Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

 UK, US, Australia Issue Joint Advisory: Ransomware on the Loose, Critical National Infrastructure Affected

Firms shelled out $5bn in Bitcoin in 6 months

Ransomware attacks are proliferating as criminals turn to gangs providing turnkey post-compromise services, Britain's National Cyber Security Centre (NCSC) has warned.

In a joint UK-US-Australia advisory issued this week, the three countries said they had "observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally."

The warning comes hot on the heels of several high-profile attacks against oil distribution companies and also businesses that operate ports in the West – though today's note insists there was a move by criminals away from "big game hunting" against US targets.

Among the main threats facing Western organisations were the use of "cybercriminal services-for-hire". These, as detailed in the advisory, include "independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals."

https://www.theregister.com/2022/02/09/uk_us_au_ransomware_warning/

Ransomware Groups and APT Actors Laser-Focused on Financial Services

Trellix released a report, examining cybercriminal behaviour and activity related to cyber threats in the third quarter (Q3) of 2021. Among its findings, the research reports that despite a community reckoning to ban ransomware activity from online forums, hacker groups used alternate personas to continue to proliferate the use of ransomware against an increasing spectrum of sectors – hitting the financial, utilities and retail sectors most often, accounting for nearly 60% of ransomware detections.

“While we ended 2021 focused on a resurgent pandemic and the revelations around the Log4j vulnerability, our third-quarter deep dive into cyber threat activity found notable new tools and tactics among ransomware groups and advanced global threat actors,” said Trellix.

https://www.helpnetsecurity.com/2022/02/07/cyber-threats-q3-2021/

Why the C-Suite Should Focus on Understanding Cyber Security and Investing Appropriately

Trend Micro has published a research revealing that persistently low IT/C-suite engagement may imperil investments and expose organisations to increased cyber risk. Over 90% of the IT and business decision makers surveyed expressed particular concern about ransomware attacks.

Despite widespread concern over spiralling threats, the study found that only 57% of responding IT teams discuss cyber risks with the C-suite at least weekly.

Vulnerabilities used to go months or even years before being exploited after their discovery.

“Now it can be hours, or even sooner. More executives than ever understand that they have a responsibility to be informed, but they often feel overwhelmed by how rapidly the cyber security landscape evolves. IT leaders need to communicate with their board in such a way that they can understand where the organisation’s risk is and how they can best manage it.”

https://www.helpnetsecurity.com/2022/02/10/c-suite-engagement/

Almost $1.3bn Paid to Ransomware Actors Since 2020

Cryptocurrency experts have identified $602m of ransomware payments made in 2021, but warned the real figure will likely surpass the $692m paid to cybercrime groups in 2020.

The findings come from the Ransomware Crypto Crime Report produced by blockchain investigations and analytics company Chainalysis. It reveals some fascinating insight into current industry trends.

Average payment size has soared over recent years, from $25,000 in 2019 to $88,000 a year later and $118,000 in 2021. That’s due in part to a surge in targeted attacks on major organisations, known as “big-game hunting,” which can net threat actors tens of millions in a single compromise.

“This big-game hunting strategy is enabled in part by ransomware attackers’ usage of tools provided by third-party providers to make their attacks more effective,” the report explained. “Usage of these services by ransomware operators spiked to its highest ever levels in 2021.”

https://www.infosecurity-magazine.com/news/almost-13bn-paid-to-ransomware/

Cyber Crooks Frame Targets by Planting Fabricated Digital Evidence

The ‘ModifiedElephant’ threat actors are technically unimpressive, but they’ve evaded detection for a decade, hacking human rights advocates’ systems with dusty old keyloggers and off-the-shelf RATs.

Threat actors are hijacking the devices of India’s human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn.

The actor, dubbed ModifiedElephant, has been at it for at least 10 years, and it’s still active. It’s been shafting targets since 2012, if not sooner, going after hundreds of groups and individuals – some repeatedly – according to SentinelLabs researchers.

The operators aren’t what you’d call technical prodigies, but that doesn’t matter. Threat researchers at SentinelOne, said that the advanced persistent threat (APT) group – which may be tied to the commercial surveillance industry – has been muddling along just fine using rudimentary hacking tools such as commercially available remote-access trojans (RATs)

https://threatpost.com/cybercrooks-frame-targets-plant-incriminating-evidence/178384/

Highly Evasive Adaptive Threats (HEAT) Bypassing Traditional Security Defences

Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defences.

HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, that in many cases leads to ransomware attacks.

In an analysis of almost 500,000 malicious domains, the research team discovered that 69% of these websites used HEAT tactics to deliver malware. These attacks allow bad actors to deliver malicious content to the endpoint by adapting to the targeted environment. Since July 2021, there was a 224% increase in HEAT attacks.

“With the abrupt move to remote working in 2020, every organisation had to pivot to a work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them,” said Menlo Security.

https://www.helpnetsecurity.com/2022/02/08/cyberthreats-bypass-security-defences/

LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong

However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.

Law enforcement, C-suite executives and the cyber security community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs, plus this weekend’s hit on the Swissport airport ground-logistics company, shows the scourge is far from over.

It’s more expensive and riskier than ever to launch ransomware attacks, and ransomware groups have responded by mounting fewer attacks with higher ransomware demands, Coveware has reported, finding that the average ransomware payment in the fourth quarter of last year climbed by 130 percent to reach $322,168. Likewise, Coveware found a 63 percent jump in the median ransom payment, up to $117,116.

“Average and median ransom payments increased dramatically during Q4, but we believe this change was driven by a subtle tactical shift by ransomware-as-a-service (RaaS) operations that reflected the increasing costs and risks previously described,” Coveware analysts said. “The tactical shift involves a deliberate attempt to extort companies that are large enough to pay a ‘big game’ ransom amount but small enough to keep attack operating costs and resulting media and law enforcement attention low.”

https://threatpost.com/lockbit-blackcat-swissport-ransomware-activity/178261/

2021 Was The Most Prolific Year On Record For Data Breaches

Spirion released a guide which provides a detailed look at sensitive data breaches in 2021 derived from analysis conducted against the Identity Theft Resource Center (ITRC) database of publicly reported data breaches in the United States.

The guide is based on the analysis of more than 1,500 data incidents that occurred in the United States during 2021 that specifically involved sensitive data, including personally identifiable information (PII). The report identifies the top sensitive data breaches by the number of individuals impacted, number of records compromised, threat actor, exposure vector, and types of sensitive data exposed by industry sector.

2021 was the most prolific year on record for data breaches, surpassing 2017’s all-time high. Last year a total of 1,862 data compromises were reported by US organisations—a 68 percent increase over 2020. ITRC data revealed that 83% of the year’s incidents exposed 889 million sensitive data records that impacted more than 150 million individuals.

https://www.helpnetsecurity.com/2022/02/09/2021-sensitive-data-breaches/

$1.3 Billion Lost to Romance Scams in the Past Five Years

Romance scams are reaching record-highs, regulators warn.

Netflix's new documentary, The Tinder Swindler, is a wild ride.

The show examines how an alleged fraudster impacted the lives of multiple women, matching with them on Tinder and treating them to expensive dates to gain their trust -- and eventually asking for huge sums of money.

While you may watch the show and wonder how someone -- no matter their gender -- could allow themselves to be swindled out of their savings, romance scams are common, breaking hearts and wiping bank balances around the world every day. 

We've moved on from the days of "lonely hearts" columns to dating apps, and they're popular channels to conduct fraud.

Fake profiles, stolen photos and videos, and sob stories from fraudsters (their car has broken down, they can't afford to meet a match, or, in The Tinder Swindler's case, their "enemies" are after them) are all weapons designed to secure interest and sympathy.

https://www.zdnet.com/article/1-3-billion-lost-to-romance-scams-in-the-past-five-years-ftc/

Cyber Security Compliance Still Not A Priority For Many

IBM survey suggests that cyber security still isn't a priority for many companies

The most consistent data point in the IBM i Marketplace Survey Results over recent years has been the ever-present cyber security threat. This year is no exception. The study shows that 62% of organisations consider cyber security a number one concern as they plan their IT infrastructure. 22% cite regulations and compliance in their top five. While companies that prioritise security seem to be implementing multiple solutions, it’s still alarming that nearly half of them do not plan to implement them.

The complexity of cyber security often leaves industry leaders confused and overwhelmed, unable to produce the sound, proactive stance that is so essential.

Cyber security standards can be confusing, but they are necessary. Tighter security can be encouraged with an understanding of cyber security guidelines

For many organisations, cyber security standards are just too complex to wrap their hands around, but that doesn’t mean it’s not necessary. Understanding how cyber security guidelines affect companies’ legal standing can help encourage tighter security.

https://www.itsecurityguru.org/2022/02/07/cybersecurity-compliance-still-not-a-priority-for-many/

The World is Falling Victim to the Growing Trickbot Attacks in 2022

The malware goons are back again. The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defence to slip past antimalware products.

TrickBot, which started out as a banking trojan, has evolved into a multi-purpose crimeware-as-a-service (CaaS) that’s employed by a variety of actors to deliver additional payloads such as ransomware. Over 100 variations of TrickBot have been identified to date, one of which is a “Trickboot” module that can modify the UEFI firmware of a compromised device. In the fall of 2020, Microsoft along with a handful of U.S. government agencies and private security companies teamed up to tackle the TrickBot botnet, taking down much of its infrastructure across the world in a bid to stymie its operations. But TrickBot has proven to be impervious to takedown attempts, what with the operators quickly adjusting their techniques to propagate multi-stage malware through phishing and malspam attacks, not to mention expanding their distribution channels by partnering with other affiliates like Shathak (aka TA551) to increase scale and drive profits.

Russian-based criminals behind the notorious malware known as Trickbot appear to be working overtime to upgrade the threat’s capabilities. Researchers announced last week the discovery of new malware components that enable monitoring and intelligence gathering on victims. The research findings include the detection of a VNC module that uses a custom communications protocol to obfuscate any data being transmitted between the command-and-control (C2) servers and the victims, making the attacks harder to find. The module is in active development and is being updated by criminals at a rapid pace.

https://www.analyticsinsight.net/the-world-is-falling-victim-to-the-growing-trickbot-attacks-in-2022/

“We Absolutely Do Not Care About You”: Sugar Ransomware Targets Individuals

Ransomware tends to target organisations. Corporations not only house a trove of valuable data they can’t function without, but they are also expected to cough up a considerable amount of ransom money in exchange for their encrypted files. And while corporations struggle to keep up with attacks, ransomware groups have left the average consumer relatively untouched—until now.

Sugar ransomware, a new strain recently discovered by the Walmart Security Team, is a ransomware-as-a-service (RaaS) that targets single computers and (likely) small businesses, too. Sugar, also known to many as Encoded01, has been in operation since November 2021.

https://blog.malwarebytes.com/ransomware/2022/02/we-absolutely-do-not-care-about-you-sugar-ransomware-targets-individuals/

Threats

Ransomware

• NCSC Joins US and Australian Partners to Reveal Latest Ransomware Trends - NCSC.GOV.UK

• Russian Ransomware Attacks Increased During 2021, Joint Review Finds | Cybercrime | The Guardian

• You've Still Not Patched It? Hackers Are Using These Old Software Flaws To Deliver Ransomware | ZDNet

• FBI: Watch Out For LockBit 2.0 Ransomware, Here's How To Reduce The Risk To Your Network | ZDNet

• Law Enforcement Action Push Ransomware Gangs To Surgical Attacks (bleepingcomputer.com)

• Europe's Biggest Car Dealer Hit With Ransomware Attack | ZDNet

• Swissport Ransomware Incident Delayed Flights - Infosecurity Magazine

• How a Texas Hack Changed the Ransomware Business Forever - The Record by Recorded Future

• Puma Hit By Data Breach After Kronos Ransomware Attack (bleepingcomputer.com)

• Vodafone Portugal Hit By A Massive Cyber Attack - Security Affairs

• Fortune 500 Service Provider Says Ransomware Attack Led To Leak Of More Than 500k SSNs | ZDNet

Phishing

• Hackers Using Fake Job Offers in Latest Catfishing Scheme - ClearanceJobs

• Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks (darkreading.com)

• ICO Hit by 2650% Rise in Email Attacks - Infosecurity Magazine

Other Social Engineering

• Roaming Mantis SMSishing Campaign Now Targets Europe - Security Affairs

• FBI: SIM Swapping Attacks Have Surged Five-Fold - Infosecurity Magazine

Malware

• Qbot Needs Only 30 Minutes To Steal Your Credentials, Emails (bleepingcomputer.com)

• Linux Malware Attacks Are On The Rise, And Businesses Aren't Ready For It | ZDNet

• This Password-Stealing Malware Posed As A Windows 11 Download | ZDNet

• Several Malware Families Using Pay-Per-Install Service to Expand Their Targets (thehackernews.com)

• Qbot, Lokibot Malware Switch Back To Windows Regsvr32 Delivery (bleepingcomputer.com)

• Data Highlights Growing Threat From Intelligent Bots Operated at Scale by Cybercriminals | SecurityWeek.Com

Mobile

• Medusa Malware Joins Flubot's Android Distribution Network | Threatpost

• Critical Android 12 Bug Fixed In February Security Patches • The Register

Data Breaches/Leaks

• Croatian Phone Carrier Data Breach Impacts 200,000 Clients (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Government Continues Crackdown On Cyber Criminals - CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking

• More Than $400 Million Drained From Hacked Blockchain Bridges In Little More Than A Week • Graham Cluley

• Wife of Couple Accused of $4.5 billion Bitcoin Swindle Gave Cyber Security Advice (theblockcrypto.com)

Insider Risk and Insider Threats

• Chinese Telecom Hytera Charged For Allegedly Recruiting Motorola Employees To Steal Trade Secrets | ZDNet

Fraud, Scams & Financial Crime

• Midlifers Bled Dry By Scam That Takes Two Months To Spot (telegraph.co.uk)

Supply Chain

• The Most Common Cyber Gaps Threatening Supply Chain Security - Help Net Security

DoS/DDoS

• DDoS Attacks Hit All-time High - Infosecurity Magazine

Nation State Actors

• Russian APT Steps Up Malicious Cyber Activity in Ukraine (darkreading.com)

• Iran Malware in HPE Server Stuns Cyber Security Experts - Bloomberg

• Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign (thehackernews.com)

Cloud

• Organisations And The Cloud: How They Use It And How They Secure It - Help Net Security

Privacy

• Meta Threatens to Shut Down Facebook and Instagram in Europe | The Independent

• Facebook Exposes 'God Mode' Token Miscreants Could Use • The Register

Spyware, Espionage & Cyber Warfare

• MoleRats APT Flaunts New Trojan in Latest Cyber Espionage Campaign | Threatpost

Vulnerabilities

• Microsoft, Oracle, Apache and Apple vulnerabilities added to CISA catalog | ZDNet

• CISA Says 'HiveNightmare' Windows Vulnerability Exploited in Attacks | SecurityWeek.Com

• Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans (bleepingcomputer.com)

• Microsoft and Other Major Software Firms Release February 2022 Patch Updates (thehackernews.com)

• Apple Patches New Zero-Day Exploited To Hack iPhones, iPads, Macs (bleepingcomputer.com)

• CISA Urges Orgs To Patch Actively Exploited Windows SeriousSAM Bug (bleepingcomputer.com)

• CISA Warns Admins To Patch Maximum Severity SAP Vulnerability (bleepingcomputer.com)

• Adobe Patches 13 Vulnerabilities in Illustrator | SecurityWeek.Com

• PHP Everywhere RCE Flaws Threaten Thousands of WordPress Sites (bleepingcomputer.com)

Sector Specific

Financial Services Sector

• Ransomware Groups and APT Actors Laser-Focused On Financial Services - Help Net Security

Defence

• Defence Contractors Need to Check Their Six (darkreading.com)

Health/Medical/Pharma Sector

• FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors (thehackernews.com)

Retail/eCommerce

• Wave of MageCart Attacks Target Hundreds Of Outdated Magento Sites (bleepingcomputer.com)

• Threat Actors Compromised +500 Magento-Based E-Stores With E-Skimmers - Security Affairs

Transport and Aviation

• Swissport Ransomware Incident Delayed Flights - Infosecurity Magazine

Education and Academia

• FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors (thehackernews.com)

Other News

• A "light" February 2022 Patch Tuesday That Should Not Be Ignored - Help Net Security

• Organisations Still Struggling To Use APIs Effectively - Help Net Security

• Threat Hunting: Your Best Defence Against Unknown Threats - MSSP Alert

• UK Foreign and Commonwealth Office Suffered Serious Cyber Attack Earlier This Year | Reuters

• European Police Flag 500+ Pieces of “Terrorist” Content - Infosecurity Magazine

• A Quarter of New Online Accounts Are Fake – Report - Infosecurity Magazine

• Microsoft To Make Enabling 'Untrusted' Office Macros Tougher In The Name Of Security | ZDNet

• Cyber Terrorism Is a Growing Threat & Governments Must Take Action (darkreading.com)

• Hackers Have Begun Adapting To Wider Use Of Multi-Factor Authentication | TechRepublic

• The Race To Save The Internet From Quantum Hackers (nature.com)

• Disaster Recovery Is Critical For Business Continuity - Help Net Security

• CISOs Are Burned Out And Falling Behind | CSO Online

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Warned To Bolster Defences Against Cyber Attacks As Russia Threatens Ukraine - BBC News

UK organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.

The National Cyber Security Centre (NCSC) has issued new guidance, saying it is vital companies stay ahead of a potential threat.

The centre said it was unaware of any specific threats to UK organisations.

It follows a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies.

In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours.

It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.

"It was a complex operation," says John Hultquist, an expert on Russian cyber operations at the US security firm Mandiant. "They even disrupted the telephone lines so that the engineers couldn't make calls."

Ukraine has been on the front line of a cyber conflict for years. But if Russia does invade the country soon, tanks and troops will still be at the forefront.

https://www.bbc.co.uk/news/uk-60158874

Cyber Attacks And Ransomware Hit A New Record In 2021, Says Report

Ransomware attacks have doubled for the past two years, says a new report—but a lot of people aren’t bothering to change their passwords.

Hackers made up for some lost time last year.

After seeing the number of data breaches decline in 2020, the Identity Theft Resource Center’s 16th Annual Data Breach Report says the number of security compromises was up more than 68% in 2021. That tops the all-time high by a shocking 23%.

All told, there were 1,862 breaches last year, says the ITRC, 356 more than in 2017, the previous busiest year on record.

“Many of the cyber attacks committed were highly sophisticated and complex, requiring aggressive defences to prevent them,” Eva Velasquez, ITRC president and CEO, said in a statement. “If those defences failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”

https://www.fastcompany.com/90715622/cyberattacks-ransomware-data-breach-new-record-2021

Ransomware Families Becoming More Sophisticated With Newer Attack Methods

Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year.

The report also found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate crippling attacks. At the same time, they are broadening their attack spheres and finding newer ways to compromise organisational networks and fearlessly trigger high-impact assaults.

https://www.helpnetsecurity.com/2022/01/28/new-ransomware-families/

More Than 90% Of Enterprises Surveyed Have Been Hit By Successful Cyber Attacks

Cyber attacks can impact any organisation, big or small. But large enterprises are often more tempting targets due to the vast amount of lucrative data they hold. A new report from cyber security firm Anomali reveals an increase in successful cyber attacks and offers ideas on how organisations can better protect themselves.

Published on Thursday, the "2022 Anomali Cyber security Insights Report" is based on a survey of 800 cyber security decision makers commissioned by Anomali and conducted by Harris between September 9 and October 13 of 2021. The survey elicited responses from professionals in the US, UK, Canada and other countries who work full time in such industries as manufacturing, telecommunications and financial services.

Among the respondents, 87% said that their organisations were victims of successful cyber attacks sometime over the past three years. In this case, a successful attack is one that caused damage, disruption or a data breach. Since the pandemic started almost two years ago, 83% of those polled have experienced an increase in attempted cyber attacks, while 87% have been hit with a rise in phishing emails, many of them exploiting coronavirus-related themes.

https://www.techrepublic.com/article/more-than-90-of-enterprises-surveyed-have-been-hit-by-successful-cyberattacks/

Ransomware Gangs Increase Efforts To Enlist Insiders For Attacks

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.

The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.

Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.

https://www.bleepingcomputer.com/news/security/ransomware-gangs-increase-efforts-to-enlist-insiders-for-attacks/

Shipment-Delivery Scams Become the Favoured Way to Spread Malware

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found.

Researchers from Avanan, a Check Point company, and Cofense have discovered recent phishing campaigns that include malicious links or attachments aimed at infecting devices with Trickbot and other dangerous malware, they reported separately on Thursday.

The campaigns separately relied on trust in widely used methods for shipping and employees’ comfort with receiving emailed documents related to shipments to try to elicit further action to compromise corporate systems, researchers said.

https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/

Most Ransomware Infections Are Self-Installed

New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed.

The finding was included in the company’s inaugural annual report on cyber security trends and predictions, Great eXpeltations, published on Thursday.

Researchers found eight out of ten ransomware infections occurred after victims unwittingly opened a zipped file containing malicious code. Abuse of third-party access accounted for 3% of all ransomware incidents, and 4% were caused by exploiting a software vulnerability on the perimeter.

The report was based on the analysis of data aggregated from Expel’s security operations center (SOC) concerning incidents spanning January 1 2021 to December 31 2021.

Other key findings were that 50% of incidents were BEC (business email compromise) attempts, with SaaS apps a top target.

https://www.infosecurity-magazine.com/news/most-ransomware-infections-self/

Staff Negligence Is Now A Major Reason For Insider Security Incidents

Insider threats cost organisations approximately $15.4 million every year, with negligence a common reason for security incidents, new research suggests.

Enterprise players today are facing cyber security challenges from every angle. Weak endpoint security, unsecured cloud systems, vulnerabilities -- whether unpatched or zero-days -- the introduction of unregulated internet of things (IoT) devices to corporate networks and remote work systems can all become conduits for a cyber attack to take place.

When it comes to the human element of security, a lack of training or cyber security awareness, mistakes, or deliberate, malicious actions also needs to be acknowledged in managing threat detection and response.

https://www.zdnet.com/article/employee-contractor-negligence-is-now-a-major-reason-for-insider-security-incidents/

22 Cyber Security Myths Organisations Need To Stop Believing In 2022

Security teams trying to defend their organisations need to adapt quickly to new challenges. Yesterday’s buzzwords and best practices have become today’s myths.

The past few years have seen a dramatic shift in how organisations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

This convoluted environment requires a new mindset to defend, and things that might have held true in the past might no longer be useful. Can digital certificates' expiration dates still be managed in a spreadsheet? Is encryption 'magic dust'? And are humans actually the weakest link?

Security experts weigh in the 22 cyber security myths that we finally need to retire in 2022.

https://www.csoonline.com/article/3648048/22-cybersecurity-myths-organisations-need-to-stop-believing-in-2022.html

Android Malware Can Factory-Reset Phones After Draining Bank Accounts

A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean.

Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks.

https://arstechnica.com/information-technology/2022/01/android-malware-can-factory-reset-phones-after-draining-bank-accounts/

GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study

Fines issued for GDPR non-compliance increased sevenfold from 2020 to 2021, analysis shows

In its latest annual GDPR summary, international law firm DLA Piper focuses attention in two areas: fines imposed and the evolving effect of the Schrems II ruling of 2020. Fines are increasing and Schrems II issues are becoming more complex.

Fines issued for GDPR non-compliance increased significantly (sevenfold) in 2021, from €158.5 million (approximately $180 million) in 2020 to just under €1.1 billion (approximately $1.25 billion) in 2021. The largest fines came from Luxembourg against Amazon (€746 million / $846 million), and Ireland against WhatsApp (€225 million / $255 million). Both are currently being appealed.

The WhatsApp fine is interesting. The original fine proposed by the Irish Data Protection Commission (DPC) was for €30 million to €50 million. However, other European regulators objected, and the European Data Processing Board (EDPB) adjudicated – instructing Ireland to increase the fine by 350%.

https://www.securityweek.com/gdpr-fines-surged-sevenfold-125-billion-2021-study

Cyber Security In 2022 – A Fresh Look At Some Very Alarming Stats

Last year Forbes wrote a couple of articles  that highlighted some of the more significant cyber statistics associated with our expanding digital ecosystem.  In retrospect, 2021 was a very trying year for cyber security in so many areas. There were high profile breaches such as Solar Winds, Colonial Pipeline and dozens of others that had major economic and security related impact.  Ransomware came on with a vengeance targeting many small and medium businesses.  

Perhaps most worrisome was how critical infrastructure and supply chains security weaknesses were targeted and exploited by adversaries at higher rates than in the past.  Since it is only January, we are just starting to learn of some of the statistics that certainly will trend in 2022.  By reviewing the topics below, we can learn what we need to fortify and bolster in terms of cyber security throughout the coming year.

https://www.forbes.com/sites/chuckbrooks/2022/01/21/cybersecurity-in-2022--a-fresh-look-at-some-very-alarming-stats/

Buy now, pay later fraud, romance and cryptocurrency schemes top the list of threats this year

Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud.

The main areas they are predicting seeing rises in fraud are:

-Buy now, pay never

-Cryptocurrency scams

-Doubling ransomware attacks

-More increases in romance fraud

-Digital elder abuse will rise

https://www.helpnetsecurity.com/2022/01/26/fraud-threats-this-year/

Threats

Ransomware

• Ransomware: More Families, More Vulnerabilities, More Weaponry Dominate 2021 - MSSP Alert

• Linux Version Of LockBit Ransomware Targets VMware ESXi Servers (bleepingcomputer.com)

• BlackCat Ransomware Targeting US, European Retail, Construction And Transportation Orgs | ZDNet

• Conti Ransomware Hits Apple, Tesla Supplier - The Record by Recorded Future

Phishing

• There's Been A Big Rise In Phishing Attacks Using Microsoft Excel XLL Add-Ins | ZDNet

• Microsoft warns of multi-stage phishing campaign leveraging Azure AD (bleepingcomputer.com)

• Evolved phishing: Device Registration Trick Adds To Phishers’ Toolbox For Victims Without MFA - Microsoft Security Blog

Other Social Engineering

• Coronavirus SMS Scam Offers Home PCR Testing Devices – Don’t Fall For It! – Naked Security (sophos.com)

Malware

• Trickbot Injections Get Harder to Detect & Analyze (darkreading.com)

• Log4j: Mirai Botnet Found Targeting ZyXEL Networking Devices | ZDNet

• Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks (thehackernews.com)

• TrickBot Malware Using New Techniques to Evade Web Injection Attacks (thehackernews.com)

Mobile

• 105 Million Android Users Targeted By Subscription Fraud Campaign (bleepingcomputer.com)

• 2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan | Ars Technica

• New FluBot And TeaBot Campaigns Target Android Devices Worldwide (bleepingcomputer.com)

• Latest Version Of Android RAT BRATA Wipes Devices After Stealing Data - Security Affairs

• Is Google Tracking Your Location Even When You Think You’ve Turned It Off? US States Sue Over “Deception” • Graham Cluley

IoT

• As IoT Attacks Increase, Experts Fear More Serious Threats (darkreading.com)

• Mirai Splinter Botnets Dominate IoT Attack Scene | ZDNet

• Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHub (darkreading.com)

• 19-Year-Old Describes How He Remotely Hacked 25+ Teslas (businessinsider.com)

Data Breaches/Leaks

• 'We're Losing Control Of Our Data' As Breaches Reach An All-Time High | ZDNet

• Personal Identifying Information For 1.5 Billion Users Was Stolen In 2021, But From Where? - TechRepublic

Organised Crime & Criminal Actors

• Russia Makes More Arrests, But Cyber Crime-Harbouring Reputation Hard To Shake (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking

• People Are Still Getting Pwned a Week After a Crypto Hack Was ‘Contained’ (vice.com)

Supply Chain

• Aqua Security Reports Large Increase in Supply Chain Attacks (infoq.com)

DoS/DDoS

• Microsoft Mitigates Largest DDoS Attack 'Ever Reported In History' (bleepingcomputer.com)

• Nobel Foundation Site Hit By DDoS Attack On Award Day (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Over 20,000 Data Center Management Systems Exposed To Hackers (bleepingcomputer.com)

• Energy Sector Still Needs to Shut the Barn Door (darkreading.com)

Nation State Actors

• North Korean Hackers Using Windows Update Service to Infect PCs with Malware (thehackernews.com)

• Russian APT29 Hackers' Stealthy Malware Undetected For Years (bleepingcomputer.com)

• North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware (thehackernews.com)

• German Intel Warns Of APT27 Targeting Commercial Organisations - Security Affairs

• Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign (darkreading.com)

• APTs Quiet Ahead Of Beijing Games, But Financially Motivated Hackers Are Still Lurking, Research Says - CyberScoop

Cloud

• Top 5 Cloud Security Data Breaches in Recent Years (makeuseof.com)

• Molerats Group Uses Public Cloud Services As Attack Infrastructure - Security Affairs

Privacy

• UK’s Privacy Tsar Mounts Fierce Defence of End-to-End Encryption - Infosecurity Magazine

Passwords & Credential Stuffing

• 65% Of Organisations Continue To Rely On Shared Logins - Help Net Security

• Strong Security Starts With The Strengthening Of The Weakest Link: Passwords - Help Net Security

• Has That Password Been Compromised? - IT Security Guru

Spyware, Espionage & Cyber Warfare

• DazzleSpy: Pro-Democracy Org Hijacked To Become macOS Spyware Distributor | ZDNet

Vulnerabilities

• Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’ | Threatpost

• Outlook Security Feature Bypass Allowed Sending Malicious Links | SecurityWeek.Com

• Attackers Now Actively Targeting Critical SonicWall RCE Bug (bleepingcomputer.com)

• Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? (thehackernews.com)

• Apple Fixes New Zero-Day Exploited To Hack macOS, iOS Devices (bleepingcomputer.com)

• F5 Fixes 25 Flaws In BIG-IP, BIG-IQ, and NGINX Products - Security Affairs

Sector Specific

Health/Medical/Pharma Sector

• Healthcare Industry Most Common Victim Of Third-Party Breaches Last Year - Help Net Security

Education and Academia

• Education Sector Hounded By Cyber Attacks In 2021 | CSO Online

• Reports Published in the Last Week

• Identity Theft Resource Center’s 2021 Annual Data Breach Report Sets New Record for Number of Compromises - ITRC (idtheftcenter.org)

• Experian plc - Experian’s Annual Future of Fraud Forecast Predicts Five Key Threats for Businesses and Consumers in 2022

• Aqua Security Reports Large Increase in Supply Chain Attacks (infoq.com)

Other News

• Cyber Security: 11 Steps To Take As Threat Levels Increase | ZDNet

• Right of Boom: Can Your MSP Really Survive A Cyber Attack? - MSSP Alert

• Are You Prepared to Defend Against a USB Attack? (darkreading.com)

• Prioritizing And Remediating Vulnerabilities In The Wake Of Log4J and Microsoft's Patch Tuesday Blunder | CSO Online

• VW Fired Senior Employee After They Raised Cyber Security Concerns | Financial Times

• Microsoft Outlook RCE Zero-Day Exploits Now Selling For $400,000 (bleepingcomputer.com)

• Hackers Are Taking Over CEO Accounts With Rogue OAuth Apps (bleepingcomputer.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.