Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Fifth of Businesses Say Cyber Attack Nearly Broke Them

A fifth of US and European businesses have warned that a serious cyber attack nearly rendered them insolvent, with most (87%) viewing compromise as a bigger threat than an economic downturn, according to Hiscox.

The insurer polled over 5000 businesses in the US, UK, Ireland, France, Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox Cyber Readiness Report.

It revealed the potentially catastrophic financial damage that a serious cyber-attack can wreak. The number claiming to have nearly been brought down by a breach increased 24% compared to the previous year.

Nearly half (48%) of respondents said they suffered an attack over the past 12 months, a 12% increase from the previous report’s findings. Perhaps unsurprisingly, businesses in seven out of eight countries see cyber as their biggest threat.

Yet perception appears to vary greatly depending on whether an organisation has suffered a serious compromise or not. While over half (55%) of total respondents said they view cyber as a high-risk area, the figure among companies that have not yet suffered an attack is just 36%.

https://www.infosecurity-magazine.com/news/fifth-of-businesses-cyber-attack/

• Weak Security Controls and Practices Routinely Exploited for Initial Access

Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. A joint Cybersecurity Advisory by the cyber security authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom identifies commonly exploited controls and practices and includes best practices to mitigate the issues.

Malicious cyber actors often exploit the following common weak security controls, poor configurations, and poor security practices to employ the initial access techniques.

• Multifactor authentication (MFA) is not enforced

• Incorrectly applied privileges or permissions and errors within access control lists

• Software is not up to date

• Use of vendor-supplied default configurations or default login usernames and passwords

• Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorised access

• Strong password policies are not implemented

• Cloud services are unprotected

• Open ports and misconfigured services are exposed to the internet

• Failure to detect or block phishing attempts

• Poor endpoint detection and response.

https://www.cisa.gov/uscert/ncas/alerts/aa22-137a

• How Do Ransomware Attacks Impact Victim Organisations’ Stock?

Ransomware has developed into an extremely lucrative business model with little risk involved for the threat actors. Couple this with the willingness of most victim organisations to pay the ransom demand under the assumption it will return business operations to normal - ultimately encouraging more attacks - and we have a big problem with no easy remedies.

Back in 2021, Cybereason published a report titled Ransomware Attacks and the True Cost to Business that revealed the various costs that organisations face after falling victim to a ransomware attack. Here are some of the most significant findings that stood out:

• Two-thirds of ransomware victims said that they endured a significant loss of revenue following the attack

• More than half (53%) of organisations suffered damage to their brand and reputation after a ransomware infection

• A third of those who fell to ransomware lost C-level talent in the attack’s aftermath

• Three in 10 organisations had no choice but to lay off employees due to the financial pressures resulting from a ransomware incident

• A quarter of ransomware victims said that they needed to suspend operations.

https://www.msspalert.com/cybersecurity-guests/how-do-ransomware-attacks-impact-victim-organizations-stock/

• Prioritise Patching Vulnerabilities Associated with Ransomware

In the last quarter, ransomware attacks have made mainstream headlines on a near-daily basis, with groups like Lapsus$ and Conti’s names splashed across the page. Major organisations like Okta, Globant and Kitchenware maker Meyer Corporation have all fallen victim, and they are very much not alone. The data indicates that increasing vulnerabilities, new advanced persistent threat (APT) groups and new ransomware families are contributing to ransomware’s continued prevalence and profitability.

The top stats include:

• 22 new vulnerabilities and nine new weaknesses have been associated with ransomware since January 2022; of the 22, a whopping 21 are considered of critical or high risk severity

• 19 (out of 22) of the newly-added vulnerabilities are associated with the Conti ransomware gang

• Three new APT groups (Exotic Lily, APT 35, DEV-0401) and four new ransomware families (AvosLocker, Karma, BlackCat, Night Sky) are deploying ransomware to attack their targets

• 141 of CISA’s Known Exploited Vulnerabilities (KEVs) are being used by ransomware operators – including 18 newly identified this quarter

• 11 vulnerabilities tied to ransomware remain undetected by popular scanners

• 624 unique vulnerabilities were found within the 846 healthcare products analysed.

https://www.helpnetsecurity.com/2022/05/19/increase-ransomware-vulnerabilities/

• Researchers Warn of Advanced Persistent Threats (APTs), Data Leaks as Serious Threats Against UK Financial Sector

Researchers say that geopolitical tension, ransomware, and cyber attacks using stolen credentials threaten the UK's financial sector.

KELA's security team published a report examining the cyber security issues and attacks that surfaced in 2021 and early 2022, specifically focused on the United Kingdom's banks and other financial services.

The UK was one of the first countries to stand with Ukraine after the invasion by Russia. This could make UK organisations a tempting target for threat actors siding with Russia - whether by state-sponsored advanced persistent threat (APT) groups or hacktivists. The National Cyber Security Centre (NCSC) previously warned businesses to shore up their cyber security following Russia's assault.

APTs are often responsible for attacking the financial sector: account credentials, card numbers, and the personally identifiable information (PII) of customers are useful not only in social engineering and identity theft but also to make fraudulent purchases or for card cloning.

APTs target organisations worldwide, and those located in the UK are no exception. Over the past few years, APTs, including the Chinese APT40 and APT31, have utilised vulnerabilities, including ProxyLogon, to compromise UK businesses.

"In general, APTs may target the financial sector to commit fraud, burglarise ATMs, execute transactions, and penetrate organisations' internal financial systems," KELA says. "Although specific threats to the UK financial sector have not been identified, there is no doubt that the UK has occasionally been a target of APT groups during 2021."

Exposed corporate information and leaked credentials are also of note. After browsing Dark Web forums, the researchers found that UK data is "in demand" by cyber criminals who are seeking PII, access credentials, and internal data.

https://www.zdnet.com/article/researchers-warn-of-apts-data-leaks-as-serious-threats-against-uk-financial-sector/

• Remote Work Hazards: Attackers Exploit Weak WiFi, Endpoints, and the Cloud

Infoblox unveils a global report examining the state of security concerns, costs, and remedies. As the pandemic and uneven shutdowns stretch into a third year, organisations are accelerating digital transformation projects to support remote work. Meanwhile, attackers have seized on vulnerabilities in these environments, creating more work and larger budgets for security teams.

1,100 respondents in IT and cyber security roles in 11 countries – United States, Mexico, Brazil, United Kingdom, Germany, France, the Netherlands, Spain, United Arab Emirates, Australia, and Singapore – participated in the survey.

The surge in remote work has changed the corporate landscape significantly – and permanently. 52% of respondents accelerated digital transformation projects, 42% increased customer portal support for remote engagement, 30% moved apps to third party cloud providers, and 26% shuttered physical offices for good. These changes led to the additions of VPNs and firewalls, a mix of corporate and employee owned devices as well as cloud and on-premises DDI servers to manage data traffic across the expanded network.

The hybrid workforce reality is causing greater concerns with data leakage, ransomware and attacks through remote access tools and cloud services. Respondents indicate concerns about their abilities to counter increasingly sophisticated cyber attacks with limited control over employees, work-from-home technologies, and vulnerable supply chain partners. The sophistication of state-sponsored malware also is a source of worry for many.

Organisations have good reason to worry: 53% of respondents experienced up to five security incidents that led to at least one breach.

https://www.helpnetsecurity.com/2022/05/17/state-of-security/

• Small Businesses Under Fire from Password Stealers

Password-stealing malware and other cyber attacks have increased significantly against small businesses over the past year, according to Kaspersky researchers.

An assessment released this week detailed the number of Trojan Password Stealing Ware (PSW) detections, internet attacks and attacks on Remote Desktop Protocol (RDP) between January and April 2022, compared with the same time frame from 2021. Kaspersky's research showed a jump in the detection of password stealers within small business environments, as well as increases in other types of cyber attacks.

According to Kaspersky, the biggest increase in threats against small businesses was password stealers, specifically Trojan PSWs. There were nearly 1 million more detected Trojan PSWs targeting small and medium-sized businesses in the first trimester of 2022 than the first of 2021, increasing from 3,029,903 to 4,003,323.

https://www.techtarget.com/searchsecurity/news/252518442/Small-businesses-under-fire-from-password-stealers

• Email Is the Riskiest Channel for Data Security

Research from Tessian and the Ponemon Institute reveals that nearly 60% of organisations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.

Email was revealed as the riskiest channel for data loss in organisations, as stated by 65% of IT security practitioners. This was closely followed by cloud file-sharing services (62%) and instant messaging platforms (57%).

The research surveyed 614 IT security practitioners across the globe to also reveal that:

• Employee negligence, because of not following policies, is the leading cause of data loss incidents (40%)

• 27% of data loss incidents are caused by malicious insiders

• It takes up to three days for security and risk management teams to detect and remediate a data loss and exfiltration incident caused by a malicious insider on email

• 23% of organisations experience up to 30 security incidents involving employees’ use of email every month (for example, email was sent to an unintended recipient).

The most common types of confidential and sensitive information lost or intentionally stolen include: customer information (61%); intellectual property (56%); and consumer information (47%). User-created data (sensitive email content, text files, M&A documents), regulated data (credit card data, Social Security numbers, national ID numbers, employee data), and intellectual property were identified as the three types of data that are most difficult to protect from data loss.

The top two consequences for data loss incidents were revealed as non-compliance with data protection regulations (57%) and damage to an organisation’s reputation (52%). Furthermore, a previous study from Tessian found that 29% of businesses lost a client or customer because of an employee sending an email to the wrong person.

https://www.helpnetsecurity.com/2022/05/20/data-loss-email/

• Phishing Attacks for Initial Access Surged 54% in Q1

Threat actors doubled down on their use of phishing emails as an initial attack vector during the first quarter of 2022 — and in many cases then used that access to drop ransomware or to extort organisations in other ways.

Researchers from Kroll recently analysed data gathered from security incidents they responded to in the first three months of this year. The analysis showed a 54% increase in incidents of phishing for initial access compared with the same period last year.

For the first time since Microsoft disclosed the so-called ProxyLogon set of vulnerabilities in Exchange Server in the first quarter of 2021, incidents tied to email compromises surpassed those related to ransomware. Kroll described the sharp increase in phishing activity as likely the result of a surge in activity tied to Emotet and IceID malware — threat actors have been using both to drop other malware.

https://www.darkreading.com/risk/phishing-attacks-for-initial-access-surged-q1

• Fears Grow for Smaller Nations After Ransomware Attack on Costa Rica Escalates

Conti demanded $20M in ransom — and the overthrow of the government.

It’s been a rough start for the newly elected Costa Rica president Rodrigo Chaves, who less than a week into office declared his country “at war” with the Conti ransomware gang.

“We’re at war and this is not an exaggeration,” Chaves told local media. “The war is against an international terrorist group, which apparently has operatives in Costa Rica. There are very clear indications that people inside the country are collaborating with Conti.”

Conti’s assault on the Costa Rican government began in April. The country’s Finance Ministry was the first hit by the Russia-linked hacking group, and in a statement on May 16, Chaves said the number of institutions impacted had since grown to 27. This, he admitted, means civil servants wouldn’t be paid on time and will impact the country’s foreign trade.

In a message posted to its dark web leaks blog, Conti urged the citizens of Costa Rica to pressure their government to pay the ransom, which the group doubled from an initial $10 million to $20 million. In a separate statement, the group warned: “We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power.”

Conti is among the most prolific hacking groups. The FBI warned earlier this year that the gang was among “the three top variants” that targeted businesses in the United States, and it has been blamed for ransomware attacks targeting dozens of businesses, including Fat Face, Shutterfly and the Irish healthcare service.

But Conti has picked up its pace in recent months: In January and February it published 31 victims on its leaks blog. In March and April, it posted 133 victims.

https://techcrunch.com/2022/05/20/costa-rica-ransomware-attack/

Threats

Ransomware

• Ransomware Gangs Rely More on Weaponizing Vulnerabilities (bleepingcomputer.com)

• Ransomware Gang Extorted 725 BTC in One Attack, On-Chain Sleuths Find (coindesk.com)

• 5 Critical Questions to Test Your Ransomware Preparedness - Help Net Security

• “Alarming” Surge in Conti Group Activity This Year - Infosecurity Magazine

• Why AI-Powered Ransomware Cyber Attacks Could Be Coming Soon - Protocol

• Nikkei Says Customer Data Likely Impacted in Ransomware Attack | SecurityWeek.Com

• Wizard Spider Hackers Hire Cold Callers to Scare Ransomware Victims Into Paying Up | ZDNet

• Greenland Hit by Cyber Attack, Finds Its Health Service Crippled (bitdefender.com)

• Conti Ransomware Shuts Down Operation, Rebrands into Smaller Units (bleepingcomputer.com)

• No One Is Slowing Down BlackByte Ransomware Gang • The Register

• President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News

• Engineering Firm Parker Discloses Data Breach After Ransomware Attack (bleepingcomputer.com)

• US links Thanos and Jigsaw ransomware to 55-year-old doctor (bleepingcomputer.com)

• Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government (thehackernews.com)

Phishing & Email Based Attacks

• This Phishing Attack Delivers Three Forms of Malware. And They All Want to Steal Your Data | ZDNet

• HTML Attachments Remain Popular Among Phishing Actors In 2022 (bleepingcomputer.com)

• Chatbot Army Deployed in Latest DHL Shipping Phish (darkreading.com)

• Phishing Gang That Stole Over 400,000 Euros Busted in Spain (tripwire.com)

• Long Lost @ Symbol Gets New Life Obscuring Malicious URLs | Malwarebytes Labs

• Spanish Police Dismantle Phishing Gang That Emptied Bank Accounts (bleepingcomputer.com)

Malware

• Emotet is the Most Common Malware - Help Net Security

• Microsoft Identifies Botnet Variant Targeting Windows and Linux Systems - Infosecurity Magazine

• Activity of the Linux XorDdos bot increased by 254% over the last 6 monthsSecurity Affairs

• Fake Domains Offer Windows 11 Installers - But Deliver Malware Instead | ZDNet

• Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware (trendmicro.com)

• Malicious PyPI Pymafka Package Opens Backdoors On Windows, Linux, and Macs (bleepingcomputer.com)

• April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell | Threatpost

Mobile

• 6 Scary Tactics Used in Mobile App Attacks (darkreading.com)

• Researchers Find Potential Way to Run Malware on iPhone Even When it's OFF (thehackernews.com)

• Google TAG: Cytrox's Predator Spyware Used to Target Android Users | WIRED

IoT

• New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars (thehackernews.com)

Data Breaches/Leaks

• Cornwall Council Data Breach - Information Security Buzz

• Pharmacy Giant Hit By Data Breach Affecting 3.6 Million Customers - Infosecurity Magazine

Organised Crime & Criminal Actors

• Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers (thehackernews.com)

• US Recovers a Record $15m from the 3ve Ad-Fraud Crew • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

• How Cryptocurrencies Enable Attackers and Defenders (techtarget.com)

• Monero-Mining Sysrv Botnet Targets Windows, Linux Web Servers • The Register

• US Brings First-Of-Its-Kind Bitcoin Sanctions-Busting Case • The Register

• Fake Pixelmon NFT Site Infects You with Password-Stealing Malware (bleepingcomputer.com)

• Hackers Compromise a String of NFT Discord Channels (vice.com)

Fraud, Scams & Financial Crime

• Popularity Of Online Payment Goes Hand-In-Hand with Fraud - Help Net Security

Supply Chain and Third Parties

• MITRE Creates Framework for Supply Chain Security (darkreading.com)

• The Four Horsemen of Software Supply Chain Attacks - MSSP Alert

• Recovering From a Cyber Security Earthquake: The Lessons Organisations Must Learn - Help Net Security

Cloud/SaaS

• 7 Key Findings from the 2022 SaaS Security Survey Report (thehackernews.com)

• New Research Identifies Poor IAM Policies as The Greatest Cloud Vulnerability - CyberScoop

• Are You Investing in Securing Your Data in the Cloud? (thehackernews.com)

• 380K Kubernetes API Servers Exposed to Public Internet | Threatpost

Open Source

• The Industry Must Better Secure Open Source Code From Threat Actors (darkreading.com)

Privacy

• How To Ensure That the Smart Home Doesn’t Jeopardize Data Privacy? - Help Net Security

• Privacy. Ad Bidders Haven't Heard of It, Report Reveals • The Register

• Third-Party Web Trackers Log What You Type Before Submitting (bleepingcomputer.com)

Passwords & Credential Stuffing

• The Most Insecure and Easily Hackable Passwords - Help Net Security

• Half of IT Leaders Store Passwords in Shared Docs - Infosecurity Magazine

Cyber Bullying and Cyber Stalking

• UK Sextortion Cases Doubled in 2021 - Infosecurity Magazine

Regulations, Fines and Legislation

• Europe Moves Closer to Stricter Cyber Security Standards • The Register

• EU's NIS 2 Directive to Strengthen Cyber Security Requirements For Companies - Help Net Security

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Google TAG: Cytrox's Predator Spyware Used to Target Android Users | WIRED

• Britain can legally launch cyber attacks against hostile states, says Attorney General (telegraph.co.uk)

• How Mobile Networks Have Become a Front in the Battle for Ukraine (darkreading.com)

• China-linked Twisted Panda Caught Spying on Russian R&D Orgs • The Register

• Pro-Russian Hackers Spread Hoaxes to Divide Ukraine, Allies | SecurityWeek.Com

• A custom PowerShell RAT Targets Germany Using Crisis in Ukraine as Bait - Security Affairs

Nation State Actors

Nation State Actors – Russia

• Putin Promises to Bolster Russia's IT Security in Face of Cyber Attacks | Reuters

• Russian Hackers Declare War On 10 Countries After Failed Eurovision DDoS attack | IT PRO

• Pro-Russian Information Operations Escalate in Ukraine War (darkreading.com)

• Russian Undersea Cable Threat Shifts Tech Business to UK (telegraph.co.uk)

• Russians Allegedly Storm Ukrainian ISP, Blackmail It to Switch To Russian Networks - CyberScoop

• Russia-linked Sandworm Continues to Conduct Attacks Against Ukraine - Security Affairs

• Russian Cyber Attack on Eurovision Foiled By Italian Authorities (bitdefender.com)

• This Russian Botnet Does Far More Than DDoS Attacks - And on A Massive Scale | ZDNet

Nation State Actors – China

• Chinese ‘Space Pirates’ are Hacking Russian Aerospace Firms (bleepingcomputer.com)

Nation State Actors – North Korea

• FBI Warns of North Korean Spies Posing as Foreign IT Workers • The Register

Nation State Actors – Iran

• US Charges Venezuelan Doctor with Selling Ransomware Used By Iranian Group | Reuters

Vulnerability Management

• APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days | Threatpost

• How Micropatching Could Help Close the Security Update Gap (techtarget.com)

• Partial Patching Still Provides Strong Protection Against APTs (darkreading.com)

Vulnerabilities

• QNAP Urges Users to Update NAS Devices to Prevent Deadbolt Ransomware Attacks (thehackernews.com)

• Cisco Fixes an IOS XR Flaw Actively Exploited in The Wild - Security Affairs

• 2 Vulnerabilities With 9.8 Severity Ratings Are Under Exploit. A 3rd Looms | Ars Technica

• Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication (darkreading.com)

• Microsoft Fixes New PetitPotam Windows NTLM Relay Attack Vector (bleepingcomputer.com)

• Apple Patches Zero-Day Kernel Hole and Much More – Update Now! – Naked Security (sophos.com)

• Two Business-Grade Netgear VPN Routers Have Security Vulnerabilities That Can't Be Fixed - Help Net Security

• SharePoint RCE Bug Resurfaces Three Months After Being Patched by Microsoft | The Daily Swig (portswigger.net)

• High-Severity Bug Reported in Google's OAuth Client Library for Java (thehackernews.com)

• Over 20,000 Zyxel Firewalls Still Exposed to Critical Bug - Infosecurity Magazine

• Apple Fixes the Sixth Zero-Day Since The Beginning of 2022 - Security Affairs

• Apache Releases Security Advisory for Tomcat | CISA

• Mozilla Patches Wednesday’s Pwn2Own Double-Exploit… on Friday! – Naked Security (sophos.com)

• Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover | Threatpost

• Critical Jupiter WordPress Plugin Flaws Let Hackers Take Over Sites (bleepingcomputer.com)

• Apple Finally Patches Exploited Vulnerabilities in macOS Big Sur, Catalina | SecurityWeek.Com

• NVIDIA Fixes Ten Vulnerabilities in Windows GPU Display Drivers (bleepingcomputer.com)

• Gmail-Linked Facebook Accounts Vulnerable to Attack Using A Chain Of Bugs—Now Fixed | Malwarebytes Labs

• New Brute Force Attacks Against SQL Servers Use PowerShell Wrapper | SecurityWeek.Com

Sector Specific

Retail/eCommerce

• How Crooks Backdoor Sites and Scrape Credit Card Info • The Register

• Digital Skimming is Now the Preserve of Non-Magecart Groups - Infosecurity Magazine

Energy & Utilities

• Water Companies Are Increasingly Uninsurable Due To Ransomware, Industry Execs Say - CyberScoop

• UK Announces Nuclear Cyber Security Strategy - IT Security Guru

Education and Academia

• Ransomware Attack Exposes Data of 500,000 Chicago Students (bleepingcomputer.com)

• Higher Education Institutions Being Targeted for Ransomware Attacks | TechRepublic

• “Incompetent” Council Leaks Details of Students With Special Educational Needs • Graham Cluley

• Researchers Find Backdoor in School Management Plugin for WordPress (thehackernews.com)

Reports Published in the Last Week

• Q2 2022 State of Fraud & Account Security Report - Arkose Labs

• 2022 SaaS Security Survey Report (adaptive-shield.com)

• 2021-2022 UK Financial Sector Dark Web Threat Landscape Report - Kela (ke-la.com)

Other News

• UK Government: Lack of Skills the Number One Issue in Cyber Security - Infosecurity Magazine

• Malicious Hackers Are Finding It Too Easy to Achieve Their Initial Access (tripwire.com)

• NIST’s Cyber Security Framework Has Become The Common Language For International Cyber Security (scmagazine.com)

• How Threat Actors Are a Click Away From Becoming Quasi-APTs (darkreading.com)

• Cyber Security: Global Food Supply Chain at Risk From Malicious Hackers - BBC News

• Cyber Security Agencies Reveal Top Initial Access Attack Vectors (bleepingcomputer.com)

• 50% of Orgs Rely on Email to Manage Security (darkreading.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World’s Biggest Meat Producer JBS Pays $11m Cyber Crime Ransom

JBS, the world’s biggest meat processor, has paid an $11m (£7.8m) ransom after a cyber attack shut down operations, including abattoirs in the US, Australia and Canada. While most of its operations have been restored, the Brazilian-headquartered company said it hoped the payment would head off any further complications including data theft. JBS, which supplies more than a fifth of all beef in the US, reportedly made the payment in bitcoin.

https://www.theguardian.com/business/2021/jun/10/worlds-biggest-meat-producer-jbs-pays-11m-cybercrime-ransom

Jackware: A New Type Of Ransomware Could Be 10 Times As Dangerous

Between the attacks on Colonial Pipeline and JBS, which disrupted nearly half of the East Coast’s gasoline supply for a week and threatened 20% of the U.S. meat market, respectively, consumers are finally experiencing the first physical impacts to their daily lives from cyber attacks. As bad as these attacks are, they could get a lot worse. Cyber criminals are constantly evolving, and what is keeping many security professionals up at night is the growing risk of “jackware” — a new type of ransomware that could be 10 times more dangerous because instead of encrypting Windows computers and servers. Jackware hijacks the actual physical devices and machines that make modern life possible. It’s only a matter of when we will see these attacks happen

https://finance.yahoo.com/news/ransomware-jackware-115229732.html?soc_src=social-sh&soc_trk=tw&tsrc=twtr

Lewd Phishing Lures Aimed At Business Explode

Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The Threat Intelligence team with GreatHorn made the discovery and explained it’s not simply libido driving users to click on these suggestive scams. Instead, these emails popping up on people’s screens at work are intended to shock the user, opening the door for them to make a reckless decision to click. It’s a tactic GreatHorn called “dynamite phishing.”

https://threatpost.com/lewd-phishing-lures-business-explode/166734/

UK Schools Forced To Shut Following Critical Ransomware Attack

Two schools in the south of England have been forced to temporarily close their doors after a ransomware attack that encrypted and stole sensitive data. The Skinners' Kent Academy and Skinners' Kent Primary School were attacked on June 2, according to a statement on the trust’s website which said it is currently working with third-party security experts, the police, and the National Cyber Security Centre (NCSC). It revealed that on-premises servers were targeted at the Tunbridge Well-based schools. As student and staff emergency contact details, medical records, timetables, and registers were encrypted by the attackers, the decision was taken to close on Monday.

https://www.infosecurity-magazine.com/news/schools-shut-ransomware-attacl/

Emerging Ransomware Targets Dozens Of Businesses Worldwide

An emerging ransomware strain in the threat landscape claims to have breached 30 organisations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organisations in the Middle East and North Africa last year. The affected entities are believed to be government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the U.S., U.K., and a dozen more countries in Asia, Europe, the Middle East, and South America.

https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html

COVID-19 Has Transformed Work, But Cyber Security Is Not Keeping Pace, Report Finds

An international survey of tech professionals from the Thales Group finds some bleak news for the current state of data security: the COVID-19 pandemic has upended cyber security norms, and security teams are struggling to keep up. The problems appear to be snowballing; lack of preparation has led to a scramble resulting in poor data protection practices, outdated security infrastructure not receiving needed overhauls, a jumble of new systems that only make matters worse and priority misalignment between security teams and leadership.

https://www.techrepublic.com/article/covid-19-has-transformed-work-but-cybersecurity-isnt-keeping-pace-report-finds/

Colonial Pipeline Ransomware Attack Was The Result Of An Old VPN Password

It took only one dusty, no-longer-used password for the DarkSide cyber criminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cyber security experts. Attackers used the password to a VPN account that was no longer in use but still allowed them to remotely access Colonial Pipeline’s network, Charles Carmakal, senior vice president at FireEye’s cyber security consulting firm Mandiant, told Bloomberg in an interview, according to a published report on the news outlet’s website.

https://threatpost.com/darkside-pwned-colonial-with-old-vpn-password/166743/

Evil Corp Rebrands Ransomware To Escape Sanctions

Threat actors behind a notorious Russian cyber crime group appear to have rebranded their ransomware once again in a bid to escape US sanctions prohibiting victims from paying them. Experts took to Twitter to point out that a leak site previously run by the Babuk group, which famously attacked Washington DC’s Metropolitan Police Department (MPD), had rebranded to “PayloadBin.” The Babuk group claimed that it was shutting down its affiliate model for encrypting victims and moving to a new model back in April. A ‘new’ ransomware variant with the same name has also been doing the rounds of late, but according to CTO of Emsisoft, Fabian Wosar, it’s nothing more than a copycat effort by Evil Corp.

https://www.infosecurity-magazine.com/news/evil-corp-rebrands-ransomware/

Billions Of Passwords Leaked Online From Past Data Breaches

A list of leaked passwords discovered on a hacker forum may be one of the largest such collections of all time. A 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords, likely gathered from past data breaches.

https://www.techrepublic.com/article/billions-of-passwords-leaked-online-from-past-data-breaches/

Threats

Ransomware

• Emerging 'Prometheus' Ransomware Claims 30 Victims In A Dozen Countries, Palo Alto Networks Says

• Ransomware Gangs Are Increasingly Going After SonicWall Devices

• A Deep Dive Into Nefilim, A Ransomware Group With An Eye For $1BN+ Revenue Companies

• Fujifilm Refuses To Pay Ransomware Demand, Restores Network From Backups

Phishing

• New Sophisticated Email-Based Attack From Nobelium

• Phishing Emails Remain In User Inboxes Over 3 Days Before They're Removed

• This Phishing Email Is Pushing Password-Stealing Malware To Windows PCs

Other Social Engineering

• Dangerous Connections: Sextortion Scams Soar During Lockdown, ITV News Investigation Finds

• WhatsApp Hijack Scam Continues To Spread

Malware

• Pirated Games Helped A Malware Campaign Compromise 3.2 Million PCs

• Steam Gaming Platform Hosting Malware

• Mystery Malware Steals 26M Passwords From Millions Of PCs. Are You Affected?

• Unit 42 Discovers First Known Malware Targeting Windows Containers

• Freakout Malware Worms Its Way Into Vulnerable VMware Servers

Mobile

• Android Banking Malware Sharply Increased In The First Chunk Of 2021, Reckons ESET

Vulnerabilities

• Microsoft June 2021 Patch Tuesday: 50 Vulnerabilities Patched, Six Zero-Days Exploited In The Wild

• Adobe Issues Security Updates For 41 Vulnerabilities In 10 Products

• Update Google Chrome Right Now To Avoid A Zero-Day Vulnerability

• Puzzlemaker Attacks Exploit Windows Zero-Day, Chrome Vulnerabilities

• Another Brick In The Wall: eCrime Groups Leverage SonicWall VPN Vulnerability

• Google Patches Critical Android RCE Bug

• Intel Plugs 29 Holes In CPUs, Bluetooth, Security

• Critical Zero-Day Vulnerabilities Found In ‘Unsupported’ Fedena School Management Software

• Microsoft Office MSGraph Vulnerability Could Lead To Code Execution

• WordPress Force Installs Jetpack Security Update On 5 Million Sites

Data Breaches

• EA Got Hit By A Data Breach, And Hackers Are Selling Source Code

• Dutch Pizza Chain Discloses Breach After Hacker Tries To Extort Company

Organised Crime & Criminal Actors

• ANOM: Hundreds Arrested In Massive Global Crime Sting Using Messaging App

Cryptocurrency

• Bitcoin Falls After US Seizes Most Of Colonial Ransom

• Crypto Currency Dealers Face Closure For Failing Uk Money Laundering Test

Nation State Actors

• Gelsemium: When Threat Actors Go Gardening

• Security Researcher Says Attacks On Russian Government Have Chinese Fingerprints – And Typos, Too

• Novel ‘Victory’ Backdoor Spotted In Chinese APT Campaign

• Chinese Hackers Using Previously Unknown Backdoor

Denial of Service

• ‘Fancy Lazarus’ Cyber Attackers Ramp Up Ransom DDoS Efforts

• DDoS Attacks Increase 341% Amid Pandemic

Charities

• Hackers Stole $650,000 From Nonprofit And Got Away

Other News

• US Investigates Leak Of Records Showing Billionaires Pay Little Tax

• Most Mobile Finance Apps Vulnerable To Data Breaches

• Many Executives Still Don't Understand Basic Tech

• The Rise Of Cyber Security Debt

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.