Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Cyber crime costs the world more than $1 trillion, a 50% increase from 2018

Cyber crime costs the world economy more than $1 trillion, or just more than one percent of global GDP, which is up more than 50 percent from a 2018 study that put global losses at close to $600 billion. Beyond the global figure, the report also explored the damage reported beyond financial losses, finding 92 percent of companies felt effects beyond monetary losses.

https://www.helpnetsecurity.com/2020/12/07/cybercrime-costs-world/

FireEye, one of the world's largest security firms, discloses security breach

FireEye, one of the world largest security firms, said today it was hacked and that a "highly sophisticated threat actor" accessed its internal network and stole hacking tools FireEye uses to test the networks of its customers.

The firm said the threat actor also searched for information related to some of the company's government customers.

The attacker was described as a "highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack."

https://www.zdnet.com/article/fireeye-one-of-the-worlds-largest-security-firms-discloses-security-breach/

Chinese Breakthrough in Quantum Computing a Warning for Security Teams

China’s top quantum-computer researchers have reported that they have achieved quantum supremacy, i.e., the ability to perform tasks a traditional supercomputer cannot. And while it’s a thrilling development, the inevitable rise of quantum computing means security teams are one step closer to facing a threat more formidable than anything before.

https://threatpost.com/chinese-quantum-computing-warning-security/161935/

Ransom payouts hit record-highs, surging 178% in a year

Average ransom payouts increased by 178% in the third quarter of this year, from $84,000 (£63,000) to almost £234,000, compared with the year before. Ransomware payments reached record-highs in 2020 as employees shifted to remote working to curb the spread of the coronavirus pandemic, creating more attack vectors for hackers.

https://uk.finance.yahoo.com/news/ransomware-payouts-hacking-computers-hit-record-highs-surging-134527988.html

Ransomware Set for Evolution in Attack Capabilities in 2021

Ransomware is set to evolve into a greater threat in 2021 as service offerings and collaborations increase. The year turned out “different than predicted” and the shift to working from home also impacted the e-crime landscape. “This created an industrialization of e-crime groups and their abilities to extend from single groups into business pipelines”

https://www.infosecurity-magazine.com/news/ransomware-evolution-capabilities/

How Organisations Can Prevent Users from Using Breached Passwords

There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door?

https://thehackernews.com/2020/12/how-organizations-can-prevent-users.html

Threats

Ransomware

• Hackers demand $34.7 million in Bitcoin after ransomware attack on Foxconn

• Ransomware forces hosting provider Netgain to take down data centers

• Ransomware-struck schools reject £1m demand from crims in timely reminder to always mind the air-gap

• 'Malwareless' ransomware campaign operators pwned 83k victims' MySQL servers, 250k databases up for sale

• Ransomware hits helicopter maker Kopter

Phishing

• Spearphishing Attack Spoofs Microsoft.com to Target 200M Office 365 Users

• Adobe users targeted in dangerous new phishing campaign

IOT

• Millions of IoT devices could be vulnerable to these unfixable security bugs

Malware

• Qbot malware switched to stealthy new Windows autostart method

• Microsoft exposes Adrozek, malware that hijacks Chrome, Edge, and Firefox

• Social media sharing icons could harbor info-stealing malware

• All-new Windows 10 malware is excellent at evading detection

• Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping

Vulnerabilities

• Critical, Unpatched Bugs Open GE Radiological Devices to Remote Code Execution

• Amnesia:33 vulnerabilities impact millions of smart and industrial devices

• Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code execution vulnerabilities.

• Expert discloses zero-click, wormable flaw in Microsoft Teams

• NSA Warns: Patched VMware Bug Under Active Attack

Data Breaches

• FireEye, one of the world's largest security firms, discloses security breach

• HMRC admits to 26 data breaches during 2019-20

• Hackers leak data from Embraer, world's third-largest airplane maker

• Payment service PayPay hacked

Threat Actors

• Norway says Russian hacking group APT28 is behind August 2020 Parliament hack

Insider Threats

• Bank Employee Sells Personal Data of 200,000 Clients

Other News

• Experian predicts 5 key data breach targets for 2021

• 6 new ways threat actors will attack in 2021

• Research: Millions of smart devices vulnerable to hacking

• Finland passes new 5G security law to ban risky equipment

• Ransomware attacks target backup systems, compromising the company ‘insurance policy’

Reports Published in the Last Week

• Sophos 2021 Threat Report

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.