Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 29 December 2023

Black Arrow Cyber Threat Intelligence Briefing 29 December 2023:

-UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions

-Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance

-The Most Popular Passwords of 2023 are Easy to Guess and Crack

-Dangerous Malware Pretends to be Some of Your Most Used Business Software

-MFA Helps You Stay Resilient, But Nothing is a Silver Bullet

-Ransomware Leak Site Victims Reached Record-High in November

-MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023

-Europol Warns 443 Online Shops Infected with Credit Card Stealers

-Physical Access Systems Open Door to IT Networks

-Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks

-Daily Malicious Files Rise to 411,000 a day in 2023

-Android Malware Actively Infecting Devices to Take Full Control

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions

The UK’s power network has long been an attractive target for enemies of the state and that remains true today. In fact, according to the UK Government, the risk of the whole country’s electricity system being shut down is growing. So are the dangers to citizens if it happens.

The UK’s National Risk Register, the official document assessing 89 different possible threats to the country, explains that a cyber attack on the National Grid could be launched by culprits “encrypting, stealing or destroying data upon which critical systems depend, or via disruption to operational systems”.

Source: [iNews]

Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance

Billions of people around the world are expected to go to the polls and vote in 2024, in what will be the most significant election year in recent memory, and cyber security and government officials have already warned about countries using technology to influence operations. This includes disinformation campaigns and hacking attempts. Officials have further warned that artificial intelligence will likely be used to fuel such campaigns.

Sources: [The Record] [Security Affairs]

The Most Popular Passwords of 2023 are Easy to Guess and Crack

NordPass released a list of the top 200 common passwords recently, which included “123456” and “admin” as the top two. Of particular note, the top 40 passwords were all deemed to take less than 12 seconds to crack, or could be determined by an actor with no knowledge of the password. Many people would argue that there are so many passwords needed these days that it becomes hard to remember, hence their choice of easier passwords, and often reusing or recycling them across multiple sites and services. The use of a password manager can greatly reduce this need, requiring the user to only remember one password whilst also allowing for more complex and harder to crack passwords.

Source: [gHacks]

Dangerous Malware Pretends to be Some of Your Most Used Business Software

Hackers are using an old form of banking malware, known as Carbanak, to launch damaging ransomware attacks. Hackers are using compromised websites to host the malware, impersonating popular business-related software such as HubSpot, Veeam, or Xero.

Source: [TechRadar]

MFA Helps You Stay Resilient, But Nothing is a Silver Bullet

Multi-factor authentication (MFA) is a great resource for improving your organisation’s cyber resilience, but no technology is 100% secure and the human element will nearly always remain. With notable security breaches bypassing MFA to compromise organisations including Uber, games company EA, and authentication business Okta, organisations need to be aware that it is a possibility. As such, organisations need to ensure they implement MFA effectively and educate their users in their implementation; even the strongest of controls are rendered useless if they can be bypassed with one social engineering phone call.

Source: [Help Net Security]

Ransomware Leak Site Victims Reached Record-High in November

Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39% increase from October and a 110% increase compared with November 2022. Further, this is the eleventh consecutive month in which there has been a year-on-year increase in ransomware victims, and the ninth with a victim count over 300.

Source: [Infosecurity Magazine]

MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023

2023 was a colossal year for data breaches, with the likes of MOVEit, Capita, Citrix, Royal Mail, MGM resorts and 3CX among some of the most significant victims. Such attacks have involved a number of vectors, such as file transfer vulnerabilities, social engineering, supply chain attacks and zero-day exploits. The result? Millions of people’s data compromised, and hundreds of millions paid out to attackers; the attack on MGM resorts alone is reported to have costed upwards of $100 million.

Source: [TechCrunch]

Europol Warns 443 Online Shops Infected with Credit Card Stealers

Europol has notified over 400 websites that their online shop had been hacked, with malicious scripts that steal card information from paying customers. The scripts are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses, which are then uploaded to an attacker. This information is then used, or sold on the dark web to be used. Unfortunately, some of these attacks can go undetected for weeks or even several months.

Source: [Bleeping Computer]

Physical Access Systems Open Door to IT Networks

Cyber attackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorised building access to sensitive locations, as well as breach internal IP networks directly from these systems, research has shown. At a recent leading security conference, analysts demonstrated this is an attack. Assets such as these can often be forgotten about and therefore omitted from protections, highlighting the need for organisations to have an up to date and accurate asset register.

Source: [Dark Reading]

Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks

Hacking can be sophisticated, but often it is not sophisticated at all. Some of the biggest hacks this year started with what seemed like an innocent phone call, but which in fact were fairly simple social engineering attacks. Additionally, hackers continued to target companies that failed to promptly update their systems, even after patches were released to fix critical vulnerabilities. The best first step to protect an organisation is to establish a culture of good cyber security hygiene across people, operations and technology.

Source: [Pymnts]

Daily Malicious Files Rise to 411,000 a day in 2023

Cyber criminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky. Malicious desktop files in particular rose by 53%. Cyber criminals favoured Microsoft Office services’ vulnerabilities, which represented 69% of all exploited vulnerabilities.

Source: [Infosecurity Magazine]

Android Malware Actively Infecting Devices to Take Full Control

Android Malware is actively being used to take control of devices for illicit purposes, such as stealing sensitive information and enabling remote attacks, and least 327,000 devices are reported to have been infected with such malware. Research has found that amongst the most targeted countries are the UK and US. Often, for the malware to work, users need to allow it access to information such as contacts, email. In some cases, the user would only be aware they have consented if they were to manually check the apps settings. For organisations, this can mean employees bringing personal or work phones into the corporate environment, with malware potentially along for the ride.

Source: [GBhackers]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 01 September 2023

Black Arrow Cyber Threat Intelligence Briefing 01 September 2023:

-66 Percent of Businesses Don't Understand Their Cyber Risks

-Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

-Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

-Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

-58% of Malicious Emails Contained Spoofed Content

-Cyber Attacks Remain a Top Concern for Organisations Across All Industries

-BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

-13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

-Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

-Kroll’s Breach Highlights SIM-Swapping Risk

-Reducing The Risk of AI, What Can You Do?

-Debunking Popular Cyber Security Myths

-3 Malware Loaders Responsible for 80% of Intrusions

-MOVEit Hack Shows Attackers Still Use Old Tricks

-Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

66 Percent of Businesses Don't Understand Their Cyber Risks

A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.

83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.

Source: [Beta News]

Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.

The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.

Sources [Data Breaches] [UKAuthority]

Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.

As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.

Sources [Dark Reading] [The Record] [Security Magazine]

Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.

There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.

Source: [Law.com]

58% of Malicious Emails Contained Spoofed Content

According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.

The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.

Source: [Security Magazine]

Cyber Attacks Remain a Top Concern for Organisations Across All Industries

Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.

With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.

Source: [Business Wire]

BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.

The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.

Source: [Infosecurity Magazine]

13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.

It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.

Source: [Security Magazine]

Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.

Source: [The Hacker News]

Kroll’s Breach Highlights SIM-Swapping Risk

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.

In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.

Source [Dark Reading]

Reducing The Risk of AI, What Can You Do?

Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.

Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.

Sources: [CSO Online] [UKTech News]

Debunking Popular Cyber Security Myths

At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?

When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.

So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.

Sources: [Forbes] [Trend Micro]

3 Malware Loaders Responsible for 80% of Intrusions

Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.

Sources: [The Register] [Infosecurity Magazine]

MOVEit Hack Shows Attackers Still Use Old Tricks

SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.

The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?

Source: [Dark Reading]

Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.

In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.

Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.

Source: [Ars Technica]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

AITM/MITM

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

BYOD

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Training, Education and Awareness

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

North Korea


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Cyber Weekly Flash Briefing 15 May 2020: Attacks on UK up 30% in Q1, 238% surge against banks, Microsoft fixes 111 vulns, Adobe patches 36 vulns, Thunderspy, 73m user records for sale on dark web

Cyber Weekly Flash Briefing 15 May 2020: Attacks on UK up 30% in Q1, 238% surge against banks, Microsoft fixes 111 vulns, Adobe patches 36 vulns, Thunderspy, 73m user records for sale on dark web

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.


Cyber-Attacks on UK Organisations Up 30% in Q1 2020

New research has revealed that the volume of cyber-attacks on UK businesses increased by almost a third in the first three months of 2020.

Analysts identified 394,000 unique IP addresses used to attack UK businesses in the first quarter of 2020, discovering that companies with internet connections experienced 157,000 attacks each, on average – the equivalent of more than one a minute.

This rate of attack was 30% higher than the same period in 2019 when UK businesses received 120,000 internet-borne attempts to breach their systems each.

IoT applications were cited as the most common targets for cyber-criminals in the first quarter, attracting almost 19,000 online attacks per company. Company databases and file-sharing systems were also targeted frequently, with companies experiencing approximately 5000 attacks for each application, on average.

Read more here: https://www.infosecurity-magazine.com/news/cyberattacks-uk-orgs-up-30-q1/


COVID-19 blamed for 238% surge in cyber attacks against banks

The coronavirus pandemic has been connected to a 238% surge in cyber attacks against banks, new research claims.

On Thursday, VMware Carbon Black released the third edition of the Modern Bank Heists report, which says that financial organizations experienced a massive uptick in cyber attack attempts between February and April this year -- the same months in which COVID-19 began to spread rapidly across the globe.  

The cyber security firm's research, which includes input from 25 CIOS at major financial institutions, adds that 80% of firms surveyed have experienced more cyber attacks over the past 12 months, an increase of 13% year-over-year.

VMware Carbon Black data already indicates that close to a third -- 27% -- of all cyber attacks target either banks or the healthcare sector.

An interesting point in the report is how there appears to have been an uptick in financially-motivated attacks around pinnacles in the news cycle, such as when the US confirmed its first case of COVID-19.

In total, 82% of chief information officers contributing to the report said that alongside a spike in attacks, techniques also appear to be improving -- including the use of social engineering and more advanced tactics to exploit not only the human factor but also weak links caused by processes and technologies in use by the supply chain.

Read more here: https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/


May 2020 Patch Tuesday: Microsoft fixes 111 vulnerabilities, 13 Critical

Microsoft's May 2020 Patch Tuesday fell this week, and Microsoft have released fixes for 111 vulnerabilities in Microsoft products. Of these vulnerabilities, 13 are classified as Critical, 91 as Important, 3 as Moderate, and 4 as Low.

This month there are no zero-day or unpatched vulnerabilities.

Users should install these security updates as soon as possible to protect Windows from known security risks.

Read more here: https://www.bleepingcomputer.com/news/microsoft/may-2020-patch-tuesday-microsoft-fixes-111-vulnerabilities-13-critical/


Adobe issues patches for 36 vulnerabilities in DNG, Reader, Acrobat

Adobe has released security patches to resolve 36 vulnerabilities present in DNG, Reader, and Acrobat software.

On Tuesday, the software giant issued two security advisories (1, 2) detailing the bugs, the worst of which can be exploited by attackers to trigger remote code execution attacks and information leaks.

The first set of patches relate to Adobe Acrobat and Reader for Windows and macOS, including  Acrobat / Acrobat Reader versions 2015 and 2017, as well as Acrobat and Acrobat Reader DC.

In total, 12 critical security flaws have been resolved. Six of the bugs, a single heap overflow problem, two out-of-bounds write errors, two buffer overflow issues, and two use-after-free vulnerabilities can all lead to arbitrary code execution in the context of the current user.

Read more here: https://www.zdnet.com/article/adobe-issues-patches-for-36-vulnerabilities-in-dng-reader-acrobat/


Thunderbolt flaw ‘Thunderspy’ allows access to a PC’s data in minutes

Vulnerabilities discovered in the Thunderbolt connection standard could allow hackers to access the contents of a locked laptop’s hard drive within minutes, a security researcher from the Eindhoven University of Technology has announced. Reports state that the vulnerabilities affect all Thunderbolt-enabled PCs manufactured before 2019.

Although hackers need physical access to a Windows or Linux computer to exploit the flaws, they could theoretically gain access to all data in about five minutes even if the laptop is locked, password protected, and has an encrypted hard drive. The entire process can reportedly be completed with a series of off-the-shelf components costing just a few hundred dollars. Perhaps most worryingly, the researcher says the flaws cannot be patched in software, and that a hardware redesign will be needed to completely fix the issues.

Read more here: https://www.theverge.com/2020/5/11/21254290/thunderbolt-security-vulnerability-thunderspy-encryption-access-intel-laptops


A hacker group is selling more than 73 million user records on the dark web

A hacker group going by the name of ShinyHunters claims to have breached ten companies and is currently selling their respective user databases on a dark web marketplace for illegal products.

The hackers are the same group who breached last week Tokopedia, Indonesia's largest online store. Hackers initially leaked 15 million user records online, for free, but later put the company's entire database of 91 million user records on sale for $5,000.

Encouraged and emboldened by the profits from the Tokopedia sale, the same group has, over the course of the current week, listed the databases of 10 more companies.

This includes user databases allegedly stolen from organizations such as:

·         Online dating app Zoosk (30 million user records)

·         Printing service Chatbooks (15 million user records)

·         South Korean fashion platform SocialShare (6 million user records)

·         Food delivery service Home Chef (8 million user records)

·         Online marketplace Minted (5 million user records)

·         Online newspaper Chronicle of Higher Education (3 million user records)

·         South Korean furniture magazine GGuMim (2 million user records)

·         Health magazine Mindful (2 million user records)

·         Indonesia online store Bhinneka (1.2 million user records)

·         US newspaper StarTribune (1 million user records)

The listed databases total for 73.2 million user records, which the hacker is selling for around $18,000, with each database sold separately.

Read more here: https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/


A cybercrime store is selling access to more than 43,000 hacked servers

MagBo, a shadowy online marketplace where hackers sell and buy hacked servers, is doing better than ever and has soared in popularity to become the largest criminal marketplace of its kind since its launch in the summer of 2018.

Two years later, the MagBo portal has grown more than 14 times in size and is currently selling access to more than 43,000 hacked websites, up from the 3,000 sites listed in September 2018.

Today, MagBo has become the de-facto go-to marketplace for many cybercrime operations. Some groups register on the MagBo platform to sell hacked servers, while others are there just to buy.

Those who buy, do it either in bulk (for black-hat SEO or for malware distribution) or selectively, for intrusions at high-value target (e-commerce stores for web skimming, intranets for ransomware).

All in all, the MagBo platform cannot be ignored anymore, as it appears to be here to stay, and is placing itself at the heart of many of today's cybercrime operations.

Read more: https://www.zdnet.com/article/a-cybercrime-store-is-selling-access-to-more-than-43000-hacked-servers/


Ransomware: Why paying the crooks can actually cost you more in the long run

Ransomware is so dangerous because in many cases the victim doesn't feel like they have any other option other than to pay up – especially if the alternative is the whole organisation being out of operation for weeks, or even months, as it attempts to rebuild the network from scratch.

But handing over a bitcoin ransom to cyber criminals can actually double the cost of recovery according to analysis by researchers at Sophos, published in the new State of Ransomware 2020 report, which has been released three years to the day from the start of the global WannaCry ransomware outbreak.

A survey of organisations affected by ransomware attacks found that the average total cost of a ransomware attack for organisations that paid the ransom is almost $1.4m, while for those who didn't give into ransom demands, the average cost is half of that, coming in at $732,000.

Often, this is because retrieving the encryption key from the attackers isn't a simple fix for the mess they created, meaning that not only does the organisation pay out a ransom, they also have additional costs around restoring the network when some portions of it are still locked down after the cyber criminals have taken their money.

According to the report, one in four organisations said they paid the ransom in order to get their files back. It's one of the key reasons why ransomware remains a successful tactic for crooks, because victims pay up – often sums of six-figures or more – and are therefore encouraging cyber criminals to continue with attacks that often can't be traced back to a culprit.

Read the full article here: https://www.zdnet.com/article/ransomware-why-paying-the-crooks-can-actually-cost-you-more-in-the-long-run/


This powerful Android malware stayed hidden for years, infecting tens of thousands of smartphones

A carefully managed hacking and espionage campaign is infecting smartphones with a potent form of Android malware, providing those behind it with total control of the device, while also remaining completely hidden from the user.

Mandrake spyware abuses legitimate Android functions to help gain access to everything on the compromised device in attacks that can gather almost any information about the user.

The attacker can browse and collect all data on the device, steal account credentials for accounts including banking applications. secretly take recordings of activity on the screen, track the GPS location of the user and more, all while continuously covering their tracks.

The full capabilities of Mandrake – which has been observed targeting users across Europe and the Americas – are detailed in a paper released by cybersecurity researchers this week. Mandrake has been active since 2016 and researchers previously detailed how the spyware operation was specifically targeting Australian users – but now it's targeting victims around the world.

Read more: https://www.zdnet.com/article/this-powerful-android-malware-stayed-hidden-years-infected-tens-of-thousands-of-smartphones/


Companies wrestle with growing cyber security threat: their own employees

Businesses deploy analytic tools to monitor staff as remote working increases data breach risk

As cyber criminals and hackers ramp up their attacks on businesses amid coronavirus-related disruption, companies are also facing another equally grave security threat: their own employees. 

Companies are increasingly turning to Big Brother-style surveillance tools to stop staff from leaking or stealing sensitive data, as millions work away from the watchful eyes of their bosses and waves of job cuts leave some workers disgruntled.

In particular, a brisk market has sprung up for cyber security groups that wield machine learning and analytics to crunch data on employees’ activity and proactively flag worrying behaviours.

Read more here: https://www.ft.com/content/cae7905e-ced7-4562-b093-1ab58a557ff4


Cognizant: Ransomware Costs Could Reach $70m

IT services giant Cognizant has admitted that a ransomware attack it suffered back in April may end up costing the company as much as $70m.

The firm announced revenue of $4.2bn for the first quarter of 2020, an increase of 2.8% year-on-year. In this context, the $50-70m hit it expects to take in Q2 from the ransomware attack will not make a huge impact on the company.

However, the big numbers involved are illustrative of the persistent financial threat posed by ransomware, not to mention the reputational impact on customers.

The firm claimed on an earnings call that the company responded immediately to the threat, proactively taking systems offline after some internal assets were compromised. However, the resulting downtime and suspension of some customer accounts took their toll financially.

“Some clients opted to suspend our access to their networks,” they explained. “Billing was therefore impacted for a period of time, yet the cost of staffing these projects remained on our books.”

Remote workers were also affected as the attack hit the firm’s system for supporting its distributed workforce during the current pandemic.

Read more: https://www.infosecurity-magazine.com/news/cognizant-ransomware-costs-could/


Package delivery giant Pitney Bowes confirms second ransomware attack in 7 months

Package and mail delivery giant Pitney Bowes has suffered a second ransomware attack in the past seven months, ZDNet has learned.

The incident came to light earlier in the week after a ransomware gang known as Maze published a blog post claiming to have breached and encrypted the company's network.

The Maze crew provided proof of access in the form of 11 screenshots portraying directory listings from inside the company's computer network.

Pitney Bowes confirmed the incident stating they had detected a security incident related to Maze ransomware.

The company said it worked with third-party security consultants to take steps to stop the attack before any of its data was encrypted.

This is the second ransomware incident for Pitney Bowes in seven months.

In October 2019, Pitney Bowes disclosed a first ransomware attack. At the time, the company said it had some critical systems infected and encrypted by the Ryuk ransomware gang. The incident caused limited downtime to some package tracking systems.

Both the Ryuk and Maze ransomware gangs are what experts call "human-operated" ransomware strains. These types of ransomware infections take place after hackers breach a company's network, and take manual control of the malware to expand access to as many internal systems as possible before executing the actual ransomware to encrypt data and demand a ransom.

Read more here: https://www.zdnet.com/article/package-delivery-giant-pitney-bowes-confirms-second-ransomware-attack-in-7-months/


Law Firm Representing Drake, Lady Gaga, Madonna And More Hit By Cyber Attack As Hackers Claim To Have Stolen Personal Information And Contracts

A law firm representing many of the world's most famous celebrities has been hacked.

The website of Grubman Shire Meiselas & Sacks has been taken offline, and hackers claim to have stolen some 756GB of data relating to its clients.

Singers, actors and other stars have worked with the law firm, according to old versions of its website, with more than 200 very high-profile celebrities and companies said to have used its services.

They include Madonna, Lady Gaga, Elton John and Drake.

The hackers behind the attack claim to have person information on celebrities including letters, as well as official contracts.

Hackers have already released a purported screenshot of a Madonna contract in an attempt to prove they have access to personal files.

It is not known what the hackers are demanding in return for the files, or whether negotiations are ongoing.

"We can confirm that we've been victimised by a cyber-attack," the firm said in a media statement. "We have notified our clients and our staff.

"We have hired the world's experts who specialise in this area, and we are working around the clock to address these matters."

The hack used a piece of software known as REvil or Sodinokibi. Similar software took foreign exchange company Travelex offline in January, as part of a major hack.

Traditionally, such ransomware has been used to lock down computers and demand money from their owners to unlock them again, and grant access to files.

Increasingly, hackers threaten to release those files to the public if their demands are not met.

Read the original article: https://www.independent.co.uk/life-style/gadgets-and-tech/news/celebrity-hack-law-firm-cyber-attack-drake-madonna-lady-gaga-a9511976.html


Lights stay on despite cyber-attack on UK's electricity system

Britain’s energy system has fallen victim to a cyber-attack targeting the IT infrastructure used to run the electricity market.

The electricity system’s administrator, Elexon, confirmed that it was affected by a cyber-attack on Thursday afternoon but that the key systems used to govern the electricity market were not affected.

National Grid is investigating whether the attack could affect the part of its business tasked with keeping the lights on.

A spokesman for the energy system operator said electricity supplies had not been affected, and there were “robust cybersecurity measures in place” to make sure the UK continues to receive reliable electricity.

“We’re aware of a cyber intrusion on Elexon’s internal IT systems. We’re investigating the matter and any potential impact on our own IT networks,” he said.

Elexon is a vital part of the UK electricity market because it carefully monitors the electricity generated by energy companies to match this with what National Grid expects to receive, and to make sure that generators are paid the correct amount for the energy they generate.

Read more: https://www.theguardian.com/business/2020/may/14/lights-stay-on-despite-cyber-attack-on-uks-electricity-system


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Read More