Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

40% Fell Victim To A Phishing Attack In The Past Month

The global shift to remote work has exacerbated the onslaught, sophistication, and impact of phishing attacks, according to Ivanti. Nearly three-quarters (74%) of respondents said their organisations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month.

Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85% said those attempts are getting more sophisticated. In fact, 73% of respondents said that their IT staff had been targeted by phishing attempts, and 47% of those attempts were successful.

Smishing and vishing scams are the latest variants to gain traction and target mobile users. According to recent research by Aberdeen, attackers have a higher success rate on mobile endpoints than on servers – a pattern that is trending dramatically worse. Meanwhile, the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M.

https://www.helpnetsecurity.com/2021/07/23/risk-phishing-attacks/

Traditional Ransomware Defences Are Failing Businesses

Traditional cyber security strategies are failing to protect organisations from ransomware attacks, new research suggests. Based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defences set up at the time of the attack. However, attack methods have grown too sophisticated for traditional security measures to keep up. Many attacks (24 percent) still start with a successful phishing attempt, while almost a third (31 percent) see attacker enter the network through public cloud.

https://www.itproportal.com/news/traditional-ransomware-defenses-are-failing-businesses/

Cyber Security Risk: The Number Of Employees Going Around IT Security May Surprise You

Last month, a report was published highlighting challenges associated with enabling IT freedoms while ensuring tight security procedures. The findings detail a complex balancing act between IT teams and network users. Calibrating this equilibrium is particularly challenging in the age of remote work as employees log on and virtually collaborate via a host of digital solutions. Overall, the survey found that virtually all employees (93%) "are working around IT restrictions," and a mere 7% said they were "satisfied with their corporate IT restrictions." Interestingly, this information about IT workarounds does not match security leaders' and IT expectations.

https://www.techrepublic.com/article/cybersecurity-risk-the-number-of-employees-going-around-it-security-may-surprise-you/

740 ransomware victims named on data leak sites in Q2 2021: report

More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cyber security firm Digital Shadows.

Out of the almost 2,600 victims listed on ransomware data leak sites, 740 of them were named in Q2 2021, representing a 47% increase compared to Q1.

https://www.zdnet.com/article/740-ransomware-victims-named-on-data-leak-sites-in-q2-2021-report/

A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats

For decades, the cyber security industry has followed a defense-in-depth strategy, which allowed organisations to designate the battlefield against bad actors at their edge firewall. Nowadays, cyber criminals have become as creative as ever. New cyber threats are emerging every day, and with the constantly increasing rate of Ransomware, Phishing, etc. We’re forced to take a more dynamic approach when tackling these cyber threats on a day to day basis. Recent statistics demonstrate the scale of the cyber security issues faced by companies. In 2020, malware attacks increased by 358% and ransomware increased by 435%, and the average cost of recovering from a ransomware attack has doubled in the last 12 months, reaching almost $2 million in 2021.

https://www.helpnetsecurity.com/2021/07/13/dynamic-approach-cybersecurity-threats/

Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack

Campbell Conroy & O'Neil, P.C., a law firm handling hundreds of cases for the world's leading companies, has announced a large data breach that resulted from a ransomware attack in February.  In a statement, the law firm said it noticed unusual activity on its network on February 27. The firm later realized it was being hit with a ransomware attack and contacted the FBI as well as cyber security companies for help.

https://www.zdnet.com/article/law-firm-for-ford-boeing-exxon-marriott-walgreens-and-more-hacked-in-ransomware-attack/

UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack

The Government was hinting yet again at covertly using Britain’s own offensive cyber capabilities – hitting back at cyber attacks with cyber attacks of our own. This approach goes all the way back to 2013, when then defence secretary told the Conservative Party conference that the UK would “build a dedicated capability to counter-attack in cyber space and, if necessary, to strike in cyber space”.

https://www.telegraph.co.uk/world-news/2021/07/19/uk-allies-accuse-china-reckless-cyber-extortion-microsoft-hack/

Even after Emotet takedown, Office docs deliver 43% of all malware downloads now

Malware delivered over the cloud increased by 68% in Q2, according to data from cyber security firm Netskope.

The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter.

The report noted that cloud storage apps account for more than 66% of cloud malware delivery.

"In Q2 2021, 43% of all malware downloads were malicious Office docs, compared to just 20% at the beginning of 2020. This increase comes even after the Emotet takedown, indicating that other groups observed the success of the Emotet crew and have adopted similar techniques," the report said.

https://www.zdnet.com/article/even-after-emotet-takedown-office-docs-deliver-43-of-all-malware-downloads-now/

Gun Owners' Fears After Firearms Dealer Data Breach

Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a "security breach".

Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner's Office.

Police, including the National Crime Agency, are investigating.

One affected gun owner said he was afraid the breach could lead to his family being targeted by criminals.

Gun ownership is tightly controlled in the UK, making guns difficult to acquire, and potentially valuable on the black market.

The individual, who did not wish to be named, told the BBC the breach "seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger".

https://www.bbc.co.uk/news/technology-57932823  

Threats

Ransomware

• SpearTip Finds New Diavol Ransomware Does Steal Data

• The Ransomware Point Of Attack Is Sharper

• Ransomware Incident At Major Cloud Provider Disrupts Real Estate, Title Industry

• In The Fight Against Ransomware, Microsoft Must Do More

• Tracking Malware And Ransomware Domains In 2021

BEC

Phishing

• Google Chrome Now Comes With Up To 50x Faster Phishing Detection

Malware

• Leaked NSO Group Data Hints At Widespread Pegasus Spyware Infections

• This New Malware Hides Itself Among Windows Defender Exclusions To Evade Detection

• MacBook Users Beware! Hackers Are Buying $49 Malware To Wreak Havoc On MacOS

• New MosaicLoader Malware Targets Software Pirates Via Online Ads

• CISA Warns Of Stealthy Malware Found On Hacked Pulse Secure Devices

• This Password-Stealing Windows Malware Is Distributed Via Ads In Search Results

• Pirate Gamers, Beware: This Malware Targets You

Mobile

• Joker Malware Returns To Target Millions More Android Devices

Vulnerabilities

• You'll Want To Shut Down The Windows Print Spooler Service (Yes, Again): Another Privilege Escalation Bug Found

• Google Patches Chrome Zero-Day, Eighth One In 2021

• Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

• 16-Year-Old Security Bug Affects Millions Of HP, Samsung, Xerox Printers

• Fortinet Fixes Bug Letting Unauthenticated Hackers Run Code As Root

• Windows 10 Vulnerability Lets Anyone Get Administrator Privileges

• Researchers Discover Security Flaws In Telegram Encryption Protocol

• New Sequoia Bug Gives You Root Access On Most Linux Systems

• Microsoft Shares Workaround For Windows 10 SeriousSAM Vulnerability

• Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

Data Breaches

• Aruba Waited Months To Notify Customers Regarding A Recent Data Breach

• Data Breach Claimants Lose Bid For Anonymity In Court

• Oil Giant Saudi Aramco Hit By 1TB Data Breach

Organised Crime & Criminal Actors

• Botnet Operator Who Proxied Traffic For Other Cybercrime Groups Pleads Guilty

Supply Chain

• NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

DoS/DDoS

• DDoS: Google Has A New Tool To Defend Against Attacks Launched By Botnets

OT, ICS, IIoT and SCADA

• Industrial Networks Exposed Through Cloud-Based Operational Tech

Nation State Actors

• Iranian State Sponsored Hacking Attempts

• UK And Allies Hold Chinese State Responsible For Pervasive Pattern Of Hacking

• China Accused Of Cyber-Attack On Microsoft Exchange Servers

• Chinese Hacking Group APT31 Uses Mesh Of Home Routers To Disguise Attacks

• France Warns Of APT31 Cyber Spies Targeting French Organisations

• APT Hackers Distributed Android Trojan Via Syrian E-Government Portal

Cloud

• Why The Bank Of England Has Its Head In The Cloud Over Data Security

Privacy

• FT Editor Among 180 Journalists Identified By Clients Of Spyware Firm

• Revealed: leak uncovers global abuse of cyber surveillance weapon

Other News

• Is Open-Source Software Secure?

• Application Security Tools Ineffective Against New And Growing Threats

• Pegasus: What Is The Israeli Spyware And How Can You Tell If It’s On Your Phone?

• UK.Gov's Huawei Watchdog Says Firm Made 'No Overall Improvement' On Firmware Security But Won't Say Why

• DHS Releases New Mandatory Cyber Security Rules For Pipelines After Colonial Ransomware Attack

• 1 in 5 companies fail PCI compliance assessments of their infrastructure

• Biden Puts a $10M Bounty on Foreign Hackers

• MITRE updates list of top 25 most dangerous software bugs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit

Hackers began a ransomware attack on Friday, hitting at least 200 companies, according to cyber security researchers. 

In what appears to be one of the largest supply chain attacks to date, hackers compromised Kaseya, an IT management software supplier, in order to spread ransomware to the managed service providers that use its technology, as well as to their clients in turn. 

The attacks have been attributed t=to REvil, the notorious Russia-linked ransomware cartel that the FBI claimed was behind recent crippling attack on beef supplier JBS. 

The attack is the latest example of hackers weaponising the IT supply chain in order to attack victims at scale, by breaching just one provider. Last year, it emerged that Russian state-backed hackers had hijacked the SolarWinds IT software group in order to penetrate the email networks of US federal agencies and corporations, for example. 

Late on Friday, Kaseya urged those using the compromised “VSA server” tool, which provides remote monitoring and patching capabilities, to shut it down immediately. 

https://www.ft.com/content/a8e7c9a2-5819-424f-b087-c6f2e8f0c7a1

71% Of Organisations Experienced BEC Attacks Over The Past Year

Business email compromise (BEC) attacks are one of the most financially damaging cyber crimes and have been on the rise over the past year. This is according to a new report which revealed that spoofed email accounts or websites accounted for the highest number of BEC attack as 71% of organisations acknowledged they had seen one over the past year. This is followed by spear phishing (69%) and malware (24%). Data from 270 IT and cyber security professionals were collected to identify the latest enterprise adoption trends, gaps and solution preferences related to phishing attacks.

https://www.helpnetsecurity.com/2021/06/25/bec-attacks-past-year/

Cyber Insurance Isn't Helping With Cyber Security, And It Might Be Making The Ransomware Crisis Worse, Say Researchers

Cyber insurance is designed to protect organisations against the fallout of cyber attacks, including covering the financial costs of dealing with incidents. However, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it's the customer that makes any decision to pay the ransom, not the insurer.

https://www.zdnet.com/article/ransomware-has-become-anc`-existential-threat-that-means-cyber-insurance-is-about-to-change/

LinkedIn Breach Reportedly Exposes Data Of 92% Of Users, Including Inferred Salaries

A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up to date. No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. https://9to5mac.com/2021/06/29/linkedin-breach/

Users Clueless About Cyber Security Risks

Organisations are facing yet another unprecedented threat to their cyber security now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new survey shows the mountains of work ahead for security teams in not just locking down their organisations’ systems but also in keeping users from getting duped into handing over the keys to the kingdom. 2,000 end users were surveyed in the U.S. and found the dangers to critical infrastructure, utilities and food supplies are not sinking in with the public, despite the deluge of headlines.

https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/

Ransomware: Paying Up Won't Stop You From Getting Hit Again, Says Cyber Security Chief

Ireland's Health Service Executive (HSE) has been praised for its response after falling victim to a major ransomware attack and for not giving into cyber criminals and paying a ransom. HSE was hit with Conti ransomware in May, significantly impacting frontline health services. The attackers initially demanded a ransom of $20 million in bitcoin for the decryption key to restore the network. While the gang eventually handed over a decryption key without receiving a ransom, they still published stolen patient data – a common technique by ransomware attackers, designed to pressure victims into paying.

https://www.zdnet.com/article/ransomware-paying-up-wont-stop-you-from-getting-hit-again-says-cybersecurity-chief/

Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk

Phishing attacks, insider threats, denial of service disruptions, malware and ransomware — cyber security incidents like these happen on a daily basis. For most of these incidents, the onsite IT team will remediate based on a pre-developed plan and process. And for many of these incidents, that’s a solid approach. But those incident response plans and strategies are IT oriented and geared toward short-term fixes and single incident responses. Meaning, if an incident accelerates beyond a handful of infected laptops or a compromised server and begins to affect operations of all or even part of the organisation, business itself can be disrupted — or even shut down entirely.

https://securityintelligence.com/posts/incident-response-vs-cyber-crisis-management-plan/

Cyber Crime Never Sleeps

When the Colonial Pipeline fell victim to a ransomware attack, people across the United States were shocked to find that a single episode of cyber crime could lead to widespread delays, gas shortages and soaring prices at the pump. But disruptive ransomware attacks like these are far from rare; in fact, they are becoming more and more frequent. Cyber crime is on the rise, and our cyber security infrastructure desperately needs to keep up. A quick look at the data from the last year confirms that cyber crime is a growing threat. Identity theft doubled in 2020 over 2019.

https://www.newsweek.com/cybercrime-never-sleeps-opinion-1603901

IT, Healthcare And Manufacturing Facing Most Phishing Attacks

Researchers examined more than 905 million emails for the H1 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. Researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked.

https://www.zdnet.com/article/it-healthcare-and-manufacturing-facing-most-phishing-attacks-report/

Classified Ministry Of Defence Documents Found At Bus Stop

Classified Ministry of Defence documents containing details about HMS Defender and the British military have been found at a bus stop in Kent. One set of documents discusses the likely Russian reaction to the ship's passage through Ukrainian waters off the Crimea coast on Wednesday. Another details plans for a possible UK military presence in Afghanistan after the US-led NATO operation there ends. The government said an investigation had been launched.

https://www.bbc.co.uk/news/uk-57624942

Cabinet Office Increases Cyber Security Training Budget By Almost 500%

The UK’s Cabinet Office increased its cyber security training budget to £274,142.85 in the fiscal year 2021 – a 483% increase from the £47,018 spent in the previous year. In its FOI response, the Cabinet Office detailed the cyber security courses attended by its staff, revealing that the number of booked courses grew from 35 in 2019-20 to 428 in the current fiscal year.

https://www.itpro.co.uk/security/cyber-security/360039/cabinet-office-increases-cyber-spending-by-almost-500-amid-cctv

Threats

Ransomware

• Ransomware Funds More Ransomware, So How Do We Stop It?

• Cyber Security Chief Warns ‘Ransomware As A Service’ Scam

• New Ransomware Group Hive Leaks Altus Group Sample Files

• Increase In Ransomware Attacks ‘Absolutely Aligns’ With Rise Of Crypto, FireEye CEO Says

• Ransomware Gangs Now Creating Websites To Recruit Affiliates

• New Ransomware Highlights Widespread Adoption Of Golang Language By Cyber Attackers

• $12 Billion Government Contractor Booz Allen Facilitates Ransomware Payments—Even Though The FBI Says Never Pay

• Ransomware: A Thriving Business

• This Major Ransomware Attack Was Foiled At The Last Minute. Here's How They Spotted It

• Babuk Ransomware Builder Mysteriously Appears In VirusTotal

• Using VMs To Hide Ransomware Attacks Is Becoming More Popular

Phishing

• Phishing Most Common Cyber Incident Faced By SMEs

• HMRC-Branded Phishing Scams Up 87% In A Year

Malware

• Microsoft Admits To Signing Rootkit Malware In Supply-Chain Fiasco

• The 'ChaChi' Trojan Is Helping A Ransomware Gang Target Schools

• Indexsinas SMB Worm Campaign Infests Whole Enterprises

Mobile

• Carrier Suspected Of Injecting Ads Into Two-Factor SMS Messages

IoT

• Homes Filled With Smart Devices Could Be Exposed To Thousands Of Hacking Attacks In A Week

Data Breaches

• Tulsa Police Say 18,000 Files Are Leaked After Conti Ransomware Hack

Organised Crime & Criminal Actors

• Cobalt Strike Usage Explodes Among Cybercrooks

• FIN7 ‘Pen Tester’ Headed To Jail Amid $1B In Payment-Card Losses

 Cryptocurrency/Cryptojacking

• Hackers Crack Pirated Games With Crypto Jacking Malware

• Crackonosh Malware Abuses Windows Safe Mode To Quietly Mine For Crypto Currency

OT, ICS, IIoT and SCADA

• USB Threats Could Critically Impact Business Operations

Nation State Actors

• Russian Hackers Had Months-Long Access To Denmark's Central Bank

• Russian Hackers Are Trying To Brute-Force Hundreds Of Networks

• US And UK Agencies Accuse Russia Of Political Cyber Campaign

Cloud

• Cloud Security Is Still A Work In Progress

• 50% Of CISOs Say The Push For Rapid Growth And Digital Transformation Stalls Cloud Security

Privacy

• Data Collected To Promote Public Health Must Never Be Surrendered To Police

Vulnerabilities

• Microsoft Finds Netgear Router Bugs Enabling Corporate Breaches

• Cisco ASA Bug Now Actively Exploited As PoC Drops

• June 2021 Quarterly Exchange Updates

• Exploitable Critical RCE Vulnerability Allows Regular Users To Fully Compromise Active Directory

• Critical VMware Carbon Black Bug Allows Authentication Bypass

• My Book Live Users Wake Up To Wiped Devices, Active RCE Attacks

• Flaws In FortiWeb WAF Expose Fortinet Devices To Remote Hack

• NFC Flaws Let Researchers Hack ATMs By Waving A Phone

• 5G Security Vulnerabilities Fluster Mobile Operators

• Hackers Exploited 0-Day, Not 2018 Bug, To Mass-Wipe My Book Live Devices

• A Second Exploit Has Emerged In The Sad WD My Book Live Data Deletion Saga

• Microsoft Adds Second CVE For PrintNightmare Remote Code Execution

• Zyxel Says A Threat Actor Is Targeting Its Enterprise Firewall And VPN Devices

Other News

• Microsoft Says SolarWinds Hacking Group Has Breached Three New Victims

• Cyber Security Study: SolarWinds Attack Cost Affected Companies An Average Of $12 Million

• EA Ignored Domain Vulnerabilities For Months Despite Warnings And Breaches

• Hackney Blames A Cyber Attack For Not Issuing Council Tax Refund

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World’s Biggest Meat Producer JBS Pays $11m Cyber Crime Ransom

JBS, the world’s biggest meat processor, has paid an $11m (£7.8m) ransom after a cyber attack shut down operations, including abattoirs in the US, Australia and Canada. While most of its operations have been restored, the Brazilian-headquartered company said it hoped the payment would head off any further complications including data theft. JBS, which supplies more than a fifth of all beef in the US, reportedly made the payment in bitcoin.

https://www.theguardian.com/business/2021/jun/10/worlds-biggest-meat-producer-jbs-pays-11m-cybercrime-ransom

Jackware: A New Type Of Ransomware Could Be 10 Times As Dangerous

Between the attacks on Colonial Pipeline and JBS, which disrupted nearly half of the East Coast’s gasoline supply for a week and threatened 20% of the U.S. meat market, respectively, consumers are finally experiencing the first physical impacts to their daily lives from cyber attacks. As bad as these attacks are, they could get a lot worse. Cyber criminals are constantly evolving, and what is keeping many security professionals up at night is the growing risk of “jackware” — a new type of ransomware that could be 10 times more dangerous because instead of encrypting Windows computers and servers. Jackware hijacks the actual physical devices and machines that make modern life possible. It’s only a matter of when we will see these attacks happen

https://finance.yahoo.com/news/ransomware-jackware-115229732.html?soc_src=social-sh&soc_trk=tw&tsrc=twtr

Lewd Phishing Lures Aimed At Business Explode

Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The Threat Intelligence team with GreatHorn made the discovery and explained it’s not simply libido driving users to click on these suggestive scams. Instead, these emails popping up on people’s screens at work are intended to shock the user, opening the door for them to make a reckless decision to click. It’s a tactic GreatHorn called “dynamite phishing.”

https://threatpost.com/lewd-phishing-lures-business-explode/166734/

UK Schools Forced To Shut Following Critical Ransomware Attack

Two schools in the south of England have been forced to temporarily close their doors after a ransomware attack that encrypted and stole sensitive data. The Skinners' Kent Academy and Skinners' Kent Primary School were attacked on June 2, according to a statement on the trust’s website which said it is currently working with third-party security experts, the police, and the National Cyber Security Centre (NCSC). It revealed that on-premises servers were targeted at the Tunbridge Well-based schools. As student and staff emergency contact details, medical records, timetables, and registers were encrypted by the attackers, the decision was taken to close on Monday.

https://www.infosecurity-magazine.com/news/schools-shut-ransomware-attacl/

Emerging Ransomware Targets Dozens Of Businesses Worldwide

An emerging ransomware strain in the threat landscape claims to have breached 30 organisations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organisations in the Middle East and North Africa last year. The affected entities are believed to be government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the U.S., U.K., and a dozen more countries in Asia, Europe, the Middle East, and South America.

https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html

COVID-19 Has Transformed Work, But Cyber Security Is Not Keeping Pace, Report Finds

An international survey of tech professionals from the Thales Group finds some bleak news for the current state of data security: the COVID-19 pandemic has upended cyber security norms, and security teams are struggling to keep up. The problems appear to be snowballing; lack of preparation has led to a scramble resulting in poor data protection practices, outdated security infrastructure not receiving needed overhauls, a jumble of new systems that only make matters worse and priority misalignment between security teams and leadership.

https://www.techrepublic.com/article/covid-19-has-transformed-work-but-cybersecurity-isnt-keeping-pace-report-finds/

Colonial Pipeline Ransomware Attack Was The Result Of An Old VPN Password

It took only one dusty, no-longer-used password for the DarkSide cyber criminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cyber security experts. Attackers used the password to a VPN account that was no longer in use but still allowed them to remotely access Colonial Pipeline’s network, Charles Carmakal, senior vice president at FireEye’s cyber security consulting firm Mandiant, told Bloomberg in an interview, according to a published report on the news outlet’s website.

https://threatpost.com/darkside-pwned-colonial-with-old-vpn-password/166743/

Evil Corp Rebrands Ransomware To Escape Sanctions

Threat actors behind a notorious Russian cyber crime group appear to have rebranded their ransomware once again in a bid to escape US sanctions prohibiting victims from paying them. Experts took to Twitter to point out that a leak site previously run by the Babuk group, which famously attacked Washington DC’s Metropolitan Police Department (MPD), had rebranded to “PayloadBin.” The Babuk group claimed that it was shutting down its affiliate model for encrypting victims and moving to a new model back in April. A ‘new’ ransomware variant with the same name has also been doing the rounds of late, but according to CTO of Emsisoft, Fabian Wosar, it’s nothing more than a copycat effort by Evil Corp.

https://www.infosecurity-magazine.com/news/evil-corp-rebrands-ransomware/

Billions Of Passwords Leaked Online From Past Data Breaches

A list of leaked passwords discovered on a hacker forum may be one of the largest such collections of all time. A 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords, likely gathered from past data breaches.

https://www.techrepublic.com/article/billions-of-passwords-leaked-online-from-past-data-breaches/

Threats

Ransomware

• Emerging 'Prometheus' Ransomware Claims 30 Victims In A Dozen Countries, Palo Alto Networks Says

• Ransomware Gangs Are Increasingly Going After SonicWall Devices

• A Deep Dive Into Nefilim, A Ransomware Group With An Eye For $1BN+ Revenue Companies

• Fujifilm Refuses To Pay Ransomware Demand, Restores Network From Backups

Phishing

• New Sophisticated Email-Based Attack From Nobelium

• Phishing Emails Remain In User Inboxes Over 3 Days Before They're Removed

• This Phishing Email Is Pushing Password-Stealing Malware To Windows PCs

Other Social Engineering

• Dangerous Connections: Sextortion Scams Soar During Lockdown, ITV News Investigation Finds

• WhatsApp Hijack Scam Continues To Spread

Malware

• Pirated Games Helped A Malware Campaign Compromise 3.2 Million PCs

• Steam Gaming Platform Hosting Malware

• Mystery Malware Steals 26M Passwords From Millions Of PCs. Are You Affected?

• Unit 42 Discovers First Known Malware Targeting Windows Containers

• Freakout Malware Worms Its Way Into Vulnerable VMware Servers

Mobile

• Android Banking Malware Sharply Increased In The First Chunk Of 2021, Reckons ESET

Vulnerabilities

• Microsoft June 2021 Patch Tuesday: 50 Vulnerabilities Patched, Six Zero-Days Exploited In The Wild

• Adobe Issues Security Updates For 41 Vulnerabilities In 10 Products

• Update Google Chrome Right Now To Avoid A Zero-Day Vulnerability

• Puzzlemaker Attacks Exploit Windows Zero-Day, Chrome Vulnerabilities

• Another Brick In The Wall: eCrime Groups Leverage SonicWall VPN Vulnerability

• Google Patches Critical Android RCE Bug

• Intel Plugs 29 Holes In CPUs, Bluetooth, Security

• Critical Zero-Day Vulnerabilities Found In ‘Unsupported’ Fedena School Management Software

• Microsoft Office MSGraph Vulnerability Could Lead To Code Execution

• WordPress Force Installs Jetpack Security Update On 5 Million Sites

Data Breaches

• EA Got Hit By A Data Breach, And Hackers Are Selling Source Code

• Dutch Pizza Chain Discloses Breach After Hacker Tries To Extort Company

Organised Crime & Criminal Actors

• ANOM: Hundreds Arrested In Massive Global Crime Sting Using Messaging App

Cryptocurrency

• Bitcoin Falls After US Seizes Most Of Colonial Ransom

• Crypto Currency Dealers Face Closure For Failing Uk Money Laundering Test

Nation State Actors

• Gelsemium: When Threat Actors Go Gardening

• Security Researcher Says Attacks On Russian Government Have Chinese Fingerprints – And Typos, Too

• Novel ‘Victory’ Backdoor Spotted In Chinese APT Campaign

• Chinese Hackers Using Previously Unknown Backdoor

Denial of Service

• ‘Fancy Lazarus’ Cyber Attackers Ramp Up Ransom DDoS Efforts

• DDoS Attacks Increase 341% Amid Pandemic

Charities

• Hackers Stole $650,000 From Nonprofit And Got Away

Other News

• US Investigates Leak Of Records Showing Billionaires Pay Little Tax

• Most Mobile Finance Apps Vulnerable To Data Breaches

• Many Executives Still Don't Understand Basic Tech

• The Rise Of Cyber Security Debt

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.