Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
What are the different risk controls, an introduction - Cyber Tip Tuesday video
What are the different risk controls - an introduction - Cyber Tip Tuesday video
Cyber Tip Tuesday 10 December 2019 - Bruce talks about why charities need to think about cyber risk
Cyber Tip Tuesday 10 December 2019 - Bruce talks about why charities need to think about cyber risk
This week’s Tip Tuesday focuses on Charities and how cyber security affects them.
Charities can be an attractive target for cyber criminals who want to access charities' information or funds.
Unfortunately, charities often do not have the expertise to establish good cyber hygiene, but they still need to operate in the same connected world as commercial organisations with larger budgets.
If a charity experiences an attack, then ultimately it is the wider community that suffers.
That is why charities need to take appropriate steps to secure themselves against a cyber-attack.
Fortunately, many of the things that charities will benefit from doing can be achieved with little or no cost, and Black Arrow also provides pro bono advisory services to charities in Guernsey to show how this can be done.
Week in review 27 October 2019: gang posing as Russian Government hackers are extorting financial service companies, ransomware & mobile malware to surge in 2020, younger staff pose security risk
Week in review 27 October 2019: gang posing as Russian Government hackers are extorting financial service companies, ransomware & mobile malware to surge in 2020, younger staff pose security risk
Round up of the most significant open source stories of the last week
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
A criminal gang posing as Russian Government hackers are extorting companies in the financial services sector
Fake "Fancy Bear" group is demanding money from companies in the financial sector, threatening DDoS attacks
For the past week, a group of criminals has been launching DDoS attacks against companies in the financial sector and demanding ransom payments while posing as "Fancy Bear," the infamous hacking group associated with the Russian government, known for hacking the White House in 2014 and the DNC in 2016.
The group is launching large scale, multi-vector demo DDoS attacks when sending victims the ransom letter and demanding ransom payments of 2 bitcoin, which is about $15,000 at today's exchange rate.
Full article here: https://www.zdnet.com/article/a-ddos-gang-is-extorting-businesses-posing-as-russian-government-hackers/
Ransomware, Mobile Malware Attacks to Surge in 2020
Targeted ransomware, mobile malware and other attacks will surge, while companies will adopt AI, better cloud security and cyber insurance to help defend and protect against them.
Cyber threats like targeted ransomware, mobile malware and sophisticated phishing attacks will escalate in 2020, researchers warn.
However, defences like artificial intelligence (AI), cyber insurance and faster security response will also increase, helping defend companies against imminent threats, according to new predictions by Check Point Software.
Check Point outlined “key security and related trends” it expects to see in 2020 in a blog post Wednesday, including a series of technology trends that can both be used to attack systems and mitigate against threats. Some of the predictions are for technologies that have already both surged in popularity and increased in sophistication this year, including targeted ransomware and phishing attacks that go beyond email.
Read the full article on ThreatPost here: https://threatpost.com/ransomware-mobile-malware-attacks-to-surge-in-2020/149539/
Mobile malware may be the greatest security threat around
BlackBerry uncovers new mobile threats and actors targeting various industries
Mobile malware is more prevalent and popular that first thought and researchers are only now learning just how much it is in use for surveillance and espionage campaigns. In reality, there are many active actors and advanced persistent threats we never knew existed.
Blackberry’s new report, called Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform, says the company’s researchers identified three new advanced persistent threat campaigns, originating mostly in China, Iran, North Korea and Vietnam, which leveraged mobile malware, in combination with desktop malware.
The end goal is cyber-espionage and intelligence gathering, mostly for economic and political objectives.
Full article here: https://www.itproportal.com/news/mobile-malware-may-be-the-greatest-security-threat-around/
Phishing attacks are a complex problem that requires layered solutions
Most cyber attacks start with a social engineering attempt and, more often than not, it takes the form of a phishing email.
It’s easy to understand the popularity of phishing as an attack vector of choice: phishing campaigns are relatively inexpensive (money and time-wise), yet are often very successful. Attackers don’t need to create or buy technical exploits that may or may not work – instead, they exploit what they can always count on: users’ emotions, fears, desires, and the fact that, despite knowing better, it only takes a moment of inattention to make a mistake.
Cybercriminals play on users’ expectations of trust in email communications, and the human instinct – despite training and warnings to the contrary – to click on malicious links, give away credentials or even install malware and ransomware on endpoint devices. The reality is that people are always soft targets, and social engineering and phishing attacks are outpacing legacy technologies and training-only solutions.
More info here: https://www.helpnetsecurity.com/2019/10/24/phishing-attacks-solutions/
Younger workers could be putting your security at risk
They're bigger risk takers and aren't as security-conscious as their older colleagues.
One might think that the younger generation, those that have grown up surrounded by technology, would be more conscious about the dangers lurking in the internet's depths, and would have adopted cybersecurity best practices from an early age.
The truth is quite different, at least according to NTT's new report about cybersecurity in the workplace. The report says that employees over the age of 30 generally score better when it comes to securing their data and services, compared to those below the age of 30.
The argument is that the older generation has spent more time at the office and has thus acquired “digital DNA”.
Read the full article here: https://www.itproportal.com/news/younger-workers-could-be-putting-your-security-at-risk/
More Companies Adopt Multi Factor Authentication (MFA), but It’s Still Not Enough
Organisations face ever-increasing threats, and password security is paramount. But employees don’t usually use robust password protocols or multi-factor authentication to secure valuable information.
A survey from LogMeIn, which makes the LastPass password manager, shows that the number of companies adopting a multi-factor authentication (MFA) solution is on the rise, with 57% of businesses choosing MFA in 2018, compared with 45% in 2017.
94% of employees chose a smartphone for MFA, while only 4% opted for a hardware-based solution and just 1% wanted biometrics. The trend is set by the abundant availability of smartphones, as opposed to the rest of the options.
Although MFA is used widely, it’s not uniformly distributed across the globe, with some countries leading the change, a few of them by considerable margins. First place is occupied by Denmark, with a 46% adoption rate, followed by the Netherlands with 41% and Switzerland with 38%. The United States is somewhere in the middle, with 28% adoption. Last place is taken by Italy, with only 20%.
More here: https://securityboulevard.com/2019/10/more-companies-adopt-mfa-but-its-still-not-enough/
Amazon’s AWS Hit by DDoS Attack – Google Cloud Issues Unrelated
Google Cloud also faced issues in a separate incident
AWS was hit by a sustained DDoS attack earlier this week, which appears to have lasted some eight hours. The incident hit several different services and raises many questions about the nature of the attack and about AWS’s own DDoS mitigation service, “Shield Advanced”.
Google Cloud Platform (GCP) had a range of issues at a similar time. The two are not understood to be linked. In a status update GCP cited interruptions to multiple different Google cloud services at a similar time although a Google spokesperson stated the service disruptions were unrelated to any kind of DDoS attempt.
Motive doesn't matter: The three types of insider threats
In information security, outside threats can get the lion's share of attention. Insider threats to data security, though, can be more dangerous and harder to detect because they are strengthened by enhanced knowledge and/or access.
Not only is it vital, therefore, to distinguish and prepare for insider threats, but it is just as vital to distinguish between different types of insider threats. A lot has been written about the different profiles for insider threats and inside attackers, but most pundits in this area focus on insider motive. Motive, however, doesn't matter. A threat is a threat, a breach is a breach. A vulnerability that can be exploited by one party for profit can be exploited by another for pleasure, by another for country, and so on. Instead of analyzing motives and reasons, it is far more useful to compare insider threats by action and intent.
Insider threats come in three flavors:
Compromised users,
Malicious users, and
Careless users.
Get the full breakdown of the three types here: https://betanews.com/2019/10/21/3-types-of-insider-threats/