Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 25 June 2021

Black Arrow Cyber Threat Briefing 25 June 2021: BEC Losses Top $1.8B As Tactics Evolve; 30M Dell Devices At Risk For Remote BIOS Attacks, Remote Code Exploits; Bad Employee Behaviours Picked Up During Remote Working Pose Serious Security Risks; Ways Technical Debt Increases Security Risk; Orgs Ill-Equipped To Deal With Growing BYOD Security Threats; Firewall Manufacturer Sees 226.3 Million Ransomware Attack Attempts This Year; Ransomware Criminals Look To Other Hackers To Provide Them With Network Access


Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.


Top Cyber Stories of the Last Week

BEC Losses Top $1.8B As Tactics Evolve

Business email compromise (BEC) attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organisations with these types of attacks last year alone — and things are getting worse. BEC attacks are carried out by cyber criminals either impersonating someone inside an organisation, or masquerading as a partner or vendor, bent on financial scamming. A new report from Cisco’s Talos Intelligence examined the tactics of some of the most dangerous BEC attacks observed in the wild in 2020 and reminded the security community that in addition to technology, smart users armed with a healthy scepticism of outside communications and the right questions to ask are the best line of defence. “The reality is, these types of emails and requests happen legitimately all over the world every day, which is what makes this such a challenge to stop,” the report said.

https://threatpost.com/bec-losses-top-18b/167148/

30M Dell Devices At Risk For Remote BIOS Attacks, Remote Code Execution

A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide. According to analysis the bugs affect 129 models of laptops, tablet, and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.

https://threatpost.com/dell-bios-attacks-rce/167195/

Bad Employee Behaviours Picked Up During Remote Working Pose Serious Security Risks in the New Hybrid Workplace

Most employers are wary that the post-pandemic hybrid workforce would bring bad cyber security behaviours. More than half (56%) of employers believed that employees had picked bad security practices while working remotely. Similarly, nearly two-fifths (39%) of employees also admitted that their employee behaviours differed significantly while working from home compared to the office. Additionally, nearly a third (36%) admitted discovering ‘workarounds’ since they started working remotely. Younger workers were more prone to these bad employee behaviours, with 51% of 16-24, 46% of 25-34, and 35% of 35-44-year-olds using ‘workarounds.’ Close to half (49%) of workers adopted the risky behaviour because they felt that they were not being watched by IT departments. Nearly a third (30%) said they felt that they could get away with the risky employee behaviours while working away from the office.

https://www.cpomagazine.com/cyber-security/bad-employee-behaviors-picked-up-during-remote-working-pose-serious-security-risks-in-the-new-hybrid-workplace/

7 Ways Technical Debt Increases Security Risk

Two in three CISOs believe that technical debt, the difference between what's needed in a project and what's finally deployed, to be a significant cause of security vulnerability, according to the 2021 Voice of the CISO report. Most technical debt is created by taking shortcuts while placing crucial aspects such as architecture, code quality, performance, usability, and, ultimately, security on hold. Many large organisations are carrying tens or hundreds of thousands of discovered but un-remediated risks in their vulnerability management systems,. In many sectors there's this insidious idea that underfunded security efforts, plus risk management, are almost as good as actually doing the security work required, which is dangerously wrong.

https://www.csoonline.com/article/3621754/7-ways-technical-debt-increases-security-risk.html

Organisations Ill-Equipped To Deal With Growing BYOD Security Threats

A report shows the rapid adoption of unmanaged personal devices connecting to work-related resources (aka BYOD) and why organisations are ill-equipped to deal with growing security threats such as malware and data theft. The study surveyed hundreds of cyber security professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced using personal mobile devices. The insights in this report are especially relevant as more enterprises are shifting to permanent remote work or hybrid work models, connecting more devices to corporate networks and, as a result, expanding the attack surface.

https://www.helpnetsecurity.com/2021/06/17/byod-security/

Firewall Manufacturer SonicWall Sees 226.3 Million Ransomware Attack Attempts This Year

Firewall manufacturer SonicWall said it saw dramatic increases in almost every market, even in those such as the US and UK, where ransomware attacks were already common. The US saw a 149% spike, and the UK 69%. “The bombardment of ransomware attacks is forcing organisations into a constant state of defence rather than an offensive stance,” said the SonicWall CEO. “And as the tidal wave of ransomware attacks continues to crush company after company, there is a lot of speculation on how to keep individual organisations safe, but no real consensus on how to move forward when it comes to combating ransomware.

https://www.computerweekly.com/news/252502854/SonicWall-sees-2263-million-ransomware-attack-attempts-this-year

Ransomware Criminals Look To Other Hackers To Provide Them With Network Access

According to a new report, cyber criminals distributing ransomware are increasingly turning to other hackers to buy access into corporate networks.

Researchers said a robust and lucrative criminal ecosystem exists where criminals work together to carry out ransomware attacks. In this ecosystem, ransomware operators buy access from independent cyber criminal groups who infiltrate major targets for part of the ransom proceeds.

Cyber criminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network said researchers.

https://www.itpro.co.uk/security/ransomware/359919/ransomware-criminals-look-to-other-hackers-to-provide-them-with-network

5 Biggest Healthcare Security Threats For 2021

Cyber Attacks targeting the healthcare sector have surged because of the COVID-19 pandemic and the resulting rush to enable remote delivery of healthcare services. Security vendors and researchers tracking the industry have reported a major increase in phishing attacks, ransomware, web application attacks, and other threats targeting healthcare providers. The trend has put enormous strain on healthcare security organisations that already had their hands full dealing with the usual volume of threats before the pandemic. “The healthcare industry is under siege from a range of complex security risks," says Terry Ray. Cyber Criminals are hunting for the sensitive and valuable data that healthcare has access to, both patient data and corporate data, he says. Many organisations are struggling to meet the challenge because they are under-resourced and rely on vulnerable systems, third-party applications, and APIs to deliver services.

https://www.csoonline.com/article/3262187/biggest-healthcare-security-threats.html


Threats

Ransomware

BEC

Phishing

Other Social Engineering

Malware

Mobile

Vulnerabilities

Data Breaches

Cryptocurrency

Dark Web

OT, ICS, IIoT and SCADA

Nation State Actors

Cloud

Privacy



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 26 February 2021

Black Arrow Cyber Threat Briefing 26 February 2021: Cyber Crime Could Cost The World $10.5 Trillion Annually By 2025; 119,000 Threats Per Minute Detected In 2020; 78% Of Top Security Leaders Say Their Organisations Are Unprepared For A Cyber Attack; Uk Faced Millions Of Cyber Attacks Last Year; New Tier Of APT Actors That Behave More Like Cyber Criminals; US Calls North Korean Hackers ‘World’s Leading Bank Robbers’; Sequoia Capital, One Of Silicon Valley's Most Notable VC Firms, Told Investors It Was Hacked; Poor Hardware Disposal Practices Posing A Risk To Data Security

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.



Top Cyber Stories of the Last Week

Cyber Crime Could Cost The World $10.5 Trillion Annually By 2025

In a world that is becoming increasingly reliant on technology, cyber security is an extremely important priority for entrepreneurs and small and medium-sized businesses. And it's become even more essential in the wake of the pandemic. In June 2020, a report revealed that small and medium-sized businesses were at an especially high risk of data breaches and cyber attacks during the pandemic.

https://www.entrepreneur.com/article/364015

119,000 Threats Per Minute Detected In 2020

The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion. Averaging out at 119,000 cyber-threats per minute, the huge figure was included in the company's annual roundup, Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target.

https://www.infosecurity-magazine.com/news/119k-threats-per-minute-detected/

78% Of Top Security Leaders Say Their Organisations Are Unprepared For A Cyber Attack

Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyber attacks. The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cyber security budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in 2020.

https://www.scmagazine.com/home/security-news/network-security/78-percent-of-top-security-leaders-say-their-organizations-are-unprepared-for-a-cyberattack/

UK Faced Millions Of Cyber Attacks Last Year

The UK faced millions of Covid-19-related cyber security threats last year, but generally managed to mitigate attacks effectively. A total of 16.4 million Covid-19-related threats were recorded last year, with four percent (563,571) identified in the UK. The US suffered the highest volume of attacks by a significant margin: more than 6.5 million. Germany was second with 2.3 million, and France rounded out the top three with just over one million attacks.

https://www.itproportal.com/news/uk-faced-millions-of-cyberattacks-last-year/

New Malformed URL Phishing Technique Can Make Attacks Harder To Spot

Warning of a new form of phishing attack that makes malicious messages more likely to get through filters and harder for the average person to detect by sight. By hiding phishing information in the prefixes of URLs, attackers can send what looks like a link to a legitimate website, free of misspellings and all, with a malicious address hidden in the prefix of the link.

https://www.techrepublic.com/article/new-malformed-url-phishing-technique-can-make-attacks-harder-to-spot/

Hackers Share Details Of Canadian Military Spy Plane On Dark Web

Hackers have shared details of a Canadian military spy plane after its manufacturers seemingly refused to pay a cyber ransom. Aerospace firm Bombardier, whose Global 6000 plane is used for Saab’s GlobalEye spy system, says it was the victim of a “limited cyber security breach.” That saw detailed plans of the airborne early warning system developed by the Swedish defence company Saab being dumped on the dark web site CLOP^_-LEAKS.

https://www.independent.co.uk/news/world/americas/hackers-spy-plane-bombardier-saab-b1807037.html

Cisco Points To New Tier Of APT Actors That Behave More Like Cyber Criminals

Cisco Talos suggests that maybe it is time to start thinking of hacker groups as more than either advanced persistent threat or criminal attackers. It is already well established that some APTs operate as criminals. Several international governments, including the United States, have identified North Korean state-sponsored hackers as stealing on behalf of the government, and other groups have been identified by vendors as state-sponsored groups with actors who occasionally freelance as criminals.

https://www.scmagazine.com/home/security-news/apts-cyberespionage/cisco-points-to-new-tier-of-apt-actors-that-behave-more-like-cybercriminals/

These Hackers Sell Network Logins To The Highest Bidder. And Ransomware Gangs Are Buying

A growing class of cyber criminals are playing an important role on underground marketplaces by breaching corporate networks and selling access to the highest bidder to exploit however they please. The buying and selling of stolen login credentials and other forms of remote access to networks has long been a part of the dark web ecosystem, but according to analysis by cyber security researchers, there has been a notable increase in listings by 'Initial Access Brokers' over the course of the past year.

https://www.zdnet.com/article/these-hackers-sell-network-logins-to-the-highest-bidder-and-ransomware-gangs-are-buying/

U.S. Calls North Korean Hackers ‘World’s Leading Bank Robbers’

North Korea was accused of being behind the 2014 hack of an internal computer network of Sony Pictures Entertainment Inc., an audacious attack that exposed Hollywood secrets and destroyed company data.

https://www.bloomberg.com/news/articles/2021-02-17/u-s-charges-3-north-koreans-linked-to-sony-hack-in-new-scheme

Sequoia Capital, One Of Silicon Valley's Most Notable VC Firms, Told Investors It Was Hacked

One of Silicon Valley's oldest and most venerable VC firms was hacked. Sequoia Capital told its investors on Friday that some personal and financial information may have been accessed by a third party after one of its employees fell victim to a successful. Phishing attack, according to a report in Axios Friday. Sequoia told investors that it has not yet seen any indication that compromised information is being traded or otherwise exploited on the dark web, Axios reported.

https://www.businessinsider.com/vc-firm-sequoia-capital-told-investors-it-was-hacked-2021-2?utmSource=twitter&utmContent=referral&utmTerm=topbar&referrer=twitter

Poor Hardware Disposal Practices Posing A Risk To Data Security

Many business leaders are not paying much attention to the way they dispose of old and obsolete hardware, opening their organizations up to possible data breaches. Of the 1,029 people polled for the report, a fifth said their employer disposed of various IT hardware over the last 12 months. However, less than half (40 percent) thought this hardware did not contain confidential data when it was disposed of.

https://www.itproportal.com/news/poor-hardware-disposal-pratice-posing-a-risk-to-data-security/


Threats

Ransomware

Phishing

Malware

Mobile

Vulnerabilities

Organised Crime

Dark Web

OT, ICS, IIoT and SCADA

Nation-State Actors

Denial of Service

Privacy


Reports Published in the Last Week



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More