Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

SMBs Increasingly Vulnerable To Ransomware, Despite The Perception They Are Too Small To Target

A new report this week warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year. The report revealed that during the first half of 2021, 4 out of 5 organisations experienced a cyber security breach originating from a vulnerability in their third-party vendor ecosystem. That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than $100,000.

https://www.helpnetsecurity.com/2021/08/10/smbs-ransomware/

May 2021 Saw A 440% Increase In Phishing, The Single Largest Phishing Spike On Record

In May 2021, a report revealed a 440% increase in phishing, holding the record for the single largest phishing spike in a single month. It also showed that industries such as oil, gas and mining saw a 47% increase in the same six-month period, with manufacturing and wholesale traders seeing a 32% increase. The report extends its yearly threat intelligence report, with updated metrics between January 1 and June 30 2021. It also investigates the latest trends in malware, phishing and crypto exchanges.

https://www.infosecurity-magazine.com/news/may-phishing-increase-webroot/

Users Can Be Just As Dangerous As Hackers

Most organisations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad. Most organisations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding. However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce. All these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of protecting against outside attackers. However, e2ee also resists internal governance and compliance programs.

https://thehackernews.com/2021/08/users-can-be-just-as-dangerous-as.html?m=1

With Crime-As-A-Service, Anyone Can Be An Attacker

Crime-as-a-Service (CaaS) is the practice of experienced cybercriminals selling access to the tools and knowledge needed to execute cyber crime – in particular, it’s often used to create phishing attacks. For hackers, phishing is one of the easiest ways to steal your organisation’s data. Traditionally, executing a successful phishing campaign required a seasoned cyber criminal with technical expertise and knowledge of social engineering. However, with the emergence of CaaS, just about anyone can become a master of phishing for a small fee.

https://www.helpnetsecurity.com/2021/08/03/crime-as-a-service/

The Rise Of Cloud Is Creating Security Blindspots

Businesses are growing increasingly reliant on cloud services, but with all the good, businesses must also face the bad, according to a new report which says that the rise of cloud means greater complexity and more security blind spots.

Increased expansion into the cloud has led to new risks. All of the respondents in the report had suffered at least one incident in their public cloud environment in the last year, with 30 percent saying they had no formal sign-off before pushing to production.

https://www.itproportal.com/news/the-rise-of-cloud-is-creating-security-blindspots/

Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily

A report has been released on the state of connected devices. The 2021 study addresses pandemic-related cyber security challenges, including the growth of connected devices and related increase of security risks from these devices as threat actors took advantage of chaos to launch attacks. The study incorporates security risk and trend analysis of anonymized data for the past 12 months (June 2020 through June 2021) across the company’s 500+ deployments in healthcare, life sciences, retail, and manufacturing verticals. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020).

https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/

The Value Of PII And How It Still Fuels Malign Activities In The Digital Ecosystem

The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums, an Intelligence report reveals. The research analysed the value of personally identifiable information (PII), drawing links between the breach economy, PII, and a range of emerging digital threats to executives and brands.

https://www.helpnetsecurity.com/2021/08/10/pii-value-digital-ecosystem/

Ransomware Payments Explode Amid ‘Quadruple Extortion’

Two reports slap hard figures on what’s already crystal clear: Ransomware attacks have skyrocketed, and ransomware payments are the comet trails that have followed them skyward. The average ransomware payment spiked 82 percent year over year: It’s now over half a million dollars, according to the first-half 2021 update report. As far as the sheer multitude of attacks goes, researchers on Thursday reported that they’ve identified and analysed 121 ransomware incidents so far in 2021, a 64 percent increase in attacks, year-over-year.

https://threatpost.com/ransomware-payments-quadruple-extortion/168622/

Hackers Netting Average Of Nearly $10,000 For Stolen Network Access

A new report from a cyber security company has spotlighted the thriving market on the dark web for network access that nets cyber criminals thousands of dollars. Researchers have examined network access sales on underground Russian and English-language forums before compiling a study on why criminals sell their network access and how criminals transfer their network access to buyers. More than 37% of all victims in a sample of the data were based in North America while there was an average price of $9,640 and a median price of $3,000.

https://www.zdnet.com/article/hackers-netting-average-of-nearly-10000-for-stolen-network-access/

1M Stolen Credit Cards Hit Dark Web For Free

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cyber criminal site dedicated to…selling payment-card credentials. Researchers noticed the leak of the payment-card data during a “routine monitoring of cyber crime and Dark Web marketplaces,” researchers said in a post published over the weekend. The cards were published on an underground card-selling market, AllWorld.Cards, and stolen between 2018 and 2019, according to info posted on the forum.

https://threatpost.com/1m-stolen-credit-cards-dark-web/168514/

Ransomware Group Demanding $50M In Accenture Security Breach

The hacker group behind a ransomware attack on global solution provider giant Accenture has made a ransom demand for $50 million, according to a cyber security firm that reports seeing the demand. The threat actor is demanding the $50 million in exchange for more than 6 TB of data, according to a tweet.

https://www.crn.com/news/security/ransomware-group-demanding-50m-in-accenture-security-breach-cyber-firm

Threats

Ransomware

• Top 5 Ransomware Operators By Income

• Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities

• Hackers Reportedly Threaten To Leak Data From Gigabyte Ransomware Attack

• Bitcoin Ransomware Hackers Hit Accenture

• Why Ransomware Is Such A Threat To Critical Infrastructure

• Ransomware Demands And Payments Hit New Records

• Synology Warns Of Malware Infecting NAS Devices With Ransomware

Phishing

• AI Wrote Better Phishing Emails Than Humans In A Recent Test

Other Social Engineering

• Cyber Fraud Shifts To Gaming, Travel And Leisure, Report Finds

Malware

• Discord Malware Is A Persistent And Growing Threat Warns Sophos

• Microsoft Warning: This Unusual Malware Attack Has Just Added Some New Tricks

• Experts Shed Light On New Russian Malware-As-A-Service Written In Rust

• IISpy: A Complex Server‑Side Backdoor With Anti‑Forensic Features

• Anatomy Of Native IIS Malware

Mobile

• A 5G Shortcut Leaves Phones Exposed to Stingray Surveillance

• Beware! New Android Malware Hacks Thousands of Facebook Accounts

IOT

• A Critical Random Number Generator Flaw Affects Billions Of IoT Devices

Vulnerabilities

• Microsoft's August 2021 Patch Tuesday: 44 Flaws Fixed, Seven Critical Including Print Spooler Vulnerability

• Microsoft Confirms There's Yet Another New Windows Print Spooler Security Bug

• Microsoft Exchange Server: Threat Actors Actively Scanning For Proxyshell Vulnerability, Researchers Warn

• Magento Update Released To Fix Critical Flaws Affecting E-Commerce Sites

• Vulnerability Found In Kindle E-Reader

• Got A Cheap Cisco Router In Your Home Office? If It's One Of These, There's An Exposed RCE Hole You Need To Plug

Organised Crime & Criminal Actors

• Attackers Started Exploiting a Router Vulnerability Just 2 Days After Its Disclosure

• Hackers Steal $600 Million In Crypto From DeFi Site Poly Network

Dark Web

• 1M Stolen Credit Cards Hit Dark Web For Free

Supply Chain

• MSSPs Particularly Vulnerable To Cisco FDM Flaw

DoS/DDoS

• Attackers Increasingly Turning to DDoS As A Ransom Vector

Nation State Actors

• Briton Suspected Of Spying For Russia Arrested In Germany

• Putin Is Crushing Biden’s Room To Negotiate On Ransomware

Cloud

• Data Of Three Million Elderly Citizens Exposed In Cloud Security Oversight

• AWS S3 Can Be A Security Risk For Your Business

Privacy

• UN Human Rights Experts Call For Spyware Crackdown

• Apple Says ‘Screeching Minority” Who Object Against Their Photos Being Scanned For The Police ‘Have Misunderstanding’

• Is Your Router Giving Away Your Location?

Other News

• The Challenges Healthcare CISOs Face In An Evolving Threat Landscape

• Hacker Shares The Scariest Things He's Seen On The Dark Web

• Researchers Develop RISC-V Chip for Quantum-Resistant Encryption

• Quantum Computers Could Threaten Blockchain Security. These New Defenses Might Be The Answer

• Saving Money By Holding Onto Old Tech Is Costing Us All Billions

• Unwanted Bot Traffic Costs Businesses $250 Million A Year

• Attacks Against Industrial Networks Will Become A Bigger Problem. We Need To Fix Security Now

• Kaseya's Universal Revil Decryption Key Leaked On A Hacking Forum

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

5 Reasons Why Enterprises Need Cyber Security Awareness And Training

Research shows that most cyber attacks rely on exploiting the human factor with the help of creative and innovative phishing techniques and other attack vectors. Almost 90% of all data breaches are caused due to human error. Therefore, even if an organisation has a robust cyber security infrastructure in place, the absence of cyber security awareness among employees can leave a huge gap in its cyber security framework. This gap can be easily exploited by cyber criminals to launch various types of cyber attacks. Hence, cyber security awareness and training are very much needed for any enterprise to secure it against cyber attacks.

https://securityboulevard.com/2021/04/5-reasons-why-enterprises-need-cyber-security-awareness-and-training/

Ban Ransom Payments To Hackers, Urges Ex-GCHQ Boss

Britain’s former cyber security chief has called for a ban on ransomware payments after the Irish health service became the latest to be hit by a major attack from international criminals. Ciaran Martin, the founding chief executive of GCHQ’s National Cyber Security Centre (NCSC), said that making payments illegal would help to break the lucrative global hacking business model. Martin said that businesses were helping to fund the organised criminals who locked and stole their data. “At the moment you can pay to make it quietly go away. There’s no legal obligations involved,” he said. “There’s no obligation to report to anybody, there’s no traceability of payment of crypto currency. We have allowed this to spiral in an invisible way.”

https://www.thetimes.co.uk/article/stop-paying-hackers-ransom-demands-ex-gchq-cybersecurity-chief-warns-323fqg8zt

Ransomware’s New Swindle: Triple Extortion

Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial breach to grab even more cash for their crimes. Check Point’s latest ransomware report found that over the past year, ransomware payments have spiked by 171 percent, averaging about $310,000 — and that globally, the number of attacks has surged by 102 percent.

https://threatpost.com/ransomwares-swindle-triple-extortion/166149/

‘It’s A Battle, It’s Warfare’: Experts Seek To Defeat Ransomware Attackers

Cyber security experts like to joke that the hackers who have turned ransomware attacks into a multibillion-dollar industry are often more professional than even their biggest victims. Ransomware attacks — when cyber attackers lock up their target’s computer systems or data until a ransom is paid — returned to the spotlight this week after attacks hit one of the biggest petroleum pipelines in the US, Toshiba’s European business, and Ireland’s health service. While governments have pledged to tackle the problem, experts said the criminal gangs have become more enterprising and continue to have the upper hand. For businesses, they said, there is more pain to come. “This is probably the biggest conundrum in security because companies have to decide how far they participate in this cat-and-mouse game,” said Myrna Soto, former chief strategy and trust officer at Forcepoint and current board member of gas and electricity group Consumers Energy. “It’s a battle, it’s warfare, to be honest.”

https://www.ft.com/content/b48a2d70-4a8c-4407-83a2-59cd055068f8

Colonial Pipeline Boss Confirms $4.4M Ransom Payment

Its boss told the Wall Street Journal he authorised the payment on 7 May because of uncertainty over how long the shutdown would continue. "I know that's a highly controversial decision," Joseph Blount said in his first interview since the hack. The 5,500-mile (8,900-km) pipeline carries 2.5 million barrels a day. According to the firm, it carries 45% of the East Coast's supply of diesel, petrol and jet fuel. Chief executive Mr Blount told the newspaper that the firm decided to pay the ransom after discussions with experts who had previously dealt with DarkSide, the criminal organisation behind the attack.

https://www.bbc.co.uk/news/business-57178503

10 Emerging Cyber Security Trends To Watch In 2021

A flurry of new threats, technologies and business models have emerged in the cyber security space as the world shifted to a remote work model in response to the COVID-19 pandemic. The lack of a network perimeter in this new world accelerated the adoption of SASE (secure access service edge), zero trust and XDR (extended detection and response) to ensure remote users and their data are protected. Adversaries have taken advantage of the complexity introduced by newly remote workforces to falsely impersonate legitimate users through credential theft and have upped the ante by targeting customers in the victim’s supply chain. The ability to monetize ransomware attacks by threatening to publicly leak victim data has made it more lucrative, while employers continue to fend off insiders with an agenda.

https://www.crn.com/news/security/10-emerging-cybersecurity-trends-to-watch-in-2021

How Penetration Testing Can Promote A False Sense Of Security

Rob Gurzeev is concerned about blind spots—past and present. In his DarkReading article Defending the Castle: How World History Can Teach Cyber security a Lesson, Gurzeev mentioned, "Military battles bring direct lessons and, I find, often serve as a reminder that attack surface blind spots have been an Achilles' heel for defenders for a long time." "Cyber security attackers follow this same principle today," wrote Gurzeev. "Companies typically have a sizable number of IT assets within their external attack surface they neither monitor nor defend and probably do not know about in the first place."

https://www.techrepublic.com/article/how-penetration-testing-can-promote-a-false-sense-of-security/

Ransomware Attacks Are Only Getting Worse, Darkside Group "Quits," But That May Just Be A Strategy

Earlier this month, a hacker group named DarkSide launched a ransomware attack against the business network of the Colonial Pipeline, forcing the company to shut down the 5,500-mile main pipeline and leading to fuel shortages in 17 states and Washington DC last week. According to a Bloomberg report, Colonial paid 75 Bitcoin (around $5 million on the day of the transaction) in ransom to the Eastern European hackers, but officially the company has maintained a different narrative of not having any intention of paying the extortion fee in crypto currency, as the DarkSide group had demanded. However, the Georgia-based company is said to have made the payment within hours of the attack, possibly using a cyber insurance policy to cover it.

https://www.techspot.com/news/89689-ransomware-attacks-only-getting-worse-darkside-group-quits.html

Learning From Cyber Attacks Could Be The Key To Stopping Them

Organisations should use major cyber incidents as a way to think through the core of their security strategies in order to prevent or recover better from similar attacks. "A significant cyber incident is really an opportunity; because it's an opportunity to focus on the core issues that led to these cyber incidents," said Anne Neuberger, deputy national security advisor for cyber and emerging technology at the White House, speaking at the UK National Cyber Security Centre's (NCSC) CYBERUK 21 virtual conference. Neuberger said that whether it's something like the SolarWinds sophisticated supply chain attack or the Colonial Pipeline ransomware incident, "we know that vulnerabilities across software and hardware can bring on larger concerns", but that looking at the core issues can help everyone improve their security.

https://www.zdnet.com/article/learning-from-cyber-attacks-could-be-the-key-to-stopping-them/

Microsoft Remote Desktop Protocol (RDP) Allegedly Has An Alarming Active Vulnerability

The Remote Desktop Protocol (RDP) is an incredibly useful feature used by likely millions of people every day. Considering it is free and preinstalled from Microsoft, it beats out most other Windows-based remote desktop software with ease. This, however, does not give it a free pass from having flaws; however, as a security researcher has discovered his password in cleartext within the RDP service’s memory. Researcher Jonas Lykkegård of the Secret Club, a group of hackers, seems to stumble across interesting things from time to time. He recently posted to Twitter about finding a password in cleartext in memory after using the RDP service. It seems he could not believe what he had found, as he tested it again and produced the same results using a new local account.

https://hothardware.com/news/remote-desktop-protocol-storing-passwords-in-cleartext-in-accessible-memory

Amazon’s Ring Is The Largest Civilian Surveillance Network The US Has Ever Seen

In a 2020 letter to management, Max Eliaser, an Amazon software engineer, said Ring is “simply not compatible with a free society”. We should take his claim seriously. Ring video doorbells, Amazon’s signature home security product, pose a serious threat to a free and democratic society. Not only is Ring’s surveillance network spreading rapidly, it is extending the reach of law enforcement into private property and expanding the surveillance of everyday life. What’s more, once Ring users agree to release video content to law enforcement, there is no way to revoke access and few limitations on how that content can be used, stored, and with whom it can be shared.

https://www.theguardian.com/commentisfree/2021/may/18/amazon-ring-largest-civilian-surveillance-network-us

Ransomware Attacks Are Spiking. Is Your Company Prepared?

With the migration to remote work over the last year, cyber attacks have increased exponentially. We saw more attacks of every kind, but the headline for 2020 was ransom attacks, which were up 150% over the previous year. The amount paid by victims of these attacks increased more than 300% in 2020. Already 2021 has seen a dramatic increase in this activity, with high-profile ransom attacks against critical infrastructure, private companies, and municipalities grabbing headlines on a daily basis. The amount of ransom demanded also has significantly increased this year, with some demands reaching tens of millions of dollars. And the attacks have become more sophisticated, with threat actors seizing sensitive company data and holding it hostage for payment.

https://hbr.org/2021/05/ransomware-attacks-are-spiking-is-your-company-prepared

Threats

Ransomware

• Insurer AXA Hit By Ransomware After Dropping Support For Ransom Payments

• The Bizarre Story Of The Inventor Of Ransomware

• One Of The US’s Largest Insurance Companies Reportedly Paid $40 Million To Ransomware Hackers

• Cyber Attack 'Most Significant On Irish State'

• Double-Extortion Ransomware Attacks On The Rise

• Darkside Ransomware Made $90 Million In Just Nine Months

• Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data

Phishing

• Microsoft, Google Clouds Hijacked For Gobs Of Phishing

• Ofwat Reveals It Has Received 20,000 Spam And Phishing Emails So Far This Year

Other Social Engineering

• Fraudsters Employ Amazon ‘Vishing’ Attacks In Fake Order Scams

Malware

• Experts Warn About Ongoing AutoHotKey-Based Malware Attacks

• Microsoft Warns: Watch Out For This New Malware That Steals Passwords, Webcam And Browser Data

• FIN7 Backdoor Masquerades As Ethical Hacking Tool

Mobile

• 4 Vulnerabilities Under Attack Give Hackers Full Control Of Android Devices

• Take Action Now – Flubot Malware May Be On Its Way

• Bizarro Banking Trojan Sports Sophisticated Backdoor

• 100M Android Users Hit By Rampant Cloud Leaks

IoT

• Four New Video Doorbells And Home Security Cameras Are Vulnerable To Hacking

• EufyCam Users Should Turn Off Their Security Cams Immediately

Vulnerabilities

• Windows PoC Exploit Released For Wormable RCE

• Windows 10 Security Targeted Via New Critical Vulnerability

• Exploit Released For Wormable Windows HTTP Vulnerability

• QNAP Warns Of eCh0raix Ransomware Attacks, Roon Server Zero-Day

• Cross-Browser Tracking Vulnerability Tracks You Via Installed Apps

• More Security Flaws Found In Apple Airtags

Cryptocurrency

• Elon Musk Impersonators Stole More Than $2M In Crypto Currency Scams

Supply Chain

• Rapid7 Is The Latest Victim Of A Software Supply Chain Breach

Nation State Actors

• Ireland’s Health Service: Russian Hackers Made Their First Attack Two Weeks Ago

Denial of Service

• Keksec Cyber Gang Debuts Simps Botnet for Gaming DDoS

Cloud

• Cloud Compromise Now The Biggest Cyber Security Issue For Financial Institutions

• Privacy Regulations Making Cloud Migration Complex

Governance, Risk and Compliance

• Cyber Security Spending To Hit $150 Billion This Year

Reports Published in the Last Week

• DDoS Attacks Up 31% In Q1 2021: Report

Other News

• Hackers Used To Be Humans. Soon, AIs Will Hack Humanity

• Solarwinds CEO Reveals Much Earlier Hack Timeline, Regrets Company Blaming Intern

• Cyber Criminals Scanned For Vulnerable Microsoft Exchange Servers Within Five Minutes Of News Going Public

• The Moral Underground? Ransomware Operators Retreat

• Verizon: Pandemic Ushers In ⅓ More Cyber Misery

• The Bizarre Story Of The Inventor Of Ransomware

• Should Encryption Be Curbed To Combat Child Abuse?

• 5 Ways Hackers Hide Their Tracks

• The Next Big Gasoline Shortage Is Coming

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Gangs Made At Least $350 Million In 2020

Ransomware gangs made at least $350 million in ransom payments last year, in 2020, blockchain analysis. The figure was compiled by tracking transactions to blockchain addresses linked to ransomware attacks. Although Chainalysis possesses one of the most complete sets of data on cryptocurrency-related cybercrime, the company said its estimate was only a lower bound of the true total due.

https://www.zdnet.com/article/ransomware-gangs-made-at-least-350-million-in-2020/

Home Working Increases Cyber Security Fears

"We see tens of different hacking attacks every single week. It is never ending."A senior computer network manager says they are bombarded from all directions. "We see everything," he says. "Staff get emails sent to them pretending to be from the service desk, asking them to reset their log-in passwords. "We see workers being tricked into downloading viruses from hackers demanding ransoms, and we have even had employees sent WhatsApp messages pretending to be from the CEO, asking for money transfers.

https://www.bbc.co.uk/news/business-55824139

3.2 Billion Emails And Passwords Exposed Online

A whopping 3.2 billion password-username pairs are up for grabs in an unnamed online hacking forum. But don't panic — the data is nothing new. It's a compilation of stolen credentials from dozens of old data breaches, some going back ten years. That doesn't mean you shouldn't be aware that your old passwords are floating out there. Yes, your passwords, and ours too. Pretty much anyone who's ever created more than three online accounts has had a password compromised by now.

https://www.tomsguide.com/news/3-2-billion-passwords-leaked

Account Takeover Attacks Spiked In 2020

Occurring whenever a bad actor can steal login credentials and seize control of an online account, takeover attacks rose from 34% of fraud detected in 2019 to 54% by the end of December 2020. Other methods of fraud were blips on the radar compared to account takeovers: The next most popular method, at just 16% of detected fraud, was money laundering/mule transactions, followed by new account fraud (14%), and a mere 12% of instances used remote access or hacking tools to accomplish their goals.

https://www.techrepublic.com/article/account-takeover-attacks-spiked-in-2020-kaspersky-says/

30% Of “Solarwinds Hack” Victims Didn’t Actually Use Solarwinds

When security last week that it had been targeted by the same attacker that compromised SolarWinds' Orion software, it noted that the attack did not use SolarWinds itself. According to Malwarebytes, the attacker had used "another intrusion vector" to gain access to a limited subset of nearly a third of the organizations attacked had no direct connection to SolarWinds.

https://arstechnica.com/information-technology/2021/01/30-of-solarwinds-hack-victims-didnt-actually-use-solarwinds/

Data Leakage Attacks Saw Huge Rise In 2020

The number of data leakage incidents grew by an “unprecedented” rate in 2020, a new report from Imperva argues. Through online means alone, not counting leaks caused by lost hardware or word of mouth, Imperva researchers tracked a 93 percent rise. By the end of the year, Imperva had identified a total of 1.7 million leaks, with the the number growing even faster in the second half of the year. Between Q3 and Q4, there was a 47 percent increase.

https://www.itproportal.com/news/data-leakage-attacks-saw-huge-rise-in-2020/

Automated Tools Increasingly Used to Launch Cyber Attacks

Cyber-criminals are increasingly making use of automation and bots to launch attacks, according to a new analysis. revealed that over half (54%) of all cyber-attacks it blocked in November and December were web application attacks which involved the use of automated tools. The most prevalent form was fuzzing attacks, making up around one in five (19.5%). This uses automation to detect and exploit the points at which applications break. This was followed by injection attacks (12%), in which cyber-criminals make use of automation tools such as sqlmap to gain access to applications.

https://www.infosecurity-magazine.com/news/automated-tools-launch-cyber/

A Second SolarWinds Hack Deepens Third-Party Software Fears

It’s been more than two months since revelations that alleged Russia-backed hackers broke into the IT management firm SolarWinds and used that access to launch a massive software supply chain attack. It now appears that Russia was not alone; Reuters reports that suspected Chinese hackers independently exploited a different flaw in SolarWinds products last year at around the same time, apparently hitting the US Department of Agriculture's National Finance Center.

https://www.wired.com/story/solarwinds-hack-china-usda/

93% Of Workers Overshare Online, Causing Security Risks

Reveals just how much, and how often, people divulge about their lives online and how attackers take advantage of it. With insights from both professionals and hackers, the report explores how cybercriminals use an abundant and seemingly cheap resource — the personal information people share on social media and in out-of-office alerts — to craft social engineering attacks.

https://www.helpnetsecurity.com/2021/02/03/workers-overshare-online/

Is There A Widening Gulf Between You And Your Remote Workers? Yes – And It’s Security Shaped

It’s been almost a year since large parts of the workforce beat a hasty retreat from their offices, and began a mass experiment in working from home, often courtesy of Microsoft 365. And after 12 or so months, it’s safe to say that the case for productive remote working has been proved, and that many workers will continue to do so even when the all clear sounds. But is there a question as to whether remote working is as secure as the traditional, office bound, hard perimeter setup? Well, yes, and it’s fair to say the jury is still very much out.

https://www.theregister.com/2021/02/04/mind_the_security_gap_regcast/

Threats

Ransomware

• US Shipping Giant Loses $7.5m in Ransomware Attack

• Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again

• Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains

• 2021's First Big Ransomware Gang Launches Sleek and Bigoted 'Leak' Site

• UK Research and Innovation suffers ransomware attack

• Serco cyber attack: Belgian military and European Space Agency told 'no data compromised' despite hack

• Ransomware gangs now have industrial targets in their sights. That raises the stakes for everyone

Other Social Engineering

• Many of us are sharing too much information on social media

Malware

• Crypto malware targets Kubernetes clusters, say researchers

• This malware abuses Tor and Telegram infrastructure to evade detection

• Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET

• Experts discovered a new Trickbot module used for lateral movement

• Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection

Mobile

• Android Devices Prone to Botnet’s DDoS Onslaught

Vulnerabilities

• Google patches an actively exploited Chrome zero-day

• Five Critical Android Bugs Patched, Part of Feb. Security Bulletin

• Recent root-giving Sudo bug also impacts macOS

• SonicWall zero-day exploited in the wild

Data Breaches

• Security firm Stormshield discloses data breach, theft of source code

• Female escort review site data breach affects 470,000 members

• Over Three Million US Drivers Exposed in Data Breach

• Foxtons customer data leaked onto the dark web

Nation-State Actors

• Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers

Other News

• Google says it’s too easy for hackers to find new security flaws

• U.K. Arrest in ‘SMS Bandits’ Phishing Service

• Microsoft tracked a system sending a million malware emails a month. Here's what it discovered

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.