Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 28 May 2021
Black Arrow Cyber Threat Briefing 28 May 2021: Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise; Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack; The 10 Most Dangerous Cyber Threat Actors; Dramatic Increase In Ransomware Attacks Is Causing Harm On A Significant Scale; Deepfakes Could Be The Next Big Security Threat To Businesses; Two-Thirds Of Organisations Say They'll Take Action To Boost Their Ransomware Defences
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise
In early May, global insurer AXA made a landmark policy decision: The company would stop reimbursing French companies for ransomware payments to cyber criminals. The decision, which reportedly came after French authorities questioned whether the practice had fuelled the current epidemic in ransomware attacks, may be just the beginning of a general retreat that will force companies to reconsider their attempts to outsource cyber-risk to insurance firms. Already, the massive damages from one damaging crypto worm, NotPetya, caused multiple lawsuits when insurers refused to pay out on cyber insurance claims.
Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack
The cyber attack on IT systems in the health service will cost it at least €100 million, according to chief executive Paul Reid. This is at the lower end of estimates of the total cost, he indicated, and includes the cost of restoring the network, upgrading systems to Microsoft 365 and the disruption caused to patients. Appointments for about 7,000 patients a day are being cancelled, almost two weeks after a criminal gang hacked the HSE systems. Mr Reid said the HSE was keen to see an independent and objective assessment of the cyber attack.
https://www.irishtimes.com/news/health/cyberattack-hse-faces-final-bill-of-at-least-100m-1.4577076
Ransomware: Dramatic Increase In Attacks Is Causing Harm On A Significant Scale
A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK's National Crime Agency (NCA) has warned. The NCA's annual National Strategic Assessment (NSA) of Serious and Organised Crime details how the overall threat from cyber crime has increased during the past year, with more severe and high-profile attacks against victims. Ransomware attacks have grown in frequency and impact over the course of the last year, to such an extent that they rank alongside other major crimes "causing harm to our citizens and communities on a significant scale," warns the report.
Deepfakes Could Be The Next Big Security Threat To Businesses
An overwhelming majority of businesses say that manipulated online content and media such as deepfakes are a serious security risk to their organisation. Deepfakes have already been shown to pose a threat to people portrayed in the manipulated videos, and could have serious repercussions when the individual holds a position of importance, be it as a leader of a country, or a leader of an enterprise. Earlier in 2021, the FBI’s cyber division warned that deepfakes are a critical emerging threat that can be used in all manners of social engineering attacks including ones aimed at businesses.
https://www.techradar.com/news/deepfakes-could-be-the-next-big-security-threat-to-businesses
Ransomware: Two-Thirds Of Organisations Say They'll Take Action To Boost Their Defences
The severe disruption caused by the Colonial Pipeline ransomware attack has alerted organisations to the need to bolster their defences against cyber attacks – and two-thirds are set to take actions required to prevent them becoming another ransomware victim following the incident. The ransomware attack against Colonial Pipeline – one of the largest pipeline operators in the United States, providing almost half of the East Coast's fuel – caused disruption to operations and led to gas shortages, demonstrating how cyber attacks can have physical consequences.
The 10 Most Dangerous Cyber Threat Actors
When hacking began many decades ago, it was mostly the work of enthusiasts fuelled by their passion for learning everything they could about computers and networks. Today, nation-state actors are developing increasingly sophisticated cyber espionage tools, while cyber criminals are cashing in millions of dollars targeting everything from Fortune 500 companies to hospitals. Cyber attacks have never been more complex, more profitable, and perhaps even more baffling. At times, drawing clear lines between different kinds of activities is a challenging task. Nation-states sometimes partner with each other for a common goal, and sometimes they even appear to be working in tandem with cyber criminal gangs.
https://www.csoonline.com/article/3619011/the-10-most-dangerous-cyber-threat-actors.html
Cyber Security Leaders Lacking Basic Cyber Hygiene
Constella Intelligence released the results of a survey that unlocks the behaviours and tendencies that characterize how vigilant organisations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge. The findings from the survey, which polled over 100 global cyber security leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications, revealed that 57% have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%).
https://www.helpnetsecurity.com/2021/05/26/cybersecurity-leaders-cyber-hygiene/
Watch Out: Crypto Jacking Is On The Rise Again
During the last year, though, malicious crypto mining has seen a resurgence, with NTT’s 2021 Global Threat Intelligence Report, published this month, revealing that crypto miners have now overtaken spyware as the world’s most common malware. Crypto miners, says NTT, made up 41% of all detected malware in 2020, and were most widely found in Europe, the Middle East, Africa, and the Americas. The most common coinminer variant was XMRig, which infects a user’s computer to mine Monero, accounting for 82% of all mining activity. Others included Crypto miner and XMR-Stack.
https://cybernews.com/security/watch-out-cryptojacking-is-on-the-rise-again/
Threats
Ransomware
Ransomware Attacks Are Becoming More Common – How Do We Stop Them?
FBI Warns Of Conti Ransomware Attacks Against Healthcare Organisations
HSE Cyber Attack Has Had ‘Devastating Impact’, Cancer Services Director Says
Phishing
Other Social Engineering
Malware
Mobile
IOT
Vulnerabilities
“Unpatchable” Vuln In Apple’s New MAC Chip – What You Need To Know
SonicWall urges customers to 'immediately' patch NSM On-Prem bug
FBI Issues Warning About Fortinet Vulnerabilities After Apt Group Hacks Local Gov’t Office
Restaurant Reservation System Patches Easy-To-Exploit XSS Bug
Bluetooth Flaws Allow Attackers To Impersonate Legitimate Devices
Data Breaches
Organised Crime & Criminal Actors
Cryptocurrency
Dark Web
OT, ICS, IIoT and SCADA
Nation State Actors
Threat Actor ‘Agrius’ Emerges To Launch Wiper Attacks Against Israeli Targets
Russian Group Behind SolarWinds Spy Campaign Conduct New Cyber Attacks
Belgium Uproots Cyber Espionage Campaign With Suspected Ties To China
Privacy
Reports Published in the Last Week
Other News
GDPR Is Being Used As A Bureaucratic Dodge To Avoid Public Scrutiny
UK Universities To Be Offered Advice On National Security Threats
A Chinese Hacking Competition May Have Given Beijing New Ways To Spy On The Uyghurs
How Much Economic Damage Would Be Done If A Cyber Attack Took Out The Internet?
German Cyber Security Chief Fears Hackers Could Target Hospitals
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23 April 2021
Black Arrow Cyber Threat Briefing 23 April 2021: Cyber Attacks Rise For Businesses, Pushing Many To The Brink; MI5 Warns Of Spies Using LinkedIn To Trick Staff; Sonicwall Warns Customers To Patch 3 Zero-Days Exploited In The Wild; FBI Removed Backdoors From Vulnerable Exchange Servers, Not Everyone Likes The Idea; Pulse Secure VPN Zero-Day Used To Hack Defense Firms & Govt Orgs; Solarwinds Hack Could Cost Insurance Firms $90M; Mount Locker Ransomware Aggressively Changes Up Tactics; QR Codes Offer Easy Cyber Attack Avenues as Usage Spikes
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks On The Rise For Businesses, Pushing Many To The Brink
The proportion of businesses targeted by cyber criminals in the past year increased from 38% to 43%, with over a quarter of those targeted (28%) experiencing five attacks or more. Those attacks are pushing many firms to the brink, with one in six businesses attacked (17%) saying the financial impact materially threatened the company’s future. On a more positive note, the report shows firms are responding to the cyber challenge: mean spending per business on cyber security has more than doubled in the last two years.
https://www.insurancejournal.com/news/international/2021/04/19/610514.htm
MI5 Warns Of Spies Using Linkedin To Trick Staff Into Spilling Secrets
At least 10,000 UK nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years, according to MI5. It warned users who had accepted such connection requests might have then been lured into sharing secrets. A campaign has been launched to educate government workers about the threat. The 10,000-plus figure includes staff in virtually every government departments as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information.
https://www.bbc.co.uk/news/technology-56812746
SonicWall Warns Customers To Patch 3 Zero-Days Exploited In The Wild
Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. "In at least one known case, these vulnerabilities have been observed to be exploited 'in the wild,'" SonicWall said in a security advisory published earlier today. The company said it is "imperative" that organisations using its Email Security hardware appliances, virtual appliances, or software installations on Microsoft Windows Server machines immediately upgrade to a patched version.
The FBI Removed Hacker Backdoors From Vulnerable Microsoft Exchange Servers. Not Everyone Likes The Idea
The FBI had worked to remove malicious web shells from hundreds of computers in the United States that were running vulnerable versions of Microsoft Exchange Server. While the move will have helped keep many organisations secure, it has also raised questions about the direction of cyber security. Earlier this year, four zero-day vulnerabilities in Microsoft Exchange Server, which were being actively exploited by a nation-state-backed hacking operation, were uncovered. Microsoft released a critical security update to protect Exchange Server customers from cyber attacks exploiting the vulnerabilities in March, but a significant number of organisations have yet to apply the security patch.
Pulse Secure VPN Zero-Day Used To Hack Defense Firms, Govt Organisations
A zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against worldwide organisations and focused on US Defence Industrial base networks. As a workaround, the vulnerability can be mitigated on some gateways by disabling Windows File Share Browser and Pulse Secure Collaboration features using instructions available in the security advisory published earlier today.
SolarWinds Hack Could Cost Cyber Insurance Firms $90 Million
Cyber insurance vendors are expected to spend $90 million on incident response and forensic services for clients who were compromised by the SolarWinds hackers. “Although the SolarWinds attack is a cyber catastrophe from a national security perspective, insurers may have narrowly avoided a catastrophic financial incident to their businesses,” The Russian hackers behind the SolarWinds attack appear to have avoided large scale exploitation of victims, instead opting to maintain access and collect sensitive data. But if the SolarWinds hackers had been focused on interrupting business and destroying networks, the campaign could have been catastrophic for insurers.
https://www.crn.com/news/security/solarwinds-hack-could-cost-cyber-insurance-firms-90-million
Mount Locker Ransomware Aggressively Changes Up Tactics
The Mount Locker ransomware has shaken things up in recent campaigns with more sophisticated scripting and anti-prevention features, according to researchers. And, the change in tactics appears to coincide with a rebranding for the malware into “AstroLocker.” According to researchers, Mount Locker has been a swiftly moving threat. Having just hit the ransomware-as-a-service scene in the second half of 2020, the group released a major update in November that broadened its targeting capabilities (including searching for file extensions utilized by TurboTax tax-return software to encrypt). It also added improved detection evasion. Attacks have continued to escalate, and now, another major update signals “an aggressive shift in Mount Locker’s tactics,”.
https://threatpost.com/mount-locker-ransomware-changes-tactics/165559/
QR Codes Offer Easy Cyber Attack Avenues as Usage Spikes
The use of mobile quick-response (QR) codes in daily life, for both work and personal use, continues to rise – and yet, most people are not aware that these handy mobile shortcuts can open them up to savvy cyber attacks. A survey of 4,157 consumers across China, France, Germany, Japan, the U.K. and the U.S. It found that 57 percent of respondents have increased their QR code usage since mid-March 2020, mainly because of the need for touchless transactions in the wake of COVID-19. In all, three-quarters of respondents (77 percent) said they have scanned a QR code before, with 43 percent having scanned a QR code in the past week.
https://threatpost.com/qr-codes-cyberattack-usage-spikes/165526/
Google Alerts Continues To Be A Hotbed Of Scams And Malware
Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites. While Google Alerts has been abused for a long time, a significant increase in activity over the past couple of weeks. People use Google Alerts to monitor for various terms related to cyber attacks, security incidents, malware, etc. In one Google Alert, almost every new article shared with people today by the service led to a scam or malicious website.
Threats
Ransomware
Campus Still Closed as Portsmouth University Reels from Suspected Ransomware
Ransomware Gang Tries To Extort Apple Hours Ahead Of Spring Loaded Event
Discord Nitro gift codes now demanded as ransomware payments
Phishing
Malware
IOT
Vulnerabilities
Google Issues Chrome Update Patching Seven Security Vulnerabilities
Zero-Day Vulnerabilities In Sonicwall Email Security Are Being Actively Exploited
Cisco Router Flaws Left Small Business Networks Open To Abuse
Firefox 88 Patches Bugs And Kills Off A Sneaky Javascript Tracking Trick
Data Breaches
Organised Crime & Criminal Actors
Cryptocurrency
Supply Chain
Nation State Actors
Denial of Service
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.