Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Criminals Exploit Invasion of Ukraine

Cyber criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.

In a blog, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.

Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos remote access Trojans.

Agent Tesla is a malware-as-a-service (MaaS) Remote Access Trojan (RAT) and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.

Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.

https://www.infosecurity-magazine.com/news/cyber-criminals-invasion-ukraine/

UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat

The UK’s Information Commissioner’s Office (ICO) reports a ‘steady and significant’ increase in cyber-attacks against UK firms over the past two years.

Employees should report any suspicious emails rather than delete them and firms must step up their vigilance against cyber-attacks in the face of a heightened threat from Russian hackers, the UK’s data watchdog has said.

John Edwards, the Information Commissioner, said a new era of security had begun where instead of blacking out windows, people needed to maintain vigilance over their inboxes.

Experts including the UK’s cyber security agency have said Russian hackers could target Britain, and the imposition of sanctions by London on Moscow has increased those fears.

Asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK, Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.”

https://www.theguardian.com/technology/2022/mar/04/uk-data-watchdog-urges-vigilance-amid-heightened-cyber-threat

Phishing - Still a Problem, Despite All The Work

Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.

Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?

https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work

Phishing Attacks Hit All-Time High in December 2021

The Anti-Phishing Working Group international consortium (APWG) saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it began its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.

In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.

Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.

The solution provider Abnormal Security observed 4,200 companies, organisations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.

“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.

https://www.helpnetsecurity.com/2022/03/03/phishing-attacks-december-2021/

Ransomware Infections Top List of The Most Common Results of Phishing Attacks

A report from insider threat management software company Egress found some startling conclusions when it spoke to IT leadership: Despite the pervasive and very serious threat of ransomware, very few boards of directors consider it a top priority.

Eighty-four percent of organisations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren’t hit with a phishing attack, and you still end up at around 50% of all organisations having been hit with ransomware in 2021.

Egress said that its data shows there has been a 15% increase in successful phishing attacks over the past 12 months, with the bulk of the attacks utilising malicious links and attachments. Those methods aren’t new, but a 15% increase in successful attacks means that something isn’t working.

https://www.techrepublic.com/article/ransomware-infections-top-list-of-the-most-common-results-of-phishing-attacks/

Social Media Phishing Attacks Are at An All Time High

Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.

The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analysed phishing attack patterns that unfolded throughout 2021.

As part of their report, Vade analysed 184,977 phishing pages to create stats based on a billion corporate and consumer mailboxes that the cyber security firm protects.

Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures.

https://www.bleepingcomputer.com/news/security/social-media-phishing-attacks-are-at-an-all-time-high/

Insurance Giant AON Hit by a Cyber Attack

Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.

AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cyber security consulting, risk solutions, healthcare insurance, and wealth management products.

AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.

In a filing with the US SEC, AON has disclosed that they suffered a cyberattack on February 25th, 2022.

AON has not provided any details of the attack other than that it occurred and affected a limited number of systems.

The company stated that although in the early stages of assessing the incident, based on the information currently known, the company did not expect the incident to have a material impact on its business, operations or financial condition.

In addition to being an insurance broker, AON is also a leading reinsurance company, meaning that they insure the insurance companies.

https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/

How Prepared Are Organisations to Face Email-Based Ransomware Attacks?

Proofpoint released a report which provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cyber criminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities

This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses data from nearly 100 million simulated phishing attacks sent by customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.

Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. In line with this, 68% of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.

https://www.helpnetsecurity.com/2022/02/28/email-based-ransomware-attacks/

The Most Impersonated Brands in Phishing Attacks

Vade announced its annual ranking of the top 20 most impersonated brands in phishing. Facebook, which was in the second spot in 2020, rose to the top spot for 2021, representing 14% of phishing pages, followed by Microsoft, with 13%.

The report analysed 184,977 phishing pages linked from unique phishing emails between January 1, 2021 and December 31, 2021.

Key findings:

·         Financial services is the most impersonated industry

·         Microsoft is the most impersonated cloud brand and the top corporate brand

·         Facebook dominates social media phishing

·         35% of all phishing pages impersonated financial services brands

·         Mondays and Tuesdays are the top days for phishing

·         78% of phishing attacks occur on weekdays

·         Monday and Thursday are the top days for Facebook phishing

·         Thursday and Friday are the top days for Microsoft phishing

https://www.helpnetsecurity.com/2022/03/04/most-impersonated-brands-phishing/

As War Escalates in Europe, It’s ‘Shields Up’ For The Cyber Security Industry

In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the US Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organisations — regardless of size — adopt a heightened posture when it comes to cyber security and protecting their most critical assets.”

The blanket warning is for all industries to take notice. Indeed, it’s a juxtaposition of sorts to think the cyber security industry is vulnerable to cyber attack, but for many nation state groups, this is their first port of call.

Inspired by the spike in attacks on cyber security agencies globally, a report from Reposify assessed the state of the cyber security industry’s external attack surface (EAS). It coincides with CISA’s warning, and highlights critical areas of concern for the sector and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organisations can focus their efforts, and reinforce the digital perimeter.

https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/

2022 May Be The Year Cyber Crime Returns Its Focus to Consumers

Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.

This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.

ReasonLabs has compiled a detailed report on the status of consumer-level cyber security and what trends are most likely to emerge this year.

https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/

Kaspersky Neutral Stance in Doubt As It Shields Kremlin

Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.

The company insists that they ‘never provide any law enforcement or government organisation with access to user data or the company's infrastructure.”

Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cyber security community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.

"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.

https://cybernews.com/security/kaspersky-neutral-stance-in-doubt-as-it-shields-kremlin/

Threats

Ransomware

• Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response (darkreading.com)

• Toyota Japan Shutters 14 Plants After Probable Cyber Attack • The Register

• Bridgestone Still Struggling With Plant Closures Across North America After Cyber Attack | ZDNet

• Cyber Criminals Who Breached Nvidia Issue One Of The Most Unusual Demands Ever | Ars Technica

• Conti Ransomware's Internal Chats Leaked After Siding With Russia (bleepingcomputer.com)

• Conti Group Encrypts Karma Ransomware Extortion Notes - Infosecurity Magazine

Phishing & Email

• Unusual Sign-In Activity Mail Goes Phishing For Microsoft Account Holders | Malwarebytes Labs

Other Social Engineering

• 'Several Combinations Of Social Engineering' Used During Cyber Attack On Camera Maker Axis | ZDNet

• Instagram Scammers As Busy As Ever: Passwords And 2FA Codes At Risk – Naked Security (sophos.com)

Malware

• TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (thehackernews.com)

• Rebirth of Emotet: New Features of the Botnet and How to Detect it (thehackernews.com)

Mobile

• How Much Do Different Generations Trust Their Mobile Devices' Security? - Help Net Security

• TeaBot Android Banking Trojan Continues Its Global Conquest With New Upgrades | ZDNet

• This Nasty Android Malware Steals Your Passwords — What You Need To Know [Update] | Tom's Guide (tomsguide.com)

• SharkBot Malware Hides As Android Antivirus In Google Play (bleepingcomputer.com)

• A New Money-Stealing Malware Makes Rounds On Google Play Store Posing As An Innocent App With Over 50,000 Downloads - NotebookCheck.net News

Data Breaches/Leaks

• Hackers Leak 190GB Of Alleged Samsung Data, Source Code (bleepingcomputer.com)

• NVIDIA Data Breach Exposed Credentials Of Over 71,000 Employees (bleepingcomputer.com)

• 250,000-Plus Lawyer Disciplinary Records Leak • The Register

• Swiss Bank Requests Destruction of Documents - Infosecurity Magazine

Organised Crime & Criminal Actors

• Ukraine-Russia Cyber Warzone Splits Cyber Underground | Threatpost

Cryptocurrency/Cryptomining/Cryptojacking

• Hackers Threaten To Turn Every Nvidia GPU Into A Bitcoin Mining Machine | TechRadar

• Beware of Ongoing Crypto Cyber War Amidst the Ukraine Russian War in 2022 (analyticsinsight.net)

• Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Don’t Be Fooled Into Thinking You’re Too Smart To Be Scammed | News | The Sunday Times (thetimes.co.uk)

DoS/DDoS

• DDoSers Are Using A Potent New Method To Deliver Attacks Of Unthinkable Size | Ars Technica

• DDoS Attackers Have Found This New Trick To Knock Over Websites | ZDNet

• Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks (thehackernews.com)

• Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)

Nation State Actors

• Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation | Mandiant

• Charities, Aid Orgs In Ukraine Attacked With Malware (bleepingcomputer.com)

• Cyber Attacks In Ukraine Could Reach Other Countries - IT Security Guru

• Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (thehackernews.com)

• Ukraine Digital Army Brews Cyberattacks, Intel and Infowar | SecurityWeek.Com

• Ukraine Security Agencies Warn Of Ghostwriter Threat Activity, Phishing Campaigns | ZDNet

• Ukraine Asks ICANN To Revoke Russian Domains And Shut Down DNS Root Servers | Ars Technica

• IsaacWiper, The Third Wiper Spotted Since The Beginning Of Russian Invasion - Security Affairs

• Ukrainian Sites Saw A 10x Increase In Attacks When Invasion Started (bleepingcomputer.com)

• Cyber Attacks in Ukraine: New Worm-Spreading Data-Wiper With Ransomware Smokescreen | SecurityWeek.Com

• Chinese Malware Targeted Multiple Governments • The Register

• Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (thehackernews.com)

Passwords & Credential Stuffing

• Microsoft Accounts Targeted by Russian-Themed Credential Harvesting | Threatpost

Spyware, Espionage & Cyber Warfare

• Cyber Attack on NATO Could Trigger Collective Defence Clause - Official | Reuters

• Ukraine Conflict Spurs Questions Of How To Define Cyberwar - CyberScoop

• How China Built A One-Of-A-Kind Cyber-Espionage Behemoth To Last | MIT Technology Review

• Russia's Space Chief Says Hacking Satellites 'A Cause For War' - POLITICO

• Ukraine Is Building An 'It Army' Of Volunteers, Something That's Never Been Tried Before | ZDNet

• China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (thehackernews.com)

Vulnerabilities

• Get Patching Now: CISA Adds Another 95 Flaws To Its Known Exploited Vulnerabilities List | ZDNet

• Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products | SecurityWeek.Com

• Firefox Patches Two In-The-Wild Exploits – Update Now! – Naked Security (sophos.com)

• New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container (thehackernews.com)

• Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (thehackernews.com)

• New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances (thehackernews.com)

• Log4Shell Threat Far From Gone: Attackers Continue To Target Vulnerability - Information Security Buzz

Sector Specific

Financial Services Sector

• Banks Brace For Retaliatory Ransomware Attacks From Russia | Bitcoinist.com

Health/Medical/Pharma Sector

• Conti And Karma Actors Attack Healthcare Provider At Same Time Through ProxyShell exploits – Sophos News

• Over 100,000 Medical Infusion Pumps Vulnerable To Years Old Critical Bug (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Lack Of Visibility Plaguing ICS Environments - Help Net Security

Reports Published in the Last Week

• Vade Releases 2021 Phishers' Favourites Report (darkreading.com)

• Salt Security releases State of API Security Report - IT Security Guru

Other News

• Microsoft Teams Grows As Cyber Attack Vector - MSSP Alert

• Ukraine Conflict Puts Organisations’ Cyber-resilience To The Test - Information Security Buzz

• The Cyber Security Implications Of The Russia-Ukraine Conflict (forbes.com)

• Cyber Attackers Are Looking To Exploit People Who Want To Help Ukraine, Security Experts Warn | The Independent

• Multifactor Authentication Is Being Targeted by Hackers – The New Stack

• Attacks Abusing Programming APIs Grew Over 600% In 2021 (bleepingcomputer.com)

• Soaring Cyber Attacks On BBC – ‘No Industry Is Untouchable’ - Information Security Buzz

• Bad Actors Are Becoming More Successful At Evading AI/ML Technologies - Help Net Security

• Facebook, Twitter, Google Move To Intercept Russian Propaganda, Disinformation About Ukraine - CyberScoop

• Why the Shifting Nature of Endpoints Requires a New Approach to Security (darkreading.com)

• Open Source Security Fears Are Fading Away | ZDNet

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Warned To Bolster Defences Against Cyber Attacks As Russia Threatens Ukraine - BBC News

UK organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.

The National Cyber Security Centre (NCSC) has issued new guidance, saying it is vital companies stay ahead of a potential threat.

The centre said it was unaware of any specific threats to UK organisations.

It follows a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies.

In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours.

It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.

"It was a complex operation," says John Hultquist, an expert on Russian cyber operations at the US security firm Mandiant. "They even disrupted the telephone lines so that the engineers couldn't make calls."

Ukraine has been on the front line of a cyber conflict for years. But if Russia does invade the country soon, tanks and troops will still be at the forefront.

https://www.bbc.co.uk/news/uk-60158874

Cyber Attacks And Ransomware Hit A New Record In 2021, Says Report

Ransomware attacks have doubled for the past two years, says a new report—but a lot of people aren’t bothering to change their passwords.

Hackers made up for some lost time last year.

After seeing the number of data breaches decline in 2020, the Identity Theft Resource Center’s 16th Annual Data Breach Report says the number of security compromises was up more than 68% in 2021. That tops the all-time high by a shocking 23%.

All told, there were 1,862 breaches last year, says the ITRC, 356 more than in 2017, the previous busiest year on record.

“Many of the cyber attacks committed were highly sophisticated and complex, requiring aggressive defences to prevent them,” Eva Velasquez, ITRC president and CEO, said in a statement. “If those defences failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”

https://www.fastcompany.com/90715622/cyberattacks-ransomware-data-breach-new-record-2021

Ransomware Families Becoming More Sophisticated With Newer Attack Methods

Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year.

The report also found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate crippling attacks. At the same time, they are broadening their attack spheres and finding newer ways to compromise organisational networks and fearlessly trigger high-impact assaults.

https://www.helpnetsecurity.com/2022/01/28/new-ransomware-families/

More Than 90% Of Enterprises Surveyed Have Been Hit By Successful Cyber Attacks

Cyber attacks can impact any organisation, big or small. But large enterprises are often more tempting targets due to the vast amount of lucrative data they hold. A new report from cyber security firm Anomali reveals an increase in successful cyber attacks and offers ideas on how organisations can better protect themselves.

Published on Thursday, the "2022 Anomali Cyber security Insights Report" is based on a survey of 800 cyber security decision makers commissioned by Anomali and conducted by Harris between September 9 and October 13 of 2021. The survey elicited responses from professionals in the US, UK, Canada and other countries who work full time in such industries as manufacturing, telecommunications and financial services.

Among the respondents, 87% said that their organisations were victims of successful cyber attacks sometime over the past three years. In this case, a successful attack is one that caused damage, disruption or a data breach. Since the pandemic started almost two years ago, 83% of those polled have experienced an increase in attempted cyber attacks, while 87% have been hit with a rise in phishing emails, many of them exploiting coronavirus-related themes.

https://www.techrepublic.com/article/more-than-90-of-enterprises-surveyed-have-been-hit-by-successful-cyberattacks/

Ransomware Gangs Increase Efforts To Enlist Insiders For Attacks

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.

The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.

Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.

https://www.bleepingcomputer.com/news/security/ransomware-gangs-increase-efforts-to-enlist-insiders-for-attacks/

Shipment-Delivery Scams Become the Favoured Way to Spread Malware

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found.

Researchers from Avanan, a Check Point company, and Cofense have discovered recent phishing campaigns that include malicious links or attachments aimed at infecting devices with Trickbot and other dangerous malware, they reported separately on Thursday.

The campaigns separately relied on trust in widely used methods for shipping and employees’ comfort with receiving emailed documents related to shipments to try to elicit further action to compromise corporate systems, researchers said.

https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/

Most Ransomware Infections Are Self-Installed

New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed.

The finding was included in the company’s inaugural annual report on cyber security trends and predictions, Great eXpeltations, published on Thursday.

Researchers found eight out of ten ransomware infections occurred after victims unwittingly opened a zipped file containing malicious code. Abuse of third-party access accounted for 3% of all ransomware incidents, and 4% were caused by exploiting a software vulnerability on the perimeter.

The report was based on the analysis of data aggregated from Expel’s security operations center (SOC) concerning incidents spanning January 1 2021 to December 31 2021.

Other key findings were that 50% of incidents were BEC (business email compromise) attempts, with SaaS apps a top target.

https://www.infosecurity-magazine.com/news/most-ransomware-infections-self/

Staff Negligence Is Now A Major Reason For Insider Security Incidents

Insider threats cost organisations approximately $15.4 million every year, with negligence a common reason for security incidents, new research suggests.

Enterprise players today are facing cyber security challenges from every angle. Weak endpoint security, unsecured cloud systems, vulnerabilities -- whether unpatched or zero-days -- the introduction of unregulated internet of things (IoT) devices to corporate networks and remote work systems can all become conduits for a cyber attack to take place.

When it comes to the human element of security, a lack of training or cyber security awareness, mistakes, or deliberate, malicious actions also needs to be acknowledged in managing threat detection and response.

https://www.zdnet.com/article/employee-contractor-negligence-is-now-a-major-reason-for-insider-security-incidents/

22 Cyber Security Myths Organisations Need To Stop Believing In 2022

Security teams trying to defend their organisations need to adapt quickly to new challenges. Yesterday’s buzzwords and best practices have become today’s myths.

The past few years have seen a dramatic shift in how organisations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

This convoluted environment requires a new mindset to defend, and things that might have held true in the past might no longer be useful. Can digital certificates' expiration dates still be managed in a spreadsheet? Is encryption 'magic dust'? And are humans actually the weakest link?

Security experts weigh in the 22 cyber security myths that we finally need to retire in 2022.

https://www.csoonline.com/article/3648048/22-cybersecurity-myths-organisations-need-to-stop-believing-in-2022.html

Android Malware Can Factory-Reset Phones After Draining Bank Accounts

A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean.

Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks.

https://arstechnica.com/information-technology/2022/01/android-malware-can-factory-reset-phones-after-draining-bank-accounts/

GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study

Fines issued for GDPR non-compliance increased sevenfold from 2020 to 2021, analysis shows

In its latest annual GDPR summary, international law firm DLA Piper focuses attention in two areas: fines imposed and the evolving effect of the Schrems II ruling of 2020. Fines are increasing and Schrems II issues are becoming more complex.

Fines issued for GDPR non-compliance increased significantly (sevenfold) in 2021, from €158.5 million (approximately $180 million) in 2020 to just under €1.1 billion (approximately $1.25 billion) in 2021. The largest fines came from Luxembourg against Amazon (€746 million / $846 million), and Ireland against WhatsApp (€225 million / $255 million). Both are currently being appealed.

The WhatsApp fine is interesting. The original fine proposed by the Irish Data Protection Commission (DPC) was for €30 million to €50 million. However, other European regulators objected, and the European Data Processing Board (EDPB) adjudicated – instructing Ireland to increase the fine by 350%.

https://www.securityweek.com/gdpr-fines-surged-sevenfold-125-billion-2021-study

Cyber Security In 2022 – A Fresh Look At Some Very Alarming Stats

Last year Forbes wrote a couple of articles  that highlighted some of the more significant cyber statistics associated with our expanding digital ecosystem.  In retrospect, 2021 was a very trying year for cyber security in so many areas. There were high profile breaches such as Solar Winds, Colonial Pipeline and dozens of others that had major economic and security related impact.  Ransomware came on with a vengeance targeting many small and medium businesses.  

Perhaps most worrisome was how critical infrastructure and supply chains security weaknesses were targeted and exploited by adversaries at higher rates than in the past.  Since it is only January, we are just starting to learn of some of the statistics that certainly will trend in 2022.  By reviewing the topics below, we can learn what we need to fortify and bolster in terms of cyber security throughout the coming year.

https://www.forbes.com/sites/chuckbrooks/2022/01/21/cybersecurity-in-2022--a-fresh-look-at-some-very-alarming-stats/

Buy now, pay later fraud, romance and cryptocurrency schemes top the list of threats this year

Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud.

The main areas they are predicting seeing rises in fraud are:

-Buy now, pay never

-Cryptocurrency scams

-Doubling ransomware attacks

-More increases in romance fraud

-Digital elder abuse will rise

https://www.helpnetsecurity.com/2022/01/26/fraud-threats-this-year/

Threats

Ransomware

• Ransomware: More Families, More Vulnerabilities, More Weaponry Dominate 2021 - MSSP Alert

• Linux Version Of LockBit Ransomware Targets VMware ESXi Servers (bleepingcomputer.com)

• BlackCat Ransomware Targeting US, European Retail, Construction And Transportation Orgs | ZDNet

• Conti Ransomware Hits Apple, Tesla Supplier - The Record by Recorded Future

Phishing

• There's Been A Big Rise In Phishing Attacks Using Microsoft Excel XLL Add-Ins | ZDNet

• Microsoft warns of multi-stage phishing campaign leveraging Azure AD (bleepingcomputer.com)

• Evolved phishing: Device Registration Trick Adds To Phishers’ Toolbox For Victims Without MFA - Microsoft Security Blog

Other Social Engineering

• Coronavirus SMS Scam Offers Home PCR Testing Devices – Don’t Fall For It! – Naked Security (sophos.com)

Malware

• Trickbot Injections Get Harder to Detect & Analyze (darkreading.com)

• Log4j: Mirai Botnet Found Targeting ZyXEL Networking Devices | ZDNet

• Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks (thehackernews.com)

• TrickBot Malware Using New Techniques to Evade Web Injection Attacks (thehackernews.com)

Mobile

• 105 Million Android Users Targeted By Subscription Fraud Campaign (bleepingcomputer.com)

• 2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan | Ars Technica

• New FluBot And TeaBot Campaigns Target Android Devices Worldwide (bleepingcomputer.com)

• Latest Version Of Android RAT BRATA Wipes Devices After Stealing Data - Security Affairs

• Is Google Tracking Your Location Even When You Think You’ve Turned It Off? US States Sue Over “Deception” • Graham Cluley

IoT

• As IoT Attacks Increase, Experts Fear More Serious Threats (darkreading.com)

• Mirai Splinter Botnets Dominate IoT Attack Scene | ZDNet

• Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHub (darkreading.com)

• 19-Year-Old Describes How He Remotely Hacked 25+ Teslas (businessinsider.com)

Data Breaches/Leaks

• 'We're Losing Control Of Our Data' As Breaches Reach An All-Time High | ZDNet

• Personal Identifying Information For 1.5 Billion Users Was Stolen In 2021, But From Where? - TechRepublic

Organised Crime & Criminal Actors

• Russia Makes More Arrests, But Cyber Crime-Harbouring Reputation Hard To Shake (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking

• People Are Still Getting Pwned a Week After a Crypto Hack Was ‘Contained’ (vice.com)

Supply Chain

• Aqua Security Reports Large Increase in Supply Chain Attacks (infoq.com)

DoS/DDoS

• Microsoft Mitigates Largest DDoS Attack 'Ever Reported In History' (bleepingcomputer.com)

• Nobel Foundation Site Hit By DDoS Attack On Award Day (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Over 20,000 Data Center Management Systems Exposed To Hackers (bleepingcomputer.com)

• Energy Sector Still Needs to Shut the Barn Door (darkreading.com)

Nation State Actors

• North Korean Hackers Using Windows Update Service to Infect PCs with Malware (thehackernews.com)

• Russian APT29 Hackers' Stealthy Malware Undetected For Years (bleepingcomputer.com)

• North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware (thehackernews.com)

• German Intel Warns Of APT27 Targeting Commercial Organisations - Security Affairs

• Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign (darkreading.com)

• APTs Quiet Ahead Of Beijing Games, But Financially Motivated Hackers Are Still Lurking, Research Says - CyberScoop

Cloud

• Top 5 Cloud Security Data Breaches in Recent Years (makeuseof.com)

• Molerats Group Uses Public Cloud Services As Attack Infrastructure - Security Affairs

Privacy

• UK’s Privacy Tsar Mounts Fierce Defence of End-to-End Encryption - Infosecurity Magazine

Passwords & Credential Stuffing

• 65% Of Organisations Continue To Rely On Shared Logins - Help Net Security

• Strong Security Starts With The Strengthening Of The Weakest Link: Passwords - Help Net Security

• Has That Password Been Compromised? - IT Security Guru

Spyware, Espionage & Cyber Warfare

• DazzleSpy: Pro-Democracy Org Hijacked To Become macOS Spyware Distributor | ZDNet

Vulnerabilities

• Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’ | Threatpost

• Outlook Security Feature Bypass Allowed Sending Malicious Links | SecurityWeek.Com

• Attackers Now Actively Targeting Critical SonicWall RCE Bug (bleepingcomputer.com)

• Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? (thehackernews.com)

• Apple Fixes New Zero-Day Exploited To Hack macOS, iOS Devices (bleepingcomputer.com)

• F5 Fixes 25 Flaws In BIG-IP, BIG-IQ, and NGINX Products - Security Affairs

Sector Specific

Health/Medical/Pharma Sector

• Healthcare Industry Most Common Victim Of Third-Party Breaches Last Year - Help Net Security

Education and Academia

• Education Sector Hounded By Cyber Attacks In 2021 | CSO Online

• Reports Published in the Last Week

• Identity Theft Resource Center’s 2021 Annual Data Breach Report Sets New Record for Number of Compromises - ITRC (idtheftcenter.org)

• Experian plc - Experian’s Annual Future of Fraud Forecast Predicts Five Key Threats for Businesses and Consumers in 2022

• Aqua Security Reports Large Increase in Supply Chain Attacks (infoq.com)

Other News

• Cyber Security: 11 Steps To Take As Threat Levels Increase | ZDNet

• Right of Boom: Can Your MSP Really Survive A Cyber Attack? - MSSP Alert

• Are You Prepared to Defend Against a USB Attack? (darkreading.com)

• Prioritizing And Remediating Vulnerabilities In The Wake Of Log4J and Microsoft's Patch Tuesday Blunder | CSO Online

• VW Fired Senior Employee After They Raised Cyber Security Concerns | Financial Times

• Microsoft Outlook RCE Zero-Day Exploits Now Selling For $400,000 (bleepingcomputer.com)

• Hackers Are Taking Over CEO Accounts With Rogue OAuth Apps (bleepingcomputer.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.