Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Organisations Lack Basic Cyber Hygiene Despite High Confidence In Their Cyber Defences

A new report released this week analysed IT security leaders’ perceived threat of ransomware attacks and the maturity of their cyber security defences. The report found that while 81% of those surveyed consider their security to be above average or exceptional, many lack basic cyber hygiene – 41% lack a password complexity requirement, one of the cheapest, easiest forms of protection, and only 55.6% have implemented multi-factor authentication (MFA). https://www.helpnetsecurity.com/2021/10/21/organizations-cyber-hygiene/

83% Of Ransomware Victims Paid Ransom

A new survey of 300 US-based IT decision-makers found that 64% have been victims of a ransomware attack in the last 12 months, and 83% of those attack victims paid the ransom demand.

Cybersecurity company ThycoticCentrify released its "2021 State of Ransomware Survey & Report" on Tuesday, featuring the insights of IT leaders who have dealt with ransomware attacks over the last year. https://www.zdnet.com/article/83-of-ransomware-victims-paid-ransom-survey/

Ransomware Affected 72% Of Organisations In Past Year

72% of organisations were affected by ransomware at least once within the past twelve months, with 18% impacted more than six times in the past year. Organizations of all sizes were affected nearly to the same extent, with the exception of those with more than 25,000 employees. https://venturebeat.com/2021/10/20/report-ransomware-affected-72-of-organizations-in-past-year/

Ransomware: Looking For Weaknesses In Your Own Network Is Key To Stopping Attacks

Ransomware is a major cybersecurity threat to organisations around the world, but it's possible to reduce the impact of an attack if you have a thorough understanding of your own network and the correct protections are in place.

While the best form of defence is to stop ransomware infiltrating the network in the first place, thinking about how the network is put together can help slow down or stop the spread of an attack, even if the intruders have successfully breached the perimeter. https://www.zdnet.com/article/ransomware-looking-for-weaknesses-in-your-own-network-is-key-to-stopping-attacks/

A Hacker Warns: Give Up Trying To Keep Me Out — And Focus On Your Data

There is a misconceived notion that the security arena is a battlefield. It is not. It is a chess board and requires foresight and calculated pawn placement to protect the king — your data. If your main focus lies on keeping hackers out of your environment, then it’s already check mate. Your mission should be to buy time, slow hackers down and ultimately contain an attack.

Businesses must therefore make it as hard as possible for adversaries to exploit the relationships that allow them to move laterally through the corporate network. They can do this by distrusting anyone within their data’s environment and repeatedly corroborating that all users are who they say they are, and that they act like it too. That last part is crucial, because while identities are easy to compromise and imitate, behaviours are not. https://www.ft.com/content/93cec8b6-3fe9-4e9e-800a-62e13a0e2eac

Cyber Risk Trends Driving The Surge In Ransomware Incidents

During the COVID-19 crisis, another outbreak took place in the cyber space: a digital pandemic driven by ransomware. In a recent report, Allianz Global Corporate & Specialty (AGCS) analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices

The increasing frequency and severity of ransomware incidents is driven by several factors:

·         Growing number of different attack patterns such as double and triple extortion campaigns

·         Criminal business model around ‘ransomware as a service’ and cryptocurrencies

·         Recent skyrocketing of ransom demands

·         Rise of supply chain attacks.

Not all attacks are targeted. Criminals also adopt a scattergun approach to exploit those businesses that aren’t addressing or understanding the vulnerabilities they may have. Businesses must understand the need to strengthen their controls.

Cyber intrusion activity globally jumped 125% in the first half of 2021 compared to the previous year, according to Accenture, with ransomware and extortion operations one of the major contributors behind this increase. According to the FBI, there was a 62% increase in ransomware incidents in the US in the same period that followed an increase of 20% for the full year 2020. https://www.helpnetsecurity.com/2021/10/18/five-ransomware-trends/

US Ransomware Victims Paid $600 Million to Hackers in 1H of 2021

US Ransomware victims coughed up nearly $600 million to cyber hijackers in the first six months of 2021, further stamping cyber extortionists as an “increasing threat” to the U.S. financial, business and public sectors, a recent report released by the Treasury Department said.

Data gathered by the Financial Crimes Enforcement Network (FinCEN) derived from financial institutions’ Suspicious Activity Reports (SARs) revealed that the 635 reports filed for the first six months of this year is already 30 percent greater than the 487 filed for all of last year. Some 458 financial transitions have been reported as of June 30, 2021 with the total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 amounting to $590 million, or 42 percent more than the $416 million filed for all of 2020. https://www.msspalert.com/cybersecurity-research/victims-paid-600-millon-1h-2021/

Hacking Group Created Fake Cyber Security Companies To Hire Experts And Involve Them In Ransomware Attacks Tricking Them Of Conducting A Pentest

The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang is creating fake cyber security companies that hire experts requesting them to carry out pen testing attacks under the guise of pentesting activities.

FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces.

One of the companies created by the cyber criminal organizations with this purpose is Combi Security, but researchers from Gemini Advisory discovered other similar organizations by analyzing the site of another fake cybersecurity company named Bastion Security. https://securityaffairs.co/wordpress/123673/cyber-crime/fin7-fake-cybersecurity-firm.html

Nearly Three-Quarters of Organisations Victimized by DNS Attacks in Past 12 Months

Domain name system (DNS) attacks are impacting organizations at worrisome rates. According to a new survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Among those targeted, 61% have seen multiple attacks and 11% said they have been victimized regularly. While one-third of respondents recovered within minutes, 58% saw their businesses disrupted for more than an hour, and 14% took several hours to recover. https://www.darkreading.com/attacks-breaches/nearly-three-quarters-of-organizations-victimized-by-dns-attacks-in-past-12-months

Cyber Crime Matures As Hackers Are Forced To Work Smarter

An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.

Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide.

One key finding of the study is that the level of security on office software, web services, email platforms, etc., is getting better, browser vulnerabilities have reduced in numbers, and websites are not as easy to compromise and use as infection vectors today.

This has resulted in making web infections too difficult to pursue for non-sophisticated threat groups.

The case is similar with vulnerabilities, which are fewer and more expensive to discover.

Instead, hacking groups are waiting for a PoC or patch to be released, and then use that information to create their own exploits. https://www.bleepingcomputer.com/news/security/cybercrime-matures-as-hackers-are-forced-to-work-smarter/

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts

Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder.

That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting the video platform with cookie theft malware. The actors behind the infiltration have been attributed to a group of hackers recruited in a Russian-speaking forum. https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html

Threats

Ransomware

• 2021 Ransomware Transactions Already Exceed 2020 Numbers, Treasury Department Says - CyberScoop

• Ransomware: US Financial Institutions Report Major Increase In Payments To Cybercriminals - CNNpolitics

• DarkSide Ransomware Rushes To Cash Out $7 Million In Bitcoin (Bleepingcomputer.Com)

• Gigabyte Allegedly Hit by AvosLocker Ransomware | Threatpost

• Evil Corp Demands $40 Million In New Macaw Ransomware Attacks (Bleepingcomputer.com)

• Olympus US Hack Tied To Sanctioned Russian Ransomware Group | Techcrunch

• 81% of UK Healthcare Organizations Hit by Ransomware in Last Year - Infosecurity Magazine

BEC

• BEC Attacks: Scammers' Latest Tricks - Help Net Security

• Palo Alto Warns of BEC-As-A-Service | ZDNet

Phishing

• This Monster Of A Phishing Campaign Is After Your Passwords | ZDNet

Malware

• Cyber Criminals Have Found A Way To Get Their Malware Certified By Microsoft | Techradar

• Watch Out: ‘Squid Game’ Malware Hits Google Play As Hundreds Of Unofficial Apps Flood Store (forbes.com)

• Minecraft Declared The Most Malware-Infected Game (Hackread.Com)

Mobile

• Experts Hacked A Fully Patched iOS 15 Running On iPhone 13 At Tianfu Cup - Security Affairs

Vulnerabilities

• Update Now! Chrome Fixes More Security Issues - Malwarebytes Labs

• Patch PowerShell Now, Microsoft Tells Admins | TechRadar

• A Flaw In WinRAR Could Lead To Remote Code Execution - Security Affairs

• Injection Vulnerabilities In Popular WordPress Plugin Could Expose Credentials, Allow Admin Access | The Daily Swig (Portswigger.Net)

• SQL Is The Top Critical Risk In The Web Application Layer In Q3, 2021 - IT Security Guru

Data Breaches/Leaks

• Data Scrapers Expose 2.6 Million Instagram and TikTok Users - Infosecurity Magazine

Organised Crime & Criminal Actors

• Criminals Use Fake AI Voice To Swindle UAE Bank Out Of $35m • The Register

Insider Threats

• Most Employees Believe Backing Up Company Data Is Not Their Problem - Help Net Security

Dark Web

• The Dark Web Has Become Darker And Busier, Cyber Crime Services Cost Less Than $500 | Techspot

• Increased Activity Surrounding Stolen Data On The Dark Web - Help Net Security

• The Truth About The Dark Web's Secret Red Rooms (grunge.com)

Supply Chain

• Supply Chain Cybersecurity Breaches Have Hit Alarming Percentage Of Firms: Survey | Fox Business

OT, ICS, IIoT and SCADA

• Shared Responsibility Key to Protecting Critical Infrastructure - Infosecurity Magazine

Nation State Actors

• State-Backed Hackers Breach Telcos With Custom Malware (Bleepingcomputer.Com)

• Suspected Chinese Hackers Behind Attacks On Ten Israeli Hospitals (Bleepingcomputer.Com)

Cloud

• Russian Cyber-Criminals Switch to Cloud - Infosecurity Magazine

Privacy

• Over 80% of Brits Deluged with Scam Calls and Texts - Infosecurity Magazine

• How mobile devices can be tracked via Bluetooth analysis • The Register

• Brave Ditches Google For Its Own Privacy-Centric Search Engine (Bleepingcomputer.Com)

• A Massive ‘Stalkerware’ Leak Puts The Phone Data Of Thousands At Risk | Techcrunch

Reports Published in the Last Week

• Ransomware Report: State of Ransomware Survey & Report (thycotic.com)

Other News

• The Simmering Cybersecurity Risk of Employee Burnout (darkreading.com)

• Acer Hacked Twice In A Week By The Same Threat Actor (Bleepingcomputer.Com)

• Threat Actors Abusing Discord to Spread Malware - Infosecurity Magazine

• Mysterious Hacking Group Is Quietly Breaking Into Global Telecommunications Networks, Research Finds | Sky News

• Hacker Steals Government Id Database For Argentina's Entire Population - The Record By Recorded Future

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Preparedness Is Low Despite Executives’ Concerns

86.7% of C-suite and other executives say they expect the number of cyber attacks targeting their organisations to increase over the next 12 months, according to a recent poll conducted by researchers. While 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organisations over the next 12 months, only 33.3% say that their organisations have simulated ransomware attacks to prepare for such an incident. https://www.helpnetsecurity.com/2021/09/15/ransomware-preparedness/

MSPs That Cannot Modernize Will Find Themselves And Their Clients Falling Behind

Researchers sought feedback from IT professionals to explore the performance of modern (and not-so-modern) managed service providers (MSPs). The survey found that even satisfactory MSPs are falling short in certain key areas: cloud strategy, security, and IT spending. https://www.helpnetsecurity.com/2021/09/16/msps-falling-behind/

Two-Thirds Of Cloud Attacks Could Be Stopped By Checking Configurations, Research Finds

On Wednesday, researchers published its latest Cloud Security Threat Landscape report, spanning Q2 2020 through Q2 2021. According to the research, two out of three breached cloud environments observed by the tech giant "would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems." https://www.zdnet.com/article/two-thirds-of-cloud-attacks-could-be-stopped-by-checking-configurations-research-finds/

Open Source Software Cyber Attacks Increasing By 650%, Popular Projects More Vulnerable

Researchers released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. https://www.helpnetsecurity.com/2021/09/17/open-source-cyberattacks/

Third-Party Cloud Providers: Expanding The Attack Surface

In the era of digital transformation, which is essentially an organisation’s way of stating they are increasing their reliance on cloud-based services—enterprises’, digital landscapes are more interconnected than ever before. This means that the company you buy a technology function from may have downstream third-party providers that enable plumbing, infrastructure and development technology that drive their business. With modern computing environments moving further away from the enterprise, the safety assumption paradigm is shifting. This has impacted the threat landscape because as organisations increase migration to the cloud (a third party), they must now consider that these newly onboarded third parties may have serious security issues that could present adversaries with opportunities to infiltrate your network. https://www.helpnetsecurity.com/2021/09/13/third-party-cloud-providers/

Ransomware Encrypts South Africa's Entire Dept Of Justice Network

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online. https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/

2021’s Most Dangerous Software Weaknesses

Researchers recently updated a list of the top 25 most dangerous software bugs, and it’s little surprise that a number of them have been on that list for years. The Common Weakness Enumeration (CWE) list represents vulnerabilities that have been widely known for years, yet are still being coded into software and being bypassed by testing. Both developers and testers presumably know better by now, but keep making the same mistakes in building applications. https://threatpost.com/2021-angerous-software-weaknesses/169458/

46% Of All On-Prem Databases Are Vulnerable To Attack, Breaches Expected To Grow

A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ severity, aligned with guidelines from the National Institute of Standards and Technology (NIST). This indicates that many organisations are not prioritizing the security of their data and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years. https://www.helpnetsecurity.com/2021/09/15/on-prem-databases-vulnerable/

Most Fortune 500 Companies’ External IT Infrastructure Considered At Risk

Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organisation, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, as research reveal. https://www.helpnetsecurity.com/2021/09/15/external-it-infrastructure-risk/

Thousands Of Internet-Connected Databases Contain High Or Critical Vulnerabilities

After spending five years poring over port scan results, researchers reckon there's about 12,000 vulnerability-containing databases accessible through the internet. The study also found that of the 46 per cent of 27,000 databases scanned, just over half that number contained "high" or "critical" vulns as defined by their CVE score. https://www.theregister.com/2021/09/14/imperva_12k_database_vuln_report/

Only 30% Of Enterprises Use Cloud Services With End to End Encryption For External File Sharing

A recent study of enterprise IT security decision makers conducted by researchers shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. https://www.helpnetsecurity.com/2021/09/13/external-file-sharing/

Threats

Ransomware

• The State Of Ransomware: National Emergencies And Million-Dollar Blackmail

• Ransomware Attackers Targeted App Developers With Malicious Office Docs, Says Microsoft

• Microsoft: Windows MSHTML Bug Now Exploited By Ransomware Gangs

• Ransomware Gang Threatens To Wipe Decryption Key If Negotiator Hired

• US General In Charge Of Cyber Security Pledges ‘Surge’ To Address Ransomware Attacks

• Technology Giant Olympus Hit By BlackMatter Ransomware

• Ransomware: A Market Problem Deserves A Market Solution

• REvil Ransomware Is Back In Full Attack Mode And Leaking Data

• Ransomware-Hit Law Firm Secures High Court Judgment Against Unknown Criminals

• Ransomware Encrypts South Africa's Entire Dept Of Justice Network

BEC

• Romance, BEC Scams Lands Soldier In Jail For 46 Months

Phishing

• The Top Keywords Used In Phishing Email Subject Lines

• Banks Confront New Type Of Phishing: 'Salami' Attacks

• Malware Attack On Aviation Sector Uncovered After Going Unnoticed For 2 Years

• Phishers Impersonate US DOT To Target Contractors After Senate Passed $1 Trillion Infrastructure Bill

Other Social Engineering

• Brits Open Doors For Tech-Enabled Fraudsters Because They 'Don't Want To Seem Rude'

• Scammers In Russia Offer Free Bitcoin On A Hacked Government Website

• FBI: $113 Million Lost To Online Romance Scams This Year

Malware

• Attackers Use Crypto Mining Malware to Target Organisations

• New Zloader attacks disable Windows Defender to evade detection

Mobile

• Cyber Security Expert: Israeli Spyware Company NSO Group Poses ‘A Serious Threat To Phone Users’

• This US Company Sold iPhone Hacking Tools To UAE Spies

• After The T-Mobile Breach, Companies Are Preventing Customers From Securing Their Accounts

IOT

• IOT Device Attacks Double In The First Half Of 2021, And Remote Work May Shoulder Some Of The Blame

• Smart TVs Are Everywhere But Many Remain Unprotected

Vulnerabilities

• Microsoft September 2021 Patch Tuesday Fixes 2 Zero-Days, 60 Flaws

• Pair of Google Chrome Zero-Day Bugs Actively Exploited

• HP Omen Hub Exposes Millions of Gamers To Cyber Attack

• Third Critical Bug Affects Netgear Smart Switches — Details And PoC Released

• Patch Now! PrintNightmare Over, MSHTML Fixed, A New Horror Appears … OMIGOD

• No Patch For High-Severity Bug In Legacy IBM System X Servers

• Experts Warn About Vulnerabilities of U.S. GPS System To Cyber Terrorists

• Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

• Apple Patches An NSO Zero-Day Flaw Affecting All Devices

• AMD CPU Driver Bug Can Break KASLR, Expose Passwords

Data Breaches/Leaks

• Over 60 Million Wearable, Fitness Tracking Records Exposed Via Unsecured Database

• Hackers Leak Passwords For 500,000 Fortinet VPN Accounts

• Stolen Credentials Led To Data Theft At United Nations

Organised Crime & Criminal Actors

• Telegram Emerges As New Dark Web For Cyber Criminals

• Russia Is Fully Capable Of Shutting Down Cyber Crime

• Criminal Hacking Is on the Rise. Microsoft’s President Says This Is How to Fight It

Cryptocurrency/Cryptojacking

• US Will Reportedly Impose Crypto Sanctions Amid Ransomware Attacks

DoS/DDoS

• Powerful Botnet Found To Be Launching Some Of The Biggest DDoS Attacks Ever

Nation State Actors

• Years-Long Attack By Chinese-Linked APT Groups Discovered By McAfee

• UK, US And Australia Launch Pact To Counter China

Cloud

• Misconfigured APIs Account for Two-Thirds of Cloud Breaches

• Zero Trust Requires Cloud Data Security With Integrated Continuous Endpoint Risk Assessment

Other News

• Facebook Says It Will Step Up Efforts To Stop Coordinated Campaigns That Cause Harm

• Healthcare Cyber Security: How To Prevent The Compromise Of Patient Records?

• Security Experts Predict A Global AI-Related Cyber Attack Before Year-End

• Japan Is Belatedly Recognising The Risks Of Cyber War

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.