Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 31 March 2023
Black Arrow Cyber Threat Briefing 31 March 2023:
-Phishing Emails Up a Whopping 569% in 2022
-The End User Password Mistakes Putting Your Organisation at Risk
-Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse
-71% of Employees Keep Work Passwords on Personal Devices
-Cyber Crime Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe
-Security Flaws Cost Fifth of Executive’s Businesses
-Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats
-Only 10% of Workers Remember All Their Cyber Security Training
-Silence Gets You Nowhere in a Data Breach
-Just 1% of Cloud Permissions are Actively Used
-Dangerous Misconceptions About Emerging Cyber Threats
-‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Phishing Emails Up a Whopping 569% in 2022
The volume of phishing emails sent in 2022 spiked by a jaw-dropping 569% according to a new report. Based on data from 35 million users, the report details the astronomical rise of email phishing as a tactic among threat actors in 2022. Key findings from the report include the number of credential phishing emails sent spiked by 478% and, for the eighth consecutive year, business email compromise (BEC) ranked as the top cyber crime.
https://www.darkreading.com/attacks-breaches/phishing-emails-up-whopping-569-percent-2022
The End User Password Mistakes Putting Your Organisation at Risk
Businesses rely on their end users, but those same users often don't follow the best security practices. Without the right password security policies, a single end user password mistake can be a costly breach of your organisation's defences. End users want to do their work quickly and efficiently, but sharing, reusing and weak passwords can put your organisation at risk so having the right policies in place is essential for security.
Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse
The risk score for the average company worsened in the past year as companies fail to adapt to data exfiltration techniques and adequately protect web applications. Companies' effective data-exfiltration risk increased to 44 out of 100 (with 100 indicating the riskiest posture) in 2022, from an average score of 30 in the previous year, indicating that the overall risk of data being compromised has increased. That's according to rankings by Cymulate, who crunched data on 1.7 million hours of offensive cyber security testing. The research noted that while many companies are improving the adoption of strict network and group policies, attackers are adapting to sidestep such protections. They also found that four of the top-10 CVEs (known vulnerabilities) identified in customer environments were more than two years old.
https://www.darkreading.com/cloud/millions-pen-tests-companies-security-posture-getting-worse
71% of Employees Keep Work Passwords on Personal Devices
71% of employees store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work, according to a new mobile bring your own device (BYOD) security report this week, with the report also suggesting 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps. With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information. The use of personal devices and personal apps was the direct cause of many high-profile corporate breaches and this is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals as threat actors know there are fewer security controls on personal mobile devices than on corporate ones.
https://www.infosecurity-magazine.com/news/70-employees-keep-work-passwords/
Cyber Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe
More than a year into the war in Ukraine, hackers have extended the cyber battleground to Eastern and Northern Europe with the number of incidents in those geographies spiking noticeably. A new report shows that cyber warfare inside the conflict has “clearly moved on” from the beginnings of the war. Over the last 12 months, the research reports that the majority of incidents only affecting Ukraine in the first quarter of 2022 (50.4%) sank to 28.6% in the third period. But European Union countries have seen a spike in incidents related to the war in the past six months from 9.8% to 46.5%. Indeed, the number of attacks on EU countries in the third quarter of 2022 totalled just slightly less than those in the Ukraine. And, in the first quarter of this year, more than 80% of incidents occurred inside the European Union. Cyber is now a crucial weapon in the arsenal of new instruments of war, alongside disinformation, manipulation of public opinion, economic warfare, sabotage and guerrilla tactics. With the lateralisation of the conflict from Ukraine to the rest of Europe, Western Europe should be wary of possible attacks on critical infrastructure in the short term if the conflict continues to accelerate.
Security Flaws Cost Fifth of Executives New Business
Boards continue to under-appreciate the value of cyber security to the business, despite acknowledging its critical role in winning new business and talent, according to Trend Micro. The security giant polled 2,718 business decision makers globally to compile its Risky Rewards study and it found that half (51%) believe cyber security is a necessary cost but not a revenue contributor. 48% argue that its value is limited to threat prevention and two-fifths (38%) see security as a barrier rather than a business enabler. That’s despite a fifth (19%) acknowledging that poor security posture has already impacted their ability to win new business, and 57% thinking there is a strong connection between cyber and client acquisition.
https://www.infosecurity-magazine.com/news/fifth-execs-security-flaws-cost/
Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats
Insider risk is emerging as one of the most challenging threats for organisations to detect, mitigate and manage, Code42 Software said in its annual Data Exposure Report for 2023. To compile data for the study they surveyed some 700 cyber security leaders, managers and practitioners and whilst more than 72% of companies indicated they have an insider risk management (IRM) program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%. 71% of respondees expect data loss from insider events to increase in the next 12 months. Insider incidents are costing organisations $16 million per incident on average, and chief information security officers (CISOs) say that insider risks are the most challenging type of threat to detect. Data loss from insiders is not a new problem but it has become more complex with workforce turnover and cloud adoption.
Only 10% of Workers Remember All Their Cyber Security Training
New research has found that only 10% of workers remember all their cyber security training. Furthermore, only half of employees are undergoing regular training, and a quarter aren’t receiving any training at all. Organisations should look to carry out effective and regular training that is tailored to their employees to increase the chance of training content being retained, with a programme of ongoing continual reinforcement.
Silence Gets You Nowhere in a Data Breach
In cyber security, the phrase “what they don’t know won’t hurt them” is not only wrong, it’s dangerous. Despite this, it’s a motto that remains in many organisations’ PR playbooks, as demonstrated by the recent LastPass and Fortra data breaches. Smaller companies, too, are employing a silent-treatment approach to data breaches, and cyber attacks are now a fact of doing business with almost half of US organisations having suffered a cyber attack in 2022. Attackers are increasingly targeting smaller businesses due to the fact they are seen as easier targets than large companies.
https://techcrunch.com/2023/03/29/silence-gets-you-nowhere-in-a-data-breach/
Just 1% of Cloud Permissions are Actively Used
According to Microsoft, a surge in workload identities, super admins and “over-permissioning” is driving the increase in cyber risk for organisations. Just 1% of users are using the permissions granted to them for day-to-day work. Worryingly, this leaves a significant number of unnecessary permissions which could be used by an attacker to elevate their privileges.
https://www.infosecurity-magazine.com/news/just-1-of-cloud-permissions-used/
Dangerous Misconceptions About Emerging Cyber Threats
Organisations are leaving common attack paths exposed in their quest to combat emergent threats, according to a new report that delves into the efficacy of different security controls, the most concerning threats as tested by organisations worldwide, and top cyber security best practices for 2023. One of the key findings of the report is that many organisations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats, and whilst this is good, it should not take away from assessing threats and exposures that are more likely actively targeting the business.
https://www.helpnetsecurity.com/2023/03/30/misconceptions-emerging-cyber-threats/
‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
Europol has warned that criminals are set to take advantage of artificial intelligence to commit fraud and other crimes. Europol highlighted that ChatGPT could be used to speed up criminal research, impersonate speech styles for phishing and write code. Furthermore, despite ChatGPT having safeguards, Europol note that these can be circumvented.
https://www.securityweek.com/grim-criminal-abuse-of-chatgpt-is-coming-europol-warns/
Threats
Ransomware, Extortion and Destructive Attacks
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO
Clop Keeps Racking Up Ransomware Victims With GoAnywhere Flaw (darkreading.com)
New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)
Publicly disclosed US ransomware attacks in 2023 | TechTarget
Virgin Group added to Cl0p gang’s victim leak site | Cybernews
New York law firm coughs up $200k after hospital data stolen • The Register
Telecom giant Lumen suffered a ransomware attack-Security Affairs
Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity | Ars Technica
DarkBit puts data from Israel’s Technion university on sale | CSO Online
Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News
Children’s data feared stolen in Fortra ransomware attack | TechCrunch
Phishing & Email Based Attacks
Phishing Emails Up a Whopping 569% in 2022 (darkreading.com)
IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)
These next-level phishing scams use PayPal or Google Docs to steal your data | TechRadar
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)
BEC – Business Email Compromise
BEC scammers are after physical goods, the FBI warns - Help Net Security
Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)
New BEC Tactics Enable Fake Asset Purchases - Infosecurity Magazine (infosecurity-magazine.com)
FBI: Business email compromise tactics used to defraud US vendors (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)
MacStealer macOS malware appears in cyber crime underground--Security Affairs
Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert
Microsoft confirms Defender has gone rogue as it's flagging legit links as malware - Neowin
North Korean malware-spreading, crypto-stealing gang named • The Register
Malware disguised as Tor browser steals $400k in cryptocash • The Register
NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)
Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Realtek and Cacti flaws now actively exploited by malware botnets (bleepingcomputer.com)
AlienFox malware caught in the cloud hen house • The Register
Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)
IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)
Mobile
Android-based banking Trojan Nexus now available as malware-as-a-service | CSO Online
Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)
Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)
Android app from China executed 0-day exploit on millions of devices | Ars Technica
Google again accused of destroying evidence in Android case • The Register
Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)
Samsung keeps ignoring a huge security flaw in millions of Galaxy phones - SamMobile
iOS Vs. Android – Which Is The More Secure Platform? (informationsecuritybuzz.com)
Botnets
Denial of Service/DoS/DDOS
Internet of Things – IoT
Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)
This devious cyber attack can target all your smart speakers without you realizing | TechRadar
Gone in 120 seconds: Tesla Model 3 child's play for hackers • The Register
Data Breaches/Leaks
Fortra told breached companies their data was safe | TechCrunch
Procter & Gamble confirms data theft via GoAnywhere zero-day (bleepingcomputer.com)
New York law firm coughs up $200k after hospital data stolen • The Register
Toyota scrambles to patch customer data leak-Security Affairs
500k Impacted by Data Breach at Debt Buyer NCB - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Malware disguised as Tor browser steals $400k in cryptocash • The Register
NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)
Insider Risk and Insider Threats
Only 10% of workers remember all their cyber security training - IT Security Guru
Data loss from insider events increase despite IRM programs, says study | CSO Online
Stop Blaming the End User for Security Risk (darkreading.com)
Fraud, Scams & Financial Crime
Visa fraud expert outlines the many faces of payment ecosystem fraud - Help Net Security
Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert
Deepfakes
AML/CFT/Sanctions
Insurance
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)
Supply Chain and Third Parties
Hackers compromise 3CX desktop app in a supply chain attack (bleepingcomputer.com)
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)
Cloud/SaaS
Just 1% of Cloud Permissions Are Actively Used - Infosecurity Magazine (infosecurity-magazine.com)
Where SSO Falls Short in Protecting SaaS (thehackernews.com)
CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)
Balancing security risks and innovation potential of shadow IT teams - Help Net Security
AlienFox malware caught in the cloud hen house • The Register
Hybrid/Remote Working
Cyber security focus in second Digital Europe work programme – EURACTIV.com
More companies are watching their remote workers WFH on camera | Fortune
Shadow IT
Identity and Access Management
Encryption
API
Passwords, Credential Stuffing & Brute Force Attacks
The End-User Password Mistakes Putting Your Organisation at Risk (bleepingcomputer.com)
New Research Examines Traffers and the Business of Stolen Credentials - IT Security Guru
Social Media
Training, Education and Awareness
The era of passive cyber security awareness training is over - Help Net Security
Only 10% of workers remember all their cyber security training - IT Security Guru
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
Cyber security vs. Everyone: From Conflict to Collaboration (darkreading.com)
Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)
How cyber security decision-makers perceive cyber resilience - Help Net Security
NCSC issues revised security Board Toolkit for business leaders | Computer Weekly
The CISO Mantra: Get Ready to Do More With Less (darkreading.com)
Models, Frameworks and Standards
Backup and Recovery
Law Enforcement Action and Take Downs
FBI confirms access to Breached cyber crime forum database (bleepingcomputer.com)
UK creates fake DDoS-for-hire sites to identify cyber criminals (bleepingcomputer.com)
Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)
20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison (thehackernews.com)
Privacy, Surveillance and Mass Monitoring
UK Introduces Mass Surveillance With Online Safety Bill - SecurityWeek
FBI Spent Tens of Thousands of Dollars on Bulk Data Collection (gizmodo.com)
Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News
More companies are watching their remote workers WFH on camera | Fortune
Artificial Intelligence
'Grim' Criminal Abuse of ChatGPT is Coming, Europol Warns - SecurityWeek
In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT | WIRED
Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT - SecurityWeek
AI-fuelled search gives more power to the bad guys | CSO Online
Hacker demonstrates security flaws in GPT-4 just one day after launch | VentureBeat
Godfather of AI Says There's a Minor Risk It'll Eliminate Humanity (futurism.com)
Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News
AI has figured out how to draw deepfake hands | The Independent
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Putin and Xi’s plot to control the internet will leave the West in the dust (telegraph.co.uk)
In A Surprise, China-Linked TikTok Grabs Power Norway Needs To Make Ammo (forbes.com)
Cyber crime Front Lines in Russia-Ukraine War Move to Eastern and Northern Europe - MSSP Alert
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
'Bitter' espionage hackers target Chinese nuclear energy orgs (bleepingcomputer.com)
Earth Preta’s Cyber Espionage Campaign Hits Over 200 (trendmicro.com)
Biden White House Issues Executive Order on Commercial Spyware (gizmodo.com)
North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations (thehackernews.com)
Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)
Over 200 Organisations Targeted in Chinese Cyber Espionage Campaign - SecurityWeek
Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits (darkreading.com)
Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Pro-Russian hackers target elected US officials supporting Ukraine | Ars Technica
Russian spies more effective than army, say experts - BBC News
Cyber warfare leaks show Russian army is adopting mindset of secret police | Cyberwar | The Guardian
Nation State Actors
Uncle Sam sent cyber-soldiers to Albania to combat Iran • The Register
Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)
Android app from China executed 0-day exploit on millions of devices | Ars Technica
China urges Apple to improve security and privacy • The Register
North Korean malware-spreading, crypto-stealing gang named • The Register
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Vulnerability Management
What you need before the next vulnerability hits - Help Net Security
Vulnerability management vs. risk management, compared | TechTarget
Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report - SecurityWeek
Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)
Ignoring network automation is a ticking time bomb for security - Help Net Security
Vulnerabilities
Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April - SecurityWeek
Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)
Apple patches everything, including a zero-day fix for iOS 15 users – Naked Security (sophos.com)
QNAP fixed Sudo privilege escalation bug in NAS devices-Security Affairs
Patch Now: Cyber criminals Set Sights on Critical IBM File Transfer Bug (darkreading.com)
Super FabriXss flaw in Microsoft Azure SFX could lead to RCE-Security Affairs
OpenAI quickly fixed account takeover bugs in ChatGPT-Security Affairs
Tools and Controls
Even with defence tools, CISOs say cyber attacks are ‘inevitable’ (techrepublic.com)
The era of passive cyber security awareness training is over - Help Net Security
Only 10% of workers remember all their cyber security training - IT Security Guru
Prioritizing data security amid workforce disruptions - Help Net Security
Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)
For database security it's down to people, not tech fixes • The Register
Known unknowns: Refining your approach to uncategorized web traffic - Help Net Security
Understanding adversaries through dark web intelligence - Help Net Security
Where SSO Falls Short in Protecting SaaS (thehackernews.com)
How Does Data Literacy Enhance Data Security? (darkreading.com)
CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)
With Security Copilot, Microsoft brings the power of AI to cyber defence - Stories
Compare breach and attack simulation vs. penetration testing | TechTarget
Ignoring network automation is a ticking time bomb for security - Help Net Security
Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches | WIRED
Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo (thehackernews.com)
Diagnose your SME’s Cyber security and Scan for Recommendations — ENISA (europa.eu)
Protect your entire business with the right authentication method - Help Net Security
Microsoft Defender is flagging legit URLs as malicious • The Register
Managing security in the cloud through Microsoft Intune | CSO Online
Top 5 SD-WAN Challenges and How to Prepare for Them | TechTarget
Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)
The best defence against cyber threats for lean security teams - Help Net Security
Overcoming obstacles to introduce zero-trust security in established systems - Help Net Security
The foundation of a holistic identity security strategy - Help Net Security
The CISO Mantra: Get Ready to Do More With Less (darkreading.com)
Other News
Hackers changed tactics, went cross-platform in 2022, says Trend Micro | CSO Online
WiFi protocol flaw allows attackers to hijack network traffic (bleepingcomputer.com)
Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)
How CISOs Can Reduce the Danger of Using Data Brokers (darkreading.com)
How Does Data Literacy Enhance Data Security? (darkreading.com)
Microsoft uses carrot and stick with Exchange Online admins • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 February 2023
Black Arrow Cyber Threat Briefing 03 February 2023:
-Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief
-Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks
-The Corporate World is Losing its Grip on Cyber Risk
-Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks
-Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023
-The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will come from the Inside
-98% of Organisations Have a Supply Chain Relationship That Has Been Breached
-New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
-Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation
-Financial Services Targeted in 28% of UK Cyber Attacks Last Year
-Phishing Attacks are Getting Scarily Sophisticated. Here’s what to Watch Out For
-City of London on High Alert After Ransomware Attack
-Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk
-JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief
Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC). Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.
Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject. When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks
Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.
"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.
BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.
The Corporate World is Losing its Grip on Cyber Risk
Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.
But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.
But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”
The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.
https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906
Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks
Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.
Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.
Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.
Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.
Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk
With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.
Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk. The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.
Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023
Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year.
In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.
The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside
A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training.
98% of Organisations Have a Supply Chain Relationship That Has Been Breached
A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year
Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.
In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.
Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation
The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.
The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable. It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.
Financial Services Targeted in 28% of UK Cyber Attacks Last Year
Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.
https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/
Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For
Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.
The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.
City of London on High Alert After Ransomware Attack
A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.
https://www.infosecurity-magazine.com/news/city-of-london-high-alert/
JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack
Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.
JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.
https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79
Threats
Ransomware, Extortion and Destructive Attacks
City Of London Traders Hit By Russia-Linked Cyber Attack (informationsecuritybuzz.com)
New Nevada Ransomware targets Windows and VMware ESXi systems (bleepingcomputer.com)
US puts a $10m bounty on Hive while Russia shuts down access • The Register
Copycat Criminals mimicking Lockbit gang in northern Europe security affairs
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
Cyber Attack Hits Derivatives Unit of Trading Software Firm ION - Bloomberg
Regulators weigh in on ION attack as LockBit takes credit • The Register
New Mimic Ransomware Abuses Windows Search Engine (cyber securitynews.com)
Stratford University discloses ransomware attack — but which ransomware attack? (databreaches.net)
Schools don't pay, but ransomware attacks still increasing | TechTarget
Poser Hackers Impersonate LockBit in SMB Cyber attacks (darkreading.com)
Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget
Nevada Ransomware Has Released Upgraded Locker security affairs
LockBit Green ransomware variant borrows code from Conti one security affairs
Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com)
Ransomware attacks on public sector persist in January | TechTarget
Ransomware attack on data firm ION could take days to fix -sources | Reuters
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online
Phishing & Email Based Attacks
Phishing attacks are getting scarily sophisticated. Here's what to watch out for | ZDNET
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status (darkreading.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
How Can Disrupting DNS Communications Thwart a Malware Attack? (darkreading.com)
Hackers use new IceBreaker malware to breach gaming companies (bleepingcomputer.com)
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)
PoS malware can block contactless payments to steal credit cards (bleepingcomputer.com)
HeadCrab malware targets Redis to mine cryptocurrency | TechTarget
Malvertising attacks are distributing .NET malware loaders • The Register
Hackers weaponize Microsoft Visual Studio add-ins to push malware (bleepingcomputer.com)
Mobile
Google Fi data breach let hackers carry out SIM swap attacks (bleepingcomputer.com)
Over 1,800 Android phishing forms for sale on cyber crime market (bleepingcomputer.com)
Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News
Botnets
Denial of Service/DoS/DDOS
Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)
New DDoS-as-a-Service platform used in recent attacks on hospitals (bleepingcomputer.com)
Internet of Things – IoT
IoT, connected devices biggest contributors to expanding application attack surface | CSO Online
European IoT Manufacturers Lag in Vulnerability Disclosure (databreachtoday.co.uk)
Anker finally comes clean about its Eufy security cameras - The Verge
Data Breaches/Leaks
JD Sports warns data of 10mn customers put at risk in cyber attack | Financial Times (ft.com)
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)
Planet Ice hacked! 240,000 skating fans' details stolen (bitdefender.com)
Organised Crime & Criminal Actors
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
Cyber crime Ecosystem Spawns Lucrative Underground Gig Economy (darkreading.com)
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert
Report on hackers' salaries shows poor wages for developers • The Register
6 Examples of the Evolution of a Scam Site (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
HeadCrab malware targets Redis to mine cryptocurrency | TechTarget
Insider Risk and Insider Threats
Insider attacks becoming more frequent, more difficult to detect - Help Net Security
Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)
The next cyber threat may come from within - Help Net Security
Insider threats: The cyber risks lurking in the dark (betanews.com)
Former Ubiquiti dev pleads guilty to data theft, extortion • The Register
Fraud, Scams & Financial Crime
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times
Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)
Russian Millionaire on Trial in Hack, Insider Trade Scheme - SecurityWeek
6 Examples of the Evolution of a Scam Site (darkreading.com)
Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank | Tripwire
Romance Fraudsters Have Stolen £65m From Brits Since 2020 (informationsecuritybuzz.com)
Impersonation Attacks
AML/CFT/Sanctions
Insurance
Dark Web
There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)
Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)
Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert
Report on hackers' salaries shows poor wages for developers • The Register
Supply Chain and Third Parties
98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis - SecurityWeek
Cyber attack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? - MSSP Alert
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs | CSO Online
CISA to Open Supply Chain Risk Management Office (darkreading.com)
Cloud/SaaS
Misconfiguration and vulnerabilities biggest risks in cloud security: Report | CSO Online
Hybrid cloud storage security challenges - Help Net Security
Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security
Containers
Encryption
Serious Security: The Samba logon bug caused by outdated crypto – Naked Security (sophos.com)
Encryption Explained: At Rest, In Transit & End-To-End Encryption | Splunk
Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse - SecurityWeek
API
The emergence of trinity attacks on APIs - Help Net Security
API management (APIM): What It Is and Where It’s Going security affairs
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Bitwarden Password Manager users are being targeted by phishing ads on Google- gHacks Tech News
KeePass disputes vulnerability allowing stealthy password theft (bleepingcomputer.com)
Social Media
Inside TikTok’s proposal to address US national security concerns | CyberScoop
Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Regulators weigh in on ION attack as LockBit takes credit • The Register
New UN cyber crime convention has a long way to go in a tight timeframe | CSO Online
Governance, Risk and Compliance
Business leaders need hands-on approach to stop cyber crime, says spy chief (telegraph.co.uk)
New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)
70% of CIOs anticipate their involvement in cyber security to increase - Help Net Security
Cyber security Budgets Are Going Up. So Why Aren't Breaches Going Down? (thehackernews.com)
The corporate world is losing its grip on cyber risk | Financial Times (ft.com)
Careers, Working in Cyber and Information Security
The Effect of Cyber security Layoffs on Cyber security Recruitment - SecurityWeek
Economic headwinds could deepen the cyber security skills shortage | CSO Online
Law Enforcement Action and Take Downs
7 Ways Hive Ransomware Gang Caused Chaos Before FBI Hacked It (gizmodo.com)
US puts a $10m bounty on Hive while Russia shuts down access • The Register
Hacker accused of having stolen personal data of all Austrians security affairs
Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget
Privacy, Surveillance and Mass Monitoring
On Data Privacy Day, Organisations Fail Data Privacy Expectations (darkreading.com)
Hacker accused of having stolen personal data of all Austrians security affairs
Enterprises Need to Do More to Assure Consumers About Privacy (darkreading.com)
Artificial Intelligence
Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online
OpenAI releases tool to detect AI-written text (bleepingcomputer.com)
Reality check: Is ChatGPT really the next big cyber security threat? | CyberScoop
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek
Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)
Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)
Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert
Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online
Nation State Actors
Nation State Actors – Russia
Russian Nuisance Hacking Group KillNet Targets Germany (govinfosecurity.com)
Russian hackers launch cyber attack on Germany in Leopard retaliation | Euronews
Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)
A Link to News Site Meduza Can (Technically) Land You in Russian Prison | WIRED
Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek
Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)
Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert
Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)
Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)
IT Army of Ukraine gained access to 1.5GB archive from Gazprom security affairs
There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)
Nation State Actors – China
Google deletes 50,000 pro-China fake-news vids and blogs • The Register
TikTok CEO to testify before US. Congress over security concerns | Reuters
Nation State Actors – North Korea
FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register
Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News
North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
The future of vulnerability management and patch compliance - Help Net Security
What is the CVSS (Common Vulnerability Scoring System)? (techtarget.com)
Vulnerabilities
Researchers to release VMware vRealize Log RCE exploit, patch now (bleepingcomputer.com)
Patch management is crucial to protect Exchange servers, Microsoft warns security affairs
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (thehackernews.com)
Over 29,000 QNAP devices unpatched against new critical flaw (bleepingcomputer.com)
Firmware Flaws Could Spell 'Lights Out' for Servers (darkreading.com)
Why you might not be done with your January Microsoft security patches | CSO Online
HPE, NetApp warn of critical open-source bug | SC Media (scmagazine.com)
High-severity bug in F5 BIG-IP can lead to code execution and DoS security affairs
Cisco fixes bug allowing backdoor persistence between reboots (bleepingcomputer.com)
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (thehackernews.com)
Threat activity increasing around Fortinet VPN vulnerability | TechTarget
Remote code execution exploit chain available for VMware vRealize Log Insight | CSO Online
Tools and Controls
Other News
We can't rely on goodwill to protect our critical infrastructure - Help Net Security
Playing Military Sim War Thunder May Get You Classed as a National Security Risk
Cyber attacks in space: How safe are our satellites? | Metro News
Massive Microsoft 365 outage caused by WAN router IP change (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 January 2023
Black Arrow Cyber Threat Briefing 27 January 2023:
-Supply Chain Attacks Caused More Data Compromises Than Malware
-What Makes Small and Medium-Sized Businesses Vulnerable to BEC Attacks
-Understanding Your Attack Surface Makes It Easier to Prioritise Technologies and Systems
-Cyber Security Pros Sound Alarm Over Insider Threats
-Ransomware Attack Hit KFC and Pizza Hut Stores in the UK
-Forthcoming SEC Rules Will Trigger ‘Tectonic Shift’ in How Corporate Boards Treat Cyber Security
-Why CISOs Make Great Board Members
-View From Davos: The Changing Economics of Cyber Crime
-Cloud Based Networks Under Increasing Attack, Report Finds
-GoTo Admits: Customer Cloud Backups Stolen Together with Decryption Key
-State-Linked Hackers in Russia and Iran are Targeting UK Groups, NCSC Warns
-3.7 Million Customers’ Data of Hilton Hotels Put Up For Sale
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Supply Chain Attacks Caused More Data Compromises Than Malware
According to the Identity Theft Resource Center, data compromises steadily increased in the second half of 2022 and cyber attacks remained the primary source of data breaches.
The number of data breaches resulting from supply chain attacks exceeded malware related compromises in 2022 by 40%. According to the report, more than 10 million people were impacted by supply chain attacks targeting 1,743 entities. By comparison, 70 malware-based cyber attacks affected 4.3 million people.
https://www.helpnetsecurity.com/2023/01/26/data-compromises-2022/
What Makes Small and Medium-Sized Businesses Vulnerable to BEC Attacks
According to the United States’ FBI’s 2021 Internet Crime Report, business email compromise (BEC) accounted for almost a third of the country’s $6.9 billion in cyber losses that year – around $2.4 billion. In surprisingly sharp contrast, ransomware attacks accounted for only $50 million of those losses.
Small and medium-sized businesses (SMBs) are especially vulnerable to this form of attack and BEC’s contribution to annual cyber losses not only makes sense but is also likely underreported.
In stark contrast to highly disruptive ransomware attacks, BEC is subversive and is neither technically complicated nor expensive to deploy. In the case of large organisations, the financial fallout of BEC is almost negligible. That’s not the case for small and medium-sized businesses, which often lack the means to absorb similar financial losses.
BEC’s simplicity gives more credence for attackers to target smaller organisations, and because of that, it’s doubly essential for SMBs to be vigilant.
Understanding Your Attack Surface Makes It Easier to Prioritise Technologies and Systems
It has been observed that attackers will attempt to start exploiting vulnerabilities within the first fifteen minutes of their disclosure. As the time to patch gets shorter, organisations need to be more pragmatic when it comes to remediating vulnerabilities, particularly when it comes to prioritisation.
Attack surfaces constantly evolve and change as new applications are developed, old systems are decommissioned, and new assets are registered. Also, more and more organisations are moving towards cloud-hosted infrastructure, which changes the risk and responsibility for securing those assets. Therefore, it is essential to carry out continuous or regular assessments to understand what systems are at risk, instead of just taking a point-in-time snapshot of how the attack surface looks at that moment.
The first step would be to map “traditional” asset types – those easily associated with an organisation and easy to monitor, such as domains and IP addresses. Ownership of these assets can be easily identified through available information (e.g., WHOIS data). The less traditional asset types (such as GitHub repositories) aren’t directly owned by the organisation but can also provide high-value targets or information for attackers.
It’s also important to understand which technologies are in use to make sound judgements based on the vulnerabilities relevant to the organisation. For example, out of one hundred vulnerabilities released within one month only 20% might affect the organisation’s technologies.
Once organisations have a good understanding of which assets might be at risk, context and prioritisation can be applied to the vulnerabilities affecting those assets. Threat intelligence can be utilised to determine which vulnerabilities are already being exploited in the wild.
What is then the correct answer for this conundrum? The answer is that there is no answer! Instead, organisations should consider a mindset shift and look towards preventing issues whilst adopting a defence-in-depth approach; focus on minimising impact and risk by prioritising assets that matter the most and reducing time spent on addressing those that don’t. This can be achieved by understanding your organisation’s attack surface and prioritising issues based on context and relevance.
https://www.helpnetsecurity.com/2023/01/24/understanding-your-attack-surface/
Cyber Security Pros Sound Alarm Over Insider Threats
Gurucul, a security information and event management (SIEM) solution provider, and Cyber security Insiders, a 600,000-plus member online community for information security professionals, found in their annual 2023 Insider Threat Report that only 3% of respondents surveyed are not concerned with insider risk.
Among all potential insiders, cyber security professionals are most concerned about IT users and admins with far-reaching access privileges (60%). This is followed by third-party contractors (such as MSPs and MSSPs) and service providers (57%), regular employees (55%), and privileged business users (53%).
The research also found that more than half of organisations in the study had been victimised by an insider threat in the past year. According to the data, 75% of the respondents believe they are moderately to extremely vulnerable to insider threats, an 8% spike from last year. That coincided with a similar percentage who said attacks have become more frequent, with 60% experiencing at least one attack and 25% getting hit by more than six attacks.
Ransomware Attack Hit KFC and Pizza Hut Stores in the UK
Nearly 300 fast food restaurants, including branches of KFC and Pizza Hut, were forced to close following a ransomware attack against parent company Yum! Brands. In a statement dated 18 January 2023, Yum! confirmed that unnamed ransomware had impacted some of its IT infrastructure, and that data had been exfiltrated by hackers from its servers. However, although an investigation into the security breach continues, the company said that it had seen no evidence that customer details had been exposed.
What has not yet been made public, and may not even be known to those investigating the breach, is how long hackers might have had access to the company's IT infrastructure, and how they might have been able to gain access to what should have been a secure system. Yum! has also not shared whether it has received a ransom demand from its attackers, and if it did how much ransom was demanded, and whether it would be prepared to negotiate with its extortionists.
Forthcoming SEC Rules Will Trigger ‘Tectonic Shift’ in How Corporate Boards Treat Cyber Security
Under rules first proposed in 2022 but expected to be finalised as soon as April 2023, publicly traded companies in the US that determine a cyber incident has become “material”, meaning it could have a significant impact on the business, must disclose details to the SEC and investors within four business days. That requirement would also apply “when a series of previously undisclosed, individually immaterial cyber security incidents has become material in the aggregate.
The SEC’s rules will also require the boards of those companies to disclose significant information on their security governance, such as how and when it exercises oversight on cyber risks. That info includes identifying who on the board (or which subcommittee) is responsible for cyber security and their relevant expertise. Required disclosures will also include how often and by which processes board members are informed and discuss cyber risk. The former cyber adviser to the SEC commented that “The problem we have with the current cyber security ecosystem is that it’s very focused on technical mitigation measures and does not contemplate these business, operational, [or] financial factors.”
Whilst this only impacts US firms, we can expect other jurisdictions to follow suit.
Why CISOs Make Great Board Members
Cyber security-related risk is a top concern, so boards need to know they have the proper oversight in place. The past three years created a perfect storm situation with lasting consequences for how we think about cyber security, and as a result cyber security technologies and teams have shifted from being viewed as a cost centre to a business enabler.
Gartner predicts that by 2025, 40% of companies will have a dedicated cyber security committee. Who is better suited than a CISO to lead that conversation? Cyber security-related risk is a top concern, so boards need to know they have the proper oversight in place. CISOs can provide advice on moving forward with digital change initiatives and help companies prepare for the future. They can explain the organisation’s risk posture, including exposure related to geopolitical conflict as well as to new business initiatives and emerging threats, and what can be done to mitigate risk.
Lastly, the role of the CISO has evolved from being a risk metrics presenter to a translator of risk to the business. Therefore, the expertise CISOs have developed in recent years in how to explain risk to the board makes them valuable contributors to these conversations. They can elevate the discussion to ensure deep understanding of the trade-offs between growth and risk, enable more informed decision-making, and serve as guardrails for total business alignment.
https://www.securityweek.com/why-cisos-make-great-board-members/
View From Davos: The Changing Economics of Cyber Crime
Cyber crime is a risk created by humans, driven by the economic conditions of high profit and easy opportunity. Ransomware is the most recent monetisation of these motives and opportunities, and it has evolved from simple malware to advanced exploits and double or triple extortion models.
The motive for cyber crime is clear: to steal money, but the digital nature of cyber crime makes the opportunity uniquely attractive, due to the following:
· Cryptocurrency makes online extortion, trading illicit goods and services, and laundering fraudulent funds highly anonymous and usually beyond the reach of financial regulators or inspection
· There isn't enough fear of getting caught for cyber crime.
· With the explosion in spending on digital transformation, data is the new gold and it is incredibly easy to steal, due to lapses in basic hygiene like encrypting data-at-rest and in-transit or limiting access to only authorised users.
· Paying extortion through extensive cyber insurance policies only feeds the ransomware epidemic by incentivising further crime, as noted by the FBI.
Fighting cyber crime is a team sport, and to succeed, we must adopt this framework of cyber resilience that integrates the technical, policy, behavioural, and economic elements necessary to manage the reality of ever-growing cyber crime as a predictable and manageable cyber risk.
https://www.darkreading.com/edge-articles/view-from-davos-the-changing-economics-of-cybercrime
Cloud Based Networks Under Increasing Attack, Report Finds
As enterprises around the world continue to move to the cloud, cyber criminals are following right behind them. There was a 48 percent year-over-year jump in 2022 in cyber attacks on cloud-based networks, and it comes at a time when 98 percent of global organisations use cloud services, according to Check Point. The increases in cyber attacks were experienced in various regions, including Asia (with a 60 percent jump), Europe (50 percent), and North America (28 percent) according to a report by Checkpoint last week.
Check Point explained that "The rise in attacks on the cloud was driven both by an overall increase in cyber attacks globally (38 percent overall in 2022, compared to 48 percent in the cloud) and also by the fact that it holds much more data and incorporates infrastructure and services from large amounts of potential victims, so when exploited the attacks could have a larger impact,". Later, Checkpoint highlighted that human error is a significant factor in the vulnerability of cloud-based networks.
The report highlighted the need for defence capabilities in the cloud to improve. According to Check Point, this means adopting zero-trust cloud network security controls, incorporating security and compliance earlier in the development lifecycle, avoiding misconfigurations, and using tools such as an intrusion detection and prevention systems and next-generation web application firewalls. As commented by Check Point “it is still up to the network and security admins to make sure all their infrastructure is not vulnerable.
https://www.theregister.com/2023/01/20/cloud_networks_under_attack/
GoTo Admits: Customer Cloud Backups Stolen Together with Decryption Key
On 2022-11-30, GoTo informed customers that it had suffered “a security incident”, summarising the situation as follows:
“Based on the investigation to date, we have detected unusual activity within our development environment and third-party cloud storage service. The third-party cloud storage service is currently shared by both GoTo and its affiliate, LastPass.”
Two months later, GoTo has come back with an update, and the news isn’t great:
“[A] threat actor exfiltrated encrypted backups from a third-party cloud storage service related to the following products: Central, Pro, join.me, Hamachi, and RemotelyAnywhere. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups. The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.”
The company also noted that although MFA settings for some Rescue and GoToMyPC customers were stolen, their encrypted databases were not.
State-Linked Hackers in Russia and Iran are Targeting UK Groups, NCSC Warns
Russian and Iranian state-linked hackers are increasingly targeting British politicians, journalists and researchers with sophisticated campaigns aimed at gaining access to a person’s email, Britain’s online security agency warned on Thursday. The National Cyber Security Centre (NCSC) issued an alert about two groups from Russia and Iran, warning those in government, defence, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues.
Both groups have been active for some years, but it is understood they have recently stepped up their activities in the UK as the war in Ukraine continues, as well as operating in the US and other NATO countries.
The hackers typically seek to gain confidence of a target by impersonating somebody likely to make contact with them, such as by falsely impersonating a journalist, and ultimately luring them to click on a malicious link, sometimes over the course of several emails and other online interactions.
NCSC encourages people to use strong email passwords. One technique is to use three random words, and not replicate it as a login credential on other websites. It recommends people use two-factor authentication, using a mobile phone as part of the log on process, ideally by using a special authenticator app.
The cyber agency also advises people exercise particular caution when receiving plausible sounding messages from strangers who rely on Gmail, Yahoo, Outlook or other webmail accounts, sometimes impersonating “known contacts” of the target culled from social media.
3.7 Million Customers’ Data of Hilton Hotels Put Up For Sale
A member of a hacker forum going by the name IntelBroker, has offered a database allegedly containing the personal information of 3.7 million people participating in the Hilton Hotels Honors program. According to the actor, the data in question includes personally identifying information such as name, address and Honors IDs. According to the Hilton Hotel, no guest login credentials, contacts, or financial information have been leaked.
https://informationsecuritybuzz.com/3-7-millions-customers-data-hilton-hotel-up-for-sale/
Threats
Ransomware, Extortion and Destructive Attacks
Rebranded Ransomware Crews Spike Number of Hijacking Incidents in Q4 2022 - MSSP Alert
The Unrelenting Menace of the LockBit Ransomware Gang | WIRED
Ransomware access brokers use Google ads to breach your network (bleepingcomputer.com)
FBI hacked into Hive ransomware gang, disrupted operations | TechTarget
Ransomware victims are refusing to pay, tanking attackers’ profits | Ars Technica
Vice Society Ransomware Group Targets Manufacturing Companies (trendmicro.com)
New Mimic ransomware abuses ‘Everything’ Windows search tool (bleepingcomputer.com)
Contractor error led to Baltimore schools ransomware attack | TechTarget
LAUSD says Vice Society ransomware gang stole contractors’ SSNs (bleepingcomputer.com)
Riot Games receives ransom demand from hackers, refuses to pay (bleepingcomputer.com)
Phishing & Email Based Attacks
State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian
ChatGPT is a bigger threat to cyber security than most realize - Help Net Security
Yahoo Most Faked Brand Name in Phishing Attempts by Threat Actors in Q4 2022 - MSSP Alert
SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK
Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)
New 'Blank Image' attack hides phishing scripts in SVG files (bleepingcomputer.com)
Hackers now use Microsoft OneNote attachments to spread malware (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Malware
BlackBerry: Threat Actors Launch A Unique Malware Sample Every Minute - MSSP Alert
Consumers Face Greater Risks from Malware but Many are Unprepared and Vulnerable - MSSP Alert
New 'Blank Image' attack hides phishing scripts in SVG files (bleepingcomputer.com)
ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn (darkreading.com)
Hackers now use Microsoft OneNote attachments to spread malware (bleepingcomputer.com)
ChatGPT Can Write Polymorphic Malware to Infect Your Computer (gizmodo.com)
Microsoft plans to kill malware delivery via Excel XLL add-ins (bleepingcomputer.com)
Hackers use Golang source code interpreter to evade detection (bleepingcomputer.com)
Emotet Malware Makes a Comeback with New Evasion Techniques (thehackernews.com)
'DragonSpark' Malware: East Asian Cyber Attackers Create an OSS Frankenstein (darkreading.com)
Malware exploited critical Realtek SDK bug in millions of attacks (bleepingcomputer.com)
Mobile
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps (thehackernews.com)
New 'Hook' Android malware lets hackers remotely control your phone (bleepingcomputer.com)
Pair of Galaxy App Store Bugs Offer Cyber Attackers Mobile Device Access (darkreading.com)
Google to phase out legacy apps with Android 14 to improve security - GSMArena.com news
Botnets
Denial of Service/DoS/DDOS
Why a hybrid approach can help mitigate DDoS attacks | SC Media
Russia’s largest ISP says 2022 broke all DDoS attack records (bleepingcomputer.com)
Internet of Things – IoT
Nice smart device – how long does it get software updates? • The Register
Why British homes are at risk from ‘Trojan Horse’ smart devices (telegraph.co.uk)
Why most IoT cyber security strategies give zero hope for zero trust - Help Net Security
Data Breaches/Leaks
Companies impacted by Mailchimp breach warn their customers - Security Affairs
LastPass owner GoTo says hackers stole customers’ backups | TechCrunch
GoTo warns customers of crypto key and backup heist • The Register
3.7 Million Customers Data Of Hilton Hotels Put Up For Sale (informationsecuritybuzz.com)
QUT confirms personal data of thousands of staff compromised in cyber attack - ABC News
Riot Games hacked, now it faces problems to release content - Security Affairs
ICE releases asylum seekers after exposing their data • The Register
Hacker Gets Hands on No-Fly List of Alleged Terrorist Suspects (gizmodo.com)
Risk & Repeat: Breaking down the LastPass breach | TechTarget
T-Mobile Cyber Attack Spurs Law Firm Investigation - MSSP Alert
Risk & Repeat: Another T-Mobile data breach disclosed | TechTarget
Entire US "No Fly List" Exposed Online Via Unsecured Server (informationsecuritybuzz.com)
Near-Record Year for US Data Breaches in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Zacks data breach impacted hundreds of thousands of customers - Security Affairs
French rugby club Stade Français leaks source code - Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Inside the crypto ‘prisons’ scamming Britons out of their life savings (telegraph.co.uk)
Hackers Take Over Robinhood Twitter Account To Promote Scam - Decrypt
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Inside the crypto ‘prisons’ scamming Britons out of their life savings (telegraph.co.uk)
P-to-P fraud most concerning cyber threat in 2023: CSI | CSO Online
Hackers Take Over Robinhood Twitter Account To Promote Scam - Decrypt
Insurance
4 tips to find cyber insurance coverage in 2023 | TechTarget
Insurers in talks on adding state-backed cyber to UK reinsurance scheme | Financial Times (ft.com)
Cyber Security Posture & Insurance Outlook with Advisen (trendmicro.com)
Dark Web
Software Supply Chain
Cloud/SaaS
Report: Cloud-based networks under growing attack • The Register
Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts (darkreading.com)
Attack Surface Management
Encryption
API
Passwords, Credential Stuffing & Brute Force Attacks
Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)
Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)
Social Media
Malvertising
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps (thehackernews.com)
Google Ads invites being abused to push spam, adult sites (bleepingcomputer.com)
Ransomware access brokers use Google ads to breach your network (bleepingcomputer.com)
Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages (thehackernews.com)
Training, Education and Awareness
Regulations, Fines and Legislation
Governance, Risk and Compliance
View from Davos: The Changing Economics of Cyber Crime (darkreading.com)
Awareness Training Must Change | CSA (cloudsecurityalliance.org)
Despite Slowing Economy, Demand for Cyber Security Workers Remains Strong (darkreading.com)
Organisations Must Brace for Privacy Impacts This Year (darkreading.com)
Data Protection
Ireland’s data protection watchdog fines WhatsApp €5.5m • The Register
ICO Offers Data Protection Advice to SMBs - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
Despite Slowing Economy, Demand for Cyber Security Workers Remains Strong (darkreading.com)
Can't Fill Open Positions? Rewrite Your Minimum Requirements (darkreading.com)
Veterans bring high-value, real-life experience as potential cyber security employees | CSO Online
Dozens of Cyber Security Companies Announced Layoffs in Past Year - SecurityWeek
Law Enforcement Action and Take Downs
FBI hacked into Hive ransomware gang, disrupted operations | TechTarget
Dutchman Detained for Dealing Details of Tens of Millions of People (darkreading.com)
Dutch suspect locked up for alleged personal data megathefts – Naked Security (sophos.com)
Privacy, Surveillance and Mass Monitoring
Organisations Must Brace for Privacy Impacts This Year (darkreading.com)
Scientists use Wi-Fi routers to see humans through walls | ZDNET
Most consumers would share anonymised personal data to improve AI products - Help Net Security
Artificial Intelligence
ChatGPT is a bigger threat to cyber security than most realize - Help Net Security
Learning to Lie: AI Tools Adept at Creating Disinformation - SecurityWeek
FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com
ChatGPT Can Write Polymorphic Malware to Infect Your Computer (gizmodo.com)
Chat Cyber Security: AI Promises a Lot, but Can It Deliver? (darkreading.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian
UK authorities warn of phishing from Iran, Russia • The Register
Armis State of Cyberwarfare and Trends Report - IT Security Guru
SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK
Gamaredon Group Launches Cyber Attacks Against Ukraine Using Telegram (thehackernews.com)
Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)
FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com
“Pegasus” lifts the lid on a sophisticated piece of spyware | The Economist
North Korea-linked TA444 turns to credential harvesting activity - Security Affairs
Nation State Actors
Nation State Actors – Russia
State-linked hackers in Russia and Iran are targeting UK groups, NCSC warns | Hacking | The Guardian
UK authorities warn of phishing from Iran, Russia • The Register
SEABORGIUM and TA453 continue their respective... - NCSC.GOV.UK
Gamaredon Group Launches Cyber Attacks Against Ukraine Using Telegram (thehackernews.com)
Russia’s largest ISP says 2022 broke all DDoS attack records (bleepingcomputer.com)
Nation State Actors – China
Chinese 8220 Gang Aims For Public Clouds And Vulnerable Apps (informationsecuritybuzz.com)
FBI Chief Says He's 'Deeply concerned' by China's AI Program | SecurityWeek.Com
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerability Management
Extent of reported CVEs overwhelms critical infrastructure asset owners - Help Net Security
Log4j Vulnerabilities Are Here to Stay — Are You Prepared? (darkreading.com)
Trained developers get rid of more vulnerabilities than code scanning tools - Help Net Security
New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch - SecurityWeek
Halo Security unveils KEV feature to improve attack surface visibility - Help Net Security
Vulnerabilities
Crims can still exploit this NSA-discovered Microsoft bug • The Register
75k WordPress sites impacted by critical online course plugin flaws (bleepingcomputer.com)
Log4j Vulnerabilities Are Here to Stay — Are You Prepared? (darkreading.com)
Chrome 109 update addresses six security vulnerabilities - Security Affairs
Microsoft urges admins to patch on-premises Exchange servers (bleepingcomputer.com)
Drupal Patches Vulnerabilities Leading to Information Disclosure | SecurityWeek.Com
Critical Vulnerabilities Patched in OpenText Enterprise Content Management System | SecurityWeek.Com
Around 19,500 end-of-life Cisco routers exposed to hack - Security Affairs
In-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences | SecurityWeek.Com
Apple patches are out – old iPhones get an old zero-day fix at last! – Naked Security (sophos.com)
Apple Patches WebKit Code Execution in iPhones, MacBooks - SecurityWeek
Crooks are already exploiting this bug in old iPhones • The Register
Logfile nightmare deepens thanks to critical VMware flaws • The Register
Malware exploited critical Realtek SDK bug in millions of attacks (bleepingcomputer.com)
Realtek SDK flaw CVE-2021-35394 actively exploited in the wild- Security Affairs
Lexmark warns of RCE bug affecting 100 printer models, PoC released (bleepingcomputer.com)
Crims can still exploit this NSA-discovered Microsoft bug • The Register
Tools and Controls
Is Once-Yearly Pen Testing Enough for Your Organisation? (thehackernews.com)
LastPass owner GoTo says hackers stole customers’ backups | TechCrunch
Bitwarden password vaults targeted in Google ads phishing attack (bleepingcomputer.com)
Bitwarden responds to encryption design flaw criticism | The Daily Swig (portswigger.net)
Companies Struggle With Zero Trust as Attackers Adapt to Get Around It (darkreading.com)
Federal Agencies Infested by Cyber Attackers via Legit Remote Management Systems (darkreading.com)
Why a hybrid approach can help mitigate DDoS attacks | SC Media
Steps To Planning And Implementation Of Endpoint Protection (informationsecuritybuzz.com)
Other News
Hackers can make computers destroy their own chips with electricity | New Scientist
Scientists use Wi-Fi routers to see humans through walls | ZDNET
Microsoft 365 outage takes down Teams, Exchange Online, Outlook (bleepingcomputer.com)
Lessons Learned from the Windows Remote Desktop Honeypot Report (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 August 2022
Black Arrow Cyber Threat Briefing 19 August 2022:
-Businesses Found to Neglect Cyber Security Until it is Too Late
-Cyber Tops Staff Retention as Biggest Business Risk
-Cyber Criminals Weaponising Ransomware Data for BEC Attacks
-Callback Phishing Attacks See Massive 625% Growth Since Q1 2021
-Credential Phishing Attacks Skyrocketing, 265 Brands Impersonated in H1 2022
-Are Cloud Environments Secure Enough for Today’s Threats?
-Most Q2 Attacks Targeted Old Microsoft Vulnerabilities
-Cyber Resiliency Isn't Just About Technology, It's About People
-The “Cyber Insurance Gap” Is Threatening Most Companies
-Easing the Cyber-Skills Crisis with Staff Augmentation
-Mailchimp Suffers Second Breach In 4 Months
-Firm Told It Can't Claim Full Cyber Crime Insurance After Social Engineering Attack
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Businesses Found to Neglect Cyber Security Until it is Too Late
Businesses only take cyber security seriously after falling victim to an attack, according to a report published by the UK's Department for Culture, Media and Sport (DCMS) this week.
For the research, the UK government surveyed IT professionals and end users in 10 UK organisations of varying sizes that have experienced cyber security breaches in the past three years. This analysed their existing level of security prior to a breach, the business impacts of the attack and how cyber security arrangements changed in the wake of the incident.
Nearly all respondents said their organisation took cyber security much more seriously after experiencing a breach, including reviewing existing practices and significantly increased investment in technology solutions.
While there was a consensus among participants that there is a greater need for vigilance and investment in cyber security, there was significant variation between organisations’ practices in this area. Medium and large organisations tended to have formal plans in place and budget allocated for further cyber security investment, but smaller businesses mostly did not due to resource constraints.
https://www.infosecurity-magazine.com/news/cybersecurity-seriously-breach/
Cyber Tops Staff Retention as Biggest Business Risk
Cyber security concerns represent the most serious risk facing organisations, beating inflation, talent acquisition/retention and rising production costs, according to a new PwC study.
The PwC Pulse: Managing business risks in 2022 report was compiled from interviews with 722 US C-suite executives.
Two-fifths (40%) ranked cyber-attacks as a serious risk, rising to 51% of board members. PwC said boardrooms may be getting more attuned to cyber risk after new SEC proposals were published in March that would require directors to oversee cyber security risk and be more transparent about their cyber expertise.
In fact, executives appear to be getting more proactive with cyber security on a number of fronts.
Some 84% said they are taking action or monitoring closely policy areas related to cyber security, privacy and data protection. A further 79% said they’re revising or enhancing their cyber risk management approaches, and half (49%) pointed to increased investments in cyber security and privacy.
By way of comparison, 53% said they’re increasing investment in digital transformation and 52% in IT.
Cyber security is a strategic business enabler – technology is the central nervous system of many companies – and confirming its data is secure and protected can be brand defining.
There’s now heightened attention from a wider range of business leaders and corporate directors as they recognise that cyber security and data privacy should be part of not only a risk management strategy, but also a broader corporate strategy. C-suite and boards are actively taking steps to better understand the global threat landscape, confirm a foundational cyber security program is in place, and manage these risks to create opportunities.
https://www.infosecurity-magazine.com/news/cyber-tops-staff-retention-biggest/
Cyber Criminals Weaponising Ransomware Data for BEC Attacks
Cyber criminals and other threat actors are increasingly using data dumped from ransomware attacks in secondary business email compromise (BEC) attacks, according to new analysis by Accenture Cyber Threat Intelligence.
The ACTI team analysed data from the 20 most active ransomware leak sites, measured by number of featured victims, between July 2021 and July 2022. Of the 4,026 victims (corporate, non-governmental organisations, and governmental entities) uncovered on various ransomware groups’ dedicated leak sites, an estimated 91% incurred subsequent data disclosures, ACTI found.
Dedicated leak sites most commonly provide financial data, followed by employee and client personally identifiable information and communication documentation. The rise of double extortion attempts – where attack groups use ransomware to exfiltrate data and then publicise the data on dedicated leak sites – has made large amounts of sensitive corporate data available to any threat actor. The most valuable types of data most useful for conducting BEC attacks are financial, employee, and communication data, as well as operational documents. There is a significant overlap between the types of data most useful for conducting BEC attacks and the types of data most commonly posted on these ransomware leak sites, ACTI said.
The data is a “rich source for information for criminals who can easily weaponise it for secondary BEC attacks,” ACTI said. “The primary factor driving an increased threat of BEC and VEC attacks stemming from double-extortion leaks is the availability of [corporate and communication data].”
Callback Phishing Attacks See Massive 625% Growth Since Q1 2021
Hackers are increasingly moving towards hybrid forms of phishing attacks that combine email and voice social engineering calls as a way to breach corporate networks for ransomware and data extortion attacks.
According to Agari's Q2 2022 cyber-intelligence report, phishing volumes have only increased by 6% compared to Q1 2022. However, the use of 'hybrid vishing' is seeing a massive 625% growth.
Vishing, "voice phishing," involves some form of a phone call to perform social engineering on the victim. Its hybrid form, called "callback phishing," also includes an email before the call, typically presenting the victim with a fake subscription/invoice notice.
The recipient is advised to call on the provided phone number to resolve any issues with the charge, but instead of a real customer support agent, the call is answered by phishing actors.
The scammers then offer to resolve the presented problem by tricking the victim into disclosing sensitive information or installing remote desktop tools on their system. The threat actors then connect to the victim's device remotely to install further backdoors or spread to other machines.
These callback phishing attacks were first introduced by the 'BazarCall/BazaCall' campaigns that appeared in March 2021 to gain initial access to corporate networks for ransomware attacks.
The attacks work so well that multiple ransomware and extortion gangs, such as Quantum, Zeon, and Silent Ransom Group, have adopted the same technique today to gain initial network access through an unsuspecting employee.
"Hybrid Vishing attacks reached a six-quarter high in Q2, increasing 625% from Q1 2021. This threat type also contributed to 24.6% of the overall share of Response-Based threats," details the Agari report.
"While this is the second quarter hybrid vishing attacks have declined in share due to the overall increase of response-based threats, vishing volume has steadily increased in count over the course of the year."
Credential Phishing Attacks Skyrocketing, 265 Brands Impersonated in H1 2022
Abnormal Security released a report which explores the current email threat landscape and provides insight into the latest advanced email attack trends, including increases in business email compromise, the evolution of financial supply chain compromise, and the rise of brand impersonation in credential phishing attacks.
The research found a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link. In addition to posing as internal employees and executives, cyber criminals impersonated well-known brands in 15% of phishing emails, relying on the brands’ familiarity and reputation to convince employees to provide their login credentials. Most common among the 265 brands impersonated in these attacks were social networks and Microsoft products.
“The vast majority of cyber crime today is successful because it exploits the people behind the keyboard,” said Crane Hassold, director of threat intelligence at Abnormal Security.
“By compromising people rather than networks, it’s easier for attackers to circumvent conventional security measures. This is especially true with brand impersonation, where attackers use urgency and fear to encourage their targets to provide usernames and passwords.”
LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. What makes these attacks particularly dangerous is that phishing emails are often the first step to compromising employee email accounts. Acquiring Microsoft credentials enables cyber criminals to access the full suite of connected products, allowing them to view sensitive data and use the account to send business email compromise attacks.
https://www.helpnetsecurity.com/2022/08/15/landscape-email-threat/
Are Cloud Environments Secure Enough for Today’s Threats?
Cyber security is a major problem right now. Not only is it the highest priority of any given business to keep their own data and their customers’ and clients’ data secure, but changes in the workplace have had a knock-on effect on cyber security. The concept of working from home has forced businesses all around the world to address old and new cyber security threats. People taking their laptops, and therefore their data, home to public networks that can be hacked or leaving access details like passwords scribbled on notebooks has meant that access to a business and therefore their customers’ data is a lot more accessible.
The saving grace was said to be the cloud. Beyond retraining cyber security in staff workforces, the practical solution was to move data into the cloud. But we’re now a few years from the point when the cloud really gained popularity. Is it still the answer to all our cyber security problems? Is there a chance of risk to using the cloud?
Cloud data breaches do happen and misconfiguration is a leading cause of them, mainly due to businesses inadequate cyber security strategies. This is due to several factors, such as the fundamental nature of the cloud designed to be easy for anyone to access, and businesses unable to completely see or control the cloud’s infrastructure and therefore relying on the cyber security controls that are provided by the cloud service provider (or CSP).
Unauthorised access is also a risk. The internet, which is a readily available public resource to most of the world, makes it easy for hackers to access data if they have the credentials to get past the cyber security set up by the individual business. This is where the ugliness of internal cloud breaches happens. If security is not configured well or credentials like passwords and secret questions are compromised, an attacker can easily access the cloud.
However, it’s not only through an employee that hackers access credentials. Phishing is a very common means of gaining information that would allow access to a customer or business data.
Plus, the simple nature of sharing data can easily backfire on a company. A lot of data access is granted with a link to someone external, which can then be forwarded, either sold or stolen, to an attacker to access the cloud’s data.
https://www.itsecurityguru.org/2022/08/16/are-cloud-environments-secure-enough-for-todays-threats/
Most Q2 Attacks Targeted Old Microsoft Vulnerabilities
Attacks targeting a remote code execution vulnerability in Microsoft's MSHTML browser engine — which was patched last September — soared during the second quarter of this year, according to a Kaspersky analysis.
Researchers from Kaspersky counted at least 4,886 attacks targeting the flaw (CVE-2021-40444) last quarter, an eightfold increase over the first quarter of 2022. The security vendor attributed the continued adversary interest in the vulnerability to the ease with which it can be exploited.
Kaspersky said it has observed threat actors exploiting the flaw in attacks on organisations across multiple sectors including the energy and industrial sectors, research and development, IT companies, and financial and medical technology firms. In many of these attacks, the adversaries have used social engineering tricks to try and get victims to open specially crafted Office documents that would then download and execute a malicious script. The flaw was under active attack at the time Microsoft first disclosed it in September 2021.
Attacks targeting a remote code execution vulnerability in Microsoft's MSHTML browser engine — which was patched last September — soared during the second quarter of this year, according to a Kaspersky analysis. Researchers from Kaspersky counted at least 4,886 attacks targeting the flaw last quarter, an eightfold increase over the first quarter of 2022. The security vendor attributed the continued adversary interest in the vulnerability to the ease with which it can be exploited. According to Kaspersky, exploits for Windows vulnerabilities accounted for 82% of all exploits across all platforms during the second quarter of 2022. While attacks on the MSHTML vulnerability increased the most dramatically, it was by no means the most exploited flaw, which was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago that was attacked some 345,827 times last quarter.
Cyber Resiliency Isn't Just About Technology, It's About People
Cyber attacks are on the rise — but if we're being honest, that statement has been true for quite a while, given the acceleration of cyber incidents over the past several years. Recent research indicates that organisations experienced 50% more attack attempts per week on corporate networks in 2021 than they did in 2020, and tactics such as phishing are becoming increasingly popular as attackers refine their tried-and-true methods to more successfully entice unsuspecting targets.
It's no surprise, then, that cyber resiliency has been a hot topic in the cyber security world. But although cyber resiliency refers broadly to the ability of an organisation to anticipate, withstand, and recover from cyber security incidents, many experts make the mistake of applying the term specifically to technology. And while it's true that detection and remediation tools, backup systems, and other resources play an important role in cyber resiliency, organisations that focus exclusively on technology risk are overlooking an equally important element: people.
People are often thought of as the weak link in cyber security. It's easy to understand why. People fall for phishing scams. They use weak passwords and procrastinate on installing security updates. They misconfigure hardware and software, leave cloud assets unsecured, and send confidential files to the wrong recipient. There's a reason so much cyber security technology is moving toward automation: removing people from the equation is seen as one of the most obvious ways to improve security. To many security experts, that's just common sense.
Except — is it, really? It's true that people make mistakes — it's called "human error" for a reason, after all — but many of those mistakes come when employees aren't put in a position to succeed. Phishing is a great example. Most people are familiar with the concept of phishing, but many may not be aware of the nefarious techniques that today's attackers deploy. If employees have not been properly trained, they may not be aware that attackers often impersonate real people within the organisation, or that the CEO asking them to buy gift cards "for a company happy hour" probably isn't legit. Organisations that want to build strong cyber-resiliency cannot pretend that people don't exist. Instead, they need to prioritise the resiliency of their people just as highly as the resiliency of their technology.
Training the organisation to recognise the signs of common attack tactics, practice better password and cyber hygiene, and report signs of suspicious activity can help ease the burden on IT and security personnel by providing them better information in a more timely manner. It also avoids some of the pitfalls that create a drain on their time and resources. By ensuring that people at every level of the business are more resilient, today's organisations will discover that their overall cyber-resiliency will improve significantly.
The “Cyber Insurance Gap” Is Threatening Most Companies
A new study by BlackBerry and Corvus Insurance confirms a “cyber insurance gap” is growing, with a majority of businesses either uninsured or under insured against a rising tide of ransomware attacks and other cyber threats.
Only 19% of all businesses surveyed have ransomware coverage limits above the median ransomware demand amount ($600,000)
Among SMBs with fewer than 1,500 employees, only 14% have a coverage limit in excess of $600,000
37% of respondents with cyber insurance do not have any coverage for ransomware payment demands
43% of those with a policy are not covered for auxiliary costs such as court fees or employee downtime
60% say they would reconsider entering into a partnership or agreement with another business or supplier if the organisation did not have comprehensive cyber insurance
Endpoint detection and response (EDR) software is frequently a key component to obtaining a policy
34% of respondents have been previously denied cyber coverage by insurance providers due to not meeting EDR eligibility requirements
Easing the Cyber-Skills Crisis with Staff Augmentation
Filling cyber security roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise.
There are many possible solutions to the cyber security skills shortage, but most of them take time. Cyber security education, career development tracks, training programs, employer-sponsored academies, and internships are great ways to build a talent pipeline and develop skill sets to meet organisational needs in years to come.
But sometimes the need to fill a gap in capability is more immediate.
An organisation in the entertainment industry recently found itself in such a position. Its primary cyber security staff member quit suddenly without notice, taking along critical institutional knowledge and leaving various projects incomplete. With its key defender gone, the organisation's environment was left vulnerable. In a scarce talent market, the organisation faced a long hiring process to find a replacement — too long to leave its digital estate unattended. It needed expertise, and quickly.
According to a 2021 ESG report, 57% of organisations have been impacted by the global cyber security skills crisis. Seventy-six percent say it's difficult to recruit and hire security professionals. The biggest effects of this shortage are increasing workloads, positions open for weeks or months, and high cyber security staff burnout and attrition.
In this climate, more companies are turning to third parties for cyber security staff reinforcement. According to a NewtonX study, 56% of organisations are now subcontracting up to a quarter of their cyber security staff. Sixty-nine percent of companies rely on third-party expertise to assist in mitigating the risk of ransomware — up from 58% in 2017 — per a study by Ponemon and CBI, a Converge Company.
One way that companies gain this additional support is via third-party staff augmentation and consulting services. Cyber security staff augmentation, or strategic staffing, entails trained external consultants acting as an extension of an organisation's security team in a residency. Engagements can be anywhere from a few weeks to a few years, and roles can range from analysts and engineers to architects, compliance specialists, and virtual CISOs.
https://www.darkreading.com/operations/easing-the-cyber-skills-crisis-with-staff-augmentation
Mailchimp Suffers Second Breach In 4 Months
Mailchimp suffered another data breach earlier this month, and this one cost it a client.
In a statement Friday, Mailchimp disclosed that a security incident involving phishing and social engineering tactics had targeted cryptocurrency and blockchain companies using the email marketing platform. It was the second Mailchimp breach to target cryptocurrency customers in a four-month span.
Though Mailchimp said it has suspended accounts where suspicious activity was detected while an investigation is ongoing, it did not reveal the source of the breach or scope of the attack.
More details were provided Sunday by one of the affected customers, DigitalOcean, which cut ties with Mailchimp on Aug. 9.
The cloud hosting provider observed suspicious activity beginning Aug. 8, when threat actors used its Mailchimp account for "a small number of attempted compromises" of DigitalOcean customer accounts -- specifically cryptocurrency platforms.
While it is not clear whether any DigitalOcean accounts were compromised, the company did confirm that some email addresses were exposed. More importantly, the statement attributed a potential source of the most recent Mailchimp breach.
https://www.techtarget.com/searchsecurity/news/252523911/Mailchimp-suffers-second-breach-in-4-months
Firm Told It Can't Claim Full Cyber Crime Insurance After Social Engineering Attack
A Minnesota computer store suing its cyber insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.
SJ Computers alleged in a November lawsuit that Travelers Casualty and Surety Co. owed it far more than paid on a claim for nearly $600,000 in losses due to a successful business email compromise (BEC) attack.
According to its website, SJ Computers is a Microsoft Authorised Refurbisher, reselling Dell, HP, Lenovo and Acer products, as well as providing tech services including software installs and upgrades.
Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud. The motion was granted with prejudice last Friday.
In the dismissal order, the US District Court for Minnesota found that the two policy agreements are mutually exclusive, as well as finding SJ's claim fell squarely into its social engineering fraud agreement with Travelers, which has a cap of $100,000.
When SJ filed its claim with Travelers, the court noted, it did so only under the social engineering fraud agreement. After realising the policy limit on computer fraud was 10 times higher, "SJ Computers then made a series of arguments – ranging from creative to desperate – to try to persuade Travelers that its loss was not the result of social-engineering-fraud (as SJ Computers itself had initially said) but instead the result of computer fraud," the district judge wrote in the order.
https://www.theregister.com/2022/08/16/social_engineering_cyber_crime_insurance/
Threats
Ransomware
Ransomware Group Threatens to Leak Data Stolen From Security Firm Entrust | SecurityWeek.Com
Cisco Confirms Hack: Yanluowang Ransom Gang Claims 2.8GB Of Data (informationsecuritybuzz.com)
Ransomware is still on the rise. Here's what you need to do to stay safe from hackers | ZDNET
Russian Man Extradited to US for Laundering Ryuk Ransomware Money | SecurityWeek.Com
‘Coopetition’ a growing trend among ransomware gangs (computerweekly.com)
Hackers Attack UK Water Supplier, Sends Ransom Demand to the Wrong Company (gizmodo.com)
SOVA malware adds ransomware feature to encrypt Android devices (bleepingcomputer.com)
BlackByte ransomware v2 is out with new extortion novelties - Security Affairs
Ransomware is back, healthcare sector most targeted - Help Net Security
Why Hackers Are Now Targeting Electric Car Charging Stations (nocamels.com)
BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing (darkreading.com)
Ski-Doo maker BRP resumes operations following cyber attack; shares fluctuate - MarketWatch
Argentina's Judiciary of Córdoba hit by PLAY ransomware attack (bleepingcomputer.com)
BEC – Business Email Compromise
Phishing & Email Based Attacks
Response-based attacks make up 41% of all email-based scams - Help Net Security
PayPal Phishing Scam Uses Invoices Sent Via PayPal – Krebs on Security
Microsoft admits it can't stop scammers fooling you with their latest tricks | ZDNET
Other Social Engineering; SMishing, Vishing, etc
Malware
Hackers Deploy Bumblebee Loader to Breach Target Networks - Infosecurity Magazine
'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections (darkreading.com)
Malicious browser extensions targeted almost 7 million people (bleepingcomputer.com)
DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities (thehackernews.com)
Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox (darkreading.com)
Mobile
SOVA Android malware now also encrypts victims' files - Security Affairs
Malware devs already bypassed Android 13's new security feature (bleepingcomputer.com)
Google releases Android 13 with improved privacy and security features - Help Net Security
Android malware apps with 2 million installs found on Google Play (bleepingcomputer.com)
Researchers Find 35 Adware Apps on Google Play - Infosecurity Magazine
Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack (thehackernews.com)
Internet of Things – IoT
How attackers are exploiting corporate IoT - Help Net Security
Amazon fixes Ring Android app flaw exposing camera recordings (bleepingcomputer.com)
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
With Plunge in Value, Cryptocurrency Crimes Decline in 2022 (darkreading.com)
Hardware-based threat defence against increasingly complex cryptojackers - Microsoft Security Blog
Insider Risk and Insider Threats
Ex-HP manager jailed for $5m company card shopping spree • The Register
Microsoft Employees Exposed Own Company’s Internal Logins (vice.com)
Fraud, Scams & Financial Crime
AML/CFT/Sanctions
Insurance
Organisations are losing cyber insurance as an important risk management tool - Help Net Security
For cyber insurance, some technology leads to higher premiums (techtarget.com)
New Study Reveals Serious Cyber-Insurance Shortfalls - Infosecurity Magazine
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Cloud/SaaS
Organisations Struggle to Fend Off Cloud and Web Attacks - Infosecurity Magazine
Incident response in the cloud can be simple if you are prepared - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Credential Theft Is (Still) A Top Attack Method (thehackernews.com)
FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks | SecurityWeek.Com
Over 9,000 VNC servers exposed online without a password (bleepingcomputer.com)
Privacy
Google fined $60 million over Android location data collection (bleepingcomputer.com)
New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings (thehackernews.com)
Period and pregnancy tracking apps have bad privacy protections, report finds - The Verge
Regulations, Fines and Legislation
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
5 Russia-Linked Groups Target Ukraine in Cyberwar (darkreading.com)
Russia-linked Gamaredon APT continues to target Ukraine - Security Affairs
Microsoft shuts down accounts linked to Russian spies • The Register
State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims (darkreading.com)
Estonia Repels Biggest Cyber-Attack Since 2007 - Infosecurity Magazine
NHS cyber attacks hit record levels in four in five trusts after Russian invasion (telegraph.co.uk)
Nation State Actors
Nation State Actors – Russia
Microsoft disrupts Russian hackers' operation on NATO targets (bleepingcomputer.com)
Russian APT29 hackers abuse Azure services to hack Microsoft 365 users (bleepingcomputer.com)
Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign (darkreading.com)
Russian hackers target Ukraine with default Word template hijacker (bleepingcomputer.com)
Estonia says it repelled major cyber attack after removing Soviet monuments | Reuters
Nation State Actors – China
Western companies wake up to China risk | Financial Times (ft.com)
China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year (thehackernews.com)
China-linked RedAlpha behind multi-year credential theft campaign - Security Affairs
Chinese Cyberspy Group 'RedAlpha' Targeting Governments, Humanitarian Entities | SecurityWeek.Com
China's APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload (darkreading.com)
Chinese takeover of tech company blocked over security fears (telegraph.co.uk)
3 ways China's access to TikTok data is a security risk | CSO Online
Montana flagged bugs in cow app exploited in alleged China hack | Business and Economy | Al Jazeera
APT41 group: 4 malicious campaigns, 13 victims, new tools and techniques - Help Net Security
Nation State Actors – North Korea
Vulnerability Management
Vulnerabilities
CISA adds 7 vulnerabilities to list of bugs exploited by hackers (bleepingcomputer.com)
Google patches yet another Chrome zero-day vulnerability (techtarget.com)
Chrome browser gets 11 security fixes with 1 zero-day – update now! – Naked Security (sophos.com)
Cisco fixes High-Severity bug in Secure Web Appliance - Security Affairs
Exploit out for critical Realtek flaw affecting many networking devices (bleepingcomputer.com)
Safari 15.6.1 fixes a zero-day flaw actively exploited in the wild - Security Affairs
Rapid7: Cisco ASA and ASDM flaws went unpatched for months (techtarget.com)
Windows Vulnerability Could Crack DC Server Credentials Open (darkreading.com)
ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors (thehackernews.com)
PoC exploit code for the critical Realtek RCE flaw released online - Security Affairs
Other News
Exploiting stolen session cookies to bypass multi-factor authentication (MFA) - Help Net Security
Janet Jackson music video given CVE for crashing laptops • The Register
How aware are organisations of the importance of endpoint management security? - Help Net Security
The Future of Cyber Security is Prevention | SecurityWeek.Com
DigitalOcean Discloses Impact From Recent Mailchimp Cyber Attack | SecurityWeek.Com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 August 2022
Black Arrow Cyber Threat Briefing 12 August 2022
-Three Ransomware Gangs Consecutively Attacked the Same Network
-As The Cost of Cyber Insurance Rises, The Number of Organisations Who Can’t Afford It Is Set to Double
-Identity Cyber Attacks, Microsoft 365 Dominate Cybersecurity Incidents, Expel Research Finds
-Exploit Activity Surges 150% in Q2 Thanks to Log4Shell
-Ransomware Is Not Going Anywhere: Attacks Are Up 24%
-Email Is the Single Biggest Threat to Businesses, And Here’s What You Can Do About It
-Realtek SDK Vulnerability Exposes Routers from Many Vendors to Remote Attacks
-Most Companies Are at An Entry-Level When It Comes to Cloud Security
-The Impact of Exploitable Misconfigurations on Network Security
-Industrial Spy Ransomware: New Threat Group Emerges to Exfiltrate Data, Extort Victims
-UK NHS Service Recovery May Take a Month After MSP Ransomware Attack
-A Single Flaw Broke Every Layer of Security in MacOS
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Three Ransomware Gangs Consecutively Attacked the Same Network
Hive, LockBit and BlackCat, three prominent ransomware gangs, consecutively attacked the same network, according to Sophos. The first two attacks took place within two hours, and the third attack took place two weeks later. Each ransomware gang left its own ransom demand, and some of the files were triple encrypted.
It’s bad enough to get one ransomware note, let alone three. Multiple attackers create a whole new level of complexity for recovery, particularly when network files are triple encrypted. Cyber security that includes prevention, detection and response is critical for organisations of any size and type—no business is immune.
The “Multiple Attackers: A Clear and Present Danger” whitepaper further outlines additional cases of overlapping cyber attacks, including cryptominers, remote access trojans (RATs) and bots. In the past, when multiple attackers have targeted the same system, the attacks usually occurred across many months or multiple years. The attacks described in Sophos’ whitepaper took place within days or weeks of each other—and, in one case, simultaneously—often with the different attackers accessing a target’s network through the same vulnerable entry point.
Typically, criminal groups compete for resources, making it more difficult for multiple attackers to operate simultaneously. Cryptominers normally kill their competitors on the same system, and today’s RATs often highlight bot killing as a feature on criminal forums. However, in the attack involving the three ransomware groups, for example, BlackCat—the last ransomware group on the system—not only deleted traces of its own activity, but also deleted the activity of LockBit and Hive.
In another case, a system was infected by LockBit ransomware. Then, about three months later, members of Karakurt Team, a group with reported ties to Conti, was able to leverage the backdoor LockBit created to steal data and hold it for ransom.
https://www.helpnetsecurity.com/2022/08/09/ransomware-gangs-attacks/
As The Cost of Cyber Insurance Rises, The Number of Organisations Who Can’t Afford It Is Set to Double
The number of organisations that will be either unable to afford cyber insurance, be declined cover, or experience significant coverage limitations is set to double in 2023, according to Huntsman Security.
Even for those insured, the perfect storm of ongoing attacks, tightening regulations and growing financial pressures is making it more likely that any attack on an organisation will leave it exposed.
Factors like the supply chain crisis, inflation and skill shortages are all adding to the difficulty for organisations trying to execute on their cyber security strategy. At the same time, increases in insurance premiums, limits on coverage, increasing underwriting rigour, and capacity constraints are all limiting the accessibility of cyber insurance, for many.
Loss ratios will not improve until premium incomes better match the current level of pay-outs. With this reduced insurance access alongside increasing cyber threats and tightening regulations, many organisations are losing cyber insurance as an important risk management tool. Even those who can still get insurance are paying a prohibitively high cost.
With a third of UK firms subject to cyber attacks at least once a week, cyber insurance as part of overall risk management is crucial. To bridge this accessibility gap insurers are seeking to improve the quality of risk information, so premiums better reflect the true cost of that risk. Unless organisations can demonstrate they have insurers’ specified controls in place to manage their security risks, insurers will continue to have difficulty quantifying that risk. It’s for these reasons that insurers have changed the basis upon which their products are offered to reflect the risk being underwritten more accurately.
In this environment, improving and demonstrating the effectiveness of security controls will now be essential: both for organisations looking to improve their cyber resilience and oversight while enhancing their eligibility for insurers, and for insurers who need to minimise their own exposure by ensuring the accuracy of their risk pricing process.
https://www.helpnetsecurity.com/2022/08/11/afford-cyber-insurance/
Identity Cyber Attacks, Microsoft 365 Dominate Cyber Security Incidents, Expel Research Finds
Identity-based cyber attacks (including credential theft, credential abuse and long-term access key theft) accounted for 56% of all incidents in Q2 of 2022, and Microsoft 365 remained the prime target for SaaS attacks, according to Expel’s Quarterly Threat Report.
Among the key findings:
Business email compromise (BEC) and business application compromise (BAC) access to application data represented 51% of all incidents.
Identity-based attacks in popular cloud environments like Amazon Web Services (AWS) accounted for 5%.
Ransomware groups change tactics, with threat groups and their affiliates all but abandoning the use of Visual Basic for Application (VBA) macros and Excel 4.0 macros to gain initial entry to Windows-based environments. In Q1, a macro-enabled Microsoft Word document (VBA macro) or Excel 4.0 macro was the initial attack vector in 55% of all pre-ransomware incidents. In Q2, that figure fell sharply to 9%. Instead, ransomware operators opted to use disk image (ISO), short-cut (LNK) and HTML application (HTA) files to gain initial entry.
Cloud attacks are becoming more sophisticated, with 14% of identity attacks against cloud identity providers tackling the multi-factor authentication (MFA) requirement by continuously sending push notifications.
Microsoft 365 is a common threat target, with BEC in Microsoft Office 365 (O365) remaining the top threat to organisations in Q2. 45% of all Q2 incidents were BEC attempts in O365. No BEC attempts were identified in Google Workspaces. 19% of BEC attempts bypassed MFA in O365 using legacy protocols, a 16% increase of compared to Q1.
Exploit Activity Surges 150% in Q2 Thanks to Log4Shell
Detections of malware events, botnet activity and exploits all increased significantly in the second quarter of 2022, according to new data from Nuspire.
The managed security services provider (MSSP) gathered the data from its endpoint detection and response (EDR) and managed detection and response (MDR) tools to produce its Q2 2022 Quarterly Threat Report.
The company recorded an increase in malware events of over 25%, a doubling of botnet detections and a rise in exploit activity of 150% versus the first quarter.
Botnet activity in particular surged towards the end of Q2, thanks to the Torpig Mebroot botnet – a banking trojan designed to scrape credit card and payment information from infected devices, the report revealed. Nuspire claimed it is particularly difficult to detect and remove, because it targets a machine’s master boot record.
It attributed much of the surge in exploit activity to the persistent threat posed by the Log4j bugs discovered at the end of December 2021. At the time, experts warned that the ubiquity of the utility, and the difficulty many organisations have in finding all instances of the CVE due to complex Java dependencies, means it may be exploited for years.
https://www.infosecurity-magazine.com/news/exploit-activity-150-q2-log4shell/
Ransomware Is Not Going Anywhere: Attacks Are Up 24%
Avast released a report revealing a significant increase in global ransomware attacks, up 24% from Q1/2022. Researchers also uncovered a new zero-day exploit in Chrome, as well as signals of how cyber criminals are preparing to move away from macros as an infection vector.
After months of decline, global ransomware attacks increased significantly in Q2/2022, up 24% from the previous quarter. The highest quarter-on-quarter increases in ransomware risk ratio occurred in Argentina (+56%), UK (+55%), Brazil (+50%), France (+42%), and India (+37%).
Businesses and consumers should be on guard and prepared for encounters with ransomware, as the threat is not going anywhere anytime soon.
The decline in ransomware attacks observed in Q4/2021 and Q1/2022 were thanks to law enforcement agencies busting ransomware group members, and caused by the war in Ukraine, which also led to disagreements within the Conti ransomware group, halting their operations. Things dramatically changed in Q2/2022. Conti members have now branched off to create new ransomware groups, like Black Basta and Karakurt, or may join other existing groups, like Hive, BlackCat, or Quantum, causing an uptick in activity.
https://www.helpnetsecurity.com/2022/08/12/increase-ransomware-attacks/
Email Is the Single Biggest Threat to Businesses, And Here’s What You Can Do About It
Email remains one of the most popular methods of communication, particularly for business communications. There were 316.9 billion emails sent and received every day in 2021, and this is set to increase to 376.4 billion by 2025. But despite the scale of its use and how much people exchange confidential information over email, it is not a secure system by design.
Consequently, email is a major attack vector for organisations of all sizes. Deloitte found that 91% of all cyber attacks originate from a phishing email (an email that attempts to steal money, identity or personal information through a spoof website link that looks legitimate). The cost to organisations can be catastrophic with the National Cyber Security Centre (NCSC) reporting in August 2021 that phishing email attacks had cost UK organisations more than £5 million in the past 13 months.
It’s not enough for individuals to create complex passwords or rely on the security services of their email provider. Spam filters are not enough to stop malicious emails creeping into inboxes. Fortunately, safeguarding your emails with enterprise-grade email security doesn’t have to cost the earth or be hard to integrate so businesses of any size can protect themselves.
Realtek SDK Vulnerability Exposes Routers from Many Vendors to Remote Attacks
A serious vulnerability affecting the embedded Configurable Operating System (eCos) software development kit (SDK) made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.
The security hole, tracked as CVE-2022-27255 and rated ‘high severity’, has been described as a stack-based buffer overflow that can allow a remote attacker to cause a crash or achieve arbitrary code execution on devices that use the SDK. An attack can be carried out through the wide area network (WAN) interface using specially crafted session initiation protocol (SIP) packets.
The Realtek eCos SDK is provided to companies that manufacture routers, access points and repeaters powered by RTL819x family SoCs. The SDK implements the base functionalities of the router, including the web administration interface and the networking stack. Vendors can build on top of this SDK to add custom functionality and their branding to the device.
Realtek informed customers about the eCos SDK vulnerability in March, when it announced the availability of a patch. However, it’s up to the original equipment manufacturer (OEM) using the SDK to ensure that the patch is distributed to end-user devices.
The vulnerability can be exploited remotely — directly from the internet — to hack affected routers running with default settings. No user interaction is required for successful exploitation.
https://www.securityweek.com/realtek-sdk-vulnerability-exposes-routers-many-vendors-remote-attacks
Most Companies Are at An Entry-Level When It Comes to Cloud Security
Ermetic released a study by Osterman Research that found 84% of respondents were at an entry-level (one or two rating, with four being the highest) in terms of their cloud security capabilities.
The study found that only 16% ranked on the Ermetic Cloud Security Model at the top two levels, and 80% of companies said they lack a dedicated security team responsible for protecting cloud resources from threats.
“One of the most unexpected findings that emerged from this study was the lack of cloud security maturity among the largest enterprises surveyed,” said the author of the report. “Less than 10% of companies with more than 10,000 employees reported being at the top two maturity levels, while nearly 20% of smaller enterprises have achieved repeatable or automated & integrated cloud security capabilities.”
The report shows why new cloud data breaches are being reported all the time. Multi-cloud deployments, plus low investment in security, does not make for a good combination.
The new frontiers of cyber security, such as cloud security or internet of things (IoT) security are often at early stages of maturity. Organisations that are mature in their IT and data centre security are already overwhelmed and stretched thin and that’s why automation and simplification will help organisations accelerate their maturity in areas like cloud security.
There’s a mistaken belief that cloud computing environments inherently have security built-in — they don’t.
The Impact of Exploitable Misconfigurations on Network Security
Network professionals feel confident with their security and compliance practices but data suggests that they also leave their organisations open to risk, which is costing a significant amount of revenue, according to Titania.
In addition, some businesses are not minimising their attack surface effectively. Companies are prioritising firewall security and chronicle a fast time to respond to misconfigurations when detected in annual audits. However, switches and routers are only included in 4% of audits and these devices play a vital role in reducing an organisation’s attack surface and preventing lateral movement across the network.
Respondents also indicated that financial resources allocated to mitigating network configuration, which currently stands around 3.4% of the total IT budget, and a lack of accurate automation are limiting factors in misconfiguration risk management.
The study, which surveyed 160 senior cyber security decision-makers revealed:
Misconfigurations cost organisations millions, up to 9% of their annual revenue but the true cost is likely to be higher.
Compliance is a top priority, with 75% of organisations across all sectors saying their business relies on compliance to deliver security. Whilst almost every organisation reported that it is meeting its security and compliance requirements, this is at odds with a number of the other findings from the survey and other reports that show a decline in organisations maintaining full compliance with regulated data security standards.
Remediation prioritisation is a challenge. 75% said their network security tools meant they could categorise and prioritise compliance risks ‘very effectively’. However, 70% report difficulties prioritising remediation based on risk and also claim inaccurate automation as the top challenges when meeting security and compliance requirements.
Routers and switches are mostly overlooked. 96% of organisations prioritise the configuration and auditing of firewalls, but not routers or switches. This leaves these devices exposed to potentially significant and unidentified risks.
https://www.helpnetsecurity.com/2022/08/12/impact-exploitable-misconfigurations-network-security/
Industrial Spy Ransomware: New Threat Group Emerges to Exfiltrate Data, Extort Victims
A new ransomware group dubbed Industrial Spy that first emerged in April 2022 is specialising in exfiltration and double extortion tactics and has the potential to do significant damage, Zscaler’s threat tracking team said.
The threat crew has shown that it possesses the capability to breach organisations and have been “actively adding unencrypted data from two or three victims every month,” Zscaler said. In some instances, the threat group appears to only exfiltrate and ransom data. In other cases, they encrypt, exfiltrate and ransom the data, the cloud security provider said.
At this point, it’s not clear who’s behind the threat entry or if it’s nation-state affiliated. The group started as a data extortion marketplace where criminals could buy large companies’ internal data, promoting the marketplace through Readme.txt files downloaded using malware downloaders.
In May, 2022, the threat group introduced their own ransomware to create double extortion attacks that combine data theft with file encryption.
What you need to know:
Industrial Spy started by ransoming stolen data and more recently has combined these attacks with ransomware.
The threat group exfiltrates and sells data on their dark web marketplace, but does not always encrypt a victim’s files.
The ransomware utilises a combination of RSA and 3DES to encrypt files.
Industrial Spy lacks many common features present in modern ransomware families.
The Industrial Spy ransomware family is relatively basic, and parts of the code appear to be in development.
UK NHS Service Recovery May Take a Month After MSP Ransomware Attack
Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems disrupted emergency services (111) from the United Kingdom's National Health Service (NHS). Customers of seven solutions from the British MSP have been impacted either directly or indirectly, the company said. The first has stated it could take a month to recover systems to full service.
The ransomware attack started to disrupt Advanced systems on Thursday, August 4 and was identified around 7 AM. It caused a major outage to NHS emergency services across the UK.
Advanced did not disclose the ransomware group behind the attack but said that it took immediate action to mitigate the risk and isolated Health and Care environments where the incident was detected. The company is working with forensic experts from Microsoft (DART) and Mandiant, who are also helping bring the affected systems back online securely and with added defences:
Implementing additional blocking rules and further restricting privileged accounts for Advanced staff
Scanning all impacted systems and ensuring they are fully patched
Resetting credentials
Deploying additional endpoint detection and response agents
Conducting 24/7 monitoring
After implementing the security measures above, Advanced said it would restore connectivity to its environments and assist customers to gradually reconnect safely and securely.
A Single Flaw Broke Every Layer of Security in MacOS
Every time you shut down your Mac, a pop-up appears: “Are you sure you want to shut down your computer now?” Nestled under the prompt is another option most of us likely overlook: the choice to reopen the apps and windows you have open now when your machine is turned back on. Researchers have now found a way to exploit a vulnerability in this “saved state” feature—and it can be used to break the key layers of Apple’s security protections.
The vulnerability, which is susceptible to a process injection attack to break macOS security, could allow an attacker to read every file on a Mac or take control of the webcam. It's basically one vulnerability that could be applied to three different locations.
https://www.wired.com/story/a-single-flaw-broke-every-layer-of-security-in-macos/
Threats
Ransomware
Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen (bleepingcomputer.com)
Ransomware, email compromise are top security threats, but deepfakes increase | CSO Online
Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics | Threatpost
Black Basta: New ransomware threat aiming for the big league | CSO Online
Could criminalizing ransomware payments put a stop to the current crime wave? - Help Net Security
7-Eleven Denmark confirms ransomware attack behind store closures (bleepingcomputer.com)
Update: Colosseum Dental Benelux pays ransom to threat actors (databreaches.net)
SolidBit Ransomware Group Recruiting New Affiliates on Dark Web - Infosecurity Magazine
Fears for patient data after ransomware attack on NHS software supplier | NHS | The Guardian
US reveals 'Target' pic of Conti man with $10m reward offer • The Register
Organisations would like the government to help with ransomware demand costs - Help Net Security
Hacker uses new RAT malware in Cuba Ransomware attacks (bleepingcomputer.com)
Maui ransomware linked to North Korean group Andariel • The Register
How to Stop Zeppelin Ransomware Attacks: CISA, FBI Mitigation Guidance - MSSP Alert
Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan (darkreading.com)
US govt will pay you $10 million for info on Conti ransomware members (bleepingcomputer.com)
Phishing & Email Based Attacks
Other Social Engineering; SMishing, Vishing, etc
Hackers Behind Twilio Breach Also Targeted Cloudflare Employees (thehackernews.com)
SMS phishing nabs Twilio employee credentials, allowed access customer data (scmagazine.com)
Malware
Emotet Tops List of July's Most Widely Used Malware - Infosecurity Magazine
Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass (bleepingcomputer.com)
Mobile
Google researchers dissect Android spyware, zero days (techtarget.com)
Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan (darkreading.com)
Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments (thehackernews.com)
Hackers install Dracarys Android malware using modified Signal app (bleepingcomputer.com)
Internet of Things – IoT
The Time Is Now for IoT Security Standards (darkreading.com)
Introducing the book: If It's Smart, It's Vulnerable - Help Net Security
Organised Crime & Criminal Actors
Cisco hacked by access broker with Lapsus$ ties (techtarget.com)
New dark web markets claim association with criminal cartels (bleepingcomputer.com)
Dark Utilities C2 service draws thousands of cyber criminals • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Email marketing firm hacked to steal crypto-focused mailing lists (bleepingcomputer.com)
Swan Bitcoin Discloses Data Leak Due to Phishing Attack on Newsletter Provider - Decrypt
Phishers Swim Around 2FA in Coinbase Account Heists | Threatpost
Crypto and the US government are headed for a decisive showdown | Ars Technica
Cameo’s CEO fell victim to the latest Bored Ape NFT heist - The Verge
Fraud, Scams & Financial Crime
“Hi Mum” Phishing Scam Swindles Unsuspecting Parents (informationsecuritybuzz.com)
How hackers are stealing credit cards from classifieds sites (bleepingcomputer.com)
AML/CFT/Sanctions
US Sanctions Crypto 'Laundering' Service Tornado | SecurityWeek.Com
Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs | Threatpost
Greece Flies Russian Money Launderer to US: Lawyer | SecurityWeek.Com
Insurance
BlackBerry Study: Most SMBs Have Less Than $600K in Ransomware Coverage - MSSP Alert
Number Of Firms Unable To Access Cyber-Insurance Set To Double (informationsecuritybuzz.com)
Australian court finds insurer not liable for ransomware clean-up costs - Security - iTnews
Cloud/SaaS
Implementing zero trust for a secure hybrid working enterprise - Help Net Security
How to Clear Security Obstacles and Achieve Cloud Nirvana (darkreading.com)
Why SAP systems need to be brought into the cyber security fold - Help Net Security
Open Source
Social Media
Facebook's Metaverse is Expanding the Attack Surface (trendmicro.com)
Meta's chatbot says the company 'exploits people' - BBC News
Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’ | Threatpost
Training, Education and Awareness
Privacy
Travel
Parental Controls and Child Safety
Predator Pleads Guilty After Targeting Thousands of Young Girls Online - Infosecurity Magazine
Online sexual blackmail of primary school children surges since lockdown (telegraph.co.uk)
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russia's digital attacks are haphazard, chaotic, says top Ukrainian cyber official - CyberScoop
Cyberspying Aimed at Industrial Enterprises in Russia and Ukraine Linked to China | SecurityWeek.Com
Killnet Releases 'Proof' of its Attack Against Lockheed Martin | SecurityWeek.Com
Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook (thehackernews.com)
Ex Twitter employee found guilty of spying for Saudi Arabia - Security Affairs
Ex-CIA security boss predicts coming crackdown on spyware • The Register
Nation State Actors
Nation State Actors – Russia
Russia Is Escalating Ukraine Hacking, Black Hat Research Says (gizmodo.com)
Russian invasion has destabilized cyber security norms • The Register
Russia-Ukraine Conflict Holds Cyberwar Lessons (darkreading.com)
Industroyer2: How Ukraine avoided another blackout attack (techtarget.com)
Nation State Actors – China
China-linked spies used six backdoors to steal defence info • The Register
Mandiant researchers uncover significant new disinformation campaign (securitybrief.co.nz)
Stats say Chinese researchers are not deterred by China's vulnerability law (scmagazine.com)
Chinese scammers target kids with promise of extra gaming • The Register
Chinese hackers backdoor chat app with new Linux, macOS malware (bleepingcomputer.com)
Nation State Actors – North Korea
Vulnerabilities
Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws | Threatpost
Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions (thehackernews.com)
Yet another Microsoft RCE bug under active exploit • The Register
Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks (bleepingcomputer.com)
CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog - Security Affairs
Zimbra auth bypass bug exploited to breach over 1,000 servers (bleepingcomputer.com)
Researchers Debut Fresh RCE Vector for Common Google API Tool (darkreading.com)
Surge in CVEs as Microsoft Fixes Exploited Zero Day Bugs - Infosecurity Magazine
Risky Business: Enterprises Can’t Shake Log4j flaw - Security Affairs
Three flaws allow attackers to bypass UEFI Secure Boot feature - Security Affairs
Windows devices with newest CPUs are susceptible to data damage (bleepingcomputer.com)
Critical Flaws Disclosed in Device42 IT Asset Management Software (thehackernews.com)
Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key - Security Affairs
Organisations Warned of Critical Vulnerabilities in NetModule Routers | SecurityWeek.Com
4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls (darkreading.com)
New vulnerability in AMD Ryzen CPUs could seriously jeopardize performance | TechRadar
ÆPIC Leak: Architectural Bug in Intel CPUs Exposes Protected Data | SecurityWeek.Com
Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year | SecurityWeek.Com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Other News
Microsoft 365 outage triggered by Meraki firewall false positive (bleepingcomputer.com)
Why VPN no longer has a place in a secure work environment | TechRadar
VMware: The threat of lateral movement is growing (techtarget.com)
5 key things learned from CISOs of smaller enterprises survey - Help Net Security
Stolen credentials are the most common attack vector companies face - Help Net Security
Your cyber security staff are burned out - and many have thought about quitting | ZDNet
Researchers Use ‘Invisible Finger’ to Remotely Control Touchscreens (vice.com)
Businesses are struggling to balance security and end-user experience - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 August 2021
Black Arrow Cyber Threat Briefing 27 August 2021
-Cyber Crime Losses Triple To £1.3bn In 1h 2021
-New Ransomware Wake-Up Call
-22% Of Cyber Security Incidents In H1 2021 Were Ransomware Attacks
-Key Email Threats And The High Cost Of Business Email Compromise
-Microsoft Warns Thousands Of Cloud Customers Of Exposed Databases
-58% Of IT Leaders Worried Their Business Could Become A Target Of Rising Nation State Attacks
-Cyber Insurance Market Encounters ‘Crisis Moment’ As Ransomware Costs Pile Up
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Crime Losses Triple To £1.3bn In H1 2021
Individuals and organisations lost three times more money to cyber crime and fraud in the first half of the year compared to the same period in 2020, as incidents soared, according to new figures. The report revealed that between January 1 and July 31 2020, victims lost £414.7m to cyber crime and fraud. However, the figure surged to £1.3bn for the same period in 2021. This can be partly explained by the huge increase in cases from last year to this. In the first half of 2020, there were just 39,160 reported to Action Fraud, versus 289,437 in the first six months of 2021. https://www.infosecurity-magazine.com/news/cybercrime-losses-triple-to-13bn/
Ransomware On A Rampage; A New Wake-Up Call
The ransomware rampage is continuing at pace and continues to create significant cyber security challenges. The use of ransomware by hackers to leverage exploits and extract financial benefits is not new. Ransomware has been around for over 2 decades, (early use of basic ransomware malware was used in the late 1980s) but as of late, it has become a trending and more dangerous cybersecurity threat. The inter-connectivity of digital commerce and expanding attack surfaces have enhanced the utility of ransomware as cyber weapon of choice for bad actors. Like bank robbers, cyber criminals go where the money is accessible. And it is now easier for them to reap benefits from extortion. Hackers can now demand cryptocurrencies payments or pre-paid cards that can be anonymously transacted. Those means of digital payments are difficult to trace by law enforcement. https://www.forbes.com/sites/chuckbrooks/2021/08/21/ransomware-on-a-rampage-a-new-wake-up-call/?sh=64a622362e81
22% Of Cyber Security Incidents In H1 2021 Were Ransomware Attacks
A report uncovered the number and nature of UK cyber security breaches reported to the UK Information Commissioner’s Office (ICO) in 2020 and 2021. So far in 2021 phishing was to blame for most incidents, accounting for 40% of all cyber security cases reported to the ICO, slightly down from 44% the year before. However, ransomware is surging, up from 11% of all reported incidents in the first half of 2020 to 22% in 2021. https://www.helpnetsecurity.com/2021/08/25/cybersecurity-incidents-h1-2021/
Ransomware: These Four Rising Gangs Could Be Your Next Major Cyber Security Threat
In recent months some significant ransomware operators have seemingly disappeared. But that doesn't mean that ransomware is any less of a problem, quite the opposite – new groups are emerging to fill the gaps and are often worse than the gangs that went before them. Cyber security researchers have detailed four upcoming families of ransomware discovered during investigations – and under the right circumstances, any of them could become the next big ransomware threat. One of these is LockBit 2.0, a ransomware-as-a-service operation that has existed since September 2019 but has gained major traction over the course of this summer. Those behind it revamped their dark web operations in June – when they launched the 2.0 version of LockBit – and aggressive advertising has drawn attention from cyber criminals. https://www.zdnet.com/article/ransomware-these-four-rising-threats-could-be-the-next-major-cybersecurity-risk-facing-your-business/
Key Email Threats And The High Cost Of Business Email Compromise
Researchers published the results of a study analysing over 31 million threats across multiple organisations and industries, with new findings and warnings issued by technical experts that every organisation should be aware of. A key aspect to preventing attacks is having a deep understanding of cyber actor patterns and continuously monitoring and deconstructing campaigns to anticipate future ones. Phishing can be a profitable business model, and most breaches begin with a phishing email. What appears to be an innocent email from a trusted vendor or internal department can lead to firm-wide shutdowns, loss of crucial data, and millions in financial costs. As detailed in the report, threats ranging from ransomware, credential harvesters to difficult-to-discover but costly Business Email Compromise (BEC) targeted inboxes, could have resulted in over $354 million in direct losses had they been successful. https://www.helpnetsecurity.com/2021/08/23/key-email-threats/
Microsoft Warns Thousands Of Cloud Customers Of Exposed Databases
Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security a company discovered it was able to access keys that control access to databases held by thousands of companies. https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/
58% Of IT Leaders Worried Their Business Could Become A Target Of Rising Nation State Attacks
Researchers released the findings of a global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation state attacks. 72% of respondents said they worry that nation state tools, techniques, and procedures (TTPs) could filter through to the dark net and be used to attack their business. https://www.helpnetsecurity.com/2021/08/23/rising-nation-state-attacks/
Cyber Insurance Market Encounters ‘Crisis Moment’ As Ransomware Costs Pile Up
It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. Ransomware now accounts for 75% of all cyber insurance claims, up from 55% in 2016, according to the credit ratings agency. The percentage increase in claims is outpacing that of premiums, said a June report which concluded that “the prospects for the cyber insurance market are grim.” Fitch Ratings in April found that the ratio of losses to premiums earned was at 73% last year, jeopardizing the profitability of the industry. https://www.cyberscoop.com/cyber-insurance-ransomware-crisis/
Security Teams Report Rise In Cyber Risk
Do you feel like you are gaining in your ability to protect your data and your network? If you are like 80% of respondents to the a recent report, you expect to experience a data breach that compromises customer data in the next 12 months. The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets. https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html
WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws
The U.S. Cyber security and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. The vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. While the former two were addressed by Microsoft on April 13, a patch for CVE-2021-31207 was shipped as part of the Windows maker's May Patch Tuesday updates. https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html
Threats
Ransomware
70% of Cyber Pros Believe Cyber Insurance is Exacerbating Ransomware
Nigerian Threat Actors Solicit Employees To Deploy Ransomware for Cut Of Profits
New Ransomware Called LockFile Targets Microsoft Exchange Servers
Researchers Find New Evidence Linking Diavol Ransomware To TrickBot Gang
FBI Sends Its First-Ever Alert About A ‘Ransomware Affiliate’
Phishing
That Email Asking For Proof Of Vaccination Might Be A Phishing Scam
Phishing Could Have Cost Businesses $354m In Potential Direct Losses
Other Social Engineering
Scammers Impersonate Europol Chief In An Effort To Defraud Belgians
Man Admits Impersonating Apple Support Staff To Steal 620,000 Photos From iCloud Accounts
Malware
New SideWalk Backdoor Targets U.S.-Based Computer Retail Business
Mozi Botnet Gains The Ability To Tamper With Its Victims’ Traffic
Shadowpad Malware Is Becoming A Favourite Choice Of Chinese Espionage Groups
Mobile
IOT
Mirai-Style Iot Botnet Is Now Scanning For Router-Pwning Critical Vuln In Realtek Kit
IoT Market To Reach $1.5 Trillion By 2027, Security Top Priority
Hackers Could Increase Medication Doses Through Infusion Pump Flaws
Vulnerabilities
VMware Issues Patches To Fix New Flaws Affecting Multiple Products
Critical Flaw Discovered In Cisco APIC for Switches — Patch Released
CISA Warns Admins To Urgently Patch Exchange ProxyShell Bugs
Data Breaches/Leaks
Guernsey Data Authority Imposed Sanctions On 11 Firms For Breaches Last Year
Data Leak Exposed 38 Million Records, Including COVID-19 Vaccination Statuses
Nokia Subsidiary Discloses Data Breach After Conti Ransomware Attack
T-Mobile Breach Hits 53 Million Customers As Probe Finds Wider Impact
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
Insider Threats
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
Cloud
Privacy
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 20 August 2021
Black Arrow Cyber Threat Briefing 20 August 2021:
-Third of Global Companies Have Experienced Ransomware Attack, Survey Finds
-Company Size Is A Nonissue With Automated Cyberattack Tools
-60% Of Employees Reuse Passwords Across Business And Personal Accounts
-LockBit 2.0 Ransomware Proliferates Globally
-Secret Terrorist Watchlist With 2 Million Records Exposed Online
-Phishing Costs Quadruple Over 6 Years
-Security Teams Report Rise In Cyber Risk
-Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
A Third of Global Companies Have Experienced Ransomware Attack, Survey Finds
Roughly a third of large international companies have faced a ransomware attack or other data breach in the last 12 months, according to a new survey.
Analysts surveyed almost 800 companies and found 37% of international companies experienced ransomware attacks this past year. The survey focused on companies with more than 500 employees.
Company Size Is A Nonissue With Automated Cyber Attack Tools
Even with plenty of old problems to contend with, firms need to get ready for new and more powerful automated ransomware tools.
Cyber criminals are constantly looking for the best return on their investment and solutions that lower the chance of being caught. Sadly, that appears to mean small businesses are their current target of opportunity.
Tech media and cyber pundits have been sounding the alarm and offering small businesses specific cybersecurity solutions for a few years now, but it seems to no avail.
https://www.techrepublic.com/article/company-size-is-a-nonissue-with-automated-cyberattack-tools/
Over 60% Of Employees Reuse Passwords Across Business And Personal Accounts
Nearly two thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue. Surprisingly, 97% of employees know what constitutes a strong password, yet over half (53%) admit to not always using one.
http://hrnews.co.uk/over-60-of-employees-reuse-passwords-across-business-and-personal/
LockBit 2.0 Ransomware Proliferates Globally
Fresh attacks target companies’ employees, promising millions of dollars in exchange for valid account credentials for initial access.
The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.
https://threatpost.com/lockbit-ransomware-proliferates-globally/168746/
Secret Terrorist Watchlist With 2 Million Records Exposed Online
A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.
The list was left accessible on an Elasticsearch cluster that had no password on it.
Phishing Costs Nearly Quadrupled Over 6 Years
Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not pay-outs to crooks.
Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large US companies are now losing, on average, $14.8 million annually, or $1,500 per employee.
That’s up sharply from 2015’s figure of $3.8 million, according to a new study from Ponemon Institute that was sponsored by Proofpoint.
According to the study, released Tuesday, phishing leads to some of the costliest cyber attacks.
https://threatpost.com/phishing-costs-quadrupled/168716/
Security Teams Report Rise In Cyber Risk
A recent report shows declining confidence in many organisations’ security function to address today’s threats.
80% of respondents to the Trend Micro’s biannual Cyber Risk Index (CRI) report said they expect to experience a data breach that compromises customer data in the next 12 months.
The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets.
Organisations are overwhelmed as they pivot from traditional to distributed networks. Pandemic-driven work-from-home growth is potentially how businesses will be run going forward. That distributed network means that it’s harder for IT staff to know what assets are under their control and what security controls should be in place. With the line blurring between corporate and personal assets, organizations are overwhelmed with the pace of change.
https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html
Organisations Aware Of The Importance Of Zero Trust, Yet Still Relying On Passwords
Organisations have become more security conscious over the course of the pandemic, leading them to invest heavily in zero trust, according to a new study.
The report surveyed over 600 global security leaders about their initiatives and found that remote work has led to a change in how organizations view the importance of zero trust, with financial services, healthcare organisations and the software industry seeing the most significant progress.
78% of companies globally say that zero trust has increased in priority and nearly 90% are currently working on a zero trust initiative, up from just 41% a year ago.
https://www.helpnetsecurity.com/2021/08/11/importance-of-zero-trust/
Reliance On Third Party Workers Making Companies More Vulnerable To Cyber Attacks
A new survey revealed 83% of respondents agree that because organisations increasingly rely on contractors, freelancers, and other third party workers, their data systems have become more vulnerable to cyber attacks.
Further, 88% of people say organisations and government entities must have better data security systems in place to protect them from the increase in third party remote attacks.
Recent high-profile breaches, including SolarWinds, Colonial Pipeline, and JBS Foods, have exposed how vulnerable organisations are to cyber crime and in particular ransomware attacks. Of note with recent attacks is how data breaches can quickly affect aspects of everyday life, such as the ability to fill a car with petrol or buy meat at the supermarket.
https://www.helpnetsecurity.com/2021/08/16/reliance-on-third-party-workers/
The Cyber Security Skills Gap Persists For The Fifth Year Running
Most organisations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.
T-Mobile Hack Is A Return To The Roots Of Cyber Crime
In the world of cyber crime, ransomware attacks might be the sophisticated bank heists. The hack of T-Mobile is more akin to smashing a window, grabbing merchandise, and running.
The attack that exposed the personal information of millions of T-Mobile customers spotlights a common type of cyber threat that can inflict significant damage to consumers, much like the recent rash of ransomware attacks hitting companies.
The breach exposed the data of more than 40 million people, T-Mobile confirmed Wednesday, including customer’s full names and driver’s license information. A hacker posted about the stolen information on a cyber crime forum late last week, offering to sell the information to buyers for the price of six bitcoin, or about $270,000.
This type of attack, in which hackers worm their way into companies’ systems, steal data and try to sell it online, has been a common tactic for years, cyber security experts say. Unlike the high-profile ransomware attacks that have disrupted fuel supplies, hospital systems and food production in recent months, these data exfiltration hacks do not lock down computer systems.
https://www.washingtonpost.com/technology/2021/08/19/tmobile-breach-data-hacks/
Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks
The first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, a new report reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May.
Bad actors continue to utilise phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on.
https://www.helpnetsecurity.com/2021/08/19/phishing-attacks-h1-2021/
Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily
A new report has shined a light on the state of connected devices. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020). These devices include medical and manufacturing devices that are critical to business operations along with network devices, IP phones, video surveillance cameras and facility devices (such as badge readers) that are not designed with security in mind, cannot be patched, and cannot support endpoint security agents.
With almost half of devices in the network that are either agentless or un-agentable, organisations need to complement their endpoint security strategy with a network-based security approach to discover and secure these devices.
https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/
Threats
Ransomware
John Oliver On Ransomware Attacks: ‘It’s In Everyone’s Interest To Tet This Under Control’
Device Complexity Leaving Schools At Heightened Risk Of Ransomware Attacks
This Ransomware Has Returned With New Techniques To Make Attacks More Effective
Diavol Ransomware Sample Shows Stronger Connection To TrickBot Gang
Ransomware Criminals' Demands Rise As Aggressive Tactics Pay Off
BEC
Phishing
Other Social Engineering
Malware
Malware Campaign Uses Clever 'Captcha' To Bypass Browser Warning
Malware Dev Infects Own PC And Data Ends Up On Intel Platform
Researchers Discover New AdLoad Malware Campaigns Targeting Macs And Apple Products
Mobile
IOT
Vulnerabilities
Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly A Million IoT Devices
Unpatched Remote Hacking Flaw Disclosed In Fortinet's FortiWeb WAF
65 Vendors Affected By Severe Vulnerabilities In Realtek Chips
Eight-Year-Old Bug In Microsoft's 64-Bit VBA Prompts Complaints Of Neglect
Cisco Won’t Fix Zero-Day RCE Vulnerability In End-Of-Life VPN Routers
Data Breaches/Leaks
Chase Bank Accidentally Leaked Customer Info To Other Customers
Colonial Pipeline Reports Data Breach After May Ransomware Attack
Ford Bug Exposed Customer And Employee Records From Internal Systems
Dark Web
Dark Web Blockchain Analysis Tool Suspended After Flurry Of Media Coverage
Dark Web Drug Dealer Indicted For Laundering $137 Million In Bitcoin From Prison
Dark Web Criminals Have Built A Tool That Checks For Dirty Bitcoin
Supply Chain
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
Cloud
Other News
Threat Actors Hacked US Census Bureau In 2020 By Exploiting A Citrix Flaw
Cyber Security Is Top Priority For Enterprises As They Shift To Digital-First Operating Models
SMEs Awareness Of GDPR Is High, But Few Adhere To Its Legal Requirements
Hacker Finds A Way To Steal Windows 365 User Names And Passwords
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.