Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Preparedness Is Low Despite Executives’ Concerns

86.7% of C-suite and other executives say they expect the number of cyber attacks targeting their organisations to increase over the next 12 months, according to a recent poll conducted by researchers. While 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organisations over the next 12 months, only 33.3% say that their organisations have simulated ransomware attacks to prepare for such an incident. https://www.helpnetsecurity.com/2021/09/15/ransomware-preparedness/

MSPs That Cannot Modernize Will Find Themselves And Their Clients Falling Behind

Researchers sought feedback from IT professionals to explore the performance of modern (and not-so-modern) managed service providers (MSPs). The survey found that even satisfactory MSPs are falling short in certain key areas: cloud strategy, security, and IT spending. https://www.helpnetsecurity.com/2021/09/16/msps-falling-behind/

Two-Thirds Of Cloud Attacks Could Be Stopped By Checking Configurations, Research Finds

On Wednesday, researchers published its latest Cloud Security Threat Landscape report, spanning Q2 2020 through Q2 2021. According to the research, two out of three breached cloud environments observed by the tech giant "would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems." https://www.zdnet.com/article/two-thirds-of-cloud-attacks-could-be-stopped-by-checking-configurations-research-finds/

Open Source Software Cyber Attacks Increasing By 650%, Popular Projects More Vulnerable

Researchers released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. https://www.helpnetsecurity.com/2021/09/17/open-source-cyberattacks/

Third-Party Cloud Providers: Expanding The Attack Surface

In the era of digital transformation, which is essentially an organisation’s way of stating they are increasing their reliance on cloud-based services—enterprises’, digital landscapes are more interconnected than ever before. This means that the company you buy a technology function from may have downstream third-party providers that enable plumbing, infrastructure and development technology that drive their business. With modern computing environments moving further away from the enterprise, the safety assumption paradigm is shifting. This has impacted the threat landscape because as organisations increase migration to the cloud (a third party), they must now consider that these newly onboarded third parties may have serious security issues that could present adversaries with opportunities to infiltrate your network. https://www.helpnetsecurity.com/2021/09/13/third-party-cloud-providers/

Ransomware Encrypts South Africa's Entire Dept Of Justice Network

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online. https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/

2021’s Most Dangerous Software Weaknesses

Researchers recently updated a list of the top 25 most dangerous software bugs, and it’s little surprise that a number of them have been on that list for years. The Common Weakness Enumeration (CWE) list represents vulnerabilities that have been widely known for years, yet are still being coded into software and being bypassed by testing. Both developers and testers presumably know better by now, but keep making the same mistakes in building applications. https://threatpost.com/2021-angerous-software-weaknesses/169458/

46% Of All On-Prem Databases Are Vulnerable To Attack, Breaches Expected To Grow

A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ severity, aligned with guidelines from the National Institute of Standards and Technology (NIST). This indicates that many organisations are not prioritizing the security of their data and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years. https://www.helpnetsecurity.com/2021/09/15/on-prem-databases-vulnerable/

Most Fortune 500 Companies’ External IT Infrastructure Considered At Risk

Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organisation, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, as research reveal. https://www.helpnetsecurity.com/2021/09/15/external-it-infrastructure-risk/

Thousands Of Internet-Connected Databases Contain High Or Critical Vulnerabilities

After spending five years poring over port scan results, researchers reckon there's about 12,000 vulnerability-containing databases accessible through the internet. The study also found that of the 46 per cent of 27,000 databases scanned, just over half that number contained "high" or "critical" vulns as defined by their CVE score. https://www.theregister.com/2021/09/14/imperva_12k_database_vuln_report/

Only 30% Of Enterprises Use Cloud Services With End to End Encryption For External File Sharing

A recent study of enterprise IT security decision makers conducted by researchers shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. https://www.helpnetsecurity.com/2021/09/13/external-file-sharing/

Threats

Ransomware

• The State Of Ransomware: National Emergencies And Million-Dollar Blackmail

• Ransomware Attackers Targeted App Developers With Malicious Office Docs, Says Microsoft

• Microsoft: Windows MSHTML Bug Now Exploited By Ransomware Gangs

• Ransomware Gang Threatens To Wipe Decryption Key If Negotiator Hired

• US General In Charge Of Cyber Security Pledges ‘Surge’ To Address Ransomware Attacks

• Technology Giant Olympus Hit By BlackMatter Ransomware

• Ransomware: A Market Problem Deserves A Market Solution

• REvil Ransomware Is Back In Full Attack Mode And Leaking Data

• Ransomware-Hit Law Firm Secures High Court Judgment Against Unknown Criminals

• Ransomware Encrypts South Africa's Entire Dept Of Justice Network

BEC

• Romance, BEC Scams Lands Soldier In Jail For 46 Months

Phishing

• The Top Keywords Used In Phishing Email Subject Lines

• Banks Confront New Type Of Phishing: 'Salami' Attacks

• Malware Attack On Aviation Sector Uncovered After Going Unnoticed For 2 Years

• Phishers Impersonate US DOT To Target Contractors After Senate Passed $1 Trillion Infrastructure Bill

Other Social Engineering

• Brits Open Doors For Tech-Enabled Fraudsters Because They 'Don't Want To Seem Rude'

• Scammers In Russia Offer Free Bitcoin On A Hacked Government Website

• FBI: $113 Million Lost To Online Romance Scams This Year

Malware

• Attackers Use Crypto Mining Malware to Target Organisations

• New Zloader attacks disable Windows Defender to evade detection

Mobile

• Cyber Security Expert: Israeli Spyware Company NSO Group Poses ‘A Serious Threat To Phone Users’

• This US Company Sold iPhone Hacking Tools To UAE Spies

• After The T-Mobile Breach, Companies Are Preventing Customers From Securing Their Accounts

IOT

• IOT Device Attacks Double In The First Half Of 2021, And Remote Work May Shoulder Some Of The Blame

• Smart TVs Are Everywhere But Many Remain Unprotected

Vulnerabilities

• Microsoft September 2021 Patch Tuesday Fixes 2 Zero-Days, 60 Flaws

• Pair of Google Chrome Zero-Day Bugs Actively Exploited

• HP Omen Hub Exposes Millions of Gamers To Cyber Attack

• Third Critical Bug Affects Netgear Smart Switches — Details And PoC Released

• Patch Now! PrintNightmare Over, MSHTML Fixed, A New Horror Appears … OMIGOD

• No Patch For High-Severity Bug In Legacy IBM System X Servers

• Experts Warn About Vulnerabilities of U.S. GPS System To Cyber Terrorists

• Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

• Apple Patches An NSO Zero-Day Flaw Affecting All Devices

• AMD CPU Driver Bug Can Break KASLR, Expose Passwords

Data Breaches/Leaks

• Over 60 Million Wearable, Fitness Tracking Records Exposed Via Unsecured Database

• Hackers Leak Passwords For 500,000 Fortinet VPN Accounts

• Stolen Credentials Led To Data Theft At United Nations

Organised Crime & Criminal Actors

• Telegram Emerges As New Dark Web For Cyber Criminals

• Russia Is Fully Capable Of Shutting Down Cyber Crime

• Criminal Hacking Is on the Rise. Microsoft’s President Says This Is How to Fight It

Cryptocurrency/Cryptojacking

• US Will Reportedly Impose Crypto Sanctions Amid Ransomware Attacks

DoS/DDoS

• Powerful Botnet Found To Be Launching Some Of The Biggest DDoS Attacks Ever

Nation State Actors

• Years-Long Attack By Chinese-Linked APT Groups Discovered By McAfee

• UK, US And Australia Launch Pact To Counter China

Cloud

• Misconfigured APIs Account for Two-Thirds of Cloud Breaches

• Zero Trust Requires Cloud Data Security With Integrated Continuous Endpoint Risk Assessment

Other News

• Facebook Says It Will Step Up Efforts To Stop Coordinated Campaigns That Cause Harm

• Healthcare Cyber Security: How To Prevent The Compromise Of Patient Records?

• Security Experts Predict A Global AI-Related Cyber Attack Before Year-End

• Japan Is Belatedly Recognising The Risks Of Cyber War

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.