Executive summary

A new strain of Android mobile malware dubbed “Brokewell” is being used to spread fake browser updates to steal user data. The malware has the ability to overlay banking application screens, capturing credentials without the users knowledge, as well as allowing remote access by an attacker. The malware has also been recorded as using popular ‘buy now, pay later’ service “Klarna” in addition to the fake Google Chrome update. Research indicates that the malware is in active development.

What’s the risk?

Due to the sensitive nature of the information sought by the malware, there is a genuine risk to the confidentiality and integrity of data. Features of the malware include the ability to overlay applications to steal user credentials and allow an attacker remote access, including the commands which record audio, take screenshots, access locations, and send communications from the victim phone.

The list of potential targets is extensive, especially so with many employees using personal devices for corporate purposes, including the storage of corporate credentials. A recent report from Google owned Mandiant found that 10% of intrusions began with evidence of stolen credentials.

What can I do?

It is recommended to employ a multi-layer defence to mitigate the risk of such malware succeeding. This should include only downloading updates from the official application in the Google Play store and enabling Google Play Protect will help to prevent malware. To further bolster defence, it is recommended that anti-virus applications are run in parallel.

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Further information can be found below:

https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

5 Reasons Why Enterprises Need Cyber Security Awareness And Training

Research shows that most cyber attacks rely on exploiting the human factor with the help of creative and innovative phishing techniques and other attack vectors. Almost 90% of all data breaches are caused due to human error. Therefore, even if an organisation has a robust cyber security infrastructure in place, the absence of cyber security awareness among employees can leave a huge gap in its cyber security framework. This gap can be easily exploited by cyber criminals to launch various types of cyber attacks. Hence, cyber security awareness and training are very much needed for any enterprise to secure it against cyber attacks.

https://securityboulevard.com/2021/04/5-reasons-why-enterprises-need-cyber-security-awareness-and-training/

Ban Ransom Payments To Hackers, Urges Ex-GCHQ Boss

Britain’s former cyber security chief has called for a ban on ransomware payments after the Irish health service became the latest to be hit by a major attack from international criminals. Ciaran Martin, the founding chief executive of GCHQ’s National Cyber Security Centre (NCSC), said that making payments illegal would help to break the lucrative global hacking business model. Martin said that businesses were helping to fund the organised criminals who locked and stole their data. “At the moment you can pay to make it quietly go away. There’s no legal obligations involved,” he said. “There’s no obligation to report to anybody, there’s no traceability of payment of crypto currency. We have allowed this to spiral in an invisible way.”

https://www.thetimes.co.uk/article/stop-paying-hackers-ransom-demands-ex-gchq-cybersecurity-chief-warns-323fqg8zt

Ransomware’s New Swindle: Triple Extortion

Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial breach to grab even more cash for their crimes. Check Point’s latest ransomware report found that over the past year, ransomware payments have spiked by 171 percent, averaging about $310,000 — and that globally, the number of attacks has surged by 102 percent.

https://threatpost.com/ransomwares-swindle-triple-extortion/166149/

‘It’s A Battle, It’s Warfare’: Experts Seek To Defeat Ransomware Attackers

Cyber security experts like to joke that the hackers who have turned ransomware attacks into a multibillion-dollar industry are often more professional than even their biggest victims. Ransomware attacks — when cyber attackers lock up their target’s computer systems or data until a ransom is paid — returned to the spotlight this week after attacks hit one of the biggest petroleum pipelines in the US, Toshiba’s European business, and Ireland’s health service. While governments have pledged to tackle the problem, experts said the criminal gangs have become more enterprising and continue to have the upper hand. For businesses, they said, there is more pain to come. “This is probably the biggest conundrum in security because companies have to decide how far they participate in this cat-and-mouse game,” said Myrna Soto, former chief strategy and trust officer at Forcepoint and current board member of gas and electricity group Consumers Energy. “It’s a battle, it’s warfare, to be honest.”

https://www.ft.com/content/b48a2d70-4a8c-4407-83a2-59cd055068f8

Colonial Pipeline Boss Confirms $4.4M Ransom Payment

Its boss told the Wall Street Journal he authorised the payment on 7 May because of uncertainty over how long the shutdown would continue. "I know that's a highly controversial decision," Joseph Blount said in his first interview since the hack. The 5,500-mile (8,900-km) pipeline carries 2.5 million barrels a day. According to the firm, it carries 45% of the East Coast's supply of diesel, petrol and jet fuel. Chief executive Mr Blount told the newspaper that the firm decided to pay the ransom after discussions with experts who had previously dealt with DarkSide, the criminal organisation behind the attack.

https://www.bbc.co.uk/news/business-57178503

10 Emerging Cyber Security Trends To Watch In 2021

A flurry of new threats, technologies and business models have emerged in the cyber security space as the world shifted to a remote work model in response to the COVID-19 pandemic. The lack of a network perimeter in this new world accelerated the adoption of SASE (secure access service edge), zero trust and XDR (extended detection and response) to ensure remote users and their data are protected. Adversaries have taken advantage of the complexity introduced by newly remote workforces to falsely impersonate legitimate users through credential theft and have upped the ante by targeting customers in the victim’s supply chain. The ability to monetize ransomware attacks by threatening to publicly leak victim data has made it more lucrative, while employers continue to fend off insiders with an agenda.

https://www.crn.com/news/security/10-emerging-cybersecurity-trends-to-watch-in-2021

How Penetration Testing Can Promote A False Sense Of Security

Rob Gurzeev is concerned about blind spots—past and present. In his DarkReading article Defending the Castle: How World History Can Teach Cyber security a Lesson, Gurzeev mentioned, "Military battles bring direct lessons and, I find, often serve as a reminder that attack surface blind spots have been an Achilles' heel for defenders for a long time." "Cyber security attackers follow this same principle today," wrote Gurzeev. "Companies typically have a sizable number of IT assets within their external attack surface they neither monitor nor defend and probably do not know about in the first place."

https://www.techrepublic.com/article/how-penetration-testing-can-promote-a-false-sense-of-security/

Ransomware Attacks Are Only Getting Worse, Darkside Group "Quits," But That May Just Be A Strategy

Earlier this month, a hacker group named DarkSide launched a ransomware attack against the business network of the Colonial Pipeline, forcing the company to shut down the 5,500-mile main pipeline and leading to fuel shortages in 17 states and Washington DC last week. According to a Bloomberg report, Colonial paid 75 Bitcoin (around $5 million on the day of the transaction) in ransom to the Eastern European hackers, but officially the company has maintained a different narrative of not having any intention of paying the extortion fee in crypto currency, as the DarkSide group had demanded. However, the Georgia-based company is said to have made the payment within hours of the attack, possibly using a cyber insurance policy to cover it.

https://www.techspot.com/news/89689-ransomware-attacks-only-getting-worse-darkside-group-quits.html

Learning From Cyber Attacks Could Be The Key To Stopping Them

Organisations should use major cyber incidents as a way to think through the core of their security strategies in order to prevent or recover better from similar attacks. "A significant cyber incident is really an opportunity; because it's an opportunity to focus on the core issues that led to these cyber incidents," said Anne Neuberger, deputy national security advisor for cyber and emerging technology at the White House, speaking at the UK National Cyber Security Centre's (NCSC) CYBERUK 21 virtual conference. Neuberger said that whether it's something like the SolarWinds sophisticated supply chain attack or the Colonial Pipeline ransomware incident, "we know that vulnerabilities across software and hardware can bring on larger concerns", but that looking at the core issues can help everyone improve their security.

https://www.zdnet.com/article/learning-from-cyber-attacks-could-be-the-key-to-stopping-them/

Microsoft Remote Desktop Protocol (RDP) Allegedly Has An Alarming Active Vulnerability

The Remote Desktop Protocol (RDP) is an incredibly useful feature used by likely millions of people every day. Considering it is free and preinstalled from Microsoft, it beats out most other Windows-based remote desktop software with ease. This, however, does not give it a free pass from having flaws; however, as a security researcher has discovered his password in cleartext within the RDP service’s memory. Researcher Jonas Lykkegård of the Secret Club, a group of hackers, seems to stumble across interesting things from time to time. He recently posted to Twitter about finding a password in cleartext in memory after using the RDP service. It seems he could not believe what he had found, as he tested it again and produced the same results using a new local account.

https://hothardware.com/news/remote-desktop-protocol-storing-passwords-in-cleartext-in-accessible-memory

Amazon’s Ring Is The Largest Civilian Surveillance Network The US Has Ever Seen

In a 2020 letter to management, Max Eliaser, an Amazon software engineer, said Ring is “simply not compatible with a free society”. We should take his claim seriously. Ring video doorbells, Amazon’s signature home security product, pose a serious threat to a free and democratic society. Not only is Ring’s surveillance network spreading rapidly, it is extending the reach of law enforcement into private property and expanding the surveillance of everyday life. What’s more, once Ring users agree to release video content to law enforcement, there is no way to revoke access and few limitations on how that content can be used, stored, and with whom it can be shared.

https://www.theguardian.com/commentisfree/2021/may/18/amazon-ring-largest-civilian-surveillance-network-us

Ransomware Attacks Are Spiking. Is Your Company Prepared?

With the migration to remote work over the last year, cyber attacks have increased exponentially. We saw more attacks of every kind, but the headline for 2020 was ransom attacks, which were up 150% over the previous year. The amount paid by victims of these attacks increased more than 300% in 2020. Already 2021 has seen a dramatic increase in this activity, with high-profile ransom attacks against critical infrastructure, private companies, and municipalities grabbing headlines on a daily basis. The amount of ransom demanded also has significantly increased this year, with some demands reaching tens of millions of dollars. And the attacks have become more sophisticated, with threat actors seizing sensitive company data and holding it hostage for payment.

https://hbr.org/2021/05/ransomware-attacks-are-spiking-is-your-company-prepared

Threats

Ransomware

• Insurer AXA Hit By Ransomware After Dropping Support For Ransom Payments

• The Bizarre Story Of The Inventor Of Ransomware

• One Of The US’s Largest Insurance Companies Reportedly Paid $40 Million To Ransomware Hackers

• Cyber Attack 'Most Significant On Irish State'

• Double-Extortion Ransomware Attacks On The Rise

• Darkside Ransomware Made $90 Million In Just Nine Months

• Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data

Phishing

• Microsoft, Google Clouds Hijacked For Gobs Of Phishing

• Ofwat Reveals It Has Received 20,000 Spam And Phishing Emails So Far This Year

Other Social Engineering

• Fraudsters Employ Amazon ‘Vishing’ Attacks In Fake Order Scams

Malware

• Experts Warn About Ongoing AutoHotKey-Based Malware Attacks

• Microsoft Warns: Watch Out For This New Malware That Steals Passwords, Webcam And Browser Data

• FIN7 Backdoor Masquerades As Ethical Hacking Tool

Mobile

• 4 Vulnerabilities Under Attack Give Hackers Full Control Of Android Devices

• Take Action Now – Flubot Malware May Be On Its Way

• Bizarro Banking Trojan Sports Sophisticated Backdoor

• 100M Android Users Hit By Rampant Cloud Leaks

IoT

• Four New Video Doorbells And Home Security Cameras Are Vulnerable To Hacking

• EufyCam Users Should Turn Off Their Security Cams Immediately

Vulnerabilities

• Windows PoC Exploit Released For Wormable RCE

• Windows 10 Security Targeted Via New Critical Vulnerability

• Exploit Released For Wormable Windows HTTP Vulnerability

• QNAP Warns Of eCh0raix Ransomware Attacks, Roon Server Zero-Day

• Cross-Browser Tracking Vulnerability Tracks You Via Installed Apps

• More Security Flaws Found In Apple Airtags

Cryptocurrency

• Elon Musk Impersonators Stole More Than $2M In Crypto Currency Scams

Supply Chain

• Rapid7 Is The Latest Victim Of A Software Supply Chain Breach

Nation State Actors

• Ireland’s Health Service: Russian Hackers Made Their First Attack Two Weeks Ago

Denial of Service

• Keksec Cyber Gang Debuts Simps Botnet for Gaming DDoS

Cloud

• Cloud Compromise Now The Biggest Cyber Security Issue For Financial Institutions

• Privacy Regulations Making Cloud Migration Complex

Governance, Risk and Compliance

• Cyber Security Spending To Hit $150 Billion This Year

Reports Published in the Last Week

• DDoS Attacks Up 31% In Q1 2021: Report

Other News

• Hackers Used To Be Humans. Soon, AIs Will Hack Humanity

• Solarwinds CEO Reveals Much Earlier Hack Timeline, Regrets Company Blaming Intern

• Cyber Criminals Scanned For Vulnerable Microsoft Exchange Servers Within Five Minutes Of News Going Public

• The Moral Underground? Ransomware Operators Retreat

• Verizon: Pandemic Ushers In ⅓ More Cyber Misery

• The Bizarre Story Of The Inventor Of Ransomware

• Should Encryption Be Curbed To Combat Child Abuse?

• 5 Ways Hackers Hide Their Tracks

• The Next Big Gasoline Shortage Is Coming

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Two Thirds Of CISOs Across World Expect Damaging Cyber Attack In Next 12 Months

More than 1,000 CISOs around the world have expressed concerns about the security ramifications of the massive shift to remote work since the beginning of the pandemic. One hundred CISOs from the US, Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, Saudi Arabia, Australia, Japan, and Singapore were interviewed for the report, with many highlighting significant problems in the current cyber security landscape.

https://www.zdnet.com/article/two-thirds-of-cisos-across-world-expect-damaging-cyberattack-in-next-12-months/

Ransomware: Don't Pay Up, It Just Shows Cyber Criminals That Attacks Work, Warns Home Secretary

For victims of ransomware attacks, paying the ransom does not guarantee that their network will be restored – and handing money to criminals only encourages them to try their luck infecting more companies with the file-encrypting malware. The impact of ransomware attacks continues to rise as cyber criminals encrypt networks, while also blackmailing victims with the prospect of stolen data being published, to generate as much money as possible from extortion.

https://www.zdnet.com/article/ransomware-dont-pay-the-ransom-it-just-encourage-cyber-criminals-that-attacks-work-warns-home-secretary/

The Most Significant Cyber Attacks From 2006-2020, By Country

Committing a cyber crime can have serious consequences. In the US, a cyber criminal can receive up to 20 years in prison for hacking into a government institution if it compromises national security. Yet, despite the consequences, cyber criminals continue to wreak havoc across the globe. But some countries seem to be targeted more than others. Using data from SpecOps Software, this graphic looks at the countries that have experienced the most significant cyber attacks over the last two decades.

https://www.visualcapitalist.com/cyber-attacks-worldwide-2006-2020/

The Shape Of Fraud And Cyber Crime: 10 Things We Learned From 2020

While it remains true that the older you are, the greater the financial loss, why would fraudsters target the young, who are arguably less well off? The answer lies in volume. Criminals have been offsetting higher monetary gain for higher attack rates, capitalising on the fact that the young are perhaps both more liberal with personal information (and privacy in general) and, at the same time, heavy digital users (social media, surveys, games, and so on). In fact, it is scary to see how much value the humble email address can have for criminals. We often forget that once obtained, it can be used further down the line to commit more fraud.

https://www.computerweekly.com/opinion/The-shape-of-fraud-and-cyber-crime-10-things-we-learned-from-2020

Is Third-Party Software Leaving You Vulnerable To Cyber Attacks?

When companies buy digital products, they expect them to be secure. In most cases, they do not test for vulnerabilities down the digital supply chain — and do not even have adequate processes or tools to do so. Hackers have taken note, and incidents of supply chain cyber attacks, which exploit weaknesses within the digital supply chain to break into organisations’ internal networks, are on the rise. As a result, there have been many headline incidents that not only bring shame to the companies involved, but rachet up the visibility of these threats to top executives who want to know their offerings are secure.

https://hbr.org/2021/05/is-third-party-software-leaving-you-vulnerable-to-cyberattacks

US Pipeline Ransomware Attack Serves As Fair Warning To Persistent Corporate Inertia Over Security

Organisations that continue to disregard the need to ensure they have adopted basic cyber security hygiene practices should be taken to task. This will be critical, especially as cyber criminals turn their attention to sectors where cyber threats can result in real-world risks, as demonstrated in the US Colonial Pipeline attack. In many of my conversations with cyber security experts, there is a shared sense of frustration that businesses still are failing to get some of the most basic things right. Default passwords are left unchanged, frontline staff and employees are still falling for common scams and phishing attacks, and major businesses think nothing of using technology that are decades old.

https://www.zdnet.com/article/us-pipeline-ransomware-attack-serves-as-fair-warning-to-persistent-corporate-inertia-over-security/

Ransomware Attackers Are Now Using Triple Extortion Tactics

The number of organisations affected by ransomware so far this year has more than doubled, compared with the same period in 2020, according to the report. Since April, Check Point researchers have observed an average of 1,000 organisations impacted by ransomware every week. For all of 2020, ransomware cost businesses worldwide around $20 billion, more than 75% higher than the amount in 2019. The healthcare sector has been seeing the highest volume of ransomware with around 109 attacks per organization each week. Amid news of a ransomware attack against gas pipeline company Colonial Pipeline, the utilities sector has experienced 59 attacks per organization per week. Organisations in the insurance and legal sector have been affected by 34 such attacks each week.

https://www.techrepublic.com/article/ransomware-attackers-are-now-using-triple-extortion-tactics/

AXA Pledges To Stop Reimbursing Ransom Payments For French Ransomware Victims

Insurance company AXA has revealed that, at the request of French government officials, it will end cyber insurance policies in France that pay ransomware victims back for ransoms paid out to cyber criminals. While unconfirmed, the Associated Press reported that the move was an industry first. AXA is one of the five biggest insurers in Europe and made the decision as ransomware attacks become a daily occurrence for organisations across the world.

https://www.zdnet.com/article/axa-pledges-to-stop-reimbursing-ransom-payments-for-french-ransomware-victims/

The Dystopic Future Of Cyber Security And The Importance Of Empowering CISOs

Over a decade ago, in 2007, the first iPhone was released and with it emerged an ecosystem of apps that continues to expand to this day. This was a watershed moment, not solely for the technology industry, but civilization. It was a catalyst for what was to come. Suddenly, every consumer could access the internet at a touch of a button, and the accumulation of their data by private companies began en masse. It was at this point that data was established as an increasingly valuable commodity, and in turn, became a heightened exploitation risk. It also instigated a wave of innovation that has yet to break and is only growing rapidly in pace. In this state, technology providers, users, and manufacturers get excited about new functionalities, new features, new developments, while little thought is given to the negative consequences that could arise as a result. Indeed, fear has no place in the state of innovation as it is this primal thinking that inhibits creativity.

https://www.infosecurity-magazine.com/blogs/the-dystopic-future-of/

Cyber Security Experts Warn Over Online Wine Scams

Online wine scams became a bigger threat as cyber criminals sought to take advantage of more people and businesses organising virtual drinks and ordering bottles on the internet in the wake of Covid-19 restrictions, suggests the report. So-called ‘phishing emails’ were a particular concern, according to findings published in April by US-based group Recorded Future in partnership with Area 1 Security. From January 2020 onwards, the authors found a significant rise in legitimate wine-themed web domain registrations using terms like Merlot, Pinot, Chardonnay or Vino.

https://www.decanter.com/wine-news/cyber-security-experts-warn-over-online-wine-scams-457647/

Threats

Ransomware

• New Ransomware: CISA Warns Over Fivehands File-Encrypting Malware Variant

• Energy Companies Are The Firms Most Likely To Pay Cyber Attack Ransoms

• A Student Pirating Software Led To A Full-Blown Ryuk Ransomware Attack

• MTR In Real Time: Pirates Pave Way For Ryuk Ransomware

• Ransomware Going For $4K On The Cyber Underground

• Foreign Secretary Issues Warning To Russia On Ransomware

• Anatomy Of A $2 Million Darkside Ransomware Breach

BEC

• Business Email Compromise Attack Targeted Dozens Of Orgs

Phishing

• Phishing Attacks Exploit Cognitive Biases, Research Finds

• AI Discovers A Complex Phishing Crypto Currency Scam Campaign

Other Social Engineering

• Coronavirus-Related Cyber Crime Contributes To 15-Fold Surge In Scam Takedowns

• She Responded To A Smishing Scam. Then The Spam Texts Got Worse.

Malware

• Emails Reveal 128 Million iOS Users Were Affected By ‘Xcodeghost’ Malware

Mobile

• A New Smishing Trojan Is Out And About

• New Android Malware Targeting Banks In Italy, Spain, Germany, Belgium, And The Netherlands

IOT

• How To Apply A Zero Trust Approach To Your IoT Solutions

• Troy Hunt At Black Hat Asia: ‘We’re Making It Very Difficult For People To Make Good Security Decisions’

Vulnerabilities

• Don’t Delay Installing Your Windows 10 May Patch Tuesday Update – It Fixes 3 Zero-Day Exploits

• Patch Adobe Reader Now Or Risk A Major Security Attack

• WiFi Vulnerability May Leave Millions Of Devices Open To 'Frag Attacks'

• Remote Mouse Mobile App Contains Raft Of Zero-Day RCE Vulnerabilities

• Lemon Duck Hacking Group Adopts Microsoft Exchange Server Vulnerabilities In New Attacks

Data Breaches

• Hackers release personal info of 22 DC Police officers

• Anatomy Of A $2 Million Darkside Ransomware Breach

Organised Crime & Criminal Actors

• Bulletproof Hosting Admins Plead Guilty To Running Cyber Crime Safe Haven

Supply Chain

• Rapid7 Source Code, Credentials Accessed In Codecov Supply-Chain Attack

Nation State Actors

• Russian Hackers Are Targeting These Vulnerabilities, So Patch Now

• NCSC Warns British Start-Ups Of Threat From Chinese And Russian Hackers

• NCSC, CISA publish new information on Russia’s Cozy Bear

Privacy

• Your Employer May Be Spying On You — Here Are 3 Ways To Stop It

Reports Published in the Last Week

• DDOS Attacks In Q1 2021

• Verizon 2021 Data Breach Investigations Report (DBIR)

Other News

• University Cancels Exams After Cyber Attack

• Your Old Mobile Phone Number Could Compromise Your Cyber Security

• Microsoft's New Security Feature Locks Hackers Out With GPS

• Biden Signs Executive Order Aiming To Prevent Future Cyber Security Disasters

• Cyber Security And Compliance For Healthcare Organizations

• Train Firm’s ‘Worker Bonus’ Email Is Actually Cyber Security Test

• Half Of Government Security Incidents Caused By Missing Patches

• 90% Of Security Leaders View Bot Management As A Top Priority

• 'Everyone Had To Rethink Security': What Microsoft Learned In Last Year

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Strain Of Ransomware Implements Self-Spreading Capabilities

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks.

This new version has a new attribute that allows it to self replicate over the local network allowing the malware to propagate itself – machine to machine – within the Windows domain. Once launched, it will spread itself to every Windows machine it can reach.

https://securityaffairs.co/wordpress/115064/reports/ryuk-ransomware-self-spreading-capabilities.html

One In Four People Use Work Passwords For Consumer Websites

The report found that one in four consumers admit to using their work email or passwords to log in to consumer websites and applications such as food delivery apps, online shopping sites and even dating apps. The report found that consumers are neglecting to implement fundamental security safeguards across smart IoT devices at home, which could have serious security ramifications on both the individual and the enterprise amid increased and ongoing remote work spurred by the COVID-19 pandemic.

https://www.helpnetsecurity.com/2021/02/26/use-work-passwords-for-consumer-websites/

Massive Rise In Threats Across Expanding Attack Surfaces

New malware samples nearly doubled: New ransomware samples increased 106% year-over-year. Trojans increased 128%, with threat actors using trojans to exploit lower-severity vulnerabilities. Sophisticated, multi-staged attacks and malware-as-a-service have become the norm. Vulnerabilities hit a new high: 18,341 new vulnerabilities in 2020 have been reported. To stay ahead of attacks, security and risk leaders need sophisticated insights into which vulnerabilities are high-risk and remediation options for all assets, including non-patching options.

https://www.helpnetsecurity.com/2021/02/26/expanding-attack-surfaces/

Half of Organisations Concerned Remote Working Puts Them at Greater Risk of Cyber Attacks

Half of organizations are concerned that the shift to remote work is putting them a greater risk of Cyber Attacks, according to a new study with IDG. A survey of UK CIOs, CTOs and IT decision makers revealed that insecure practices are regularly taking place among remote workers, providing more opportunities for Cyber Criminals to strike.

https://www.infosecurity-magazine.com/news/half-orgs-remote-working-risk/

Microsoft Patches Four Zero-Day Exchange Server Bugs

Microsoft has been forced to release out-of-band patches to fix multiple zero-day vulnerabilities being exploited by Chinese state-backed threat actors. The unusual step was taken to protect customers running on-premises versions of Microsoft Exchange Server.

https://www.infosecurity-magazine.com/news/microsoft-patch-four-zeroday/

A Booming Trade In Bugs Is Undermining Cyber Security

If you discover that a favourite vending-machine dispenses free chocolate when its buttons are pressed just so, what should you do? The virtuous option is to tell the manufacturer, so it can fix it. The temptation is to gorge.

https://www.economist.com/books-and-arts/2021/03/06/a-booming-trade-in-bugs-is-undermining-cyber-security

Is Your Browser Extension A Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.

https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/

Cyber Attack Shuts Down Online Learning At 15 UK Schools

A threat actor was able to access the trust's central network infrastructure and while an investigation took place, all existing phone, email, and website communication had to be pulled. Students are still learning remotely in England. Schools are set to reopen on March 8, but in the meantime, only a small subset of children are attending school physically, such as the children of key workers.

https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/

First Fully Weaponized Spectre Exploit Discovered Online

A fully weaponized exploit for the Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal last month, marking the first time a working exploit capable of doing actual damage has entered the public domain. The exploit was discovered and targets Spectre, a major vulnerability that was disclosed in January 2018. According to its website, the Spectre bug is a hardware design flaw in the architectures of Intel, AMD, and ARM processors that allows code running inside bad apps to break the isolation between different applications at the CPU level and then steal sensitive data from other apps running on the same system.

https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/

Solarwinds Security Fiasco May Have Started With Simple Password Blunders

We still do not know just how bad the SolarWinds security breach is. We do know over a hundred US government agencies and companies were cracked. "The largest and most sophisticated attack the world has ever seen," with more than a thousand hackers behind it. It may have all started when an intern first set an important password to "'solarwinds123." Then, adding insult to injury, the intern shared the password on GitHub.

https://www.zdnet.com/article/solarwinds-security-fiasco-may-have-started-with-simple-password-blunders/

Threats

Ransomware

• Data analytics agency Polecat held to ransom after server exposed 30TB of records

• Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance

• Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

• Search crimes – how the Gootkit gang poisons Google searches

• Qualys hit with ransomware: customer invoices leaked on extortionists' tor blog

Phishing

• COVID19 Vaccine Phishing Scams Surge 26% in Three Months

Malware

• Compromised Website Images Camouflage ObliqueRAT Malware

• Malicious NPM packages target Amazon, Slack with new dependency attacks

Mobile

• This new jailbreak threat could put nearly all iPhones at risk

Vulnerabilities

• These Microsoft Exchange Server zero-day flaws are being used by hackers, so update now

• High severity Linux network security holes found, fixed

• Working Windows and Linux Spectre exploits found on VirusTotal

• Google shares PoC exploit for critical Windows 10 Graphics RCE bug

• Another Chrome zero-day exploit – so get that update done!

• If you own a MacBook, download and install macOS Big Sur 11.2.2 ASAP

Data Breaches

• Data is the world’s most valuable (and vulnerable) resource

• Far-Right Platform Gab Has Been Hacked—Including Private Data

• Singapore Airlines frequent flyer members hit in third-party data security breach

Organised Crime

• Three Top Russian Cyber Crime Forums Hacked

• Hackers share methods to bypass 3D Secure for payment cards

• Cyber Crime 'Help Wanted': Job Hunting on the Dark Web

Dark Web

• The 20 Most Common Passwords Found On The Dark Web

Supply Chain

• Why supply chains are today's fastest growing cyber security threat

• Bombardier is latest victim of Accellion supply chain attack

Nation-State Actors

• Indian cyber espionage activity rising amid growing rivalry with China, Pakistan

• Microsoft accuses China over email cyber-attacks

• New nation-state cyber attacks

• Lazarus Targets Defense Companies with ThreatNeedle Malware

• Security News This Week: The SolarWinds Body Count Now Includes NASA and the FAA

Privacy

• How To Reclaim Your Privacy from Windows 10

• Home-security cameras have become a fruitful resource for law enforcement — and a fatal risk

Reports Published in the Last Week

• Report: Quality, not quantity, is the hallmark of the latest waves of phishing attacks

Other News

• Next Cyber War will hit regular People online

• Prime-factor mathematical foundations of RSA cryptography ‘broken’, claims cryptographer

• Criminals 'Posing As Cyber Security Experts' As Number Of Firms Rises

• NSA, Microsoft promote a Zero Trust approach to cyber security

• Inside the race to keep secrets safe from the quantum computing revolution

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

Cyber Criminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and Turkey starting in mid-January. When the Masslogger variant launched its infection chain, it disguised its malicious RAR files as Compiled HTML (CHM) files. This is a new move for Masslogger, and helps the malware sidestep potential defensive programs, which would otherwise block the email attachment based on its RAR file extension, said researchers on Wednesday.

https://threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/

Phishers tricking users via fake LinkedIn Private Shared Document

The phishing message is delivered via LinkedIn’s internal messaging system and looks like it has been sent by one of the victim’s contacts. The message urges the recipient to follow a third-party link to view a document. If they fail to find this suspicious, they’ll be redirected to a convincingly spoofed LinkedIn login page, and if they enter their login credentials, their account will probably soon be sending out phishing messages to their contacts.

https://www.helpnetsecurity.com/2021/02/18/linkedin-private-shared-document/

Solarwinds Attack Hit 100 Companies And Took Months Of Planning’; ‘Largest And Most Sophisticated Attack’ Ever Seen According To Microsoft; Hackers Downloaded Some Azure, Exchange, And Intune Source Code

A hacking campaign that used a tech company as a springboard to compromise a raft of US government agencies has been called “the largest and most sophisticated attack the world has ever seen”, according to Microsoft. Nine US governmental agencies were breached along with 100 different private sector companies , many of which were technology companies, including products that could be used to launch additional intrusions. Microsoft said it has formally completed its investigation into the SolarWinds-related breach and found no evidence that hackers abused its internal systems or official products to pivot and attack end-users and business customers, though it did state that it had discovered that hackers used the access they gained through the SolarWinds Orion app to pivot to Microsoft's internal network, where they accessed the source code of several internal projects.

https://www.zdnet.com/article/solarwinds-attack-hit-100-companies-and-took-months-of-planning-says-white-house/ https://www.independent.co.uk/news/world/americas/solarwinds-us-russia-hacking-b1802299.html https://www.zdnet.com/article/microsoft-says-solarwinds-hackers-downloaded-some-azure-exchange-and-intune-source-code/

Ransomware gangs are running riot – paying them off doesn’t help

In the past five years, ransomware attacks have evolved from rare misfortunes into common and disruptive threats. Hijacking the IT systems of organisations and forcing them to pay a ransom in order to reclaim them, cyber criminals are freely extorting millions of pounds from companies – and they’re enjoying a remarkably low risk of arrest as they do it.

https://theconversation.com/ransomware-gangs-are-running-riot-paying-them-off-doesnt-help-155254

Most security bugs in the wild are years old

Most vulnerabilities exploited in the wild are years old and some could be remedied easily with a readily available patch. This is one of the findings of a new report, which states that two thirds (65 percent) of CVEs found in 2020 were more than three years old, while a third of those (32 percent) were originally identified in 2015 or earlier.

https://www.itproportal.com/news/most-security-bugs-in-the-wild-are-multiple-years-old/

Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day

A hacker claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web. Jones Day has many prominent clients, including former President Donald Trump and major corporations. Jones Day, in a statement, disputed that its network has been breached. The statement said that a file-sharing company that it has used was recently compromised and had information taken. Jones Day said it continues to investigate the breach and will continue to be in discussion with affected clients and appropriate authorities.

https://www.wsj.com/articles/hacker-claims-to-have-stolen-files-belonging-to-prominent-law-firm-jones-day-11613514532?reflink=desktopwebshare_twitter

Former Spy Chief Calls For Military Cyber Attacks On Ransomware Hackers

The state should launch military cyber attacks to shut down ransomware gangs that have extorted millions of pounds from British businesses, a former spy chief has said.

Ciaran Martin, who previously led the UK’s National Cyber Security Centre, said the problem of criminal gangs locking and stealing files has become so serious that Government should now seek to disrupt the operations of prolific criminals.

The plans would mark a major change of tack for the UK authorities, who have long downplayed the idea they could routinely use offensive hacking as well as cyber defence.

https://www.telegraph.co.uk/technology/2021/02/15/former-spy-chief-calls-military-cyber-attacks-ransomware-hackers/

Think your backups will protect you from ransomware? What do you think the malware attacked first?

If you think your backup strategy means you’re protected from the worst that cyber criminals can throw at you, we’ve got some bad news. Ransomware creators know all about backups, too. So, if you are unlucky enough to get a “pay up or else” notice, there’s a very good chance that the attacker in question has already been stealthily working their way through your systems for some time, ensuring your recovery data has already been comprehensively trashed.

https://www.theregister.com/2021/02/17/protect_yourself_from_ransomware_webcast/

100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020

More than 100 financial services firms across multiple countries were targeted in a wave of ransom distributed denial-of-service (DDoS) attacks conducted by the same threat actor in 2020. The attacks moved in methodical fashion across Europe, North America, Latin America, and Asia, hitting dozens of organizations in the financial sector in each region, the Financial Services Information Sharing and Analysis Center (FS-ISAC) disclosed this week. Among those targeted were banks, exchanges, payments companies, card issuers, payroll companies, insurance firms, and money transfer services.

https://www.darkreading.com/attacks-breaches/100+-financial-services-firms-targeted-in-ransom-ddos-attacks-in-2020/d/d-id/1340165

14 million alleged Amazon and eBay account details sold online

An unknown user was offering the data of 14 million Amazon and eBay customers’ accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries. The database was being sold for $800 and the accounts are divided into their respective countries. The leaked data includes the customer’s full name, postal code, delivery address, and shop name, as well 1.6 million phone records.

https://cybernews.com/security/14-million-amazon-and-ebay-accounts-sold-online-in-new-leak/

Threats

Ransomware

• Kia Reportedly Under Ransomware Attack With $20M Demand

• Conti ransomware: Evasive by nature

• Egregor ransomware affiliates arrested by Ukrainian, French police

BEC

• This cyber security threat costs business millions. And it's the one they often forget about

Phishing

• This phishing email promises you a bonus - but actually delivers this Windows trojan malware

• How Hackers use Phishing to Hijack Sites through Hosting Provider

• Hackers abusing the Ngrok platform phishing attacks

Malware

• Windows and Linux servers targeted by new WatchDog botnet for almost two years

• Malware Is Now Targeting Apple’s New M1 Processor

• TrickBot's BazarBackdoor malware is now coded in Nim to evade antivirus

Mobile

• Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam

IOT

Vulnerabilities

• The OpenSSL Project addressed three vulnerabilities

• WordPress plugin exploit puts more than one million sites at risk

• Bug in shared SDK can let attackers join calls undetected across multiple apps

• Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

• Apple patches severe macOS Big Sur data loss bug

• Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches

• Telegram privacy feature failed to delete self-destructing video files

Data Breaches

• Scottish Borders Council apologises for data breach

Organised Crime

• Duo Charged with Multimillion-Dollar Dark Web Drugs Scheme

• Cybercrime Joker Retires With A Reported $2.1 Billion In Bitcoin

Insider Threats

• Yandex Data Breach Exposes 4K+ Email Accounts

Supply Chain

• Supply chain attacks are on the rise: Check your software build pipeline security

OT, ICS, IIoT and SCADA

• The Cyber Risks of Transportation’s Connected OT/IoT Systems

Nation-State Actors

• France Ties Russia's Sandworm to a Multiyear Hacking Spree

• Russian state hackers targeted Centreon servers in years-long campaign

• Feds Indict North Korean Hackers for Years of Heists and Scams

• MPs sign up to Clubhouse app despite Chinese security concerns

Privacy

• More bosses are using software to monitor remote workers. Not everyone is happy about it

• 'Spy pixels in emails have become endemic'

Reports Published in the Last Week

• State Of Malware 2021 Report

Other News

• Attacks targeting IT firms stir concern, controversy

• Record year for UK’s £8.9bn cyber security sector

• Most businesses plan to move away from VPNs, adopt a zero-trust access model

• 20 Common Tools & Techniques Used by macOS Threat Actors & Malware

• The biggest cyber attacks in gaming history

• Discord is fast becoming a favourite tool among cyber criminals

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

2020 Sees Ransomware Increase By Over 400 Percent

A new study from Cyber Security company, finds that last year malware increased by 358 percent overall and ransomware increased by 435 percent as compared with 2019. The report which analyzes millions of attacks taking place across the year finds distribution of the Emotet malware skyrocketed by 4,000 percent, while malware threats attacking Android phones increased by 263 percent. July saw the largest increase in malicious activity, up by 653 percent compared with the previous year. Microsoft Office documents are the most manipulated document attack vector and these attacks were up by 112 percent.

https://betanews.com/2021/02/10/ransomware-increase-400-percent/

Remote Desktop Protocol Attacks Surge By 768%

Remote desktop protocol (RDP) attacks increase by 768% between Q1 and Q4 last year, fuelled by the shift to remote working. However, a slower rate of growth was observed in the final quarter of the year, indicating that organizations have enhanced their security for remote users.

https://www.infosecurity-magazine.com/news/remote-desktop-protocol-attacks/

Even Minor Phishing Operations Can Distribute Millions Of Malicious Emails Per Week

Even small-scale phishing campaigns are capable of distributing millions and millions of malicious emails to victims around the world, according to a new report. Describing the most popular styles of phishing attack, criminal today rely on fast-churning campaigns. They create a single phishing email template (usually in English) and send it out to anywhere between 100 and 1,000 targets.

https://www.itproportal.com/news/even-small-phishing-operations-can-distribute-millions-of-malicious-emails-per-week/

With One Update, This Malicious Android App Hijacked Millions Of Devices

With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices. Lavabird Ltd.'s Barcode Scanner was an Android app that had been available on Google's official app repository for years. The app, accounting for over 10 million installs, offered a QR code reader and a barcode generator -- a useful utility for mobile devices.

https://www.zdnet.com/article/with-one-update-this-malicious-android-app-hijacked-10-million-devices/

Cd Projekt Hit By Ransomware Attack, Refused To Pay Ransom, Data Reportedly Sold Off By Hackers

Polish video game maker CD Projekt, which makes Cyberpunk 2077 and The Witcher, has confirmed it was hit by a ransomware attack. In a statement posted to its Twitter account, the company said it will “not give in nor negotiate” with the hackers, saying it has backups in place. “We have already secured our IT infrastructure and begun restoring data,” the company said.

https://techcrunch.com/2021/02/09/cd-projekt-red-hit-by-ransomware-attack-refuses-to-pay-ransom/

Hacked Florida Water Plant Used Shared Passwords And Windows 7 PCs

The Oldsmar, Florida water plant hacked earlier this week used outdated Windows 7 PCs and shared passwords, the Associated Press has reported. A government advisory also revealed that the relatively unsophisticated attack used the remote-access program TeamViewer. However, officials also said that the hacker’s attempt to boost chemicals to dangerous levels was stopped almost immediately after it started.

https://www.engadget.com/hacked-water-plant-computer-had-shared-passwords-andofdate-windows-os-082552973.html

Top Web Hosting Provider Shuts Down Following Cyber Attack

Cybercriminals often attack websites in order to extort a ransom from their victims but a recent cyberattack against the web hosting company No Support Linux Hosting took quite a different turn. After a hacker managed to breach the company's internal systems and compromise its entire operation, No Support Linux Hosting has announced that it is shutting down. The company alerted its customers to the situation before shutting down its website in a message.

https://www.techradar.com/news/top-web-hosting-provider-shuts-down-following-cyberattack

High Demand For Hacker Services On Dark Web Forums

Nine in 10 (90%) users of dark web forums are searching for a hacker who can provide them with a particular resource or who can download a user database. This is according to new research by Positive Technologies, which analyzed activity on the 10 most prominent forums on the dark web, which offer services such as website hacking and the buying/selling of databases. The study highlights the growing demand for hackers’ services and stolen data, exacerbated by the increased internet usage by both organizations and individuals since the start of COVID-19.

https://www.infosecurity-magazine.com/news/demand-hacker-services-dark-web/

Facebook Phishing Campaign Tricked Nearly 500,000 Users In Two Weeks

A recent investigation uncovered a large scale phishing operation on Facebook. The Facebook phishing campaign is dangerous and targets user personal information. The phishing scam “Is that you” currently on Facebook has been around in multiple forms for years. The whole trouble starts with a “friend” sending you a message claiming to have found a video or image with you in it. The message is usually a video and after clicking, it takes you through a series of websites. These websites have malicious scripts that get your location, device type, and operating system.

https://www.gizchina.com/2021/02/09/facebook-phishing-campaign-tricked-nearly-500000-users-in-two-weeks/

Hackers Are Tweaking Their Approach To Phishing Attacks In 2021

Cyber criminals are a creative bunch, constantly coming up with new ways to avoid detection and advance their sinister goals. A new report from cyber security experts at BitDam describes a few fresh techniques used in the wild so far in 2021. According to the report, email protection solutions tend to trust newly created email domains that are yet to be flagged as dangerous. Criminals are now increasingly exploiting this fact to increase the chances that phishing, and malware emails make it into victims' inboxes.

https://www.itproportal.com/news/hackers-are-tweaking-their-approach-to-phishing-attacks-in-2021/

Threats

 Ransomware

• Researchers identify 223 vulnerabilities used in recent ransomware attacks (Potential headline)

• CD Projekt hit by ransomware attack, refuses to pay ransom

• This old form of ransomware has returned with new tricks and new targets

Phishing

• This phishing attack uses some very retro technology to hide its payload

Malware

• Malicious Code Injected via Google Chrome Extension Highlights App Risks

Mobile

• Android devices caught in Matryosh botnet

• Military, Nuclear Entities Under Target By Novel Android Malware

IOT

• This old security vulnerability left millions of Internet of Things devices vulnerable to attacks

Vulnerabilities

• Zero-Day and Six Publicly Disclosed CVEs Fixed

• Swarm of Palo Alto PAN-OS vulnerabilities

• Actively Exploited Windows Kernel EoP Bug Allows Takeover

• Apple fixes serious sudo vulnerability in macOS

• Attackers Exploit Critical Adobe Flaw to Target Windows Users

• Microsoft issues emergency fix for Wi-Fi foul-up delivered hot and fresh on Patch Tuesday

Data Breaches

• The Accellion Data Breach Seems to Be Getting Bigger

• Billions of Passwords Offered for $2 in Cyber-Underground

• Experian to investigate possible data leak

Organised Crime

• Europol takes down hackers who allegedly stole over $100 million in crypto from celebs

Supply Chain

• Supply-chain Hack Breaches 35 Companies, Including Paypal, Microsoft, Apple 

Nation-State Actors

• Android spyware strains linked to state-sponsored Confucius threat group

• 'BendyBear' APT malware linked to Chinese government hackers

• Microsoft to alert Office 365 users of nation-state hacking activity

• Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies

• Big Russian hack used a technique experts had warned about for years. Why wasn’t the U.S. government ready?

Privacy

• Browser ‘Favicons’ Can Be Used as Undeletable ‘Supercookies’ to Track You Online

Reports Published in the Last Week

• The Global Risks Report Highlights The Onslaught Of Cyberattacks And A Failure Of Governments To Stop Them. 

• ESET Threat Report Q4 2020

Other News

• Google launches Open Source Vulnerabilities (OSV) database

• Quantum computing could make encryption algorithms obsolete

• UK’s enemies trying to ‘tear society apart’ via social media

• 91% of enterprise pros experienced an API security incident in 2020

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Ryuk gang estimated to have made more than $150 million from ransomware attacks

In a joint report published today, threat intel company Advanced Intelligence and cyber security firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed and linked to Ryuk ransomware attacks. "Ryuk receives a significant amount of their ransom payments from a well-known broker that makes payments on behalf of the ransomware victims," the two companies said. "These payments sometimes amount to millions of dollars and typically run in the hundreds of thousands range."

https://www.zdnet.com/article/ryuk-gang-estimated-to-have-made-more-than-150-million-from-ransomware-attacks/

China's APT hackers move to ransomware attacks

Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse.

https://www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/

SolarWinds hack: Amid hardened security, attackers seek softer targets

Reported theories by SolarWinds hack investigators that federal agencies and private companies were too busy focusing on election security to recognize vulnerabilities tied to the software supply chain are unfair and misleading. And yet, those same experts acknowledge that such accusations offer an important cyber security lesson for businesses: organizations must ensure that their entire attack surface receives attention.

https://www.scmagazine.com/home/solarwinds-hack/solarwinds-hack-amid-hardened-security-attackers-seek-softer-targets/

Hackney Council files including alleged passport documents leaked online after cyber attack

The council in East London was hit by what it described as a "serious cyber attack" in October. It reported itself to the data watchdog due to the risk criminals accessed staff and residents' data. The council said it was working with the UK's National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.

https://news.sky.com/story/hackney-council-files-including-alleged-passport-documents-leaked-online-after-cyber-attack-12181017

PayPal users targeted in new SMS phishing campaign

Now, at first glance the message may not seem all that suspicious since PayPal may, in fact, impose limits on sending and withdrawing money. The payment provider usually does so when it suspects that an account has been accessed by a third party without authorization, when it has detected high-risk activities on an account, or when a user has violated its Acceptable Use Policy. However, in this case it really is a case of SMS-borne phishing, also known as Smishing. If you click on the link, you will be redirected to a login phishing page that will request your access credentials. Should you proceed to “log in”, your credentials will be sent to the scammers behind the ruse and the fraudulent webpage will attempt to gather further information, including the full name, date of birth address, and bank details.

https://www.welivesecurity.com/2021/01/04/paypal-users-targeted-new-sms-phishing-campaign/

SolarWinds, top executives hit with class action lawsuit over Orion software breach

SolarWinds and some of its top executives have been hit with a class action lawsuit by stockholders, who allege the company lied and materially misled them about security practices leading up to a massive breach of its Orion management software that has reverberated throughout the public and private sector.

https://www.scmagazine.com/home/solarwinds-hack/solarwinds-top-executives-hit-with-class-action-lawsuit-over-orion-software-breach/

The rise of cyber-mercenaries poses a growing threat for both governments and companies

These days, 21st century mercenaries are as likely to be seated behind a computer screen, wreaking havoc for their paymasters’ enemies as slugging it out on a real-world battlefield. But the rapid rise of cyber-mercenaries - or Private Sector Offensive Actors (PSOAs) - is vexing some of the biggest names in the global technology industry, and for good reason. Globally, the cyber security industry is already vast, raking in an estimated $156bn in revenues in 2019. It is set to nearly double in size by 2027.

https://www.telegraph.co.uk/business/2021/01/07/privatisation-cyber-security-growing-threat-governments-companies/

Declutter Your Devices to Reduce Security Risks

Everyone should set aside time to review what they’ve installed on their various devices—typically apps, but that can also include games and addons. In fact, this should be an annual cleaning, at minimum.

You’re not just doing this because you want your device to look good. That’s one benefit you get from cleaning up your digital life, but it’s not the most important one. You’re also doing this to bolster your digital security. Yes, security.

https://lifehacker.com/declutter-your-devices-to-reduce-security-risks-1845991606

Threats

Ransomware

New Year, New Ransomware: Babuk Locker Targets Large Corporations

Phishing

This new phishing attack uses an odd lure to deliver Windows trojan malware

Facebook ads used to steal 615000+ credentials in a phishing campaign

Malware

North Korean hackers launch RokRat Trojan in campaigns against the South

Thousands infected by trojan that targets cryptocurrency users on Windows, Mac and Linux

A hacker’s predictions on enterprise malware risk

Vulnerabilities

Google Warns of Critical Android Remote Code Execution Bug

Hackers are actively exploiting this leading VPN, so patch now

Data Breaches

Hacker posts data of 10,000 American Express accounts for free

Vodafone's ho. Mobile admits data breach, 2.5m users impacted

The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on online.

T-Mobile data breach: ‘Malicious, unauthorized’ hack exposes customer call information
Exclusive Networks hit by cyberattack on New Year's Eve

Up to half a million victims of BA data breach could be eligible for compensation

Nation State Actors

Even Small Nations Have Jumped into the Cyber Espionage Game

Denial of Service

Ransom DDoS attacks target a Fortune Global 500 company

Privacy

Telegram feature exposes your precise address to hackers

Whatsapp Competitor Signal Stops Working Properly As Users Rush To Leave Over Privacy Update

Google Chrome browser privacy plan investigated in UK

Singapore police can access COVID-19 contact tracing data for criminal investigations

Other News

Feds Issue Recommendations for Maritime Cybersecurity

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.