Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.

No surprise here: The holidays bought no Log4Shell relief.

Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library.

“We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,” according to Microsoft.

https://threatpost.com/microsoft-rampant-log4j-exploits-testing/177358/

Warning: Log4j Still Lurks Where Dependency Analysis Can’t Find It

The best programming practice to include a third-party library in source code is to use the import command. It is the easiest way to do it, and it is also the way that most dependency analysis programs work to determine if a vulnerable library is in play. But any time code is included without calling it as an external package, traditional dependency analysis might not be enough to find it — including when Java coders use a common trick to resolve conflicting dependencies during the design process.

A new study by jFrog found that 400 packages on repository Maven Central used Log4j code without calling it as an external package. Around a third of that came from fat jars — jar files that include all external dependencies to make a more efficient product. The remainder came from directly inserting Log4j code into the source code, including shading, a work-around used when two or more dependencies call different versions of the same library in a way that might conflict.

While 400 may not seem like a lot for Maven Central, where Google found 17,000 packages implementing the vulnerable Log4j library, some of the 400 packages unearthed by JFrog are widely used.

https://www.scmagazine.com/analysis/devops/warning-log4j-still-lurks-where-dependency-analysis-cant-find-it

Hackers Sending Malware-Filled USB Sticks to Companies Disguised as Presents

The "malicious USB stick" trick is old but apparently it's still wildly popular with the crooks.

Word to the wise: If a stranger ever offers you a random USB stick as a gift, best not to take it.

On Thursday, the FBI warned that a hacker group has been using the US mail to send malware-laden USB drives to companies in the defence, transportation and insurance industries. The criminals’ hope is that employees will be gullible enough to stick them into their computers, thus creating the opportunity for ransomware attacks or the deployment of other malicious software, The Record reports.

The hacker group behind this bad behaviour—a group called FIN7—has gone to great lengths to make their parcels appear innocuous. In some cases, packages were dressed up as if they were sent by the US Department of Health and Human Services, with notes explaining that the drives contained important information about COVID-19 guidelines. In other cases, they were delivered as if they had been sent via Amazon, along with a “decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB,” according to the FBI warning.

https://gizmodo.com/hackers-have-been-sending-malware-filled-usb-sticks-to-1848323578

Patch Systems Vulnerable To Critical Log4j Flaws, UK And US Officials Warn

One of the highest-severity vulnerabilities in years, Log4Shell remains under attack.

Criminals are actively exploiting the high-severity Log4Shell vulnerability on servers running VMware Horizon in an attempt to install malware that allows them to gain full control of affected systems, the UK’s publicly funded healthcare system is warning.

CVE-2021-44228 is one of the most severe vulnerabilities to come to light in the past few years. It resides in Log4J, a system-logging code library used in thousands if not millions of third-party applications and websites. That means there is a huge base of vulnerable systems. Additionally, the vulnerability is extremely easy to exploit and allows attackers to install Web shells, which provide a command window for executing highly privileged commands on hacked servers.

The remote-code execution flaw in Log4J came to light in December after exploit code was released before a patch was available. Malicious hackers quickly began actively exploiting CVE-2021-44228 to compromise sensitive systems.

https://arstechnica.com/information-technology/2022/01/patch-systems-vulnerable-to-critical-log4j-flaws-uk-and-us-officials-warn/

‘Elephant Beetle’ Lurks For Months In Networks

The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.

Researchers have identified a threat group that’s been quietly siphoning off millions of dollars from financial- and commerce-sector companies, spending months patiently studying their targets’ financial systems and slipping in fraudulent transactions amongst regular activity.

The Sygnia Incident Response team has been tracking the group, which it named Elephant Beetle, aka TG2003, for two years.

In a Wednesday report, the researchers called Elephant Beetle’s attack relentless, as the group has hidden “in plain sight” without the need to develop exploits.

https://threatpost.com/elephant-beetle-months-networks-financial/177393/

Sonicwall: Y2k22 Bug Hits Email Security, Firewall Products

SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1st, 2022.

The company says that email users and administrators will no longer be able to access the junk box or un-junk newly received emails on affected systems.

They will also no longer be able to trace incoming/outgoing emails using the message logs because they're no longer updated.

On January 2nd, SonicWall deployed updates to North American and European instances of Hosted Email Security, the company's cloud email security service.

It also released fixes for its on-premises Email Security Appliance (ES 10.0.15) and customers using firewalls with the Anti-Spam Junk Store functionality toggled on (Junk Store 7.6.9).

https://www.bleepingcomputer.com/news/security/sonicwall-y2k22-bug-hits-email-security-firewall-products/

Hackers Use Video Player To Steal Credit Cards From Over 100 Sites

Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms.

These scripts are known as skimmers or formjackers and are commonly injected into hacked websites to steal sensitive information entered into forms. Skimmers are commonly used on checkout pages for online stores to steal payment information.

In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player. When a website embeds that player, it embeds the malicious script, causing the site to become infected.

https://www.bleepingcomputer.com/news/security/hackers-use-video-player-to-steal-credit-cards-from-over-100-sites/

Cyber World Is Starting 2022 In Crisis Mode With The Log4j Bug

The cyber security world is starting off 2022 in crisis mode.

The newest culprit is the log4j software bug, which cyber security and Infrastructure Security Agency (CISA) Director Jen Easterly called “the most serious vulnerability I have seen in my decades-long career.” It forced many cyber security pros to work through the holidays to protect computer systems at Big Tech firms, large and small companies and government agencies.

But crises like log4j have become the norm rather than the exception during the past few years.

Last year kicked off with the SolarWinds hack — a Russian government operation that compromised reams of sensitive information from U.S. government agencies and corporations.

Digital threats of all sorts are growing far faster than the capability to defend against them. If past is prologue, 2022 is likely to be a year of big hacks, big threats and plenty more crises.

“We’re always in crisis is the long and short of it,” Jake Williams, a former National Security Agency (NSA) cyber operator and founder of the firm Rendition Infosec, told me. “Anyone looking for calm rather than the storm in cyber is in the wrong field.”

https://www.washingtonpost.com/politics/2022/01/03/cyber-world-is-starting-2022-crisis-mode-with-log4j-bug/

Everything You Need To Know About Ransomware Attacks and Gangs In 2022

Ransomware is a lucrative business for criminals. It is paying off, and it is working.

According to a recent Trend Micro report, a staggering 84% of US organisations experienced either a phishing or ransomware attack in the last year. The average ransomware payment was over $500,000.

Bad actors want to keep cashing in. So they’re going as far as creating ransomware kits as a service (Ransomware as a Service) to be sold on the dark web and even setting up fake companies to recruit potential employees.

Many ransomware gangs function like real companies — with marketing teams, websites, software development, user documentation, support forums and media relations.

If the “companies” run by ransomware gangs can operate with minimal expenses and mind-blowing revenues, what’s stopping them from growing in number and size?

https://securityintelligence.com/articles/ransomware-attacks-gangs-2022/

Why the Log4j Vulnerability Makes Endpoint Visibility and Zero Trust Security More Important Than Ever

The Apache Log4j vulnerability is one of the most serious vulnerabilities in recent years—putting millions of devices at risk.

IT organisations worldwide are still reeling from the discovery of a major security vulnerability in Apache Log4j, an open-source logging utility embedded in countless internal and commercial applications.

By submitting a carefully constructed variable string to log4j, attackers can take control of any application that includes log4j. Suddenly, cyber criminals around the world have a blueprint for launching attacks on everything from retail store kiosks to mission-critical applications in hospitals.

If security teams overlook even one instance of log4j in their software, they give attackers an opportunity to issue system commands at will. Attackers can use those commands to install ransomware, exfiltrate data, shut down operations — the list goes on.

How should enterprises respond to this pervasive threat?

https://www.cio.com/article/302868/why-the-log4j-vulnerability-makes-endpoint-visibility-and-zero-trust-security-more-important-than-ever.html

Threats

Ransomware

• Night Sky Is The Latest Ransomware Targeting Corporate Networks (bleepingcomputer.com)

• Counties In New Mexico, Arkansas Begin 2022 With Ransomware Attacks | ZDNet

• Ransomware Attack Affects The Websites Of 5,000 Schools - CNNPolitics

Phishing

• Google Docs Comments Weaponized in New Phishing Campaign (darkreading.com)

• US Arrests Suspect Who Stole Unpublished Books In Phishing Attacks (bleepingcomputer.com)

Malware

• FluBot Malware Now Targets Europe Posing As Flash Player App (bleepingcomputer.com)

• New Mac Malware Samples Underscore Growing Threat (darkreading.com)

• Purple Fox Rootkit Now Bundled With Telegram Installer | Malwarebytes Labs

• ‘Malsmoke’ Exploits Microsoft’s E-Signature Verification | Threatpost

Mobile

• Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying | Threatpost

IoT

• IoT's Importance is Growing Rapidly, But Its Security Is Still Weak | SecurityWeek.Com

Data Breaches/Leaks

• List Of Data Breaches And Cyber Attacks In December 2021 | 219M records (itgovernance.co.uk)

• Have I Been Pwned Warns Of DatPiff Data Breach Impacting Millions (bleepingcomputer.com)

• Morgan Stanley To Pay $60 Million To Resolve Data Security Lawsuit (Yahoo.Com)

Cryptocurrency/Cryptomining/Cryptojacking

• Report: $2.2 Billion In Cryptocurrency Stolen From DeFi Platforms In 2021 | ZDNet

• UK Police Seize £322m of Cryptocurrency in Past Five Years - Infosecurity Magazine

Fraud, Scams & Financial Crime

• Broker-Dealers Impersonators Stole $50 Million Using Spoofed Sites (bleepingcomputer.com)

• 'Sextortion' Leads To Financial Losses And Psychological Trauma. Here's What To Look Out For On Dating Apps (theconversation.com)

DoS/DDoS

• CDN Cache Poisoning Allows DoS Attacks Against Cloud Apps (darkreading.com)

OT, ICS, IIoT and SCADA

• Why The UK’s Energy Sector Is Fragile And Ripe To Cyber Attacks - Help Net Security

Nation State Actors

• Should Businesses Be Concerned About APT-Style Attacks? - Help Net Security

• MI6 Chief Thanks China For ‘Free Publicity’ After James Bond Spoof | China | The Guardian

• Log4j Vulnerabilities: New Patches And Nation-State Exploitation. (thecyberwire.com)

• North Korea-Linked Konni APT Targets Russian Diplomatic Bodies - Security Affairs

Privacy

• Swiss Army Bans All Chat Apps But Locally-Developed Threema (bleepingcomputer.com)

• France Fines Google, Facebook €210 Million Over Privacy Violating Tracking Cookies (thehackernews.com)

Passwords & Credential Stuffing

• 1.1M Compromised Accounts Found at 17 Major Companies | Threatpost

Spyware and Espionage

• US Counterintelligence Shares Tips To Block Spyware Attacks (bleepingcomputer.com)

Vulnerabilities

• Google Chrome Update Includes 37 Security Fixes | ZDNet

• Emergency Windows Server Update Fixes Remote Desktop Issues (bleepingcomputer.com)

• Microsoft Rolled Out Emergency Fix For Y2k22 Bug In Exchange Servers - Security Affairs

• VMware Fixed CVE-2021-22045 Heap-Overflow In Workstation, Fusion and ESXi - Security Affairs

• Latest WordPress Security Release Fixes XSS, SQL Injection Bugs | The Daily Swig (portswigger.net)

• Internet Bug Bounty: High Severity Vulnerability In Apache HTTP Server Could Lead To RCE | The Daily Swig (portswigger.net)

• QNAP: Get NAS Devices Off the Internet Now | Threatpost

• New Ubuntu Linux Kernel Security Updates Fix 9 Vulnerabilities, Patch Now - 9to5Linux

• JFrog Researchers Find JNDI Vulnerability In H2 Database Consoles Similar To Log4Shell | ZDNet

• Unpatched HomeKit Vulnerability Exposes iPhones, iPads to DoS Attacks | SecurityWeek.Com

Sector Specific

Defence

• FBI: Hackers Use BadUSB To Target Defence Firms With Ransomware (bleepingcomputer.com)

Health/Medical/Pharma Sector

• Are Medical Devices at Risk of Ransomware Attacks? (thehackernews.com)

Estate Agents

• Hackers Target Real Estate Websites with Skimmer in Latest Supply Chain Attack (thehackernews.com)

Other News

Log4j Flaw Attack Levels Remain High, Microsoft Warns | ZDNet

Cyber Attack Against UK Ministry of Defence Training Academy Revealed | ZDNet

API Security: Understanding The Next Top Attack Vector - Help Net Security

E-Waste Is a Cybersecurity Problem, Too - IEEE Spectrum

The Log4j Debacle Showed Again That Public Disclosure Of 0-Days Only Helps Attackers - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Double Extortion Ransomware Victims Soar 935%

Researchers have recorded a 935% year-on-year increase in double extortion attacks, with data from over 2300 companies posted onto ransomware extortion sites.

Group-IB’s Hi-Tech Crime Trends 2021/2022 report covers the period from the second half of 2020 to the first half of 2021.

During that time, an “unholy alliance” of initial access brokers and ransomware-as-a-service (RaaS) affiliate programs has led to a surge in breaches, it claimed.

In total, the number of breach victims on ransomware data leak sites surged from 229 in the previous reporting period to 2371, Group-IB noted. During the same period, the number of leak sites more than doubled to 28, and the number of RaaS affiliates increased 19%, with 21 new groups discovered.

Group-IB warned that, even if victim organisations pay the ransom, their data often end up on these sites.

https://www.infosecurity-magazine.com/news/double-extortion-ransomware-soar/

MI6 Boss: Digital Attack Surface Growing "Exponentially"

Head of the Secret Intelligence Service (SIS), Richard Moore, explained in a rare speech this week that, unlike the character Q from the James Bond films, even MI6 cannot source all of its tech capabilities in-house.

New partners and tech capabilities will help address MI6’s four key priorities: Russia, China, Iran and global terrorism. It’s a challenge made more acute as technology rapidly advances, he said.

“The ‘digital attack surface’ that criminals, terrorists and hostile states threats seek to exploit against us is growing exponentially. We may experience more technological progress in the next ten years than in the last century, with a disruptive impact equal to the industrial revolution,” Moore argued.

https://www.infosecurity-magazine.com/news/mi6-digital-attack-surface-growing/

How Phishing Kits Are Enabling A New Legion Of Pro Phishers

Some cybercriminals are motivated by political ideals, others by malice or mischief, but most are only interested in cold, hard cash. To ensure their criminal endeavours are profitable, they need to balance the potential payday against the time, resources and risk required.

It’s no wonder then that so many use phishing as their default attack method. Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign.

https://www.helpnetsecurity.com/2021/12/02/phishing-kits-pro/

Crooks Are Selling Access To Hacked Networks. Ransomware Gangs Are Their Biggest Customers

Dark web forum posts offering compromised VPN, RDP credentials and other ways into networks have tripled in the last year.

There's been a surge in cyber criminals selling access to compromised corporate networks as hackers look to cash in on the demand for vulnerable networks from gangs looking to initiate ransomware attacks.

Researchers at cybersecurity company Group-IB analysed activity on underground forums and said there's been a sharp increase in the number of offers to sell access to compromised corporate networks, with the number of posts offering access tripling between 2020 and 2021

https://www.zdnet.com/article/theres-been-a-big-jump-in-crooks-selling-access-to-hacked-networks-ransomware-gangs-are-their-best-customers/

Omicron Phishing Scam Already Spotted in UK

The global pandemic has provided cover for all sorts of phishing scams over the past couple of years, and the rise in alarm over the spread of the latest COVID-19 variant, Omicron, is no exception.

As public health professionals across the globe grapple with what they fear could be an even more dangerous COVID-19 variant than Delta, threat actors have grabbed the opportunity to turn uncertainty into cash.

UK consumer watchdog “Which?” has raised the alarm that a new phishing scam, doctored up to look like official communications from the National Health Service (NHS), is targeting people with fraud offers for free PCR tests for the COVID-19 Omicron variant

https://threatpost.com/omicron-phishing-scam-uk/176771/

Phishing Remains the Most Common Cause of Data Breaches, Survey Says

Phishing, malware, and denial-of-service attacks remained the most common causes for data breaches in 2021. Data from Dark Reading’s latest Strategic Security Survey shows that more companies experienced a data breach over the past year due to phishing than any other cause. The percentage of organisations reporting a phishing-related breach is slightly higher in the 2021 survey (53%) than in the 2020 survey (51%). The survey found that malware was the second biggest cause of data breaches over the past year, as 41% of the respondents said they experienced a data breach where malware was the primary vector.

https://www.darkreading.com/edge-threat-monitor/phishing-remains-the-most-common-cause-of-data-breaches-survey-says

Ransomware Victims Increase Security Budgets Due To Surge In Attacks

As the end of 2021 approaches, there’s no doubt ransomware became a top cybersecurity concern across multiple industries.  Successful ransomware attacks like the Colonial Pipeline, which took down critical US infrastructure, and Kaseya, which hit over 1,500 companies in a single attack, became a popular topic in the news.

Research conducted by Cymulate, however, shows that despite the increase in the number of attacks this past year, overall victims suffered limited damage in both severity and duration. Potential victims have improved their level of preparedness, with 70% reporting an increase of awareness at the boardroom and business management level. The majority (55%) undertook proactive measures to prevent ransomware attacks before they could cause any significant damage, and many of those respondents (38%) prevented attacks even before they could cause any serious downtime. Only 14% of respondents that experienced an attack were down for a week or more.

https://venturebeat.com/2021/12/03/report-ransomware-victims-increase-security-budgets-due-to-surge-in-attacks/

Control Failures Are Behind A Growing Number Of Cyber Security Incidents

Data from a survey of 1,200 enterprise security leaders reveals that an increase in tools and manual reporting combined with control failures are contributing to the success of threats such as ransomware, which costs organisations an average of $1.85 million in recovery, according to Panaseer.

Currently, only 36% of security leaders feel very confident in their ability to prove controls were working as intended. This is despite 99% of respondents believing it’s valuable to know that all controls are fully deployed and operating within policy, and cybersecurity control failures are currently being listed as the top emerging risk in the latest Gartner Emerging Risks Monitor Report. Attacks only succeed when they hit systems that haven’t been patched or don’t have security controls monitoring them.

https://www.helpnetsecurity.com/2021/12/01/control-failures-cybersecurity/

MI6 Spy Chief Says China, Russia, Iran Top UK Threat List

China, Russia and Iran pose three of the biggest threats to the U.K. in a fast-changing, unstable world, the head of Britain’s foreign intelligence agency said Tuesday.

MI6 chief Richard Moore said the three countries and international terrorism make up the “big four” security issues confronting Britain’s spies.

In his first public speech since becoming head of the Secret Intelligence Service, also known as MI6, in October 2020, Moore said China is the intelligence agency’s “single greatest priority” as the country’s leadership increasingly backs “bold and decisive action” to further its interests.

Calling China “an authoritarian state with different values than ours,” he said Beijing conducts “large-scale espionage operations” against the U.K. and its allies, tries to ”distort public discourse and political decision-making” and exports technology that enables a “web of authoritarian control” around the world.

Moore said the U.K. also continues “to face an acute threat from Russia.” He said Moscow has sponsored killing attempts, such as the poisoning of former spy Sergei Skripal in England in 2018, mounts cyber attacks and attempts to interfere in other countries’ democratic processes.

https://www.securityweek.com/mi6-spy-chief-says-china-russia-iran-top-uk-threat-list

Threats

Ransomware

• Microsoft Exchange Servers Hacked To Deploy BlackByte Ransomware (Bleepingcomputer.Com)

• Ransomware Group Rebrands Multiple Times to Evade Detection - Infosecurity Magazine (infosecurity-magazine.com)

• New Ransomware Variant Could Become Next Big Threat (darkreading.com)

• FBI Says The Cuba Ransomware Gang Made $43.9 Million From Ransom Payments - The Record By Recorded Future

• Yanluowang Ransomware Tied to Thieflock Threat Actor | Threatpost

• Yanluowang Ransomware Operation Matures With Experienced Affiliates (Bleepingcomputer.Com)

• Ransomware Attack On Planned Parenthood Exposes 400,000 Patients' Personal Data - CNN

• Ransomware vs. Cities: A Cyber War (darkreading.com)

Phishing

• APT Groups Adopt New Phishing Method. Will Cybercriminals Follow? (darkreading.com)

• Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks (thehackernews.com)

• Phishing Kits' Favourite Brand? Amazon - Help Net Security

Malware

• Emotet Now Spreads Via Fake Adobe Windows App Installer Packages (Bleepingcomputer.Com)

• New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions (thehackernews.com)

• Password-Stealing And Keylogging Malware Is Being Spread Through Fake Downloads | ZDNet

• Malware Variants In 2021: Harder To Detect And Respond To - Help Net Security

Mobile

• More Than 300,000 Play Store Users Infected With Android Banking Trojans - The Record By Recorded Future

• Surge Of Info-Stealing Android Malware FluBot Detected Again • The Register

• Fake Support Agents Call Victims To Install Android Banking Malware (Bleepingcomputer.Com)

• Multi-Platform Spyware Tracks Users Across Windows And Android | Techradar

• BEWARE: More Google Play Store Apps are Found to Have Trojan Malware, Per a Kaspersky Malware Analyst | Tech Times

IOT

• HP Patches Wormable Bug Impacting More Than 150 Multi-Functional Printers - The Record By Recorded Future

• IOT Devices Must “Protect Consumers From Cyber Harm”, Says UK Government – Naked Security (Sophos.Com)

Vulnerabilities

• Pretty Much All Wi-Fi Routers Are Vulnerable To Attack, Study Finds | Techradar

• Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks (thehackernews.com)

• New Ubuntu Linux Kernel Security Patches Address 6 Vulnerabilities, Update Now - 9to5Linux

• Netgear Router Vulnerabilities Affecting SME Products Fixed • The Register

Data Breaches/Leaks

• UK Government Fined £500,000 For New Year Honours Data Breach - BBC News

• Panasonic Discloses Four-Months-Long Data Breach - The Record By Recorded Future

• Misconfigured Database Leaks Data On 300k E-Commerce Buyers - Infosecurity Magazine (Infosecurity-Magazine.Com)

Organised Crime & Criminal Actors

• Russian Bulletproof Hosting Kingpin Gets Five Years - Infosecurity Magazine (infosecurity-magazine.com)

• Europol Arrested 1800 Money Mules As Part Of Anti-Money-Laundering Operation - Security Affairs

Cryptocurrency/Cryptojacking

• Iranians Charged for Cryptojacking After U.S. Firm Gets $760,000 Cloud Bill | SecurityWeek.Com

• Threat Actors Stole $120 M In Crypto From BadgerDAO DeFi Platform - Security Affairs

• Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify (trendmicro.com)

• How Do Criminals Exploit Cryptocurrencies? | Financial Times (ft.com)

Insider Threats

• Man Charged With Ubiquiti Data Breach And Extortion Was Employee Assigned To Investigate Hack (Bitdefender.Com)

Fraud & Financial Crime

• How Criminals Are Using Synthetic Identities for Fraud (darkreading.com)

Insurance

• Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks | Threatpost

• Cyber War Victims Might Not Get Payouts – Insurer • The Register

OT, ICS, IIoT and SCADA

• USB Devices the Common Denominator in All Attacks on Air-Gapped Systems (darkreading.com)

Nation State Actors

• MI6 Spy Chief Says China, Russia, Iran Top UK Threat List | SecurityWeek.Com

• Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks | Threatpost

• Jumping The Air Gap: 15 Years Of Nation‑State Effort | WeLiveSecurity

• Israel and Iran Broaden Cyberwar to Attack Civilian Targets - The New York Times (nytimes.com)

• APT groups from China, Russia, and India adopt novel attack technique - The Record by Recorded Future

• North Korea-Linked Zinc APT Posed As Samsung Recruiters To Target Security Firms - Security Affairs

Cloud

• These Researchers Wanted To Test Cloud Security. They Were Shocked By What They Found | ZDNet

Parental Controls

• Smartwatches For Children Are A Privacy And Security Nightmare (Bleepingcomputer.Com)

Sector Specific

Retail

• Holiday Season Fraud Fear Higher this Year - Infosecurity Magazine (infosecurity-magazine.com)

• The Cyber Threats Facing Retailers This Holiday Shopping Season (darkreading.com)

Other News

• Hackers Are Guessing Your Credit Card Details - And There's Nothing You Can Do About It | Techradar

• UK Adults ‘Not Concerned’ Over Online Security, Poll Suggests | The Independent

• Nine WiFi Routers Used By Millions Were Vulnerable To 226 Flaws (Bleepingcomputer.Com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.