Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Demands Up By 43% So Far In 2021

The average demand for a digital extortion payment shot up in the first quarter of this year to $220,298, up 43% from the previous quarter. The median payment, too, jumped up 58% from $49,450 to $78,398. The majority of ransomware attacks in the first quarter also involved theft of corporate data, a continuation of a trend of ransomware actors increasingly relying on exfiltration and extortion demands. Seventy-seven percent of ransomware attacks included the threat to publish stolen data in the first quarter of this year, which is up 10%.

https://www.cyberscoop.com/ransomware-extortion-demands-increasing-coveware/

US Tech Pushes For Ransomware To Be Designated A National Security Threat

Big US tech companies and officials are urging governments to designate ransomware as a national security threat in a push to combat a hacking epidemic that has cost businesses tens of millions of dollars. Tech groups including Microsoft, Cisco and Amazon, cyber security companies such as FireEye and officials from the FBI and US Department of Justice have published a report calling for several measures to tackle the lucrative criminal enterprise.

https://www.ft.com/content/6e69efc8-66e2-4a1c-95d4-0a84d80091c7

Flubot Spyware Spreading Through Android Devices

Android mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot”. The malware is delivered to targets through SMS texts and prompts them to install a “missed package delivery” app. Instead, it takes victims to a scam website where they download the “app” — which is just the spyware. Once installed, it then sets about gaining permissions, stealing banking information and credentials, lifting passwords stored on the device and squirreling away various pieces of personal information. It also sends out additional text messages to the infected device’s contact list, which allows it to “go viral” — like the flu.

https://threatpost.com/flubot-spyware-android-devices/165607/

Ransomware: Do Not Expect A Full Recovery, However Much You Pay

When it comes to all the various types of malware out there, none has ever dominated the headlines quite as much as ransomware. Sure, several individual malware outbreaks have turned into truly global stories over the years. The LoveBug mass-mailing virus of 2000 springs to mind, which blasted itself into hundreds of millions of mailboxes within a few days; so, does CodeRed in 2001, the truly fileless network worm that squeezed itself into a single network packet and spread worldwide literally within minutes.

https://nakedsecurity.sophos.com/2021/04/27/ransomware-dont-expect-a-full-recovery/

61% Of Organisations Impacted By Ransomware In 2020

A full 79% of respondents indicated their companies had experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber preparedness. Respondents identified ransomware as the chief culprit behind these disruptions. Other insights include: 61% indicated they had been impacted by ransomware in 2020, a 20% increase over the number of companies reporting such disruption in last year’s report. Companies impacted by ransomware lost an average of six working days to system downtime, with 37% saying downtime lasted one week or more. 52% of ransomware victims paid threat actor ransom demands, but only 66% of those were able to recover their data. The remaining 34% never saw their data again, despite paying the ransom.

https://www.helpnetsecurity.com/2021/04/26/ransomware-2020/

SolarWinds Campaign Even Wider Than First Thought

A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed. The catastrophic SolarWinds security incident involved the compromise of the IT software vendor's network and later the deployment of malicious SolarWinds Orion updates to clients that contained a backdoor called Sunburst. Now researchers have now uncovered eighteen additional command-and-control servers used in the SolarWinds hacking campaign, indicating that the operation was broader in scope than previously known.  The researchers found that this infrastructure was registered under varying names and at different times over several years to avoid establishing a traceable pattern.

https://www.cybersecurityintelligence.com/blog/solarwinds-campaign-even-wider-than-first-thought-5602.html

Buying Cyber Insurance In 2021? Expect Greater Scrutiny, Higher Premiums

Organisations will face significant challenges in purchasing, renewing, and benefitting from cyber insurance policies this year as various factors drive the sector towards a stricter, more specialized position, global specialists in law, risk, and cyber security predict. These include the continued evolution and impact of cyber threats throughout 2020 and the early months of 2021, chiefly in the form of ransomware attacks and wide-ranging supply chain security issues.

https://www.csoonline.com/article/3616595/buying-cyber-insurance-in-2021-expect-greater-scrutiny-higher-premiums-thanks-to-ransomware-supply.html

Ransomware Is Growing At An Alarming Rate, Warns GCHQ Chief

The scale and severity of ransomware is growing at an alarming rate as cyber criminals look to exploit poor cyber security to maximise profit, the director of GCHQ has warned. Organisations and their employees have been forced to adapt to different ways of working over the past year, with many now even more reliant on remote services and online collaboration platforms. But cyber-criminal gangs also represent a major threat and Fleming warned that ransomware represents a cyber security danger for organisations of all kinds.

https://www.zdnet.com/article/ransomware-is-growing-at-an-alarming-rate-warns-gchq-chief/

Threats

Ransomware

• A Ransomware Attack On Apple Shows The Future Of Cyber Crime

• Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

• Ransomware Gang Threatens To Expose Police Informants If Ransom Is Not Paid

• A Ransomware Gang Made $260,000 In 5 Days Using The 7zip Utility

• Ransomware Task Force Calls For Aggressive Bitcoin Transaction Tracing Measures

• Ransomware Task Force Releases Long-Awaited Recommendations

• New Ransomware Group Uses SonicWall Zero-Day To Breach Networks

Phishing

• Scammers Imitate Windows Logo With Html Tables To Slip Through Email Gateways

• Phishing Attacks Target Chase Bank Customers

• Phishing Impersonates Global Recruitment Firm To Push Malware

Malware

• Rotajakiro: A Linux Backdoor That Has Flown Under The Radar For Years

• Security Firm Kaspersky Believes It Found New CIA Malware

• Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Vulnerabilities

• Linux Kernel Vulnerability Exposes Stack Memory, Causes Data Leaks

• F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability

• Linux Kernel Bug Opens Door to Wider Cyber Attacks

• Nvidia GPU Owners Warned About Serious Driver Bugs — Update Now

• Apple Patches ‘Worst MacOS Bug In Recent Memory’ After It Was Used In The Wild

Data Breaches

• MangaDex Discloses Data Breach After Stolen Database Shared Online

Organised Crime & Criminal Actors

• Spotlight on Cyber Criminal Supply Chains

Supply Chain

• CISA Issues Guidance On Defending Against Software Supply Chain Attacks

Nation State Actors

• Cyber Spies Target Military Organisations With New Nebulae Backdoor

• FBI: Russian Hackers Are Still Trying To Break Into Networks, Here's How To Protect Yours From Attack

• APT Actors Increasingly Turn To Exploits To Launch Attacks

• Report: Russia 'Likely' Kept Access To US Networks After SolarWinds Hack

 Reports Published in the Last Week

• Q1 2021 Ransomware Trends: Most Attacks Involved Threat To Leak Stolen Data

• APT Trends Report Q1 2021

Other News

• What IT Leaders Are Prioritising In Network Security Investments?

• Cyber Security Is Not Just For Your Company – It Applies To Your Ecosystem Too

• Machine Learning Security Vulnerabilities Are A Growing Threat To The Web, Report Highlights

• Organisations Can No Longer Afford To Overlook Encrypted Traffic

• FBI Shares 4 Million Email Addresses Used By Emotet With Have I Been Pwned

• Smishing: Why Text-Based Phishing Should Be on Every CISO’s Radar 

• A Facebook Vulnerability Can Allow Hackers To Scrape Users' Email Addresses

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

2020 Sees Ransomware Increase By Over 400 Percent

A new study from Cyber Security company, finds that last year malware increased by 358 percent overall and ransomware increased by 435 percent as compared with 2019. The report which analyzes millions of attacks taking place across the year finds distribution of the Emotet malware skyrocketed by 4,000 percent, while malware threats attacking Android phones increased by 263 percent. July saw the largest increase in malicious activity, up by 653 percent compared with the previous year. Microsoft Office documents are the most manipulated document attack vector and these attacks were up by 112 percent.

https://betanews.com/2021/02/10/ransomware-increase-400-percent/

Remote Desktop Protocol Attacks Surge By 768%

Remote desktop protocol (RDP) attacks increase by 768% between Q1 and Q4 last year, fuelled by the shift to remote working. However, a slower rate of growth was observed in the final quarter of the year, indicating that organizations have enhanced their security for remote users.

https://www.infosecurity-magazine.com/news/remote-desktop-protocol-attacks/

Even Minor Phishing Operations Can Distribute Millions Of Malicious Emails Per Week

Even small-scale phishing campaigns are capable of distributing millions and millions of malicious emails to victims around the world, according to a new report. Describing the most popular styles of phishing attack, criminal today rely on fast-churning campaigns. They create a single phishing email template (usually in English) and send it out to anywhere between 100 and 1,000 targets.

https://www.itproportal.com/news/even-small-phishing-operations-can-distribute-millions-of-malicious-emails-per-week/

With One Update, This Malicious Android App Hijacked Millions Of Devices

With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices. Lavabird Ltd.'s Barcode Scanner was an Android app that had been available on Google's official app repository for years. The app, accounting for over 10 million installs, offered a QR code reader and a barcode generator -- a useful utility for mobile devices.

https://www.zdnet.com/article/with-one-update-this-malicious-android-app-hijacked-10-million-devices/

Cd Projekt Hit By Ransomware Attack, Refused To Pay Ransom, Data Reportedly Sold Off By Hackers

Polish video game maker CD Projekt, which makes Cyberpunk 2077 and The Witcher, has confirmed it was hit by a ransomware attack. In a statement posted to its Twitter account, the company said it will “not give in nor negotiate” with the hackers, saying it has backups in place. “We have already secured our IT infrastructure and begun restoring data,” the company said.

https://techcrunch.com/2021/02/09/cd-projekt-red-hit-by-ransomware-attack-refuses-to-pay-ransom/

Hacked Florida Water Plant Used Shared Passwords And Windows 7 PCs

The Oldsmar, Florida water plant hacked earlier this week used outdated Windows 7 PCs and shared passwords, the Associated Press has reported. A government advisory also revealed that the relatively unsophisticated attack used the remote-access program TeamViewer. However, officials also said that the hacker’s attempt to boost chemicals to dangerous levels was stopped almost immediately after it started.

https://www.engadget.com/hacked-water-plant-computer-had-shared-passwords-andofdate-windows-os-082552973.html

Top Web Hosting Provider Shuts Down Following Cyber Attack

Cybercriminals often attack websites in order to extort a ransom from their victims but a recent cyberattack against the web hosting company No Support Linux Hosting took quite a different turn. After a hacker managed to breach the company's internal systems and compromise its entire operation, No Support Linux Hosting has announced that it is shutting down. The company alerted its customers to the situation before shutting down its website in a message.

https://www.techradar.com/news/top-web-hosting-provider-shuts-down-following-cyberattack

High Demand For Hacker Services On Dark Web Forums

Nine in 10 (90%) users of dark web forums are searching for a hacker who can provide them with a particular resource or who can download a user database. This is according to new research by Positive Technologies, which analyzed activity on the 10 most prominent forums on the dark web, which offer services such as website hacking and the buying/selling of databases. The study highlights the growing demand for hackers’ services and stolen data, exacerbated by the increased internet usage by both organizations and individuals since the start of COVID-19.

https://www.infosecurity-magazine.com/news/demand-hacker-services-dark-web/

Facebook Phishing Campaign Tricked Nearly 500,000 Users In Two Weeks

A recent investigation uncovered a large scale phishing operation on Facebook. The Facebook phishing campaign is dangerous and targets user personal information. The phishing scam “Is that you” currently on Facebook has been around in multiple forms for years. The whole trouble starts with a “friend” sending you a message claiming to have found a video or image with you in it. The message is usually a video and after clicking, it takes you through a series of websites. These websites have malicious scripts that get your location, device type, and operating system.

https://www.gizchina.com/2021/02/09/facebook-phishing-campaign-tricked-nearly-500000-users-in-two-weeks/

Hackers Are Tweaking Their Approach To Phishing Attacks In 2021

Cyber criminals are a creative bunch, constantly coming up with new ways to avoid detection and advance their sinister goals. A new report from cyber security experts at BitDam describes a few fresh techniques used in the wild so far in 2021. According to the report, email protection solutions tend to trust newly created email domains that are yet to be flagged as dangerous. Criminals are now increasingly exploiting this fact to increase the chances that phishing, and malware emails make it into victims' inboxes.

https://www.itproportal.com/news/hackers-are-tweaking-their-approach-to-phishing-attacks-in-2021/

Threats

 Ransomware

• Researchers identify 223 vulnerabilities used in recent ransomware attacks (Potential headline)

• CD Projekt hit by ransomware attack, refuses to pay ransom

• This old form of ransomware has returned with new tricks and new targets

Phishing

• This phishing attack uses some very retro technology to hide its payload

Malware

• Malicious Code Injected via Google Chrome Extension Highlights App Risks

Mobile

• Android devices caught in Matryosh botnet

• Military, Nuclear Entities Under Target By Novel Android Malware

IOT

• This old security vulnerability left millions of Internet of Things devices vulnerable to attacks

Vulnerabilities

• Zero-Day and Six Publicly Disclosed CVEs Fixed

• Swarm of Palo Alto PAN-OS vulnerabilities

• Actively Exploited Windows Kernel EoP Bug Allows Takeover

• Apple fixes serious sudo vulnerability in macOS

• Attackers Exploit Critical Adobe Flaw to Target Windows Users

• Microsoft issues emergency fix for Wi-Fi foul-up delivered hot and fresh on Patch Tuesday

Data Breaches

• The Accellion Data Breach Seems to Be Getting Bigger

• Billions of Passwords Offered for $2 in Cyber-Underground

• Experian to investigate possible data leak

Organised Crime

• Europol takes down hackers who allegedly stole over $100 million in crypto from celebs

Supply Chain

• Supply-chain Hack Breaches 35 Companies, Including Paypal, Microsoft, Apple 

Nation-State Actors

• Android spyware strains linked to state-sponsored Confucius threat group

• 'BendyBear' APT malware linked to Chinese government hackers

• Microsoft to alert Office 365 users of nation-state hacking activity

• Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies

• Big Russian hack used a technique experts had warned about for years. Why wasn’t the U.S. government ready?

Privacy

• Browser ‘Favicons’ Can Be Used as Undeletable ‘Supercookies’ to Track You Online

Reports Published in the Last Week

• The Global Risks Report Highlights The Onslaught Of Cyberattacks And A Failure Of Governments To Stop Them. 

• ESET Threat Report Q4 2020

Other News

• Google launches Open Source Vulnerabilities (OSV) database

• Quantum computing could make encryption algorithms obsolete

• UK’s enemies trying to ‘tear society apart’ via social media

• 91% of enterprise pros experienced an API security incident in 2020

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.