Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week 

Half of Regulated Firms See Pandemic Spike in Financial Crime

Around half of firms in the financial services, property and legal sectors have reported rising levels of financial crime over the past 12 months, according to new data from an anti-money laundering (AML) specialist which polled 500 regulated businesses in the UK to better understand the levels of risk facing players in each vertical.

Overall, 48% of respondents said they’d seen a rise in financial crime, and a quarter (26%) admitted they’d been a victim of attacks. Legal firms, including conveyancers, experienced the most significant number of compromises, with a third (33%) saying they had been a victim of financial crime.

The sector is an increasingly attractive target for both state-backed and financially motivated cyber-criminals, given the wealth of sensitive client information that legal practices typically hold. https://www.infosecurity-magazine.com/news/half-firms-pandemic-spike/  

Large Ransom Demands And Password-Guessing Attacks Escalate

ESET released a report that summarizes key statistics from its detection systems and highlights notable examples of its cyber security research.

The latest issue of the report highlights several concerning trends that were recorded by ESET telemetry, including increasingly aggressive ransomware tactics, intensifying brute-force attacks, and deceptive phishing campaigns targeting people working from home who have gotten used to performing many administrative tasks remotely.

Ransomware, showing three major detection spikes during T2, saw the largest ransom demands to date. The attack shutting down the operations of Colonial Pipeline – the largest pipeline company in the US – and the supply-chain attack leveraging a vulnerability in the Kaseya VSA IT management software, sent shockwaves that were felt far beyond the cybersecurity industry. https://www.helpnetsecurity.com/2021/10/05/large-ransom-demands/

Malicious Hackers Are Exploiting Known Vulnerabilities Because Organizations Aren’t Quick Enough To Patch – Report

Organizations are urged to be more proactive when it comes to protecting against vulnerabilities, after a report found that malicious attackers routinely exploit unpatched systems.

The 2021 Trustwave SpiderLabs Telemetry Report, released this week, found that a huge number of companies are falling foul to cyber-attacks despite having ready access to suitable fixes.

This is happening because malicious actors are using Shodan to scan for networks that are exposed to known vulnerabilities and exploit them before the victim can apply the patch. https://portswigger.net/daily-swig/malicious-hackers-are-exploiting-known-vulnerabilities-because-organizations-arent-quick-enough-to-patch-report  

Ransomware: Cyber Criminals Are Still Exploiting These Old Vulnerabilities, So Patch Now

Some of the cyber security vulnerabilities most commonly exploited by cybercriminals to help distribute ransomware are years old -- but attackers are still able to take advantage of them because security updates aren't being applied.

Cybersecurity researchers at Qualys examined the Common Vulnerabilities and Exposures (CVEs) most used in ransomware attacks in recent years. They found that some of these vulnerabilities have been known for almost a decade and had vendor patches available. But because many organizations still haven't applied the available security updates, they remain vulnerable to ransomware attacks. https://www.zdnet.com/article/ransomware-cyber-criminals-are-still-exploiting-years-old-vulnerabilities-to-launch-attacks/

How Insurers Play a Big Role in Spurring Cyber Crime

Ransomware extracted $18 billion in payments last year, and it’s expected there will be an attack every 11 seconds by this year’s end, a problem that some security experts and academic researchers say is exacerbated by the system meant to protect against cybercrime: the insurance industry.

Organizations with cyber insurance are more than twice as likely to pay ransoms as those without, according to a global survey commissioned by UK-based cyber security and software firm Sophos of 1,823 companies, governments, health systems, and other organizations that had been hit by ransomware. This is one of the first times such data have been gathered that show the extent of the relationship between cyber insurance and ransomware payments. Critics say that relationship helps fuel a ransomware economy that the federal government estimates causes $445 billion in damages to the global economy every year. https://www.barrons.com/articles/ransomware-attack-cyber-insurance-industry-51633075202

Why Today’s Cyber Security Threats Are More Dangerous

Over the past two years, the rise of big-ticket ransomware attacks and revelations of harmful software supply chain infections have elevated cyber security to the top of governments’ and corporate agendas.

The opportunities for threat actors are growing faster than firms are able to mitigate them.

Unlike 20 years ago, when even extensive IT systems were comparatively standalone and straightforward, the interdependencies of systems now make dealing with and defending against threats a much more difficult proposition. The core problems being complexity and interdependence and neither are going away because that is what is providing organisations with the flexibility, functionality and all these other critical functions that they need. https://www.csoonline.com/article/3635097/why-today-s-cybersecurity-threats-are-more-dangerous.html

How Fraudsters Can Use The Forgotten Details Of Your Online Life To Reel You In

You may think you’ve been careful, but a determined scammer can probably find enough to manipulate you. https://www.theguardian.com/money/2021/oct/03/how-fraudsters-can-use-the-forgotten-details-of-your-online-life-to-reel-you-in  

One In Three IT Security Managers Don’t Have A Formal Cybersecurity Incident Response Plan

Regardless of industry, information security incidents have become more of a targeted threat for businesses, increasing in amount and efficacy, according to a new report.

Of all the security incidents identified by over 900 surveyed employees at U.S. businesses, the three most threatening incidents were: increasingly severe ransomware attacks, more effective phishing schemes, and rampant reusing of passwords.

·         Respondents reported phishing emails have nearly tripled in effectiveness over the past two years. Phishing emails are rapidly becoming more difficult to spot and thus far more destructive.

·         Over the past year, ransomware attacks have increased by 25%. Ransom demands were significantly higher than average for businesses in specific industries, such as banking and financial services and construction, with higher payouts.

·         The report found that password reuse is strongly associated with higher incidences of security breaches. Reported account takeovers were three times as common among people who reuse passwords as those who don’t.

Alarmingly, 23% of the IT security managers surveyed say their company doesn’t have protocols in place to report a suspected cyberattack and 33% don’t have a formal cybersecurity incident response plan. https://www.helpnetsecurity.com/2021/10/06/response-plan-cybersecurity/  

Cyber Security Best Practices Lagging, Despite People Being Aware Of The Risks

The National Cybersecurity Alliance and CybSafe announced the release of a report which polled 2,000 individuals across the U.S. and UK. The report examined key cybersecurity trends, attitudes, and behaviours ahead of Cybersecurity Awareness Month this month.

The daily headlines of data breaches and ransomware attacks is a testament to the problem getting worse, yet most people aren’t aware of the simple steps they can take to be a part of the solution. It’s critical to have a deeper understanding of both the challenges we face and the prevailing attitudes and behaviors among the public.

Too often people are forgotten in cybersecurity conversations and this is borne out by cyber crime being more common among Millenials and Gen Z, and the public not embracing cyber security best practices.

The report also found that many users had limited access to cyber training, with  64% of respondents having no access to cybersecurity training, while 27% of those who do have access choose not to use it. https://www.helpnetsecurity.com/2021/10/07/cybersecurity-best-practices-lagging/

Threats

Ransomware

• Ransomware: Cyber Criminals Are Still Exploiting These Old Vulnerabilities, So Patch Now | ZDNet

• Ransomware: Police Arrest Two In Operation Against 'Prolific' Gang That Targeted Big Businesses | ZDNet

• Revil Alone Accounts For A Significant Portion Of Q2 2021 Ransomware Attacks | Techspot

• Behind the Crypto Broker Accused of Enabling Ransomware Hackers - Bloomberg

• Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack – Sophos News

• US Ransomware Law Would Require Victims To Disclose Ransom Payments Within 48 Hours | ZDNet

• Ransomware Group FIN12 Aggressively Going After Healthcare Targets (thehackernews.com)

Other Social Engineering

• Smishing On The Rise - Infosecurity Magazine (Infosecurity-Magazine.Com)

Malware

• Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012 (thehackernews.com)

• 91.5% Of Malware Arrived Over Encrypted Connections During Q2 2021 - Help Net Security

IOT

• IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft | Threatpost

BYOD

• NCSC: Revoke Admin Access for BYOD Users Immediately - Infosecurity Magazine (infosecurity-magazine.com)

• BYOD Security Warning: You Can't Do Everything Securely With Just Personal Devices | ZDNet

Vulnerabilities

• Patch Apache HTTP Servers Now to Avoid Zero Day Exploit - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• The Telegraph Exposed A 10tb Database With Subscriber Data - Security Affairs

Cryptocurrency/Cryptojacking

• Hackers Rob Thousands Of Coinbase Customers Using MFA Flaw (Bleepingcomputer.Com)

Insider Threats

• Fired IT Admin Revenge-Hacks School By Wiping Data, Changing Passwords (Bleepingcomputer.Com)

Dark Web

• Over A Billion Facebook Users Have Data Sold On The Dark Web | Techradar

Nation State Actors

• Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users (thehackernews.com)

• Microsoft: 58% of Nation-State Cyber Attacks Come From Russia (darkreading.com)

• Google Warns 14,000 Gmail Users Targeted By Russian Hackers (Bleepingcomputer.Com)

• Solarwinds Hack Saw Russia Steal Us Anti-Spy Probe Details • The Register

• A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries (thehackernews.com)

• New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers (thehackernews.com)

• Iranian APT Targets Aerospace And Telecom Firms With Stealthy ShellClient Trojan | CSO Online

Cloud

• How Should Banks Grapple With Regulation When Crafting Their Cloud Strategy? (finextra.com) 

Reports Published in the Last Week

• Russian Cyber Attacks Pose Greater Risk To Governments And Other Insights From Microsoft’s Annual Report - Microsoft On The Issues 

Other News

• Patch Management Complexity Increased By Remote Work Is Putting Organizations At Risk - Help Net Security

• The Cyber Security Issues Organizations Deal With Remain Complex And Numerous - Help Net Security

• Security Experts Aghast At The Scale Of Twitch Hack: 'This Is As Bad As It Could Possibly Be' | PC Gamer

• Botnet Abuses TP-Link Routers For Years In SMS Messaging-As-A-Service Scheme - The Record By Recorded Future

• Company That Routes SMS For All Major US Carriers Was Hacked For Five Years | Ars Technica

• New £5 Billion GCHQ Digital Warfare Centre Capable Of 'Cyber Attacks' Set For Lancashire - Lancslive

• Superhero Passwords Pose Serious Risk to Personal, Enterprise Accounts | SecurityWeek.Com

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Gangs Made At Least $350 Million In 2020

Ransomware gangs made at least $350 million in ransom payments last year, in 2020, blockchain analysis. The figure was compiled by tracking transactions to blockchain addresses linked to ransomware attacks. Although Chainalysis possesses one of the most complete sets of data on cryptocurrency-related cybercrime, the company said its estimate was only a lower bound of the true total due.

https://www.zdnet.com/article/ransomware-gangs-made-at-least-350-million-in-2020/

Home Working Increases Cyber Security Fears

"We see tens of different hacking attacks every single week. It is never ending."A senior computer network manager says they are bombarded from all directions. "We see everything," he says. "Staff get emails sent to them pretending to be from the service desk, asking them to reset their log-in passwords. "We see workers being tricked into downloading viruses from hackers demanding ransoms, and we have even had employees sent WhatsApp messages pretending to be from the CEO, asking for money transfers.

https://www.bbc.co.uk/news/business-55824139

3.2 Billion Emails And Passwords Exposed Online

A whopping 3.2 billion password-username pairs are up for grabs in an unnamed online hacking forum. But don't panic — the data is nothing new. It's a compilation of stolen credentials from dozens of old data breaches, some going back ten years. That doesn't mean you shouldn't be aware that your old passwords are floating out there. Yes, your passwords, and ours too. Pretty much anyone who's ever created more than three online accounts has had a password compromised by now.

https://www.tomsguide.com/news/3-2-billion-passwords-leaked

Account Takeover Attacks Spiked In 2020

Occurring whenever a bad actor can steal login credentials and seize control of an online account, takeover attacks rose from 34% of fraud detected in 2019 to 54% by the end of December 2020. Other methods of fraud were blips on the radar compared to account takeovers: The next most popular method, at just 16% of detected fraud, was money laundering/mule transactions, followed by new account fraud (14%), and a mere 12% of instances used remote access or hacking tools to accomplish their goals.

https://www.techrepublic.com/article/account-takeover-attacks-spiked-in-2020-kaspersky-says/

30% Of “Solarwinds Hack” Victims Didn’t Actually Use Solarwinds

When security last week that it had been targeted by the same attacker that compromised SolarWinds' Orion software, it noted that the attack did not use SolarWinds itself. According to Malwarebytes, the attacker had used "another intrusion vector" to gain access to a limited subset of nearly a third of the organizations attacked had no direct connection to SolarWinds.

https://arstechnica.com/information-technology/2021/01/30-of-solarwinds-hack-victims-didnt-actually-use-solarwinds/

Data Leakage Attacks Saw Huge Rise In 2020

The number of data leakage incidents grew by an “unprecedented” rate in 2020, a new report from Imperva argues. Through online means alone, not counting leaks caused by lost hardware or word of mouth, Imperva researchers tracked a 93 percent rise. By the end of the year, Imperva had identified a total of 1.7 million leaks, with the the number growing even faster in the second half of the year. Between Q3 and Q4, there was a 47 percent increase.

https://www.itproportal.com/news/data-leakage-attacks-saw-huge-rise-in-2020/

Automated Tools Increasingly Used to Launch Cyber Attacks

Cyber-criminals are increasingly making use of automation and bots to launch attacks, according to a new analysis. revealed that over half (54%) of all cyber-attacks it blocked in November and December were web application attacks which involved the use of automated tools. The most prevalent form was fuzzing attacks, making up around one in five (19.5%). This uses automation to detect and exploit the points at which applications break. This was followed by injection attacks (12%), in which cyber-criminals make use of automation tools such as sqlmap to gain access to applications.

https://www.infosecurity-magazine.com/news/automated-tools-launch-cyber/

A Second SolarWinds Hack Deepens Third-Party Software Fears

It’s been more than two months since revelations that alleged Russia-backed hackers broke into the IT management firm SolarWinds and used that access to launch a massive software supply chain attack. It now appears that Russia was not alone; Reuters reports that suspected Chinese hackers independently exploited a different flaw in SolarWinds products last year at around the same time, apparently hitting the US Department of Agriculture's National Finance Center.

https://www.wired.com/story/solarwinds-hack-china-usda/

93% Of Workers Overshare Online, Causing Security Risks

Reveals just how much, and how often, people divulge about their lives online and how attackers take advantage of it. With insights from both professionals and hackers, the report explores how cybercriminals use an abundant and seemingly cheap resource — the personal information people share on social media and in out-of-office alerts — to craft social engineering attacks.

https://www.helpnetsecurity.com/2021/02/03/workers-overshare-online/

Is There A Widening Gulf Between You And Your Remote Workers? Yes – And It’s Security Shaped

It’s been almost a year since large parts of the workforce beat a hasty retreat from their offices, and began a mass experiment in working from home, often courtesy of Microsoft 365. And after 12 or so months, it’s safe to say that the case for productive remote working has been proved, and that many workers will continue to do so even when the all clear sounds. But is there a question as to whether remote working is as secure as the traditional, office bound, hard perimeter setup? Well, yes, and it’s fair to say the jury is still very much out.

https://www.theregister.com/2021/02/04/mind_the_security_gap_regcast/

Threats

Ransomware

• US Shipping Giant Loses $7.5m in Ransomware Attack

• Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again

• Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains

• 2021's First Big Ransomware Gang Launches Sleek and Bigoted 'Leak' Site

• UK Research and Innovation suffers ransomware attack

• Serco cyber attack: Belgian military and European Space Agency told 'no data compromised' despite hack

• Ransomware gangs now have industrial targets in their sights. That raises the stakes for everyone

Other Social Engineering

• Many of us are sharing too much information on social media

Malware

• Crypto malware targets Kubernetes clusters, say researchers

• This malware abuses Tor and Telegram infrastructure to evade detection

• Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET

• Experts discovered a new Trickbot module used for lateral movement

• Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection

Mobile

• Android Devices Prone to Botnet’s DDoS Onslaught

Vulnerabilities

• Google patches an actively exploited Chrome zero-day

• Five Critical Android Bugs Patched, Part of Feb. Security Bulletin

• Recent root-giving Sudo bug also impacts macOS

• SonicWall zero-day exploited in the wild

Data Breaches

• Security firm Stormshield discloses data breach, theft of source code

• Female escort review site data breach affects 470,000 members

• Over Three Million US Drivers Exposed in Data Breach

• Foxtons customer data leaked onto the dark web

Nation-State Actors

• Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers

Other News

• Google says it’s too easy for hackers to find new security flaws

• U.K. Arrest in ‘SMS Bandits’ Phishing Service

• Microsoft tracked a system sending a million malware emails a month. Here's what it discovered

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Two-Thirds of Employees Don’t Consider Security Whilst Home Working

More than two-thirds (68%) of UK workers do not consider the cyber security impact of working from home, according to a new study. The survey of 2043 employees in the UK demonstrated a lack of awareness about how to stay secure whilst working remotely, which is putting businesses at risk of attacks. The shift to home working as a result of COVID-19 means that staff in many organizations are operating across insecure devices and networks, providing opportunities for cyber-criminals.

https://www.infosecurity-magazine.com/news/two-thirds-employees-security-home/

Ransomware Gangs Scavenge for Sensitive Data by Targeting Top Executives

In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm’s management team. And one of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom.

https://www.tripwire.com/state-of-security/featured/ransomware-gangs-scavenge-sensitive-data-targeting-executives/

Microsoft emits 83 security fixes – and miscreants are already exploiting one of the vulnerabilities in Windows Defender

83 vulnerabilities in its software, which does not include the 13 flaws fixed in its Edge browser last week. That's up from 58 repairs made in December, 2020, a relatively light month by recent standards. Affected applications include: Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.

https://www.theregister.com/2021/01/12/patch_tuesday_fixes/

This Android malware claims to give hackers full control of your smartphone

The 'Rogue' remote administration tool (RAT) infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps in order to steal usernames and passwords, as well as financial data. The low cost of the malware reflects the increasing sophistication of the criminal ecosystem that is making it possible for wannabe crooks with limited technical skills to acquire the tools to stage attacks.

https://www.zdnet.com/article/this-android-malware-claims-to-give-hackers-full-control-of-your-smartphone/

Massive fraud campaign sees millions vanish from online bank accounts

Researchers have uncovered an extensive fraud campaign that saw millions of dollars drained from victims’ online bank accounts. The operation was discovered by experts at IBM Trusteer, the IT giant’s security division, who described the attack as unprecedented in scale. To gain access to online banking accounts, the fraudsters are said to have utilized a piece of software known as a mobile emulator, which creates a virtual clone of a smartphone.

https://www.techradar.com/uk/news/massive-fraud-campaign-sees-millions-vanish-from-online-bank-accounts

SolarWinds Hack Followed Years of Warnings of Weak Cyber Security

Congress and federal agencies have been slow or unwilling to address warnings about cyber security, shelving recommendations that are considered high priority while investing in programs that have fallen short. The massive cyber-attack by suspected Russian hackers, disclosed in December, came after years of warnings from a watchdog group and cyber security experts. For instance, the Cyberspace Solarium Commission, which was created by Congress to come up with strategies to thwart sizable cyber-attacks, presented a set of recommendations to Congress in March that included additional safeguards to ensure more trusted supply chains.

https://www.bloomberg.com/news/articles/2021-01-13/solarwinds-hack-followed-years-of-warnings-of-weak-cybersecurity

Threats

Ransomware

Hacker used ransomware to lock victims in their IoT chastity belt  

Ransomware Attack Costs Health Network $1.5m a Day

Dassault Falcon Jet reports data breach after ransomware attack

IOT

Cyber experts say advice from breached IoT device company Ubiquiti falls short

Phishing

Iranian cyber spies behind major Christmas SMS spear-phishing campaign

Malware

macOS malware used run-only AppleScripts to avoid detection for five years

Going Rogue – a Mastermind Behind Android Malware Returns with a New Remote Access Trojan (RAT)

Emotet Tops Malware Charts in December After Reboot

Vulnerabilities

Windows 10 bug corrupts your hard drive on seeing this file's icon

Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove

Adobe fixes critical code execution vulnerabilities in 2021's first major patch round

Data Breaches

Over 16,000 customers seeking compensation for British Airways data breach

New Zealand Central Bank Breach Hit Other Companies

Massive Parler data leak exposes millions of posts, messages and videos

Millions of Social Profiles Leaked by Chinese Data-Scrapers

Hackers leak stolen Pfizer COVID-19 vaccine data online

United Nations data breach exposed over 100k UNEP staff records

Organised Crime

Europol shuts down the world's largest dark web marketplace

Nation State Actors

Third malware strain discovered in SolarWinds supply chain attack

Privacy

Whatsapp Privacy Controversy Causes ‘Largest Digital Migration In Human History’, Telegram Boss Says As He Welcomes World Leaders

Reports Published in the Last Week

Microsoft Digital Defense Report

Other News

Nissan NA source code leaked due to default admin:admin credentials

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Ryuk gang estimated to have made more than $150 million from ransomware attacks

In a joint report published today, threat intel company Advanced Intelligence and cyber security firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed and linked to Ryuk ransomware attacks. "Ryuk receives a significant amount of their ransom payments from a well-known broker that makes payments on behalf of the ransomware victims," the two companies said. "These payments sometimes amount to millions of dollars and typically run in the hundreds of thousands range."

https://www.zdnet.com/article/ryuk-gang-estimated-to-have-made-more-than-150-million-from-ransomware-attacks/

China's APT hackers move to ransomware attacks

Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse.

https://www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/

SolarWinds hack: Amid hardened security, attackers seek softer targets

Reported theories by SolarWinds hack investigators that federal agencies and private companies were too busy focusing on election security to recognize vulnerabilities tied to the software supply chain are unfair and misleading. And yet, those same experts acknowledge that such accusations offer an important cyber security lesson for businesses: organizations must ensure that their entire attack surface receives attention.

https://www.scmagazine.com/home/solarwinds-hack/solarwinds-hack-amid-hardened-security-attackers-seek-softer-targets/

Hackney Council files including alleged passport documents leaked online after cyber attack

The council in East London was hit by what it described as a "serious cyber attack" in October. It reported itself to the data watchdog due to the risk criminals accessed staff and residents' data. The council said it was working with the UK's National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.

https://news.sky.com/story/hackney-council-files-including-alleged-passport-documents-leaked-online-after-cyber-attack-12181017

PayPal users targeted in new SMS phishing campaign

Now, at first glance the message may not seem all that suspicious since PayPal may, in fact, impose limits on sending and withdrawing money. The payment provider usually does so when it suspects that an account has been accessed by a third party without authorization, when it has detected high-risk activities on an account, or when a user has violated its Acceptable Use Policy. However, in this case it really is a case of SMS-borne phishing, also known as Smishing. If you click on the link, you will be redirected to a login phishing page that will request your access credentials. Should you proceed to “log in”, your credentials will be sent to the scammers behind the ruse and the fraudulent webpage will attempt to gather further information, including the full name, date of birth address, and bank details.

https://www.welivesecurity.com/2021/01/04/paypal-users-targeted-new-sms-phishing-campaign/

SolarWinds, top executives hit with class action lawsuit over Orion software breach

SolarWinds and some of its top executives have been hit with a class action lawsuit by stockholders, who allege the company lied and materially misled them about security practices leading up to a massive breach of its Orion management software that has reverberated throughout the public and private sector.

https://www.scmagazine.com/home/solarwinds-hack/solarwinds-top-executives-hit-with-class-action-lawsuit-over-orion-software-breach/

The rise of cyber-mercenaries poses a growing threat for both governments and companies

These days, 21st century mercenaries are as likely to be seated behind a computer screen, wreaking havoc for their paymasters’ enemies as slugging it out on a real-world battlefield. But the rapid rise of cyber-mercenaries - or Private Sector Offensive Actors (PSOAs) - is vexing some of the biggest names in the global technology industry, and for good reason. Globally, the cyber security industry is already vast, raking in an estimated $156bn in revenues in 2019. It is set to nearly double in size by 2027.

https://www.telegraph.co.uk/business/2021/01/07/privatisation-cyber-security-growing-threat-governments-companies/

Declutter Your Devices to Reduce Security Risks

Everyone should set aside time to review what they’ve installed on their various devices—typically apps, but that can also include games and addons. In fact, this should be an annual cleaning, at minimum.

You’re not just doing this because you want your device to look good. That’s one benefit you get from cleaning up your digital life, but it’s not the most important one. You’re also doing this to bolster your digital security. Yes, security.

https://lifehacker.com/declutter-your-devices-to-reduce-security-risks-1845991606

Threats

Ransomware

New Year, New Ransomware: Babuk Locker Targets Large Corporations

Phishing

This new phishing attack uses an odd lure to deliver Windows trojan malware

Facebook ads used to steal 615000+ credentials in a phishing campaign

Malware

North Korean hackers launch RokRat Trojan in campaigns against the South

Thousands infected by trojan that targets cryptocurrency users on Windows, Mac and Linux

A hacker’s predictions on enterprise malware risk

Vulnerabilities

Google Warns of Critical Android Remote Code Execution Bug

Hackers are actively exploiting this leading VPN, so patch now

Data Breaches

Hacker posts data of 10,000 American Express accounts for free

Vodafone's ho. Mobile admits data breach, 2.5m users impacted

The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on online.

T-Mobile data breach: ‘Malicious, unauthorized’ hack exposes customer call information
Exclusive Networks hit by cyberattack on New Year's Eve

Up to half a million victims of BA data breach could be eligible for compensation

Nation State Actors

Even Small Nations Have Jumped into the Cyber Espionage Game

Denial of Service

Ransom DDoS attacks target a Fortune Global 500 company

Privacy

Telegram feature exposes your precise address to hackers

Whatsapp Competitor Signal Stops Working Properly As Users Rush To Leave Over Privacy Update

Google Chrome browser privacy plan investigated in UK

Singapore police can access COVID-19 contact tracing data for criminal investigations

Other News

Feds Issue Recommendations for Maritime Cybersecurity

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.