Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 31 March 2023

Black Arrow Cyber Threat Briefing 31 March 2023:

-Phishing Emails Up a Whopping 569% in 2022

-The End User Password Mistakes Putting Your Organisation at Risk

-Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse

-71% of Employees Keep Work Passwords on Personal Devices

-Cyber Crime Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe

-Security Flaws Cost Fifth of Executive’s Businesses

-Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats

-Only 10% of Workers Remember All Their Cyber Security Training

-Silence Gets You Nowhere in a Data Breach

-Just 1% of Cloud Permissions are Actively Used

-Dangerous Misconceptions About Emerging Cyber Threats

-‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Phishing Emails Up a Whopping 569% in 2022

The volume of phishing emails sent in 2022 spiked by a jaw-dropping 569% according to a new report. Based on data from 35 million users, the report details the astronomical rise of email phishing as a tactic among threat actors in 2022. Key findings from the report include the number of credential phishing emails sent spiked by 478% and, for the eighth consecutive year, business email compromise (BEC) ranked as the top cyber crime.

https://www.darkreading.com/attacks-breaches/phishing-emails-up-whopping-569-percent-2022

  • The End User Password Mistakes Putting Your Organisation at Risk

Businesses rely on their end users, but those same users often don't follow the best security practices. Without the right password security policies, a single end user password mistake can be a costly breach of your organisation's defences. End users want to do their work quickly and efficiently, but sharing, reusing and weak passwords can put your organisation at risk so having the right policies in place is essential for security.

https://www.bleepingcomputer.com/news/security/the-end-user-password-mistakes-putting-your-organization-at-risk/

  • Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse

The risk score for the average company worsened in the past year as companies fail to adapt to data exfiltration techniques and adequately protect web applications. Companies' effective data-exfiltration risk increased to 44 out of 100 (with 100 indicating the riskiest posture) in 2022, from an average score of 30 in the previous year, indicating that the overall risk of data being compromised has increased. That's according to rankings by Cymulate, who crunched data on 1.7 million hours of offensive cyber security testing. The research noted that while many companies are improving the adoption of strict network and group policies, attackers are adapting to sidestep such protections. They also found that four of the top-10 CVEs (known vulnerabilities) identified in customer environments were more than two years old.

https://www.darkreading.com/cloud/millions-pen-tests-companies-security-posture-getting-worse

  • 71% of Employees Keep Work Passwords on Personal Devices

71% of employees store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work, according to a new mobile bring your own device (BYOD) security report this week, with the report also suggesting 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps. With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information. The use of personal devices and personal apps was the direct cause of many high-profile corporate breaches and this is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals as threat actors know there are fewer security controls on personal mobile devices than on corporate ones.

https://www.infosecurity-magazine.com/news/70-employees-keep-work-passwords/

  • Cyber Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe

More than a year into the war in Ukraine, hackers have extended the cyber battleground to Eastern and Northern Europe with the number of incidents in those geographies spiking noticeably. A new report shows that cyber warfare inside the conflict has “clearly moved on” from the beginnings of the war. Over the last 12 months, the research reports that the majority of incidents only affecting Ukraine in the first quarter of 2022 (50.4%) sank to 28.6% in the third period. But European Union countries have seen a spike in incidents related to the war in the past six months from 9.8% to 46.5%. Indeed, the number of attacks on EU countries in the third quarter of 2022 totalled just slightly less than those in the Ukraine. And, in the first quarter of this year, more than 80% of incidents occurred inside the European Union. Cyber is now a crucial weapon in the arsenal of new instruments of war, alongside disinformation, manipulation of public opinion, economic warfare, sabotage and guerrilla tactics. With the lateralisation of the conflict from Ukraine to the rest of Europe, Western Europe should be wary of possible attacks on critical infrastructure in the short term if the conflict continues to accelerate.

https://www.msspalert.com/cybersecurity-research/cybercrime-front-lines-in-russia-ukraine-war-move-to-eastern-and-northern-europe/

  • Security Flaws Cost Fifth of Executives New Business

Boards continue to under-appreciate the value of cyber security to the business, despite acknowledging its critical role in winning new business and talent, according to Trend Micro. The security giant polled 2,718 business decision makers globally to compile its Risky Rewards study and it found that half (51%) believe cyber security is a necessary cost but not a revenue contributor. 48% argue that its value is limited to threat prevention and two-fifths (38%) see security as a barrier rather than a business enabler. That’s despite a fifth (19%) acknowledging that poor security posture has already impacted their ability to win new business, and 57% thinking there is a strong connection between cyber and client acquisition.

 https://www.infosecurity-magazine.com/news/fifth-execs-security-flaws-cost/

  • Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats

Insider risk is emerging as one of the most challenging threats for organisations to detect, mitigate and manage, Code42 Software said in its annual Data Exposure Report for 2023. To compile data for the study they surveyed some 700 cyber security leaders, managers and practitioners and whilst more than 72% of companies indicated they have an insider risk management (IRM) program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%. 71% of respondees expect data loss from insider events to increase in the next 12 months. Insider incidents are costing organisations $16 million per incident on average, and chief information security officers (CISOs) say that insider risks are the most challenging type of threat to detect. Data loss from insiders is not a new problem but it has become more complex with workforce turnover and cloud adoption.

https://www.msspalert.com/cybersecurity-research/companies-struggle-to-build-and-run-effective-programs-to-protect-data-from-insider-threats/

  • Only 10% of Workers Remember All Their Cyber Security Training

New research has found that only 10% of workers remember all their cyber security training. Furthermore, only half of employees are undergoing regular training, and a quarter aren’t receiving any training at all. Organisations should look to carry out effective and regular training that is tailored to their employees to increase the chance of training content being retained, with a programme of ongoing continual reinforcement.

https://www.itsecurityguru.org/2023/03/30/only-10-of-workers-remember-all-their-cyber-security-training/

  • Silence Gets You Nowhere in a Data Breach

In cyber security, the phrase “what they don’t know won’t hurt them” is not only wrong, it’s dangerous. Despite this, it’s a motto that remains in many organisations’ PR playbooks, as demonstrated by the recent LastPass and Fortra data breaches. Smaller companies, too, are employing a silent-treatment approach to data breaches, and cyber attacks are now a fact of doing business with almost half of US organisations having suffered a cyber attack in 2022. Attackers are increasingly targeting smaller businesses due to the fact they are seen as easier targets than large companies.

 https://techcrunch.com/2023/03/29/silence-gets-you-nowhere-in-a-data-breach/

  • Just 1% of Cloud Permissions are Actively Used

According to Microsoft, a surge in workload identities, super admins and “over-permissioning” is driving the increase in cyber risk for organisations. Just 1% of users are using the permissions granted to them for day-to-day work. Worryingly, this leaves a significant number of unnecessary permissions which could be used by an attacker to elevate their privileges.

https://www.infosecurity-magazine.com/news/just-1-of-cloud-permissions-used/

  • Dangerous Misconceptions About Emerging Cyber Threats

Organisations are leaving common attack paths exposed in their quest to combat emergent threats, according to a new report that delves into the efficacy of different security controls, the most concerning threats as tested by organisations worldwide, and top cyber security best practices for 2023. One of the key findings of the report is that many organisations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats, and whilst this is good, it should not take away from assessing threats and exposures that are more likely actively targeting the business.

https://www.helpnetsecurity.com/2023/03/30/misconceptions-emerging-cyber-threats/  

  • ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns

Europol has warned that criminals are set to take advantage of artificial intelligence to commit fraud and other crimes. Europol highlighted that ChatGPT could be used to speed up criminal research, impersonate speech styles for phishing and write code. Furthermore, despite ChatGPT having safeguards, Europol note that these can be circumvented.

https://www.securityweek.com/grim-criminal-abuse-of-chatgpt-is-coming-europol-warns/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Shadow IT

Identity and Access Management

Encryption

API

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Backup and Recovery

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 March 2023

Black Arrow Cyber Threat Briefing 10 March 2023:

-Business Email Compromise Attacks Can Take Just Hours

-Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks

-Just 10% of Firms Can Resolve Cloud Threats in an Hour

-MSPs in the Crosshair of Ransomware Gangs

-Stolen Credentials Increasingly Empower the Cyber Crime Underground

-It’s Time to Assess the Potential Dangers of an Increasingly Connected World

-Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards

-Developers Leaked 10m Credentials Including Passwords in 2022

-Cyber Threat Detections Surges 55% In 2022

-European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks

-Employees Are Feeding Sensitive Business Data to ChatGPT

-Is Ransomware Declining? Not So Fast Experts Say

-Preventing Corporate Data Breaches Starts With Remembering That Leaks Have Real Victims

-Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up

-Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Business Email Compromise Attacks Can Take Just Hours

Microsoft’s security intelligence team found that Business Email Compromise (BEC) attacks are moving rapidly, with some taking mere minutes. Microsoft found the whole process, from signing in using compromised credentials to registering typo squatting domains and hijacking an email thread, took threat actors only a couple of hours. Such a rapid attack leaves minimal time for organisations to identify and take preventative action. This is worrying when considering the cost of BEC is predicted to more than tens of billions.

https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attacks-can-take-just-hours/

Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks

In a report of over 800 million breached passwords, vendor Specops identified some worrying results. Some of the key findings from the report include 88% of passwords used in successful attacks consisting of 12 characters or less and the most common base terms used in passwords involving ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’. The report found that 83% of the compromised passwords satisfied both the length and complexity requirements of cyber security compliance standards such as NIST, GDPR, HIPAA and Cyber Essentials.

https://www.itsecurityguru.org/2023/03/08/research-reveals-password-still-the-most-common-term-used-by-hackers-to-breach-enterprise-networks/

Just 10% of Firms Can Resolve Cloud Threats in an Hour

Two-thirds (39%) of global organisations reported a surge in breaches over the past year, with IT complexity increasing and detection and response capabilities worsening, according to Palo Alto Networks. It found that as enterprises move more of their data and workloads to the cloud, they’re finding it increasingly difficult to discover and remediate incidents quickly. Over two-fifths (42%) reported an increase in mean time to remediate, while 90% said they are unable to detect, contain and resolve cyber-threats within an hour. Nearly a third (30%) reported a major increase in intrusion attempts and unplanned downtime. Part of the challenge appears to be the complexity of their cloud security environments – partly caused by tool bloat.

https://www.infosecurity-magazine.com/news/10-firms-resolve-cloud-threats-hour/

MSPs in the Crosshairs of Ransomware Gangs

Many attacks have heightened attention around third-party risk and the security obligations of MSPs in meeting multiple customers’ IT needs. Attacks such as the ones on RackSpace and LastPass show that some ransomware actors are now intentionally targeting MSPs to access sensitive customer data. It is now believed that some advanced persistent threat (APT) groups could be stepping up their attacks on MSP’s in order to gain sensitive customer data.

https://www.msspalert.com/cybersecurity-research/msps-in-the-crosshairs-of-ransomware-gangs/

Stolen Credentials Increasingly Empower the Cyber Crime Underground

Threat Intelligence provider Flashpoint found that last year threat actors exposed or stole 22.62 billion credentials and personal records, which often make their way to underground forums and cyber criminal markets. This follows a significant increase in market activity; just last year Flashpoint recorded 190 new illicit markets emerge and the continual rise in attacks focused on stealing credentials only further empowers cyber crime underground.

https://www.csoonline.com/article/3690409/stolen-credentials-increasingly-empower-the-cybercrime-underground.html#tk.rss_news

It’s Time to Assess the Potential Dangers of an Increasingly Connected World

As global conflicts continue, cyber has become the fifth front of warfare. The world is approaching 50 billion connected devices, controlling everything from our traffic lights to our nuclear arsenal and we have already seen large-scale cyber attacks. Adding to this, a multitude of infrastructure runs on services ran by a handful of companies; Palo Alto Networks, Cisco and Fortinet control more than 50% of the market for security appliances. As such, an attack on one of these companies could cause a huge ripple effect on their customers.

https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-

Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards

According to the International Monetary Fund (IMF) 64% of banks and supervisory authorities do not mandate testing and exercising cyber security and 54% lack dedicated a cyber incident reporting regime. This increases the risk of experiencing a cyber attack. Regularly testing and exercising security will aid any organisation in its cyber resilience.

https://www.imf.org/en/Blogs/Articles/2023/03/02/mounting-cyber-threats-mean-financial-firms-urgently-need-better-safeguards

Insider Threat: Developers Leaked 10m Credentials Including Passwords in 2022

Security provider GitGuardian found that the rate at which developers leaked critical software secrets jumped by 0.5 to reach 5.5 out of every 1,000 commits to GitHub repositories; overall, this amounted to at least 10 million instances of secrets leaking to a public repository. Generic passwords accounted for the majority of leaked secrets (56%) and more than a third (38%) of leaks involved API keys, random number generator seeds and other sensitive strings. These leaks can have worrying consequences for organisations.

https://www.darkreading.com/application-security/inside-threat-developers-leaked-10m-credentials-passwords-2022

Cyber Threat Detections Surges 55% In 2022

Security Provider Trend Micro has said that it stopped 146 billion cyber threats in 2022, a 55% increase on the previous year and evidence of the increase of attacks ramping up. Trend Micro also found a 242% increase in the number of blocked malicious files and an 86% increase in backdoor malware detections with the latter showing an increase in attackers gaining initial access. Furthermore, the number of critical vulnerabilities in 2022 doubled compared to the previous year. Trend Micro noted that this is all likely due to an ever expanding attack surface of organisations.

https://www.infosecurity-magazine.com/news/cyberthreat-detections-surge-55/

European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks

The European Central Bank (ECB) will ask all major lenders in the Eurozone to detail by next year, how they would respond to and recover from a successful cyber attack. The ECB is in the process of designing a scenario involving a theoretical breach of the financial system’s cyber defences, which will be sent to all of the 111 banks it assesses to see how they would react. The stress test stems from the increasing amount of cyber attacks. If cyber has shown us anything, it’s that anyone can be a target and performing a stress test would help any organisation prepare for the worst.

https://www.ft.com/content/f03d68a4-fdb9-4312-bda3-3157d369a4a6

Employees Are Feeding Sensitive Business Data to ChatGPT

1 in 20 employees have put sensitive corporate data into popular AI tool ChatGPT, raising concerns that this could result in massive leaks of proprietary information. In some cases, this has involved employees cutting and pasting strategic documents and asking ChatGPT to make a PowerPoint.

https://www.darkreading.com/risk/employees-feeding-sensitive-business-data-chatgpt-raising-security-fears

Is Ransomware Declining? Not So Fast Experts Say

Security provider CrowdStrike have explained that the perceived decline in ransomware reflects the abilities of threat actors to adapt, splinter and regroup against defensive measures. CrowdStrike expand on this, stating that whilst ransom payments dipped slightly in 2022, there was an uprise in data extortion and ransomware as a service (RaaS).

https://www.techtarget.com/searchsecurity/news/365532201/Is-ransomware-declining-Not-so-fast-experts-say

Preventing Corporate Data Breaches Starts with Remembering that Leaks have Real Victims

The impact a data breach can have on an individual is devastating and ultimately there’s not much an individual can do themselves if the organisation that holds their data isn’t taking the right steps. To best protect themselves and their clients’ data, organisations should look to have appropriate defence in depth controls, including effective asset management, an open security culture, close monitoring of access, utilising strong authentication and maintaining an awareness of the ever changing threat landscape.

https://www.helpnetsecurity.com/2023/03/07/preventing-corporate-data-breaches/

Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up

In a recent report Proofpoint found that globally 76% of organisations experienced ransomware attempts, with 64% eventually infected. Amongst those that had a cyber insurance policy, 82% of insurers stepped up to pay the ransom either in full or partially. The report found that with the rise in number and sophistication of attacks it is more important than ever for proper security training and awareness in organisations.

https://www.zdnet.com/article/faced-with-likelihood-of-ransomware-attacks-businesses-still-choosing-to-pay-up/

Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled

A report by the Information and Communications Technology Council (ICTC) found that 1 in 6 cyber security jobs are unfulfilled and this is only expected to grow in the coming years. The ICTC stated that “This is not just about education or government funding, but about companies willing to provide hands-on training and experience to the next generation of cyber security experts”.

https://www.theglobeandmail.com/business/careers/article-experts-see-growing-need-for-cybersecurity-workers-as-one-in-six-jobs/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Attack Surface Management

Asset Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 February 2023

Black Arrow Cyber Threat Briefing 17 February 2023:

-High Risk Users May be Few, but the Threat They Pose is Huge

-The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

-Cyber Attacks Worldwide Increased to an All-Time Record Breaking High

-Most Organisations Make Cyber Security Decisions Without Insights

-Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

-Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

-Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

-EU Countries Told to Step up Defence Against State Hackers

-Cyber Criminals Exploit Fear and Urgency to Trick Consumers

-How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

-Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

-5 Biggest Risks of Using Third Party Managed Service Providers

-Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • High Risk Users May be Few, but the Threat They Pose is Huge

High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.

https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/

  • The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.

https://fortune.com/2023/02/15/cost-cybersecurity-insurance-soaring-state-backed-attacks-cover-shmulik-yehezkel/

  • Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows

According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.

https://www.msspalert.com/cybersecurity-research/cyberattacks-worldwide-increased-to-an-all-time-high-check-point-research-reveals/

  • Most Organisations Make Cyber Security Decisions Without Insights

A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.

https://www.msspalert.com/cybersecurity-research/mandiant-report-most-organizations-make-cybersecurity-decisions-without-insights/

  • Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities.  A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.

https://venturebeat.com/security/ransomware-attackers-finding-new-ways-to-weaponize-old-vulnerabilities/

  • Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.

https://www.msspalert.com/cybersecurity-research/are-c-suite-executives-fluent-in-it-security-speak-five-reasons-why-the-communication-gap-is-wider-than-you-think/

  • Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.

https://www.infosecurity-magazine.com/news/bec-groups-multilingual/

  • EU Countries Told to Step up Defence Against State Hackers

European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.

https://www.reuters.com/world/europe/eu-countries-told-step-up-defence-against-state-hackers-2023-02-14/

  • Cyber Criminals Exploit Fear and Urgency to Trick Consumers

Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.

https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/

  • How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.

https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/

  • Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.

https://www.computerweekly.com/news/365531158/Russian-spear-phishing-campaign-escalates-efforts-toward-critical-UK-US-and-European-targets

  • 5 Biggest Risks of Using Third Party Managed Service Providers

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.

https://www.csoonline.com/article/3687812/5-major-risks-third-party-services-may-bring-along-with-them.html#tk.rss_news

  • Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.

https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Attack Surface Management

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Backup and Recovery

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 February 2023

Black Arrow Cyber Threat Briefing 10 February 2023:

-Companies Banned from Paying Hackers After Attacks on Royal Mail and Guardian

-Fraud Set to Be Upgraded as a Threat to National Security

-98% of Attacks are Not Reported by Employees to their Employers

-UK Second Most Targeted Nation Behind America for Ransomware

-Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

-An Email Attack Can End Up Costing You Over $1 Million

-Cyber Crime Shows No Signs of Slowing Down

-Surge of Swatting Attacks Targets Corporate Executive and Board Members

-Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

-Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

-Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

-PayPal and Twitter Abused in Turkey Relief Donation Scams

-Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian

British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.

UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.

Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.

The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.

https://www.telegraph.co.uk/business/2023/02/09/companies-banned-paying-hackers-attacks-royal-mail-guardian/

  • Fraud Set to Be Upgraded as a Threat to National Security

Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.

It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.

It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.

https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/

  • 98% of Attacks are Not Reported by Employees to their Employers

Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.

https://www.msspalert.com/cybersecurity-research/employees-fail-to-report-98-of-email-cyber-hacks-to-security-teams-study-finds/

  • UK Second Most Targeted Nation Behind America for Ransomware

Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.

https://www.itsecurityguru.org/2023/02/07/uk-second-most-targeted-nation-behind-america-for-ransomware/

  • Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.

https://www.darkreading.com/attacks-breaches/financial-institutions-are-suffering-from-increasingly-sophisticated-cyberattacks-according-to-contrast-security

  • An Email Attack Can End Up Costing You Over $1 Million

According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.

https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/

  • Cyber Crime Shows No Signs of Slowing Down

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.

https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down

  • Surge of Swatting Attacks Targets Corporate Executive and Board Members

Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.

https://www.csoonline.com/article/3687177/surge-of-swatting-attacks-targets-corporate-executives-and-board-members.html#tk.rss_news

  • Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.

https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead

  • Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.

https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks

  • Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.

https://www.cnbc.com/2023/02/04/crypto-investors-lost-nearly-4-billion-dollars-to-hackers-in-2022.html

  • PayPal and Twitter Abused in Turkey Relief Donation Scams

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.

https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/

  • Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.

https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Identity and Access Management

Encryption

API

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Malvertising

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 20 January 2023

Black Arrow Cyber Threat Briefing 20 January 2023:

-Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'

-Cost of Data Breaches to Global Businesses at Five-Year High

-European Data Protection Authorities Issue Record €2.92 Billion In GDPR Fines, an Increase of 168%

-PayPal Accounts Breached in Large-Scale Credential Stuffing Attack

-Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack

-Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program

-EU Cyber Resilience Regulation Could Translate into Millions in Fines

-Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes

-New Report Reveals CISOs Rising Influence

-ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks

-Mailchimp Discloses a New Security Breach, the Second One in 6 Months

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'

As economic and geopolitical instability spills into the new year, experts predict that 2023 will be a consequential year for cyber security. The developments, they say, will include an expanded threat landscape and increasingly sophisticated cyber attacks.

"There's a gathering cyber storm," Sadie Creese, a Professor of Cyber Security at the University of Oxford, said during an interview at the World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. "This storm is brewing, and it's really hard to anticipate just how bad that will be."

Already, cyber attacks such as phishing, ransomware and distributed denial-of-service (DDoS) attacks are on the rise. Cloudflare, a major US cyber security firm that provides protection services for over 30% of Fortune 500 companies, found that DDoS attacks—which entail overwhelming a server with a flood of traffic to disrupt a network or webpage—increased last year by 79% year-over-year.

"There's been an enormous amount of insecurity around the world," Matthew Prince, the CEO of Cloudflare, stated during the Annual Meeting. "I think 2023 is going to be a busy year in terms of cyber attacks."

https://www.weforum.org/agenda/2023/01/cybersecurity-storm-2023-experts-davos23/

  • Cost of Data Breaches to Global Businesses at Five-Year High

Research from business insurer Hiscox shows that the cost of dealing with cyber events for businesses has more than tripled since 2018. The study, which collated data from the organisation’s previous five annual Cyber Readiness reports, has revealed that:

  • Since 2018 the median IT budgets for cyber security more than tripled.

  • Between 2020 and 2022 cyber-attacks increased by over a quarter.

  • Businesses are increasing their cyber security budgets year-on-year.

In the Hiscox 2022 Cyber Readiness report, the financial toll of cyber incidents, including data breaches, was estimated to be $16,950 (£15,265) on average. As the cost of cyber crime grew, so did organisations’ cyber security budgets – average spending on cyber security tripled from 2018 to 2022, rocketing from $1,470,196 (£1,323,973) to $5,235,162 (£4,714,482).

Hiscox has also revealed that half of all companies surveyed suffered at least one cyber attack in 2022, up 11% from 2020. Financial Services, as well as Technology, Media and Telecom (TMT) sectors even reported a minimum of one attack for three consecutive years. Financial Services firms, however, seemed to be hit the hardest, with 66% reporting being impacted by cyber attacks in 2021-2022.

Cyber risk has risen to the same strategic level as traditional financial and operational risks, thanks to a growing realisation by businesses that the impact can be just as severe.

https://www.itsecurityguru.org/2023/01/18/cost-of-data-breaches-to-global-businesses-at-five-year-high/

  • European Data Protection Authorities Issue Record €2.92 Billion in GDPR Fines, an Increase of 168%

European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That’s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year’s biggest fine of €405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for alleged failures to protect children’s personal data. The Irish DPC also fined Meta €265 million for failing to comply with the GDPR obligation for Data Protection by Design and Default. Both fines are currently under appeal.

Despite the overall increase in fines since January 28, 2022, the fine of €746 million that Luxembourg authorities levied against Amazon last year remains the biggest to be issued by an EU-based data regulator to date (though the retail giant is still believed to be appealing).

The report also revealed a notable increase in focus by supervisory authorities on the use of artificial intelligence (AI), while the volume of data breaches reported to regulators decreased slightly against the previous year’s total.

https://www.csoonline.com/article/3685789/european-data-protection-authorities-issue-record-2-92-billion-in-gdpr-fines.html#tk.rss_news

  • PayPal Accounts Breached in Large-Scale Credential Stuffing Attack

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.

Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites. This type of attack relies on an automated approach with bots running lists of credentials to "stuff" into login portals for various services. Credential stuffing targets users that employ the same password for multiple online accounts, which is known as "password recycling."

PayPal explains that the credential stuffing attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time but also started an internal investigation to find out how the hackers obtained access to the accounts. By December 20, 2022, PayPal concluded its investigation, confirming that unauthorised third parties logged into the accounts with valid credentials. The electronic payments platform claims that this was not due to a breach on its systems and has no evidence that the user credentials were obtained directly from them.

According to the data breach reporting from PayPal, 34,942 of its users have been impacted by the incident. During the two days, hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers. Transaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.

https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/

  • Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack

Royal Mail’s chief executive faced questions from MPs last week over the Russia-linked ransomware attack that caused international deliveries to grind to a halt.

Simon Thompson, chief executive of Royal Mail, was asked about the recent cyber attack when he appeared before the Commons Business Select Committee to discuss Royal Mail’s response to the cyber attack at the evidence session on Tuesday Jan 17.

A Royal Mail spokesman said: “Royal Mail has been subject to a cyber incident that is affecting our international export service. We are focused on restoring this service as soon as we are able.”

Royal Mail was forced to suspend all outbound international post after machines used for printing customs dockets were disabled by the Russia-linked Lockbit cyber crime gang. Lockbit’s attackers used ransomware, malicious software that scrambles vital computer files before the gang demands payment to unlock them again. The software also took over printers at Royal Mail’s international sorting offices and caused ransom notes to “spout” from them, according to reports.

Cyber security industry sources cautioned that while Lockbit is known to be Russian in origin, it is not known whether a stolen copy of the gang’s signature ransomware had been deployed by rival hackers.

https://www.telegraph.co.uk/business/2023/01/13/royal-mail-boss-face-mps-questions-russian-ransomware-attack/

  • Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program

Ensuring risk caused by third parties does not occur to your organisation is becoming increasingly difficult. Every business outsources some aspects of its operations, and ensuring these external entities are a strength and not a weakness isn’t always a straightforward process.

In the coming years we’ll see organisations dedicate more time and resources to developing detailed standards and assessments for potential third-party vendors. Not only will this help to mitigate risk within their supply chain network, it will also provide better security.

As demand for third-party risk management (TPRM) grows, there are key reasons why we believe 2023 could be pivotal for the future of your organisation’s TPRM program, cyber risk being principal amongst them.

Forrester predicted that 60% of security incidents in 2022 would stem from third parties. In 2021 there was a 300% increase in supply chain attacks, a trend that has continued to increase over the past 12 months also. For example, Japanese car manufacturer Toyota was forced to completely shut down its operations due to a security breach with a third-party plastics supplier.

It’s not only the frequency of third-party attacks that has increased, but also the methods that cyber criminals are using are becoming increasingly sophisticated. For example, the SolarWinds cyber breach in 2020 was so advanced that Microsoft estimated it took over a thousand engineers to stop the impact of the attack.

As the sophistication and frequency of supply chain attacks increases, the impact they have on businesses reputations and valuations is also becoming apparent. There is a need for organisations to conduct thorough due diligence of the third parties they choose to work with, otherwise the consequences could be disastrous.

Remember always that cyber security should be a non-negotiable feature of all business transactions.

https://informationsecuritybuzz.com/third-party-risk-management-why-2023-could-be-the-perfect-time-to-overhaul-your-tprm-program/

  • EU Cyber Resilience Regulation Could Translate into Millions in Fines

The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures require special protection.

According to the European Union, there is currently a ransomware attack every eleven seconds. In the last few weeks alone, among others, a leading German children’s food manufacturer and a global Tier1 automotive supplier headquartered in Germany were hit, with the latter becoming the victim of a massive ransomware attack. Such an attack even led to insolvency at the German manufacturer Prophete in January 2023. To press manufacturers, distributors and importers into action, they face significant penalties if security vulnerabilities in devices are discovered and not properly reported and closed.

“The pressure on the industry – manufacturers, distributors and importers – is growing immensely. The EU will implement this regulation without compromise, even though there are still some work packages to be done, for example regarding local country authorities,” says Jan Wendenburg, CEO, ONEKEY.

The financial fines for affected manufacturers and distributors are therefore severe: up to 15 million euros or 2.5 percent of global annual revenues in the past fiscal year – the larger number counts. “This makes it absolutely clear: there will be substantial penalties on manufacturers if the requirements are not implemented,” Wendenburg continues.

Manufacturers, distributors and importers are required to notify ENISA – the European Union’s cyber security agency – within 24 hours if a security vulnerability in one of their products is exploited. Exceeding the notification deadlines is already subject to sanctions.

https://www.helpnetsecurity.com/2023/01/19/eu-cyber-resilience-regulation-fines/

  • Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes

Russian cyber-criminals have been observed on dark web forums trying to bypass OpenAI’s API restrictions to gain access to the ChatGPT chatbot for nefarious purposes.

Various individuals have been observed, for instance, discussing how to use stolen payment cards to pay for upgraded users on OpenAI (thus circumventing the limitations of free accounts). Others have created blog posts on how to bypass the geo controls of OpenAI, and others still have created tutorials explaining how to use semi-legal online SMS services to register to ChatGPT.

“Generally, there are a lot of tutorials in Russian semi-legal online SMS services on how to use it to register to ChatGPT, and we have examples that it is already being used,” wrote Check Point Research (CPR). “It is not extremely difficult to bypass OpenAI’s restricting measures for specific countries to access ChatGPT,” said Check Point. “Right now, we are seeing Russian hackers already discussing and checking how to get past the geofencing to use ChatGPT for their malicious purposes.”

They added that they believe these hackers are most likely trying to implement and test ChatGPT in their day-to-day criminal operations. “Cyber-criminals are growing more and more interested in ChatGPT because the AI technology behind it can make a hacker more cost-efficient,” they explained.

Case in point, just last week, Check Point Research published a separate advisory highlighting how threat actors had already created malicious tools using ChatGPT. These included infostealers, multi-layer encryption tools and dark web marketplace scripts.

More generally, the cyber security firm is not the only one believing ChatGPT could democratise cyber crime, with various experts warning that the AI bot could be used by potential cyber-criminals to teach them how to create attacks and even write ransomware.

https://www.infosecurity-magazine.com/news/russian-hackers-to-bypass-chatgpt/

  • New Report Reveals CISOs Rising Influence

Cyber security firm Coalfire this week unveiled its second annual State of CISO Influence report, which explores the expanding influence of Chief Information Security Officers (CISOs) and other security leaders.

The report revealed that the CISO role is maturing quickly, and the position is experiencing more equity in the boardroom. In the last year alone, there was a 10-point uptick in CISOs doing monthly reporting to the board. These positive outcomes likely stem from the increasingly metrics-driven reporting CISOs provide, where data is more effectively leveraged to connect security outcomes to business objectives.

An especially promising development in this year's report is how security teams are being looped into corporate projects. Of the security leaders surveyed, 78% say they are consulted early in project development when business objectives are first identified, and two-thirds are now making presentations to the highest levels of enterprise authority. 56% of CISOs present security metrics to their CEOs, up from 43% in 2021.

Cloud migration was universally identified as one of those top business objectives. The move to the cloud saddles CISOs with many challenges. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing, and new compliance requirements — all within constrained budgets. In fact, 43% of security leaders said their budgets remained static or were reduced following business migration to the cloud.

Given these challenges, leading CISOs are transforming their approaches. To address multiple cloud compliance requirements, security leaders are focusing on the most onerous set of rules and creating separate environments for different requirements. Risk assessments were identified as the key tool used to secure funding for these and other cyber initiatives and to set top priorities.

"Costs and risks are up, while at the same time, cyber budgets are trending flat or down," said Colefire. "Cyber security has historically been lower in priority for organisations, but we are witnessing a big shift in enterprise cyber expectations. CISOs are rising to meet those expectations, speaking to the business, and as a result, solidifying their role in the C-suite."

https://www.darkreading.com/threat-intelligence/new-coalfire-report-reveals-cisos-rising-influence

  • ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks

As a form of OpenAI technology, ChatGPT has the ability to mimic natural language and human interaction with remarkable efficiency. However, from a cyber security perspective, this also means it can be used in a variety of ways to lower the bar for threat actors.

One key method is the ability for ChatGPT to draft cunning phishing emails en masse. By feeding ChatGPT with minimal information, it can create content and entire emails that will lure unsuspecting victims to provide their passwords. With the right API setup, thousands of unique, tailored, and sophisticated phishing emails can be sent almost simultaneously.

Another interesting capability of ChatGPT is the ability to write malicious code. While OpenAI has put some controls in place to prevent ChatGPT from creating malware, it is possible to convince ChatGPT to create ransomware and other forms of malware as code that can be copied and pasted into an integrated development environment (IDE) and used to compile actual malware. ChatGPT can also be used to identify vulnerabilities in code segments and reverse engineer applications.

ChatGPT will expedite a trend that is already wreaking havoc across sectors – lowering the bar for less sophisticated threat actors, enabling them to conduct attacks while evading security controls and bypassing advanced detection mechanisms. And currently, there is not much that organisations can do about it. ChatGPT represents a technological marvel that will usher in a new era, not just for the cyber security space.

https://www.calcalistech.com/ctechnews/article/sj0lfp11oi

  • Mailchimp Discloses a New Security Breach, the Second One in 6 Months

The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company; the incident exposed the data of 133 customers.

Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool.

“On January 11, the Mailchimp Security team identified an unauthorised actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.” reads the notice published by the company. “Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts.”

The malicious activity was discovered on January 11, 2023; in response to the intrusion the company temporarily suspended access for impacted accounts. The company also notified the primary contacts for all affected accounts less than 24 hours after the initial discovery.

https://securityaffairs.com/140997/data-breach/mailchimp-security-breach.html


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine


Nation State Actors

Nation State Actors – Russia

Nation State Actors – North Korea

Nation State Actors – Iran

Nation State Actors – Misc


Vulnerability Management

Vulnerabilities



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 14 October 2022

Black Arrow Cyber Threat Briefing 14 October 2022:

-Ransomware Report: Most Organisations Unprepared for an Attack, Lack Incident Playbook, Research Finds

-LinkedIn Scams, Fake Instagram Accounts Hit Businesses, Execs

-Study Highlights Surge in Identity Theft and Phishing Attacks

-Increase in Cyber Liability Insurance Claims as Cyber Crime Skyrockets

-UK Government Urges Action to Enhance Supply Chain Security

-For Most Companies Ransomware Is the Scariest Of All Cyber Attacks

-EDR Is Not a Silver Bullet

-Attackers Use Automation to Speed from Exploit to Compromise

-Rising Premiums, More Restricted Cyber Insurance Coverage Poses Big Risk for Companies

-Why CISO Roles Require Business and Technology Savvy

-Wi-Fi Spy Drones Used to Snoop on Financial Firm

-Magniber Ransomware Attacking Individuals and Home Users

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Ransomware Report: Most Organisations Unprepared for an Attack, Lack Incident Playbook, Research Finds

Some organisations have made significant improvements to their ransomware readiness profile in the last year, Axio said in a newly released report. However, a lack of fundamental cyber security practices and controls, inadequate vulnerability patching and employee training continues to leave ransomware defences lacking in potency.

Axio’s report reveals that only 30% of organisations have a ransomware-specific playbook for incident management in place. In 2021’s report Axio, maker of a cloud-based cyber management software platform, identified seven key areas emerged where organisations were deficient in implementing and sustaining basic cyber security practices.

The same patterns showed up in the 2022 report:

  • Managing privileged access.

  • Improving basic cyber hygiene.

  • Reducing exposure to supply chain and third-party risk.

  • Monitoring and defending networks.

  • Managing ransomware incidents.

  • Identifying and addressing vulnerabilities in a timely manner.

  • Improving cyber security training and awareness.

Overall, most organisations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include:

  • The number of organisations with a functional privileged access management solution in place increased by 10% but remains low at 33% overall.

  • Limitations on the use of service and local administrator accounts remain average overall, with nearly 50% of organisations reporting implementing these practices.

  • Approximately 40% of organisations monitor third-party network access, evaluate third-party cyber security posture, and limit the use of third-party software.

  • Less than 50% of respondents implement basic network segmentation and only 40% monitor for anomalous connections.

  • Critical vulnerability patching within 24 hours was reported by only 24% of organisations.

  • Active phishing training has improved but is still not practiced by 40% of organisations.

https://www.msspalert.com/cybersecurity-research/most-organizations-unprepared-for-ransomware-attack-lack-incident-playbook-axio-reports/

  • LinkedIn Scams, Fake Instagram Accounts Hit Businesses, Execs

Business owners with public social media accounts are easy targets for scammers who lift information to create fake accounts. The arduous process for removing fraudulent accounts leaves victims frustrated and vulnerable to further data privacy issues. Victims say platform providers, particularly Facebook and Instagram, must improve their responses to reports of fraud.

Impersonation of a brand or executive contributed to more than 40% of all phishing and social media incidents in the second quarter, according to the Agari and Phish Labs Quarterly Threat Trends and Intelligence Report released in August. Q2 marks the second quarter that impersonation attacks have represented the majority of threats, despite a 6.1% decrease from Q1.

Executive impersonation has been on the rise over the past four quarters — representing more than 15% of attacks, according to the report — as impersonating a corporate figure or company on social media is simple and effective for threat actors.

Thom Singer, CEO for the Austin Technology Council and a public speaker, was recently impersonated on Instagram. A scammer created a fake Instagram account with his name and photos, creating a handle with an extra "r" at the end of Singer. That account appeared to amass over 2,300 followers – nearly as many as Singer's own account – lending to its appearance of authenticity.

He learned of the fake account from a contact who texted to ask if he'd reached out on Instagram, which wasn't a channel Singer typically uses to communicate. Singer reported the fraudulent account using the platform's report button and asked his followers to do the same.

"You can't reach anyone at these platforms, so it takes days to get a fake account removed," Singer said. "These social media sites have no liability, nothing to lose when fraud is happening. They need to up their game and have a better process to get [fraud] handled in a timely manner."

https://www.techtarget.com/searchsecurity/feature/LinkedIn-scams-fake-Instagram-accounts-hit-businesses-execs

  • Study Highlights Surge in Identity Theft and Phishing Attacks

A new study from behavioural risk firm CybSafe and the National Cybersecurity Alliance (NCA) has been launched and it highlights an alarming surge in phishing and identity theft attacks.

The report, titled ‘Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors report’, studied the opinions of 3,000 individuals across the US, the UK and Canada towards cyber security and revealed that nearly half (45%) of users are connected to the internet all the time, however, this has led to a surge in identity theft with almost 1 in 4 people being affected by the attack.

Furthermore, 1 in 3 (36%) respondents revealed they have lost money or data due to a phishing attack. Yet the study also revealed that 70% of respondents feel confident in their ability to identify a malicious email, but only 45% will confirm the authenticity of a suspicious email by reaching out to the apparent sender.

When it comes to implementing cyber security best practices, only 33% of respondents revealed they use a unique password for important online accounts, while only 16% utilise passwords of over 12 characters in length. Furthermore, only 18% of participants have downloaded a stand-alone password manager, while 43% of respondents have not even heard of multi-factor authentication.

https://www.itsecurityguru.org/2022/10/12/study-highlights-surge-in-identity-theft-and-phishing-attacks/

  • Increase in Cyber Liability Insurance Claims as Cyber Crime Skyrockets

A cyber insurer, Acuity Insurance, is reporting an increased need for cyber liability insurance across both personal and business policyholders. From June 2021 to June 2022, the insurer saw cyber liability insurance claims on its commercial insurance policies increase by more than 50%. For personal policies, they saw more than a 90% increase in cyber claims being reported in 2021 compared with 2020.

Our lives, homes and businesses are more connected than ever before. Being connected leads to a greater risk of cyber attacks, which aren't covered under standard homeowners or business insurance policies.

The insurance experts caution that everyone is at risk — whether you are a small business owner or an individual — as cyber attacks continue to pose a serious financial threat. From 2019 to 2021, cyber attacks were up 50% from the previous year, according to recent research. Wire fraud and gift card scams are two of the most common types of cyber attacks impacting both businesses and individuals.

Scams involving social engineering are some of the easiest to fall for, as fraudsters exploit a person's trust to obtain money or personal information, which can then be used for unauthorised withdrawals of money. Cyber insurance can protect you from financial loss caused by wire transfer fraud, phishing attacks, cyber extortion, cyberbullying and more, Acuity reported.

While all cyber crimes have a financial impact, fraudulent wire transfers often come with greater losses. Banks are typically not responsible for funds lost as a result of a fraudulent wire transfer inadvertently authorised by the customer. Whether it's a wrongful money transfer by a business or an individual, cyber insurance can help mitigate some of the financial loss caused by these scams.

https://www.darkreading.com/attacks-breaches/acuity-reports-increase-in-cyber-liability-insurance-claims-as-cybercrime-skyrockets

  • UK Government Urges Action to Enhance Supply Chain Security

The UK government has warned organisations to take steps to strengthen their supply chain security.

New National Cyber Security Centre (NCSC) guidance has been issued amid a significant increase in supply chain attacks in recent years, such as the SolarWinds incident in 2020. The NCSC cited official government data showing that just over one in 10 businesses review the risks posed by their immediate suppliers (13%), while the proportion covering the wider supply chain is just 7%.

Aimed at medium-to-large organisations, the document sets out practical steps to better assess cyber security across increasingly complex supply chains. This includes a description of typical supplier relationships and ways that organisations are exposed to vulnerabilities and cyber-attacks via the supply chain, and the expected outcomes and key steps needed to assess suppliers’ approaches to security.

The new guidance followed a government response to a call for views last year which highlighted the need for further advice. Supply chain attacks are a major cyber threat facing organisations and incidents can have a profound, long-lasting impact on businesses and customers. With incidents on the rise, it is vital organisations work with their suppliers to identify supply chain risks and ensure appropriate security measures are in place.

https://www.infosecurity-magazine.com/news/uk-government-supply-chain-security/

  • For Most Companies Ransomware Is the Scariest Of All Cyber Attacks

SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyber attacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

“No one is safe from cyber attacks — businesses or individuals,” said SonicWall Executive Chairman of the Board Bill Conner. “Today’s business landscape requires persistent digital trust to exist. Supply-chain attacks have dramatically changed the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before.

“It’s likely we’ll see continued acceleration and evolution of ransomware tactics, as well as other advanced persistent threats (APTs), as cyber crime continues to scale the globe seeking both valuable and weak targets.”

Companies are not only losing millions of dollars to unending malware and ransomware strikes, but cyber attacks on essential infrastructure are impacting real-world services. Despite the growing concern of cyber attacks, organisations are struggling to keep pace with the fast-moving threat landscape as they orient their business, networks, data and employees against unwavering cyber attacks.

“The evolving cyber threat landscape has made us train our staff significantly more,” said Stafford Fields, IT Director, Cavett Turner & Wyble. “It’s made us spend more on cyber security. And what scares me is that an end-user can click on something and bring all our systems down — despite being well protected.”

https://www.helpnetsecurity.com/2022/10/12/customers-concerned-ransomware/

  • EDR Is Not a Silver Bullet

Old lore held that shooting a werewolf, vampire, or even just your average nasty villain with a silver bullet was a sure-fire takedown: one hit, no more bad guy.

As cyber security professionals, we understand – much like folks in the Old West knew – that there are no panaceas, no actual silver bullets. Yet humans gravitate towards simple solutions to complex challenges, and we are constantly (if unconsciously) seeking silver bullet technology.

Endpoint Detection and Response (EDR) tools have become Standard Operating Procedures for cyber security regimes. They are every CIO’s starting point, and there’s nothing wrong with this. In a recent study by Cymulate of over one million tests conducted by customers in 2021, the most popular testing vector was EDR.

Yet cyber security stakeholders should not assume that EDR is a silver bullet. The fact is that EDR’s efficacy and protective prowess as a standalone solution has been slowly diminished over the decade since the term was first coined by Gartner. Even as it became a mainstay of enterprise and SMB/SME security posture – attacks have skyrocketed in frequency, severity, and success. Today, EDR is facing some of its greatest challenges, including threats laser-targeting EDR systems like the highly-successful Grandoiero banking trojan.

While EDR should not be your only line of defence against advanced threats, including it in a defence solution array is paramount. It should be installed on all organisational servers – including Linux-based ones. Yet installation is not enough. Your organisation is at significant risk if the underlying OS and EDR are not both implemented and fine-tuned.

https://www.helpnetsecurity.com/2022/10/11/edr-is-not-a-silver-bullet/

  • Attackers Use Automation to Speed from Exploit to Compromise

A report from Laceworks examines the cloud security threat landscape over the past three months and unveils the new techniques and avenues cyber criminals are exploiting for profit at the expense of businesses. In this latest edition, the Lacework Labs team found a significantly more sophisticated attacker landscape, with an increase in attacks against core networking and virtualisation software, and an unprecedented increase in the speed of attacks following a compromise. Key trends and threats identified include:

  • Increased speed from exposure to compromise: Attackers are advancing to keep pace with cloud adoption and response time. Many classes of attacks are now fully automated to capitalise on timing. Additionally, one of the most common targets is credential leakage. In a specific example from the report, a leaked AWS access key was caught and flagged by AWS in record time. Despite the limited exposure, an unknown adversary was able to log in and launch tens of GPU EC2 instances, underscoring just how quickly attackers can take advantage of a single simple mistake.

  • Increased focus on infrastructure, specifically attacks against core networking and virtualisation software: Commonly deployed core networking and related infrastructure consistently remains a key target for adversaries. Core flaws in infrastructure often appear suddenly and are shared openly online, creating opportunities for attackers of all kinds to exploit these potential targets.

  • Continued Log4j reconnaissance and exploitation: Nearly a year after the initial exploit, the Lacework Labs team is still commonly observing vulnerable software targeted via OAST requests. Analysis of Project Discovery (interact.sh) activity revealed Cloudflare and DigitalOcean as the top originators.

https://www.darkreading.com/cloud/attackers-use-automation-to-speed-from-exploit-to-compromise-according-to-lacework-labs-cloud-threat-report

  • Rising Premiums, More Restricted Cyber Insurance Coverage Poses Big Risk for Companies

Among the many consequences of the rising number of costly data breaches, ransomware, and other security attacks are pricier premiums for cyber security insurance. The rise in costs could put many organisations out of the running for this essential coverage, a risky proposition given the current threat landscape.

Cyber insurance is a type of specialty insurance that protects organisations against a variety of risks related to information security attacks such as ransomware and data breaches. Ordinarily, these types of risks aren’t included with traditional commercial general liability policies or are not specifically defined in these insurance plans.

Given the rise in attacks, the growing sophistication of these incidents and the potential financial impact, having cyber insurance coverage has become critical for many organisations. Premiums for these plans have been on the rise because of the increase in security-related losses and rising demand for coverage.

Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 compared with the fourth quarter of 2021, according to the Council of Insurance Agents & Brokers (CIAB), an association for commercial insurance and employee benefits intermediaries.

Among the primary drivers for the continued price increases were a reduced carrier appetite for the risk and high demand for coverage, CIAB said. The high demand for cyber coverage is in part fueled by greater awareness among companies of the threat cyber risk poses for businesses of all sizes, it said.

https://www.cnbc.com/2022/10/11/companies-are-finding-it-harder-to-get-cyber-insurance-.html

  • Why CISO Roles Require Business and Technology Savvy

Listening and communicating to both the technical and business sides is critical to successfully leading IT teams and business leaders to the same end-goal.

Of all the crazy postings that advertise for CISO jobs, the one asking for a CISO to code in Python was probably the most outrageous example of the disconnect about a CISO’s role, says Joe Head, CISO search director at UK-based search firm, Intaso. This was a few years ago, and one can only guess that the role had been created by a technologist who didn’t care about or didn’t understand the business — or, inversely by a businessperson who didn’t understand enough about technology.

In either case, the disconnect is real. However, Head and other experts say that when it comes to achieving the true, executive role and reporting to the CEO and board, business skills rule. That doesn’t mean, however, that most CISOs know nothing about technology, because most still start out with technology backgrounds.

In the 2022 CISO survey by executive placement firm, Heidrick & Struggles, most CISOs come from a functional IT background that reflects the issues of the time. For example, in 2022 10% of CISOs came from software engineering backgrounds, which tracks with the White House directive to protect the software supply chain. The report notes that the majority of CISOs have experience in the financial services industry, which has a low risk tolerance and where more money is spent on security.

The survey also indicates that only a small core of CISOs (working primarily for the Fortune 500) rise to the executive level with the combination of business and technical responsibilities that come with the role. In it, more than two-thirds of CISOs responding to the survey worked for companies worth over $5 billion. So, instead of bashing a CISO’s lack of IT skills, the real need lies in developing business skills for the technologists coming up the ranks.

https://www.csoonline.com/article/3675952/why-ciso-roles-require-business-and-technology-savvy.html#tk.rss_news

  • Wi-Fi Spy Drones Used to Snoop on Financial Firm

Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place.

The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe, but now these sort of attacks are actually taking place. A security researcher recently recounted an incident that occurred over the summer at a US East Coast financial firm focused on private investment.

The hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company's network. The company's security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. That is to say, the user was active off-site but someone within Wi-Fi range of the building was trying to wirelessly use that user's MAC address, which is a red flag. The team then took steps to trace the Wi-Fi signal and used a Fluke system to identify the Wi-Fi device.

This led the team to the roof, where two modified commercially available consumer drones series were discovered. One drone was in fine condition and had a modified Wi-Fi Pineapple device, used for network penetration testing. The second drone was carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. It had landed near the building's heating and ventilation system and appeared to be damaged but still operable.

During their investigation, they determined that the first drone had originally been used a few days prior to intercept a worker's credentials and Wi-Fi, and this data was then hard coded into the tools that were deployed on the second drone.

https://www.theregister.com/2022/10/12/drone-roof-attack/

  • Magniber Ransomware Attacking Individuals and Home Users

A recent analysis shows that Magniber ransomware has been targeting home users by masquerading as software updates.

Reports have shown a ransomware campaign isolated by HP Wolf Security in September 2022 saw Magniber ransomware spread. The malware is known as a single-client ransomware family that demands $2,500 from victims. Magniber was previously primarily spread through MSI and EXE files, but in September 2022 HP Wolf Security began seeing campaigns distributing the ransomware in JavaScript files.

HP Wolf Security reported that some malware families rely exclusively on JavaScript, but have done so for some time. Currently, analysts are also seeing more HTML smuggling, such as with Qakbot and IcedID. This technique also makes use of JavaScript to decode malicious content. The only difference is that the HTML file is executed in the context of the browser and therefore usually requires further user interaction.

Remarkably, HP Wolf Security said, the attackers used clever techniques to evade detection, such as running the ransomware in memory, bypassing User Account Control (UAC) in Windows, and bypassing detection techniques that monitor user-mode hooks by using syscalls instead of standard Windows API libraries.

It appears that with the UAC bypass, the malware deletes the infected system’s shadow copy files and disables backup and recovery features, preventing the victim from recovering their data using Windows tools.

Having recently described the ransomware campaign in a recent interview, HP Wolf noted that the infection chain starts with a web download from an attacker-controlled website.

https://www.itsecurityguru.org/2022/10/14/https-www-infosecurity-magazine-com-news-magniber-ransomware-adopts/


Threats

Ransomware and Extortion

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Software Supply Chain

Denial of Service DoS/DDoS

Cloud/SaaS

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Parental Controls and Child Safety

Cyber Bullying and Cyber Stalking

Regulations, Fines and Legislation

Backup and Recovery

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine


Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – North Korea

Nation State Actors – Misc





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 19 August 2022

Black Arrow Cyber Threat Briefing 19 August 2022:

-Businesses Found to Neglect Cyber Security Until it is Too Late

-Cyber Tops Staff Retention as Biggest Business Risk

-Cyber Criminals Weaponising Ransomware Data for BEC Attacks

-Callback Phishing Attacks See Massive 625% Growth Since Q1 2021

-Credential Phishing Attacks Skyrocketing, 265 Brands Impersonated in H1 2022

-Are Cloud Environments Secure Enough for Today’s Threats?

-Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

-Cyber Resiliency Isn't Just About Technology, It's About People

-The “Cyber Insurance Gap” Is Threatening Most Companies

-Easing the Cyber-Skills Crisis with Staff Augmentation

-Mailchimp Suffers Second Breach In 4 Months

-Firm Told It Can't Claim Full Cyber Crime Insurance After Social Engineering Attack

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Businesses Found to Neglect Cyber Security Until it is Too Late

Businesses only take cyber security seriously after falling victim to an attack, according to a report published by the UK's Department for Culture, Media and Sport (DCMS) this week.

For the research, the UK government surveyed IT professionals and end users in 10 UK organisations of varying sizes that have experienced cyber security breaches in the past three years. This analysed their existing level of security prior to a breach, the business impacts of the attack and how cyber security arrangements changed in the wake of the incident.

Nearly all respondents said their organisation took cyber security much more seriously after experiencing a breach, including reviewing existing practices and significantly increased investment in technology solutions.

While there was a consensus among participants that there is a greater need for vigilance and investment in cyber security, there was significant variation between organisations’ practices in this area. Medium and large organisations tended to have formal plans in place and budget allocated for further cyber security investment, but smaller businesses mostly did not due to resource constraints.

https://www.infosecurity-magazine.com/news/cybersecurity-seriously-breach/

  • Cyber Tops Staff Retention as Biggest Business Risk

Cyber security concerns represent the most serious risk facing organisations, beating inflation, talent acquisition/retention and rising production costs, according to a new PwC study.

The PwC Pulse: Managing business risks in 2022 report was compiled from interviews with 722 US C-suite executives.

Two-fifths (40%) ranked cyber-attacks as a serious risk, rising to 51% of board members. PwC said boardrooms may be getting more attuned to cyber risk after new SEC proposals were published in March that would require directors to oversee cyber security risk and be more transparent about their cyber expertise.

In fact, executives appear to be getting more proactive with cyber security on a number of fronts.

Some 84% said they are taking action or monitoring closely policy areas related to cyber security, privacy and data protection. A further 79% said they’re revising or enhancing their cyber risk management approaches, and half (49%) pointed to increased investments in cyber security and privacy.

By way of comparison, 53% said they’re increasing investment in digital transformation and 52% in IT.

Cyber security is a strategic business enabler – technology is the central nervous system of many companies – and confirming its data is secure and protected can be brand defining.

There’s now heightened attention from a wider range of business leaders and corporate directors as they recognise that cyber security and data privacy should be part of not only a risk management strategy, but also a broader corporate strategy. C-suite and boards are actively taking steps to better understand the global threat landscape, confirm a foundational cyber security program is in place, and manage these risks to create opportunities.

https://www.infosecurity-magazine.com/news/cyber-tops-staff-retention-biggest/

  • Cyber Criminals Weaponising Ransomware Data for BEC Attacks

Cyber criminals and other threat actors are increasingly using data dumped from ransomware attacks in secondary business email compromise (BEC) attacks, according to new analysis by Accenture Cyber Threat Intelligence.

The ACTI team analysed data from the 20 most active ransomware leak sites, measured by number of featured victims, between July 2021 and July 2022. Of the 4,026 victims (corporate, non-governmental organisations, and governmental entities) uncovered on various ransomware groups’ dedicated leak sites, an estimated 91% incurred subsequent data disclosures, ACTI found.

Dedicated leak sites most commonly provide financial data, followed by employee and client personally identifiable information and communication documentation. The rise of double extortion attempts – where attack groups use ransomware to exfiltrate data and then publicise the data on dedicated leak sites – has made large amounts of sensitive corporate data available to any threat actor. The most valuable types of data most useful for conducting BEC attacks are financial, employee, and communication data, as well as operational documents. There is a significant overlap between the types of data most useful for conducting BEC attacks and the types of data most commonly posted on these ransomware leak sites, ACTI said.

The data is a “rich source for information for criminals who can easily weaponise it for secondary BEC attacks,” ACTI said. “The primary factor driving an increased threat of BEC and VEC attacks stemming from double-extortion leaks is the availability of [corporate and communication data].”

https://www.darkreading.com/edge-threat-monitor/cybercriminals-weaponizing-ransomware-data-for-bec-attacks

  • Callback Phishing Attacks See Massive 625% Growth Since Q1 2021

Hackers are increasingly moving towards hybrid forms of phishing attacks that combine email and voice social engineering calls as a way to breach corporate networks for ransomware and data extortion attacks.

According to Agari's Q2 2022 cyber-intelligence report, phishing volumes have only increased by 6% compared to Q1 2022. However, the use of 'hybrid vishing' is seeing a massive 625% growth.

Vishing, "voice phishing," involves some form of a phone call to perform social engineering on the victim. Its hybrid form, called "callback phishing," also includes an email before the call, typically presenting the victim with a fake subscription/invoice notice.

The recipient is advised to call on the provided phone number to resolve any issues with the charge, but instead of a real customer support agent, the call is answered by phishing actors.

The scammers then offer to resolve the presented problem by tricking the victim into disclosing sensitive information or installing remote desktop tools on their system. The threat actors then connect to the victim's device remotely to install further backdoors or spread to other machines.

These callback phishing attacks were first introduced by the 'BazarCall/BazaCall' campaigns that appeared in March 2021 to gain initial access to corporate networks for ransomware attacks.

The attacks work so well that multiple ransomware and extortion gangs, such as Quantum, Zeon, and Silent Ransom Group, have adopted the same technique today to gain initial network access through an unsuspecting employee.

"Hybrid Vishing attacks reached a six-quarter high in Q2, increasing 625% from Q1 2021. This threat type also contributed to 24.6% of the overall share of Response-Based threats," details the Agari report.

"While this is the second quarter hybrid vishing attacks have declined in share due to the overall increase of response-based threats, vishing volume has steadily increased in count over the course of the year."

https://www.bleepingcomputer.com/news/security/callback-phishing-attacks-see-massive-625-percent-growth-since-q1-2021/

  • Credential Phishing Attacks Skyrocketing, 265 Brands Impersonated in H1 2022

Abnormal Security released a report which explores the current email threat landscape and provides insight into the latest advanced email attack trends, including increases in business email compromise, the evolution of financial supply chain compromise, and the rise of brand impersonation in credential phishing attacks.

The research found a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link. In addition to posing as internal employees and executives, cyber criminals impersonated well-known brands in 15% of phishing emails, relying on the brands’ familiarity and reputation to convince employees to provide their login credentials. Most common among the 265 brands impersonated in these attacks were social networks and Microsoft products.

“The vast majority of cyber crime today is successful because it exploits the people behind the keyboard,” said Crane Hassold, director of threat intelligence at Abnormal Security.

“By compromising people rather than networks, it’s easier for attackers to circumvent conventional security measures. This is especially true with brand impersonation, where attackers use urgency and fear to encourage their targets to provide usernames and passwords.”

LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. What makes these attacks particularly dangerous is that phishing emails are often the first step to compromising employee email accounts. Acquiring Microsoft credentials enables cyber criminals to access the full suite of connected products, allowing them to view sensitive data and use the account to send business email compromise attacks.

https://www.helpnetsecurity.com/2022/08/15/landscape-email-threat/

  • Are Cloud Environments Secure Enough for Today’s Threats?

Cyber security is a major problem right now. Not only is it the highest priority of any given business to keep their own data and their customers’ and clients’ data secure, but changes in the workplace have had a knock-on effect on cyber security. The concept of working from home has forced businesses all around the world to address old and new cyber security threats. People taking their laptops, and therefore their data, home to public networks that can be hacked or leaving access details like passwords scribbled on notebooks has meant that access to a business and therefore their customers’ data is a lot more accessible.

The saving grace was said to be the cloud. Beyond retraining cyber security in staff workforces, the practical solution was to move data into the cloud. But we’re now a few years from the point when the cloud really gained popularity. Is it still the answer to all our cyber security problems? Is there a chance of risk to using the cloud?

Cloud data breaches do happen and misconfiguration is a leading cause of them, mainly due to businesses inadequate cyber security strategies. This is due to several factors, such as the fundamental nature of the cloud designed to be easy for anyone to access, and businesses unable to completely see or control the cloud’s infrastructure and therefore relying on the cyber security controls that are provided by the cloud service provider (or CSP).

Unauthorised access is also a risk. The internet, which is a readily available public resource to most of the world, makes it easy for hackers to access data if they have the credentials to get past the cyber security set up by the individual business. This is where the ugliness of internal cloud breaches happens. If security is not configured well or credentials like passwords and secret questions are compromised, an attacker can easily access the cloud.

However, it’s not only through an employee that hackers access credentials. Phishing is a very common means of gaining information that would allow access to a customer or business data.

Plus, the simple nature of sharing data can easily backfire on a company. A lot of data access is granted with a link to someone external, which can then be forwarded, either sold or stolen, to an attacker to access the cloud’s data.

https://www.itsecurityguru.org/2022/08/16/are-cloud-environments-secure-enough-for-todays-threats/

  • Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

Attacks targeting a remote code execution vulnerability in Microsoft's MSHTML browser engine — which was patched last September — soared during the second quarter of this year, according to a Kaspersky analysis.

Researchers from Kaspersky counted at least 4,886 attacks targeting the flaw (CVE-2021-40444) last quarter, an eightfold increase over the first quarter of 2022. The security vendor attributed the continued adversary interest in the vulnerability to the ease with which it can be exploited.

Kaspersky said it has observed threat actors exploiting the flaw in attacks on organisations across multiple sectors including the energy and industrial sectors, research and development, IT companies, and financial and medical technology firms. In many of these attacks, the adversaries have used social engineering tricks to try and get victims to open specially crafted Office documents that would then download and execute a malicious script. The flaw was under active attack at the time Microsoft first disclosed it in September 2021.

Attacks targeting a remote code execution vulnerability in Microsoft's MSHTML browser engine — which was patched last September — soared during the second quarter of this year, according to a Kaspersky analysis. Researchers from Kaspersky counted at least 4,886 attacks targeting the flaw last quarter, an eightfold increase over the first quarter of 2022. The security vendor attributed the continued adversary interest in the vulnerability to the ease with which it can be exploited. According to Kaspersky, exploits for Windows vulnerabilities accounted for 82% of all exploits across all platforms during the second quarter of 2022. While attacks on the MSHTML vulnerability increased the most dramatically, it was by no means the most exploited flaw, which was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago that was attacked some 345,827 times last quarter.

https://www.darkreading.com/attacks-breaches/most-attacks-in-q2-targeted-old-microsoft-vulnerabilities

  • Cyber Resiliency Isn't Just About Technology, It's About People

Cyber attacks are on the rise — but if we're being honest, that statement has been true for quite a while, given the acceleration of cyber incidents over the past several years. Recent research indicates that organisations experienced 50% more attack attempts per week on corporate networks in 2021 than they did in 2020, and tactics such as phishing are becoming increasingly popular as attackers refine their tried-and-true methods to more successfully entice unsuspecting targets.

It's no surprise, then, that cyber resiliency has been a hot topic in the cyber security world. But although cyber resiliency refers broadly to the ability of an organisation to anticipate, withstand, and recover from cyber security incidents, many experts make the mistake of applying the term specifically to technology. And while it's true that detection and remediation tools, backup systems, and other resources play an important role in cyber resiliency, organisations that focus exclusively on technology risk are overlooking an equally important element: people.

People are often thought of as the weak link in cyber security. It's easy to understand why. People fall for phishing scams. They use weak passwords and procrastinate on installing security updates. They misconfigure hardware and software, leave cloud assets unsecured, and send confidential files to the wrong recipient. There's a reason so much cyber security technology is moving toward automation: removing people from the equation is seen as one of the most obvious ways to improve security. To many security experts, that's just common sense.

Except — is it, really? It's true that people make mistakes — it's called "human error" for a reason, after all — but many of those mistakes come when employees aren't put in a position to succeed. Phishing is a great example. Most people are familiar with the concept of phishing, but many may not be aware of the nefarious techniques that today's attackers deploy. If employees have not been properly trained, they may not be aware that attackers often impersonate real people within the organisation, or that the CEO asking them to buy gift cards "for a company happy hour" probably isn't legit. Organisations that want to build strong cyber-resiliency cannot pretend that people don't exist. Instead, they need to prioritise the resiliency of their people just as highly as the resiliency of their technology.

Training the organisation to recognise the signs of common attack tactics, practice better password and cyber hygiene, and report signs of suspicious activity can help ease the burden on IT and security personnel by providing them better information in a more timely manner. It also avoids some of the pitfalls that create a drain on their time and resources. By ensuring that people at every level of the business are more resilient, today's organisations will discover that their overall cyber-resiliency will improve significantly.

https://www.darkreading.com/vulnerabilities-threats/cyber-resiliency-isn-t-just-about-technology-it-s-about-people

  • The “Cyber Insurance Gap” Is Threatening Most Companies

A new study by BlackBerry and Corvus Insurance confirms a “cyber insurance gap” is growing, with a majority of businesses either uninsured or under insured against a rising tide of ransomware attacks and other cyber threats.

  • Only 19% of all businesses surveyed have ransomware coverage limits above the median ransomware demand amount ($600,000)

  • Among SMBs with fewer than 1,500 employees, only 14% have a coverage limit in excess of $600,000

  • 37% of respondents with cyber insurance do not have any coverage for ransomware payment demands

  • 43% of those with a policy are not covered for auxiliary costs such as court fees or employee downtime

  • 60% say they would reconsider entering into a partnership or agreement with another business or supplier if the organisation did not have comprehensive cyber insurance

  • Endpoint detection and response (EDR) software is frequently a key component to obtaining a policy

  • 34% of respondents have been previously denied cyber coverage by insurance providers due to not meeting EDR eligibility requirements

https://informationsecuritybuzz.com/expert-comments/the-cyber-insurance-gap-is-threatening-most-companies/

  • Easing the Cyber-Skills Crisis with Staff Augmentation

Filling cyber security roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise.

There are many possible solutions to the cyber security skills shortage, but most of them take time. Cyber security education, career development tracks, training programs, employer-sponsored academies, and internships are great ways to build a talent pipeline and develop skill sets to meet organisational needs in years to come.

But sometimes the need to fill a gap in capability is more immediate.

An organisation in the entertainment industry recently found itself in such a position. Its primary cyber security staff member quit suddenly without notice, taking along critical institutional knowledge and leaving various projects incomplete. With its key defender gone, the organisation's environment was left vulnerable. In a scarce talent market, the organisation faced a long hiring process to find a replacement — too long to leave its digital estate unattended. It needed expertise, and quickly.

According to a 2021 ESG report, 57% of organisations have been impacted by the global cyber security skills crisis. Seventy-six percent say it's difficult to recruit and hire security professionals. The biggest effects of this shortage are increasing workloads, positions open for weeks or months, and high cyber security staff burnout and attrition.

In this climate, more companies are turning to third parties for cyber security staff reinforcement. According to a NewtonX study, 56% of organisations are now subcontracting up to a quarter of their cyber security staff. Sixty-nine percent of companies rely on third-party expertise to assist in mitigating the risk of ransomware — up from 58% in 2017 — per a study by Ponemon and CBI, a Converge Company.

One way that companies gain this additional support is via third-party staff augmentation and consulting services. Cyber security staff augmentation, or strategic staffing, entails trained external consultants acting as an extension of an organisation's security team in a residency. Engagements can be anywhere from a few weeks to a few years, and roles can range from analysts and engineers to architects, compliance specialists, and virtual CISOs.

https://www.darkreading.com/operations/easing-the-cyber-skills-crisis-with-staff-augmentation

  • Mailchimp Suffers Second Breach In 4 Months

Mailchimp suffered another data breach earlier this month, and this one cost it a client.

In a statement Friday, Mailchimp disclosed that a security incident involving phishing and social engineering tactics had targeted cryptocurrency and blockchain companies using the email marketing platform. It was the second Mailchimp breach to target cryptocurrency customers in a four-month span.

Though Mailchimp said it has suspended accounts where suspicious activity was detected while an investigation is ongoing, it did not reveal the source of the breach or scope of the attack.

More details were provided Sunday by one of the affected customers, DigitalOcean, which cut ties with Mailchimp on Aug. 9.

The cloud hosting provider observed suspicious activity beginning Aug. 8, when threat actors used its Mailchimp account for "a small number of attempted compromises" of DigitalOcean customer accounts -- specifically cryptocurrency platforms.

While it is not clear whether any DigitalOcean accounts were compromised, the company did confirm that some email addresses were exposed. More importantly, the statement attributed a potential source of the most recent Mailchimp breach.

https://www.techtarget.com/searchsecurity/news/252523911/Mailchimp-suffers-second-breach-in-4-months

  • Firm Told It Can't Claim Full Cyber Crime Insurance After Social Engineering Attack

A Minnesota computer store suing its cyber insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.

SJ Computers alleged in a November lawsuit that Travelers Casualty and Surety Co. owed it far more than paid on a claim for nearly $600,000 in losses due to a successful business email compromise (BEC) attack.

According to its website, SJ Computers is a Microsoft Authorised Refurbisher, reselling Dell, HP, Lenovo and Acer products, as well as providing tech services including software installs and upgrades.

Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud. The motion was granted with prejudice last Friday.

In the dismissal order, the US District Court for Minnesota found that the two policy agreements are mutually exclusive, as well as finding SJ's claim fell squarely into its social engineering fraud agreement with Travelers, which has a cap of $100,000.

When SJ filed its claim with Travelers, the court noted, it did so only under the social engineering fraud agreement. After realising the policy limit on computer fraud was 10 times higher, "SJ Computers then made a series of arguments – ranging from creative to desperate – to try to persuade Travelers that its loss was not the result of social-engineering-fraud (as SJ Computers itself had initially said) but instead the result of computer fraud," the district judge wrote in the order.

https://www.theregister.com/2022/08/16/social_engineering_cyber_crime_insurance/


Threats

Ransomware

BEC – Business Email Compromise

Phishing & Email Based Attacks

Other Social Engineering; SMishing, Vishing, etc

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Supply Chain and Third Parties

Denial of Service DoS/DDoS

Cloud/SaaS

Passwords, Credential Stuffing & Brute Force Attacks

Privacy

Regulations, Fines and Legislation

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine






Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 22 July 2022

Black Arrow Cyber Threat Briefing 22 July 2022

-Insurer Refuses to Pay Out After Victim Misrepresented Their Cyber Controls

-5 Cyber Security Questions CFOs Should Ask CISOs

-The Biggest Cyber Attacks in 2022 So Far — and it’s Just the Tip of the Iceberg

-Malware-as-a-Service Creating New Cyber Crime Ecosystem

-The Rise and Continuing Popularity of LinkedIn-Themed Phishing

-Microsoft Teams Default Settings Leave Organisations Open to Cyber Attacks

-Top 10 Cyber Security Attacks of Last Decade Show What is to Come

-Software Supply Chain Concerns Reach C-Suite

-EU Warns of Russian Cyber Attack Spillover, Escalation Risks

-Critical Flaws in GPS Tracker Enable “Disastrous” and “Life-Threatening” Hacks

-Russian Hackers Behind Solarwinds Breach Continue to Scour US And European Organisations for Intel, Researchers Say

-The Next Big Security Threat Is Staring Us in The Face. Tackling It Is Going to Be Tough

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Insurer Refuses to Pay Out After Victim Misrepresented Their Cyber Controls

In what may be one of the first court filings of its kind, insurer Travelers is asking a district court for a ruling to rescind a policy because the insured allegedly misrepresented its use of multifactor authentication (MFA) – a condition to get cyber coverage.

According to a July filing, Travelers said it would not have issued a cyber insurance policy in April to electronics manufacturing services company International Control Services (ICS) if the insurer knew the company was not using MFA as it said. Additionally, Travelers wants no part of any losses, costs, or claims from ICS – including from a May ransomware attack ICS suffered.

Travelers alleged ICS submitted a cyber policy application signed by its CEO and “a person responsible for the applicant’s network and information security” that the company used MFA for administrative or privileged access. However, following the May ransomware event, Travelers first learned during an investigation that the insured was not using the security control to protect its server and “only used MFA to protect its firewall, and did not use MFA to protect any other digital assets.”

Therefore, statements ICS made in the application were “misrepresentations, omissions, concealment of facts, and incorrect statements” – all of which “materially affected the acceptance of the risk and/or the hazard assumed by Travelers,” the insurer alleged in the filing.

ICS also was the victim of a ransomware attack in December 2020 when hackers gained access using the username and password of an ICS administrator, Travelers said. ICS told the insurer of the attack during the application process and said it improved the company’s cyber security.

Travelers said it wants the court to declare the insurance contract null and void, rescind the policy, and declare it has no duty to indemnify or defend ICS for any claim.

https://www.insurancejournal.com/news/national/2022/07/12/675516.htm#

  • 5 Cyber Security Questions CFOs Should Ask CISOs

Armed with the answers, chief financial officers can play an essential role in reducing cyber risk.

Even in a shrinking economy, organisations are likely to maintain their level of cyber security spend. But that doesn’t mean in the current economic climate of burgeoning costs and a possible recession they won’t take a magnifying glass to how they are spending the money budgeted to defend systems and data. Indeed, at many companies, cyber security spending isn’t targeting the most significant dangers, according to experts — as evidenced by the large number of successful ransomware attacks and data breaches.

Without a comprehensive understanding of the security landscape and what the organisation needs to do to protect itself, how can CFOs make the right decisions when it comes to investments in cyber security technology and other resources? They can’t.

So, CFOs need to ensure they have a timely grasp of the security issues their organisation faces. That requires turning to the most knowledgeable people in the organisation: chief information security officers (CISOs) and other security leaders on the IT front lines.

Here are five questions CFOs should be asking their CISOs about the security of their companies.

  1. How secure are we as an organisation?

  2. What are the main security threats or risks in our industry?

  3. How do we ensure that the cyber security team and the CISO are involved in business development?

  4. What are the risks and potential costs of not implementing a cyber control?

  5. Do employees understand information security and are they implementing security protocols successfully?

https://www.cfo.com/technology/cyber-security-technology/2022/07/cybersecurity-spending-protocols-ciso-security-threats-business-development-cyber-control/

  • The Biggest Cyber Attacks in 2022 So Far — and it’s Just the Tip of the Iceberg

For those in the cyber resilience realm, it’s no surprise that there’s a continued uptick in cyber attacks. Hackers are hacking, thieves are thieving and ransomers are — you guessed it — ransoming. In other words, cyber crime is absolutely a growth industry.

As we cross into the second half of this year, let’s look at some of the most significant attacks so far:

  • Blockchain schmockchain. Cryptocurrency exchange Crypto.com’s two-factor-identification (2FA) system was compromised as thieves made off with approximately $30 million.

  • Still the one they run to. Microsoft’s ubiquity makes it a constant target. Earlier this year, the hacking collective Lapsus$ compromised Cortana and Bing, among other Microsoft products, posting source code online.

  • Not necessarily the news. News Corp. journalist emails and documents were accessed at properties including the Wall Street Journal, Dow Jones and the New York Post in a hack tied to China.

  • Uncharitable ways. The Red Cross was the target of an attack earlier this year, with more than half a million “highly vulnerable” records of Red Cross assistance recipients compromised.

  • Victim of success. North Korea’s Lazarus Group made off with $600 million in cryptocurrencies after blockchain gaming platform Ronin relaxed some of its security protocols so its servers could better handle its growing popularity.

  • We can hear you now. State-sponsored hackers in China have breached global telecom powerhouses worldwide this year, according to the U.S. Cybersecurity & Infrastructure Security Agency.

  • Politics, the art of the possible. Christian crowdfunding site GiveSendGo was breached twice this year as hacktivists exposed the records of donors to Canada’s Freedom Convoy.

  • Disgruntled revenge. Businesspeople everywhere were reminded of the risks associated with departing personnel when fintech powerhouse Block announced that a former employee accessed sensitive customer information, impacting eight million customers.

  • Unhealthy habits. Two million sensitive customer records were exposed when hackers breached Shields Health Care’s network.

  • They even stole the rewards points. General Motors revealed that hackers used a credentials stuffing attack to access personal information on an undisclosed number of car owners. They even stole gift-card-redeemable customer reward points.

For every breach or attack that generates headlines, millions of others that we never hear about put businesses at risk regularly. The Anti-Phishing Working Group just released data for the first quarter of this year, and the trend isn’t good. Recorded phishing attacks are at an all-time high (more than a million in just the first quarter) and were accelerating as the quarter closed, with March 2022 setting a new record for single-month attacks.

https://www.msspalert.com/cybersecurity-guests/the-biggest-cyberattacks-in-2022-so-far-and-its-just-the-tip-of-the-iceberg/

  • Malware-as-a-Service Creating New Cyber Crime Ecosystem

This week HP released their report The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back, exploring how cyber-criminals are increasingly operating in a quasi-professional manner, with malware and ransomware attacks being offered on a ‘software-as-a-service’ basis.

The report’s findings showed how cyber crime is being supercharged through “plug and play” malware kits that are easier than ever to launch attacks. Additionally, cyber syndicates are now collaborating with amateur attackers to target businesses, putting the online world and its users at risk.

The report’s methodology saw HP’s Wolf Security threat team work in tandem with dark-web investigation firm Forensic Pathways to scrape and analyse over 35 million cyber criminal marketplaces and forum posts between February and March 2022, with the investigation helping to gain a deeper understanding of how cyber criminals operate, gain trust, and build reputation. Its key findings include:

Malware is cheap and readily available: Over three-quarters (76%) of malware advertisements listed, and 91% of exploits (i.e. code that gives attackers control over systems by taking advantage of software bugs), retail for under $10.

Trust and reputation are ironically essential parts of cyber-criminal commerce: Over three-quarters (77%) of cyber criminal marketplaces analysed require a vendor bond – a license to sell – which can cost up to $3000.  Of these, 92% have a third-party dispute resolution service.

Popular software is giving cyber criminals a foot in the door: Kits that exploit vulnerabilities in niche systems command the highest prices (typically ranging from $1,000-$4,000), while zero day vulnerabilities are retailing at 10s of thousands of pounds on dark web markets.

https://www.infosecurity-magazine.com/news/malware-service-cybercrime/

  • The Rise and Continuing Popularity of LinkedIn-Themed Phishing

Phishing emails impersonating LinkedIn continue to make the bulk of all brand phishing attempts. According to Check Point, 45% of all email phishing attempts in Q2 2022 imitated the style of communication of the professional social media platform, with the goal of directing targets to a spoofed LinkedIn login page and collecting their account credentials.

The phishers are generally trying to pique the targets’ interest with fake messages claiming that they “have appeared in X searches this week”, that a new message is waiting for them, or that another user would like to do business with them, and are obviously taking advantage of the fact that a record number of individuals are switching or are considering quitting their job and are looking for a new one.

To compare: In Q4 2021, LinkedIn-themed phishing attempts were just 8 percent of the total brand phishing attacks flagged by Check Point. Also, according to Vade Secure, in 2021 the number of LinkedIn-themed phishing pages linked from unique phishing emails was considerably lower than those impersonating other social networks (Facebook, WhatsApp).

Other brands that phishers loved to impersonate during Q2 2022 are (unsurprisingly) Microsoft (13%), DHL (12%) and Amazon (9%).

https://www.helpnetsecurity.com/2022/07/21/linkedin-phishing/

  • Microsoft Teams Default Settings Leave Organisations Open to Cyber Attacks

Relying on default settings on Microsoft Teams leaves organisations and users open to threats from external domains, and misconfigurations can prove perilous to high-value targets.

Microsoft Teams has over 270 million active monthly users, with government institutions using the software in the US, UK, Netherlands, Germany, Lithuania, and other countries at varying levels.

Cyber security researchers have discovered that relying on default MS Teams settings can leave firms and high-value users vulnerable to social engineering attacks. Attackers could create group chats, masquerade as seniors within the target organisation and observe whether users are online.

Attackers could, rather convincingly, impersonate high-ranking officials and possibly strike up conversations, fooling victims into believing they’re discussing sensitive topics with a superior. Skilled attackers could do a lot of harm with this capability.

https://cybernews.com/security/microsoft-teams-settings-leave-govt-officials-open-to-cyberattacks/

  • Top 10 Cyber Security Attacks of Last Decade Show What is to Come

Past is prologue, wrote William Shakespeare in his play “The Tempest,” meaning that the present can often be determined by what has come before. So it is with cyber security, serving as the basis of which is Trustwave’s “Decade Retrospective: The State of Vulnerabilities” over the last 10 years.

Threat actors frequently revisit well-known and previously patched vulnerabilities to take advantage of continuing poor cyber security hygiene. “If one does not know what has recently taken place it leaves you vulnerable to another attack,” Trustwave said in its report that identifies and examines the “watershed moments” that shaped cyber security between 2011 and 2021.

With a backdrop of the number of security incidents and vulnerabilities increasing in volume and sophistication, here are Trustwave’s top 10 network vulnerabilities in no particular order that defined the decade and “won’t be forgotten.”

  • SolarWinds hack and FireEye breach, Detected: December 8, 2020 (FireEye)

  • EternalBlue Exploit, Detected: April 14, 2017

  • Heartbleed, Detected: March 21, 2014

  • Shellshock, Remote Code Execution in BASH, Detected: September 12, 2014

  • Apache Struts Remote Command Injection & Equifax Breach, Detected: March 6, 2017

  • Chipocalypse, Speculative Execution Vulnerabilities Meltdown & Spectre

  • BlueKeep, Remote Desktop as an Access Vector, Detected: January, 2018

  • Drupalgeddon Series, CMS Vulnerabilities, Detected: January, 2018

  • Microsoft Windows OLE Vulnerability, Sandworm Exploit, Detected: September 3, 2014

  • Ripple20 Vulnerabilities, Growing IoT landscape, Detected: June 16, 2020

https://www.msspalert.com/cybersecurity-news/top-10-cybersecurity-attacks-of-last-decade-show-what-is-to-come-report/

  • Software Supply Chain Concerns Reach C-Suite

Major supply chain attacks have had a significant impact on software security awareness and decision-making, with more investment planned for monitoring attack surfaces.

Organisations are waking up to the need to establish better software supply chain risk management policies and are taking action to address the escalating threats and vulnerabilities targeting this expanding attack surface.

These were among the findings of a CyberRisk Alliance-conducted survey of 300 respondents from both software-buying and software-producing companies.

Most survey respondents (52%) said they are "very" or "extremely" concerned about software supply chain risks, and 84% of respondents said their organisation is likely to allocate at least 5% of their AppSec budgets to manage software supply chain risk.

Software buyers are planning to invest in procurement program metrics and reporting, application pen-testing, and software build of materials (SBOM) design and implementation, according to the findings.

Meanwhile, software developers said they plan to invest in secure code review as well as SBOM design and implementation.

https://www.darkreading.com/application-security/software-supply-chain-concerns-reach-c-suite

  • EU Warns of Russian Cyber Attack Spillover, Escalation Risks

The Council of the European Union (EU) said that Russian hackers and hacker groups increasingly attacking "essential" organisations worldwide could lead to spillover risks and potential escalation.

"This increase in malicious cyber activities, in the context of the war against Ukraine, creates unacceptable risks of spillover effects, misinterpretation and possible escalation," the High Representative on behalf of the EU said.

"The latest distributed denial-of-service (DDoS) attacks against several EU Member States and partners claimed by pro-Russian hacker groups are yet another example of the heightened and tense cyber threat landscape that EU and its Member States have observed."

In this context, the EU reminded Russia that all United Nations member states must adhere to the UN's Framework of responsible state behaviour in cyberspace to ensure international security and peace.

The EU urged all states to take any actions required to stop malicious cyber activities conducted from their territory.

The EU's statement follows a February joint warning from CISA and the FBI that wiper malware attacks targeting Ukraine could spill over to targets from other countries.

Google's Threat Analysis Group (TAG) said in late March that it observed phishing attacks orchestrated by the Russian COLDRIVER hacking group against NATO and European military entities.

In May, the US, UK, and EU accused Russia of coordinating a massive cyber attack that hit the KA-SAT consumer-oriented satellite broadband service in Ukraine on February 24 with AcidRain data destroying malware, approximately one hour before Russia invaded Ukraine.

A Microsoft report from June also confirms the EU's observation of an increase in Russian malicious cyber activities. The company's president said that threat groups linked to Russian intelligence agencies (including the GRU, SVR, and FSB) stepped up cyber attacks against government entities in countries allied with Ukraine after Russia's invasion.

In related news, in July 2021, President Joe Biden warned that cyber attacks leading to severe security breaches could lead to a "real shooting war," a statement issued a month after NATO said that cyber attacks could be compared to "armed attacks" in some circumstances.

https://www.bleepingcomputer.com/news/security/eu-warns-of-russian-cyberattack-spillover-escalation-risks/

  • Critical Flaws in GPS Tracker Enable “Disastrous” and “Life-Threatening” Hacks

A security firm and the US government are advising the public to immediately stop using a popular GPS tracking device or to at least minimise exposure to it, citing a host of vulnerabilities that make it possible for hackers to remotely disable cars while they’re moving, track location histories, disarm alarms, and cut off fuel.

An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers. BitSight found the device in use in 169 countries, with customers including governments, militaries, law enforcement agencies, and aerospace, shipping, and manufacturing companies.

BitSight discovered what it said were six “severe” vulnerabilities in the device that allow for a host of possible attacks. One flaw is the use of unencrypted HTTP communications that makes it possible for remote hackers to conduct adversary-in-the-middle attacks that intercept or change requests sent between the mobile application and supporting servers. Other vulnerabilities include a flawed authentication mechanism in the mobile app that can allow attackers to access the hardcoded key for locking down the trackers and the ability to use a custom IP address that makes it possible for hackers to monitor and control all communications to and from the device.

https://arstechnica.com/information-technology/2022/07/critical-flaws-in-gps-tracker-enable-disastrous-and-life-threatening-hacks/

  • Russian Hackers Behind Solarwinds Breach Continue to Scour US And European Organisations for Intel, Researchers Say

The Russian hackers behind a sweeping 2020 breach of US government networks have in recent months continued to hack US organisations to collect intelligence while also targeting an unnamed European government that is a NATO member.

The new findings show how relentless the hacking group — which US officials have linked with Russia's foreign intelligence service — is in its pursuit of intelligence held by the US and its allies, and how adept the hackers are at targeting widely used cloud-computing technologies.

The hacking efforts come as Russia's invasion of Ukraine continues to fray US-Russia relations and drive intelligence collection efforts from both governments.

In recent months, the hacking group has compromised the networks of US-based organisations that have data of interest to the Russian government.

In separate activity revealed Tuesday, US cyber security firm Palo Alto Networks said that the Russian hacking group had been using popular services like Dropbox and Google Drive to try to deliver malicious software to the embassies of an unnamed European government in Portugal and Brazil in May and June.

https://edition.cnn.com/2022/07/19/politics/russia-solarwinds-hackers/index.html

  • The Next Big Security Threat Is Staring Us in The Face. Tackling It Is Going to Be Tough

If the ongoing fight against ransomware wasn't keeping security teams busy, along with the challenges of securing the ever-expanding galaxy of Internet of Things devices, or cloud computing, then there's a new challenge on the horizon – protecting against the coming wave of digital imposters or deepfakes.

A deepfake video uses artificial intelligence and deep-learning techniques to produce fake images of people or events.

One recent example is when the mayor of Berlin thought he was having an online meeting with former boxing champion and current mayor of Kyiv, Vitali Klitschko. But the mayor of Berlin grew suspicious when 'Klitschko' started saying some very out of character things relating to the invasion of Ukraine, and when the call was interrupted the mayor's office contacted the Ukrainian ambassador to Berlin – to discover that, whoever they were talking to, it wasn't the real Klitschko.

It's a sign that deepfakes are getting more advanced and quickly. Previous instances of deepfake videos that have gone viral often have tell-tale signs that something isn't real, such as unconvincing edits or odd movements, but the developments in deepfake technology mean it isn't difficult to imagine it being exploited by cyber criminals, particularly when it comes to stealing money.

While ransomware might generate more headlines, business email compromise (BEC) is the costliest form of cyber crime today. The FBI estimates that it costs businesses billions of dollars every year. The most common form of BEC attack involves cyber criminals exploiting emails, hacking into accounts belonging to bosses – or cleverly spoofing their email accounts – and asking staff to authorise large financial transactions, which can often amount to hundreds of thousands of dollars.

The emails claim that the money needs to be sent urgently, maybe as part of a secret business deal that can't be disclosed to anyone. It's a classic social-engineering trick designed to force the victim into transferring money quickly and without asking for confirmation from anyone else who could reveal it's a fake request. By the time anyone might be suspicious, the cyber criminals have taken the money, likely closed the bank account they used for the transfer – and run.

BEC attacks are successful, but many people might remain suspicious of an email from their boss that comes out the blue and they could avoid falling victim by speaking to someone to confirm that it's not real. But if cyber criminals could use a deepfake to make the request, it could be much more difficult for victims to deny the request, because they believe they're actually speaking to their boss on camera.

Many companies publicly list their board of directors and senior management on their website. Often, these high-level business executives will have spoken at events or in the media, so it's possible to find footage of them speaking. By using AI-powered deep-learning techniques, cyber criminals could exploit this public information to create a deepfake of a senior-level executive, exploit email vulnerabilities to request a video call with an employee, and then ask them to make the transaction. If the victim believes they're speaking to their CEO or boss, they're unlikely to deny the request.

https://www.zdnet.com/article/the-next-big-security-threat-is-staring-us-in-the-face-tackling-it-is-going-to-be-tough/


Threats

Ransomware

BEC – Business Email Compromise

Phishing & Email Based Attacks

Other Social Engineering

Malware

Mobile

BYOD

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Identity and Access Management

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Privacy

Parental Controls and Child Safety

Regulations, Fines and Legislation

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine



Vulnerability Management

Vulnerabilities


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3



Other News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 15 July 2022

Black Arrow Cyber Threat Briefing 15 July 2022:

-10,000 Organisations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication

-Businesses Are Adding More Endpoints, But Can’t Manage Them All

-Ransomware Activity Resurges in Q2

-North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware

-One-Third of Users Without Security Awareness Training Click on Phishing URLs

-Ransomware Scourge Drives Price Hikes in Cyber Insurance

-Conventional Cyber Security Approaches Are Falling Short

-Virtual CISOs Are the Best Defence Against Accelerating Cyber Risks

-Firms Not Planning for Supply Chain Threats

-Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?

-Security Culture: Fear of Cyber Warfare Driving Initiatives

-Cryptocurrency 'Mixers' See Record Transactions from Sanctioned Actors

-Online Payment Fraud Expected to Cost $343B Over Next 5 Years

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • 10,000 Organisations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.

The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into the genuine site.

According to Microsoft’s detailed report on the campaign, once hackers had broken into email inboxes via the use of stolen passwords and session cookies, they would exploit their access to launch Business Email Compromise (BEC) attacks on other targets.

By creating rules on victims’ email accounts, the attackers are able to then ensure that they maintain access to incoming email even if a victim later changes their password.

The global pandemic, and the resulting increase in staff working from home, has helped fuel a rise in the adoption of multi-factor authentication.

Cyber criminals, however, haven’t thrown in the towel when faced with MFA-protected accounts. Accounts with MFA are certainly less trivial to break into than accounts which haven’t hardened their security, but that doesn’t mean that it’s impossible.

Reverse-proxy phishing kits like Modlishka, for instance, impersonate a login page, and ask unsuspecting users to enter their login credentials and MFA code. That collected data is then passed to the genuine website – granting the cyber criminal access to the site.

As more and more people recognise the benefits of MFA, we can expect a rise in the number of cyber criminals investing effort into bypassing MFA.

Microsoft’s advice is that organisations should complement MFA with additional technology and best practices.

https://www.tripwire.com/state-of-security/featured/10000-organisations-targeted-by-phishing-attack-that-bypasses-multi-factor-authentication/

  • Businesses Are Adding More Endpoints, But Can’t Manage Them All

Most enterprises struggle to maintain visibility and control of their endpoint devices, leading to increased security breaches and impaired ability to ward off outside attacks, according to a survey conducted by Ponemon Institute.

Findings show that the average enterprise now manages approximately 135,000 endpoint devices. Despite $4,252,500 of annual budget spent on endpoint protection, an average of 48 percent of devices – or 64,800 per enterprise – are at risk because they are no longer detected by the organisation’s IT department or the endpoints’ operating systems have become outdated.

Additionally, 63 percent of respondents find that the lack of visibility into their endpoints is the most significant barrier to achieving a strong security posture.

IT organisations are facing unprecedented rates of distribution point sprawl, which has grown rapidly since the onset of the COVID-19 pandemic. 61 percent of respondents say distribution points have increased in the last two years, and the average endpoint has as many as 7 agents installed for remote management, further adding to management complexity.

https://www.helpnetsecurity.com/2022/07/14/businesses-are-adding-more-endpoints/

  • Ransomware Activity Resurges in Q2

Ransomware activity rose by a fifth in the last quarter, according to a report from security firm Digital Shadows.

The company, which monitors almost 90 data leak sites on the dark web, observed ransomware groups name 705 victims in Q2 2022, representing a 21% increase over last quarter’s 582. This was a resurgence in activity following a 25.3% decline quarter-on-quarter during Q1.

The LockBit ransomware group overtook Conti in victim numbers as Conti ceased operations following the leak of internal chat logs. Conti had reached almost 900 victims during its operations, but LockBit is now closing in on 1,000 after a 13% growth in activity during the quarter.

LockBit also continued to innovate, releasing version 3 of its ransomware with new features, including support for payments using the Zcash cryptocurrency. It also launched a reward program for any information on high-value targets, along with a data leak site that allows anyone to purchase victim data.

At around 230, Lockbit’s quarterly victim numbers far exceeded any other group in Q2. It was accountable for almost a third of all postings to leak sites in Q2. Conti, which had limped along for several weeks after its own data leak, managed just over 50. In third place was Alphv, which grew 118% during the quarter. Basta came in fourth.

Some other smaller groups are also growing rapidly, according to the report. Vice Society, in fifth place this quarter, doubled its activity.

https://www.infosecurity-magazine.com/news/ransomware-activity-resurges-q2/

  • One-Third of Users Without Security Awareness Training Click on Phishing URLs

Phishing attacks just won't die, and new data underscores their effectiveness among users who have not been provided security awareness training.

According to data pulled from security awareness training provider KnowBe4's clients, 32.4% of users will fall for a phish — clicking on a link or following a phony request — if those users have not had any official training. The disconnect is worse in some industry sectors, including consulting, energy and utilities, and healthcare and pharmaceuticals, where half of all untrained users fall for phishing attacks.

The data was pulled from 23.4 million simulated phishing tests conducted at more than 30,000 organisations, encompassing some 9.5 million users. According to KnowBe4, 90 days after monthly or more training, the number of phishing test fails dropped to around 17.6%, and to 5% after one year of regular awareness training.

https://www.darkreading.com/remote-workforce/one-third-of-users-click-on-phishing

  • Ransomware Scourge Drives Price Hikes in Cyber Insurance

Cyber security insurance costs are rising, and insurers are likely to demand more direct access to organisational metrics and measures to make more accurate risk assessments.

The rising cost of ransomware attacks is helping push significant premium increases in cyber insurance policies in the UK and US, new data shows.

With the average payouts across the past two years averaging more than $3.5 million in the US, a growing number of cyber security insurers want direct access to customer security metrics and measures. This would help prove the status of security controls, according to a Panaseer report on the state of the cyber insurance industry.

However, insurance firms are struggling to accurately understand a customer's security posture, which is in turn affecting price increases.

Panaseer notes that 82% of insurers surveyed said they expect the rise in premiums to continue. The increasing cost of ransomware is putting premiums up, and the increase in the number of attacks, as well as the number of successful attacks, means insurance is getting harder to get and is getting more expensive.

Meanwhile, 87% of insurers surveyed say they want a more consistent approach to analysing cyber-risk. Fundamentally, insurers need better information in order to price the risk — questionnaires aren't going to cut it. Having real live data coming from a customer about their security posture is what's going to be required for them to accurately price risk, in the same way that telematics did for car insurance.

https://www.darkreading.com/attacks-breaches/ransomware-scourge-drives-price-hikes-in-cyber-insurance

  • Conventional Cyber Security Approaches Are Falling Short

Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can’t keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organisations are not well prepared for today’s rapidly shifting threat landscape.

On average, organisations experienced 15% more cyber security incidents in 2021 than in 2020. In addition, “material breaches”— defined as “those generating a large loss, compromising many records, or having a significant impact on business operations” — jumped 24.5%.

The top four causes of the most significant breaches reported by the affected organisations were:

  • Human error

  • Misconfigurations

  • Poor maintenance/lack of cyber hygiene

  • Unknown assets.

https://www.helpnetsecurity.com/2022/07/14/conventional-cybersecurity-approaches/

  • Virtual CISOs Are the Best Defence Against Accelerating Cyber-Risks

The cyber security challenges that companies are facing today are vast, multidimensional, and rapidly changing. Exacerbating the issue is the relentless evolution of threat actors and their ability to outmanoeuvre security controls effortlessly.

As technology races forward, companies without a full-time CISO (Chief Information Security Officer) are struggling to keep pace. For many, finding, attracting, retaining, and affording the level of skills and experience needed is out of reach or simply unrealistic. Enter the virtual CISO (vCISO). These on-demand experts provide security insights to companies on an ongoing basis and help ensure that security teams have the resources they need to be successful.

Typically, an engagement with a vCISO is long lasting, but in a fractional delivery model. This is very different from a project-oriented approach that requires a massive investment and results in a stack of deliverables for the internal team to implement and maintain. A vCISO not only helps to form the approach, define the action plan, and set the road map but, importantly, stays engaged throughout the implementation and well into the ongoing management phases.

The best vCISO engagements are long-term contracts. Typically, there's an upfront effort where the vCISO is more engaged in the first few months to establish an understanding, develop a road map, and create a rhythm with the team. Then, their support drops into a regular pace which can range from two to three days per week or five to ten days per month.

https://www.darkreading.com/careers-and-people/virtual-cisos-are-the-best-defense-against-accelerating-cyber-risks

  • Firms Not Planning for Supply Chain Threats

Enterprises are failing to plan properly for supply chain risks and cyber security threats from the wider digital ecosystem, a leading technology consultancy has warned.

According to Tata Consultancy Services (TCS), firms put the risks posed by ecosystem partners at the bottom of a list of 10 key threats. CISOs and chief risk officers believed that financial systems, customer databases and R&D were the systems most likely to be targeted. Supply chain and distribution was placed in ninth.

The report, based on a survey of larger firms with annual revenues of $1bn or more, found that only 16% of chief risk officers believed the digital ecosystem was a concern when it comes to cyber risks, and only 14% said those ecosystems were a priority for board level discussions.

The research also found that a small number of enterprises fail to focus on cyber risk, with one in six boards discussing it only “occasionally, as necessary or never.” TCS found, though, that organisations with above-average profit and revenue growth were more likely to put cyber security on the agenda at board meetings.

TCS also found that enterprises view the cloud as a more secure environment than conventional data centres and on-premises systems. Additionally, the research highlighted ongoing concerns about skills and the need to attract and retain talented security staff. Firms where senior leaders focus on cyber security are more likely to be able to close the skills gap, according to the study.

https://www.infosecurity-magazine.com/news/planning-supply-chain-threats/

  • Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?

IT service provider and consulting firm Capgemini is facing a lawsuit related to a June 2020 data breach. The plaintiff — gaming company Razer — is seeking $7 million in damages. A trial in Singapore’s High Court regarding the dispute is underway, according to Vulcan Post.

Razer claims it has suffered approximately $6.85 million in profit losses from its online website due to the data breach. Razer is pursuing damages for an unquantified sum for profit losses from the rejection of its digital bank license application.

The Razer data breach occurred due to an issue with an IT system. It may have exposed the personal information of about 100,000 Razer customers.

The Razer data breach may have occurred due to a misconfigured Elasticsearch cluster. It also was exposed to the public and indexed by public search engines and took more than three weeks to fix.

Experts from Razer and Capgemini agreed that the data breach was caused by a security misconfiguration. However, Razer now claims that a Capgemini employee recommended the IT system that led to the breach and is therefore responsible for the incident.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/data-breach-lawsuit-gaming-company-razer-sues-capgemini-for-7-million/

  • Security Culture: Fear of Cyber Warfare Driving Initiatives

KnowBe4, the provider of security awareness training and simulated phishing platform, has conducted a survey during Infosecurity Europe, which evaluated the opinions of nearly 200 security professionals towards security culture, or more specifically: the ideas, customs and social behaviours of an organisation that influence their security practices.

The research found the threat of cyber warfare (30%) or experiencing a data breach or cyber attack (30%) were the two biggest reasons why security professionals wanted to improve security culture at their organisations. Given the current invasion of Ukraine by Russia and the resulting cyber security warnings announced by many of the world’s leading governments, improving current cyber security efforts has continued to be a top priority for many.

The study also revealed just over two thirds (67%) answered that a strong security culture would very likely reduce the risk of security incidents, with the majority (85%) directing their efforts into both improving security awareness training and communicating values expected from employees regarding security.

However, there are many obstacles when attempting to create a strong security culture, with the main issue being a lack of budget (26%) which was followed security professionals facing indifference from fellow employees (24%) and a lack of senior management support (16%).

Interestingly, just under three quarters (73%) admitted to putting an increased effort into measuring employees understanding of security – this still leaves a considerable gap of 27% that do not, something many security professionals will want to consider closing. Thankfully, 38% agree this aspect of security culture would be an area they want to improve in their organisation. When witnessing a colleague display poor security practises, 67% of UK security experts would prefer to tell the individual discreetly, while just under a third (31%) would send the member of staff training material to review. Only 18% would report the individual to the security team.

https://www.itsecurityguru.org/2022/07/11/security-culture-fear-of-cyber-warfare-driving-initiatives/

  • Cryptocurrency 'Mixers' See Record Transactions from Sanctioned Actors

Use of so-called cryptocurrency “mixers,” which combine various types of assets to mask their origin, peaked at a 30-day average of nearly $52 million worth of digital currency in April, representing an unprecedented volume of funds moving through those services, researchers at cryptocurrency research firm Chainalysis found.

A near two-fold increase in funds sent from illicit addresses has accelerated the increase, indicating that the technology that can obfuscate the currency continues to be highly attractive to cyber criminals.

Cryptocurrency mixers work by taking an individual’s cryptocurrency and combining it with a larger pool before returning units equivalent to the original amount minus a service fee to the original account. As a result, it makes it harder for law enforcement and cryptocurrency analysts to trace the currency.

Mixers aren’t solely used by criminals, but they are extremely popular with them. 10% of all funds from illicit wallets are sent to mixers, while mixers received less than 0.5% of the share of other sources of funds tracked by the firm, including decentralised finance projects.

The bulk of illicit funds transferred to mixers came from sanctioned actors, primarily Russian dark net market Hydra and more recently the Lazarus Group, a group of North Korean state-backed hackers. International law enforcement took out Hydra, which had been responsible for 80% of dark web transactions involving cryptocurrency, in May. The US Treasury’s Office of Foreign Assets Control followed with sanctions on more than 100 of its cryptocurrency addresses.

The use of mixers by North Korea state-backed hackers, and a popular mixer they employed to launder funds, made up the rest of the transfers.

https://www.cyberscoop.com/cryptocurrency-mixers-see-record-transactions-from-sanctioned-actors/

  • Online Payment Fraud Expected to Cost $343B Over Next 5 Years

Despite ratcheted-up efforts to prevent account takeover, fraudsters are cashing in on a range of online payment fraud schemes, which researchers predict will cost retail organisations more than $343 billion over the next five years.

Physical good purchases are loss leaders, making up 49% of online payment fraud, driven in large part by developing markets with little address verification, according to a new Juniper Research report.

Fundamentally, no two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution. Payment fraud detection and prevention vendors must build a multitude of verification capabilities, and intelligently orchestrate different solutions depending on circumstances, in order to correctly protect both merchants and users.

https://www.darkreading.com/application-security/online-payment-fraud-expected-to-cost-343b-over-5-years


Threats

Ransomware

Phishing & Email Based Attacks

Other Social Engineering

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Insurance

Supply Chain and Third Parties

Denial of Service DoS/DDoS

Identity and Access Management

Encryption

Social Media

Training, Education and Awareness

Privacy

Regulations, Fines and Legislation

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine




Vulnerabilities


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in. 

  • Automotive

  • Construction

  • Critical National Infrastructure (CNI)

  • Defence & Space

  • Education & Academia

  • Energy & Utilities

  • Estate Agencies

  • Financial Services

  • FinTech

  • Food & Agriculture

  • Gaming & Gambling

  • Government & Public Sector (including Law Enforcement)

  • Health/Medical/Pharma

  • Hotels & Hospitality

  • Insurance

  • Legal

  • Manufacturing

  • Maritime

  • Oil, Gas & Mining

  • OT, ICS, IIoT, SCADA & Cyber-Physical Systems

  • Retail & eCommerce

  • Small and Medium Sized Businesses (SMBs)

  • Startups

  • Telecoms

  • Third Sector & Charities

  • Transport & Aviation

  • Web3



Other News

5 key considerations for your 2023 cyber security budget planning | CSO Online

What Are the Risks of Employees Going on a 'Hybrid Holiday'? (darkreading.com)

New ‘Luna Moth’ hackers breach orgs via fake subscription renewals (bleepingcomputer.com)

Experian accounts could still be at risk from hackers | TechRadar

Cyber security skills surpass cloud skills as this year's training priority, if professionals can find the time | ZDNet

Average American Accesses Suspicious Sites 6.5 Times a Day - Infosecurity Magazine (infosecurity-magazine.com)

Mergers and acquisitions are a strong zero-trust use case • The Register

Recruitment agency Morgan Hunt confirms 'cyber incident' • The Register

New Exploit Attacks UK Routers and Runs Up Mobile Data Bills - ISPreview UK

How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub (darkreading.com)

CEO of Dozens of Companies Charged in Scheme to Traffic An Estimated $1bn in Fake Cisco Devices - Infosecurity Magazine (infosecurity-magazine.com)

Data breaches explained: Types, examples, and impact | CSO Online

President of European Central Bank Christine Lagarde targeted by hackers - Security Affairs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 27 May 2022

Black Arrow Cyber Threat Briefing 27 May 2022

-How Confident Are Companies in Managing Their Current Threat Exposure?

-'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds

-Paying Ransom Doesn’t Guarantee Data Recovery

-Report: Frequency of Cyber Attacks in 2022 Has Increased by Almost 3M

-New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message

-VMware, Airline Targeted as Ransomware Chaos Reigns

-Crypto Hacks Aren't a Niche Concern; They Impact Wider Society

-State of Cyber Security Report 2022 Names Ransomware and Nation-State Attacks as Biggest Threats

-Vishing (Voice Phishing) Cases Reach All Time High

-DeFi (Decentralised Finance) Is Getting Pummelled by Cyber Criminals

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • How Confident Are Companies In Managing Their Current Threat Exposure?

Crossword Cybersecurity has released a report based on the findings of a survey of over 200 CISOs and senior UK cyber security professionals. The paper reveals companies are more concerned and exposed to cyber threats than ever before, with 61 percent describing themselves as at best only “fairly confident” at managing their current cyber security threat exposure, which should raise some eyebrows around the boardroom.

Respondents also feared their cyber strategy would not keep pace with the rate of tech innovation and changes in the threat landscape. 40 percent of organisations believe their existing cyber strategy will be outdated in two years, and a further 37 percent within three years. Additional investment is needed to address longer term planning, with 44 percent saying they only have sufficient resources in their organisation to focus on the immediate and mid-term cyber threats and tech trends.

https://www.helpnetsecurity.com/2022/05/26/organizations-cyber-strategy/

  • 'There's No Ceiling': Ransomware's Alarming Growth Signals A New Era, Verizon DBIR Finds

Ransomware has become so efficient, and the underground economy so professional, that traditional monetisation of stolen data may be on its way out.

The past year has seen a staggering acceleration in ransomware incidents, with 25% of all breaches containing a ransomware component.

That's the top-line finding in the 2022 Verizon Data Breach Investigations Report (DBIR), which found that ransomware events in conjunction with breaches ballooned 13% in the past year — last year's report found that just 12% of incidents were ransomware-related. That translates into a rate of increase that's more than the previous five years of growth combined.

The 15th annual DBIR analysed 23,896 security incidents, of which 5,212 were confirmed breaches. About four in five of those were the handiwork of external cyber criminal gangs and threat groups, according to Verizon. And according to Alex Pinto, manager of the Verizon Security Research team, these nefarious types are finding it easier and easier to earn an ill-gotten living with ransomware, making other types of breaches increasingly obsolete.

"Everything in cyber crime has become so commoditised, so much like a business now, and it's just too darn efficient of a methodology for monetising their activity," he tells Dark Reading, noting that with the emergence of ransomware as-a-service (RaaS) and initial-access brokers, it takes very little skill or effort to get into the extortion game.

"Before, you had to get in somehow, look around, and find something worth stealing that would have a reseller on the other end," he explains. "In 2008 when we started the DBIR, it was by and large payment-card data that was stolen. Now, that has fallen precipitously because they can just pay for access someone else established and install rented ransomware, and it's so much simpler to reach the same goal of getting money."

https://www.darkreading.com/attacks-breaches/ransomware-alarming-growth-verizon-dbir

  • Paying Ransom Doesn’t Guarantee Data Recovery

A Veeam report has found that 72% of organisations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom.

Additionally, 76% of organisations admitted to paying the ransom. But while 52% paid the ransom and were able to recover data, 24% paid the ransom but were still not able to recover data.

https://www.helpnetsecurity.com/2022/05/24/paying-ransom-recover-data-video/

  • Report: Frequency Of Cyber Attacks in 2022 Has Increased By Almost 3M

Kaspersky has released a new report revealing a growing number of cyber attacks on small businesses in 2022 so far. Researchers compared the period between January and April 2022 to the same period in 2021, finding increases in the numbers of Trojan-PSW detections, internet attacks and attacks on Remote Desktop Protocol.

In 2022, the number of Trojan-PSW (Password Stealing Ware) detections increased globally by almost a quarter compared to the same period in 2021 一 4,003,323 to 3,029,903. Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the company network and steal sensitive information.

Internet attacks grew from 32,500,000 globally in the analysed period of 2021 to almost 35,400,000 in 2022. These can include web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet command & control centres and more.

The number of attacks on Remote Desktop Protocol grew in the U.S. (while dropping slightly globally), going from 47.5 million attacks in the first trimester of 2021 to 51 million in the same period of 2022. With the widespread shift toward remote work, many companies have introduced Remote Desktop Protocol (RDP), a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home.

With small business owners typically handling numerous responsibilities at the same time, cyber security is often an afterthought. However, this disregard for IT security is being exploited by cyber criminals. The Kaspersky study sought to assess the threats that pose an increasing danger to entrepreneurs.

https://venturebeat.com/2022/05/20/report-frequency-of-cyberattacks-in-2022-has-increased-by-almost-3m/

  • New Zoom Flaws Could Let Attackers Hack Victims Just By Sending Them A Message

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code.

With Zoom's chat functionality built on top of the XMPP standard, successful exploitation of the issues could enable an attacker to force a vulnerable client to masquerade a Zoom user, connect to a malicious server, and even download a rogue update, resulting in arbitrary code execution stemming from a downgrade attack.

https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html

  • VMware, Airline Targeted As Ransomware Chaos Reigns

Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.

Ransomware incidents are on the rise and this week proved no exception, with the discovery of a Linux-based ransomware family called Cheerscrypt targeting VMware ESXi servers and an attack on SpiceJet, India’s second largest airline.

Meanwhile, an oddball "GoodWill" variant purports to help the needy.

The Cheerscrypt ransomware variant was uncovered by Trend Micro and relies on the double-extortion scheme to coerce victims to pay the ransom – i.e., stealing data as well and threatening to leak it if victims don’t pay up.

Because of the popularity of ESXi servers for creating and running multiple virtual machines (VMs) in enterprise settings, the Cheerscrypt ransomware could be appealing to malicious actors looking to rapidly distribute ransomware across many devices.

Meanwhile, low-cost carrier SpiceJet faced a ransomware attack this week, causing flight delays of between two and five hours as well as rendering unavailable online booking systems and customer service portals.

While the company’s IT team announced on Twitter that it had successfully prevented the attempted attack before it was able to fully breach all internal systems and take them over, customers and employees are still experiencing the ramifications.

https://www.darkreading.com/attacks-breaches/vmware-airline-targeted-as-ransomware-chaos-reigns

  • Crypto Hacks Aren't A Niche Concern; They Impact Wider Society

Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.

The attack against the Ronin Network in March was quickly speculated to be one of the largest cryptocurrency hacks of all time. Approximately $540 million was stolen from the cryptocurrency and NFT games company in a combination of USDC and Etherium, with $400 million of the stolen funds owned by customers playing the game Axie Infinity.

This attack was the latest in a string of thefts perpetrated against crypto and should be a jolt to both the digital asset and cyber security communities to bring the security of cryptocurrencies into line.

The current vogue of large-scale crypto heists goes as far back as the 2014 Mt. Gox hack (another cryptocurrency exchange built around a game, Magic: The Gathering), which went into bankruptcy after losing $460 million of assets.

However, the trend has been gathering pace. In the months leading up to the Ronin Network attack, cyber criminals stole nearly $200 million worth of cryptocurrency from the crypto trading platform BitMart, attacked 400 Crypto.com users, and orchestrated NFT-related scams, to name but a few incidents.

There is often an uncomfortable tendency to see these attacks as something that takes place in isolation in a remote part of the Internet when they actually have a huge impact on thousands of people.

https://www.darkreading.com/attacks-breaches/crypto-hacks-aren-t-a-niche-concern-they-impact-wider-society

  • State Of Cyber Security Report 2022 Names Ransomware And Nation-State Attacks As Biggest Threats

Ransomware is the biggest concern for cyber security professionals, according to results of the Infosecurity Group’s 2022 State of Cybersecurity Report, produced by Infosecurity Europe and Infosecurity Magazine.

Cyber Security Professionals' Number One Concern: Ransomware.

This attack vector was voted as the biggest cyber security trend (28%) by the survey respondents (including CISOs, CTOs, CIOs and academics), marking a significant change from the previous report in 2020, where ransomware did not break the top three. This follows surging ransomware incidents in 2021, with ransom demands and payments growing significantly last year. A number of these attacks have also impacted critical industries, for example, taking down the US’ largest fuel pipeline.

The survey respondents also highlighted the evolving tactics and capabilities of ransomware attackers. This includes threat actors becoming more sophisticated as they evolve into loosely coupled service-based operations.

A number of cyber security professionals believe that cyber-criminal groups will become more guarded in their approach due to new initiatives by governments and law enforcement to tackle these activities.

Cyber Security Professionals' Number Two Concern: Nation-State Attacks.

The second biggest concern for survey respondents was geopolitics/nation-state attacks (24%), particularly the shifting hostilities from the Russia-Ukraine conflict into cyberspace. Russia already had a reputation for conducting offensive cyber operations prior to the conflict, and the Ukrainian government and critical services have experienced numerous attacks both before and since the war began.

https://www.infosecurity-magazine.com/news/2022-state-industry-report/

  • Vishing (Voice Phishing) Cases Reach All Time High

Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months (Q1 2021 to Q1 2022), according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs.

In Q1 2022, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.

According to the findings, vishing attacks have overtaken business email compromise (BEC) as the second most reported response-based email threat since Q3 2021. By the end of the year, more than one in four of every reported response-based threat was a vishing attack, and this makeup continued through Q1 2022.

https://www.helpnetsecurity.com/2022/05/24/vishing-cases-increased/

  • DeFi (Decentralised Finance) Is Getting Pummelled By Cyber Criminals

Decentralised finance lost $1.8 billion to cyber attacks last year — and 80% of those events were the result of vulnerable code, analysts say.

Decentralised finance (DeFi) platforms — which connect various cryptocurrency blockchains to create a decentralised infrastructure for borrowing, trading, and other transactions — promise to replace banks as a secure and convenient way to invest in and spend cryptocurrency. But in addition to attracting hordes of new users with dreams of digital fortune, cyber criminals have discovered them to be an easy target, wiping out wallets to zero balances in a moment, tanking whole markets while profiting, and more, according to a new report.

Analysts with Bishop Fox found that DeFi platforms lost $1.8 billion to cyber attacks in 2021 alone. With a total of 65 events observed, 90% of the losses came from unsophisticated attacks, according to the report, which points to the lax cyber security practices of the sector.

DeFi averaged five attacks per week last year, with most of them (51%) coming from the exploitation of "smart contracts" bugs, the analysts found. Smart contracts are essentially records of transactions, stored on the blockchain.

Other top DeFi attack vectors include cryptowallets, protocol design flaws, and so-called "rug-pull" scams (where investors are lured to a new cryptocurrency project that is then abandoned, leaving targets with a worthless currency). But taken together, 80% of all events were caused by the use (and re-use) of buggy code, according to the report.

https://www.darkreading.com/attacks-breaches/defi-pummeled-by-cybercriminals


Threats

Ransomware

BEC – Business Email Compromise

Phishing & Email Based Attacks

Other Social Engineering

Malware

Mobile

BYOD

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

Insider Risk and Insider Threats

Dark Web

Supply Chain and Third Parties

Denial of Service DoS/DDoS

Cloud/SaaS

Attack Surface Management

Open Source

Privacy

Passwords & Credential Stuffing

Regulations, Fines and Legislation

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine







As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Antony Cleal Antony Cleal

Black Arrow Cyber Threat Briefing 12 February 2021

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.


Top Cyber Stories of the Last Week

2020 Sees Ransomware Increase By Over 400 Percent

A new study from Cyber Security company, finds that last year malware increased by 358 percent overall and ransomware increased by 435 percent as compared with 2019. The report which analyzes millions of attacks taking place across the year finds distribution of the Emotet malware skyrocketed by 4,000 percent, while malware threats attacking Android phones increased by 263 percent. July saw the largest increase in malicious activity, up by 653 percent compared with the previous year. Microsoft Office documents are the most manipulated document attack vector and these attacks were up by 112 percent.

https://betanews.com/2021/02/10/ransomware-increase-400-percent/

Remote Desktop Protocol Attacks Surge By 768%

Remote desktop protocol (RDP) attacks increase by 768% between Q1 and Q4 last year, fuelled by the shift to remote working. However, a slower rate of growth was observed in the final quarter of the year, indicating that organizations have enhanced their security for remote users.

https://www.infosecurity-magazine.com/news/remote-desktop-protocol-attacks/

Even Minor Phishing Operations Can Distribute Millions Of Malicious Emails Per Week

Even small-scale phishing campaigns are capable of distributing millions and millions of malicious emails to victims around the world, according to a new report. Describing the most popular styles of phishing attack, criminal today rely on fast-churning campaigns. They create a single phishing email template (usually in English) and send it out to anywhere between 100 and 1,000 targets.

https://www.itproportal.com/news/even-small-phishing-operations-can-distribute-millions-of-malicious-emails-per-week/

With One Update, This Malicious Android App Hijacked Millions Of Devices

With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices. Lavabird Ltd.'s Barcode Scanner was an Android app that had been available on Google's official app repository for years. The app, accounting for over 10 million installs, offered a QR code reader and a barcode generator -- a useful utility for mobile devices.

https://www.zdnet.com/article/with-one-update-this-malicious-android-app-hijacked-10-million-devices/

Cd Projekt Hit By Ransomware Attack, Refused To Pay Ransom, Data Reportedly Sold Off By Hackers

Polish video game maker CD Projekt, which makes Cyberpunk 2077 and The Witcher, has confirmed it was hit by a ransomware attack. In a statement posted to its Twitter account, the company said it will “not give in nor negotiate” with the hackers, saying it has backups in place. “We have already secured our IT infrastructure and begun restoring data,” the company said.

https://techcrunch.com/2021/02/09/cd-projekt-red-hit-by-ransomware-attack-refuses-to-pay-ransom/

Hacked Florida Water Plant Used Shared Passwords And Windows 7 PCs

The Oldsmar, Florida water plant hacked earlier this week used outdated Windows 7 PCs and shared passwords, the Associated Press has reported. A government advisory also revealed that the relatively unsophisticated attack used the remote-access program TeamViewer. However, officials also said that the hacker’s attempt to boost chemicals to dangerous levels was stopped almost immediately after it started.

https://www.engadget.com/hacked-water-plant-computer-had-shared-passwords-andofdate-windows-os-082552973.html

Top Web Hosting Provider Shuts Down Following Cyber Attack

Cybercriminals often attack websites in order to extort a ransom from their victims but a recent cyberattack against the web hosting company No Support Linux Hosting took quite a different turn. After a hacker managed to breach the company's internal systems and compromise its entire operation, No Support Linux Hosting has announced that it is shutting down. The company alerted its customers to the situation before shutting down its website in a message.

https://www.techradar.com/news/top-web-hosting-provider-shuts-down-following-cyberattack

High Demand For Hacker Services On Dark Web Forums

Nine in 10 (90%) users of dark web forums are searching for a hacker who can provide them with a particular resource or who can download a user database. This is according to new research by Positive Technologies, which analyzed activity on the 10 most prominent forums on the dark web, which offer services such as website hacking and the buying/selling of databases. The study highlights the growing demand for hackers’ services and stolen data, exacerbated by the increased internet usage by both organizations and individuals since the start of COVID-19.

https://www.infosecurity-magazine.com/news/demand-hacker-services-dark-web/

Facebook Phishing Campaign Tricked Nearly 500,000 Users In Two Weeks

A recent investigation uncovered a large scale phishing operation on Facebook. The Facebook phishing campaign is dangerous and targets user personal information. The phishing scam “Is that you” currently on Facebook has been around in multiple forms for years. The whole trouble starts with a “friend” sending you a message claiming to have found a video or image with you in it. The message is usually a video and after clicking, it takes you through a series of websites. These websites have malicious scripts that get your location, device type, and operating system.

https://www.gizchina.com/2021/02/09/facebook-phishing-campaign-tricked-nearly-500000-users-in-two-weeks/

Hackers Are Tweaking Their Approach To Phishing Attacks In 2021

Cyber criminals are a creative bunch, constantly coming up with new ways to avoid detection and advance their sinister goals. A new report from cyber security experts at BitDam describes a few fresh techniques used in the wild so far in 2021. According to the report, email protection solutions tend to trust newly created email domains that are yet to be flagged as dangerous. Criminals are now increasingly exploiting this fact to increase the chances that phishing, and malware emails make it into victims' inboxes.

https://www.itproportal.com/news/hackers-are-tweaking-their-approach-to-phishing-attacks-in-2021/


Threats

 Ransomware

Phishing

Malware

Mobile

IOT

Vulnerabilities

Data Breaches

Organised Crime

Supply Chain

Nation-State Actors

Privacy




As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 08 January 2021

Black Arrow Cyber Threat Briefing 08 January 2021: Ryuk gang estimated to have made more than $150 million from ransomware; China's hackers move to ransomware; Amid hardened security, attackers seek softer targets; Hackney Council files leaked online after cyber attack; PayPal users targeted in new SMS phishing campaign; the rise of cyber-mercenaries; Declutter Your Devices to Reduce Security Risks

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.


Top Cyber Headlines of the Week

Ryuk gang estimated to have made more than $150 million from ransomware attacks

In a joint report published today, threat intel company Advanced Intelligence and cyber security firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed and linked to Ryuk ransomware attacks. "Ryuk receives a significant amount of their ransom payments from a well-known broker that makes payments on behalf of the ransomware victims," the two companies said. "These payments sometimes amount to millions of dollars and typically run in the hundreds of thousands range."

https://www.zdnet.com/article/ryuk-gang-estimated-to-have-made-more-than-150-million-from-ransomware-attacks/

China's APT hackers move to ransomware attacks

Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse.

https://www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/

SolarWinds hack: Amid hardened security, attackers seek softer targets

Reported theories by SolarWinds hack investigators that federal agencies and private companies were too busy focusing on election security to recognize vulnerabilities tied to the software supply chain are unfair and misleading. And yet, those same experts acknowledge that such accusations offer an important cyber security lesson for businesses: organizations must ensure that their entire attack surface receives attention.

https://www.scmagazine.com/home/solarwinds-hack/solarwinds-hack-amid-hardened-security-attackers-seek-softer-targets/

Hackney Council files including alleged passport documents leaked online after cyber attack

The council in East London was hit by what it described as a "serious cyber attack" in October. It reported itself to the data watchdog due to the risk criminals accessed staff and residents' data. The council said it was working with the UK's National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.

https://news.sky.com/story/hackney-council-files-including-alleged-passport-documents-leaked-online-after-cyber-attack-12181017

PayPal users targeted in new SMS phishing campaign

Now, at first glance the message may not seem all that suspicious since PayPal may, in fact, impose limits on sending and withdrawing money. The payment provider usually does so when it suspects that an account has been accessed by a third party without authorization, when it has detected high-risk activities on an account, or when a user has violated its Acceptable Use Policy. However, in this case it really is a case of SMS-borne phishing, also known as Smishing. If you click on the link, you will be redirected to a login phishing page that will request your access credentials. Should you proceed to “log in”, your credentials will be sent to the scammers behind the ruse and the fraudulent webpage will attempt to gather further information, including the full name, date of birth address, and bank details.

https://www.welivesecurity.com/2021/01/04/paypal-users-targeted-new-sms-phishing-campaign/

SolarWinds, top executives hit with class action lawsuit over Orion software breach

SolarWinds and some of its top executives have been hit with a class action lawsuit by stockholders, who allege the company lied and materially misled them about security practices leading up to a massive breach of its Orion management software that has reverberated throughout the public and private sector.

https://www.scmagazine.com/home/solarwinds-hack/solarwinds-top-executives-hit-with-class-action-lawsuit-over-orion-software-breach/

The rise of cyber-mercenaries poses a growing threat for both governments and companies

These days, 21st century mercenaries are as likely to be seated behind a computer screen, wreaking havoc for their paymasters’ enemies as slugging it out on a real-world battlefield. But the rapid rise of cyber-mercenaries - or Private Sector Offensive Actors (PSOAs) - is vexing some of the biggest names in the global technology industry, and for good reason. Globally, the cyber security industry is already vast, raking in an estimated $156bn in revenues in 2019. It is set to nearly double in size by 2027.

https://www.telegraph.co.uk/business/2021/01/07/privatisation-cyber-security-growing-threat-governments-companies/

Declutter Your Devices to Reduce Security Risks

Everyone should set aside time to review what they’ve installed on their various devices—typically apps, but that can also include games and addons. In fact, this should be an annual cleaning, at minimum.

You’re not just doing this because you want your device to look good. That’s one benefit you get from cleaning up your digital life, but it’s not the most important one. You’re also doing this to bolster your digital security. Yes, security.

https://lifehacker.com/declutter-your-devices-to-reduce-security-risks-1845991606


Threats

Ransomware

New Year, New Ransomware: Babuk Locker Targets Large Corporations

Phishing

This new phishing attack uses an odd lure to deliver Windows trojan malware

Facebook ads used to steal 615000+ credentials in a phishing campaign

Malware

North Korean hackers launch RokRat Trojan in campaigns against the South

Thousands infected by trojan that targets cryptocurrency users on Windows, Mac and Linux

A hacker’s predictions on enterprise malware risk

Vulnerabilities

Google Warns of Critical Android Remote Code Execution Bug

Hackers are actively exploiting this leading VPN, so patch now

Data Breaches

Hacker posts data of 10,000 American Express accounts for free

Vodafone's ho. Mobile admits data breach, 2.5m users impacted

The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on online.

T-Mobile data breach: ‘Malicious, unauthorized’ hack exposes customer call information
Exclusive Networks hit by cyberattack on New Year's Eve

Up to half a million victims of BA data breach could be eligible for compensation

Nation State Actors

Even Small Nations Have Jumped into the Cyber Espionage Game

Denial of Service

Ransom DDoS attacks target a Fortune Global 500 company

Privacy

Telegram feature exposes your precise address to hackers

Whatsapp Competitor Signal Stops Working Properly As Users Rush To Leave Over Privacy Update

Google Chrome browser privacy plan investigated in UK

Singapore police can access COVID-19 contact tracing data for criminal investigations

Other News

Feds Issue Recommendations for Maritime Cybersecurity


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Cyber Weekly Flash Briefing for 21 February 2020 – Adobe out-of-band fix, critical Cisco bugs, Insider Threats, PayPal phishing, Supply Chain Risks

Cyber Weekly Flash Briefing for 21 February 2020 – Adobe out of band fix, critical Cisco bugs, Insider Threats, PayPal phishing, Supply Chain Risks

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.


Adobe releases out-of-band patch for critical code execution vulnerabilities

Adobe has released an out-of-schedule fix to resolve two vulnerabilities that may expose user systems to code execution attacks.

On Wednesday, the software vendor released two separate security advisories describing the issues, warning that each bug is deemed critical, the highest severity score available. However, there is at present no evidence the vulnerabilities are being exploited in the wild.

The first vulnerability impacts Adobe Media Encoder versions 14.0 and earlier on the Microsoft Windows platform.  The second vulnerability impacts Adobe After Effects versions 16.1.2 and earlier also on Windows machines.

Read more on ZDnet here: https://www.zdnet.com/article/adobe-releases-out-of-schedule-fixes-for-critical-vulnerabilities/


Critical Cisco Bug Opens Software Licencing Manager to Remote Attack

A default password would let anyone access the Cisco Smart Software Manager On-Prem Base platform, even if it’s not directly connected to the internet.

A critical flaw in the High Availability (HA) service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn’t directly connected to the internet.

Cisco Smart Software Manager On-Prem Base is used to manage a customer or partner’s product licenses, providing near real-time visibility and reporting of the Cisco licenses that an organisation purchases and consumes. According to Cisco’s product literature, the platform is aimed at “customers who have strict security requirements and do not want their products to communicate with the central licensing database on Smart Software Manager over a direct Internet connection,” like financial institutions, utilities, service providers and government organisations.

Read the full article on ThreatPost here: https://threatpost.com/critical-cisco-bug-software-licencing-remote-attack/153086/


97% of IT leaders majorly concerned by insider data breaches

A study has found that 97% of IT leaders are concerned that data will be exposed by their own employees, leading to insider breaches

This findings from the survey spelled a lack of reassurance for decision makers regarding insider breaches over the past 12 months.

Also, 78% of IT leaders surveyed said that employees have put data at risk accidentally within the last year, while 75% say that intentional compromise of data security has occurred.

While the former statistic has remained stable since 2019, the latter saw a 14% jump.

In the UK, 63% declared intentional data security compromise, while 68% said this was accidental. This contrasted with leaders in the Benelux region, 89% of whom said that data was put at risk intentionally, and 91% accidentally.

Read more here: https://www.information-age.com/it-leaders-majorly-concerned-insider-data-breaches-123487769/


PayPal remains the most‑spoofed brand in phishing scams

PayPal, Facebook, Microsoft, Netflix, and WhatsApp were the most commonly impersonated brands in phishing campaigns in the fourth quarter of 2019.

The payment services provider retained its top spot from the previous quarter, according to data gleaned from the number of unique phishing URLs detected by the company. Thanks to the immediate financial payback and a pool of 305 million active users worldwide, PayPal’s continued popularity among phishers isn’t all that surprising.

PayPal-themed phishing campaigns usually target both consumers and SMB employees, with researchers pointing to an example of a recent fraudulent email that alerted users to an “unusual activity on your account”. A similar campaign was recently uncovered by researchers.

Social media phishing continues to grow with Facebook taking second place on the list. Meanwhile, WhatsApp jumped a whopping 63 spots to take fifth place and Instagram surged 16 places to take the 13th spot.

More: https://www.welivesecurity.com/2020/02/14/paypal-remains-most-spoofed-brand-phishing-scams/


Windows 10 update: Microsoft admits serious problem, here's how to fix it

It was recently discovered that the newest Windows 10 update was somehow deleting users’ files. The update has been live for over a week now, but fear not (or at least not too much) Windows fans, Microsoft has now said (unofficially) that it’s found a fix.

Thanks to Windows Latest (via TechRadar), we now know how Windows is responding to the problem. The site interviewed unnamed Microsoft support team staff, one of which was quoted  as saying: “Microsoft is aware of this known issue and our engineers are working diligently to find a solution for it.” In addition, it’s been reported that the Windows team have been able to replicate the bug and find one potential way of restoring any lost files.

Read the full article here: https://www.tomsguide.com/news/windows-10-update-microsoft-admits-serious-problem-heres-how-to-fix-it


Mitigating Risk in Supply Chain Attacks

In the last year, the number of global businesses falling victim to supply chain attacks more than doubled from 16 to 34 per cent – in the UK the picture is even worse with a staggering 42 per cent reporting they fell victim to these sorts of attacks.

This kind of attack is a powerful threat as it enables malicious code to slip into an organisation through trusted sources. What is worse is that it’s a tougher threat for traditional security approaches to account for.

Of even more concern though is that this particular attack vector doesn’t appear to be a top priority for businesses. The same survey found only 42 per cent of respondents have vetted all new and existing software suppliers in the past 12 months. While this has led to 30 per cent of respondents believing with absolute certainty that their organisation will become more resilient to supply chain attacks over the next 12 months, the increasing scale and frequency of these attacks demands a proportionate response.

The problem is that many businesses fail to understand how quickly adversaries can move laterally through the network via this sort of compromise and how much damage can be done in that short amount of time. There is an educational need for the cyber industry to broadcast the potential consequences of supply chain attacks, and to share best practices around their defence and mitigation.

Adversaries use supply chain attacks as a sneaky weak point through which to creep into the enterprise and attack software further up the supply chain rather than going straight for their final target: An organisation with funds or information they wish to pilfer, or whom they will ‘merely’ disrupt. Once an adversary successfully compromises the chain, their M.O. is to modify the trusted software to perform additional, malicious activities. If not discovered, compromised software can then be delivered throughout an organisation via software updates.

Read the original article here: https://www.cbronline.com/opinion/mitigating-risk-in-supply-chain-attacks


Russia’s GRU was behind cyber attacks on Georgian government and media, says NCSC

British security officials have identified a Russian military intelligence unit as the source of a series of “large-scale, disruptive cyber attacks” on Georgia last autumn.

The former Soviet Union state suffered a spree of attacks on its government websites, national broadcasters and NGOs over several hours on 28 October 2019.

Analysts at the National Cyber Security Centre have concluded “with the highest level of probability” that the attacks, aimed at web hosting providers, were carried out by the GRU in a bid to destabilise the country.

Read more here: https://tech.newstatesman.com/security/russia-gru-cyber-attacks-georgia-ncsc


UK Google users could lose EU GDPR data protections

Google is to move the data and user accounts of its British users from the EU to the US, placing them outside the strong privacy protections offered by European regulators.

The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions not covered by Europe’s world-leading General Data Protection Regulation (GDPR) and therefore with less protection and within easier reach of British law enforcement.

Google intends to require its British users to acknowledge new terms of service including the new jurisdiction, according to people familiar with the plans.

Read more: https://www.theguardian.com/technology/2020/feb/20/uk-google-users-to-lose-eu-gdpr-data-protections-brexit


ISS World “malware attack” leaves employees offline

Global facilities company ISS World, headquartered in Denmark, has shuttered most of its computer systems worldwide after suffering what it describes as a “security incident impacting parts of the IT environment.”

The company’s website currently shows a holding page, with no clickable links on it.

Some media outlets – for example, the BBC – have mentioned ransomware prominently in their coverage of the issue, perhaps because of the suddenness of the story, but at the moment we simply don’t know what sort of malware was involved.

As you can imagine, facilities companies that provide services such as cleaning and catering rely heavily on IT systems for managing their operations.

Read the full article here: https://nakedsecurity.sophos.com/2020/02/20/iss-world-malware-attack-leaves-employees-offline/


Google is trying to scare Microsoft Edge users into switching to Chrome

Could Google be worried about the new Edge browser stealing away Chrome users? It seems that way, with the company now displaying a warning to people using Microsoft’s new web browser when they access the Chrome web store.

Originally, Microsoft’s Edge web browser was a deeply unpopular piece of software, despite it being the default web browser in Windows 10, which led Microsoft to overhaul the app, and it’s now based on the same Chromium engine as Chrome.

Edge users who visit the Chrome web store are seeing a warning message that says “Google recommends switching to Chrome to use extensions securely.”

Read more here: https://www.techradar.com/uk/news/google-is-trying-to-scare-microsoft-edge-users-into-switching-to-chrome


Your home PC is twice as likely to get infected as your work laptop

Outdated operating systems and poor security put consumer PCs at risk

Consumer PCs are twice as likely to get infected as business PCs, new research has revealed.

According to the findings, the reason consumer PCs are more susceptible to infections is due to the fact that many are running outdated operating systems such as Windows 7 and because consumers aren't employing the same security solutions used by businesses which offer greater protection.

Of the infected consumer devices, more than 35 percent were infected over three times and nearly 10 percent encountered six or more infections.

More: https://www.techradar.com/uk/news/consumer-pcs-are-twice-as-likely-to-get-infected-compared-to-business-pcs


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Read More