Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 25 June 2021
Black Arrow Cyber Threat Briefing 25 June 2021: BEC Losses Top $1.8B As Tactics Evolve; 30M Dell Devices At Risk For Remote BIOS Attacks, Remote Code Exploits; Bad Employee Behaviours Picked Up During Remote Working Pose Serious Security Risks; Ways Technical Debt Increases Security Risk; Orgs Ill-Equipped To Deal With Growing BYOD Security Threats; Firewall Manufacturer Sees 226.3 Million Ransomware Attack Attempts This Year; Ransomware Criminals Look To Other Hackers To Provide Them With Network Access
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
BEC Losses Top $1.8B As Tactics Evolve
Business email compromise (BEC) attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organisations with these types of attacks last year alone — and things are getting worse. BEC attacks are carried out by cyber criminals either impersonating someone inside an organisation, or masquerading as a partner or vendor, bent on financial scamming. A new report from Cisco’s Talos Intelligence examined the tactics of some of the most dangerous BEC attacks observed in the wild in 2020 and reminded the security community that in addition to technology, smart users armed with a healthy scepticism of outside communications and the right questions to ask are the best line of defence. “The reality is, these types of emails and requests happen legitimately all over the world every day, which is what makes this such a challenge to stop,” the report said.
https://threatpost.com/bec-losses-top-18b/167148/
30M Dell Devices At Risk For Remote BIOS Attacks, Remote Code Execution
A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide. According to analysis the bugs affect 129 models of laptops, tablet, and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.
https://threatpost.com/dell-bios-attacks-rce/167195/
Bad Employee Behaviours Picked Up During Remote Working Pose Serious Security Risks in the New Hybrid Workplace
Most employers are wary that the post-pandemic hybrid workforce would bring bad cyber security behaviours. More than half (56%) of employers believed that employees had picked bad security practices while working remotely. Similarly, nearly two-fifths (39%) of employees also admitted that their employee behaviours differed significantly while working from home compared to the office. Additionally, nearly a third (36%) admitted discovering ‘workarounds’ since they started working remotely. Younger workers were more prone to these bad employee behaviours, with 51% of 16-24, 46% of 25-34, and 35% of 35-44-year-olds using ‘workarounds.’ Close to half (49%) of workers adopted the risky behaviour because they felt that they were not being watched by IT departments. Nearly a third (30%) said they felt that they could get away with the risky employee behaviours while working away from the office.
7 Ways Technical Debt Increases Security Risk
Two in three CISOs believe that technical debt, the difference between what's needed in a project and what's finally deployed, to be a significant cause of security vulnerability, according to the 2021 Voice of the CISO report. Most technical debt is created by taking shortcuts while placing crucial aspects such as architecture, code quality, performance, usability, and, ultimately, security on hold. Many large organisations are carrying tens or hundreds of thousands of discovered but un-remediated risks in their vulnerability management systems,. In many sectors there's this insidious idea that underfunded security efforts, plus risk management, are almost as good as actually doing the security work required, which is dangerously wrong.
https://www.csoonline.com/article/3621754/7-ways-technical-debt-increases-security-risk.html
Organisations Ill-Equipped To Deal With Growing BYOD Security Threats
A report shows the rapid adoption of unmanaged personal devices connecting to work-related resources (aka BYOD) and why organisations are ill-equipped to deal with growing security threats such as malware and data theft. The study surveyed hundreds of cyber security professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced using personal mobile devices. The insights in this report are especially relevant as more enterprises are shifting to permanent remote work or hybrid work models, connecting more devices to corporate networks and, as a result, expanding the attack surface.
https://www.helpnetsecurity.com/2021/06/17/byod-security/
Firewall Manufacturer SonicWall Sees 226.3 Million Ransomware Attack Attempts This Year
Firewall manufacturer SonicWall said it saw dramatic increases in almost every market, even in those such as the US and UK, where ransomware attacks were already common. The US saw a 149% spike, and the UK 69%. “The bombardment of ransomware attacks is forcing organisations into a constant state of defence rather than an offensive stance,” said the SonicWall CEO. “And as the tidal wave of ransomware attacks continues to crush company after company, there is a lot of speculation on how to keep individual organisations safe, but no real consensus on how to move forward when it comes to combating ransomware.
Ransomware Criminals Look To Other Hackers To Provide Them With Network Access
According to a new report, cyber criminals distributing ransomware are increasingly turning to other hackers to buy access into corporate networks.
Researchers said a robust and lucrative criminal ecosystem exists where criminals work together to carry out ransomware attacks. In this ecosystem, ransomware operators buy access from independent cyber criminal groups who infiltrate major targets for part of the ransom proceeds.
Cyber criminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network said researchers.
5 Biggest Healthcare Security Threats For 2021
Cyber Attacks targeting the healthcare sector have surged because of the COVID-19 pandemic and the resulting rush to enable remote delivery of healthcare services. Security vendors and researchers tracking the industry have reported a major increase in phishing attacks, ransomware, web application attacks, and other threats targeting healthcare providers. The trend has put enormous strain on healthcare security organisations that already had their hands full dealing with the usual volume of threats before the pandemic. “The healthcare industry is under siege from a range of complex security risks," says Terry Ray. Cyber Criminals are hunting for the sensitive and valuable data that healthcare has access to, both patient data and corporate data, he says. Many organisations are struggling to meet the challenge because they are under-resourced and rely on vulnerable systems, third-party applications, and APIs to deliver services.
https://www.csoonline.com/article/3262187/biggest-healthcare-security-threats.html
Threats
Ransomware
Ransomware: Now Gangs Are Using Virtual Machines To Disguise Their Attacks
Clop Ransomware Gang Doxes Two New Victims Days After Police Raids
Wormable Bash DarkRadiation Ransomware Targets Linux Distros And Docker Containers
Faux ‘DarkSide’ Gang Takes Aim At Global Energy, Food Sectors
A Deep Dive Into The Operations Of The LockBIT Ransomware Group
Fashion titan French Connection Says 'FCUK' Ss REvil-Linked Ransomware Makes Off With Data
BEC
Phishing
Phishing Attack's Unusual File Attachment Is A Double-Edged Sword
Man Arrested After 26,000 'Phishing' Text Messages Sent Out In A Single Day
Other Social Engineering
Malware
50% Of Misconfigured Containers Hit By Botnets In Under An Hour
Dirtymoe Malware Has Infected More Than 100,000 Windows Systems
Mobile
Vulnerabilities
Google Confirms 7th Chrome ‘Zero Day’ Vulnerability, Upgrade Now
Linux Marketplaces Vulnerable To RCE And Supply Chain Attacks
Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access
Sonicwall Bug Affecting 800k Firewalls Was Only Partially Fixed
Hackers Are Using Unknown User Accounts To Target Zyxel Firewalls And VPNs
Data Breaches
Cryptocurrency
Dark Web
OT, ICS, IIoT and SCADA
Nation State Actors
The Lazarus Heist: How North Korea Almost Pulled Off A Billion-Dollar Hack
Cyber Espionage By Chinese Hackers In Neighbouring Nations Is On The Rise
Cyber Attack On Polish Government Officials Linked To Russian Hackers
Cloud
Privacy
Other News
IT Leaders Say Cyber Security Funding Being Wasted On Remote Work Support
Hackers Are Trying To Attack Big Companies. Small Suppliers Are The Weakest Link
APNIC Left A Dump From Its WhoIS SQL Database In A Public Google Cloud bucket
Average Time To Fix Critical Cyber Security Vulnerabilities Is 205 Days
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 26 February 2021
Black Arrow Cyber Threat Briefing 26 February 2021: Cyber Crime Could Cost The World $10.5 Trillion Annually By 2025; 119,000 Threats Per Minute Detected In 2020; 78% Of Top Security Leaders Say Their Organisations Are Unprepared For A Cyber Attack; Uk Faced Millions Of Cyber Attacks Last Year; New Tier Of APT Actors That Behave More Like Cyber Criminals; US Calls North Korean Hackers ‘World’s Leading Bank Robbers’; Sequoia Capital, One Of Silicon Valley's Most Notable VC Firms, Told Investors It Was Hacked; Poor Hardware Disposal Practices Posing A Risk To Data Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Crime Could Cost The World $10.5 Trillion Annually By 2025
In a world that is becoming increasingly reliant on technology, cyber security is an extremely important priority for entrepreneurs and small and medium-sized businesses. And it's become even more essential in the wake of the pandemic. In June 2020, a report revealed that small and medium-sized businesses were at an especially high risk of data breaches and cyber attacks during the pandemic.
https://www.entrepreneur.com/article/364015
119,000 Threats Per Minute Detected In 2020
The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion. Averaging out at 119,000 cyber-threats per minute, the huge figure was included in the company's annual roundup, Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target.
https://www.infosecurity-magazine.com/news/119k-threats-per-minute-detected/
78% Of Top Security Leaders Say Their Organisations Are Unprepared For A Cyber Attack
Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyber attacks. The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cyber security budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in 2020.
UK Faced Millions Of Cyber Attacks Last Year
The UK faced millions of Covid-19-related cyber security threats last year, but generally managed to mitigate attacks effectively. A total of 16.4 million Covid-19-related threats were recorded last year, with four percent (563,571) identified in the UK. The US suffered the highest volume of attacks by a significant margin: more than 6.5 million. Germany was second with 2.3 million, and France rounded out the top three with just over one million attacks.
https://www.itproportal.com/news/uk-faced-millions-of-cyberattacks-last-year/
New Malformed URL Phishing Technique Can Make Attacks Harder To Spot
Warning of a new form of phishing attack that makes malicious messages more likely to get through filters and harder for the average person to detect by sight. By hiding phishing information in the prefixes of URLs, attackers can send what looks like a link to a legitimate website, free of misspellings and all, with a malicious address hidden in the prefix of the link.
Hackers Share Details Of Canadian Military Spy Plane On Dark Web
Hackers have shared details of a Canadian military spy plane after its manufacturers seemingly refused to pay a cyber ransom. Aerospace firm Bombardier, whose Global 6000 plane is used for Saab’s GlobalEye spy system, says it was the victim of a “limited cyber security breach.” That saw detailed plans of the airborne early warning system developed by the Swedish defence company Saab being dumped on the dark web site CLOP^_-LEAKS.
https://www.independent.co.uk/news/world/americas/hackers-spy-plane-bombardier-saab-b1807037.html
Cisco Points To New Tier Of APT Actors That Behave More Like Cyber Criminals
Cisco Talos suggests that maybe it is time to start thinking of hacker groups as more than either advanced persistent threat or criminal attackers. It is already well established that some APTs operate as criminals. Several international governments, including the United States, have identified North Korean state-sponsored hackers as stealing on behalf of the government, and other groups have been identified by vendors as state-sponsored groups with actors who occasionally freelance as criminals.
These Hackers Sell Network Logins To The Highest Bidder. And Ransomware Gangs Are Buying
A growing class of cyber criminals are playing an important role on underground marketplaces by breaching corporate networks and selling access to the highest bidder to exploit however they please. The buying and selling of stolen login credentials and other forms of remote access to networks has long been a part of the dark web ecosystem, but according to analysis by cyber security researchers, there has been a notable increase in listings by 'Initial Access Brokers' over the course of the past year.
U.S. Calls North Korean Hackers ‘World’s Leading Bank Robbers’
North Korea was accused of being behind the 2014 hack of an internal computer network of Sony Pictures Entertainment Inc., an audacious attack that exposed Hollywood secrets and destroyed company data.
Sequoia Capital, One Of Silicon Valley's Most Notable VC Firms, Told Investors It Was Hacked
One of Silicon Valley's oldest and most venerable VC firms was hacked. Sequoia Capital told its investors on Friday that some personal and financial information may have been accessed by a third party after one of its employees fell victim to a successful. Phishing attack, according to a report in Axios Friday. Sequoia told investors that it has not yet seen any indication that compromised information is being traded or otherwise exploited on the dark web, Axios reported.
Poor Hardware Disposal Practices Posing A Risk To Data Security
Many business leaders are not paying much attention to the way they dispose of old and obsolete hardware, opening their organizations up to possible data breaches. Of the 1,029 people polled for the report, a fifth said their employer disposed of various IT hardware over the last 12 months. However, less than half (40 percent) thought this hardware did not contain confidential data when it was disposed of.
https://www.itproportal.com/news/poor-hardware-disposal-pratice-posing-a-risk-to-data-security/
Threats
Ransomware
Underwriters Laboratories (UL) certification giant hit by ransomware
Ransomware Gang Says It's Selling Data from Cyber attack That California DMV Warned About
Phishing
Malware
Mobile
Vulnerabilities
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
Code-execution flaw in VMware has a severity rating of 9.8 out of 10
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs
Recently fixed Windows zero-day actively exploited since mid-2020
Clubhouse Chats Are Breached, Raising Concerns Over Security
Organised Crime
The bitcoin blockchain is helping keep a botnet from being taken down
New Hack Lets Attackers Bypass Mastercard Pin by Using Them As Visa Card
Dark Web
OT, ICS, IIoT and SCADA
Hackers Tied to Russia's GRU Targeted the US Grid for Years, Researchers Warn
The U.S. Has Released the Most Comprehensive Catalog of North Korean Cyber Crimes Ever Made Public
Nation-State Actors
Denial of Service
Privacy
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.