Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 02 February 2024
Black Arrow Cyber Threat Intelligence Briefing 02 February 2024:
-The Financial Sector Is Plagued by Increasingly Sophisticated Cyber Attacks That Demand a Defensive Paradigm Shift
-The $10 Billion Cyber Insurance Industry Sees a Dangerous Year in Cyber Crime Ahead. AI, Ransomware, and War are its Biggest Concerns
-Microsoft Says Russian Hackers Used Known Identified Tactics to Breach Senior Exec Emails
-Old Methods, New Tricks: Cyber Criminals Are Still Using Social Engineering to Steal Your Credentials
-UK Government Unveils New Cyber Threat Guidelines as 32% of Firms Suffer Attacks in Past Year
-94% of Organisations Would Pay a Ransom, Despite Having ‘Do Not Pay’ Policies, as 79% Faced an Attack in 2023
-Interpol Arrests More than 30 Cyber Criminals in Global Operation
-Divide and Succeed: Splitting IT and Security Makes Business Sense
-Ransomware Groups Gain Clout with False Attack Claims
-Payment Fraud is Hitting Organisations Harder Than Ever Before
-Chinese Hacking Operations Have Entered a Far More Dangerous Phase, US Warns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
The Financial Sector is Plagued by Increasingly Sophisticated Cyber Attacks That Demand a Defensive Paradigm Shift
A series of interviews with senior cyber executives and decision makers around the world gave insights into the attacks seen in the financial sector. The findings include 77% of financial organisations detecting campaigns to steal non-public market information, 48% falling victim to attacks solely focused on destroying data and 45% of organisations believing they were a victim of an attack which they were unable to detect. The financial sector remains a valuable target for cyber criminals and as such, organisations within this sector must proactively protect themselves.
Source: [PR News Wire]
The $10 Billion Cyber Insurance Industry Sees a Dangerous Year in Cyber Crime Ahead. AI, Ransomware, and War are its Biggest Concerns
A recent report by insurance broker Woodruff Sawyer sheds light on pressing concerns from the perspective of the insurance industry. Amidst ongoing global conflicts and the rise of AI-driven cyber threats, the boundaries between war and cyber attacks are blurring. Insurers are increasingly wary, with many opting not to provide coverage, particularly against war-related risks. The survey reveals a grim outlook, with 56% of clients anticipating a significant increase in cyber risks in 2024, primarily driven by ransomware and war associated threats. The challenge lies in defining and navigating these evolving risks, leaving clients uncertain about their cyber security strategies. Additionally, updated US Securities and Exchange Commission (SEC) rules mandating rapid disclosure of cyber breaches add further complexity to the cyber security landscape, warranting close monitoring by insurers. As cyber threats continue to evolve in a turbulent world, the insurance industry faces unprecedented challenges in safeguarding against cyber risks.
Source: [Fortune]
Microsoft Says Russian Hackers Used Known Identified Tactics to Breach Senior Exec Emails
Hackers allegedly linked to Russia’s Foreign Intelligence Service (SVR) breached a legacy non-production test tenant account in Microsoft last November, before pivoting into their senior executives’ email accounts. Microsoft only discovered the incident on 12 January. In a blog post, Microsoft said that the attackers had used a password spray attack on a limited number of accounts. One of these accounts was a legacy, non-production test account that had elevated access to the Microsoft corporate environment, and the ability to create malicious OAuth applications with access to other corporate mailboxes, leading to them accessing senior executives’ emails. Microsoft has since confirmed that multi-factor authentication was not enabled. Microsoft has previously warned the public about this exact scenario, writing that attackers “compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity.”
Sources: [The Record] [Bleeping Computer]
Old Methods, New Tricks: Cyber Criminals Are Still Using Social Engineering to Steal Your Credentials
2023 showed us that despite all the advancements in cyber security, most threat actors are simply just logging in. To do this an attacker needs credentials, often gained through phishing, the most common social engineering tactic. The emergence and utilisation of artificial intelligence has only made this easier, the point being that now virtually anyone can conduct a sophisticated phishing campaign, and with huge success. But what can organisations do? Focus on their human firewall. Social engineering will remain, and organisations need to ensure that their staff are consistently trained to be vigilant, as well as regular updated training on current trends. Users should ensure that they don’t reuse passwords across accounts, nor use easy to guess passwords or patterns. Users should be encouraged to use password managers to enable better, and more manageable, password hygiene. Where possible, multi factor authentication should be enforced.
Sources: [Security Boulevard] [Beta News] [Security Intelligence]
UK Government Unveils New Cyber Threat Guidelines as 32% of Firms Suffer Attacks in Past Year
The UK government is urging organisations to prioritise cyber threats as a key business risk, on par with financial and legal challenges. They have released new guidelines, the Cyber Governance Code of Practice, aimed at directors and senior leaders to elevate cyber security as a focal point in business operations. The code recommends clear roles and responsibilities, customer protection, and plans to respond to cyber attacks. It also emphasises the need for employees to possess adequate cyber awareness and skills. As cyber security incidents rise, a report found that 77% of financial services organisations have experienced a cyber attack. Other figures also show that 32% of firms have suffered a cyber breach or attack in the past year alone. These guidelines align with the UK Government’s National Cyber Strategy, aiming to protect and promote online security in the country. With the financial sector experiencing underperforming cyber security providers, organisations need to strengthen their anti-fraud defences, possibly incorporating cyber risk ratings for a more robust security posture.
Source: [The Fintech Times]
94% of Organisations Would Pay a Ransom, Despite Having ‘Do Not Pay’ Policies, as 79% Faced an Attack in 2023
A recent study has found that 94% of organisations would pay a ransomware demand, even if they had a ‘do not pay’ policy, in the event of an attack. The study found that 79% had suffered a ransomware related attack in the second half of 2023. When it came to resilience, only 21% had full confidence in their organisation’s cyber resilience and ability to address today’s escalating cyber challenges and threats, and 23% reported that they would need over three weeks to recover data and restore business processes. A common theme in the study was the belief that senior and executive management do not fully understand the serious risks, with only 35% of respondents believing risks were fully understood.
Sources: [Beta News] [ Security Magazine] [MSSP Alert]
Interpol Arrests More than 30 Cyber Criminals in Global Operation
This week, international law enforcement announced that it detained 31 suspected cyber criminals and identified 1,300 malicious servers which were used to conduct phishing attacks and distribute malware. The operation, labelled “Synergia” was in response to “the clear growth, escalation and professionalisation of transnational cyber crime and the need for coordinated action against new cyber threats” Interpol said. Nearly 60 law enforcement agencies and several private companies were involved in the operation.
Sources: [The Record]
Divide and Succeed: Splitting IT and Security Makes Business Sense
Maintaining year-round security hygiene is important to protect both consumers and organisations. Cyber attacks, like the recent one on 23andMe, often exploit vulnerabilities that persist due to incomplete patching and compromised credentials. Many organisations cite time constraints as the primary reason for not updating security features. Ideally, in any organisation, and indeed in all organisations that have reached a level of maturity in this space, security and IT teams should be separate; however, this is not really achievable in many organisations and hence the responsibility to protect ultimately falls on IT teams. Overburdened IT teams, and IT teams whose primary focus is on operational IT, further compound the issue, spending significant time managing data requests and analysing data, leading to cyber security risks. As consumers become more privacy-conscious, businesses must review and adapt their data privacy policies to build trust. Additionally, the growing use of artificial intelligence poses new risks, necessitating the development of company-wide AI policies to protect data privacy. While privacy legislation remains fragmented, staying proactive by updating data privacy policies, understanding data usage, and fortifying cyber security defences is crucial for organisations.
Source: [Digital Journal]
Ransomware Groups Gain Clout with False Attack Claims
A concerning trend is on the rise: fake breach claims by ransomware groups. Cyber criminals are leveraging the dark web and social media to spread misinformation about alleged breaches, triggering unwarranted cyber investigations and generating unwanted, and unwarranted, negative publicity for the alleged victim. Recent incidents involving Technica Corp and Europcar exemplify this growing threat. While these claims often lack credible evidence, they serve as a means for ransomware operators to gain attention and clout in the cyber criminal world. These groups resort to false claims to maintain relevance. Cyber security teams must adapt to this new ransomware misinformation communication strategy and exercise caution when evaluating breach claims.
Source: [Dark Reading]
Payment Fraud is Hitting Organisations Harder Than Ever Before
According to research, 96% of companies in the US were targeted with at least one fraud attempt in the past year. 36% who suffered said the average loss they experienced was more than $1 million and for 25%, this was more than $5 million. The study found misaligned perception as despite the number falling victim, only 5% believed they could not keep up with fraud. Of concern, 75% of C-level finance leaders said they would stop doing business with an organisation that fell victim to payment fraud.
Source: [Help Net Security]
Chinese Hacking Operations Have Entered a Far More Dangerous Phase, US Warns
In the US, the directors of the FBI, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), have stated that China’s cyber activity is moving beyond the last decade’s spying and data theft toward direct attacks on critical infrastructure. It was identified that Chinese nation-state actors were planting malware on network routers and other internet-connected devices that, if triggered, could disrupt water, power, rail and other critical services, possibly causing widespread chaos, or even injury or deaths as a result.
Source: [Defense One]
Governance, Risk and Compliance
$10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune
Recognizing Security as a Strategic Component of Business (darkreading.com)
Top Five Risks Facing Corporate Boards | The Volkov Law Group - JDSupra
Improving cyber security culture: A priority in the year of the CISO | CSO Online
Top 3 Cyber Security Trends for SME Business Leaders | MSSP Alert
What the Charges Against the SolarWinds CISO Mean for Security in 2024 - Security Boulevard
Divide and succeed: Splitting IT and Security makes business sense - Digital Journal
Strengthening Cyber Security: The rise of the Security Assurance Officer (securitybrief.co.nz)
5 Cyber Security Strategies You Must Embrace to Protect Your Business | Inc.com
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Survey Shows 94% of Companies Would Pay | MSSP Alert
$10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD (techrepublic.com)
79% of organisations faced a ransomware attack in H2 2023 | Security Magazine
Ransomware Groups Gain Clout With False Attack Claims (darkreading.com)
LockBit remorseless in latest children's hospital attack • The Register
The Ransomware Threat in 2024 is Growing: Report - Security Week
Akira ransomware attacks linked to Cisco vuln fixed in 2020 • The Register
OpenText Cyber Security Global Ransomware Survey: The Risk Perception Gap | MSSP Alert
The evolution of ransomware: Lessons for the future (securityintelligence.com)
New strain of the Phobos ransomware discovered in VBA script | SC Media (scmagazine.com)
Canadian Man Sentenced to Prison for Ransomware Attacks - Security Week
Ransomware Research Reveals Millions Spent Despite Do Not Pay Policies - IT Security Guru
A Cyber Insurer's Perspective on How to Avoid Ransomware (darkreading.com)
Online ransomware decryptor helps recover partially encrypted files (bleepingcomputer.com)
Higher cyber defences lead to higher ransoms, study finds | Cybernews
ICS Ransomware Danger Rages Despite Fewer Attacks (darkreading.com)
Ransomware Victims
ICO confirms data breach probe as UK councils remain downed by cyber attack | TechCrunch
Pentagon investigating theft of sensitive files by ransomware group | CyberScoop
Johnson Controls says ransomware attack cost $27 million, data stolen (bleepingcomputer.com)
New Jersey School District Shut Down by Cyber Attack (darkreading.com)
Cactus ransomware gang claims the Schneider Electric hack (securityaffairs.com)
Schneider Electric Responding to Ransomware Attack, Data Breach - Security Week
Akira ransomware gang says it stole passport scans from Lush • The Register
Kansas public transportation authority hit by ransomware (bleepingcomputer.com)
Phishing & Email Based Attacks
In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica
AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)
Artificial Intelligence
$10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune
AI-Powered Attacks and Deepfake Technology Fuel Cyber Attack Concern - IT Security Guru
ChatGPT bug leaked conversations from others in your history (bgr.com)
AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)
Expect ‘AI versus AI’ conflict soon, Pentagon cyber leader says - Defense One
AI Companies Will Need to Start Reporting Their Safety Tests to the US Government - Security Week
AI-generated code leads to security issues for most businesses: report | CIO Dive
Assessing and quantifying AI risk: A challenge for enterprises | CSO Online
2FA/MFA
Malware
How the ZeuS Trojan Info Stealer Changed Cyber Security (securityintelligence.com)
FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)
AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks (thehackernews.com)
Police disrupt Grandoreiro banking malware operation, make arrests (bleepingcomputer.com)
Threat Actors Using Adult Games To Launch Remcos RAT Attack - Security Boulevard
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware (thehackernews.com)
More Android apps riddled with malware spotted on Google Play (bleepingcomputer.com)
Don't believe everything you read - hackers are pushing malware via media, news sites | TechRadar
Mobile
Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping - Security Week
More Android apps riddled with malware spotted on Google Play (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
There was a 39% surge in data exfiltration cyber attacks in 2023 | Security Magazine
Europcar denies data breach of 50 million users, says data is fake (bleepingcomputer.com)
3.5M exposed in COVID-19 e-passport leak (securityaffairs.com)
Mercedes-Benz accidentally exposed sensitive data, including source code (securityaffairs.com)
FTC orders Blackbaud to boost security after massive data breach (bleepingcomputer.com)
23andMe admits it didn’t detect cyber attacks for months | TechCrunch
Football Australia investigating 'critical data' leak - ESPN
Top 3 Data Breaches of 2023, and What Lies Ahead in 2024 (darkreading.com)
DHS employees jailed for stealing data of 200K US govt workers (bleepingcomputer.com)
Cyber criminals replace familiar tactics to exfiltrate sensitive data - Help Net Security
Data leak at fintech giant Direct Trading Technologies (securityaffairs.com)
Timex breach leaks employee Social Security numbers | SC Media (scmagazine.com)
Cloudflare hacked using auth tokens stolen in Okta attack (bleepingcomputer.com)
Keenan warns 1.5 million people of data breach after summer cyber attack (bleepingcomputer.com)
Organised Crime & Criminal Actors
ReasonLabs Releases Annual "State of Consumer Cyber Security Report" for 2024 (prnewswire.com)
Cyber criminals replace familiar tactics to exfiltrate sensitive data - Help Net Security
Smarter, Meaner, Sneakier: Security Trends for 2024 (trendmicro.com)
How businesses can tackle the cyber crime economy (siliconrepublic.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
DHS employees jailed for stealing data of 200K US govt workers (bleepingcomputer.com)
Put People First When Facing Sophisticated Cyber Threats (forbes.com)
Insurance
A Cyber Insurer's Perspective on How to Avoid Ransomware (darkreading.com)
$10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune
Supply Chain and Third Parties
Supply Chain Security and NIS2: What You Need to Know - Security Boulevard
Third-party risk management best practices and why they matter - Help Net Security
Cloudflare hacked using auth tokens stolen in Okta attack (bleepingcomputer.com)
Cyber criminals embrace smarter strategies, less effort - Help Net Security
Cloud/SaaS
Microsoft Teams phishing pushes DarkGate malware via group chats (bleepingcomputer.com)
'Leaky Vessels' Cloud Bugs Allow Container Escapes Globally (darkreading.com)
Cyber Attacks, AI and Multicloud Hit Cyber Security in 2023 - The New Stack
Why DNS protection should be the first step in hybrid cloud security | TechRadar
Identity and Access Management
Microsoft tells how Russia's Cozy Bear broke into its email • The Register
In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)
Linux and Open Source
Cyber Security in Review: The Alarming Trend of Unsupported Systems - Security Boulevard
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros (thehackernews.com)
White House releases report on securing open-source software | CyberScoop
Passwords, Credential Stuffing & Brute Force Attacks
Hundreds of network operators’ credentials found circulating in Dark Web (securityaffairs.com)
US charges two more suspects with DraftKing account hacks (bleepingcomputer.com)
Social Media
A tangled mess: Government rules for social media security lack clarity | CyberScoop
Defending Against Corporate Social Media Account Takeovers (databreachtoday.co.uk)
Malvertising
Regulations, Fines and Legislation
ICO confirms data breach probe as UK councils remain downed by cyber attack | TechCrunch
SolarWinds Files Motion to Dismiss SEC Lawsuit (darkreading.com)
What the Charges Against the SolarWinds CISO Mean for Security in 2024 - Security Boulevard
A tangled mess: Government rules for social media security lack clarity | CyberScoop
AI Companies Will Need to Start Reporting Their Safety Tests to the US Government - Security Week
The SEC Won't Let CISOs Be: Understanding New SaaS Cyber Security Rules (thehackernews.com)
How to Align Your Incident Response Practices With the New SEC Disclosure Rules - Security Week
UK law could ban Apple security updates across the world in an 'unprecedented overreach' | TechRadar
Models, Frameworks and Standards
Supply Chain Security and NIS2: What You Need to Know - Security Boulevard
NIS2 Directive raises stakes for security leaders - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
Wait, infosec isn't a computer science degree requirement? • The Register
The Future Of Cyber Security Is More Human Than You Think (forbes.com)
Law Enforcement Action and Take Downs
Interpol arrests more than 30 cyber criminals in global ‘Synergia’ operation (therecord.media)
US charges two more suspects with DraftKing account hacks (bleepingcomputer.com)
US sanctions 3 for supporting ISIS with cyber security expertise, money transfers - UPI.com
Canada's 'most prolific hacker' jailed for two years (bitdefender.com)
FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
$10 billion cyber insurance sector fears war, AI, ransomware ahead | Fortune
Cyber attacks as war crimes | International Bar Association (ibanet.org)
What Are State-Sponsored Cyber Attacks? - Security Boulevard
Satya Nadella Worries About Hackers Causing 'Breakdown of World Order' (businessinsider.com)
Expect ‘AI versus AI’ conflict soon, Pentagon cyber leader says - Defense One
The Cyber Warfare Option Against Hostile States and Groups | National Review
Nation State Actors
China
Chinese hacking operations have entered a far more dangerous phase, US warns - Defense One
FBI disrupts Chinese botnet by wiping malware from infected routers (bleepingcomputer.com)
Wray’s stunning warning points to a new age of US vulnerability | CNN Politics
Cyber attacks as war crimes | International Bar Association (ibanet.org)
EU economic security plan eyes China with more defence than offense (qz.com)
Russia
In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technicac
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)
Russia hacks Microsoft: It’s worse than you think | Computerworld
Series of Cyber Attacks Hit Ukrainian Critical Infrastructure Organisations (darkreading.com)
Russian 'cyber war' could exploit divisions in Scotland | The Herald (heraldscotland.com)
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets (trendmicro.com)
Russian threat actors dig in, prepare to seize on war fatigue | Security Insider (microsoft.com)
Russian spies impersonating Western researchers in ongoing hacking campaign (therecord.media)
Ukraine's POW Coordination Headquarters restores services after cyber attack (kyivindependent.com)
Ukraine Military Targeted With Russian APT PowerShell Attack (darkreading.com)
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Does CVSS 4.0 solve the exploitability problem? - Help Net Security
Why the Right Metrics Matter When it Comes to Vulnerability Management (thehackernews.com)
Cyber Security in Review: The Alarming Trend of Unsupported Systems - Security Boulevard
Why organisations need risk-based vulnerability management | TechTarget
Vulnerabilities
Akira ransomware attacks linked to Cisco vuln fixed in 2020 • The Register
Ivanti Struggling to Hit Zero-Day Patch Release Schedule - Security Week
Ivanti releases patches for old and new VPN zero-days • The Register
45k Jenkins servers exposed to RCE attacks using public exploits (bleepingcomputer.com)
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws (thehackernews.com)
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros (thehackernews.com)
CISA Warns of Active Exploitation of Critical Flaws in Apple iOS and macOS (thehackernews.com)
Tools and Controls
Microsoft tells how Russia's Cozy Bear broke into its email • The Register
In major gaffe, hacked Microsoft test account was assigned admin privileges | Ars Technica
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyber Attack (darkreading.com)
Multi-factor authentication suffers from three major weaknesses | TechRadar
AI-generated code leads to security issues for most businesses: report | CIO Dive
3 Best Practices to Improve Threat Hunting - Security Boulevard
Assessing and quantifying AI risk: A challenge for enterprises | CSO Online
How to Align Your Incident Response Practices With the New SEC Disclosure Rules - Security Week
Why DNS protection should be the first step in hybrid cloud security | TechRadar
What Is Cyber Threat Hunting? (Definition & How it Works) (techrepublic.com)
The Future Of Cyber Security Is More Human Than You Think (forbes.com)
Reports Published in the Last Week
Other News
How SMBs can lower their risk of cyber attacks and data breaches (bleepingcomputer.com)
FTC orders Blackbaud to boost security after massive data breach (bleepingcomputer.com)
Global critical infrastructure faces relentless cyber activity - Help Net Security
Why the healthcare industry must prioritize cyber resilience | World Economic Forum (weforum.org)
UK says Emirates-backed stake in Vodafone poses national security risk | Vodafone | The Guardian
Israeli Government: Smallest of SMBs Hit Hardest in Cyber Attacks (darkreading.com)
CISA: Vendors must secure SOHO routers against Volt Typhoon attacks (bleepingcomputer.com)
Firmware remains the soft underbelly of banking cyber defence (techmonitor.ai)
Cyber attacks on state and local governments rose in 2023, says CIS report | StateScoop
Fulton County Suffers Power Outages as Cyber Attack Continues (darkreading.com)
The Imperative for Robust Security Design in the Health Industry (darkreading.com)
National cyber security plans lack performance measures and estimated costs, GAO says | CyberScoop
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 March 2022
Black Arrow Cyber Threat Briefing 25 March 2022:
-Morgan Stanley Client Accounts Breached in Social Engineering Attacks
-Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More
-Phishing Kits Constantly Evolve to Evade Security Software
-Ransomware Payments, Demands Rose Dramatically in 2021
-7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in UK
-Here's How Fast Ransomware Encrypts Files
-HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For
-The Cyber Warfare Predicted In Ukraine May Be Yet To Come
-The Three Russian Cyber Attacks The West Most Fears
-Do These 8 Things Now To Boost Your Security Ahead Of Potential Russian Cyber Attacks
-Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone
-Expanding Threat Landscape: Cyber Criminals Attacking from All Sides
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Morgan Stanley Client Accounts Breached in Social Engineering Attacks
Morgan Stanley Wealth Management says some of its customers had their accounts compromised in social engineering attacks.
The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a voice call to convince their targets into revealing sensitive information such as banking or login credentials.
The company said in a notice sent to affected clients that, "on or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.
After successfully breaching their accounts, the attacker also electronically transferred money to their own bank account by initiating payments using the Zelle payment service.
Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More
Business email compromise (BEC) remains the biggest source of financial losses, which totalled $2.4 billion in 2021, up from an estimated $1.8 billion in 2020, according to the Federal Bureau of Investigation's (FBI) Internet Crime Center (IC3).
The FBI says in its 2021 annual report that Americans last year lost $6.9 billion to scammers and cyber criminals through ransomware, BEC, and cryptocurrency theft related to financial and romance scams. In 2020, that figure stood at $4.2 billion.
Last year, FBI's Internet Crime Complaint Center (IC3) received 847,376 complaints about cybercrime losses, up 7% from 791,790 complaints in 2020.
BEC has been the largest source of fraud for several years despite ransomware attacks grabbing most headlines.
Phishing Kits Constantly Evolve to Evade Security Software
Modern phishing kits sold on cybercrime forums as off-the-shelf packages feature multiple, sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won’t mark them as a threat.
Fake websites that mimic well-known brands are abundant on the internet to lure victims and steal their payment details or account credentials.
Most of these websites are built using phishing kits that feature brand logos, realistic login pages, and in cases of advanced offerings, dynamic webpages assembled from a set of basic elements.
Ransomware Payment Demands Rose Dramatically in 2021
Ransomware attackers demanded dramatically higher ransom fees last year, and the average ransom payment rose by 78% to $541,010, according to data from incident response (IR) cases investigated by Palo Alto Networks Unit 42.
IR cases by Unit 42 also saw a whopping 144% increase in ransom demands, to $2.2 million. According to the report, the most victimised sectors were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.
Cyber extortion spiked, with 85% of ransomware victims — some 2, 556 organisations — having their data dumped and exposed on leak sites, according to the "2022 Unit 42 Ransomware Threat Report."
Conti led the ransomware attack volume, representing some one in five cases Unit 42 investigated, followed by REvil, Hello Kitty, and Phobos.
https://www.darkreading.com/attacks-breaches/ransomware-payments-demands-rose-dramatically-in-2021
7 Suspected Members of LAPSUS$ Hacker Gang, aged 16 to 21, Arrested in UK
The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.
"The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector, Michael O'Sullivan, said in a statement shared with The Hacker News. "Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."
The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based teenager is the mastermind of the group. It's not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is alleged to have accumulated about $14 million in Bitcoin from hacking.
https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html
Here's How Fast Ransomware Encrypts Files
Forty-two minutes and 54 seconds: that's how quickly the median ransomware variant can encrypt and lock out a victim from 100,000 of their files.
The data point came from Splunk's SURGe team, which analysed in its lab how quickly the 10 biggest ransomware strains — Lockbit, REvil, Blackmatter, Conti, Ryuk, Avaddon, Babuk, Darkside, Maize, and Mespinoza — could encrypt 100,000 files consisting of some 53.93 gigabytes of data. Lockbit won the race, with speeds of 86% faster than the median. One Lockbit sample was clocked at encrypting 25,000 files per minute.
Splunk's team found that ransomware variants are all over the map speed-wise, and the underlying hardware can dictate their encryption speeds.
https://www.darkreading.com/application-security/here-s-how-fast-ransomware-encrypts-files
HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For
Web malware (47%) and ransomware (42%) now top the list of security threats that organisations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.
This is according to research published by Menlo Security, exploring what steps organisations are taking to secure themselves in the wake of a new class of cyber threats – known as Highly Evasive Adaptive Threats (HEAT).
As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.
https://www.helpnetsecurity.com/2022/03/22/web-security-threats/
The Cyber Warfare Predicted in Ukraine May Be Yet to Come
In the build-up to Russia’s invasion of Ukraine, the national security community braced for a campaign combining military combat, disinformation, electronic warfare and cyber attacks. Vladimir Putin would deploy devastating cyber operations, the thinking went, to disable government and critical infrastructure, blind Ukrainian surveillance capabilities and limit lines of communications to help invading forces. But that’s not how it has played out. At least, not yet.
The danger is that as political and economic conditions deteriorate, the red lines and escalation judgments that kept Moscow’s most potent cyber capabilities in check may adjust. Western sanctions and lethal aid support to Ukraine may prompt Russian hackers to lash out against the west. Russian ransomware actors may also take advantage of the situation, possibly resorting to cyber crime as one of the few means of revenue generation.
https://www.ft.com/content/2938a3cd-1825-4013-8219-4ee6342e20ca
The Three Russian Cyber Attacks the West Most Fears
The UK's cyber authorities are supporting the White House's calls for "increased cyber-security precautions", though neither has given any evidence that Russia is planning a cyber-attack.
Russia has previously stated that such accusations are "Russophobic".
However, Russia is a cyber-superpower with a serious arsenal of cyber-tools, and hackers capable of disruptive and potentially destructive cyber-attacks.
Ukraine has remained relatively untroubled by Russian cyber-offensives but experts now fear that Russia may go on a cyber-offensive against Ukraine's allies.
"Biden's warnings seem plausible, particularly as the West introduced more sanctions, hacktivists continue to join the fray, and the kinetic aspects of the invasion seemingly don't go to plan," says Jen Ellis, from cyber-security firm Rapid7.
This article from the BCC outlines the hacks that experts most fear, and they are repeats of things we have already seen coming out of Russia, only potentially a lot more destructive this time around.
https://www.bbc.co.uk/news/technology-60841924
Do These 8 Things Now to Boost Your Security Ahead of Potential Russian Cyber Attacks
The message comes as the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) ramp up warnings about Russian hacking of everything from online accounts to satellite broadband networks. CISA's current campaign is called Shields Up, which urges all organisations to patch immediately and secure network boundaries. This messaging is being echoed by UK and other Western Cyber authorities:
The use of Multi-Factor Authentication (MFA) is being very strongly advocated. The White House and other agencies both sides of the Atlantic also urged companies to take seven other steps:
Deploy modern security tools on your computers and devices to continuously look for and mitigate threats
Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors
Back up your data and ensure you have offline backups beyond the reach of malicious actors
Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack
Encrypt your data so it cannot be used if it is stolen
Educate your employees to common tactics that attackers will use over email or through websites
Work with specialists to establish relationships in advance of any cyber incidents.
Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone
The FBI's Internet Crime Complaint Center (IC3) reported a record-breaking year for 2021 in the number of complaints it received, among which business email compromise (BEC) attacks made up the majority of incidents.
IC3 handled 847,376 complaint reports last year — an increase of 7% over 2020 — which mainly revolved around phishing attacks, nonpayment/nondelivery scams, and personal data breaches. Overall, losses amounted to more than $6.9 billion.
BEC and email account compromises ranked as the No. 1 attack, accounting for 19,954 complaints and losses of around $2.4 billion.
"In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them," Paul Abbate, deputy director of the FBI wrote in the IC3's newly published annual report.
Expanding Threat Landscape: Cyber Criminals Attacking from All Sides
Research from Trend Micro warns of spiralling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organisations and individuals.
“Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks,” said Jon Clay, VP of threat intelligence at Trend Micro.
“Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted.”
Ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit. Ransomware-as-a-service offerings have opened the market to attackers with limited technical knowledge – but also given rise to more specialisation, such as initial access brokers who are now an essential part of the cybercrime supply chain.
Threat actors are also getting better at exploiting human error to compromise cloud infrastructure and remote workers. Trend Micro detected and prevented 25.7 million email threats in 2021 compared to 16.7 million in 2020, with the volume of blocked phishing attempts nearly doubling over the period. Research shows home workers are often prone to take more risks than those in the office, which makes phishing a particular risk.
https://www.helpnetsecurity.com/2022/03/22/threat-actors-increase-attack/
Threats
Ransomware
Ransomware Infections Follow Precursor Malware – Lumu • The Register
Ransomware, Malware-as-a-Service Dominate Threat Landscape | SecurityWeek.Com
AvosLocker Ransomware - What You Need To Know | The State of Security (tripwire.com)
What the Conti Ransomware Group Data Leak Tells Us (darkreading.com)
Ransomware Demands And Payments Increase With Use Of Leak Sites (computerweekly.com)
Ten Notorious Ransomware Strains Put to The Encryption Speed Test (bleepingcomputer.com)
Lockbit Wins Ransomware Speed Test, Encrypts 25k Files/Min • The Register
Talos warns of BlackMatter-linked BlackCat Ransomware • The Register
Report: 89% of Organizations Say Kubernetes Ransomware Is A Problem Today | VentureBeat
Top Russian Meat Producer Hit with Windows BitLocker Encryption Attack (bleepingcomputer.com)
Greece's Public Postal Service Offline Due To Ransomware Attack (bleepingcomputer.com)
Lawsuit Claims Kronos Breach Exposed Data For 'Millions' (techtarget.com)
Estonian Man Sentenced To Prison For Role In Cyber Intrusions, Ransomware Attacks - CyberScoop
Phishing & Email
New Phishing Toolkit Lets Anyone Create Fake Chrome Browser Windows (bleepingcomputer.com)
Browser-in-the-Browser Attack Makes Phishing Nearly Invisible | Threatpost
'Unique Attack Chain' Drops Backdoor in New Phishing Campaign (darkreading.com)
Other Social Engineering
Malware
Malicious Microsoft Excel Add-Ins Used to Deliver RAT Malware (bleepingcomputer.com)
BitRAT Malware Now Spreading As A Windows 10 License Activator (bleepingcomputer.com)
Mobile
URL Rendering Trick Enabled WhatsApp, Signal, iMessage Phishing (bleepingcomputer.com)
Downloaders Currently the Most Prevalent Android Malware (darkreading.com)
Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users (thehackernews.com)
Android Password-Stealing Malware Infects 100,000 Google Play Users (bleepingcomputer.com)
IoT
Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns (thehackernews.com)
Honda Civics Vulnerable To Remote Unlock, Start Hack • The Register
Data Breaches/Leaks
UK MoD's Capita-Run Recruitment Portal Support Offline • The Register
Background Check Company Sued Over Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Organised Crime & Criminal Actors
Who is LAPSUS$, the Gang Hacking Microsoft, Samsung, and Okta? (gizmodo.com)
Hackers Are Targeting European Refugee Charities -Ukrainian Official | Reuters
Hackers Steal From Hackers By Pushing Fake Malware On Forums (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking
An Investigation of Cryptocurrency Scams and Schemes (trendmicro.com)
Global Regulators Monitor Crypto Use in Ukraine War | Reuters
Cryptocurrency Companies Impacted by HubSpot Breach (techtarget.com)
Insider Risk and Insider Threats
6 Types Of Insider Threats And How To Prevent Them (techtarget.com)
HP Staffer Blew $5m On Personal Expenses With Company Card • The Register
Fraud, Scams & Financial Crime
Internet Crime in 2021: Investment Fraud Losses Soar - Help Net Security
NFT Fraud in the UK Soars 400% in 2021 - Infosecurity Magazine (infosecurity-magazine.com)
DeFiance Capital Founder Loses $1.7M in NFTs To Phishing Scam - Decrypt
Insurance
Dark Web
Supply Chain
Cloud
Passwords & Credential Stuffing
Spyware, Espionage & Cyber Warfare
Nation State Actors
Nation State Actors – Russia
Internet Sanctions Against Russia Pose Risks, Challenges For Businesses | CSO Online
Is It Safe To Use Russian-Based Kaspersky Antivirus? No, And Here's Why (komando.com)
Anonymous Leaked 28gb of Data Stolen from The Central Bank of Russia - Security Affairs
President Biden Says Russia Exploring Revenge Cyber Attacks • The Register
Analysis: Putin's next escalation could be a direct cyberattack on the West - CNNPolitics
Russia-backed Hackers Bypassed MFA, Exploited Print Vulnerability - MSSP Alert
Hackers Around The World Deluge Russia's Internet With Simple, Effective Cyber Attacks (nbcnews.com)
Anonymous Targets Western Companies Still Active in Russia - Security Affairs
Ukrainian Enterprises Hit with the DoubleZero Wiper - Security Affairs
NATO, G-7 Leaders Promise Bulwark Against Retaliatory Russian Cyber Attacks (cyberscoop.com)
Russia Hacked Ukrainian Satellite Communications, Officials Believe - BBC News
Russia-linked InvisiMole APT Targets State Organizations Of Ukraine - Security Affairs
Corrupted Open-Source Software Enters the Russian Battlefield | ZDNet
Nestlé Says 'Anonymous' Data Leak Actually A Self-Own • The Register
Nation State Actors – China
Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion (thehackernews.com)
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection | Threatpost
Mustang Panda Hacking Group Takes Advantage Of Ukraine Crisis In New Attacks | ZDNet
Nation State Actors – North Korea
Vulnerabilities
CISA Adds 66 Vulnerabilities To List Of Bugs Exploited In Attacks (bleepingcomputer.com)
Three Critical RCE Flaws Affect Hundreds of HP Printer Models - Security Affairs
Critical Sophos Firewall vulnerability allows remote code execution (bleepingcomputer.com)
VMware Fixes Carbon Black Command Injection, Upload Bugs • The Register
Western Digital Fixes Critical Bug Giving Root On My Cloud NAS Devices (bleepingcomputer.com)
Sector Specific
Health/Medical/Pharma Sector
Scottish Mental Health Charity SAMH Targeted In Cyber Attack - BBC News
Over 1 Million Impacted in Data Breach at Texas Dental Services Provider | SecurityWeek.Com
Retail/eCommerce
Transport and Aviation
Energy & Utilities
Education and Academia
Reports Published in the Last Week
Other News
A Better Grasp of Cyber Attack Tactics Can Stop Criminals Faster (bleepingcomputer.com)
The Chaos (and Cost) of the Lapsus$ Hacking Carnage | SecurityWeek.Com
Soldiers told to use Signal instead of WhatsApp for security | The Times
Cyber Security Compliance: Start With Proven Best Practices - Help Net Security
Only 27% of Orgs Have Advanced Threat Protection on Endpoints | VentureBeat
Okta Breach Leads To Questions On Disclosure, Reliance On Third-Party Vendors - CyberScoop
The Challenges Audit Leaders Need To Look Out For This Year - Help Net Security
South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau (thehackernews.com)
ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed - Infosecurity Magazine
Security Teams are Responsible for Over 165k Assets - Infosecurity Magazine
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.