Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Cyber Weekly Flash Briefing 10 July 2020: firms concerned by cloud security: most already breached, 15 Billion passwords on sale, routers present huge risk, BMW cust breach, NK hackers target retail

Cyber Weekly Flash Briefing 10 July 2020: firms concerned by cloud security: most already breached, 15 Billion passwords on sale, routers present huge risk, BMW cust breach, NK hackers target retail

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.


Majority of firms concerned about public cloud security, most have suffered breach

Most businesses are worried about the current state of their public cloud security, with 70% admitting they have experienced a breach over the past year including 93% in India, where this figure is highest worldwide. Companies that used more than one public cloud platforms reported more security incidents than their peers that used only one platform.

In addition, system misconfigurations enabled 66% of cyber attacks either because attackers were able to exploit a misconfigured system or tap flaws in the firewall applications to steal credentials of cloud provider accounts. Data loss or leak was the biggest security concern, with 44% of organisations pointing to this as a top focus area, according to Sophos' State of Cloud Security 2020 study.

The survey polled 3,521 IT managers across 26 markets including 158 in Singapore, 227 in India, 162 in China, 148 in Australia, 126 in Japan, 191 in the UK, and 413 in the US. These respondents used services from at least one of the following public cloud providers: Amazon Web Services (AWS) and VMWare Cloud on AWS, Microsoft Azure, Alibaba Cloud, and Oracle Cloud. They also might have used Google Cloud and IBM Cloud.

Read more: https://www.zdnet.com/article/majority-of-firms-concerned-about-public-cloud-security-most-have-suffered-breach/


15 Billion Stolen Passwords On Sale On The Dark Web, Research Reveals

There are more than 15 billion stolen account credentials circulating on criminal forums within the dark web, a new study has revealed.

Researchers discovered usernames, passwords and other login information for everything from online bank accounts, to music and video streaming services.

The majority of exposed credentials belong to consumers rather than businesses, the researchers found, resulting from hundreds of thousands of data breaches.

Unsurprisingly, the most expensive credentials for sale were those for bank and financial services. The average listing for these was £56 on the dark web – a section of the internet notorious for criminal activity that is only accessible using specialist software.

Researched stated that the sheer number of credentials available is staggering.

Read more here: https://www.independent.co.uk/life-style/gadgets-and-tech/news/security-passwords-dark-web-digital-shadows-a9607871.htm


Check your router now - it could be a huge security risk

Many of the most popular home routers available to buy today feature a worrying number of security flaws and vulnerabilities, new research has found and your router might be the biggest security hole in your network.

A report from Germany discovered that the firmware present in a large number of leading routers was susceptible to hugely damaging security issues.

Many routers were found to never have received a single security firmware update in their lifetime, despite the risk that this could pose to users at home and at work, and were vulnerable to hundreds of well-known security issues.

The study looked at 127 home routers from seven brands (Netgear, ASUS, AVM, D-Link, Linksys, TP-Link and Zyxel), examining the product firmware for any known security vulnerabilities.

46 of the products it tested had not received any kind of security update within the past 12 months, with some vendors shipping firmware updates without fixing known vulnerabilities, and one set of products not seeing a firmware update for more than five years.

Read more here: https://www.techradar.com/news/check-your-router-now-it-could-be-a-huge-linux-security-risk


Data Breach Affects 384,319 BMW Customers in the U.K.

Researchers at an intelligence firm discovered that a hacker group “KelvinSecurity” compromised the personal information of 384,319 BMW customers in the U.K. and put them for sale on various darknet forums.

The hacker group claimed that they got the BMW database from a call centre that handles customers’ information of various automobile brands. The stolen database contains over 500,000 customer records dated between 2016 and 2018, affecting U.K. owners of other car manufacturers, including Honda, Mercedes, SEAT, and Hyundai in the U.K.

The exposed BMW owners’ information included sensitive information such as surnames, emails, vehicle registration numbers, residential address, dealer names, car registration information, names of dealerships. The researchers also discovered multiple databases exposed by KelvinSecurity, including data related to the U.S. government contractors and the Russian military weapons development. The hacker group also exposed over 28 databases on various darknet forums for free, affecting organizations in Iran, Australia, Mexico, U.S., Sweden, Indonesia, and France.

Read more here: https://cisomag.eccouncil.org/bmw-data-breach/


SurveyMonkey Phishers Go Hunting for Office 365 Credentials

Security researchers are warning of a new phishing campaign that uses malicious emails from legitimate SurveyMonkey domains in a bid to bypass security filters.

The phishing emails in question are sent from a real SurveyMonkey domain but crucially have a different reply-to domain.

Within the body of the email is a hidden redirect link appearing as the text ‘Navigate to access statement’ with a brief message ‘Please do not forward this email as its survey link is unique to you’” it explained. Clicking on the link redirects to a site hosted on a Microsoft form submission page. This form asks the user to enter their Office 365 email and password. If the user is not vigilant and provides their credentials, the user account would be compromised.

The attack is effective for several reasons: its use of a legitimate SurveyMonkey email sender, the concealing of the phishing site URL and the description of the email as unique to every user.

Read more here: https://www.infosecurity-magazine.com/news/surveymonkey-phishers-office-365/


Microsoft takes legal action against COVID-19-related cybercrime

This week a Court in the US unsealed documents detailing Microsoft’s work to disrupt cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world. The civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks.

Microsoft’s Digital Crimes Unit (DCU) first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise Microsoft customer accounts. The criminals attempted to gain access to customer email, contact lists, sensitive documents and other valuable information. Based on patterns discovered at that time, Microsoft utilized technical means to block the criminals’ activity and disable the malicious application used in the attack. Recently, Microsoft observed renewed attempts by the same criminals, this time using COVID-19-related lures in the phishing emails to target victims.

Read more here: https://blogs.microsoft.com/on-the-issues/2020/07/07/digital-crimes-unit-covid-19-cybercrime/


North Korea's Lazarus hackers are planting skimmers on US and European retail websites, researchers warn

Researchers claim to have found evidence to suggest that North Korean state-sponsored actors are planting skimmers on the web stores of many American and European retailers in efforts to steal payment card details of unsuspecting shoppers.

The activities have been ongoing since at least May 2019, the researchers say, and can be attributed to hackers linked with the North Korean-backed Lazarus group.

The new research shows that in the last year, Lazarus has been able to infiltrate web stores of many retailers, such as international fashion chain Claire's.  The group has also developed a global exfiltration network that uses authentic websites to transfer stolen assets to attackers. These websites are first hijacked and then repurposed to mask the malicious activities of the hackers.

Read more here: https://www.computing.co.uk/news/4017355/north-korea-lazarus-hackers-planting-skimmers-us-european-retail-websites-researchers-warn


British Army ‘to be slashed by 20,000 troops to make way for cyber warfare’

In a clear indication of the expectations of how future conflicts will be fought the British Army could be cut by more than a quarter under spending review plans dawn up by UK defence chiefs.

Up to 20,000 troops could be let go, while airfields are closed and helicopters are taken out of service. The Royal Marines commando brigade may also be disbanded and Royal Navy minesweepers could also be axed.

Security sources have claimed Johnson’s top adviser Dominic Cummings has been pushing to divert a sizeable amount of money from the army to fund cyber warfare, space and artificial intelligence projects.

Read more here: https://metro.co.uk/2020/07/06/army-slashed-20000-troops-make-way-cyber-warfare-12950143/


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Read More