Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Demands Up By 43% So Far In 2021

The average demand for a digital extortion payment shot up in the first quarter of this year to $220,298, up 43% from the previous quarter. The median payment, too, jumped up 58% from $49,450 to $78,398. The majority of ransomware attacks in the first quarter also involved theft of corporate data, a continuation of a trend of ransomware actors increasingly relying on exfiltration and extortion demands. Seventy-seven percent of ransomware attacks included the threat to publish stolen data in the first quarter of this year, which is up 10%.

https://www.cyberscoop.com/ransomware-extortion-demands-increasing-coveware/

US Tech Pushes For Ransomware To Be Designated A National Security Threat

Big US tech companies and officials are urging governments to designate ransomware as a national security threat in a push to combat a hacking epidemic that has cost businesses tens of millions of dollars. Tech groups including Microsoft, Cisco and Amazon, cyber security companies such as FireEye and officials from the FBI and US Department of Justice have published a report calling for several measures to tackle the lucrative criminal enterprise.

https://www.ft.com/content/6e69efc8-66e2-4a1c-95d4-0a84d80091c7

Flubot Spyware Spreading Through Android Devices

Android mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot”. The malware is delivered to targets through SMS texts and prompts them to install a “missed package delivery” app. Instead, it takes victims to a scam website where they download the “app” — which is just the spyware. Once installed, it then sets about gaining permissions, stealing banking information and credentials, lifting passwords stored on the device and squirreling away various pieces of personal information. It also sends out additional text messages to the infected device’s contact list, which allows it to “go viral” — like the flu.

https://threatpost.com/flubot-spyware-android-devices/165607/

Ransomware: Do Not Expect A Full Recovery, However Much You Pay

When it comes to all the various types of malware out there, none has ever dominated the headlines quite as much as ransomware. Sure, several individual malware outbreaks have turned into truly global stories over the years. The LoveBug mass-mailing virus of 2000 springs to mind, which blasted itself into hundreds of millions of mailboxes within a few days; so, does CodeRed in 2001, the truly fileless network worm that squeezed itself into a single network packet and spread worldwide literally within minutes.

https://nakedsecurity.sophos.com/2021/04/27/ransomware-dont-expect-a-full-recovery/

61% Of Organisations Impacted By Ransomware In 2020

A full 79% of respondents indicated their companies had experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber preparedness. Respondents identified ransomware as the chief culprit behind these disruptions. Other insights include: 61% indicated they had been impacted by ransomware in 2020, a 20% increase over the number of companies reporting such disruption in last year’s report. Companies impacted by ransomware lost an average of six working days to system downtime, with 37% saying downtime lasted one week or more. 52% of ransomware victims paid threat actor ransom demands, but only 66% of those were able to recover their data. The remaining 34% never saw their data again, despite paying the ransom.

https://www.helpnetsecurity.com/2021/04/26/ransomware-2020/

SolarWinds Campaign Even Wider Than First Thought

A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed. The catastrophic SolarWinds security incident involved the compromise of the IT software vendor's network and later the deployment of malicious SolarWinds Orion updates to clients that contained a backdoor called Sunburst. Now researchers have now uncovered eighteen additional command-and-control servers used in the SolarWinds hacking campaign, indicating that the operation was broader in scope than previously known.  The researchers found that this infrastructure was registered under varying names and at different times over several years to avoid establishing a traceable pattern.

https://www.cybersecurityintelligence.com/blog/solarwinds-campaign-even-wider-than-first-thought-5602.html

Buying Cyber Insurance In 2021? Expect Greater Scrutiny, Higher Premiums

Organisations will face significant challenges in purchasing, renewing, and benefitting from cyber insurance policies this year as various factors drive the sector towards a stricter, more specialized position, global specialists in law, risk, and cyber security predict. These include the continued evolution and impact of cyber threats throughout 2020 and the early months of 2021, chiefly in the form of ransomware attacks and wide-ranging supply chain security issues.

https://www.csoonline.com/article/3616595/buying-cyber-insurance-in-2021-expect-greater-scrutiny-higher-premiums-thanks-to-ransomware-supply.html

Ransomware Is Growing At An Alarming Rate, Warns GCHQ Chief

The scale and severity of ransomware is growing at an alarming rate as cyber criminals look to exploit poor cyber security to maximise profit, the director of GCHQ has warned. Organisations and their employees have been forced to adapt to different ways of working over the past year, with many now even more reliant on remote services and online collaboration platforms. But cyber-criminal gangs also represent a major threat and Fleming warned that ransomware represents a cyber security danger for organisations of all kinds.

https://www.zdnet.com/article/ransomware-is-growing-at-an-alarming-rate-warns-gchq-chief/

Threats

Ransomware

• A Ransomware Attack On Apple Shows The Future Of Cyber Crime

• Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

• Ransomware Gang Threatens To Expose Police Informants If Ransom Is Not Paid

• A Ransomware Gang Made $260,000 In 5 Days Using The 7zip Utility

• Ransomware Task Force Calls For Aggressive Bitcoin Transaction Tracing Measures

• Ransomware Task Force Releases Long-Awaited Recommendations

• New Ransomware Group Uses SonicWall Zero-Day To Breach Networks

Phishing

• Scammers Imitate Windows Logo With Html Tables To Slip Through Email Gateways

• Phishing Attacks Target Chase Bank Customers

• Phishing Impersonates Global Recruitment Firm To Push Malware

Malware

• Rotajakiro: A Linux Backdoor That Has Flown Under The Radar For Years

• Security Firm Kaspersky Believes It Found New CIA Malware

• Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Vulnerabilities

• Linux Kernel Vulnerability Exposes Stack Memory, Causes Data Leaks

• F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability

• Linux Kernel Bug Opens Door to Wider Cyber Attacks

• Nvidia GPU Owners Warned About Serious Driver Bugs — Update Now

• Apple Patches ‘Worst MacOS Bug In Recent Memory’ After It Was Used In The Wild

Data Breaches

• MangaDex Discloses Data Breach After Stolen Database Shared Online

Organised Crime & Criminal Actors

• Spotlight on Cyber Criminal Supply Chains

Supply Chain

• CISA Issues Guidance On Defending Against Software Supply Chain Attacks

Nation State Actors

• Cyber Spies Target Military Organisations With New Nebulae Backdoor

• FBI: Russian Hackers Are Still Trying To Break Into Networks, Here's How To Protect Yours From Attack

• APT Actors Increasingly Turn To Exploits To Launch Attacks

• Report: Russia 'Likely' Kept Access To US Networks After SolarWinds Hack

 Reports Published in the Last Week

• Q1 2021 Ransomware Trends: Most Attacks Involved Threat To Leak Stolen Data

• APT Trends Report Q1 2021

Other News

• What IT Leaders Are Prioritising In Network Security Investments?

• Cyber Security Is Not Just For Your Company – It Applies To Your Ecosystem Too

• Machine Learning Security Vulnerabilities Are A Growing Threat To The Web, Report Highlights

• Organisations Can No Longer Afford To Overlook Encrypted Traffic

• FBI Shares 4 Million Email Addresses Used By Emotet With Have I Been Pwned

• Smishing: Why Text-Based Phishing Should Be on Every CISO’s Radar 

• A Facebook Vulnerability Can Allow Hackers To Scrape Users' Email Addresses

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.