Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Is Just Purchasing Cyber Security Tools Enough? Cyber Tip Tuesday Video
Is Just Purchasing Cyber Security Tools Enough? Cyber Tip Tuesday Video
Welcome to this week's Cyber Tip Tuesday - this week James talks about how purchasing security tools does not in itself increase security.
It’s fair to say that there are plenty of things you can do for little or no cost that will greatly decrease your attack surface or increase your security posture.
With the sheer number of products on offer promising a complete solution, it’s easy to fall in to the trap of wanting a quick fix for security.
However, simply purchasing a product is unlikely to offer any benefit without appropriate configuration or in many cases the expertise to interpret the output.
A good example is Microsoft 365 which offers many passive security features as well as some of the most accessible and competitive security tools on the market for businesses of all sizes.
However, in order to take advantage of these features they must first be configured and then maintained and monitored with oversight by a security specialist.
Security is not a tool or even a collection of tools but a mindset of deliberate and regular actions.
If you'd like to know more about how you can protect yourself or your company, contact us today.
Is Just Purchasing Cyber Security Tools Enough? Cyber Tip Tuesday Video
Welcome to this week's Cyber Tip Tuesday - this week James talks about how purchasing security tools does not in itself increase security.
It’s fair to say that there are plenty of things you can do for little or no cost that will greatly decrease your attack surface or increase your security posture.
With the sheer number of products on offer promising a complete solution, it’s easy to fall in to the trap of wanting a quick fix for security.
However, simply purchasing a product is unlikely to offer any benefit without appropriate configuration or in many cases the expertise to interpret the output.
A good example is Microsoft 365 which offers many passive security features as well as some of the most accessible and competitive security tools on the market for businesses of all sizes.
However, in order to take advantage of these features they must first be configured and then maintained and monitored with oversight by a security specialist.
Security is not a tool or even a collection of tools but a mindset of deliberate and regular actions.
If you'd like to know more about how you can protect yourself or your company, contact us today.
Is Just Purchasing Cyber Security Tools Enough? - Cyber Tip Tuesday
Welcome to this week's Black Arrow Cyber Tip Tuesday, this week James is talking about how purchasing security tools does not in itself increase security.
It’s fair to say that there are plenty of things you can do for little or no cost that will greatly decrease your attack surface or increase your security posture. With the sheer number of products on offer promising a complete solution, it’s easy to fall in to the trap of wanting a quick fix for security. However, simply purchasing a product is unlikely to offer any benefit without appropriate configuration or in many cases the expertise to interpret the output.
Welcome to this week's Black Arrow Cyber Tip Tuesday, this week James is talking about how purchasing security tools does not in itself increase security.
It’s fair to say that there are plenty of things you can do for little or no cost that will greatly decrease your attack surface or increase your security posture. With the sheer number of products on offer promising a complete solution, it’s easy to fall in to the trap of wanting a quick fix for security. However, simply purchasing a product is unlikely to offer any benefit without appropriate configuration or in many cases the expertise to interpret the output.
A good example is Microsoft 365 which offers many passive security features as well as some of the most accessible and competitive security tools on the market for businesses of all sizes. However, in order to take advantage of these features they must first be configured and then maintained and monitored with oversight by a security specialist.
Security is not a tool or even a collection of tools but a mindset of deliberate and regular actions.
If you'd like to know more about how you can protect yourself or your company, contact us today.
Black Arrow Cyber Threat Briefing 11 December 2020
Black Arrow Cyber Threat Briefing 11 December 2020: Cyber crime costs the world more than $1 trillion, 50% increase from 2018; One of the world's largest security firms breached; Chinese Breakthrough in Quantum Computing a Warning for Security Teams; Ransom payouts hit record-highs, surging 178% in a year; Ransomware Set to Continue to Evolve
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
Cyber crime costs the world more than $1 trillion, a 50% increase from 2018
Cyber crime costs the world economy more than $1 trillion, or just more than one percent of global GDP, which is up more than 50 percent from a 2018 study that put global losses at close to $600 billion. Beyond the global figure, the report also explored the damage reported beyond financial losses, finding 92 percent of companies felt effects beyond monetary losses.
https://www.helpnetsecurity.com/2020/12/07/cybercrime-costs-world/
FireEye, one of the world's largest security firms, discloses security breach
FireEye, one of the world largest security firms, said today it was hacked and that a "highly sophisticated threat actor" accessed its internal network and stole hacking tools FireEye uses to test the networks of its customers.
The firm said the threat actor also searched for information related to some of the company's government customers.
The attacker was described as a "highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack."
Chinese Breakthrough in Quantum Computing a Warning for Security Teams
China’s top quantum-computer researchers have reported that they have achieved quantum supremacy, i.e., the ability to perform tasks a traditional supercomputer cannot. And while it’s a thrilling development, the inevitable rise of quantum computing means security teams are one step closer to facing a threat more formidable than anything before.
https://threatpost.com/chinese-quantum-computing-warning-security/161935/
Ransom payouts hit record-highs, surging 178% in a year
Average ransom payouts increased by 178% in the third quarter of this year, from $84,000 (£63,000) to almost £234,000, compared with the year before. Ransomware payments reached record-highs in 2020 as employees shifted to remote working to curb the spread of the coronavirus pandemic, creating more attack vectors for hackers.
Ransomware Set for Evolution in Attack Capabilities in 2021
Ransomware is set to evolve into a greater threat in 2021 as service offerings and collaborations increase. The year turned out “different than predicted” and the shift to working from home also impacted the e-crime landscape. “This created an industrialization of e-crime groups and their abilities to extend from single groups into business pipelines”
https://www.infosecurity-magazine.com/news/ransomware-evolution-capabilities/
How Organisations Can Prevent Users from Using Breached Passwords
There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door?
https://thehackernews.com/2020/12/how-organizations-can-prevent-users.html
Threats
Ransomware
Hackers demand $34.7 million in Bitcoin after ransomware attack on Foxconn
Ransomware forces hosting provider Netgain to take down data centers
Ransomware-struck schools reject £1m demand from crims in timely reminder to always mind the air-gap
Phishing
IOT
Malware
Qbot malware switched to stealthy new Windows autostart method
Microsoft exposes Adrozek, malware that hijacks Chrome, Edge, and Firefox
Social media sharing icons could harbor info-stealing malware
All-new Windows 10 malware is excellent at evading detection
Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping
Vulnerabilities
Critical, Unpatched Bugs Open GE Radiological Devices to Remote Code Execution
Amnesia:33 vulnerabilities impact millions of smart and industrial devices
Expert discloses zero-click, wormable flaw in Microsoft Teams
Data Breaches
FireEye, one of the world's largest security firms, discloses security breach
Hackers leak data from Embraer, world's third-largest airplane maker
Threat Actors
Insider Threats
Other News
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.