Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Volumes Hit Record Highs As 2021 Wears On

Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020.

https://threatpost.com/ransomware-volumes-record-highs-2021/168327/

Ransomware Gangs Recruiting Insiders To Breach Corporate Networks

The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims' networks and encrypt devices. Any ransom payments that victims make are then split between the core group and the affiliate, with the affiliate usually receiving 70-80% of the total amount. However, in many cases, the affiliates purchase access to networks from other third-party pentesters rather than breaching the company themselves. With LockBit 2.0, the ransomware gang is trying to remove the middleman and instead recruit insiders to provide them access to a corporate network.

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/

More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021

Two new reports were released, covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the number of vulnerabilities disclosed.  The company's data breach report found that there were 1,767 publicly reported breaches in the first six months of 2021, a 24% decline compared to the same period last year. The number of reported breaches grew in the US by 1.5% while 18.8 billion records were exposed year to date, a 32% decline compared to the 27.8 billion records leaked in the first half of 2020.

https://www.zdnet.com/article/more-than-12500-vulnerabilities-disclosed-in-first-half-of-2021-risk-based-security/

New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies

Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.

DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organisations that do not want to manage and secure yet another network asset on their own.

These DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration.

https://www.bleepingcomputer.com/news/security/new-dns-vulnerability-allows-nation-state-level-spying-on-companies/

Constant Review Of Third Party Security Critical As Ransomware Threat Climbs

Enterprises typically would give their third-party suppliers "the keys to their castle" after carrying out the usual checks on the vendor's track history and systems, according to a New York-based Forrester analyst who focuses on security and risk. They believed they had done their due diligence before establishing a relationship with the supplier, but they failed to understand that they should be conducting reviews on a regular basis, especially with their critical systems suppliers. Third-party suppliers should have the ability to deal with irregular activities in their systems and the appropriate security architecture in place to prevent any downstream effects, he added.

https://www.zdnet.com/article/constant-review-of-third-party-security-critical-as-ransomware-threat-climbs/

Kaseya Ransomware Attack Sets Off Race To Hack Service Providers

A ransomware attack in July that paralyzed as many as 1,500 organisations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said. An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said. Now that criminals see how powerful MSP attacks can be, "they are already busy, they have already moved on and we don’t know where," said head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.

https://www.reuters.com/technology/kaseya-ransomware-attack-sets-off-race-hack-service-providers-researchers-2021-08-03/

‘It’s Quite Feasible To Start A War’: Just How Dangerous Are Ransomware Hackers?

Secretive gangs are hacking the computers of governments, firms, even hospitals, and demanding huge sums. But if we pay these ransoms, are we creating a ticking time bomb? They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.

https://www.theguardian.com/technology/2021/aug/01/crypto-criminals-hack-the-computer-systems-of-governments-firms-even-hospitals

Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects

A joint advisory from law enforcement agencies in the US, UK, and Australia this week tallied the 30 most-frequently exploited vulnerabilities. Perhaps not surprisingly, the list includes a preponderance of flaws that were disclosed years ago; everything on the list has a patch available for whoever wants to install it. But as we've written about time and again, many companies are slow to push updates through for all kinds of reasons, whether it's a matter of resources, know-how, or an unwillingness to accommodate the downtime often necessary for a software refresh. Given how many of these vulnerabilities can cause remote code execution—you don't want this—hopefully they'll start to make patching more of a priority.

https://www.wired.com/story/top-vulnerabilities-russia-nso-group-iran-security-news/

Average Total Cost Of A Data Breach Increased By Nearly 10% Year Over Year

Based on in-depth analysis of real-world data breaches experienced by over 500 organisations, the global study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year. Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic. The new findings suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.

https://www.helpnetsecurity.com/2021/07/29/total-cost-data-breach/

65% Of All DDoS Attacks Target US And UK

Distributed denial of service (DDoS) attacks are common for cyber criminals who want to disrupt online-dependent businesses. According to the data analysed by a VPN team, 65% of all distributed denial of service (DDoS) attacks are directed at the US or UK. Computers and the internet industry are the favourite among cyber criminals. The United States was a target for 35% of all DDoS attacks in June 2021. Cyber criminals launched DDoS attacks against Amazon Web Services, Google, and other prominent US-based companies in the past. The United Kingdom comes second as it fell victim to 29% of all DDoS attacks. As the UK has many huge businesses, they often are targeted by hackers for valuable data or even a ransom. China was threatened by 18% of all DDoS attacks in June 2021. Assaults from and to China happen primarily due to political reasons, to interrupt some government agency.

https://www.pcr-online.biz/2021/08/05/65-of-all-ddos-attacks-target-us-and-uk/

Threats

Ransomware

• Ransomware Attempt Volume Sets Record, Reaches More Than 300 Million For First Half Of 2021: SonicWall

• Ransomware Attacks Rise Despite US Call For Clampdown On Cyber Criminals

• Isle Of Wight Schools Hit By Ransomware Attack

• BlackMatter Ransomware Gang Rises From The Ashes Of DarkSide, Revil

• Criminals Are Using Call Centres To Spread Ransomware In A Crafty Scheme

Phishing

• Phishing Campaign Dangles SharePoint File-Shares

• Microsoft Warns Office 365 Users Over This Sneaky Phishing Campaign

• Spear Phishing Now Targets Employees Outside The Finance And Executive Teams, Report Says

Other Social Engineering

• Bazarcaller – The Malware Gang That Talks You Into Infecting Yourself

Malware

• A Wide Range Of Cyber Attacks Leveraging Prometheus TDS Malware Service

• Several Malware Families Targeting IIS Web Servers With Malicious Modules

• Cyber Criminals Spoof Brave Browser Website To Push Malware

• Microsoft: This Windows And Linux Malware Does Everything It Can To Stay On Your Network

• Discord Once Again Found To Be Hosting Malware Payloads

Mobile

• An Explosive Spyware Report Shows Limits Of IOS, Android Security

• This Android Malware Steals Your Data In The Most Devious Way

• The Latest Android Bank-Fraud Malware Uses A Clever Tactic To Steal Credentials

Vulnerabilities

• Code Execution Flaw Found In Cisco Firepower Device Manager On-Box Software

• Cisco Issues Critical Security Patches To Fix Small Business VPN Router Bugs

• Decade-Long Vulnerability In Multiple Routers Could Allow Network Compromise

• Security Researchers Warn Of TCP/IP Stack Flaws In Operational Technology Devices

• PwnedPiper PTS Security Flaws Threaten 80% of Hospitals In The U.S.

• Researchers Highlight Windows Laptop TPM Vulnerabilities

Data Breaches

• Threat Actors Leaked Data Stolen From EA, Including FIFA Code

• Hackers Breach San Diego Hospital, Gaining Access To Patients'... Well, Uh, Everything

• Amazon Fined $886M For Alleged Data Breach

OT, ICS, IIoT and SCADA

• Novel Meteor Wiper Used In Attack That Crippled Iranian Train System

Organised Crime & Criminal Actors

• Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown

Cryptocurrency/Cryptojacking

• Raccoon Stealer-As-A-Service Will Now Try To Grab Your Crypto Currency

Supply Chain

• Supply Chain Attacks Are Getting Worse, And You Are Not Ready For Them

Nation State Actors

• Here's 30 Servers Russian Intelligence Uses To Fling Malware At The West, Beams RiskIQ

• Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus

• New Chinese Spyware Being Used In Widespread Cyber Espionage Attacks

• Suspected Chinese Hackers Took Advantage Of Microsoft Exchange Vulnerability To Steal Call Records

• Iranian APT Lures Defense Contractor In Catfishing-Malware Scam

• Chinese Hackers Target Major Southeast Asian Telecom Companies

Cloud

• The Rise Of Cloud Is Creating Security Blind Spots

Reports Published in the Last Week

• APT Trends Report Q2 2021

• Spam and Phishing in Q2 2021

Other News

• It's Time To Improve Linux's Security

• Leaked Document Says Google Fired Dozens Of Employees For Data Misuse

• Hybrid Work Is Here To Stay – But What Does That Mean For Cyber Security?

• Huawei To America: You're Not Taking Cyber Security Seriously Until You Let China Vouch For Us

• Windows 11's Strict Hardware Requirements Cannot Be Bypassed, Microsoft Admits, "We Know It Sucks... We Will Still Block You"

• Trusted Platform Module Security Defeated In 30 Minutes, No Soldering Required

• NSA Warns Public Networks Are Hacker Hotbeds

• Credit-Card-Stealing, Backdoored Packages Found In Python's PyPi Library Hub

• Apple Plans To Scan US IPhones For Child Abuse Imagery

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Workers Ignore Security Risks To Maximize Productivity

A large proportion of employees often take shortcuts to optimize productivity at work, despite understanding the security risks, new data suggests. According to a survey which polled 8,000 workers worldwide, almost four in five (79%) have engaged in one or more “risky activity” in the past twelve months. In a third of cases (35%), this involved saving passwords to their browser. A similar percentage admitted to using a single password across multiple online accounts, while 23% connected personal devices to corporate networks.

https://www.itproportal.com/news/many-workers-ignore-security-risks-to-maximize-productivity/

Financial Services Accounting For Nearly 40% Of All Phishing URLs

A report was released for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected for June alone. For this 6-month window researchers identified Crédit Agricole as the most impersonated brand, with 17,555 unique phishing URLs, followed by Facebook, with 17,338, and Microsoft, with 12,777.

https://www.helpnetsecurity.com/2021/07/22/financial-services-phishing/

Half Of Organisations Are Ineffective At Countering Phishing And Ransomware Threats

Half of organisations are not effective at countering phishing and ransomware threats. The findings come from a study compiled from interviews with 130 cyber security professionals in mid-sized and large organisations. “Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,”. “Organisations need multi-layered defences in place to mitigate these risks.”

https://www.helpnetsecurity.com/2021/07/19/countering-phishing-and-ransomware/

36% Of Organisations Suffered A Serious Cloud Security Data Leak Or A Breach In The Past Year

As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks—and the costs of addressing them—are increasing. The findings are part of the State of Cloud Security 2021 survey. The survey of 300 cloud pros (including cloud engineers; security engineers; DevOps; architects) found that 36% of organisations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they’re vulnerable to a major data breach related to cloud misconfiguration. 64% say the problem will get worse or remain unchanged over the next year.

https://www.helpnetsecurity.com/2021/07/27/cloud-security-data-leak/

HP Finds 75% Of Threats Were Delivered By Email In First Six Months Of 2021

According to the latest HP Report, email is still the most popular way for malware and other threats to be delivered, with more than 75% of threats being sent through email messages.  The report -- covering the first half of 2021 -- is compiled based on customers who opt to share their threat alerts with the company. HP's researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools can solve CAPTCHA challenges using computer vision techniques.

https://www.zdnet.com/article/hp-finds-75-of-threats-were-delivered-by-email-in-first-six-months-of-2021/

Data Breach Costs Hit Record High Due To Pandemic

Data breaches have always proved costly for victimized organisations. But the coronavirus pandemic made a bad situation even worse. A report released Wednesday looks at how and why the average cost of dealing with a data breach has jumped to a new high. The average cost of a data breach among companies surveyed reached $4.24 million per incident, the highest in 17 years.

https://www.techrepublic.com/article/data-breach-costs-hit-record-high-due-to-pandemic/

Top 30 Critical Security Vulnerabilities Most Exploited By Hackers

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors can swiftly weaponize publicly disclosed flaws to their advantage. The top 30 vulnerabilities span a wide range of software, including remote work, virtual private networks (VPNs), and cloud-based technologies, that cover a broad spectrum of products from Microsoft, VMware, Pulse Secure, Fortinet, Accellion, Citrix, F5 Big IP, Atlassian, and Drupal.

https://thehackernews.com/2021/07/top-30-critical-security.html

Average Time To Fix High Severity Vulnerabilities Grows From 197 Days To 246 Days In 6 Months: Report

A recent report has found that the remediation rate for severe vulnerabilities is on the decline, while the average time to fix is on the rise. The report, which is compiled monthly, covers window of exposure, vulnerability by class and time to fix. The latest report found that the window of exposure for applications has increased over the last six months while the top-5 vulnerability classes by prevalence remain constant, which the researchers behind the report said was a "systematic failure to address these well-known vulnerabilities." According to researchers, the time to fix vulnerabilities has dropped 3 days, from 205 days to 202 days. The average time to fix is 202 days, the report found, representing an increase from 197 days at the beginning of the year. The average time to fix for high vulnerabilities grew from 194 days at the beginning of the year to 246 days at the end of June.

https://www.zdnet.com/article/average-time-to-fix-high-vulnerabilities-grows-from-197-days-to-246-days-in-6-months-report/

Why Remote Working Leaves Us Vulnerable To Cyber Attacks

An industry survey found 56% of senior IT technicians believe their employees have picked up bad cyber security habits while working from home. For Example. A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack - US Independence Day, 4 July. They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers. Many firms were forced into a costly downtime period as a result. Among those targeted during the incident was a well-known software provider, Kaseya. REvil used Kaseya as a conduit to spread its ransomware - a malware that can scramble and steal an organisation's computer data - through other corporate and cloud-based networks that use the software.

https://www.bbc.co.uk/news/business-57847652

Stop Mitigating Cyber Security Threats And Start Preventing Them

The impacts of a successful cyber attack can be devastating. Through multiple forms of extortion, criminals can use stolen data and other business-critical assets, including sensitive financial and customer data to hold companies hostage with just one campaign. The average cost of a phishing attack last year was $832,500, with zero-day attacks costing around $1,238,000. Spending this amount of money to recover from a cyber attack could bring a company to its knees. Today’s cyber attacks present very real existential threats to businesses and C-level executives are beginning to fully realize the gravity of these threats. It is critical that organizations invest in solutions that are going to help stop these attackers before they enter their environments.

https://www.itproportal.com/features/stop-mitigating-cybersecurity-threats-and-start-preventing-them/

Threats

Ransomware

• Babuk Ransomware Decryptor Causes Encryption 'Beyond Repair'

• Ransomware Can Penetrate Quickly, Significantly Damaging An Organisation

• BlackMatter Ransomware Targets Companies With Revenue Of $100 Million And More

• LockBit Ransomware Now Encrypts Windows Domains Using Group Policies

• FBI Tracking More Than 100 Active Ransomware Groups

• The World's Top Ransomware Gangs Have created A cyber Crime "Cartel"

Social Engineering

• Average Organisation Targeted By Over 700 Social Engineering Attacks Each Year: Report

• These Hackers Built An Elaborate Online Profile To Fool Their Targets Into Downloading Malware

• FIN7’s Liquor Lure Compromises Law Firm With Backdoor

Malware

• Cisco Researchers Spotlight Solarmarker Malware

• Hackers Exploit Microsoft Browser Bug To Deploy VBA Malware On Targeted PCs

• Some Windows 11 Installers Infect Your PC With Malware

• Microsoft Warns Of LemonDuck Malware Targeting Windows and Linux Systems

• Discord CDN And API Abuses Drive Wave Of Malware Detections

• Japanese Computers Hit By A Wiper Malware Ahead Of 2021 Tokyo Olympics

Mobile

• New Android Malware Uses VNC To Spy And Steal Passwords From Victims

• UBEL Is The New Oscorp — Android Credential Stealing Malware Active In The Wild

Vulnerabilities

• Microsoft Warns Of Credential Stealing NTLM Relay Attacks Against Windows Domain Controllers

• VPN Servers Seized By Ukrainian Authorities Weren’t Encrypted

• Web Applications Have Become A Security Liability

• Hackers Have Found Yet Another Way To Attack Kubernetes Clusters

• Windows 10 Printer Problems Persist Following Latest Security Update

• Microsoft Rushes Fix For ‘PetitPotam’ Attack PoC

• Apple Releases Urgent 0-Day Bug Patch For Mac, iPhone And iPad Devices

• Researchers Warn Of Unpatched Kaseya Unitrends Backup Vulnerabilities

• New Linux Kernel Bug Lets You Get Root On Most Modern Distros

• Dozens Of Web Apps Vulnerable To DNS Cache Poisoning Via ‘Forgot Password’ Feature

• Nasty MacOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Data Breaches

• Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable In Massive Data Breach

• Gun Owners' Fears After Firearms Dealer Data Breach

Organised Crime & Criminal Actors

• Threat Actor Offers Clubhouse Secret Database Containing 3.8b Phone Numbers

• Number Of Hacking Tools Increasing As Cyber Criminals Become More Organised

Dark Web

• How The Dark Web Enables Access To Corporate Networks

Supply Chain

• Kaseya Denies Paying Ransom For Decryptor, Refuses Comment On NDA

DoS/DDoS

• DSoS Attacks Are Up, With Ever-Greater Network Impact

Nation State Actors

• Chinese Hackers Implant PlugX Variant On Compromised MS Exchange Servers

• APT Group Hits IIS Web Servers With Deserialization Flaws And Memory-Resident Malware

Privacy

• Behind The Mercenary Spyware Industry

Reports Published in the Last Week

• DDoS Attack Trends For 2021 Q2

• Spear Phishing: Top Threats And Trends Volume 6

Other News

• PunkSpider—The Search Engine For Web Exploits—Rises From the Dead

• Biden Warns A ‘Real Shooting War’ Could Come From Cyber Breach

• Hackers Turning To 'Exotic' Programming Languages For Malware Development

• Discord Is Now An Essential Tool For Hackers

• Research Roadblock? Security Pros Weigh In On China’s New Vulnerability Disclosure Law

• For Hackers, Space Is The Final Frontier

• A DNS Outage Just Took Down A Large Chunk Of The Internet

• Ireland Sees Biggest Rise In Cyber Security Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise

In early May, global insurer AXA made a landmark policy decision: The company would stop reimbursing French companies for ransomware payments to cyber criminals. The decision, which reportedly came after French authorities questioned whether the practice had fuelled the current epidemic in ransomware attacks, may be just the beginning of a general retreat that will force companies to reconsider their attempts to outsource cyber-risk to insurance firms. Already, the massive damages from one damaging crypto worm, NotPetya, caused multiple lawsuits when insurers refused to pay out on cyber insurance claims.

https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109

Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack

The cyber attack on IT systems in the health service will cost it at least €100 million, according to chief executive Paul Reid. This is at the lower end of estimates of the total cost, he indicated, and includes the cost of restoring the network, upgrading systems to Microsoft 365 and the disruption caused to patients. Appointments for about 7,000 patients a day are being cancelled, almost two weeks after a criminal gang hacked the HSE systems. Mr Reid said the HSE was keen to see an independent and objective assessment of the cyber attack.

https://www.irishtimes.com/news/health/cyberattack-hse-faces-final-bill-of-at-least-100m-1.4577076

Ransomware: Dramatic Increase In Attacks Is Causing Harm On A Significant Scale

A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK's National Crime Agency (NCA) has warned. The NCA's annual National Strategic Assessment (NSA) of Serious and Organised Crime details how the overall threat from cyber crime has increased during the past year, with more severe and high-profile attacks against victims. Ransomware attacks have grown in frequency and impact over the course of the last year, to such an extent that they rank alongside other major crimes "causing harm to our citizens and communities on a significant scale," warns the report.

https://www.zdnet.com/article/ransomware-dramatic-increase-in-attacks-is-causing-harm-on-a-significant-scale/

Deepfakes Could Be The Next Big Security Threat To Businesses

An overwhelming majority of businesses say that manipulated online content and media such as deepfakes are a serious security risk to their organisation. Deepfakes have already been shown to pose a threat to people portrayed in the manipulated videos, and could have serious repercussions when the individual holds a position of importance, be it as a leader of a country, or a leader of an enterprise. Earlier in 2021, the FBI’s cyber division warned that deepfakes are a critical emerging threat that can be used in all manners of social engineering attacks including ones aimed at businesses.

https://www.techradar.com/news/deepfakes-could-be-the-next-big-security-threat-to-businesses

Ransomware: Two-Thirds Of Organisations Say They'll Take Action To Boost Their Defences

The severe disruption caused by the Colonial Pipeline ransomware attack has alerted organisations to the need to bolster their defences against cyber attacks – and two-thirds are set to take actions required to prevent them becoming another ransomware victim following the incident. The ransomware attack against Colonial Pipeline – one of the largest pipeline operators in the United States, providing almost half of the East Coast's fuel – caused disruption to operations and led to gas shortages, demonstrating how cyber attacks can have physical consequences.

https://www.zdnet.com/article/ransomware-two-thirds-of-organisations-say-theyll-take-action-to-boost-their-defences/

The 10 Most Dangerous Cyber Threat Actors

When hacking began many decades ago, it was mostly the work of enthusiasts fuelled by their passion for learning everything they could about computers and networks. Today, nation-state actors are developing increasingly sophisticated cyber espionage tools, while cyber criminals are cashing in millions of dollars targeting everything from Fortune 500 companies to hospitals. Cyber attacks have never been more complex, more profitable, and perhaps even more baffling. At times, drawing clear lines between different kinds of activities is a challenging task. Nation-states sometimes partner with each other for a common goal, and sometimes they even appear to be working in tandem with cyber criminal gangs.

https://www.csoonline.com/article/3619011/the-10-most-dangerous-cyber-threat-actors.html

Cyber Security Leaders Lacking Basic Cyber Hygiene

Constella Intelligence released the results of a survey that unlocks the behaviours and tendencies that characterize how vigilant organisations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge. The findings from the survey, which polled over 100 global cyber security leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications, revealed that 57% have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%).

https://www.helpnetsecurity.com/2021/05/26/cybersecurity-leaders-cyber-hygiene/

Watch Out: Crypto Jacking Is On The Rise Again

During the last year, though, malicious crypto mining has seen a resurgence, with NTT’s 2021 Global Threat Intelligence Report, published this month, revealing that crypto miners have now overtaken spyware as the world’s most common malware. Crypto miners, says NTT, made up 41% of all detected malware in 2020, and were most widely found in Europe, the Middle East, Africa, and the Americas. The most common coinminer variant was XMRig, which infects a user’s computer to mine Monero, accounting for 82% of all mining activity. Others included Crypto miner and XMR-Stack.

https://cybernews.com/security/watch-out-cryptojacking-is-on-the-rise-again/

Threats

Ransomware

• Ransomware Attacks Are Becoming More Common – How Do We Stop Them?

• Ryuk Ransomware Operators Shift Tactics To Target Victims

• Bose Confirms Ransomware Attack That Exposed Employee Data

• Russian To Be Deported After Failed Tesla Ransomware Plot

• Ransomware Attack Halts Child Protection Court Cases

• FBI Warns Of Conti Ransomware Attacks Against Healthcare Organisations

• HSE Cyber Attack Has Had ‘Devastating Impact’, Cancer Services Director Says

Phishing

• Financial Spear-Phishing Campaigns Pushing RATs

• This Massive Phishing Campaign Delivers Password-Stealing Malware Disguised As Ransomware

Other Social Engineering

• NatWest Launches 'Urgent' Crypto Currency Scam Alert

• Eight Men Arrested Over Royal Mail Delivery Scam Texts

• Fake Amazon Order Emails Lead To Vishing

Malware

• This Fake Streaming Service Will Spread Malware

• This Ransomware-Spreading Malware Botnet Just Will Not Go Away

Mobile

• New Malware Plunders Dutch Android Users’ Bank Accounts

IOT

• Hackers Can Use Smart Plugs To Break Into Your Home Network

Vulnerabilities

• VMware Sounds Ransomware Alarm Over Critical Severity Bug

• Trend Micro Bugs Threaten Home Network Security

• Digging Into A Ubiquiti Firmware Update Bug

• “Unpatchable” Vuln In Apple’s New MAC Chip – What You Need To Know

• PDF Feature ‘Certified’ Widely Vulnerable To Attack

• SonicWall urges customers to 'immediately' patch NSM On-Prem bug

• FBI Issues Warning About Fortinet Vulnerabilities After Apt Group Hacks Local Gov’t Office

• Restaurant Reservation System Patches Easy-To-Exploit XSS Bug

• Bluetooth Flaws Allow Attackers To Impersonate Legitimate Devices

Data Breaches

• UK Police Suffered Thousands Of Data Breaches In 2020

• Air India Cyber Attack: Personal Data Of Over 4.5 Million Passengers Leaked

Organised Crime & Criminal Actors

• ‘Privateer’ Threat Actors Emerge From Cyber Crime Swamp

Cryptocurrency

• Crypto Currency Crackdown Will not Stop Ransomware, CISA Official Says

• Watch Out: Crypto Jacking Is On The Rise Again

• Bitcoin Mine Found Stealing Electricity

Dark Web

• French Authorities Seize Their Third Dark Web Marketplace

OT, ICS, IIoT and SCADA

• Cyber Attacks On Operational Technology Are On The Rise

• UK Prepares For Ransomware Attacks On Pipelines

Nation State Actors

• Threat Actor ‘Agrius’ Emerges To Launch Wiper Attacks Against Israeli Targets

• Russian Group Behind SolarWinds Spy Campaign Conduct New Cyber Attacks

• Belgium Uproots Cyber Espionage Campaign With Suspected Ties To China

Privacy

• Employers Are Watching Remote Workers And They Are Monitoring These Activities

• GCHQ’s Mass Data Interception Violated Right To Privacy, Court Rules

• Amazon Devices Will Soon Automatically Share Your Internet With Neighbours

Reports Published in the Last Week

• Report: Cloud Security Breaches Surpass On-Prem Ones For The First Time

Other News

• Enemy Hackers Target NATO With Constant Cyber Attacks

• Security Is An Architectural Issue: Why The Principles Of Zero Trust And Least Privilege Matter So Much Right Now

• GDPR Is Being Used As A Bureaucratic Dodge To Avoid Public Scrutiny

• UK Universities To Be Offered Advice On National Security Threats

• How Hacking Became A Professional Service In Russia

• A Chinese Hacking Competition May Have Given Beijing New Ways To Spy On The Uyghurs

• 'Did Weak WiFi Password Lead The Police To Our Door?'

• How Much Economic Damage Would Be Done If A Cyber Attack Took Out The Internet?

• German Cyber Security Chief Fears Hackers Could Target Hospitals

• How The Post-Pandemic World Will Challenge CISOs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Attacks Grew By 485% In 2020

Ransomware attacks increased by an astonishing 485% in 2020 compared to 2019, according to Bitdefender’s 2020 Consumer Threat Landscape Report, which highlighted the ways cyber criminals targeted the COVID-19 pandemic. Interestingly, nearly two-thirds (64%) of the ransomware attacks took place in the first two quarters of 2020.

https://www.infosecurity-magazine.com/news/ransomware-attacks-grow-2020/

Cyber Insurance Firm Suffers Sophisticated Ransomware Cyber Attack; Data Obtained May Help Hackers Better Target Firm’s Customers

One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cyber security attack” on March 21, 2021. The cyber attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.

https://www.cpomagazine.com/cyber-security/cyber-insurance-firm-suffers-sophisticated-ransomware-cyber-attack-data-obtained-may-help-hackers-better-target-firms-customers/amp/

Ransom Gangs Emailing Victim Customers For Leverage

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organisations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.

https://krebsonsecurity.com/2021/04/ransom-gangs-emailing-victim-customers-for-leverage/

'We Have Your Porn Collection': The Rise Of Extortionware

Experts say the trend towards ransoming sensitive private information could affect companies not just operationally but through reputation damage. It comes as hackers bragged after discovering an IT Director's secret porn collection. The targeted US firm has not publicly acknowledged that it was hacked. In its darknet blog post about the hack last month, the cyber-criminal gang named the IT director whose work computer allegedly contained the files.

https://www.bbc.co.uk/news/technology-56570862

Should Firms Be More Worried About Firmware Cyber Attacks?

Microsoft recently put out a report claiming that businesses globally are neglecting a key aspect of their cyber security - the need to protect computers, servers, and other devices from firmware attacks. Its survey of 1,000 cyber security decision makers at enterprises across multiple industries in the UK, US, Germany, Japan, and China has revealed that 80% of firms have experienced at least one firmware attack in the past two years. Yet only 29% of security budgets have been allocated to protect firmware.

https://www.bbc.co.uk/news/business-56671419

Armed Conflict Draws Closer As State-Backed Cyber Attacks Intensify

The world is coming perilously close to nation states retaliating against cyber attacks with conventional weapons, according to a new HP report. Publicly available reports into state-sponsored attacks and interviews with scores of experts. It claimed there has been a 100% increase in “significant” state-backed attacks between 2017-20, and an average of over 10 publicly attributed attacks per month in 2020 alone.

https://www.infosecurity-magazine.com/news/armed-conflict-closer-state/

Coca-Cola Trade Secret Theft Underscores Importance Of Insider Threat Early Detection

The trial of Xiaorong You started in Greenville, TN, this week. She is accused of trade secret theft and economic espionage after allegedly stealing technologies owned by several companies, including her former employers Coca-Cola and Eastman Chemical Company. The value placed on the development of the stolen technologies is $119.6 million. Other affected companies include Azko-Nobel, Dow Chemical, PPG, TSI, Sherwin Williams and ToyoChem.

The details of the case suggest that the damages the accused is allegedly responsible for could have been minimized if better real-time insider threat detection methods had been in place. They also outline possible motives for the theft of the intellectual property: ego and money.

https://www.csoonline.com/article/3613953/coca-cola-trade-secret-theft-underscores-importance-of-insider-threat-early-detection.html

Attackers Blowing Up Discord, Slack With Malware

Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware. The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cyber criminal expertise in attacking them.

https://threatpost.com/attackers-discord-slack-malware/165295/

Scraped Data Of 500 Million LinkedIn Users Being Sold Online, 2 Million Records Leaked As Proof

An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author. The four leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more.

While users on the hacker forum can view the leaked samples for about $2 worth of forum credits, the threat actor appears to be auctioning the much-larger 500 million user database for at least a 4-digit sum, presumably in bitcoin.

https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/

Massive Facebook Data Breach Leaks Info On Millions Of Users

The personal information of hundreds of millions of Facebook users across the globe has been leaked online. Around 533 million Facebook users are thought to have been affected by the data breach, with phone numbers, Facebook ID, full name, location, past location, birthdate, email address, account creation date, relationship status, and personal bios all available. The data is thought to be the same set that was leaked in January 2021 and was available to purchase online, meaning Facebook has failed to secure its users once again.

https://www.techradar.com/uk/news/massive-facebook-data-breach-leaks-info-on-millions-of-users

Threats

Ransomware

• REvil ransomware now changes password to auto-login in Safe Mode

Phishing

• LinkedIn Spear-Phishing Campaign Targets Job Hunters

• Phishing Emails Most Commonly Originate from Eastern Europe

Malware

• IcedID Banking Trojan Surges: The New Emotet?

• New wormable Android malware poses as Netflix to hijack WhatsApp sessions

Mobile

• Another supply-chain attack? Android maker Gigaset injects malware into victims' phones via poisoned update

IOT

• 99% of security pros concerned about their IoT and IIoT security

Vulnerabilities

• Critical Zoom vulnerability triggers remote code execution without user input

• Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers

• Bug allows attackers to hijack Windows time sync software used to track security incidents

• Critical Cloud Bug in VMWare Carbon Black Allows Takeover

• AMD admits Zen 3 processors are vulnerable to Spectre-like side-channel attack

• Hackers are actively targeting FortiOS vulnerabilities

• Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack

• SAP Bugs Under Active Cyberattack, Causing Widespread Compromise

Data Breaches

• Adult content from hundreds of OnlyFans creators leaked online

• A huge trove of credit card records and Social Security numbers just got hacked

• Booking.com fined €475,000 for late reporting of data breach

Nation State Actors

• Spy Operations Target Vietnam with Sophisticated RAT

• North Korean hackers return, target infosec researchers in new operation

Privacy

• Cyber criminals could be watching your home security footage

• The Home Office is preparing another attack on encryption

Other News

• Ubiquiti is accused of covering up a ‘catastrophic’ data breach — and it’s not denying it

• VISA: Hackers increasingly using web shells to steal credit cards

• Cloud-native watering hole attack: Simple and potentially devastating

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Cyber crime costs the world more than $1 trillion, a 50% increase from 2018

Cyber crime costs the world economy more than $1 trillion, or just more than one percent of global GDP, which is up more than 50 percent from a 2018 study that put global losses at close to $600 billion. Beyond the global figure, the report also explored the damage reported beyond financial losses, finding 92 percent of companies felt effects beyond monetary losses.

https://www.helpnetsecurity.com/2020/12/07/cybercrime-costs-world/

FireEye, one of the world's largest security firms, discloses security breach

FireEye, one of the world largest security firms, said today it was hacked and that a "highly sophisticated threat actor" accessed its internal network and stole hacking tools FireEye uses to test the networks of its customers.

The firm said the threat actor also searched for information related to some of the company's government customers.

The attacker was described as a "highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack."

https://www.zdnet.com/article/fireeye-one-of-the-worlds-largest-security-firms-discloses-security-breach/

Chinese Breakthrough in Quantum Computing a Warning for Security Teams

China’s top quantum-computer researchers have reported that they have achieved quantum supremacy, i.e., the ability to perform tasks a traditional supercomputer cannot. And while it’s a thrilling development, the inevitable rise of quantum computing means security teams are one step closer to facing a threat more formidable than anything before.

https://threatpost.com/chinese-quantum-computing-warning-security/161935/

Ransom payouts hit record-highs, surging 178% in a year

Average ransom payouts increased by 178% in the third quarter of this year, from $84,000 (£63,000) to almost £234,000, compared with the year before. Ransomware payments reached record-highs in 2020 as employees shifted to remote working to curb the spread of the coronavirus pandemic, creating more attack vectors for hackers.

https://uk.finance.yahoo.com/news/ransomware-payouts-hacking-computers-hit-record-highs-surging-134527988.html

Ransomware Set for Evolution in Attack Capabilities in 2021

Ransomware is set to evolve into a greater threat in 2021 as service offerings and collaborations increase. The year turned out “different than predicted” and the shift to working from home also impacted the e-crime landscape. “This created an industrialization of e-crime groups and their abilities to extend from single groups into business pipelines”

https://www.infosecurity-magazine.com/news/ransomware-evolution-capabilities/

How Organisations Can Prevent Users from Using Breached Passwords

There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door?

https://thehackernews.com/2020/12/how-organizations-can-prevent-users.html

Threats

Ransomware

• Hackers demand $34.7 million in Bitcoin after ransomware attack on Foxconn

• Ransomware forces hosting provider Netgain to take down data centers

• Ransomware-struck schools reject £1m demand from crims in timely reminder to always mind the air-gap

• 'Malwareless' ransomware campaign operators pwned 83k victims' MySQL servers, 250k databases up for sale

• Ransomware hits helicopter maker Kopter

Phishing

• Spearphishing Attack Spoofs Microsoft.com to Target 200M Office 365 Users

• Adobe users targeted in dangerous new phishing campaign

IOT

• Millions of IoT devices could be vulnerable to these unfixable security bugs

Malware

• Qbot malware switched to stealthy new Windows autostart method

• Microsoft exposes Adrozek, malware that hijacks Chrome, Edge, and Firefox

• Social media sharing icons could harbor info-stealing malware

• All-new Windows 10 malware is excellent at evading detection

• Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping

Vulnerabilities

• Critical, Unpatched Bugs Open GE Radiological Devices to Remote Code Execution

• Amnesia:33 vulnerabilities impact millions of smart and industrial devices

• Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code execution vulnerabilities.

• Expert discloses zero-click, wormable flaw in Microsoft Teams

• NSA Warns: Patched VMware Bug Under Active Attack

Data Breaches

• FireEye, one of the world's largest security firms, discloses security breach

• HMRC admits to 26 data breaches during 2019-20

• Hackers leak data from Embraer, world's third-largest airplane maker

• Payment service PayPay hacked

Threat Actors

• Norway says Russian hacking group APT28 is behind August 2020 Parliament hack

Insider Threats

• Bank Employee Sells Personal Data of 200,000 Clients

Other News

• Experian predicts 5 key data breach targets for 2021

• 6 new ways threat actors will attack in 2021

• Research: Millions of smart devices vulnerable to hacking

• Finland passes new 5G security law to ban risky equipment

• Ransomware attacks target backup systems, compromising the company ‘insurance policy’

Reports Published in the Last Week

• Sophos 2021 Threat Report

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.