Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Sharp Rise in SMB Cyber Attacks by Russia and China

SaaS Alerts, a cloud security company, unveiled the findings of its latest report which analysed approximately 136 million security events across 2,100 small and medium businesses (SMBs) globally and identified cyber trends negatively impacting businesses.

The findings of the report take into account security events occurring across more than 120,000 user accounts during the period of January 1st to December 31st, 2021 and shows that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are originating from Russia and China. The data set is statistically significant and enables solution providers managing a portfolio of SaaS applications with pertinent data and trends to support defensive IT security re-alignments as required.

https://www.helpnetsecurity.com/2022/03/09/saas-security-events-smbs/

We're Seeing An 800% Increase in Cyber Attacks, Says One Managed Service Provider

Revenge and inflation are believed to be key drivers behind an 800 percent increase in cyber attacks seen by a single managed services provider since the days before the onset of Russia's invasion of Ukraine last month.

The attacks are coming not only from groups inside of Russia but also from elsewhere within the region as well from Russia allies like North Korea and Iran, historically sources of global cyber-threats.

The MSP serves about 2,400 companies around the world, most of them small businesses and midsize enterprises and most in North America. The MSP said it has seen the spike in cyber attacks throughout its customer base.

The sharp rise has been attributed to pro-Russian cyber criminal groups linked to nation states lashing out at countries – first Ukraine and then Western countries – angry at the sanctions being levelled against Russia. At the same time, the sharp inflation that is spreading around the world is also hitting hackers, who need to make money to keep up with rising costs.

https://www.theregister.com/2022/03/11/russia-invasion-cyber-war-rages/

Internet Warfare: How the Russians Could Paralyse Britain

The collapse of critical national infrastructure is a science fiction staple. Fifty years ago, actively switching off a country’s water and power networks would have required huge physical damage to power stations and the sources of those services. Today, however, many of the tools we use every day are connected to the internet.

All of those things now have remote access — and therefore, all of them could be vulnerable.

Ukraine has been blitzed by cyber attacks since the annexation of Crimea in 2014 and they have increased in the lead-up to the invasion. As Russia marched into Ukraine, British officials were concerned about “spillover” from any cyber offensives targeted thousands of miles away.

In today’s interconnected digital world, the reality is that distance from the conflict zone makes no difference.

As the West fears a cyber-reprisal, what would a successful attack look like in Britain — and how likely is a complete “network failure”?

https://www.thetimes.co.uk/article/russia-cyberattack-uk-what-would-happen-l3dt98dmb

Just 3% Of Employees Cause 92% Of Malware Events

A small group of employees is typically responsible for most of the digital risk in an organisation, according to new research.

The report, from cybersecurity company Elevate Security and cyber security research organisation Cyentia, also found that those putting their companies at risk from phishing, malware, and insecure browsing are often repeat offenders.

The research found that 4% of employees clicked 80% of phishing links, and 3% were responsible for 92% of malware events.

Four in five employees have never clicked on a phishing email, according to the research. In fact, it asserts that half of them never see one, highlighting the need to focus anti-phishing efforts on at-risk workers.

The malware that phishing and other attack vectors deliver also affects a small group of employees. The research found that 96% of users have never suffered from a malware event. Most malware events revolve around the 3% of users who suffered from two malware events or more, reinforcing the notion that security awareness messages just aren't getting through to some.

https://www.itpro.co.uk/security/malware/366011/just-3-of-employees-cause-92-of-malware-events

70% Of Breached Passwords Are Still in Use

A new report examines trends related to exposed data. Researchers identified 1.7 billion exposed credentials, a 15% increase from 2020, and 13.8 billion recaptured Personally Identifiable Information (PII) records obtained from breaches in 2021.

Through its analysis of this data, it was found that despite increasingly sophisticated and targeted cyber attacks, consumers continue to engage in poor cyber practices regarding passwords, including the use of similar passwords for multiple accounts, weak or common passwords and passwords containing easy-to-guess words or phrases connected to pop culture.

https://www.helpnetsecurity.com/2022/03/08/exposed-data-trends/

Organisations Taking Nearly Two Months to Remediate Critical Risk Vulnerabilities

Edgescan announces the findings of a report which offers a comprehensive view of the state of vulnerability management globally. This year’s report takes a more granular look at the trends by industry, and provides details on which of the known, patchable vulnerabilities are currently being exploited by threat actors.

The report reveals that organisations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days.

High rates of “known” (i.e. patchable) vulnerabilities which have working exploits in the wild, used by known nation state and cybercriminal groups are not uncommon.

Crucially, 57% of all observed vulnerabilities are more than two years old, with as many as 17% being more than five years old. These are all vulnerabilities that have working exploits in the wild, used by known nation state and cybercriminal groups. Edgescan also observed a concerning 1.5% of known, unpatched vulnerabilities that are over 20 years old, dating back to 1999.

https://www.helpnetsecurity.com/2022/03/10/state-of-vulnerability-management/

Android Malware Escobar Steals Your Google Authenticator MFA Codes

The Aberebot Android banking trojan has returned under the name 'Escobar' with new features, including stealing Google Authenticator multi-factor authentication codes.

The new features in the latest Aberebot version also include taking control of the infected Android devices using VNC, recording audio, and taking photos, while also expanding the set of targeted apps for credential theft.

The main goal of the trojan is to steal enough information to allow the threat actors to take over victims' bank accounts, siphon available balances, and perform unauthorised transactions.

Like most banking trojans, Escobar displays overlay login forms to hijack user interactions with e-banking apps and websites and steal credentials from victims.

The malware also packs several other features that make it potent against any Android version, even if the overlay injections are blocked in some manner.

The authors have expanded the set of targeted banks and financial institutions to a whopping 190 entities from 18 countries in the latest version.

https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/

Smartphone Malware Is on The Rise - Here's How to Stay Safe

The volume of malware attacks targeting mobile devices has skyrocketed so far this year, cyber security researchers are saying.

A new report from security company Proofpoint claims that the number of detected mobile malware attacks has spiked 500% in the first few months of 2022, with peaks at the beginning and end of February.

Much of this malware aims to steal usernames and passwords from mobile banking applications, Proofpoint says. But some strains are even more sinister, recording audio and video from infected devices, tracking the victim's location, or exfiltrating and deleting data.

https://www.techradar.com/nz/news/smartphone-malware-is-coming-for-more-and-more-of-us

Russia May Use Ransomware Payouts to Avoid Sanctions’ Financial Harm

FinCEN warns financial institutions to be wary of unusual cryptocurrency payments or illegal transactions Russia may use to ease financial hurt from Ukraine-linked sanctions.

Russia may ramp up ransomware attacks against the United States as a way to ease the financial hurt it’s under due to sanctions, U.S. federal authorities are warning. Those sanctions have been levied against the nation and Vladimir Putin’s government due to its invasion of Ukraine.

The Financial Crimes Enforcement Network (FinCEN) issued a FinCEN Alert (PDF) on Wednesday advising all financial institutions to remain vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions related to the current conflict. One way this may be done is to move cryptocurrency funds through ransomware payments collected after Russian state-sponsored actors carry out cyberattacks.

“In the face of mounting economic pressure on Russia, it is vitally important for financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs,” said FinCEN Acting Director Him Das in a press statement.

https://threatpost.com/russia-ransomware-payouts-avoid-sanctions/178854/

How An 8-Character Password Could Be Cracked in Less Than an Hour

Security experts keep advising us to create strong and complex passwords to protect our online accounts and data from savvy cybercriminals. And “complex” typically means using lowercase and uppercase characters, numbers and even special symbols. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems.

As described in a recent report, Hive found that an 8-character complex password could be cracked in just 39 minutes if the attacker were to take advantage of the latest graphics processing technology. A seven-character complex password could be cracked in 31 seconds, while one with six or fewer characters could be cracked instantly. Shorter passwords with only one or two character types, such as only numbers or lowercase letters, or only numbers and letters, would take just minutes to crack.

https://www.techrepublic.com/article/how-an-8-character-password-could-be-cracked-in-less-than-an-hour/

Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance

Cyber insurance is a significant industry and growing fast — according to GlobalData, it was worth $7 billion in gross written premiums in 2020. The cyber-insurance market is expected to reach $20.6 billion by 2025. Over the past few years, the cyber-insurance market was competitive, so premiums were low and policies were comprehensive. Over the past year, that has changed — the volume of claims has gone up and led to more payouts, which affected the insurance companies' profitability.

The recent Log4j issue will affect how insurance and reinsurance companies write their policies in future. Already, we're seeing discussions about Log4j-related issues being excluded from reinsurance policies in 2022, as many policies came up for renewal on Dec. 31, 2021. This will affect the policies that insurance companies can offer to their customers.

What does this mean for IT security teams? For practitioners, it will make their work more important than before, as preventing possible issues would be more valuable to the business. Carrying out standard security practices like asset inventory and vulnerability management will be needed, while examining software bills of materials for those same issues will help on the software supply chain security side. These practices will also need to be highly automated, as business must be able to gain accurate insights within hours, not months, to deal with future threats while reducing the cost impact.

For those responsible for wider business risk, these developments around cyber insurance will present a more significant problem. Cyber-insurance policies will still be available — and necessary where needed — but the policies themselves will cover less ground. While the past few years had pretty wide-ranging policies that would pay out on a range of issues, future policies will deliver less coverage.

https://www.darkreading.com/risk/cyber-insurance-and-business-risk-how-the-relationship-is-changing-reinsurance-policy-guidance-

Security Teams Prep Too Slowly for Cyber Attacks

Attackers typically take days or weeks to exploit new vulnerabilities, but defenders are slow to learn about critical issues and take action, requiring 96 days on average to learn to identify and block current cyber threats, according to a new report analysing training and crisis scenarios.

The report, Cyber Workforce Benchmark 2022, found that cybersecurity professionals are much more likely to focus on vulnerabilities that have garnered media attention, such as Log4j, than more understated issues, and that different industries develop their security capabilities at widely different rates. Security professionals in some of the most crucial industries, such as transport and critical infrastructure, are twice as slow to learn skills compare to their colleagues in the leisure, entertainment, and retail sectors.

The amount of time it takes for security professionals to get up to speed on new threats matters. CISA says that patches should be applied within 15 days, sooner than that if the vulnerability is being exploited, says Kevin Breen, director of cyber threat research at Immersive Labs.

https://www.darkreading.com/risk/security-teams-prep-too-slowly-for-cyberattacks

Threats

Ransomware

• Inside Conti leaks: The Panama Papers of Ransomware - The Record by Recorded Future

• Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up... Sort Of - Check Point Research

• Oh, The Irony! Conti Ransomware Gang, Which Leaked Ransomware Victims’ Data, Has Its Own Data Leaked (grahamcluley.com)

• CISA Added 98 Domains To The Joint Alert Related To Conti Ransomware Gang - Security Affairs

• Ragnar Locker Ransomware - What You Need To Know (tripwire.com)

• Conti Ransomware Group Spent Millions In 2021 - IT Security Guru

• Ragnar Locker Ransomware Hits Critical Infrastructure • The Register

• Ukrainian Man Arrested for Alleged Role in Ransomware Attack on Kaseya, Others (darkreading.com)

• FBI: Ransomware Gang Breached 52 US Critical Infrastructure Orgs (bleepingcomputer.com)

• Alleged REvil Ransomware Hacker Extradited And Arraigned In Texas | CSO Online

• Bridgestone Americas Confirms Ransomware Attack, LockBit Leaks Data (bleepingcomputer.com)

Phishing & Email

• How Phishing Email Are Evading Email Security - MSSP Alert

• Watch Out For This Phishing Attack That Hijacks Your Email Chats To Spread Malware | ZDNet

• The Most Impersonated Brands In Phishing Attacks - Help Net Security

Malware

• Nvidia's Stolen Data Is Being Used To Disguise Malware As GPU Drivers | PC Gamer

• Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads | Threatpost

• Emotet Botnet Is Rapidly Growing, +130K Bots Spread Across 179 Countries - Security Affairs

• Raccoon Stealer Crawls Into Telegram | Threatpost

• All About the Bots: What Botnet Trends Portend for Security Pros | SecurityWeek.Com

Mobile

• Smartphone malware is on the rise, here's what to watch out for | ZDNet

• Samsung Confirms Hackers Stole Galaxy Devices Source Code (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Cyber Criminals Are Posing As Ukraine Fundraisers To Steal Cryptocurrency - CyberScoop

• Cyber Criminals Compromise Users With Malware Disguised As Pro-Ukraine Cyber Tools - Cisco Talos Intelligence Group

Cryptocurrency/Cryptomining/Cryptojacking

• Russians Liquidating Crypto In The UAE As They Seek Safe Havens | Reuters

Fraud, Scams & Financial Crime

• Consumers Worried About Digital Banking Security - Infosecurity Magazine (infosecurity-magazine.com)

• Shipping Fraud Quickly Emerging As One Of The Top Fraud Types - Help Net Security

Insurance

• The Cyber Insurance Market Needs More Money (hbr.org)

Supply Chain

• Major Tech Firms Launch Security First Initiative To Combat Third-Party Data Breaches - Help Net Security

DoS/DDoS

• Mitel VoIP Systems Used In Staggering DDoS Attacks • The Register

• In-The-Wild DDoS Attack Can Be Launched From A Single Packet To Create Terabytes Of Traffic | ZDNet

• Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers | Threatpost

• The Fight Against the Hydra: New DDoS Report from Link11 (darkreading.com)

• Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks (thehackernews.com)

Parental Controls and Child Safety

• Still Too Many Parents Don't Monitor Their Children's Online Activity - Help Net Security

Spyware, Espionage & Cyber Warfare

• ‘We are not ready’: a Cyber Expert on US Vulnerability to a Russian Attack | Cyberwar | The Guardian

• China-Aligned APT Renews Cyber Attack On European Diplomats, As War Rages | CSO Online

• European Lawmakers Launch Investigation Into Use Of Pegasus Spyware By EU States | TechCrunch

Nation State Actors

Nation State Actors - Russia

• Jump In Cyber Attacks Since Start Of Ukraine Invasion (rte.ie)

• Will Russian Oil Ban Spur Increased Cyber-Attacks (trendmicro.com)

• Russia to Create Its Own Security Certificate Authority, Alarming Experts - CyberScoop

• Russian APTs Furiously Phish Ukraine – Google | Threatpost

• Russia Mulls Legalizing Software Piracy As It’s Cut Off From Western Tech | Ars Technica

• Ukrainian IT Army Hijacked by Infostealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks (thehackernews.com)

• French Bank Denies Access to Russian Workforce - Infosecurity Magazine (infosecurity-magazine.com)

• New RURansom Wiper Targets Russia (trendmicro.com)

• Anonymous & its Affiliates Hacked 90% of Russian Misconfigured Databases (hackread.com)

• Anonymous Claims to Have Leaked Over 360,000 Files From Russian Federal Agency - Infosecurity Magazine

Nation State Actors - China

• Chinese Phishing Actors Consistently Targeting EU Diplomats (bleepingcomputer.com)

• Comment: Chinese Spies Hacked A Livestock App To Breach US State Networks - Information Security Buzz

• Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant (thehackernews.com)

Nation State Actors – North Korea

• Targeted APT Activity: BABYSHARK Is Out for Blood - MSSP Alert

Nation State Actors - Iran

• Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign (thehackernews.com)

Vulnerabilities

• Linux Has Been Bitten By Its Most High-Severity Vulnerability In Years | Ars Technica

• High Rates Of Known, Exploitable Vulnerabilities Still Found In The Wild, Report Reveals - IT Security Guru

• Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday | Threatpost

• New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs (thehackernews.com)

• Google Attempts to Explain Surge in Chrome Zero-Day Exploitation | SecurityWeek.Com

• “Dirty Pipe” Linux Kernel Bug Lets Anyone Write To Any File – Naked Security (sophos.com)

• Microsoft Azure Flaw Allowed Unauthorized Account Access • The Register

• Intel, AMD, Arm Warn Of New Speculative Execution CPU Bugs (bleepingcomputer.com)

• Adobe Patches 'Critical' Security Flaws in Illustrator, After Effects | SecurityWeek.Com

• Up to 30% of WordPress Plugin Bugs Don't Get Patched - IT Security Guru

• Within Hours of the Log4j Flaw Being Revealed, These Hackers Were Using It | ZDNet

• Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape | Threatpost

• Microsoft Warns of Spoofing Vulnerability in Defender for Endpoint | SecurityWeek.Com

• Microsoft Fixes Critical Azure Bug That Exposed Customer Data (bleepingcomputer.com)

• Researchers Disclose New Spectre V2 Vulnerabilities (techtarget.com)

• Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices (thehackernews.com)

• Over 40% of Log4j Downloads Are Vulnerable Versions of the Software (darkreading.com)

• HP Patches 16 UEFI Firmware Bugs Allowing Stealthy Malware Infections (bleepingcomputer.com)

• Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses (thehackernews.com)

Sector Specific

Health/Medical/Pharma Sector

• Medical and IoT Devices From More Than 100 Vendors Vulnerable to Attack (darkreading.com)

• Oklahoma Hospital Data Breach Impacts 92,000 People - Infosecurity Magazine

Transport and Aviation

• Finnish Govt Agency Warns Of Unusual Aircraft GPS Interference (bleepingcomputer.com)

Automotive

• Small Business Owners Worried About The Cyber Security Of Their Commercial Vehicles - Help Net Security

CNI, OT, ICS, IIoT and SCADA

• ICS Vulnerability Disclosures Surge 110% Over The Last Four Years - Help Net Security

• New Security Threats Target Industrial Control And OT Environments - CyberScoop

Reports Published in the Last Week

• 2022 Vulnerability Statistics Report - Edgescan

• Pinpoint the Origins of Workforce Risk - Elevate Security

Other News

• Why You Should Be Using CISA's Catalog of Exploited Vulns (darkreading.com)

• How Attackers Sidestep The Cyber Kill Chain | CSO Online

• How to Combat the No. 1 Cause of Security Breaches: Complexity (darkreading.com)

• Every Business Is A Cyber Security Business - Help Net Security

• Operationalising a “Think Like The Enemy” Strategy | CSO Online

• SpaceX Shifts Resources To Cyber Security To Address Starlink Jamming - SpaceNews

• Report: Cyber Security Teams Need Nearly 100 Days To Develop Threat Defenses | VentureBeat

• 6 Potential Enterprise Security Risks With NFC Technology (techtarget.com)

• BBC Targeted With 383,278 Spam, Phishing And Malware Attacks Every Day - Help Net Security

• Ubisoft Says It Experienced A ‘Cyber Security Incident’, And The Purported Nvidia Hackers Are Taking Credit - The Verge

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

As Ukraine Tensions Rise, UK Organisations Should Protect Themselves From Cyber Threats

In a world that is so dependent on digital assets, cyber resilience is more important than ever. At the National Cyber Security Centre – a part of GCHQ – the mission is to make the UK the safest place to live and work online, but they have said they cannot do it alone. 

Now, at a time of heightened cyber threats, the NCSC is urging all organisations to follow their advice on the steps they should take to improve their resilience.

The UK is closer to the crisis in Ukraine than you might think. While 2,000-odd miles separate us physically from their borders with Russia, that distance is much shorter in cyber space – and attacks targeting Ukraine’s digital infrastructure could be felt here in Britain.

Cyber attacks do not respect geographic boundaries. On a daily basis, businesses in the UK are targeted by ransomware attacks from criminals overseas.

And as tensions have risen in Ukraine in recent weeks, authorities have already seen a number of cyber attacks occurring. On Friday evening, the UK government judged that the Russian Main Intelligence Directorate (GRU) was involved in last week’s distributed denial of service attacks against the financial sector in Ukraine.

If the situation continues to escalate, we could see cyber attacks that have international consequences, intentional or not. Rising tensions in the region, with the risk of overspill, are why the National Cyber Security Centre (NCSC) has said that the UK’s cyber risk has heightened in the last month, although there is no evidence of the UK being specifically targeted.

https://www.telegraph.co.uk/news/2022/02/19/uk-organisations-should-protect-now-unintended-consequences/

Small Businesses Facing Upwards of 11 Cyber Threats Per Day Per Device

BlackBerry's 2022 Threat Report highlights growing threats to SMBs, calls on government to make cyber security top priority

BlackBerry Limited has released the 2022 BlackBerry Annual Threat Report, highlighting a cybercriminal underground which it says has been optimised to better target local small businesses. Small businesses will continue to be an epicentre for cybercriminal focus as SMBs facing upward of 11 cyber threats per device per day, which only stands to accelerate as cybercriminals increasingly adopt collaborative mindsets.

The report also uncovered cyber breadcrumbs from some of last year’s most notorious ransomware attacks, suggesting some of the biggest culprits may have simply been outsourced labour.  In multiple incidents BlackBerry identified threat actors leaving behind playbook text files containing IP addresses and more, suggesting the authors of this year’s sophisticated ransomware are not the ones carrying out attacks. This highlights the growing shared economy within the cyber underground.

https://www.itsecurityguru.org/2022/02/15/small-businesses-facing-upwards-of-11-cyberthreats-per-day-per-device/

Microsoft Teams Targeted With Takeover Trojans

Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found.

Researchers began tracking the campaign in January, which drops malicious executable files in Teams conversations that, when clicked on, eventually take over the user’s computer, according to a report published Thursday.

Using an executable file, or a file that contains instructions for the system to execute, hackers can install DLL files and allow the program to self-administer and take control over the computer. By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users.

Cyber criminals long have targeted Microsoft’s ubiquitous document-creation and sharing suite – the legacy Office and its cloud-based version, Office 365 – with attacks against individual apps in the suite such as PowerPoint as well as business email compromise and other scams.

Now Microsoft Teams – a business communication and collaboration suite – is emerging as an increasingly popular attack surface for cybercriminals.

https://threatpost.com/microsoft-teams-targeted-takeover-trojans/178497/

The European Central Bank is Warning Banks of Possible Russia-Linked Cyber Attack Amid the Rising Crisis With Ukraine

The European Central Bank is warning banks of possible Russia-linked cyber attack amid the rising crisis with Ukraine and is inviting them to step up defences.

The news was reported by Reuters, citing two unnamed sources. The ECB pointed out that addressing cyber security is a top priority for the European agency.

“The European Central Bank is telling euro zone banks zone to step up their defences against cyber attacks, also in the context of geopolitical tensions such as the stand-off between Russia and Ukraine, the ECB’s top supervisor said on Thursday.” reported Reuters.

ECB warned that the rising risk from cyber attacks begun in 2020.

https://securityaffairs.co/wordpress/128004/breaking-news/european-central-bank-warns-russia-cyberattacks.html

Companies Face Soaring Prices For Cyber Insurance

The cost of cyber insurance has risen steeply over the past year. According to Marsh, the price of cover in the US grew by 130 per cent in the fourth quarter of 2021 alone, while in the UK it grew by 92 per cent. That has increased pressure on companies who are facing cost inflation in other parts of their business.

The steep hikes in the cost of cyber insurance come against a backdrop of rising prices more broadly. According to Marsh, commercial insurance prices rose 13 per cent in the final quarter of 2021.

The hardening market from reduced capacity allied with increasing cyber fraud are potent forces. Pricing becomes more challenging, reinsurance appetite reduced whilst costs increasing and fraudsters have as much access to the latest technologies as do enterprises, the government sector and the insurance industry.

There may be limits to what insurers can cover. Speaking to the Financial Times last week the chief executive of Zurich said: “A connected economy offers lots of opportunities for cyber attacks.” A major cyber risk, he added, “is something only governments can manage”.

Companies will have to do more themselves to fight cyber fraud with technology partners. Meanwhile brokers and insurers must review underwriting data and practices and government raise effectiveness at prosecuting criminals.

https://www.ft.com/content/60ddc050-a846-461a-aa10-5aaabf6b35a5

Even When Warned, Businesses Ignore Critical Vulnerabilities And Hope For The Best

A Bulletproof research found the extent to which businesses are leaving themselves open to cyber attack. When tested, 28% of businesses had critical vulnerabilities – vulnerabilities that could be immediately exploited by cyber attacks.

A quarter of businesses neglected to fix those critical vulnerabilities, even though penetration testing had highlighted them to the business after a retest was completed.

The research analyzed data from over 3,800 days’ worth of penetration testing services. These tests are a means of identifying vulnerabilities within an organisation’s security systems by simulating how malicious actors would seek to exploit such shortcomings.

https://www.helpnetsecurity.com/2022/02/18/businesses-critical-vulnerabilities/

Ransomware-Related Data Leaks Nearly Doubled in 2021: Report

There was a significant increase in ransomware-related data leaks and interactive intrusions in 2021, according to the 2022 Global Threat Report released on Tuesday by endpoint security firm CrowdStrike.

The number of ransomware attacks that led to data leaks increased from 1,474 in 2020 to 2,686 in 2021, which represents an 82% increase. The sectors most impacted by data leaks in 2021 were industrial and engineering, manufacturing, and technology.

The growth and impact of big game hunting in 2021 was a palpable force felt across all sectors and in nearly every region of the world. Although some adversaries and ransomware ceased operations in 2021, the overall number of operating ransomware families increased,” CrowdStrike said in its report.

https://www.securityweek.com/ransomware-related-data-leaks-nearly-doubled-2021-report

Online Fraud Skyrocketing: Gaming, Streaming, Social Media, Travel and Ecommerce Hit the Most

An Arkose Labs report is warning UK commerce that it faces its most challenging year ever. Experts analyzed over 150 billion transaction requests across 254 countries and territories in 2021 over 12 months to discover that there has been an 85% increase in login attacks and fake consumer account creation at businesses.

Alongside this, it identified that one in four new online accounts created were fake. A further 21% of all traffic was confirmed as a fraudulent cyber attack.

From the earliest days of online information to the rapid evolution of today’s metaverses, the internet has come a long way. However, this latest data shows that it is more under attack than ever before.

Your digital identity is a currency for fraudsters and wherever there is online commerce, cyber criminals are quick to identify vulnerabilities.

https://www.helpnetsecurity.com/2022/02/14/fake-consumer-account/

Poor Security Hygiene Organisations and Ransomware Attacks: Painful Math

Poor cyber security hygiene is widely considered to be a major influencing factor for exposure to a ransomware attack. But is that an accurate assessment?

In a new study, RiskRecon, a security best practices specialist, investigated 600+ cyber hijacks to determine if companies victimized by a “detonation” had poor cyber security hygiene at the time and which factors, such as web encryption, application security and email security, are key gaps in coverage.

The answer: Cyber security hygiene does in fact play a large role in an organisation’s vulnerability to a ransomware attack. RiskRecon analyzed the cyber security hygiene on the day of ransomware incident for 622 organisations spanning 633 ransomware events occurring between 2017 and 2021. Based on a comparison population of cyber security ratings and assessments of some 100,000 entities, companies that have very poor cyber security hygiene in their internet-facing systems (a ‘D’ or ‘F’ RiskRecon rating) have about a 40 times higher rate of destructive ransomware events as compared to those with clean cyber security hygiene. Only .03 percent of ‘A-rated’ companies were victims of a destructive ransomware attack, compared with 1.08 percent of ‘D-rated’ and 0.91 percent of ‘F-rated’ companies.

The cyber security conditions underlying the RiskRecon rating reveal just how poor the cyber security hygiene is of companies, on average, that fall victim to a material system-encrypting ransomware attack. For example, ransomware victims have an average of 11 material software vulnerabilities in their internet-facing systems, in comparison with only one issue in the general population. Looking at network services that criminals commonly exploit, ransomware victims expose 3.3 times more unsafe network services to the internet than the general population.

https://www.msspalert.com/cybersecurity-research/poor-security-hygiene-organisations-and-ransomware-attacks-painful-math/

Security Teams Expect Attackers to Go After End Users First

Phishing, malware, and ransomware have spurred organisations to increase their investments in endpoint security, according to Dark Reading’s Endpoint Security Survey.

The shift to a more distributed work environment and an increase in digital transformation initiatives have motivated organisations to bolster their endpoint security defences. However, end users continue to be a major source of worry for IT and security decision-makers, according to the latest Dark Reading survey.

Phishing, malware, and ransomware pose major threats to organisations, as do attacks involving credential theft. An overwhelming 93% of IT and security professionals in Dark Reading’s "2022 Endpoint Security Survey" cite the growing number of ransomware attacks as the reason behind increased investments in endpoint security. Similarly, 83% say the increase in attacks using end-user credentials spurred their endpoint investments.

End users pose one of the biggest threats to the organisation, as 87% expect that if attackers wanted to steal the organisation’s data, they would begin by targeting a single end user.

Concerns about the end user are not new. Verizon’s "2021 Data Breach Investigations Report" found that 85% of the breaches it investigated in 2020 involved end users in some way – such as stolen account credentials, incorrectly assigned privileges or elevated privileges, social engineering, and user error.

https://www.darkreading.com/edge-threat-monitor/end-users-remain-one-of-the-biggest-headaches-in-it-security

US Warns of Imminent Russian Invasion of Ukraine With Tanks, Jet Fighters, Cyber Attacks

President Biden said Friday he is convinced Russian President Vladimir Putin has decided to invade Ukraine and that he expects an attack in the coming days, with targets including the Ukrainian capital, Kyiv.

US officials said a Russian attack could involve a broad combination of jet fighters, tanks, ballistic missiles and cyberattacks, with the ultimate intention of rendering Ukraine’s leadership powerless.

The officials said Mr. Putin has laid the groundwork in recent days through a series of destabilizing activities and false-flag operations, long predicted by U.S. and allied officials and intended to make it look as if Ukraine has provoked Russia into a conflict, thus justifying the Russian invasion.

https://www.wsj.com/articles/ukraine-troops-told-to-exercise-restraint-to-avoid-provoking-russian-invasion-11645185631

TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features.

TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand.

In addition to being both prevalent and persistent, TrickBot has continually evolved its tactics to go past security and detection layers. To that end, the malware's "injectDll" web-injects module, which is responsible for stealing banking and credential data, leverages anti-deobfuscation techniques to crash the web page and thwart attempts to scrutinize the source code.

Also put in place are anti-analysis guardrails to prevent security researchers from sending automated requests to command-and-control (C2) servers to retrieve fresh web injects.

https://thehackernews.com/2022/02/trickbot-malware-targeted-customers-of.html

Threats

Ransomware

• Ransomware’s Savage Reign Continues As Attacks Increase 105% - Help Net Security

• SonicWall CEO on ransomware: Every good vendor was hit in past 2 years - The Register

• Are You Prepared for 2022's More Destructive Ransomware? | SecurityWeek.Com

• CISA Advisory Cautions MSPs: Beware More Ransomware Attacks - MSSP Alert

• Conti Ransomware Gang Takes Over Trickbot Malware Operation (bleepingcomputer.com)

• Ransomware Gangs Are Changing Their Tactics. That Could Prove Very Expensive For Some Victims | ZDNet

• FBI Eyes Ransomware Profits With New Cryptocurrency Crimes Unit | TechCrunch

• FBI Warns BlackByte Ransomware Is Targeting US Critical Infrastructure | TechCrunch

• Ransomware Is A Clear And Present Danger. So Why Rely On Legacy DR To Recover From It? • The Register

BEC – Business Email Compromise

• FBI Warns of BEC Scams Abusing Virtual Meeting Platforms | SecurityWeek.Com

Phishing & Email

• LinkedIn Phishing Attacks Up 232% | Phishing | Egress

• Half Of All Emails In 2021 Were Spam- IT Security Guru

• Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks (thehackernews.com)

Malware

• Emotet Now Spreading Through Malicious Excel Files | Threatpost

• A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies - Check Point Research

• PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans (thehackernews.com)

• Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators | Threatpost

• 25 Years On, Microsoft Makes Another Stab At Stopping Macro Malware • Graham Cluley

• Three-Fifths of Cyber-Attacks in 2021 Were Malware-Free - Infosecurity Magazine

Data Breaches/Leaks

• Millions of Internet Society Personal Files Exposed In Data Leak | Laptop Mag

Organised Crime & Criminal Actors

• 74% of Ransomware Revenue Goes to Russia-Linked Hackers - BBC News

• Interpol Must Change With Cyber Crime, Says Director • The Register

• Attackers Hone Their Playbooks, Become More Agile (darkreading.com)

• Cyber Criminals Have Changed Tactics (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking

• ‘Heist Of The Century’: US Bitcoin Case Tests Ability To Crack Down On Cyber Crime | Law (US) | The Guardian

• SIM-Swapping Attacks, Many Aimed at Crypto Accounts, Are on the Rise - WSJ

• FBI Says Crypto Payments Are a 'Huge Challenge' Amid Rise in Ransomware Attacks - Decrypt

Insider Risk and Insider Threats

• The Rise Of The Super Malicious Insider: Yes, We Need To Worry - Help Net Security

• Finance Officer Jailed After Stealing £200,000 from Charity - Infosecurity Magazine

• Ex IT Tech Jailed For Wiping School Network During Lockdown • The Register

Fraud, Scams & Financial Crime

• Barclays: Scams Surged in Final Quarter of 2021 - Infosecurity Magazine

• Fraud and Scam Activity Hits All-Time High - Help Net Security

• Soaring Losses Accelerate Investments In Anti-Fraud Tech - Help Net Security

• Threat Actors Still Love a Romance Scam - Infosecurity Magazine

• Singapore Introduces Strong Measures To Stop Online Scams • The Register

• 7 Tips for How To Spot a Scammer and Protect Yourself | Well+Good

DoS/DDoS

• Ukraine Defence and Bank Networks DDoS-ed - Infosecurity Magazine

• Carpet Bombing Attacks on the Rise - Infosecurity Magazine

Nation State Actors

• Russia’s Offensive Cyber Actions Should Be A Cause For Concern For CISOs | CSO Online

• Russia Stole US Defense Data From IT Systems, Says CISA • The Register

• Cyber Security: These Countries Are The New Hacking Threats To Fear As Offensive Campaigns Escalate | ZDNet

• Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA (thehackernews.com)

• Chinese MI6 Informant Gave Information To MPs About Huawei Threat | Huawei | The Guardian

• Red Cross Attributes Server Breach To Nation-State Actor - CyberScoop

• Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware (thehackernews.com)

Cloud

• Report: 63% of IT Pros Say Cyber Threats Are Top Obstacle To Cloud Adoption Strategy | VentureBeat

• EU Watchdog To Probe Public Sector's Love Affair With Cloud • The Register

Privacy

• Facebook Agrees to Pay $90 Million to Settle Decade-Old Privacy Violation Case (thehackernews.com)

Spyware, Espionage & Cyber Warfare

• How a Russia Cyber Attack On The UK Would Target Online Shopping, Card Payments And NHS Records (inews.co.uk)

• The Conflict In Ukraine Proves Cyber-Attacks Are Now Weapons Of War (thenextweb.com)

• Cyber, War and Ukraine: What Does Recent History Teach Us To Expect? | Science & Tech News | Sky News

• Cyber Warfare In Ukraine Poses A Threat To The Global System | Financial Times (ft.com)

• EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware (thehackernews.com)

• More Polish Opposition Figures Found To Have Been Targeted By Pegasus Spyware | Poland | The Guardian

• Using Mobile Networks For Cyber Attacks As Part Of A Warfare Strategy - Help Net Security

• Moses Staff Hackers Targeting Israeli Organisations for Cyber Espionage (thehackernews.com)

Vulnerabilities

• Squirrelwaffle, Microsoft Exchange Server Vulnerabilities Exploited For Financial Fraud | ZDNet

• Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails (thehackernews.com)

• New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP! (thehackernews.com)

• Multiple Vulnerabilities Put 40 Million Ubuntu Users At Risk | TechRadar

• Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites (thehackernews.com)

• High-Severity Vulnerability Found in Apache Database System Used by Major Firms | SecurityWeek.Com

• VMware Fixes Holes That Could Allow Virtual Machine Escapes – Naked Security (sophos.com)

• Another Critical RCE Discovered in Adobe Commerce and Magento Platforms (thehackernews.com)

• T2 Mac Security Vulnerability: Passwords Can Now Be Cracked - 9to5Mac

Sector Specific

Financial Services Sector

• Open Banking Innovation: A Race Between Developers And Cyber Criminals - Help Net Security

• Canada's Major Banks Go Offline In Mysterious Hours-Long Outage (bleepingcomputer.com)

Defence

• US Says Russian State Hackers Lurked In Defense Contractor Networks For Months | Ars Technica

Transport and Aviation

• Warning Over Mysterious Hackers That Have Been Targeting Aerospace And Defence Industries For Years | ZDNet

• Unskilled Hacker Linked To Years Of Attacks On Aviation, Transport Sectors (bleepingcomputer.com)

Energy & Utilities

• Energy, Oil And Utility Sector Most Likely To Pay Ransoms - Help Net Security

Reports Published in the Last Week

• 2022 Global Threat Report: A Year of Adaptability and Perseverance (crowdstrike.com)

• Threat Intelligence Report 2022: Cyber Security Priorities - Truesec

• The Year of Living Dangerously: Details from the BlackBerry 2022 Threat Report

Other News

• Over 28,000 Vulnerabilities Disclosed in 2021: Report | SecurityWeek.Com

• Web Application Firewalls (WAFs) Can't Give Organisations The Security They Need - Help Net Security

• How Challenging Is Corporate Data Protection? - Help Net Security

• Local Authority Sets Aside £380k for Cyber-Attack Recovery - Infosecurity Magazine

• Traditional MFA Is Creating A False Sense Of Security - Help Net Security

• Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry | Threatpost

• Be Flexible About Where People Work — But Not on Data Privacy (darkreading.com)

• Researchers Block “Largest Ever” Bot Attack - Infosecurity Magazine

• BadUSB: The Cyber Threat That Gets You To Plug It In – CloudSavvy IT

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Change Outpaces Boardroom Engagement

We all know the story of the past two years. Mass digital investments in SaaS collaboration suites, cloud infrastructure and other tools helped to keep organisations operational when they needed it most. The money continues to flow today, as those same companies realize they must keep on pumping funds into digital to stay competitive amidst rising customer expectations. Gartner predicted public cloud spending growth would hit 23% year-on-year in 2021 and increase 20% this year to top $397bn.

From a cyber security perspective, these business decisions are loaded with risk if protections are not built into projects from the start. A recent global poll revealed that of 90% of business and IT decision makers are concerned about the impact of ransomware. It also found generally poor levels of cyber-awareness among board members. Less than half (46%) of respondents claimed concepts like “cyber risk” and “cyber risk management” were known extensively in their organisation.

The truth is that many board leaders do understand the need for greater investment in security as a strategic growth driver. But they find it hard to keep pace with a threat landscape that moves at the speed of light. Vulnerabilities used to go months or years before they were exploited, for example, but today threat actors are working on exploits for bugs like Log4Shell within hours of their discovery. That makes the fast-changing risk landscape difficult to grasp for even tech-savvy C-suite leaders. As a result, cyber risk continues to be managed reactively, which puts the organisation perpetually on the back foot.

https://www.trendmicro.com/en_us/research/22/b/why-cyber-change-outpaces-boardroom-engagement.html

NCSC Alerts UK Orgs to Brace for Destructive Russian Cyber Attacks

The UK’s National Cyber Security Centre (NCSC) is urging organisations to bolster security and prepare for a potential wave of destructive cyber attacks after recent breaches of Ukrainian entities.

The NCSC openly warns that Russian state-sponsored threat actors will likely conduct the attacks and reminds of the damage done in previous destructive cyber attacks, like NotPetya in 2017 and the GRU campaign against Georgia in 2019.

These warnings come after Ukrainian government agencies and corporate entities suffered cyber attacks where websites were defaced, and data-wiping malware was deployed to destroy data and make Windows devices inoperable.

The cause for the resurgence of attacks is the tensions between Russia and Ukraine, and attempts to negotiate a way out of the Ukraine crisis have failed so far.

Ukraine and Russia have engaged in cyber warfare for many years, but recent Russian military mobilization was accompanied by new waves of attacks, with European countries and the USA expected to be targeted next.

https://www.bleepingcomputer.com/news/security/ncsc-alerts-uk-orgs-to-brace-for-destructive-russian-cyberattacks/

Over Half of Ransomware Attacks are Targeting Financial Services, Utilities and Retail

Three sectors have been the most common target for ransomware attacks, but researchers warn "no business or industry is safe".

Over half of ransomware attacks are targeting one of three industries; banking, utilities and retail, according to analysis by cyber security researchers – but they've also warned that all industries are at risk from attacks.

The data has been gathered by Trellix – formerly McAfee Enterprise and FireEye – from detected attacks between July and September 2021, a period when some of the most high-profile ransomware attacks of the past year happened.

According to detections by Trellix, banking and finance was the most common target for ransomware during the reporting period, accounting for 22% of detected attacks. That's followed by 20% of attacks targeting the utilities sector and 16% of attacks targeting retailers. Attacks against the three sectors in combination accounted for 58% of all of those detected.

https://www.zdnet.com/article/ransomware-over-half-of-attacks-are-targeting-these-three-industries/

Third of Employees Admit to Exfiltrating Data When Leaving Their Job

Nearly one-third (29%) of employees admitted taking data with them when they leave their job, according to new research from Tessian.

The findings follow the ‘great resignation’ of 2021, when workers quit their jobs in huge waves following the COVID-19 pandemic. Unsurprisingly, close to three-quarters (71%) of IT leaders believe this trend has increased security risks in their organisations.

In addition, nearly half (45%) of IT leaders said they had seen incidents of data exfiltration increase in the past year due to staff taking data with them when they left.

The survey of 2000 UK workers also looked at employees' motives for taking such information. The most common reason was that the data would help them in their new job (58%). This was followed by the belief that the information belonged to them because they worked on the document (53%) and to share it with their new employer (44%).

The employees most likely to take data with them when leaving their job worked in marketing (63%), HR (37%) and IT (37%).

https://www.infosecurity-magazine.com/news/third-employees-exfiltrating-data/

Massive Social Engineering Waves Have Impacted Banks in Several Countries

A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, the UK, and France. According to Segurança Informática publication, the malicious waves have impacted banking organisations with the goal of stealing the users’ secrets, accessing the home banking portals, and also controlling all the operations on the fly via Command and Control (C2) servers geolocated in Brazil.

In short, criminal groups are targeting victims’ from different countries to collect their home banking secrets and payment cards. The campaigns are carried out by using social engineering schemas, namely smishing, and spear-phishing through fake emails.

Criminals obtain lists of valid and tested phone numbers and emails from other malicious groups, and the process is performed on underground forums, Telegram channels or Discord chats.

The spear-phishing campaigns try to lure victims with fake emails that impersonate the banking institutions. The emails are extremely similar to the originals, exception their content, mainly related to debts or lack of payments.

https://securityaffairs.co/wordpress/127516/cyber-crime/massive-social-engineering-banks.html

Ransomware is Terrifying – But Never Underestimate the Damage an Employee with Unmonitored Access Can Do

Is the biggest threat to your data a mysterious ransomware merchant or an advanced persistent threat cartel?

Or is it a security system that will show you that data has been exfiltrated from your organisation – but only after the fact, leaving open the possibility that your valuable IP could have already been shared with unauthorized parties?

It was the latter scenario that allegedly resulted in 12,000 internal documents being lifted from Pfizer’s systems by a soon-to-depart employee last year. Those documents reportedly included details of COVID-19 vaccine research and a new melanoma drug.

The incident shows how today’s cloud infrastructure can exacerbate security gaps and why simply detecting a potential data leak isn’t enough. Companies need to have deep insight into what their employees are doing, as well as technology that can actively enforce policy and prevent unencrypted data from ever leaving the enterprise.

https://www.theregister.com/2022/02/03/ransomware_terrifying/

People Working in IT Related Roles Equally Susceptible to Phishing Attempts as the General Population

Phishing emails that mimic HR announcements or ask for assistance with invoicing get the most clicks from recipients, according to a study from F-Secure.

The study, which included 82,402 participants, tested how employees from four different organisations responded to emails that simulated one of four commonly used phishing tactics.

22% of recipients that received an email simulating a human resources announcement about vacation time clicked, making emails that mimic those sent by HR the most frequent source of clicks in the study.

An email asking the recipient to help with an invoice (referred to as CEO Fraud in the report) was the second most frequently engaged with email type, receiving clicks from 16% of recipients.

https://www.helpnetsecurity.com/2022/02/03/phishing-emails-clicks/

FBI Says More Cyber Attacks Come from China than Everywhere Else Combined

US Federal Bureau of Investigation director Christopher Wray has named China as the source of more cyber-attacks on the USA than all other nations combined.

In a Monday speech titled Countering Threats Posed by the Chinese Government Inside the US, Wray said the FBI is probing over 2,000 investigations of incidents assessed as attempts by China's government "to steal our information and technology."

"The Chinese government steals staggering volumes of information and causes deep, job-destroying damage across a wide range of industries – so much so that, as you heard, we're constantly opening new cases to counter their intelligence operations, about every 12 hours or so."

Wray rated China's online offensive as "bigger than those of every other major nation combined," adding it has "a lot of funding and sophisticated tools, and often joining forces with cyber criminals – in effect, cyber mercenaries."

https://www.theregister.com/2022/02/03/fbi_china_threat_to_usa/

Managing Detections is Not the Same as Stopping Breaches

Enterprises interested in managed detection and response (MDR) services to monitor endpoints and workloads should make sure the providers have rock-solid expertise in detecting and responding to threats.

The fundamental challenge in cyber security is that adversaries move quickly. We know from observation that attackers go from initial intrusion to lateral movement in a matter of a couple hours or less.

If security teams are going to successfully stop a breach, they need to operate within the same timeframe, containing and remediating threats within minutes, 24 hours a day, 7 days a week. Such constant vigilance can be challenging for in-house staff. This is why many organisations engage a provider of managed detection and response (MDR) security services, which monitors endpoints, workloads, and other systems to detect and monitor threats.

Unfortunately, even most managed services have several fundamental flaws that prevent them from executing on the core mission of stopping breaches.

https://www.darkreading.com/crowdstrike/managing-detections-is-not-the-same-as-stopping-breaches

From War to Web Security, Protect Your Attack Surface from the Weakest Link

With the rapid proliferation of data, increasing number of domains and subdomains as well as rise in third-party providers, the number of entry points through which attackers can infiltrate a company’s web environment is endless. Attacks are increasingly causing consequences felt beyond the perimeter of an organisation, as demonstrated earlier this year with the Colonial Pipeline breach, which caused fuel prices along the US East Coast to soar, and the attack on software provider Kaseya that forced hundreds of grocery stores in the Nordics to shut down business for days.

Security breaches often happen through an avenue that no one saw coming — a server no one knew existed, an old landing page, weak passwords or an application that was missing a patch. It’s perhaps never been clearer than today that a company is only as strong as the weakest link in its growing attack surface.

https://thenewstack.io/from-war-to-web-security-protect-your-attack-surface-from-the-weakest-link/

Number of Data Compromises Reaching All-Time High

According to an Identity Theft Resource Center (ITRC) report, the overall number of data compromises (1,862) is up more than 68 percent compared to 2020.

The new record number of data compromises is 23 percent over the previous all-time high (1,506) set in 2017. The number of data events that involved sensitive information (Ex: Social Security numbers) increased slightly compared to 2020 (83 percent vs. 80 percent). However, it remained well below the previous high of 95 percent set in 2017.

The number of victims continues to decrease (down five (5) percent in 2021 compared to the previous year) as identity criminals focus more on specific data types rather than mass data acquisition. However, the number of consumers whose data was compromised multiple times per year remains alarmingly high.

https://www.helpnetsecurity.com/2022/01/31/data-compromises-up/

Threats

Ransomware

• Inside Trickbot, Russia’s Notorious Ransomware Gang | WIRED

• Aggressive BlackCat Ransomware on the Rise (darkreading.com)

• A Look At The New Sugar Ransomware Demanding Low Ransoms (bleepingcomputer.com)

• BlackCat Ransomware - What You Need To Know | The State of Security (tripwire.com)

• KP Snacks Giant Hit By Conti Ransomware, Deliveries Disrupted (bleepingcomputer.com)

• Hacker Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks (thehackernews.com)

• Financially Motivated Hackers Use Leaked Conti Ransomware Techniques in Attacks | SecurityWeek.Com

• FBI Shares Lockbit Ransomware Technical Details, Defense Tips (bleepingcomputer.com)

• BlackCat (ALPHV) Ransomware Linked To BlackMatter, DarkSide Gangs (bleepingcomputer.com)

• Over 500,000 People Impacted By A Ransomware Attack That Hit Morley - Security Affairs

• Scottish Agency Still Recovering from 2020 Ransomware Attack - Infosecurity Magazine

• Conti Ransomware Encrypted 80% of Ireland's HSE IT Systems (bleepingcomputer.com)

• Ransomware Wants You to Like and Subscribe, Or Else (vice.com)

• Ransomware Means Your Database IS The Front Line. How Are You Defending It? • The Register

Phishing

• Low-Detection Phishing Kits Increasingly Bypass MFA | Threatpost

• MFA Adoption Pushes Phishing Actors To Reverse-Proxy Solutions (bleepingcomputer.com)

• Intuit Warns Of Phishing Emails Threatening To Delete Accounts (bleepingcomputer.com)

• Strong Authentication Protects Against Phishing. So Why Aren't More People Using It? | ZDNet

• Microsoft Blocked Billions Of Brute-Force And Phishing Attacks Last Year (bleepingcomputer.com)

Other Social Engineering

• FBI Warning: Scammers Are Posting Fake Job Ads On Networking Sites To Steal Your Money And Identity | ZDNet

Malware

• Malicious CSV Text Files Used To Install BazarBackdoor Malware (bleepingcomputer.com)

• New Malware Used by SolarWinds Attackers Went Undetected for Years (thehackernews.com)

• Microsoft: This Mac Malware Is Getting Smarter And More Dangerous | ZDNet

Data Breaches/Leaks

• The 3 Most Common Causes of Data Breaches in 2021 (darkreading.com)

• British Council Exposed More Than 100,000 Files With Student Records (bleepingcomputer.com)

Insider Risk and Insider Threats

• How Costly Is An Insider Threat? - Help Net Security

Fraud, Scams & Financial Crime

• Americans Lost $770 Million From Social Media Fraud In 2021, FTC Reports - Security Affairs

Supply Chain

• Supply Chain Security Is Not a Problem…It’s a Predicament | Threatpost

DoS/DDoS

• Reasons Why Every Business is a Target of DDoS Attacks (thehackernews.com)

CNI, OT, ICS, IIoT and SCADA

• Ransomware Often Hits Industrial Systems, With Significant Impact: Survey | SecurityWeek.Com

Nation State Actors

• Russian 'Gamaredon' Hackers Use 8 New Malware Payloads In Attacks (bleepingcomputer.com)

• State Hackers' New Malware Helped Them Stay Undetected For 250 Days (bleepingcomputer.com)

• Charming Kitten Sharpens Its Claws with PowerShell Backdoor | Threatpost

• FBI's Warning About Iranian Firm Highlights Common Cyber Attack Tactics | CSO Online

• Iranian APT Group Uses Previously Undocumented Trojan For Destructive Access To Organisations | CSO Online

Cloud

• If My Organisation Is Mostly in the Cloud, Do I Need a Firewall? (darkreading.com)

Passwords & Credential Stuffing

• The Account Takeover Cat-and-Mouse Game | Threatpost

• Reducing The Blast Radius Of Credential Theft - Help Net Security

Spyware, Espionage & Cyber Warfare

• Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers (thehackernews.com)

• Gamaredon (Primitive Bear) Russian APT Group Actively Targeting Ukraine (paloaltonetworks.com)

• Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users (thehackernews.com)

• Cyber Spies Linked To Memento Ransomware Use New PowerShell Malware (bleepingcomputer.com)

• NSO Group's Pegasus Spyware and Phantom Encryption Cracker Trigger Fresh Concerns - MSSP Alert

Vulnerabilities

• Apple, SonicWall, Internet Explorer Vulnerabilities Added To CISA List | ZDNet

• Samba 'Fruit' Bug Allows RCE, Full Root User Access | Threatpost

• Tens of Thousands of Websites Vulnerable to RCE Flaw in WordPress Plug-in (darkreading.com)

• Cisco Fixes Critical Bugs In SMB Routers, Exploits Available (bleepingcomputer.com)

• UEFI Firmware Vulnerabilities Affect At Least 25 Computer Vendors (bleepingcomputer.com)

• Google Patches 27 Vulnerabilities With Release of Chrome 98 | SecurityWeek.Com

• Intel Patched 226 Vulnerabilities in 2021 | SecurityWeek.Com

• Public Exploit Released for Windows 10 Bug | Threatpost

• 600K WordPress Sites Impacted By Critical Plugin RCE Vulnerability (bleepingcomputer.com)

• Critical Log4j Vulnerabilities Are the Ultimate Gift for Cyber Criminals (darkreading.com)

• ESET Antivirus Bug Let Attackers Gain Windows SYSTEM Privileges (bleepingcomputer.com)

Sector Specific

Financial Services Sector

• Bank Executives Mostly Concerned About Cyber Crime - Help Net Security

Retail

• Why Buy Now, Pay Later Is The Next Big Fraud Risk For Retailers | CSO Online

Transport and Aviation

• Ransomware Spree Hitting European Oil, Transport Companies - CyberScoop
  

Reports Published in the Last Week

• Identity Theft Resource Center’s 2021 Annual Data Breach Report Sets New Record for Number of Compromises - ITRC (idtheftcenter.org)

Other News

• Hackers Went Wild in 2021 — Every Company Should Do These 5 Things in 2022 (darkreading.com)

• Rush To Remote Work Left Sysadmins Struggling To Keep Businesses Safe - Help Net Security

• Telco Fined €9 Million For Hiding Cyber Attack Impact From Customers (bleepingcomputer.com)

• Are There Holes In Your Cyber Security Map? | VentureBeat

• 90% of Security Leaders Warn of Skills Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• The Real-World Impact of the Global Cyber Security Workforce Gap on Cyber Defenders (darkreading.com)

• Hundreds Of Thousands Of Routers Exposed To Eternal Silence Campaign Via UPnP - Security Affairs

• Social Security Numbers Most Targeted Sensitive Data - Infosecurity Magazine

• NIST's New Cyber-Resiliency Guidance: 3 Steps For Getting Started | CSO Online

• Organisations Neglecting Microsoft 365 Cyber Security Features - Help Net Security

• Microsoft Says MFA Adoption Remains Low, Only 22% Among Enterprise Customers - The Record by Recorded Future

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Preparedness Is Low Despite Executives’ Concerns

86.7% of C-suite and other executives say they expect the number of cyber attacks targeting their organisations to increase over the next 12 months, according to a recent poll conducted by researchers. While 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organisations over the next 12 months, only 33.3% say that their organisations have simulated ransomware attacks to prepare for such an incident. https://www.helpnetsecurity.com/2021/09/15/ransomware-preparedness/

MSPs That Cannot Modernize Will Find Themselves And Their Clients Falling Behind

Researchers sought feedback from IT professionals to explore the performance of modern (and not-so-modern) managed service providers (MSPs). The survey found that even satisfactory MSPs are falling short in certain key areas: cloud strategy, security, and IT spending. https://www.helpnetsecurity.com/2021/09/16/msps-falling-behind/

Two-Thirds Of Cloud Attacks Could Be Stopped By Checking Configurations, Research Finds

On Wednesday, researchers published its latest Cloud Security Threat Landscape report, spanning Q2 2020 through Q2 2021. According to the research, two out of three breached cloud environments observed by the tech giant "would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems." https://www.zdnet.com/article/two-thirds-of-cloud-attacks-could-be-stopped-by-checking-configurations-research-finds/

Open Source Software Cyber Attacks Increasing By 650%, Popular Projects More Vulnerable

Researchers released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. https://www.helpnetsecurity.com/2021/09/17/open-source-cyberattacks/

Third-Party Cloud Providers: Expanding The Attack Surface

In the era of digital transformation, which is essentially an organisation’s way of stating they are increasing their reliance on cloud-based services—enterprises’, digital landscapes are more interconnected than ever before. This means that the company you buy a technology function from may have downstream third-party providers that enable plumbing, infrastructure and development technology that drive their business. With modern computing environments moving further away from the enterprise, the safety assumption paradigm is shifting. This has impacted the threat landscape because as organisations increase migration to the cloud (a third party), they must now consider that these newly onboarded third parties may have serious security issues that could present adversaries with opportunities to infiltrate your network. https://www.helpnetsecurity.com/2021/09/13/third-party-cloud-providers/

Ransomware Encrypts South Africa's Entire Dept Of Justice Network

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online. https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/

2021’s Most Dangerous Software Weaknesses

Researchers recently updated a list of the top 25 most dangerous software bugs, and it’s little surprise that a number of them have been on that list for years. The Common Weakness Enumeration (CWE) list represents vulnerabilities that have been widely known for years, yet are still being coded into software and being bypassed by testing. Both developers and testers presumably know better by now, but keep making the same mistakes in building applications. https://threatpost.com/2021-angerous-software-weaknesses/169458/

46% Of All On-Prem Databases Are Vulnerable To Attack, Breaches Expected To Grow

A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ severity, aligned with guidelines from the National Institute of Standards and Technology (NIST). This indicates that many organisations are not prioritizing the security of their data and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years. https://www.helpnetsecurity.com/2021/09/15/on-prem-databases-vulnerable/

Most Fortune 500 Companies’ External IT Infrastructure Considered At Risk

Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organisation, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, as research reveal. https://www.helpnetsecurity.com/2021/09/15/external-it-infrastructure-risk/

Thousands Of Internet-Connected Databases Contain High Or Critical Vulnerabilities

After spending five years poring over port scan results, researchers reckon there's about 12,000 vulnerability-containing databases accessible through the internet. The study also found that of the 46 per cent of 27,000 databases scanned, just over half that number contained "high" or "critical" vulns as defined by their CVE score. https://www.theregister.com/2021/09/14/imperva_12k_database_vuln_report/

Only 30% Of Enterprises Use Cloud Services With End to End Encryption For External File Sharing

A recent study of enterprise IT security decision makers conducted by researchers shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. https://www.helpnetsecurity.com/2021/09/13/external-file-sharing/

Threats

Ransomware

• The State Of Ransomware: National Emergencies And Million-Dollar Blackmail

• Ransomware Attackers Targeted App Developers With Malicious Office Docs, Says Microsoft

• Microsoft: Windows MSHTML Bug Now Exploited By Ransomware Gangs

• Ransomware Gang Threatens To Wipe Decryption Key If Negotiator Hired

• US General In Charge Of Cyber Security Pledges ‘Surge’ To Address Ransomware Attacks

• Technology Giant Olympus Hit By BlackMatter Ransomware

• Ransomware: A Market Problem Deserves A Market Solution

• REvil Ransomware Is Back In Full Attack Mode And Leaking Data

• Ransomware-Hit Law Firm Secures High Court Judgment Against Unknown Criminals

• Ransomware Encrypts South Africa's Entire Dept Of Justice Network

BEC

• Romance, BEC Scams Lands Soldier In Jail For 46 Months

Phishing

• The Top Keywords Used In Phishing Email Subject Lines

• Banks Confront New Type Of Phishing: 'Salami' Attacks

• Malware Attack On Aviation Sector Uncovered After Going Unnoticed For 2 Years

• Phishers Impersonate US DOT To Target Contractors After Senate Passed $1 Trillion Infrastructure Bill

Other Social Engineering

• Brits Open Doors For Tech-Enabled Fraudsters Because They 'Don't Want To Seem Rude'

• Scammers In Russia Offer Free Bitcoin On A Hacked Government Website

• FBI: $113 Million Lost To Online Romance Scams This Year

Malware

• Attackers Use Crypto Mining Malware to Target Organisations

• New Zloader attacks disable Windows Defender to evade detection

Mobile

• Cyber Security Expert: Israeli Spyware Company NSO Group Poses ‘A Serious Threat To Phone Users’

• This US Company Sold iPhone Hacking Tools To UAE Spies

• After The T-Mobile Breach, Companies Are Preventing Customers From Securing Their Accounts

IOT

• IOT Device Attacks Double In The First Half Of 2021, And Remote Work May Shoulder Some Of The Blame

• Smart TVs Are Everywhere But Many Remain Unprotected

Vulnerabilities

• Microsoft September 2021 Patch Tuesday Fixes 2 Zero-Days, 60 Flaws

• Pair of Google Chrome Zero-Day Bugs Actively Exploited

• HP Omen Hub Exposes Millions of Gamers To Cyber Attack

• Third Critical Bug Affects Netgear Smart Switches — Details And PoC Released

• Patch Now! PrintNightmare Over, MSHTML Fixed, A New Horror Appears … OMIGOD

• No Patch For High-Severity Bug In Legacy IBM System X Servers

• Experts Warn About Vulnerabilities of U.S. GPS System To Cyber Terrorists

• Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

• Apple Patches An NSO Zero-Day Flaw Affecting All Devices

• AMD CPU Driver Bug Can Break KASLR, Expose Passwords

Data Breaches/Leaks

• Over 60 Million Wearable, Fitness Tracking Records Exposed Via Unsecured Database

• Hackers Leak Passwords For 500,000 Fortinet VPN Accounts

• Stolen Credentials Led To Data Theft At United Nations

Organised Crime & Criminal Actors

• Telegram Emerges As New Dark Web For Cyber Criminals

• Russia Is Fully Capable Of Shutting Down Cyber Crime

• Criminal Hacking Is on the Rise. Microsoft’s President Says This Is How to Fight It

Cryptocurrency/Cryptojacking

• US Will Reportedly Impose Crypto Sanctions Amid Ransomware Attacks

DoS/DDoS

• Powerful Botnet Found To Be Launching Some Of The Biggest DDoS Attacks Ever

Nation State Actors

• Years-Long Attack By Chinese-Linked APT Groups Discovered By McAfee

• UK, US And Australia Launch Pact To Counter China

Cloud

• Misconfigured APIs Account for Two-Thirds of Cloud Breaches

• Zero Trust Requires Cloud Data Security With Integrated Continuous Endpoint Risk Assessment

Other News

• Facebook Says It Will Step Up Efforts To Stop Coordinated Campaigns That Cause Harm

• Healthcare Cyber Security: How To Prevent The Compromise Of Patient Records?

• Security Experts Predict A Global AI-Related Cyber Attack Before Year-End

• Japan Is Belatedly Recognising The Risks Of Cyber War

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

40% Fell Victim To A Phishing Attack In The Past Month

The global shift to remote work has exacerbated the onslaught, sophistication, and impact of phishing attacks, according to Ivanti. Nearly three-quarters (74%) of respondents said their organisations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month.

Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85% said those attempts are getting more sophisticated. In fact, 73% of respondents said that their IT staff had been targeted by phishing attempts, and 47% of those attempts were successful.

Smishing and vishing scams are the latest variants to gain traction and target mobile users. According to recent research by Aberdeen, attackers have a higher success rate on mobile endpoints than on servers – a pattern that is trending dramatically worse. Meanwhile, the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M.

https://www.helpnetsecurity.com/2021/07/23/risk-phishing-attacks/

Traditional Ransomware Defences Are Failing Businesses

Traditional cyber security strategies are failing to protect organisations from ransomware attacks, new research suggests. Based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defences set up at the time of the attack. However, attack methods have grown too sophisticated for traditional security measures to keep up. Many attacks (24 percent) still start with a successful phishing attempt, while almost a third (31 percent) see attacker enter the network through public cloud.

https://www.itproportal.com/news/traditional-ransomware-defenses-are-failing-businesses/

Cyber Security Risk: The Number Of Employees Going Around IT Security May Surprise You

Last month, a report was published highlighting challenges associated with enabling IT freedoms while ensuring tight security procedures. The findings detail a complex balancing act between IT teams and network users. Calibrating this equilibrium is particularly challenging in the age of remote work as employees log on and virtually collaborate via a host of digital solutions. Overall, the survey found that virtually all employees (93%) "are working around IT restrictions," and a mere 7% said they were "satisfied with their corporate IT restrictions." Interestingly, this information about IT workarounds does not match security leaders' and IT expectations.

https://www.techrepublic.com/article/cybersecurity-risk-the-number-of-employees-going-around-it-security-may-surprise-you/

740 ransomware victims named on data leak sites in Q2 2021: report

More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cyber security firm Digital Shadows.

Out of the almost 2,600 victims listed on ransomware data leak sites, 740 of them were named in Q2 2021, representing a 47% increase compared to Q1.

https://www.zdnet.com/article/740-ransomware-victims-named-on-data-leak-sites-in-q2-2021-report/

A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats

For decades, the cyber security industry has followed a defense-in-depth strategy, which allowed organisations to designate the battlefield against bad actors at their edge firewall. Nowadays, cyber criminals have become as creative as ever. New cyber threats are emerging every day, and with the constantly increasing rate of Ransomware, Phishing, etc. We’re forced to take a more dynamic approach when tackling these cyber threats on a day to day basis. Recent statistics demonstrate the scale of the cyber security issues faced by companies. In 2020, malware attacks increased by 358% and ransomware increased by 435%, and the average cost of recovering from a ransomware attack has doubled in the last 12 months, reaching almost $2 million in 2021.

https://www.helpnetsecurity.com/2021/07/13/dynamic-approach-cybersecurity-threats/

Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack

Campbell Conroy & O'Neil, P.C., a law firm handling hundreds of cases for the world's leading companies, has announced a large data breach that resulted from a ransomware attack in February.  In a statement, the law firm said it noticed unusual activity on its network on February 27. The firm later realized it was being hit with a ransomware attack and contacted the FBI as well as cyber security companies for help.

https://www.zdnet.com/article/law-firm-for-ford-boeing-exxon-marriott-walgreens-and-more-hacked-in-ransomware-attack/

UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack

The Government was hinting yet again at covertly using Britain’s own offensive cyber capabilities – hitting back at cyber attacks with cyber attacks of our own. This approach goes all the way back to 2013, when then defence secretary told the Conservative Party conference that the UK would “build a dedicated capability to counter-attack in cyber space and, if necessary, to strike in cyber space”.

https://www.telegraph.co.uk/world-news/2021/07/19/uk-allies-accuse-china-reckless-cyber-extortion-microsoft-hack/

Even after Emotet takedown, Office docs deliver 43% of all malware downloads now

Malware delivered over the cloud increased by 68% in Q2, according to data from cyber security firm Netskope.

The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter.

The report noted that cloud storage apps account for more than 66% of cloud malware delivery.

"In Q2 2021, 43% of all malware downloads were malicious Office docs, compared to just 20% at the beginning of 2020. This increase comes even after the Emotet takedown, indicating that other groups observed the success of the Emotet crew and have adopted similar techniques," the report said.

https://www.zdnet.com/article/even-after-emotet-takedown-office-docs-deliver-43-of-all-malware-downloads-now/

Gun Owners' Fears After Firearms Dealer Data Breach

Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a "security breach".

Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner's Office.

Police, including the National Crime Agency, are investigating.

One affected gun owner said he was afraid the breach could lead to his family being targeted by criminals.

Gun ownership is tightly controlled in the UK, making guns difficult to acquire, and potentially valuable on the black market.

The individual, who did not wish to be named, told the BBC the breach "seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger".

https://www.bbc.co.uk/news/technology-57932823  

Threats

Ransomware

• SpearTip Finds New Diavol Ransomware Does Steal Data

• The Ransomware Point Of Attack Is Sharper

• Ransomware Incident At Major Cloud Provider Disrupts Real Estate, Title Industry

• In The Fight Against Ransomware, Microsoft Must Do More

• Tracking Malware And Ransomware Domains In 2021

BEC

Phishing

• Google Chrome Now Comes With Up To 50x Faster Phishing Detection

Malware

• Leaked NSO Group Data Hints At Widespread Pegasus Spyware Infections

• This New Malware Hides Itself Among Windows Defender Exclusions To Evade Detection

• MacBook Users Beware! Hackers Are Buying $49 Malware To Wreak Havoc On MacOS

• New MosaicLoader Malware Targets Software Pirates Via Online Ads

• CISA Warns Of Stealthy Malware Found On Hacked Pulse Secure Devices

• This Password-Stealing Windows Malware Is Distributed Via Ads In Search Results

• Pirate Gamers, Beware: This Malware Targets You

Mobile

• Joker Malware Returns To Target Millions More Android Devices

Vulnerabilities

• You'll Want To Shut Down The Windows Print Spooler Service (Yes, Again): Another Privilege Escalation Bug Found

• Google Patches Chrome Zero-Day, Eighth One In 2021

• Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

• 16-Year-Old Security Bug Affects Millions Of HP, Samsung, Xerox Printers

• Fortinet Fixes Bug Letting Unauthenticated Hackers Run Code As Root

• Windows 10 Vulnerability Lets Anyone Get Administrator Privileges

• Researchers Discover Security Flaws In Telegram Encryption Protocol

• New Sequoia Bug Gives You Root Access On Most Linux Systems

• Microsoft Shares Workaround For Windows 10 SeriousSAM Vulnerability

• Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

Data Breaches

• Aruba Waited Months To Notify Customers Regarding A Recent Data Breach

• Data Breach Claimants Lose Bid For Anonymity In Court

• Oil Giant Saudi Aramco Hit By 1TB Data Breach

Organised Crime & Criminal Actors

• Botnet Operator Who Proxied Traffic For Other Cybercrime Groups Pleads Guilty

Supply Chain

• NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

DoS/DDoS

• DDoS: Google Has A New Tool To Defend Against Attacks Launched By Botnets

OT, ICS, IIoT and SCADA

• Industrial Networks Exposed Through Cloud-Based Operational Tech

Nation State Actors

• Iranian State Sponsored Hacking Attempts

• UK And Allies Hold Chinese State Responsible For Pervasive Pattern Of Hacking

• China Accused Of Cyber-Attack On Microsoft Exchange Servers

• Chinese Hacking Group APT31 Uses Mesh Of Home Routers To Disguise Attacks

• France Warns Of APT31 Cyber Spies Targeting French Organisations

• APT Hackers Distributed Android Trojan Via Syrian E-Government Portal

Cloud

• Why The Bank Of England Has Its Head In The Cloud Over Data Security

Privacy

• FT Editor Among 180 Journalists Identified By Clients Of Spyware Firm

• Revealed: leak uncovers global abuse of cyber surveillance weapon

Other News

• Is Open-Source Software Secure?

• Application Security Tools Ineffective Against New And Growing Threats

• Pegasus: What Is The Israeli Spyware And How Can You Tell If It’s On Your Phone?

• UK.Gov's Huawei Watchdog Says Firm Made 'No Overall Improvement' On Firmware Security But Won't Say Why

• DHS Releases New Mandatory Cyber Security Rules For Pipelines After Colonial Ransomware Attack

• 1 in 5 companies fail PCI compliance assessments of their infrastructure

• Biden Puts a $10M Bounty on Foreign Hackers

• MITRE updates list of top 25 most dangerous software bugs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.