Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 30 July 2021
Black Arrow Cyber Threat Briefing 30 July 2021: Many Workers Ignore Security Risks To Maximize Productivity; Financial Services Accounting For Nearly 40% Of All Phishing URLs; Half Of Organisations Are Ineffective At Countering Phishing And Ransomware Threats; 36% Of Organisations Suffered A Serious Cloud Security Data Leak Or A Breach In The Past Year; HP Finds 75% Of Threats Were Delivered By Email In First Six Months Of 2021
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Many Workers Ignore Security Risks To Maximize Productivity
A large proportion of employees often take shortcuts to optimize productivity at work, despite understanding the security risks, new data suggests. According to a survey which polled 8,000 workers worldwide, almost four in five (79%) have engaged in one or more “risky activity” in the past twelve months. In a third of cases (35%), this involved saving passwords to their browser. A similar percentage admitted to using a single password across multiple online accounts, while 23% connected personal devices to corporate networks.
https://www.itproportal.com/news/many-workers-ignore-security-risks-to-maximize-productivity/
Financial Services Accounting For Nearly 40% Of All Phishing URLs
A report was released for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected for June alone. For this 6-month window researchers identified Crédit Agricole as the most impersonated brand, with 17,555 unique phishing URLs, followed by Facebook, with 17,338, and Microsoft, with 12,777.
https://www.helpnetsecurity.com/2021/07/22/financial-services-phishing/
Half Of Organisations Are Ineffective At Countering Phishing And Ransomware Threats
Half of organisations are not effective at countering phishing and ransomware threats. The findings come from a study compiled from interviews with 130 cyber security professionals in mid-sized and large organisations. “Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,”. “Organisations need multi-layered defences in place to mitigate these risks.”
https://www.helpnetsecurity.com/2021/07/19/countering-phishing-and-ransomware/
36% Of Organisations Suffered A Serious Cloud Security Data Leak Or A Breach In The Past Year
As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks—and the costs of addressing them—are increasing. The findings are part of the State of Cloud Security 2021 survey. The survey of 300 cloud pros (including cloud engineers; security engineers; DevOps; architects) found that 36% of organisations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they’re vulnerable to a major data breach related to cloud misconfiguration. 64% say the problem will get worse or remain unchanged over the next year.
https://www.helpnetsecurity.com/2021/07/27/cloud-security-data-leak/
HP Finds 75% Of Threats Were Delivered By Email In First Six Months Of 2021
According to the latest HP Report, email is still the most popular way for malware and other threats to be delivered, with more than 75% of threats being sent through email messages. The report -- covering the first half of 2021 -- is compiled based on customers who opt to share their threat alerts with the company. HP's researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools can solve CAPTCHA challenges using computer vision techniques.
Data Breach Costs Hit Record High Due To Pandemic
Data breaches have always proved costly for victimized organisations. But the coronavirus pandemic made a bad situation even worse. A report released Wednesday looks at how and why the average cost of dealing with a data breach has jumped to a new high. The average cost of a data breach among companies surveyed reached $4.24 million per incident, the highest in 17 years.
https://www.techrepublic.com/article/data-breach-costs-hit-record-high-due-to-pandemic/
Top 30 Critical Security Vulnerabilities Most Exploited By Hackers
Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors can swiftly weaponize publicly disclosed flaws to their advantage. The top 30 vulnerabilities span a wide range of software, including remote work, virtual private networks (VPNs), and cloud-based technologies, that cover a broad spectrum of products from Microsoft, VMware, Pulse Secure, Fortinet, Accellion, Citrix, F5 Big IP, Atlassian, and Drupal.
https://thehackernews.com/2021/07/top-30-critical-security.html
Average Time To Fix High Severity Vulnerabilities Grows From 197 Days To 246 Days In 6 Months: Report
A recent report has found that the remediation rate for severe vulnerabilities is on the decline, while the average time to fix is on the rise. The report, which is compiled monthly, covers window of exposure, vulnerability by class and time to fix. The latest report found that the window of exposure for applications has increased over the last six months while the top-5 vulnerability classes by prevalence remain constant, which the researchers behind the report said was a "systematic failure to address these well-known vulnerabilities." According to researchers, the time to fix vulnerabilities has dropped 3 days, from 205 days to 202 days. The average time to fix is 202 days, the report found, representing an increase from 197 days at the beginning of the year. The average time to fix for high vulnerabilities grew from 194 days at the beginning of the year to 246 days at the end of June.
Why Remote Working Leaves Us Vulnerable To Cyber Attacks
An industry survey found 56% of senior IT technicians believe their employees have picked up bad cyber security habits while working from home. For Example. A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack - US Independence Day, 4 July. They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers. Many firms were forced into a costly downtime period as a result. Among those targeted during the incident was a well-known software provider, Kaseya. REvil used Kaseya as a conduit to spread its ransomware - a malware that can scramble and steal an organisation's computer data - through other corporate and cloud-based networks that use the software.
https://www.bbc.co.uk/news/business-57847652
Stop Mitigating Cyber Security Threats And Start Preventing Them
The impacts of a successful cyber attack can be devastating. Through multiple forms of extortion, criminals can use stolen data and other business-critical assets, including sensitive financial and customer data to hold companies hostage with just one campaign. The average cost of a phishing attack last year was $832,500, with zero-day attacks costing around $1,238,000. Spending this amount of money to recover from a cyber attack could bring a company to its knees. Today’s cyber attacks present very real existential threats to businesses and C-level executives are beginning to fully realize the gravity of these threats. It is critical that organizations invest in solutions that are going to help stop these attackers before they enter their environments.
Threats
Ransomware
Babuk Ransomware Decryptor Causes Encryption 'Beyond Repair'
Ransomware Can Penetrate Quickly, Significantly Damaging An Organisation
BlackMatter Ransomware Targets Companies With Revenue Of $100 Million And More
LockBit Ransomware Now Encrypts Windows Domains Using Group Policies
The World's Top Ransomware Gangs Have created A cyber Crime "Cartel"
Social Engineering
Average Organisation Targeted By Over 700 Social Engineering Attacks Each Year: Report
These Hackers Built An Elaborate Online Profile To Fool Their Targets Into Downloading Malware
Malware
Hackers Exploit Microsoft Browser Bug To Deploy VBA Malware On Targeted PCs
Microsoft Warns Of LemonDuck Malware Targeting Windows and Linux Systems
Japanese Computers Hit By A Wiper Malware Ahead Of 2021 Tokyo Olympics
Mobile
New Android Malware Uses VNC To Spy And Steal Passwords From Victims
UBEL Is The New Oscorp — Android Credential Stealing Malware Active In The Wild
Vulnerabilities
Microsoft Warns Of Credential Stealing NTLM Relay Attacks Against Windows Domain Controllers
VPN Servers Seized By Ukrainian Authorities Weren’t Encrypted
Hackers Have Found Yet Another Way To Attack Kubernetes Clusters
Windows 10 Printer Problems Persist Following Latest Security Update
Apple Releases Urgent 0-Day Bug Patch For Mac, iPhone And iPad Devices
Researchers Warn Of Unpatched Kaseya Unitrends Backup Vulnerabilities
New Linux Kernel Bug Lets You Get Root On Most Modern Distros
Dozens Of Web Apps Vulnerable To DNS Cache Poisoning Via ‘Forgot Password’ Feature
Nasty MacOS Malware XCSSET Now Targets Google Chrome, Telegram Software
Data Breaches
Organised Crime & Criminal Actors
Threat Actor Offers Clubhouse Secret Database Containing 3.8b Phone Numbers
Number Of Hacking Tools Increasing As Cyber Criminals Become More Organised
Dark Web
Supply Chain
DoS/DDoS
Nation State Actors
Chinese Hackers Implant PlugX Variant On Compromised MS Exchange Servers
APT Group Hits IIS Web Servers With Deserialization Flaws And Memory-Resident Malware
Privacy
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Is Just Purchasing Cyber Security Tools Enough? - Cyber Tip Tuesday
Welcome to this week's Black Arrow Cyber Tip Tuesday, this week James is talking about how purchasing security tools does not in itself increase security.
It’s fair to say that there are plenty of things you can do for little or no cost that will greatly decrease your attack surface or increase your security posture. With the sheer number of products on offer promising a complete solution, it’s easy to fall in to the trap of wanting a quick fix for security. However, simply purchasing a product is unlikely to offer any benefit without appropriate configuration or in many cases the expertise to interpret the output.
Welcome to this week's Black Arrow Cyber Tip Tuesday, this week James is talking about how purchasing security tools does not in itself increase security.
It’s fair to say that there are plenty of things you can do for little or no cost that will greatly decrease your attack surface or increase your security posture. With the sheer number of products on offer promising a complete solution, it’s easy to fall in to the trap of wanting a quick fix for security. However, simply purchasing a product is unlikely to offer any benefit without appropriate configuration or in many cases the expertise to interpret the output.
A good example is Microsoft 365 which offers many passive security features as well as some of the most accessible and competitive security tools on the market for businesses of all sizes. However, in order to take advantage of these features they must first be configured and then maintained and monitored with oversight by a security specialist.
Security is not a tool or even a collection of tools but a mindset of deliberate and regular actions.
If you'd like to know more about how you can protect yourself or your company, contact us today.
Cyber Tip Tuesday for 14 January - No Technical Tool or Tools offer 100% Protection
Today we are talking about tools, as no tool, or suite of tools, can offer one hundred percent protection, after all anything man made can be man broken! Even if a tool did offer complete protection today there will be teams of people around the world working around the clock to break it. Anyone who says they rest easy or who says they sleep well at night because they have a particular tool is likely overconfident in that tool's ability to keep them safe. Multiple layers of protection are needed and any technical solution still needs to be backed up with robust people and governance controls.
Today we are talking about tools, as no tool, or suite of tools, can offer one hundred percent protection, after all anything man made can be man broken!
Even if a tool did offer complete protection today there will be teams of people around the world working around the clock to break it.
Anyone who says they rest easy or who says they sleep well at night because they have a particular tool is likely overconfident in that tool's ability to keep them safe.
Multiple layers of protection are needed and any technical solution still needs to be backed up with robust people and governance controls.
We can analyse your protections to see where your weaknesses might exist, and we can help shore up people and governance controls too.