
Malware (55%), and more specifically ransomware (40%) and DDoS (32%) were the main forms of cyber attacks experienced by those surveyed.
Attacks primarily occurred via end-user phishing (56%), via third parties connected to the enterprise (37%) or direct attacks on enterprise networks (34%).
22% of companies publicly disclosed cyber attacks in the worst-case breaches, with 35% needing to hire security consultants, 12% dismissing their current security professionals and 12% hiring public relations consultants to deal with the repercussions to their reputations. Top three best practices for cyber attack prevention, mitigation and remediation include multi-factor authentication (67%), proactive corporate phishing and awareness campaigns (53%), and well-planned and practiced incident response plans (44%). Least privilege also ranked highly, at 43%.
29% of attacks come from insider threats – intentionally or unintentionally.
Leadership and cyber security teams who meet regularly to discuss risk reduction are more cyber security-ready – those who met 15 times a year incurred zero breaches whereas those who suffered six or more breaches met under nine times on average.
https://www.helpnetsecurity.com/2022/06/21/companies-hit-by-cybercrime/
Do You Have Ransomware Insurance? Look at the Fine Print
Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance.
In recent years, ransomware insurance has grown as a product field because organisations are trying to buy protection against the catastrophic effects of a successful ransomware attack. Why try to buy insurance? Well, a single, successful attack can just about wipe out a large organisation, or lead to crippling costs – NotPetya alone led to a total of $10bn in damages.
Ransomware attacks are notoriously difficult to protect against completely. Like any other potentially catastrophic event, insurers stepped in to offer an insurance product. In exchange for a premium, insurers promise to cover many of the damages resulting from a ransomware attack.
Depending on the policy, a ransomware policy could cover loss of income if the attack disrupts operations, or loss of valuable data, if data is erased due to the ransomware event. A policy may also cover you for extortion – in others, it will refund the ransom demanded by the criminal.
The exact payout and terms will of course be defined in the policy document, also called the "fine print." Critically, fine print also contains exclusions, in other words circumstances under which the policy won't pay out. And therein lies the problem.
https://thehackernews.com/2022/06/do-you-have-ransomware-insurance-look.html
The Price of Stolen Info: Everything on Sale on The Dark Web
What is the price for personal information, including credit cards and bank accounts, on the dark web?
Privacy Affairs researchers concluded that criminals using the dark web need only spend $1,115 for a complete set of a person’s account details, enabling them to create fake IDs and forge private documents, such as passports and driver’s licenses.
Access to other information is becoming even cheaper. The Dark Web Price Index 2022 – based on data scanning dark web marketplaces, forums, and websites, revealed:
Credit card details and associated information cost between $17-$120
Online banking login information costs $45
Hacked Facebook accounts cost $45
Cloned VISA with PIN cost $20
Stolen PayPal account details, with minimum $1000 balances, cost $20.
In December 2021, about 4.5 million credit cards went up for sale on the dark web, the study found. The average price ranged from $1-$20.
Scammers can buy full credit card details, including CVV number, card number, associated dates, and even the email, physical address and phone number. This enables them to penetrate the credit card processing chain, overriding any security countermeasures.
https://www.helpnetsecurity.com/2022/06/22/stolen-info-sale-dark-web/
How Companies Are Prioritising Infosec and Compliance
New research conducted by Enterprise Management Associates (EMA), examines the impact of the compliance budget on security strategy and priorities. It describes areas for which companies prioritise information security and compliance, which leaders control information security spending, how compliance has shifted the overall security strategy of the organisation, and the solutions and tools on which organisations are focusing their technology spending.
The findings cover three critical areas of an organisation’s security and compliance posture: information security and IT audit and compliance, data security and data privacy, and security and compliance spending.
One key takeaway is that merging security and compliance priorities addresses regulatory control gaps while improving the organisation’s security posture. Respondents revealed insights on how they handle compliance, who is responsible for compliance and security responsibilities, and what compliance-related security challenges organisations face.
Additional findings:
Companies found the need to shift their information security strategy to address compliance priorities (93%).
Information security and IT compliance priorities are generally aligned (89%).
Existing security tools have to address data privacy considerations going forward (76%).
Managing an organisation’s multiple IT environments and the controls that govern those environments is the greatest challenge in the IT audit and compliance space (39%).
https://www.helpnetsecurity.com/2022/06/24/companies-infosec-compliance-priorities/
Businesses Risk ‘Catastrophic Financial Loss’ from Cyber Attacks, US Watchdog Warns
A US Government watchdog has warned that private insurance companies are increasingly backing out of covering damages from major cyber attacks — leaving businesses facing “catastrophic financial loss” unless another insurance model can be found.
The growing challenge of covering cyber risk is outlined in a new report from the Government Accountability Office (GAO), which calls for a government assessment of whether a federal cyber insurance option is needed.
The report draws on threat assessments from the National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Justice, to quantify the risk of cyber attacks on critical infrastructure, identifying vulnerable technologies that might be attacked and a range of threat actors capable of exploiting them.
Citing an annual threat assessment released by the ODNI, the report finds that hacking groups linked to Russia, China, Iran, and North Korea pose the greatest threat to US infrastructure — along with certain non-state actors like organised cyber criminal gangs.
Given the wide and increasingly skilled range of actors willing to target US entities, the number of cyber incidents is rising at an alarming rate.
Threats
Ransomware
Attackers exploited a Mitel VOIP zero-day to compromise a network Security Affairs
Chinese hackers use ransomware as decoy for cyber espionage (bleepingcomputer.com)
If you don't store valuable data, ransomware is impotent • The Register
Ransomware-as-a-Service: Learn to Enhance Cyber security Approaches (analyticsinsight.net)
Mitigate Ransomware in a Remote-First World (thehackernews.com)
Delivery Firm Yodel Scrambling to Restore Operations Following Cyber attack | SecurityWeek.Com
Black Basta Ransomware Becomes Major Threat in Two Months | SecurityWeek.Com
These hackers are spreading ransomware as a distraction - to hide their cyber spying | ZDNet
Conti ransomware hacking spree breaches over 40 orgs in a month (bleepingcomputer.com)
Conti effectively created an extortion-oriented IT company, says Group-IB - Help Net Security
Conti ransomware finally shuts down data leak, negotiation sites (bleepingcomputer.com)
Conti ransomware group's pulse stops, but did it fake its own death? | Malwarebytes Labs
Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks (darkreading.com)
Cyber attack: Gloucester council services still not back to normal - BBC News
Phishing & Email Based Attacks
Your email is a major source of security risks and it's getting worse | ZDNet
New Phishing Attack Infects Devices with Cobalt Strike- IT Security Guru
Voicemail phishing emails steal Microsoft credentials • The Register
The Risk of Multichannel Phishing Is on the Horizon (darkreading.com)
Cops arrests nine suspected of stealing millions via email • The Register
Cyber criminals Use Azure Front Door in Phishing Attacks - Security Affairs
Microsoft Exchange servers hacked by new ToddyCat APT gang (bleepingcomputer.com)
Cyber attackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign (darkreading.com)
Other Social Engineering
Proofpoint: Social engineering attacks slipping past users (techtarget.com)
Inside a large-scale phishing campaign targeting millions of Facebook users - Help Net Security
Malware
RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer (thehackernews.com)
Organisations Battling Phishing Malware, Viruses the Most (darkreading.com)
This Linux botnet has found a novel way of spreading to new devices | ZDNet
New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts (thehackernews.com)
NSA warns against silly mistake in the fight against Windows malware | TechRadar
Mobile
This Android malware is so dangerous, even Google is worried | TechRadar
Google is notifying Android users targeted by Hermit government-grade spyware | TechCrunch
This phone-wiping Android banking trojan is getting nastier | ZDNet
BRATA Android Malware Group Now Classified As Advanced Persistent Threat - Infosecurity Magazine
Spurred by Roe overturn, senators seek FTC probe of iOS and Android tracking | Ars Technica
Internet of Things – IoT
Data Breaches/Leaks
US Bank Data Breach Impacts Over 1.5 Million Customers - Infosecurity Magazine
CafePress fined $500,000 for breach affecting 23 million users (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers steal $100 million from California cryptocurrency firm - CNN
DARPA study finds blockchain not as decentralised as assumed • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Supply Chain and Third Parties
Cloud/SaaS
Microsoft 365 Users in US Face Raging Spate of Attacks (darkreading.com)
Getting a Better Handle on Identity Management in the Cloud (darkreading.com)
Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service (thehackernews.com)
Identity and Access Management
Risky behaviour reduced when executives put focus on identity security - Help Net Security
Access management issues may create security holes (techtarget.com)
IAM Research: Inadequate Programs Leave Organisations Open to Cyber Attacks - MSSP Alert
Why 84% Of US Firms Hit With Identity-Related Breaches In 2021 – Information Security Buzz
Open Source
Open-source software risks persist, according to new reports | CSO Online
Less Than Half of Organisations Have Open Source Security Policy - Infosecurity Magazine
Blind trust in open source security is hurting us: Report | ZDNet
Training, Education and Awareness
Privacy
Privacy-focused Brave Search grew by 5,000% in a year (bleepingcomputer.com)
Supreme Court's Roe v. Wade reversal sparks calls for strengthening privacy - CyberScoop
Regulations, Fines and Legislation
Do Privacy and Data Protection Regulations Create as Many Problems as They Solve? | SecurityWeek.Com
Law Enforcement Action and Take Downs
Phishing gang behind millions in losses dismantled by police (bleepingcomputer.com)
Euro Police Target Crime Groups Grooming Ukrainian Refugees Online - Infosecurity Magazine
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies | SecurityWeek.Com
Italian spyware firm is hacking into iOS and Android devices, Google says | Computerworld
NSO claims 'more than 5' EU states used its Pegasus spyware • The Register
#InfosecurityEurope2022: Geopolitical Tensions a “Danger” to Cyber security - Infosecurity Magazine
Examples of Cyber Warfare #TrendTalksBizSec (trendmicro.com)
Ukraine deploys a DDoS protection service to survive the cyberwar | VentureBeat
Lithuania warns of rise in DDoS attacks against government sites (bleepingcomputer.com)
Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign (darkreading.com)
Ukrainian cyber security officials disclose two new hacking campaigns - IT Security Guru
Scalper bots out of control in Israel, selling state appointments (bleepingcomputer.com)
Research questions potentially dangerous implications of Ukraine's IT Army - CyberScoop
Lithuania under cyber-attack after ban on Russian railway goodsSecurity Affairs
Nation State Actors
Nation State Actors – Russia
Russia Steps Up Cyber-Espionage Against Ukraine Allies - Infosecurity Magazine
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug | Threatpost
Russian APT28 hacker accused of the NATO think tank hack in Germany - Security Affairs
Russia fines Google for spreading ‘unreliable’ info defaming its army (bleepingcomputer.com)
Nation State Actors – China
Chinese APT 'Bronze Starlight' Uses Ransomware to Disguise Cyberespionage | SecurityWeek.Com
Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor - Security Affairs
Chinese hackers target script kiddies with info-stealer trojan (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc APT
Vulnerability Management
Vulnerabilities
Cisco warns of security holes in its security appliances • The Register
Google Patches 14 Vulnerabilities With Release of Chrome 103 | SecurityWeek.Com
Cisco will not address critical RCE in end-of-life Small Business RV routers - Security Affairs
Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild - Security Affairs
Oracle spent 6 months to fix 'Mega' flaws in the Fusion Middleware - Security Affairs
Researchers criticize Oracle's vulnerability disclosure process (techtarget.com)
Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks (thehackernews.com)
Sector Specific
Financial Services Sector
Flagstar Bank discloses data breach impacting 1.5 million customers (bleepingcomputer.com)
7 Cyber security Best Practices for Financial Services Firms - MSSP Alert
Why Financial Institutions Must Double Down on Open Source Investments (darkreading.com)
SMBs – Small and Medium Businesses
How tool sprawl is becoming a common issue for SMEs - Help Net Security
Middle market companies under attack: Threats coming from all directions - Help Net Security
#InfosecurityEurope2022: How Should SMEs Defend Against Cyber-Risks? - Infosecurity Magazine
Legal
Health/Medical/Pharma Sector
Retail/eCommerce
Magecart attacks are still around. And they are becoming more stealthy | ZDNet
Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign- IT Security Guru
Manufacturing
CNI, OT, ICS, IIoT and SCADA
Reports Published in the Last Week
Other News
Threat Intelligence Services Are Universally Valued by IT Staff (darkreading.com)
Security pros increasingly plan to adopt MDR services in the next 12 months - Help Net Security
Board members and the C-suite need secure communication tools - Help Net Security
Adobe Acrobat may block antivirus tools from monitoring PDF files (bleepingcomputer.com)
7 Ways to Avoid Worst-Case Cyber Scenarios (darkreading.com)
3 threats dirty data poses to the enterprise (techtarget.com)
Data recovery depends on how good your backup strategy is - Help Net Security
Unsecured APIs Could Be Costing Firms $75bn Per Year - Infosecurity Magazine
The Rise, Fall, and Rebirth of the Presumption of Compromise (darkreading.com)
#InfosecurityEurope2022: Are You Prepared For The Next Big Crisis? - Infosecurity Magazine
Ongoing PowerShell security threats prompt a call to action (techtarget.com)
Despite known security issues, VPN usage continues to thrive - Help Net Security
Space-based assets aren’t immune to cyber attacks | CSO Online
Cyber security expert on how $13K of fuel was stolen from station (wtvr.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 December 2020
Black Arrow Cyber Threat Briefing 18 December 2020: The great hack attack - SolarWinds breach exposes big gaps in cyber security; A wake-up for the world on cyber security; White House activates cyber emergency response; US nuclear weapons agency targeted; UK companies targeted; Increasing Risk of Cyber Attacks; millions of users install malicious browser extensions; C19 Vaccines sold on dark web
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
The great hack attack: SolarWinds breach exposes big gaps in cyber security
Until this week, SolarWinds was a little known IT software group from Texas. Its deserted lobby has a framed magazine article from a few years ago when it was on a list of America’s “Best Small Companies”.
Now the Austin-based company is at the heart of one of the biggest and most startling cyber hacks in recent history, with ramifications that extend into the fields of geopolitics, espionage and national security.
For nine months, sophisticated state-backed hackers have exploited a ubiquitous SolarWinds software product in order to spy on government and business networks around the world, including in the US, UK, Israel and Canada. Wielding innovative tools and tradecraft, the cyber spies lurked in email services, and posed as legitimate staffers to tap confidential information stored in the cloud.
The bombshell revelations have sent 18,000 exposed SolarWinds customers scrambling to assess whether outsiders did indeed enter their systems, what the damage was and how to fix it.
https://www.ft.com/content/c13dbb51-907b-4db7-8347-30921ef931c2
A wake-up for the world on cyber security
Imagine intruders break into your home and loiter undetected for months, spying on you and deciding which contents to steal. This in essence is the kind of access that hackers, assumed to be Russian, achieved in recent months at US government institutions including the Treasury and departments of commerce and homeland security, and potentially many US companies. If the fear in the Cold War was of occasional “moles” gaining access to secrets, this is akin to a small army of moles burrowing through computer systems. The impact is still being assessed, but it marks one of the biggest security breaches of the digital era.
https://www.ft.com/content/d3fc0b14-4a82-4671-b023-078516ea714e
US government, thousands of businesses now thought to have been affected by SolarWinds security attack
Thousands of businesses and several branches of the US government are now thought to have been affected by the attack on software firm SolarWinds.
The Austin-based company has fallen victim to a massive supply chain attack believed to be the work of state-sponsored hackers.
Along with the US treasury and commerce departments, the Department of Homeland Security is now thought to have been affected by the attack. In a statement to the SEC today, SolarWinds said it had notified 33,000 customers of its recent hack, but that only 18,000 of these used the affected version of its Orion platform.
https://www.techradar.com/uk/news/solarwinds-suffers-massive-supply-chain-attack
White House activates cyber emergency response under Obama-era directive
In the wake of the SolarWinds breach, the National Security Council has activated an emergency cyber security process that is intended to help the government plan its response and recovery efforts, according to White House officials and other sources.
The move is a sign of just how seriously the Trump administration is taking the foreign espionage operation, former NSC officials told CyberScoop.
The action is rooted in a presidential directive issued during the Obama administration known as PPD-41, which establishes a Cyber Unified Coordination Group (UCG) that is intended to help the U.S. government coordinate multiple agencies’ responses to the significant hacking incident.
The UCG is generally led by the Department of Justice — through the FBI and the National Cyber Investigative Joint Task Force — as well as the Office of the Director of National Intelligence and the Department of Homeland Security.
https://www.cyberscoop.com/solarwinds-white-house-national-security-council-emergency-meetings/
Hackers targeted US nuclear weapons agency in massive cyber security breach, reports say
The National Nuclear Security Administration and Energy Department, which safeguard the US stockpile of nuclear weapons, have had their networks hacked as part of the widespread cyber espionage attack on a number of federal agencies.
Politico reports that officials have begun coordinating notifications about the security breach to the relevant congressional oversight bodies.
Suspicious activity was identified in the networks of the Federal Energy Regulatory Commission (FERC), Los Alamos and Sandia national laboratories in New Mexico and Washington, the Office of Secure Transportation, and the Richland Field Office of the Department of Energy.
Officials with direct knowledge of the matter said hackers have been able to do more damage to the network at FERC, according to the report.
Microsoft warns UK companies were targeted by SolarWinds hackers
Microsoft has warned that some of its UK customers have been exposed to the malware used in the Russia-linked SolarWinds hack that targeted US states and government agencies.
More than 40 of the tech giant's customers are thought to have used breached SolarWinds software, including clients in Britain, the US, Canada, Mexico, Belgium, Spain, Israel, and the UAE.
The company would not name the victims, but said they include government agencies, think tanks, non-governmental organisations and IT firms. Microsoft said four in five were in the US, with nearly half of them tech companies.
“This is not ‘espionage as usual,’ even in the digital age,” said Brad Smith, Microsoft's president. “Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world.”
The attackers, believed to be working for the Russian government, got into computer networks by installing a vulnerability in Orion software from SolarWinds.
Society at Increasingly High Risk of Cyber Attacks
Cyber attacks are becoming easier to conduct while conversely security is getting increasingly difficult, according to Kevin Curran, senior IEEE member and professor of cyber security, Ulster University, during a virtual media roundtable.
“Any company you can think of has had a data breach,” he commented. “Whenever a data breach happens it weakens our credentials because our passwords are often reused on different websites.”
He observed that the art of hacking doesn’t necessarily require a significant amount of technical expertise anymore, and bad actors can receive substantial help from numerous and readily accessible tools online. “You don’t have to spend seven years in college to learn how to hack, you just have to know about these sites and what terms to use,” noted Curran.
A number of legitimate online mechanisms that can help damaging attacks to be launched by hackers were highlighted by Curran in his presentation. These include Google Dorks, which are “search strings which point to website vulnerabilities.” This means vulnerable accounts can be identified simply via Google searches.
https://www.infosecurity-magazine.com/news/society-increasingly-risk-cyber/
Three million users installed 28 malicious Chrome or Edge extensions
More than three million internet users are believed to have installed 15 Chrome, and 13 Edge extensions that contain malicious code, security firm Avast said today.
The 28 extensions contained code that could perform several malicious operations, including:
-redirect user traffic to ads
-redirect user traffic to phishing sites
-collect personal data, such as birth dates, email addresses, and active devices
-collect browsing history
-download further malware onto a user's device
But despite the presence of code to power all the above malicious features, Avast researchers said they believe the primary objective of this campaign was to hijack user traffic for monetary gains.
https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/
Vaccines for sale on dark web as criminals target pandemic profits
Black market vendors were offering coronavirus vaccines for sale on hidden parts of the internet days after the first Covid-19 shot was approved this month, as criminals seek to profit from global demand for inoculations.
One such offer on the so-called dark web, traced by cyber security company Check Point Software, was priced at $250 with the seller promising “stealth” delivery in double-wrapped packaging. Shipping from the US via post or a leading courier company would cost $20, with an extra $5 securing overnight delivery.
https://www.ft.com/content/8bfc674e-efe6-4ee0-b860-7fcb5716bed6
Threats
Ransomware
FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay
House purchases in Hackney fall through following cyber attack against council
Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers
Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
Phishing
Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam
Microsoft Office 365 Credentials Under Attack By Fax ‘Alert’ Emails
IoT
Malware
New iOS and Android spyware responsible for multi-layered sextortion campaign
Google Chrome, Firefox, Edge hijacked by massive malware attack: What you need to know
This nasty malware is infecting every web browser — what to do now
Tor malware is becoming a worryingly popular ransomware tool
Vulnerabilities
Israeli Phone-hacking Firm Claims It Can Now Break Into Encrypted Signal App
PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs
Zero-day in WordPress SMTP plugin abused to reset admin account passwords
Sophos fixes SQL injection vulnerability in their Cyberoam OS
Wormable code-execution flaw in Cisco Jabber has a severity rating of 9.9 out of 10
Data Breaches
Twitter hit with €450,000 GDPR fine nearly two years after disclosing data breach
Data Leak Exposes Details of Two Million Chinese Communist Party Members
Organised Crime
Nation State Actors
Privacy
UK police unlawfully processing over a million people’s data on Microsoft 365
Sci-fi surveillance: Europe's secretive push into biometric technology
Other News
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.