Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 03 December 2021
Black Arrow Cyber Threat Briefing 03 December 2021
-Double Extortion Ransomware Victims Soar 935%
-MI6 Boss: Digital Attack Surface Growing "Exponentially"
-How Phishing Kits Are Enabling A New Legion Of Pro Phishers
-Crooks Are Selling Access To Hacked Networks. Ransomware Gangs Are Their Biggest Customers
-Omicron Phishing Scam Already Spotted in UK
-Phishing Remains the Most Common Cause of Data Breaches, Survey Says
-Ransomware Victims Increase Security Budgets Due To Surge In Attacks
-Control Failures Are Behind A Growing Number Of Cyber Security Incidents
-MI6 Spy Chief Says China, Russia, Iran Top UK Threat List
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Double Extortion Ransomware Victims Soar 935%
Researchers have recorded a 935% year-on-year increase in double extortion attacks, with data from over 2300 companies posted onto ransomware extortion sites.
Group-IB’s Hi-Tech Crime Trends 2021/2022 report covers the period from the second half of 2020 to the first half of 2021.
During that time, an “unholy alliance” of initial access brokers and ransomware-as-a-service (RaaS) affiliate programs has led to a surge in breaches, it claimed.
In total, the number of breach victims on ransomware data leak sites surged from 229 in the previous reporting period to 2371, Group-IB noted. During the same period, the number of leak sites more than doubled to 28, and the number of RaaS affiliates increased 19%, with 21 new groups discovered.
Group-IB warned that, even if victim organisations pay the ransom, their data often end up on these sites.
https://www.infosecurity-magazine.com/news/double-extortion-ransomware-soar/
MI6 Boss: Digital Attack Surface Growing "Exponentially"
Head of the Secret Intelligence Service (SIS), Richard Moore, explained in a rare speech this week that, unlike the character Q from the James Bond films, even MI6 cannot source all of its tech capabilities in-house.
New partners and tech capabilities will help address MI6’s four key priorities: Russia, China, Iran and global terrorism. It’s a challenge made more acute as technology rapidly advances, he said.
“The ‘digital attack surface’ that criminals, terrorists and hostile states threats seek to exploit against us is growing exponentially. We may experience more technological progress in the next ten years than in the last century, with a disruptive impact equal to the industrial revolution,” Moore argued.
https://www.infosecurity-magazine.com/news/mi6-digital-attack-surface-growing/
How Phishing Kits Are Enabling A New Legion Of Pro Phishers
Some cybercriminals are motivated by political ideals, others by malice or mischief, but most are only interested in cold, hard cash. To ensure their criminal endeavours are profitable, they need to balance the potential payday against the time, resources and risk required.
It’s no wonder then that so many use phishing as their default attack method. Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign.
https://www.helpnetsecurity.com/2021/12/02/phishing-kits-pro/
Crooks Are Selling Access To Hacked Networks. Ransomware Gangs Are Their Biggest Customers
Dark web forum posts offering compromised VPN, RDP credentials and other ways into networks have tripled in the last year.
There's been a surge in cyber criminals selling access to compromised corporate networks as hackers look to cash in on the demand for vulnerable networks from gangs looking to initiate ransomware attacks.
Researchers at cybersecurity company Group-IB analysed activity on underground forums and said there's been a sharp increase in the number of offers to sell access to compromised corporate networks, with the number of posts offering access tripling between 2020 and 2021
Omicron Phishing Scam Already Spotted in UK
The global pandemic has provided cover for all sorts of phishing scams over the past couple of years, and the rise in alarm over the spread of the latest COVID-19 variant, Omicron, is no exception.
As public health professionals across the globe grapple with what they fear could be an even more dangerous COVID-19 variant than Delta, threat actors have grabbed the opportunity to turn uncertainty into cash.
UK consumer watchdog “Which?” has raised the alarm that a new phishing scam, doctored up to look like official communications from the National Health Service (NHS), is targeting people with fraud offers for free PCR tests for the COVID-19 Omicron variant
https://threatpost.com/omicron-phishing-scam-uk/176771/
Phishing Remains the Most Common Cause of Data Breaches, Survey Says
Phishing, malware, and denial-of-service attacks remained the most common causes for data breaches in 2021. Data from Dark Reading’s latest Strategic Security Survey shows that more companies experienced a data breach over the past year due to phishing than any other cause. The percentage of organisations reporting a phishing-related breach is slightly higher in the 2021 survey (53%) than in the 2020 survey (51%). The survey found that malware was the second biggest cause of data breaches over the past year, as 41% of the respondents said they experienced a data breach where malware was the primary vector.
Ransomware Victims Increase Security Budgets Due To Surge In Attacks
As the end of 2021 approaches, there’s no doubt ransomware became a top cybersecurity concern across multiple industries. Successful ransomware attacks like the Colonial Pipeline, which took down critical US infrastructure, and Kaseya, which hit over 1,500 companies in a single attack, became a popular topic in the news.
Research conducted by Cymulate, however, shows that despite the increase in the number of attacks this past year, overall victims suffered limited damage in both severity and duration. Potential victims have improved their level of preparedness, with 70% reporting an increase of awareness at the boardroom and business management level. The majority (55%) undertook proactive measures to prevent ransomware attacks before they could cause any significant damage, and many of those respondents (38%) prevented attacks even before they could cause any serious downtime. Only 14% of respondents that experienced an attack were down for a week or more.
Control Failures Are Behind A Growing Number Of Cyber Security Incidents
Data from a survey of 1,200 enterprise security leaders reveals that an increase in tools and manual reporting combined with control failures are contributing to the success of threats such as ransomware, which costs organisations an average of $1.85 million in recovery, according to Panaseer.
Currently, only 36% of security leaders feel very confident in their ability to prove controls were working as intended. This is despite 99% of respondents believing it’s valuable to know that all controls are fully deployed and operating within policy, and cybersecurity control failures are currently being listed as the top emerging risk in the latest Gartner Emerging Risks Monitor Report. Attacks only succeed when they hit systems that haven’t been patched or don’t have security controls monitoring them.
https://www.helpnetsecurity.com/2021/12/01/control-failures-cybersecurity/
MI6 Spy Chief Says China, Russia, Iran Top UK Threat List
China, Russia and Iran pose three of the biggest threats to the U.K. in a fast-changing, unstable world, the head of Britain’s foreign intelligence agency said Tuesday.
MI6 chief Richard Moore said the three countries and international terrorism make up the “big four” security issues confronting Britain’s spies.
In his first public speech since becoming head of the Secret Intelligence Service, also known as MI6, in October 2020, Moore said China is the intelligence agency’s “single greatest priority” as the country’s leadership increasingly backs “bold and decisive action” to further its interests.
Calling China “an authoritarian state with different values than ours,” he said Beijing conducts “large-scale espionage operations” against the U.K. and its allies, tries to ”distort public discourse and political decision-making” and exports technology that enables a “web of authoritarian control” around the world.
Moore said the U.K. also continues “to face an acute threat from Russia.” He said Moscow has sponsored killing attempts, such as the poisoning of former spy Sergei Skripal in England in 2018, mounts cyber attacks and attempts to interfere in other countries’ democratic processes.
https://www.securityweek.com/mi6-spy-chief-says-china-russia-iran-top-uk-threat-list
Threats
Ransomware
Microsoft Exchange Servers Hacked To Deploy BlackByte Ransomware (Bleepingcomputer.Com)
New Ransomware Variant Could Become Next Big Threat (darkreading.com)
Yanluowang Ransomware Tied to Thieflock Threat Actor | Threatpost
Yanluowang Ransomware Operation Matures With Experienced Affiliates (Bleepingcomputer.Com)
Ransomware Attack On Planned Parenthood Exposes 400,000 Patients' Personal Data - CNN
Phishing
APT Groups Adopt New Phishing Method. Will Cybercriminals Follow? (darkreading.com)
Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks (thehackernews.com)
Malware
Emotet Now Spreads Via Fake Adobe Windows App Installer Packages (Bleepingcomputer.Com)
New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions (thehackernews.com)
Password-Stealing And Keylogging Malware Is Being Spread Through Fake Downloads | ZDNet
Malware Variants In 2021: Harder To Detect And Respond To - Help Net Security
Mobile
Surge Of Info-Stealing Android Malware FluBot Detected Again • The Register
Fake Support Agents Call Victims To Install Android Banking Malware (Bleepingcomputer.Com)
Multi-Platform Spyware Tracks Users Across Windows And Android | Techradar
IOT
Vulnerabilities
Pretty Much All Wi-Fi Routers Are Vulnerable To Attack, Study Finds | Techradar
Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks (thehackernews.com)
New Ubuntu Linux Kernel Security Patches Address 6 Vulnerabilities, Update Now - 9to5Linux
Netgear Router Vulnerabilities Affecting SME Products Fixed • The Register
Data Breaches/Leaks
UK Government Fined £500,000 For New Year Honours Data Breach - BBC News
Panasonic Discloses Four-Months-Long Data Breach - The Record By Recorded Future
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
Iranians Charged for Cryptojacking After U.S. Firm Gets $760,000 Cloud Bill | SecurityWeek.Com
Threat Actors Stole $120 M In Crypto From BadgerDAO DeFi Platform - Security Affairs
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify (trendmicro.com)
How Do Criminals Exploit Cryptocurrencies? | Financial Times (ft.com)
Insider Threats
Fraud & Financial Crime
Insurance
Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks | Threatpost
Cyber War Victims Might Not Get Payouts – Insurer • The Register
OT, ICS, IIoT and SCADA
Nation State Actors
MI6 Spy Chief Says China, Russia, Iran Top UK Threat List | SecurityWeek.Com
Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks | Threatpost
Jumping The Air Gap: 15 Years Of Nation‑State Effort | WeLiveSecurity
Israel and Iran Broaden Cyberwar to Attack Civilian Targets - The New York Times (nytimes.com)
North Korea-Linked Zinc APT Posed As Samsung Recruiters To Target Security Firms - Security Affairs
Cloud
Parental Controls
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.