Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 28 October 2022
Black Arrow Cyber Threat Briefing 28 October 2022:
-‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million
-Ransomware Threat Shifts from US to EMEA and APAC
-Phishing Attacks Increase by Over 31% In Third Quarter
-UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis
-HR Departments Play a Key Role in Cyber Security
-The Long-Term Psychological Effects of Ransomware Attacks
-7 Hidden Social Media Cyber Risks for Enterprises
-54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
-Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before it’s Too Late
-Enterprise Ransomware Preparedness Improving but Still Lacking
-Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data
-How The "pizza123" Password Could Take Down an Organisation
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million
The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.
The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.
The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.
The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.
John Edwards, UK Information Commissioner, said:
“The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.
“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.
“Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”
Ransomware Threat Shifts from US to EMEA and APAC
The volume of ransomware detections in Q3 2022 was the lowest in two years, but certain geographical regions have become bigger targets as attacks on US organisations wane, according to SonicWall. The security vendor used its own threat detection network, including over one million security sensors in more than 200 countries, to reveal the current landscape.
The good news is that global malware volumes have remained flat for the past three quarters, amounting to a total of over four billion detections in the year to date. Of these, ransomware is also trending down after a record-breaking 2021. Even so, SonicWall detected 338 million compromise attempts in the first three quarters of the year.
Year-to-date ransomware attempts in 2022 have already exceeded the full-year totals from four of the past five years, the vendor claimed. While attacks on US organisations dipped by 51% year-on-year during the period, they increased significantly in the UK (20%), EMEA (38%) and APAC (56%).
The cyber-warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.
https://www.infosecurity-magazine.com/news/ransomware-threat-shifts-from-us/
Phishing Attacks Increase by Over 31% In Third Quarter
Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.
Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.
According to the report, email is the preferred attack vector for phishing and malware, as it gives hackers a direct channel to users, the weakest link in an organisation’s attack surface. The report analyses phishing and malware data captured by Vade, which does business internationally.
As attacks become more sophisticated, Vade said, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.
While the activity of threat actors fluctuates, Vade’s research found that impersonating trusted and established brands remains the most popular strategy for hackers. In the third quarter of 2022, Facebook was the most impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft.
The financial services sector remains the most impersonated industry, representing 32% of phishing emails detected by Vade, followed by cloud at 25%, social media at 22%, and internet/telco at 13%.
As phishing attacks increase, the techniques used by threat actors continue to evolve. While phishing campaigns were traditionally large scale and random, more recent campaigns seen by Vade suggest that hackers have pivoted to using more targeted campaigns.
UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis
Brits have been warned to “stay alert for fraud” as more people are out to make extra cash as the cost of living rises across the country.
UK Finance said that more than half (56%) of people admitted that they are likely to look for opportunities to make extra money in the coming months, which could leave some people more susceptible to fraud.
According to the trade association’s Take Five To Stop Fraud campaign, one in six, or 16%, of people said the rising cost of living means they are more likely to respond to an unprompted approach from someone offering an investment opportunity or a loan.
Young people were more likely to be at risk, the data suggested, which surveyed 2,000 people across the UK. More than a third (34%) of 18 to 34-year-olds said they are more likely to respond to an unprompted approach from someone, with three in 10 (30%) also more likely to provide their personal or financial details to secure the arrangement.
Overall, three in five people (60%) said they are concerned about falling victim to financial fraud or a scam. It comes as recent figures from UK Finance showed that £609.8m was lost due to fraud and scams in the first half of this year.
https://uk.news.yahoo.com/uk-watch-for-fraud-extra-cash-cost-of-living-crisis-230154352.html
HR Departments Play a Key Role in Cyber Security
A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the centre of how an organisation is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.
Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cyber security posture.
Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from bring-your-own-device (BYOD) and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.
Beyond malicious threats, even routine HR processes can introduce risk to the organisation when they're not adequately aligned with the IT processes in an organisation. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.
To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organisation, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.
https://www.darkreading.com/vulnerabilities-threats/hr-departments-play-a-key-role-in-cybersecurity
The Long-Term Psychological Effects of Ransomware Attacks
Northwave has conducted scientific research into the psychological effects of a ransomware crisis on both organisations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn in disarray long after the crisis itself has passed.
The research reveals how the psychological impact of ransomware attacks can persist on people in affected organisations for a very long time. It shows that crisis team members may develop serious symptoms far later. Top management and HR need to take measures against this, in fact right from the very beginning of the crisis. They are the ones bearing responsibility for the well-being of their staff.
They also discovered how teams have fallen apart some time after the crisis, with members leaving or staying home on sick-leave. The study reveals that effects can linger throughout the organisation. All in all the investigation shows that this invisible impact of a cyber crisis is an issue for the general business management, and certainly also for HR.
Northwave regards the response to a cyber attack as occurring in three phases. First comes the actual crisis situation, which evolves into an incident phase after about a week. A plan of action is then in place, and recovery measures are launched. The fire has been largely extinguished after a month or so, with the first (basic) functionalities available again.
Full recovery can take one to two years. Each phase has its specific effects on the minds and bodies of those involved, and by extension, on the organisation or parts of it. “On average a company is down for three weeks following a malware attack,” notes Van der Beijl. “But it surprised us that the impact persists for so long afterwards. Psychological issues are still surfacing a year after the actual crisis.”
One of every seven employees involved in the attack, either directly or indirectly, exhibits severe enough symptoms several months later, at a level considered to be above the clinical threshold at which professional trauma treatment help is needed. One in five employees say they would actually have needed more professional help subsequently in coming to terms with the attack. One in three liked to have more knowledge and concrete tools to deal with the psychological effects of the attack.
A ransomware attack has enduring psychological effects on the way employees view the world. Two-thirds of employees, including those not actually involved in the attack, now believe the world is less safe. As one IT manager pointed out, “I’ve become far more suspicious. The outside world is a dangerous place.”
https://www.helpnetsecurity.com/2022/10/25/psychological-effects-ransomware/
7 Hidden Social Media Cyber Risks for Enterprises
Whether they use it to amplify the brand, recruit new employees, advertise new products, or even sell directly to consumers, corporate brands love social media.
According to recent figures, brand advertising on social media is up by 53% in the last year, and that's not accounting for further investments that brands are making in developing and distributing content. They're pushing viral videos, funny memes, podcasts, written material, and more to increase engagement with their customers.
And brands are doing it across not only the old reliable social networks like Facebook and Twitter, but also emerging platforms like TikTok. In fact, according to another recent study, in 2022 marketers are expanding their horizons, with their increased content investments focused on areas like live streaming, long-form and short-form video content, virtual reality and augmented reality content, experimental content, and live audio chat rooms. The top platforms they're focused on most for increasing spending are now TikTok, Instagram, YouTube, and LinkedIn.
With the broadening of these social-media marketing strategies comes more risk. Whether an organisation uses social media to amplify its brand, or its executives and employees leverage social channels to bolster their professional and personal brands, these marketing platforms are a breeding ground for a wide range of cyber attacks and scams, including in the areas of artificial intelligence, deepfakes, and biometrics.
Cyber criminals, fraudsters, spies, and activists work around the clock to take advantage of emerging attack surfaces that arise from enterprise use of social media. The article below presents just a few avenues that organisations may overlook when they double-down on their social media investments.
https://www.darkreading.com/application-security/7-hidden-social-media-cyber-risks-enterprises
54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cyber security technology provider, Encore.
An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.
Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in. The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.
The immediate financial cost of a cyber-attack remains the number one concern for businesses, but security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers.
41% of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.
Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Encore believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.
Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before It’s Too Late
According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. Proofpoint's 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over it can take an extended period of time to restore data.
One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.
The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.
Enterprise Ransomware Preparedness Improving but Still Lacking
The majority of organisations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, "The Long Road Ahead to Ransomware Preparedness" by Enterprise Strategy Group, a division of TechTarget.
Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.
The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organisations plan to invest more in ransomware preparedness over the next 12 to 18 months.
With preparedness investments expected to grow, the survey asked how organisations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:
network security (43%)
backup infrastructure security (40%)
endpoint security (39%)
email security (36%)
data encryption (36%)
Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.
Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data
New details have emerged on the severity of the Australian Medibank hack, which has now affected all users. Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the Australian household names that have fallen victim to a data breach.
If it seems like barely a week goes by without news of another incident like this, you would be right. Cyber crime is on the rise – seven major Australian businesses were affected by data breaches in the past month alone.
But why now? And who is responsible for this latest wave of cyber attacks?
In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.
Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem. This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.
Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand. Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.
Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.
How The "pizza123" Password Could Take Down an Organisation
Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers, who described the attack in their own article on FastCompany.com before the publication took the site down.
The breach, the bitter taste of pizza123, and the plight of malicious push notifications, demand caution when selecting and managing passwords.
The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.
After decades of investment in sculpting the organisation's brand image, a business can watch its reputation flounder in the face of an obscene push notification. The sentiment of millions of faithful customers can turn sour in an instant. By the time organisations block the messages and make public apologies, the harm is done.
Customers can swap to a competitor, or even sue for the offence when they have entrusted a publisher to provide safe content. Regulatory bodies can fine organisations. The company can spend time and money defending itself in court and restoring its image. But malicious push notifications can do a lot worse than offend customers—criminal hackers can load messages with malware and infect consumer devices, leading to privacy violations and consumer financial fraud.
People often build passwords using the first word that comes to mind and a brief series of numbers. Pizza123 is a perfect example of an easy-to-guess password. Employees will create passwords already appearing on breached password lists. Criminal hackers use brute force attacks to confirm working passwords from the same lists.
Nearly two-thirds of employees reuse their passwords. The more they reuse them across business and personal accounts, the more likely criminal hackers will breach them and test them on the organisation. Hackers know to try the same passwords on different companies they hack because of password reuse.
Robust password management enables fine-grained password policies and policy customisation. With a custom password policy, organisations can increase complexity requirements, like length and previous-password change minimums. A custom password policy with increased complexity requirements will block 95% of weak and breached passwords.
Password length is a particularly critical component of strong passwords. Ninety-three percent of the passwords used in brute force attacks include eight or more characters. A custom password policy can require a minimum password length, decreasing password entropy.
Threats
Ransomware and Extortion
SonicWall: Ransomware down this year, but there’s a catch • The Register
Health insurer Medibank's infosec diagnosis is getting worse • The Register
Microsoft links Raspberry Robin worm to Clop ransomware attacks (bleepingcomputer.com)
How to detect Windows worm that now distributes ransomware • The Register
Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn (darkreading.com)
BlackByte ransomware affiliate also steals victims' data • The Register
Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs
OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)
CISA warns of ransomware attacks on healthcare providers (techtarget.com)
Ransom Cartel - REvil Rebrand? (informationsecuritybuzz.com)
Addressing Ransomware in Hospitals & Medical Devices (trendmicro.com)
Australian Clinical Labs says patient data stolen in ransomware attack (bleepingcomputer.com)
Vice Society Hackers Confess To Education Sector Ransomware Attacks (informationsecuritybuzz.com)
Why Ransomware in Education on the Rise and What That Means for 2023 (thehackernews.com)
Largest EU copper producer Aurubis suffers cyber attack, IT outage (bleepingcomputer.com)
Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (thehackernews.com)
Ransomware Gangs Ramp Up Industrial Attacks in US (darkreading.com)
Phishing & Email Based Attacks
Other Social Engineering; Smishing, Vishing, etc
Social engineering attacks anybody could fall victim to - Help Net Security
Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks | SecurityWeek.Com
Malware
Threat Groups Repurpose Banking Trojans into Backdoors (darkreading.com)
Types of cloud malware and how to defend against them (techtarget.com)
Chrome extensions with 1 million installs hijack targets’ browsers (bleepingcomputer.com)
Hackers use Microsoft IIS web server logs to control malware (bleepingcomputer.com)
Mobile
Internet of Things – IoT
IoT Fingerprinting Helps Authenticate and Secure All Those Devices (darkreading.com)
IoT security strategy from enterprises using connected devices | Network World
Your CCTV devices can be hacked and weaponized - Help Net Security
Data Breaches/Leaks
Thomson Reuters leaked at least 3TB of sensitive data | Cybernews
See Tickets discloses 2.5 years-long credit card theft breach (bleepingcomputer.com)
Twilio discloses another hack from June, blames voice phishing (bleepingcomputer.com)
Organised Crime & Criminal Actors
Ukrainian charged for operating Raccoon Stealer malware service (bleepingcomputer.com)
Interpol says metaverse opens up new world of cyber crime | Reuters
From Bounty to Exploit Observations About Cyber criminal Contests (trendmicro.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Purpleurchin: Cryptocurrency miners scour GitHub, Heroku • The Register
Cryptomining campaign abused free GitHub account trials (techtarget.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection (darkreading.com)
LinkedIn Releases New Security Features To Combat Fraud (informationsecuritybuzz.com)
Beware Of SCAMS As Cost Of Living Bites Finances, Expert Comments (informationsecuritybuzz.com)
Insurance
Health insurer Medibank's infosec diagnosis is getting worse • The Register
Cyber Insurance Market 2022: FAQs & Updates with iBynd (trendmicro.com)
Dark Web
Notorious ‘BestBuy’ hacker arraigned for running dark web market (bleepingcomputer.com)
Student arrested for running one of Germany’s largest dark web markets (bleepingcomputer.com)
British hacker arraigned for running The Real Deal dark web marketplace - Security Affairs
Software Supply Chain
How the Software Supply Chain Security is Threatened by Hackers (thehackernews.com)
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)
Consumer behaviours are the root of open source risk - Help Net Security
Denial of Service DoS/DDoS
Key observations on DDoS attacks in H1 2022 - Help Net Security
Meet the Windows servers that have been fuelling massive DDoSes for months | Ars Technica
Cloud/SaaS
Everything you Need to Know about Cloud Hacking and its Methodologies (analyticsinsight.net)
Top Cloud Security Challenges & How to Beat Them (trendmicro.com)
Atlassian Vulnerabilities Highlight Criticality of Cloud Services (darkreading.com)
Threat Actors Target AWS EC2 Workloads to Steal Credentials (trendmicro.com)
Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)
4 Reasons Open Source Matters for Cloud Security (darkreading.com)
Cloud Providers Throw Their Weight Behind Confidential Computing (darkreading.com)
Hybrid Working
Balancing remote work privacy vs. productivity monitoring (techtarget.com)
Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)
Attack Surface Management
Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)
Asset risk management: Getting the basics right - Help Net Security
Encryption
New Critical Vuln In Component That Allow Encryption Across Internet - (informationsecuritybuzz.com)
API
Open Source
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)
4 Reasons Open Source Matters for Cloud Security (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why it's time to expire mandatory password expiration policies (techtarget.com)
Feds say Ukrainian man running malware service amassed 50M unique credentials | Ars Technica
Biometrics
Social Media
LinkedIn Phishing Spoof Bypasses Google Workspace Security (darkreading.com)
LinkedIn's new security features combat fake profiles, threat actors (bleepingcomputer.com)
Cyber security event cancelled after scammers disrupt LinkedIn live chat (bitdefender.com)
Expert Opinion: What Does Musk's Takeover Mean For Cyber security? (informationsecuritybuzz.com)
Cyber attackers Target Instagram Users With Threats of Copyright Infringement (darkreading.com)
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Data Protection
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine: Russian cyber attacks aimless and opportunistic (techtarget.com)
Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (thehackernews.com)
Slovak, Polish Parliaments Hit by Cyber attacks | SecurityWeek.Com
Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs
Ukraine Warns of Cuba Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors
Nation State Actors – Russia
Russia says Starlink satellites could become military target • The Register
Calls for inquiry mount after reports that Truss’s phone was hacked | Financial Times
OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)
Nation State Actors – China
Chinese Connected Cyber Crew Unleashes Disinformation Campaign Ahead of US Elections - MSSP Alert
Federal bans don't stop US states from buying Chinese kit • The Register
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerabilities
OpenSSL to fix the second critical flaw ever - Security Affairs
Urgent: Google Issues Emergency Patch for Chrome Zero-Day (darkreading.com)
ConnectWise fixes RCE bug exposing thousands of servers to attacks (bleepingcomputer.com)
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! – Naked Security (sophos.com)
Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit (darkreading.com)
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (thehackernews.com)
Cisco warns admins to patch AnyConnect flaws exploited in attacks (bleepingcomputer.com)
Exploit released for critical VMware RCE vulnerability, patch now (bleepingcomputer.com)
Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities | SecurityWeek.Com
Incoming OpenSSL critical fix: Organisations, users, get ready! - Help Net Security
Cisco Users Informed of Vulnerabilities in Identity Services Engine | SecurityWeek.Com
VMware fixes critical RCE in VMware Cloud Foundation - Security Affairs
VMware Patches Critical Vulnerability in End-of-Life Product | SecurityWeek.Com
Multiple vulnerabilities affect the Juniper Junos OS - Security Affairs
Other News
Cyber Security Risks & Stats This Spooky Season (darkreading.com)
Cyber Certification Skills Are For Life, Not Just For Linkedin (informationsecuritybuzz.com)
Implementing Defence in Depth to Prevent and Mitigate Cyber Attacks (thehackernews.com)
Cyber security’s importance and impact reaches all levels of the tech workforce - Help Net Security
Stress Is Driving Cyber Security Professionals to Rethink Roles (darkreading.com)
Equifax's Lessons Are Still Relevant, 5 Years Later (darkreading.com)
Why dark data is a growing danger for corporations - Help Net Security
Know the dangers you're facing: 4 notable TTPs used by cyber criminals worldwide - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 October 2022
Black Arrow Cyber Threat Briefing 21 October 2022:
-Gen Z, Millennials Really Doesn't Care About Workplace Cyber Security
-Supply Chain Attacks Increased Over 600% This Year and Companies Are Falling Behind
-Cyber-Enabled Crimes Are Biggest Police Concerns
-List of Common Passwords Accounts for Nearly All Cyber Attacks
-Shared Responsibility or Shared Fate? Decentralized IT Means We Are All Cyber Defenders
-Ukraine War Cuts Ransomware as Kremlin Co-Opts Hackers
-96% Of Companies Report Insufficient Security for Sensitive Cloud Data
-Your Microsoft Exchange Server Is a Security Liability
-Are Cyber Security Vendors Pushing Snake Oil?
-Ransomware Preparedness, What Are You Doing Wrong?
-NSA Cybersecurity Director's Six Takeaways from the War in Ukraine
-Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Gen Z, Millennials Really Don’t Care About Workplace Cyber Security
When it comes to cyber security in the workplace, younger employees don’t really seem to care that much, which is putting their organisations in serious harm’s way, new research has claimed.
Surveying approximately 1,000 workers using devices issued by their employers, professional services firm EY found Gen Z enterprise employees were more apathetic about cyber security than their Boomer counterparts in adhering to their employer's safety policies.
This is despite the fact that four in five (83%) of all those surveyed claimed to understand their employer’s security protocol.
When it comes to implementing mandatory IT updates, for example, 58% of Gen Z’ers and 42% of millennials would disregard them for as long as possible. Less than a third (31%) of Gen X’ers, and just 15% of baby boomers said they do the same.
Apathy in the young extends to password reuse between private and business accounts. A third of Gen Z and millennial workers surveyed admitted to this, compared to less than a quarter of all Gen X’ers and baby boomers.
Some say the apathy of young people towards technology is down to their over-familiarity with technology, and never having been without it. Being too comfortable with tech undoubtedly makes an enterprise's younger employees a major target for cyber criminals looking to exploit any hole in security.
If an organisation's cyber security practices aren't upheld strongly, threat actors can compromise huge networks with simple social engineering attacks.
https://www.techradar.com/news/younger-workers-dont-care-about-workplace-cybersecurity
Supply Chain Attacks Increased Over 600% This Year and Companies Are Falling Behind
The number of documented supply chain attacks involving malicious third-party components has increased 633% over the past year, now sitting at over 88,000 known instances, according to a new report from software supply chain management company Sonatype. Meanwhile, instances of transitive vulnerabilities that software components inherit from their own dependencies have also reached unprecedented levels and plague two-thirds of open-source libraries.
“The networked nature of dependencies highlights the importance of having visibility and awareness about these complex supply chains” Sonatype said in its newly released State of the Software Supply Chain report. “These dependencies impact our software, so having an understanding of their origins is critical to vulnerability response. Many organisations did not have the needed visibility and continued their incident response procedures for Log4Shell well beyond the summer of 2022 as a result.”
Log4Shell is a critical vulnerability discovered in November 2021 in Log4j, a widely popular open-source Java library used for logging and bundled in millions of enterprise applications and software products, often as an indirect dependency. According to Sonatype’s monitoring, as of August 2022, the adoption rate for fixed versions of Log4j sits at around 65%. Moreover, this doesn’t even account for the fact that the Log4Shell vulnerability originated in a Java class called JndiManager that is part of Log4j-core, but which has also been borrowed by 783 other projects and is now found in over 19,000 software components.
Log4Shell served as a watershed moment, highlighting the inherent risks that exist in the open-source software ecosystem – which sits at the core of modern software development – and the need to manage them properly. It also led to several initiatives to secure the software supply chain by private organisations, software repository managers, the Linux Foundation, and government bodies. Yet, most organisations are far from where they need to be in terms of open-source supply chain management.
Cyber-Enabled Crimes Are Biggest Police Concerns
Cyber-related crimes such as money laundering, ransomware and phishing pose the biggest threat to society, according to the first ever Interpol Global Crime Trend report.
The inaugural study was compiled from data received from the policing organisation’s 195 member countries, as well as information and analysis from external sources.
Money laundering was ranked the number one threat, with 67% of respondents claiming it to be a “high” or “very high” risk. Ransomware came second (66%) but was the crime type that most (72%) expected to increase in the next 3–5 years.
Of the nine top crime trends identified in the report, six are directly cyber-enabled, including money laundering, ransomware, phishing, financial fraud, computer intrusion and child sexual exploitation.
Interpol warned that the pandemic had fomented new underground offerings like “financial crime-as-a-service,” including digital money laundering tools which help to lower the barrier to entry for criminal gangs. It also claimed that demand for online child sexual exploitation and abuse (OCSEA) content surged during the pandemic. Some 62% of respondents expect it to increase or significantly increase in the coming years.
The findings represent something of a turnaround from pre-pandemic times, when drug trafficking regularly topped the list of police concerns. Thanks to a surge in corporate digitalisation, home working and online shopping, there are now rich pickings to be had from targeting consumers and business users with cyber-scams and attacks, Interpol claimed.
https://www.infosecurity-magazine.com/news/cyberenabled-crimes-are-biggest/
List of Common Passwords Accounts for Nearly All Cyber Attacks
Half of a million passwords from the RockYou2021 list account for 99.997% of all credential attacks against a variety of honeypots, suggesting attackers are just taking the easy road.
Tens of millions of credential-based attacks targeting two common types of servers boiled down to a small fraction of the passwords that formed a list of leaked credentials, known as the RockYou2021 list.
Vulnerability management firm Rapid7, via its network of honeypots, recorded every attempt to compromise those servers over a 12-month period, finding that the attempted credential attacks resulted in 512,000 permutations. Almost all of those passwords (99.997%) are included in a common password list — the RockYou2021 file, which has 8.4 billion entries — suggesting that attackers, or the subset of threat actors attacking Rapid7's honeypots, are sticking to a common playbook.
The overlap in all the attacks also suggest attackers are taking the easy road, said Rapid7. "We know now, in a provable and demonstrable way, that nobody — 0% of attackers — is trying to be creative when it comes to unfocused, untargeted attacks across the Internet," they said. "Therefore, it's very easy to avoid this kind of opportunistic attack, and it takes very little effort to take this threat off the table entirely, with modern password managers and configuration controls."
Every year, security firms present research suggesting users are continuing to pick bad passwords. In 2019, an evaluation of passwords leaked to the Internet found that the top password was "123456," followed by "123456789" and "qwerty," and unfortunately things have not got much better since then.
https://www.darkreading.com/endpoint/a-common-password-list-accounts-for-nearly-all-cyberattacks
Shared Responsibility or Shared Fate? Decentralised IT Means We Are All Cyber Defenders
Does your organisation truly understand the shared responsibility model? Shared responsibility emerged from the early days of cloud computing as a way to delineate responsibilities between cloud providers and their customers, but often there's a gap between what shared responsibility means and how it is interpreted. With the decentralisation of IT, this gap is getting worse.
Applications, servers, and overall technology used to be under the purview and control of the IT department, yet with the shift to cloud, and specifically software-as-a-service (SaaS), this dynamic has changed. Whether it's the sales team bringing in a customer relationship management (CRM) system like Salesforce, or the HR department operating a human resources information system (HRIS) like Workday, there's a clear "expanding universe" of IT that no longer sits where it used to. Critical business workflows exist in separate business units far from IT and security and are managed as such. Our corporate IT footprints have become decentralised.
This is not some minor, temporary trend. With the ease and speed of adopting new SaaS applications and the desire to "lift and shift" code into cloud-based environments, this is the future. The future is decentralised.
The shift to business-owned and -operated applications puts security teams in a position where risk management is their responsibility; they are not even able to log into some of these critical systems. It's like asking your doctor to keep you healthy but not giving her access to your information or having regular check-ups. It doesn't work that way.
Beyond the challenging human skills gap, there's technical entropy and diversity everywhere, with different configuration settings, event logs, threat vectors, and data sensitivities. On the access side, there are different admins, users, integrations, and APIs. If you think managing security on Windows and Mac is a lot, try it across many huge applications.
With this reality, how can the security team be expected to combat a growing amount of decentralised business technology risk?
We must operate our technology with the understanding that shared responsibility is the vertical view between cloud provider and customer, but that enterprise-owned piece of shared responsibility is the burden of multiple teams horizontally across an organisation. Too often the mentality is us versus them, availability versus security, too busy to care about risk, too concerned with risk to understand "the business."
Ukraine War Cuts Ransomware as Kremlin Co-Opts Hackers
The Ukraine war has helped reduce global ransomware attacks by 10pc in the last few months, a British cyber security company has said.
Criminal hacking gangs, usually engaged in corporate ransomware activities, are increasingly being co-opted by the Russian military to launch cyber attacks on Ukraine, according to Digital Shadows. “The war is likely to continue to motivate ransomware actors to target government and critical infrastructure entities,” according to the firm. Such attacks partly contributed to a 10pc drop in the number of ransomware threats launched during the three months to September, said the London-based company.
The drop in ransomware may also partly be caused by tit-for-tat digital attacks between rival hacking gangs. Researchers said the Lockbit gang, who recently targeted LSE-listed car retailer Pendragon with a $60m (£53.85m) ransom demand, were the target of attacks from their underworld rivals. The group is increasingly inviting resentment from competing threat groups and possibly former members.
Some cyber criminals’ servers went offline in September after what appeared to be an attack from competitors. In the world of cyber criminality, it is not uncommon for tensions to flare among rival groups.
Officials from GCHQ’s National Cyber Security Centre have said ransomware is one of the biggest cyber threats facing the UK. Figures published by the Department for Digital, Culture, Media and Sport this year revealed the average costs to businesses caused by ransomware attacks is around £19,000 per incident.
US-based cyber security company Palo Alto Networks, however, warned that the average ransom payment it saw in the early part of this year was $925,000 (£829,000).
https://www.telegraph.co.uk/business/2022/10/23/ukraine-war-cuts-ransomware-kremlin-co-opts-hackers/
96% Of Companies Report Insufficient Security for Sensitive Cloud Data
The vast majority of organisations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA).
The CSA report surveyed 1,663 IT and security professionals from organisations of various sizes and in various locations. "Only 4% report sufficient security for 100% of their data in the cloud. This means that 96% of organisations have insufficient security for at least some of their sensitive data," according to the report, which was sponsored by data intelligence firm BigID.
Apart from struggling with securing sensitive data, organisations are also having trouble tracking data in the cloud. Over a quarter of organisations polled aren’t tracking regulated data, nearly a third aren’t tracking confidential or internal data, and 45% aren’t tracking unclassified data, the report said.
“This suggests that organisations’ current methods of classifying data aren’t sufficient for their needs. However, if the tracking is this low, it could be a contributing factor to the issue of dark data. Organisations need to utilise data discovery and classification tools to properly understand the data they have and how to protect it,” the CSA study noted.
Your Microsoft Exchange Server Is a Security Liability
With endless vulnerabilities, widespread hacking campaigns, slow and technically tough patching, it's time to say goodbye to on-premise Exchange.
Once, reasonable people who cared about security, privacy, and reliability ran their own email servers. Today, the vast majority host their personal email in the cloud, handing off that substantial burden to the capable security and engineering teams at companies like Google and Microsoft. Now, cyber security experts argue that a similar switch is due - or long overdue - for corporate and government networks. For enterprises that use on-premise Microsoft Exchange, still running their own email machine somewhere in a closet or data centre, the time has come to move to a cloud service, if only to avoid the years-long plague of bugs in Exchange servers that has made it nearly impossible to keep determined hackers out.
The latest reminder of that struggle arrived earlier this week, when Taiwanese security researcher Orange Tsai published a blog post laying out the details of a security vulnerability in Microsoft Exchange. Tsai warned Microsoft about this vulnerability as early as June of 2021, and while the company responded by releasing some partial fixes, it took Microsoft 14 months to fully resolve the underlying security problem. Tsai had earlier reported a related vulnerability in Exchange that was massively exploited by a group of Chinese state-sponsored hackers known as Hafnium, which last year penetrated more than 30,000 targets by some counts. Yet according to the timeline described in Tsai’s post this week, Microsoft repeatedly delayed fixing the newer variation of that same vulnerability, assuring Tsai no fewer than four times that it would patch the bug before pushing off a full patch for months longer. When Microsoft finally released a fix, Tsai wrote, it still required manual activation and lacked any documentation for four more months.
Meanwhile, another pair of actively exploited vulnerabilities in Exchange that were revealed last month still remain unpatched after researchers showed that Microsoft’s initial attempts to fix the flaws had failed. Those vulnerabilities were just the latest in a years-long pattern of security bugs in Exchange’s code. And even when Microsoft does release Exchange patches, they’re often not widely implemented, due to the time-consuming technical process of installing them.
The result of those compounding problems, for many who have watched the hacker-induced headaches of running an Exchange server pile up, is a clear message: An Exchange server is itself a security vulnerability, and the fix is to get rid of it.
“You need to move off of on-premise Exchange forever. That’s the bottom line,” says Dustin Childs, the head of threat awareness at security firm Trend Micro’s Zero Day Initiative (ZDI), which pays researchers for finding and reporting vulnerabilities in commonly used software and runs the Pwn2Own hacking competition. “You’re not getting the support, as far as security fixes, that you would expect from a really mission-critical component of your infrastructure.”
https://www.wired.com/story/microsoft-exchange-server-vulnerabilities/
Are Cyber Security Vendors Pushing Snake Oil?
Survey: 96 percent of cyber security decision makers confused by vendor marketing.
The availability of new security products increases, the amount of budget spent on cyber security grows, and the number of security breaches seems to outpace both. This basic lack of correlation between increasing cyber security spend and any clear increase in cyber security effectiveness is the subject of a new analytical survey from Egress.
With 52 million data breaches in Q2 2022 alone (Statista), Egress questioned 800 cyber security and IT leaders on why vendor claims and reality aren’t aligned. The headline response in the survey is that 91% of decision makers have difficulty in selecting cyber security vendors due to unclear marketing about their specific offerings.
The financial investment cycle doesn’t help in this. For many investors, the strength of the management team is more important than the product. The argument is not whether this product is a cyber security silver bullet, but whether this management can take the company to a point where it can exit with serious profits.
If investment is achieved, much of it will go into marketing. That marketing must compete against existing, established vendors – so it tends to be louder, more aggressive, and replete with hyperbole. Marketing noise can lead to increased valuation, which can lead to a successful and profitable exit by the investors.
Of course, this is an oversimplification and doesn’t always happen. The point, however, is that it does happen and has no relevance to the real effectiveness of the product in question. Without any doubt, there are many products that have been over-hyped by marketing funds provided by profit-driven investors.
https://www.securityweek.com/are-cybersecurity-vendors-pushing-snake-oil
Ransomware Preparedness: What Are You Doing Wrong?
Axio released its 2022 State of Ransomware Preparedness research report, revealing that although notable improvements have been made since Axio’s 2021 report, organisational ransomware preparedness continues to be insufficient to keep pace with new attack vectors.
The report reveals that the lack of fundamental cyber security practices and controls, including critical vulnerability patching and employee cyber security training, continues to undermine organisational attempts to improve ransomware defences.
“Ransomware continues to wreak havoc on global organisations, regardless of size or industry,” remarked the report’s co-author David White, President of Axio. “As the number of attacks will most likely continue on an exponential trajectory, it’s more important than ever for companies to re-evaluate their cyber security practices and make the needed improvements to help combat these attacks.”
The report identifies several emerging patterns that yield insights into why organisations are increasingly susceptible to ransomware attacks. In 2021, seven key areas where organisations were deficient in implementing and sustaining basic cyber security practices were identified, and these patterns dominated the 2022 study results as well:
Managing privileged access
Improving basic cyber hygiene
Reducing exposure to supply chain and third-party risk
Monitoring and defending networks
Managing ransomware incidents
Identifying and addressing vulnerabilities in a timely manner
Improving cyber security training and awareness
Overall, most organisations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include:
The number of organisations with a functional privileged access management solution in place increased by 10% but remains low at 33% overall.
Limitations on the use of service and local administrator accounts remain average overall, with nearly 50% of organisations reporting implementing these practices.
Approximately 40% of organisations monitor third-party network access, evaluate third-party cyber security posture, and limit the use of third-party software.
Less than 50% of respondents implement basic network segmentation and only 40% monitor for anomalous connections.
Critical vulnerability patching within 24 hours was reported by only 24% of organisations.
A ransomware-specific playbook for incident management is in place for only 30% of organisations.
Active phishing training has improved but is still not practiced by 40% of organisations.
https://www.helpnetsecurity.com/2022/10/20/insufficient-ransomware-preparedness/
NSA Cybersecurity Director's Six Takeaways from the War in Ukraine
From the warning banner ‘Be afraid and expect the worst’ that was shown on several Ukrainian government websites on January 13, 2022, after a cyber-attack took them down, the US National Security Agency’s (NSA) cybersecurity director, Rob Joyce, knew that something was going to be different, and very aggressive, between Ukraine and Russia, and that it would be happening in the cyber space as well.
Ten months on, he was invited to speak at one of Mandiant Worldwide Information Security Exchange's (mWISE) opening keynotes on October 18, 2022. Joyce shared six takeaways from the Russia-Ukraine cyber-conflict in terms of what we learned from it and its impact on how nations should protect their organisations.
Both espionage and destructive attacks will occur in conflict
The cyber security industry has unique insight into these conflicts
Sensitive intelligence can make a decisive difference
You can develop resiliency skills
Don’t try to go it alone
You have not planned enough yet for the contingencies
Toward the end of the keynote, Joyce suggested the audience simulate a scenario based on what happened in Ukraine with the China-Taiwan conflict escalating and see what they should put in place to better prepare for such an event.
https://www.infosecurity-magazine.com/news/nsa-6-takeaways-war-ukraine/
Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak
Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.
"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.
Microsoft also emphasised that the B2B leak was "caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability."
The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cyber security company SOCRadar, which termed the leak BlueBleed. Microsoft said it's in the process of directly notifying impacted customers.
The Windows maker did not reveal the scale of the data leak, but according to SOCRadar, it affects more than 65,000 entities in 111 countries. The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.
https://thehackernews.com/2022/10/microsoft-confirms-server.html
Threats
Ransomware and Extortion
Сryptocurrency and Ransomware — The Ultimate Friendship (thehackernews.com)
Venus Ransomware targets publicly exposed Remote Desktop services (bleepingcomputer.com)
Pendragon being held to $60m ransom by dark web hackers – Car Dealer Magazine
Magniber Ransomware Is Targeting Home PC (informationsecuritybuzz.com)
Hackers exploit critical VMware flaw to drop ransomware, miners (bleepingcomputer.com)
Ransomware Now Deployed as a Precursor to Physical War - MSSP Alert
TommyLeaks and SchoolBoys: Two sides of the same ransomware gang (bleepingcomputer.com)
With Conti gone, LockBit takes lead of the ransomware threat landscape | CSO Online
Tactics Tie Ransom Cartel Group to Defunct REvil Ransomware (darkreading.com)
Wholesale giant METRO hit by IT outage after cyber attack (bleepingcomputer.com)
The link between Ransom Cartel and REvil ransomware gangs - Security Affairs
How Vice Society Got Away With a Global Ransomware Spree | WIRED
Defenders beware: A case for post-ransomware investigations - Microsoft Security Blog
Ransomware crews regrouping as LockBit rise continues (computerweekly.com)
Ransom Cartel linked to notorious REvil ransomware operation (bleepingcomputer.com)
Hackney Council Ransomware Attack £12m+ Recovery - IT Security Guru
Microsoft Warns of Novel Ransomware Attacking Ukraine, Poland - MSSP Alert
Prestige ransomware hits victims of HermeticWiper • The Register
New ransomware targets transportation sectors in Ukraine, Poland | SC Media (scmagazine.com)
Japanese tech firm Oomiya hit by LockBit 3.0 - Security Affairs
Ransomware attack halts circulation of some German newspapers (bleepingcomputer.com)
Ransomware Insurance Security Requirement Strategies (trendmicro.com)
Australian insurance firm Medibank confirms ransomware attack (bleepingcomputer.com)
BlackByte ransomware uses new data theft tool for double-extortion (bleepingcomputer.com)
Phishing & Email Based Attacks
Phishing works so well crims won't use deepfakes: Sophos • The Register
Phishing Mitigation Can Cost Businesses More Than $1M Annually (darkreading.com)
Securing your organisation against phishing can cost up to $85 per email | CSO Online
How phishing campaigns abuse Google Ad click tracking redirects - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Malware
VMware bug with 9.8 severity rating exploited to install witch’s brew of malware | Ars Technica
Microsoft’s out-of-date driver list left Windows PCs open to malware attacks for years - The Verge
Ursnif malware switches from bank account theft to initial access (bleepingcomputer.com)
Experts spotted a new undetectable PowerShell Backdoor - Security Affairs
Typosquat campaign mimics 27 brands to push Windows, Android malware (bleepingcomputer.com)
Thousands of GitHub repositories deliver fake PoC exploits with malware (bleepingcomputer.com)
Hackers use new stealthy PowerShell backdoor to target 60+ victims (bleepingcomputer.com)
Hijacking of Popular Minecraft Launcher by Rogue Developer Raises Malware Fears - IGN
URSNIF (aka Gozi) banking trojan morphs into backdoor • The Register
What is a RAT (Remote Access Trojan)? | Definition from TechTarget
Mobile
Internet of Things – IoT
Riskiest IoT Devices - Cameras, VoIP And Video Conferencing (informationsecuritybuzz.com)
Securing IoT devices against attacks that target critical infrastructure - Microsoft Security Blog
74% say connected cars and EV chargers need cyber security ratings | Ars Technica
Data Breaches/Leaks
The companies most likely to lose your data - Help Net Security
Fines are not enough! Data breach victims want better security - Help Net Security
Medibank hack turned into a data breach: The attackers are demanding money - Help Net Security
Mormon Church Hit By Cyber attack, Personal Data Exposed (informationsecuritybuzz.com)
Keystone Health Data Breach Impacts 235,000 Patients | SecurityWeek.Com
Fashion brand SHEIN fined $1.9m for lying about data breach – Naked Security (sophos.com)
Client Data Exfiltrated In Advanced NHS cyber Attack (informationsecuritybuzz.com)
Australian Wine Dealer Suffers Data Breach, 500,000 Customers May Be (informationsecuritybuzz.com)
Advocate Aurora Health in potential 3 million patient leak • The Register
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Why Crypto Winter is No Excuse to Let Your Cyber Defences Falter (thehackernews.com)
North Korea’s Lazarus Group Attacks Japanese Crypto Firms - Decrypt
Coinbase users scammed out of $21M in crypto sue company for negligence | Ars Technica
SIM Swappers Sentenced to Prison for Hacking Accounts, Stealing Cryptocurrency | SecurityWeek.Com
Fraud, Scams & Financial Crime
Financial losses to synthetic identity-based fraud to double by 2024 | CSO Online
AI is Key to Tackling Money Mules and Disrupting Fraud: Industry Group | SecurityWeek.Com
Deepfakes
Deepfakes: What they are and how to spot them - Help Net Security
Phishing works so well crims won't use deepfakes: Sophos • The Register
Insurance
Supply Chain and Third Parties
Software Supply Chain
Software Supply Chain Attacks Soar 742% In Three Years (informationsecuritybuzz.com)
SBOMs: An Overhyped Concept That Won't Secure Your Software Supply Chain (darkreading.com)
Denial of Service DoS/DDoS
Cloud/SaaS
Microsoft Data-Exposure Incident Highlights Risk of Cloud Storage Misconfiguration (darkreading.com)
3 cloud security posture questions CISOs should answer (techtarget.com)
Attack Surface Management
Identity and Access Management
Encryption
API
Open Source
New security concerns for the open-source software supply chain - Help Net Security
Python vulnerability highlights open source security woes (techtarget.com)
3 Ways to Help Customers Defend Against Linux-Based Cyber attacks - MSSP Alert
OldGremlin hackers use Linux ransomware to attack Russian orgs (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Most People Still Reuse Their Passwords Despite Years Of Hacking (informationsecuritybuzz.com)
Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH | SecurityWeek.Com
Eight RTX 4090s Can Break Passwords in Under an Hour | Tom's Hardware (tomshardware.com)
Training, Education and Awareness
Security Awareness Urged to Grow Beyond Compliance (darkreading.com)
Raising cyber security awareness is good for everyone - but it needs to be done better | ZDNET
Millennials, Gen Z blamed for poor company security • The Register
Privacy, Surveillance and Mass Monitoring
Regulations, Fines and Legislation
Fines are not enough! Data breach victims want better security - Help Net Security
Fashion brand SHEIN fined $1.9m for lying about data breach – Naked Security (sophos.com)
New York fines EyeMed $4.5 million for 2020 email hack, data breach | SC Media (scmagazine.com)
Health insurer pays out $4.5m over bungled data security • The Register
Law Enforcement Action and Take Downs
INTERPOL-led Operation Takes Down 'Black Axe' Cyber Crime Organisation (thehackernews.com)
Law enforcement arrested 31 suspects for stealing cars by hacking key fobs - Security Affairs
Interpol is setting up its own metaverse to learn how to police the virtual world | Euronews
Brazilian Police Nab Suspected Member of Lapsus$ Group (darkreading.com)
Interpol Report: "Financial Crime-as-a-Service" an Emerging Threat - MSSP Alert
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ransomware Now Deployed as a Precursor to Physical War - MSSP Alert
US, China, Russia, more meet at Singapore infosec event • The Register
NSA cyber chief says Ukraine war is compelling more intelligence sharing with industry - CyberScoop
China-Linked Cyber-Espionage Team Homes In on Hong Kong Government Orgs (darkreading.com)
Microsoft Warns of Novel Ransomware Attacking Ukraine, Poland - MSSP Alert
Hackers target Asian casinos in lengthy cyber espionage campaign (bleepingcomputer.com)
Prestige ransomware hits victims of HermeticWiper • The Register
Pro-Russia Hackers DDoS Bulgarian Government - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors
Nation State Actors – Russia
Ukraine's cyber chief calls for global anti-fake news fight • The Register
German Cyber security Boss Sacked Over Kremlin Connection (darkreading.com)
New ransomware targets transportation sectors in Ukraine, Poland | SC Media (scmagazine.com)
Bulgaria hit by a cyber attack originating from Russia - Security Affairs
Nation State Actors – China
As China-Taiwan tensions mount, how's your cyber defence? • The Register
Chinese 'Spyder Loader' Malware Spotted Targeting Organisations in Hong Kong (thehackernews.com)
Hackers compromised Hong Kong govt agency network for a year (bleepingcomputer.com)
WIP19 Threat Group Cyber attacks Target IT Service Providers, Telcos - MSSP Alert
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerability Management
Vulnerabilities
45,654 VMware ESXi servers reached End of Life on Oct. 15 - Security Affairs
VMware bug with 9.8 severity rating exploited to install witch’s brew of malware | Ars Technica
Text message verification flaws in your Windows Active Directory (bleepingcomputer.com)
Apache Commons Vulnerability: Patch but Don't Panic (darkreading.com)
Zoom for Mac patches sneaky “spy-on-me” bug – update now! – Naked Security (sophos.com)
ProxyLogon researcher details new Exchange Server flaws (techtarget.com)
Exploited Windows zero-day lets JavaScript files bypass security warnings (bleepingcomputer.com)
Dozen High-Severity Vulnerabilities Patched in F5 Products | SecurityWeek.Com
Oracle Releases 370 New Security Patches With October 2022 CPU | SecurityWeek.Com
Palo Alto Networks fixed a high-severity flaw in PAN-OS - Security Affairs
Hackers exploit critical VMware flaw to drop ransomware, miners (bleepingcomputer.com)
Zimbra Patches Under-Attack Code Execution Bug | SecurityWeek.Com
WordPress Security Update 6.0.3 Patches 16 Vulnerabilities | SecurityWeek.Com
Python vulnerability highlights open source security woes (techtarget.com)
Other News
Zero trust is misused in security, say Cloudflare, Zscaler - Protocol
Cyber professional shortfall hits 3.4 million (computerweekly.com)
VPN use prevails despite interest in VPN alternatives (techtarget.com)
JP Morgan Bans Staff From Working Remotely In Hotels and Coffee Shops-But Not Airbnbs | Inc.com
Experts discovered millions of .git folders exposed to public - Security Affairs
Microsoft Defender is lacking in offline detection capabilities, says AV-Comparatives | TechSpot
Internet connectivity worldwide impacted by severed fiber cables in France (bleepingcomputer.com)
UK's Remote Shetland Mysteriously Lose Phone, Internet After Cable Cut (businessinsider.com)
CISOs, rejoice! Security spending is increasing - Help Net Security
Equifax surveilled 1,000 remote workers, fired 24 found juggling two jobs | Ars Technica
NATO Just Deployed Its First Killer Ground Robot (futurism.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 April 2022
Black Arrow Cyber Threat Briefing 15 April 2022:
-Cyber Security Is Getting Harder: More Threats, More Complexity, Fewer People
-Terrible Cloud Security Is Leaving the Door Open for Hackers. Here's What You're Doing Wrong
-More Organisations Are Paying the Ransom. Why?
-Cyber Attack Puts City Firms on High Alert To Bolster Defences
-More Than 60% of Organisations Suffered a Breach in the Past 12 Months
-Account Takeover Poised to Surpass Malware as The No. 1 Security Concern
-Security Research Reveals 42% Rise In New Ransomware Programs In 2021
-Fraudsters Stole £58m with Remote Access Trojans (RATs) in 2021
-As State-Backed Cyber Threats Grow, Here's How the World Is Reacting
-Q1 Reported Data Compromises Up 14% Over 2021
-Europol Announces Operation to Hit Russian Sanctions-Evaders
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Security Is Getting Harder: More Threats, More Complexity, Fewer People
Splunk and Enterprise Strategy Group released a global research report that examines the security issues facing the modern enterprise. More than 1,200 security leaders participated in the survey, revealing they’ve seen an increase in cyber attacks while their teams are facing widening talent gaps.
According to the report, 65% of respondents say they have seen an increase in attempted cyber attacks. In addition, many have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted:
· 49% of organisations say they have suffered a data breach over the past two years, an increase from 39% a year earlier.
· 79% of respondents say they’ve encountered ransomware attacks, and 35% admit that one or more of those attacks led them to lose access to data and systems.
· 59% of security teams say they had to devote significant time and resources to remediation, an increase from 42% a year ago.
· 54% of respondents report that their business-critical applications have suffered from unplanned outages related to cyber security incidents on at least a monthly basis, with a median of 12 outages per year. The median time to recover from unplanned downtime tied to cyber security incidents is 14 hours. Respondents estimated the cost of this downtime averaged about $200,000 per hour.
· 64% of security professionals have stated that it’s challenging to keep up with new security requirements, up from 49% a year ago.
https://www.helpnetsecurity.com/2022/04/13/modern-enterprise-security-issues/
Terrible Cloud Security Is Leaving the Door Open for Hackers. Here's What You're Doing Wrong
A rise in hybrid work and a shift to cloud platforms has changed how businesses operate - but it's also leaving them vulnerable to cyber attacks.
Cloud applications and services are a prime target for hackers because poor cyber security management and misconfigured services are leaving them exposed to the internet and vulnerable to simple cyber attacks.
Analysis of identity and access management (IAM) polices taking into account hundreds of thousands of users in 18,000 cloud environments across 200 organisations by cyber security researchers at Palo Alto Networks found that cloud accounts and services are leaving open doors for cyber criminals to exploit – and putting businesses and users at risk.
The global pandemic pushed organisations and employees towards new ways of remote and hybrid working, with the aid of cloud services and applications. While beneficial to businesses and employees, it also created additional cyber security risks – and malicious hackers know this.
More Organisations Are Paying the Ransom. Why?
Most organisations (71%) have been hit by ransomware in 2021, and most of those (63%) opted for paying the requested ransom, the 2022 Cyberthreat Defense Report (CDR) by the CyberEdge Group has shown.
The research company says that possible explanations for the steady yearly rise of the percentage of organisations that decided to pay the ransom may include: the threat of exposing exfiltrated data, increased confidence for data recovery, and the fact that many organisations find that paying a ransom is significantly less costly than system downtime, customer disruption, and potential lawsuits.
“72% of ransom-paying victims recovered their data [in 2021], up from 49% in 2017. This increased confidence for successful data recovery is often factored into the ransom-paying decision,” the company noted.
Similarly, BakerHostatler’s 2022 Data Security Incident Response Report says that in ransomware incidents the US-based law firm was called in to manage in 2021, ransomware groups provided decryptors and stuck to their promise to not publish stolen data 97% of the time.
https://www.helpnetsecurity.com/2022/04/11/organizations-paying-ransom/
Cyber Attack Puts City Firms on High Alert to Bolster Defences
Experts warn a combination of 'ignorance and arrogance' makes City executives vulnerable to attacks.
City firms on high alert for cyber attacks were sent a clear warning recently, bolstering concerns of the potential for breaches from Russia.
Ince Group, the London-listed law firm, last month fell prey to hackers who infiltrated its computer systems and stole confidential data. The company's security systems detected the intrusion on March 13, prompting the IT team to shut down servers to try and prevent widespread damage.
But soon after, the hackers demanded a ransom for stolen data and threatened to publish it on the dark web if Ince Group, which has clients in the shipping, energy and healthcare sectors, didn't pay up.
The incident has intensified worries of possible breaches after warnings that City firms could be targeted by Russian hackers following Putin’s invasion of Ukraine.
Julia O'Toole, chief executive of MyCena Security Solutions, says executives should be "very concerned" about any news of a cyber attack at a rival company.
More Than 60% of Organisations Suffered a Breach in the Past 12 Months
Firms focus too narrowly on external attackers when it's insiders, third parties, and stolen assets that cause many breaches, new study shows.
The majority of companies — 63% — have suffered at least one breach in the past 12 months. The global average breach cost $2.4 million — a price tag that increases to $3.0 million for companies unprepared to respond to compromises.
The new data from Forrester Research, released on April 8 in a report titled "The 2021 State Of Enterprise Breaches," found that the number of breaches and the cost of breaches varied widely depending on the geographic location of the business and to what degree the organisation is prepared to respond to breaches. Companies in North America had the largest disparity between the haves and have-nots: While the average organisation required 38 days to find, eradicate, and recover from a breach, companies that failed to adequately prepare for security challenges took 62 days.
The difference in response resulted in a large difference in cost as well, with the average North American company paying $3.0 million to recover from a breach, a bill that rises to $4.0 million if the company suffered from a lack of incident-response preparation.
"The misalignment between the expectation and the reality of breaches has become very important," says Allie Mellen, an analyst with Forrester's Security and Risk group. "On a global scale, there is a big disparity of about $600,000 between those who are prepared to respond to a breach and those who are not."
Account Takeover Poised to Surpass Malware as The No. 1 Security Concern
As most researchers and financial executives can attest, virtually all types of fraud have dramatically risen over the past two years. However, attackers taking over legitimate financial accounts have become even more of a favourite with cyber criminals than most fraud schemes.
Many major recent research reports have pointed out that account takeover (ATO), a form of identity theft where bad actors access legitimate bank accounts, change the account information and passwords, and hijack a real customer’s account, has skyrocketed since last year. According to Javelin Research’s annual "Identity Fraud Study: The Virtual Battleground" report, account takeover increased by 90% to an estimated $11.4 billion in 2021 when compared with 2020 — representing roughly one-quarter of all identity fraud losses last year.
Like many types of financial fraud, cyber thieves are betting on the fact that if they attempt to seize a large number of legitimate accounts, eventually they will get a payoff.
Account takeovers are a numbers game, the more accounts that an organisation has, the bigger their risk that some of them will be compromised.
Account takeovers often piggyback off of previous attacks, making these crimes a way for hackers to make the most out of stolen information. Diskin pointed out that account takeovers most commonly happen when a password is “taken from another data leak and reused for different accounts. But there are a variety of risky scenarios that can lead to compromise.”
Security Research Reveals 42% Rise in New Ransomware Programs In 2021
Critical infrastructure in the crosshairs: operational technology vulnerabilities jump 88% .
Threat intelligence analysts at Skybox Research Lab uncovered a 42% increase in new ransomware programs targeting known vulnerabilities in 2021. The Silicon Valley cyber security company released its annual 2022 Vulnerability and Threat Trends Report, revealing how quickly cyber criminals capitalise on new security weaknesses – shrinking the window that organisations have to remediate vulnerabilities ahead of an attack.
With 20,175 new vulnerabilities published in 2021, Skybox Research Lab witnessed the most vulnerabilities ever reported in a single year. And these new vulnerabilities are just the tip of the iceberg. The total number of vulnerabilities published over the last 10 years reached 166,938 in 2021 — a three-fold increase over a decade. These cumulative vulnerabilities, piling up year after year, represent an enormous aggregate risk, and they’ve left organisations struggling with a mountain of cyber security debt. As the US Cybersecurity and Infrastructure Security Agency (CISA) highlights in its Top Routinely Exploited Vulnerabilities list, threat actors are routinely exploiting publicly disclosed vulnerabilities from years past.
The sheer volume of accumulated risks — hundreds of thousands or even millions of vulnerability instances within organisations — means they can’t possibly patch all of them. To prevent cyber security incidents, it is critical to prioritise exposed vulnerabilities that could cause the most significant disruption, then, apply appropriate remediation options including configuration changes or network segmentation to eliminate risk, even before patches are applied or in cases where patches aren’t available.
Fraudsters Stole £58m with Remote Access Trojans (RATs) in 2021
2021 saw victims of Remote Access Tool (RAT) scams lose £58m in 2021, official UK police figures show.
RAT scams involve scammers taking control of a victim’s device, typically in order to access bank accounts.
Some 20,144 victims fell for this type of scam in 2021, averaging around £2800 stolen per incident.
Typically, RAT attacks begin with a victim being inundated with pop-ups claiming there is a problem with the computer. Users are often then asked to call a “hotline” number, when a scammer will persuade them to download a RAT.
RAT scams are often compared to the classic “tech support” scams. Modern RAT scams are typically more devious, however, with scammers often cold-calling their victims pretending to work for their bank and claiming that they need computer access to investigate a fraudulent transaction.
https://www.itsecurityguru.org/2022/04/11/fraudsters-stole-58m-with-rats-in-2021/
As State-Backed Cyber Threats Grow, Here's How the World Is Reacting
With the ongoing conflict in Eurasia, cyber warfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months.
Notably, cyber attacks backed by state actors are becoming prominent. There have been reports of a rise of ransomware and other malware attacks such as Cyclops Blink, HermeticWiper, and BlackCat. These target businesses as well as government institutions and nonprofit organisations. There have been cases of several attempts to shut down online communications and IT infrastructure.
The ongoing list of significant cyber incidents curated by the Center for Strategic and International Studies (CSIS) shows that the number of major incidents in January 2022 is 100% higher compared to the same period in the previous year. With the recent activities in cyberspace impacted by the emergence of the geopolitical tumult in February, it is not going to be surprising to see an even more dramatic rise in the number of significant incidents.
https://thehackernews.com/2022/04/as-state-backed-cyber-threats-grow.html
Q1 Reported Data Compromises Up 14% Over 2021
The Identity Theft Resource Center published a First Quarter 2022 Data Breach Analysis which found that Q1 of 2022 began with the highest number of publicly reported data compromises in the past three years.
Publicly reported data compromises totalled 404 through March 31, 2022, a 14 percent increase compared to Q1 2021.
This is the third consecutive year when the number of total data compromises increased compared to Q1 of the previous year. It also represents the highest number of Q1 data compromises since 2020.
https://informationsecuritybuzz.com/expert-comments/q1-reported-data-compromises-up-14-over-2021/
Europol Announces Operation to Hit Russian Sanctions-Evaders
European police have announced a major new operation designed to crack down on Russian oligarchs and businesses looking to circumvent sanctions.
Operation Oscar will run for at least a year as an umbrella initiative that will feature many separate investigations, Europol explained.
The policing organisation’s European Financial and Economic Crime Centre will work to exchange information and intelligence with partners and provide operational support in financial crime investigations.
A key focus appears to be on illicit flows of money, which Russian individuals and entities will be trying to move around the region in order to bypass sanctions imposed since President Putin’s invasion of Ukraine.
“Europol will centralise and analyse all information contributed under this operation to identify international links, criminal groups and suspects, as well as new criminal trends and patterns,” Europol said.
“Europol will further provide tailor-made analytical support to investigations, as well as operational coordination, forensics and technical expertise, and financial support to the relevant national authorities.”
https://www.infosecurity-magazine.com/news/europol-hit-russian/
Threats
Ransomware
Ransomware: These Two Gangs Are Behind Half of All Attacks | ZDNet
Don't Let Ransomware Gangs Spend Months in Your Network • The Register
Karakurt Data Thieves Linked to Larger Conti Hacking Group | CSO Online
Conti Ransomware Gang Claims Responsibility for The Nordex Hack - Security Affairs
OldGremlin Ransomware Gang Targets Russia with New Malware (bleepingcomputer.com)
Conti Ransomware Offshoot Targets Russian Organisations | Malwarebytes Labs
Other Social Engineering
FBI: Payment App Users Targeted in Social Engineering Attacks (bleepingcomputer.com)
These Hackers Pretend to Poach, Recruit Rival Bank Staff In New Cyber Attacks | ZDNet
Malware
Microsoft Sounds The Alarm Over New Cunning Windows Malware | TechRadar
Spring4Shell Under Active Exploit by Mirai Botnet Herders • The Register
Haskers Gang Gives Away ZingoStealer Malware to Other Cyber Criminals for Free (thehackernews.com)
Hackers Hijack Adult Websites to Infect Victims With Malware | TechRadar
Qbot Malware Switches To New Windows Installer Infection Vector (bleepingcomputer.com)
Windows 11 tool to Add Google Play Secretly Installed Malware (bleepingcomputer.com)
Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service (thehackernews.com)
Enemybot: a New Mirai, Gafgyt Hybrid Botnet Joins The Scene | ZDNet
Mobile
Android Banking Malware Intercepts Calls to Customer Support (bleepingcomputer.com)
How to Stop Octo Malware From Remotely Accessing Your Android (lifehacker.com)
IoT
New EnemyBot DDoS Botnet Recruits Routers and IoTs Into Its Army (bleepingcomputer.com)
3 Reasons Connected Devices are More Vulnerable than Ever (bleepingcomputer.com)
Data Breaches/Leaks
Organised Crime & Criminal Actors
New Industrial Spy Stolen Data Market Promoted Through Cracks, Adware (bleepingcomputer.com)
Google Files Suit Against Cameroonian Cyber Criminal Who Used Puppies as Lures - CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking
10 NFT and Cryptocurrency Security Risks That CISOs Must Navigate | CSO Online
A Practical Reason Why Crypto Might Not Work for Large-Scale Sanctions Evasion - CyberScoop
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Denial of Service DoS/DDoS
New Fodcha DDoS Botnet Targets Over 100 Victims Every Day (bleepingcomputer.com)
New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt (thehackernews.com)
Cloud
99% Of Cloud Identities Are Overly Permissive, Opening Door to Attackers | CSO Online
Top Attack Techniques for Breaching Enterprise And Cloud Environments - Help Net Security
Finding Attack Paths in Cloud Environments (thehackernews.com)
The Two Words You Should Never Forget When You’re Securing a Cloud - Help Net Security
Privacy
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Preparing for Armageddon: How Ukraine Battles Russian hackers | Ars Technica
Hackers Target Ukrainian Govt with IcedID Malware, Zimbra Exploits (bleepingcomputer.com)
Russia’s Sandworm Hackers Attempted a Third Blackout In Ukraine | Ars Technica
The Unceasing Action of Anonymous Against Russia - Security Affairs
European Officials Reportedly Targeted by NSO Spyware • The Register
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
Nation State Actors – North Korea
US Gov Believes Lazarus APT is Behind Ronin Validator Cyber Heist - Security Affairs
Feds Offer $5m Reward for Info on North Korean Cyber Crooks • The Register
FBI Links Largest Crypto Hack Ever to North Korean Hackers (bleepingcomputer.com)
Symantec: North Korea's Lazarus Targets Chemical Companies • The Register
Vulnerabilities
Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities (thehackernews.com)
Google Issues Third Emergency Fix For Chrome This Year • The Register
Critical HP Teradici PCoIP Flaws Impact 15 Million Endpoints (bleepingcomputer.com)
Critical Windows RPC Vulnerability Raises Alarm (techtarget.com)
VMware Workspace One Flaw Actively Exploited in The Wild (techtarget.com)
Adobe Patches Gaping Security Holes in Acrobat, Reader, Photoshop | SecurityWeek.Com
Cisco Vulnerability Lets Hackers Craft Their Own Login Credentials (bleepingcomputer.com)
Several Vulnerabilities Allow Disabling of Palo Alto Networks Products | SecurityWeek.Com
Cisco Patches Critical Vulnerability in Wireless LAN Controller | SecurityWeek.Com
Critical Flaw in Elementor WordPress Plugin May Affect 500k Sites (bleepingcomputer.com)
Critical Apache Struts RCE Vulnerability Wasn't Fully Fixed, Patch Now (bleepingcomputer.com)
Attackers Are Exploiting VMware RCE to Deliver Malware (CVE-2022-22954) - Help Net Security
These D-Link Routers Are Vulnerable To Remote Hacks And Should Be Retired Immediately | HotHardware
Upgrades for Spring Framework Have Stalled (darkreading.com)
Sector Specific
CNI, OT, ICS, IIoT and SCADA
CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks (darkreading.com)
Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED
New Malware Tools Pose 'Clear and Present Threat' to ICS Environments (darkreading.com)
US Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware (thehackernews.com)
Flaws in ABB Network Interface Modules Expose Industrial Systems to DoS Attacks | SecurityWeek.Com
Energy & Utilities
Reports Published in the Last Week
Other News
Singapore To License Infosec Service Providers • The Register
What Is the Cyber Kill Chain? A Model for Tracing Cyber Attacks | CSO Online
Cyber Defense: Prioritized By Real-World Threat Data - Help Net Security
The Cyber Criminal Isn’t Necessarily Who You Think… | Mind Matters
How Cryptocurrency Gave Birth to the Ransomware Epidemic (vice.com)
Dark Data Is a Pain Point For Many Security Leaders - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.