Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 08 December 2023
Black Arrow Cyber Threat Intelligence Briefing 08 December 2023:
-Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year
-Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says Government
-NCSC CTO Cyber Security is Essential, Not Optional
-69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs
-75% of Sports Related Passwords are Reused Across Accounts
-Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift
-Ransomware, Vendor Hacks Push Breach Number to Record High
-Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure
-Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?
-US Government Agency Was Hacked Thanks to 'End of Life' Software
-Digital Transformation, Security Implications, and their Effects on The Modern Workplace
-Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach
-Report Reveals Sorry State of Cyber Security at UK Football Clubs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year
A survey of more than 1,200 UK businesses of all sizes across multiple industries conducted by Aviva found that a fifth of UK businesses were victims to cyber attacks in the past year. The report found that businesses were 67% more likely to have experienced a cyber incident than a physical theft and five times more likely to have experienced a cyber attack than a fire.
When it came to the fallout from a cyber attack, 31% of businesses experienced operational disruption and 20% admit to not being confident in knowing what to do should this happen. This lack of confidence rises to more than a quarter (27%) for small businesses, who appear to be the most vulnerable to such a risk. Financially, the average incident was found to cost £21,000, however this figure is likely to be more given the further implications that result from a cyber attack.
Sources: [Insurance Age] [theHRD] [Infosecurity Magazine]
Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says UK Government
The UK government has accused Russia's Federal Security Service (FSB), successor to the KGB, of conducting a prolonged cyber hacking campaign since at least 2015, targeting politicians, journalists, academics, and others through sophisticated attacks that included the creation of false accounts. This accusation, part of a coordinated effort with the US, aims to disrupt FSB operations and raise awareness ahead of major elections. This comes as a recent report by Palo Alto Networks' Unit 42 found that the Russia-linked APT28 group, also known as “Forest Blizzard” or “Fancybear,” has exploited a Microsoft Outlook vulnerability to target European NATO members. Active since 2007 and linked to the Russian military, APT28's recent campaigns have focused on government, energy, transportation, and NGOs in the US, Europe, and the Middle East. These incidents highlight the critical need for enhanced cyber security measures and international cooperation to counter sophisticated and evolving cyber threats, ensuring the security of sensitive sectors and the integrity of global democratic processes.
Sources: [BBC News] [ Security Affairs]
NCSC CTO: Cyber Security is Essential, Not Optional
Ollie Whitehouse, Chief Technology Officer (CTO) of the UK’s NCSC has argued in a recent keynote that extra security features should not be a premium feature, highlighting the importance of vendors adopting a secure-by-design method, rather than implementing security upcharges where vendors charge extra for users to secure their product.
The speech also noted that organisations should utilise the tools that are already available to them, on top of maintaining a focus on user awareness.
Sources: [Infosecurity Magazine] [Dark Reading]
69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs
According to a survey, 75% of respondents reported being targeted by ransomware in the past year, and of those, 69% paid the ransom. 54% of those who paid the ransom, suffered financial ramifications of $100,000 or more. It is unclear whether the research includes further implications such as regulatory fines, loss of work, reputational damage, and cost of down-time.
A separate study found that ransomware attacks costs are directly contributing to rising inflation in the UK, as businesses face an average increase of 17% to their costs following an attack. Cumulatively, 68% of the companies represented in the survey reported they had increased prices by at least 11% as a direct result of suffering an attack. In addition, of those falling victim to ransomware, 70% believed their business would have to close if they suffered another attack. When it came to the time lost to dealing with ransomware, companies took an average of two months to recover from an attack and 16% took between three and six months.
Sources: [ITPro] [Beta News] [Security Magazine]
75% of Sports Related Passwords are Reused Across Accounts
According to a recent Bitwarden report, 33% of Americans have used a sports-themed password. This figure rose to 49% for those ages 18-34. Of those, 75% admitted to using it across multiple accounts. Password re-use a common issue globally: by re-using passwords, users are multiplying the likelihood of being breached by an attacker. Additionally, this can crossover to the corporate environment, where users’ personal breached credentials can be utilised to get into their corporate account.
Sources: [Security Magazine] [Help Net Security]
Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift
As ransomware continues to rise, we can expect groups to evolve their attacks, operating on a larger scale for bigger profits, especially following large-scale supply chain attacks in the past 12 months. Ransomware has solidified its position as the predominant security threat in 2023, with a record number of victims. A recent report highlighted a 46% increase in cyber extortion and ransomware attacks compared to previous years. This trend shows ransomware evolving into a profitable microcosm, akin to a startup ecosystem, with more groups emerging as disruptors and newcomers. In response, organisations are increasingly turning to services that lend-out cryptocurrency, a frequent ransomware payment method. With changing tactics and the formation of new groups, it's crucial for leaders to prepare their 2024 security strategies now, ensuring they have a robust plan in place to counter ransomware threats to their organisations.
Sources: [Barrons] [Help Net Security] [Computer Weekly]
Ransomware, Vendor Hacks Push Breach Number to Record High
The world is experiencing a significant rise in data breaches, reaching a record high with more than 360 million individuals affected in the first eight months of 2023 in the US alone, according to a joint report from Apple and an MIT researcher. This alarming increase includes a notable surge in ransomware attacks, which have escalated by nearly 70% compared to 2022. The healthcare sector is particularly vulnerable, with 60% of organisations reporting ransomware attacks in 2023, an increase from 34% in 2021. The largest health data breach this year impacted 11 million people at HCA Healthcare. A critical factor in these breaches is the exploitation of third-party vendors, as seen in attacks on Progress Software's MOVEit and Fortra's GoAnywhere applications. These incidents highlight the urgent need for organisations to prioritise data security, especially in managing relationships with vendors, to protect sensitive information and mitigate the growing threat of cyber attacks.
Source: [Info Risk Today]
Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure
News of one of the UK’s most high profile nuclear power stations, Sellafield, being hacked, with fears that highly sensitive information has been accessible for years, has led to new calls for the UK to tighten up security of its vital infrastructure. Rather worryingly, The Guardian have added that it discovered that authorities were unaware of its first compromise, but it has been detected as far back as 2015.
Sources: [Emerging Risks]
Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?
Conveyancing firms across the UK faced significant disruption when they discovered blank screens on their computers due to a problem originating from CTS, a cloud hosting provider widely used for legal applications. This unexpected issue led many within these affected firms to hastily purchase new laptops to regain partial access to emails and documents, but their case management systems remained largely inaccessible. Firms had to devise manual workarounds to keep transactions moving, amidst concerns about the safety of client data and funds. While most firms have found ways to progress with exchanges and completions, the reliance on cumbersome manual processes and limited access to client data and financial systems has more than doubled the workload. This situation raises several questions about the preparedness and resilience of paperless (or paper-light) office environments, the adequacy of backup systems, and potential compensation for those inconvenienced. The immediate focus, however, is on collaborative efforts to ensure as many clients as possible can move into their new homes before Christmas.
Source: [Property Industry Eye]
US Government Agency Was Hacked Thanks to 'End of Life' Software
The US Cyber security and Infrastructure Security Agency (CISA) recently issued a warning about two cyber attacks on an undisclosed federal agency, exploiting a vulnerability in outdated Adobe ColdFusion software. This software, now end-of-life, no longer receives updates, leaving the agency vulnerable and unable to apply security patches. The attacks, which occurred in June and July, appeared to be reconnaissance efforts to map the agency's network, with no evidence of malware installation or data exfiltration. However, it's unclear if the same hackers were behind both incidents. Microsoft Defender for Endpoint detected and limited the hackers' activities. This situation underscores the significant risks associated with running end-of-life software, highlighting the need for organisations to update or replace such software to protect against potential cyber threats.
Source:[ TechCrunch]
Digital Transformation, Security Implications, and their Effects on The Modern Workplace
The vast majority of digital transformation projects will have implications for your cyber security, yet too often this is overlooked with the focus on delivery of the project or the functionality it will bring. Thinking about security after the fact is not only more expensive and less efficient, but can also mean dangerous gaps remaining open in the meantime. In this era, where remote work and public network access are prevalent, the lack of a robust cyber security framework significantly undermines the digital transformation process. Continuous employee education on digital threats and proactive cyber security measures are not just add-ons but essential components of a successful digital transformation. As businesses move towards 2024, integrating advanced cyber security practices is as crucial as adopting new technologies for a truly effective and secure digital transformation.
Source:[ Forbes]
Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach
With 90% of the largest energy companies globally experiencing a third-party breach in the past 12 months, it is no wonder the sector is shaken. In the US, 100% of the top 10 US energy providers suffered a breach and in total, 98% of the organisations in the research used at least one third party vendor that had experienced a breach in the last two years.
Third-party breaches are a concern for any organisation. It is important to know who has access to your organisation’s data, and what security controls they have in place to protect it. Organisations can benefit from firstly identifying who has their information and then conducting supply chain risk assessments to understand what information is held and how it is protected.
Sources: [Help Net Security]
Report Reveals Sorry State of Cyber Security at UK Football Clubs
A new report reveals a concerning lack of cyber resilience within UK football clubs, extending from the Premier League downwards. The industry, increasingly targeted by cyber attacks, suffers from a disconnect between the perceived and actual risk levels. Key findings include a general lack of cyber maturity, outdated approaches to cyber security, and a scarcity of dedicated IT and cyber security roles, including Chief Information Security Officers (CISOs). Despite significant financial investments in players, there's reluctance from club boards to allocate sufficient resources for cyber security. The report underscores the need for comprehensive training, increased awareness of security risks across all levels of club operations, and the hiring of dedicated cyber security professionals. This situation calls for an industry-wide standard for cyber security budgets, scaled according to the club's size and turnover, to adequately address these emerging digital threats.
Source: [Computer Weekly]
Governance, Risk and Compliance
A fifth of UK businesses victims of cyber attacks in past year - Insurance Age
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
Digital Transformation And Its Effects On The Modern Workplace (forbes.com)
UK Cyber CTO: Vendors' Security Failings Are Rampant (darkreading.com)
Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)
2024 will see wave after wave of cyber attacks | theHRD (thehrdirector.com)
Doing More With Less: Cyber Security Tools And Budget Efficiency (forbes.com)
Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard
SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)
CISOs are getting more help after cyber attacks, but often it isn't helping | TechRadar
Cyber and remote working: How Covid moved the cursor | Computer Weekly
Why effective cyber security is more important than ever for European family offices | Campden FB
Building cyber-resilience: Security, compliance, governance, and privacy - Digital Journal
Massive Consolidated Lawsuit Blazes Trail for Hacking Litigation (bloomberglaw.com)
Threats
Ransomware, Extortion and Destructive Attacks
69% of organisations facing ransomware attacks paid the ransom | Security Magazine
2023 may have seen highest ransomware ‘body count’ yet | Computer Weekly
Cyber attacks surge in 2023, as millions fall victim to ransomware: Report (yahoo.com)
Ransomware attack costs are driving up inflation in the UK | ITPro
Ransomware ramped up against private sector in November | TechTarget
BlackCat threatens to directly extort vendor's customers • The Register
New wave of ransomware attacks plague US critical infrastructure post-Thanksgiving (axios.com)
How Ransomware Gangs Are Fueling a New Cyber Security Arms Race - Barron's (barrons.com)
Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)
Expert warns of Turtle macOS ransomware (securityaffairs.com)
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)
Linux version of Qilin ransomware focuses on VMware ESXi (bleepingcomputer.com)
LockBit Remains Top Global Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)
Wanted: top three most prolific ransomware gangs revealed! (techinformed.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Ransomware Victims
60 US credit unions offline after cloud ransomware infection • The Register
'Thousands' affected by cyber attack on conveyancing platform (thenegotiator.co.uk)
Western Isles Council 'counting cost' of November's cyber attack - BBC News
Austal USA Investigates Cyber Attack Claimed by Ransomware Group (darkreading.com)
Almost 440K individuals affected by cyber attack on Proliance Surgeons (WA) | HealthLeaders Media
Phishing & Email Based Attacks
Black Friday phishing attacks, and other cyber security news | World Economic Forum (weforum.org)
US aerospace firm downed by spearphishing attack | SC Media (scmagazine.com)
Booking.com users angry at firm's response to hacks - BBC News
Hershey warns of data breach following phishing attack (therecord.media)
This huge Russian phishing campaign is hitting targets across the world | TechRadar
ChatGPT builder helps create scam and hack campaigns - BBC News
Artificial Intelligence
ChatGPT builder helps create scam and hack campaigns - BBC News
Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law
Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek
How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)
Exploring the impact of generative AI in the 2024 presidential election - Help Net Security
Put guardrails around AI use to protect your org, but be open to changes - Help Net Security
Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek
Proliferation of AI-driven Attacks Anticipated in 2024 (itsecuritywire.com)
Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law
Researchers automated jailbreaking of LLMs with other LLMs - Help Net Security
Malware
Fake WordPress security advisory pushes backdoor plugin (bleepingcomputer.com)
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)
Agent Racoon Backdoor Targets Organisations in Middle East, Africa, and US (thehackernews.com)
Mac users are being targeted again with dangerous malware - here's what to know | TechRadar
Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)
New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand (thehackernews.com)
Hackers switch from email attacks to downloads (therecord.com)
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)
Mobile
Android users warned about new threat after one victim loses $280K - PhoneArena
December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)
94 Vulnerabilities Patched in Android with December 2023 Security Updates - SecurityWeek
Top mobile password managers could be exposing user details | TechRadar
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)
SpyLoan Android malware on Google Play downloaded 12 million times (bleepingcomputer.com)
Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)
Apple and some Linux distros are open to Bluetooth attack • The Register
Denial of Service/DoS/DDOS
Internet of Things – IoT
EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)
Customizing Cyber Security For Critical Infrastructure In Smart Cities (forbes.com)
Data Breaches/Leaks
23andMe to Book Up to $2M in Cyber Security Breach Expenses - MarketWatch
After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica
23andMe updates user agreement to prevent data breach lawsuits (bleepingcomputer.com)
23andMe confirms hackers stole ancestry data on 6.9 million users | TechCrunch
23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)
Data breach debacle hits yet another UK public sector org • The Register
Fortune-telling website WeMystic exposes 13M+ user records (securityaffairs.com)
Hackers Claim to Have Stolen Data From Naval Shipyard Austal USA (maritime-executive.com)
Hershey warns of data breach following phishing attack (therecord.media)
Nissan is investigating cyber attack and potential data breach (bleepingcomputer.com)
GST Invoice Billing Inventory exposes sensitive data to threat actors (securityaffairs.com)
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Organised Crime & Criminal Actors
Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)
Police Arrests 1000 Suspected Money Mules - Infosecurity Magazine (infosecurity-magazine.com)
Online crime risks are doubling: Are cyber criminal groups starting to merge? - Digital Journal
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)
Platypus exploiters walk free after claiming to be ‘ethical hackers’ (cointelegraph.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Insider Risk and Insider Threats
Insurance
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)
Brokers urged to deliver cyber threat message (emergingrisks.co.uk)
Hot Topics to Consider for 2024 D&O Questionnaires | Bryan Cave Leighton Paisner - JDSupra
Supply Chain and Third Parties
Third-party breaches shake the foundations of the energy sector - Help Net Security
Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)
60 US credit unions offline after cloud ransomware infection • The Register
Tipalti investigates claims of data stolen in ransomware attack (bleepingcomputer.com)
Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek
BlackCat threatens to directly extort vendor's customers • The Register
Cloud/SaaS
60 US credit unions offline after cloud ransomware infection • The Register
Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk (thehackernews.com)
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts (thehackernews.com)
More oversight needed for cloud in banking, say regulators - Tech Monitor
Encryption
Cracking Weak Cryptography Before Quantum Computing Does (darkreading.com)
HSBC tests protecting FX trading from quantum computer attacks (yahoo.com)
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek
Linux and Open Source
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)
Apple and some Linux distros are open to Bluetooth attack • The Register
Passwords, Credential Stuffing & Brute Force Attacks
75% of sports-related passwords are reused across accounts | Security Magazine
New Relic admits attack on staging systems, user accounts • The Register
After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica
23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)
Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)
Top mobile password managers could be exposing user details | TechRadar
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)
More oversight needed for cloud in banking, say regulators - Tech Monitor
Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek
SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)
Interpol Arrests Smuggler With New Biometric Screening Database (darkreading.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Sellafield nuclear site 'hit by cyber attacks from Russian and Chinese hackers' - Tech Monitor
Sellafield nuclear site under ‘robust scrutiny’ over cyber security fears (telegraph.co.uk)
UK government denies China/Russia nuke plant hack claim • The Register
Russia
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - BBC News
NCSC exposes Russian cyber attacks on UK political processes | Computer Weekly
UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador (therecord.media)
2 Russian intel officers charged with hacking into US and British government agencies (nbcnews.com)
Russia's APT8 exploited Outlook 0day to target EU NATO members (securityaffairs.com)
Fancy Bear goes phishing in US, European high-value networks • The Register
This huge Russian phishing campaign is hitting targets across the world | TechRadar
Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)
Iran
Breaches by Iran-Affiliated Hackers Spanned Multiple US States, Federal Agencies Say - SecurityWeek
US, Israel Warn of Iranian-Linked Cyber Attacks on Water Systems - Bloomberg
North Korea
Vulnerability Management
CISA says US government agency was hacked thanks to ‘end of life’ software | TechCrunch
CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop
Key drivers of software security for financial services - Help Net Security
Vulnerabilities
Sticking With Windows 10 Instead Of Upgrading? Get Ready To Pay For Security Updates (slashgear.com)
Quick: Update iPhones and Macs – WebKit security hole found • The Register
VMware Patches Critical Authentication Bypass Bug | Decipher (duo.com)
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)
Notepad++ Input Validation Flaw Leads Search Path Vulnerability (cybersecuritynews.com)
December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)
94 Vulnerabilities Patched in Android With December 2023 Security Updates - SecurityWeek
Adobe ColdFusion flaw exploited in US government agency attacks (stackdiary.com)
Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks (thehackernews.com)
Dangerous vulnerability in fleet management software seemingly ignored by vendor | CyberScoop
Future Intel, AMD and Arm CPUs Vulnerable to New 'SLAM' Attack: Researchers - SecurityWeek
Tools and Controls
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
How to recover systems in the event of a cyber attack | Computer Weekly
How Financial Institutions Can Navigate the ‘Operational Resilience' imperative (finextra.com)
How to solve 2 MFA challenges: SIM swapping and MFA fatigue | TechTarget
Why you should create a physical security standard for your company (securitybrief.co.nz)
Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard
New 'Pool Party' Process Injection Techniques Undetected by EDR Solutions - SecurityWeek
Best 10 Best Cyber Attack Maps - 2024 (cybersecuritynews.com)
Brokers urged to deliver cyber threat message (emergingrisks.co.uk)
Proactive, not reactive: the path to ensuring operational resilience in cyber security | CSO Online
Cyber Security: How to Demonstrate Resilience and Hygiene - Techopedia
Cyber Security Insurance: Once Optional, Now Essential (informationweek.com)
When Should You Replace A Cyber Security Vendor? (forbes.com)
Are companies falling behind on cyber security awareness training? | CTV News
Other News
NATO’s Flagship Cyber Exercise Concludes In Estonia – Eurasia Review
Ofcom publishes UK age verification proposals • The Register
Microsoft Hires New CISO in Major Security Shakeup - SecurityWeek
US aerospace companies are facing dangerous new cyber attacks | TechRadar
Report reveals sorry state of cyber security at UK football clubs | Computer Weekly
2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks (govtech.com)
Nuclear hack creates rising fears of cyber vulnerability in critical services (emergingrisks.co.uk)
The World Depends on 60-Year-Old Code No One Knows Anymore | PCMag
Public sector has misplaced confidence in cyber security (securitybrief.co.nz)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 September 2023
Black Arrow Cyber Threat Intelligence Briefing 15 September 2023:
-Overconfident Organisations Prone to Cyber Breaches
-Board Members Struggling to Understand Cyber Risks
-Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them
-Cyber Attacks Reach Fever Pitch in Q2 2023
-Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats
-Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing
-Europol - Financial Crime Makes “Billions” and Impacts “Millions”
-Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security
-Hackers are Dropping USB Drives Outside Buildings to Target Networks
-Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night
-If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now
-Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Overconfident Organisations Prone to Cyber Breaches
A study found that 95% of UK enterprises were very confident or somewhat confident that they do not have gaps in their security controls, yet despite this, 69% have fallen victim to a cyber attack in the last two years. One of the reasons given for this false sense of confidence was the belief that more tools meant more security; worryingly, 45% of organisations struggled with the implementation of tools due to the need for expertise. Attackers are constantly adapting their tactics to bypass the security controls that most organisations implement. It is difficult for IT teams and business leaders to maintain an objective assessment of how effective their chosen security controls are against today’s attackers. Black Arrow provides the impartial and expert advice that businesses require, including a free initial assessment, with no vested interest other than helping our clients achieve pragmatic and proportionate security.
Source: [IT Security Guru]
Board Members Struggling to Understand Cyber Risks
Board members frequently struggle to understand cyber risks, putting businesses at higher risk of attacks, a new report has found. The report noted that Board interest is being piqued as a result of growing media reporting of cyber incidents, a heightened Board focus on operational resilience post-pandemic, investor pressure and a tightening regulatory environment.
Worryingly, despite the increase in interest and increased internal and external focus on cyber risk, a number of Board-level respondents reported that they felt scared or embarrassed to ask their CISO for fear of exposing their lack of understanding.
Source: [Infosecurity Magazine]
Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them
Senior executives in today's evolving work landscape face growing cyber security threats, including extortion and device theft. The rise of ‘workcations’, which blend work and leisure, has blurred professional and personal boundaries, exposing leaders to heightened risks, and necessitating a strong focus on cyber security.
These executives are particularly attractive targets due to their access to critical information and decision-making authority. To protect their organisations, they must prioritise robust security measures, such as stronger passwords, anti-theft safeguards for devices, multi factor authentication, and, where appropriate or necessary, the use of virtual private networks. As guardians of their businesses' well-being, executives carry the responsibility of upholding stringent cyber security practices, ensuring that the benefits of remote work do not compromise their organisations' security.
Source: [Fortune]
Cyber Attacks Reach Fever Pitch in Q2 2023
A report has found the global landscape of increasing digitisation, political unrest, the emergence of AI and the widespread adoption of work from home, have all contributed to an increase in attacks, which have increased 314% in the first half of this year compared the first half of 2022. Rather worryingly, between the first and second quarter this year, there was a 387% increase in activity.
Source: [Data Centre & Network News]
Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats
A report from the Information Commissioner’s Office (ICO) in the UK found ransomware attacks on UK organisations reached record levels last year, impacting over 700 organisations. This isn’t the true count though, as it does not factor the overwhelming majority of victims who do not report attacks, so the true number will be many times this. This increase comes as reports are finding that UK companies are struggling to address the growing threats, and this includes a lack of understanding at the Board level. In fact, 59% of directors say their Board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.
Sources: [The Record] [The Fintech Times] [Financial Times]
Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. Referring to one of the groups, Microsoft said “In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,". This tactic has also been used by Russian Nation State Actors.
Source: [Bleeping Computer]
Europol - Financial Crime Makes “Billions” and Impacts “Millions”
The European policing alliance’s first ever European Financial and Economic Crime Threat Assessment was compiled from “operational insights and strategic intelligence” contributed by member states and Europol partners. The assessment highlighted a criminal economy worth billions of euros and that impacts millions of victims each year.
Source: [Infosecurity Magazine]
Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security
A recent report found that 30% of parents have never spoken to their children about cyber security. Additionally, over 40% of parents, who themselves admitted that they didn’t know how to create strong passwords, still give their child access to their mobile phones and almost a third (32%) give them access to their computers. By doing so, parents are not only putting their children at risk, but inadvertently, themselves and the organisations they work for as well.
Black Arrow offers a range of training, including formal and informal training, for individuals, employees and business leaders. Contact us today for a free initial conversation.
Source: [IT Security Guru]
Hackers are Dropping USB Drives Outside Buildings to Target Networks
A mid-year cyber security report found that along with the explosive growth in AI, bad actors are still using tried and tested, but unfortunately still very effective, tactics such as dropping USB drives outside target buildings in the hope that an employee will pick them up and plug them into devices connected to the corporate network. Many times, these actors are banking on their targets lacking protections against these attacks. Think about your organisation, would someone plug a device they found in the street into their work computer out of curiosity? Does your organisation have controls in place to prevent this type of attack?
Source: [Tech Republic]
Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night
According to a recent survey, 55% of IT decision-makers cited data theft as their main concern, with ransomware placed third, after phishing. This comes as ransomware attackers are moving towards more exfiltration-based techniques. Exfiltration creates a significant number of issues for an organisation including the regulatory requirements of telling customers, to not knowing what data has been exfiltrated.
Source: [Information Security Buzz]
If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now
Criminals have had plenty of time to use encryption keys stolen in the 2022 LastPass hack to open vaults, and there has been a reported increase in the number of vaults that have been cracked. For those attackers that haven’t been able to crack your password, they're under no time constraints.
Whilst successful attackers may not directly target your email accounts, PayPal wallets, or banks, these assets can be packaged and sold to other criminal third parties. If any of the passwords stored in a LastPass vault prior to 2022 are still in use, you should change them immediately.
Source: [Make Use Of]
Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web
IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report. The latest haul of new CVEs brings the total number tracked by the vendor to 3,900; a number that has doubled since 2019. Similarly, a separate report from Palo Alto Networks found that 80% of security exposures exist in the cloud.
IBM highlighted that this has led to a number of cloud credentials being actively sold on the dark web, in some cases for the same price as a dozen doughnuts. These credentials are believed to account for almost 90% of goods and services for sale on the dark web.
Sources: [Infosecurity Magazine] [The Register] [TechTarget]
Governance, Risk and Compliance
Deputy PM urges UK plc not to lose focus on cyber | Computer Weekly
Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru
Global companies to hike security spending as threats rise - survey | Reuters
CISOs need to be forceful to gain leverage in the boardroom - Help Net Security
Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru
Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard
Cyber Security risks dampen corporate enthusiasm for tech investments - Help Net Security
CISOs and Board Reporting – an Ongoing Problem - SecurityWeek
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks hit record level in UK, according to neglected official data (therecord.media)
Ransomware tracker: The latest figures [September 2023] (therecord.media)
Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)
Ransomware thrives as cyber security remains lax, says UK report | Financial Times (ft.com)
Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family (thehackernews.com)
Ransomware in top three threats for 65% of organisations | Security Magazine
TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)
Don’t focus on ransomware variants, say UK’s national cyber and crime agencies (therecord.media)
Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor (darkreading.com)
Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors (darkreading.com)
Ransomware Victims
A phone call to helpdesk was likely all it took to hack MGM | Ars Technica
MGM, Caesars File SEC Disclosures on Cyber Security Incidents (darkreading.com)
Caesars paid millions in ransom to cybercrime group prior to MGM hack – NECN
Group in Casino Hacks Skilled at Duping Workers for Access (1) (bloomberglaw.com)
Ransomware tracker: The latest figures [September 2023] (therecord.media)
Rhysida gang claims to have hacked three more US hospitals (securityaffairs.com)
Ransomware crew claims to have hit Save The Children • The Register
Shell says Australian unit BG Group hit by MOVEit cyber security breach | Reuters
Dutch football association pays ransom to Russian cyber criminals – EURACTIV.com
Cyber security incident affects services at The Weather Network | CFJC Today Kamloops
Phishing & Email Based Attacks
Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security
Attackers Abuse Google Looker Studio to Evade DMARC, Email Security (darkreading.com)
$24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack
Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar
Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)
Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)
Journalists, authors, and other writers targeted by phishing emails | TechRadar
Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach - SecurityWeek
How should SMBs navigate the phishing minefield? - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Understanding the dangers of social engineering - Help Net Security
How to Avoid Smishing Attacks Targeting Subscription Service Users (securityintelligence.com)
Artificial Intelligence
Cyber Criminals Feasting On Artificial Intelligence (forbes.com)
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)
Cloud security in the era of artificial intelligence (securityintelligence.com)
Deepfake cyberthreats keep rising. Here's how to prevent them - SiliconANGLE
2FA/MFA
Malware
Microsoft Teams phishing attack pushes DarkGate malware (bleepingcomputer.com)
Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)
Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)
Protecting Your Microsoft IIS Servers Against Malware Attacks (thehackernews.com)
3 Strategies to Defend Against Resurging Infostealers (darkreading.com)
New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (thehackernews.com)
Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)
'Steal-It' Campaign Uses OnlyFans Models as Lures (darkreading.com)
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (welivesecurity.com)
Cybersecurity alert: Malware hidden in Microsoft Teams messages targeting users - OnMSFT.com
Iranian Cyberspies Deployed New Backdoor to 34 Organizations - SecurityWeek
Mobile
'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users (darkreading.com)
France halts iPhone 12 sales over radiation levels - BBC News
Denial of Service/DoS/DDOS
Massive DDoS attack on US financial company thwarted by cyber firm (therecord.media)
Akamai prevented largest DDoS attack on a US financial company (securityaffairs.com)
After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek
Yukon gov't website back after cyber attack, Nunavut gov't site still down | CBC News
Internet of Things – IoT
Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)
Wyze security camera owners report seeing strangers' camera feeds | Mashable
Hackers will hack anything — including your sex toys - The Hustle
Data Breaches/Leaks
Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru
LastPass Hackers Cracking Password Vaults - Experts Warns - Cyber Kendra
Dymocks Booksellers suffers data breach impacting 836k customers (bleepingcomputer.com)
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Capita class action: 2,000 sign up in wake of data theft • The Register
Airbus data leaked via infected customer computer • The Register
Threat actor leaks sensitive data belonging to Airbus (securityaffairs.com)
Organised Crime & Criminal Actors
How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Europol's spotlight report sheds light on evolving cyber attacks (amlintelligence.com)
Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Top blockchain Cyber security threats to watch out for (att.com)
$24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack
Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin
Hackers steal $53 million worth of cryptocurrency from CoinEx (bleepingcomputer.com)
Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Latest fraud schemes targeting the payments ecosystem - Help Net Security
Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News
Glasgow firm issues warning following recent cyber attack | Glasgow Times
Impersonation Attacks
Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security
Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)
Deepfakes
AML/CFT/Sanctions
Insurance
Dark Web
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)
Cloud credentials are the hot ticket item on the dark web • The Register
Supply Chain and Third Parties
Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard
Airbus Cyber Attack: Over 3,200 Vendor Data Accessed by Hackers (cybersecuritynews.com)
Capita class action: 2,000 sign up in wake of data theft • The Register
The rise and evolution of supply chain attacks - Help Net Security
A 2-Week Prescription for Eliminating Supply Chain Threats (darkreading.com)
Cloud/SaaS
Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar
7 Steps to Kickstart Your SaaS Security Program (thehackernews.com)
Cloud storage security: What's new in the threat matrix | Microsoft Security Blog
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Cloud credentials are the hot ticket item on the dark web • The Register
Palo Alto Networks: 80% of security exposures exist in cloud | TechTarget
Cloud security in the era of artificial intelligence (securityintelligence.com)
Containers
Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns (darkreading.com)
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)
Identity and Access Management
Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)
Companies need to rethink how they implement identity security - Help Net Security
Enterprises persist with outdated authentication strategies - Help Net Security
Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)
Encryption
API
How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)
Elevating API security to reinforce cyber defence - Help Net Security
Machine Learning is a Must for API Security - IT Security Guru
Open Source
Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)
Linux Malware! Read This If You Use Free Download Manager (itsfoss.com)
Passwords, Credential Stuffing & Brute Force Attacks
If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now (makeuseof.com)
Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)
New WiKI-Eve attack can steal numerical passwords over WiFi (bleepingcomputer.com)
Wi-Fi radio signal data can be used 'to predict passwords' • The Register
Cloud credentials are the hot ticket item on the dark web • The Register
Iranian hackers breach defence orgs in password spray attacks (bleepingcomputer.com)
Social Media
Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)
After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)
Training, Education and Awareness
How to Transform Security Awareness Into Security Culture (darkreading.com)
Elevating Cyber Awareness: A Strategic Approach (informationweek.com)
How end-user phishing training works (and why it doesn’t) (bleepingcomputer.com)
Great security training is a real challenge - Help Net Security
Digital Transformation
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
SEC Issues Final Rules on Cyber Security Disclosures | Kelley Drye & Warren LLP - JDSupra
What Makes an Incident ‘Material’? | Calloquy, PBC - JDSupra
The International Criminal Court will now prosecute cyberwar crimes | Ars Technica
Preparing For Cyber Security Disclosures Set For Public Companies (forbes.com)
Models, Frameworks and Standards
Backup and Recovery
How to develop a cloud backup ransomware protection strategy | TechTarget
How To Backup Data From NAS: A Complete Guide (informationsecuritybuzz.com)
Data Protection
Careers, Working in Cyber and Information Security
Cyber Security Skills Gap: Roadies & Gamers Are Untapped Talent (darkreading.com)
Three ways to overcome cyber security staff shortages (securitybrief.co.nz)
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
China
Risk & Repeat: Big questions remain on Storm-0558 attacks | TechTarget
Parliamentary researcher ‘who spied for China’ arrested | UK news | The Guardian
Arrest of alleged spy raises questions around UK’s China policy | Financial Times (ft.com)
Microsoft, Apple versus China, spyware actors (techrepublic.com)
Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)
Spies, Hackers, Informants: How China Snoops on the West - SecurityWeek
China caught with its malware in another nation's power grid • The Register
China Threat Recap: A Deeper Insight (informationsecuritybuzz.com)
Iran
Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)
‘Scan-and-exploit’ campaign snares unpatched Exchange servers | SC Media (scmagazine.com)
North Korea
Misc Nation State/Cyber Warfare
Vulnerability Management
Severe vulnerability found in all browsers, and it's being attacked | PCWorldOvercoming the Rising Threat of Session Hijacking (darkreading.com)
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica
Vulnerabilities
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws (bleepingcomputer.com)
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) - Help Net Security
Severe vulnerability found in all browsers, and it's being attacked | PCWorld
After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery - SecurityWeek
Notepad++ 8.5.7 released with fixes for four security vulnerabilities (bleepingcomputer.com)
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (bleepingcomputer.com)
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)
Cisco warns of VPN zero-day exploited by ransomware gangs (bleepingcomputer.com)
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Tools and Controls
Global companies to hike security spending as threats rise - survey | Reuters
Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru
What Is XDR and Why It's Changing the Security Industry - ReadWrite
Remote Desktop Protocol exposures leave 85% of organisations vulnerable to attack - SiliconANGLE
The Dark Web Is Expanding (As Is the Value of Monitoring It) (darkreading.com)
How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)
Elevating Cyber Awareness: A Strategic Approach (informationweek.com)
Great security training is a real challenge - Help Net Security
Companies need to rethink how they implement identity security - Help Net Security
Enterprises persist with outdated authentication strategies - Help Net Security
Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)
Easy Configuration Fixes Can Protect Your Server from Attack (securityintelligence.com)
Other News
The Weaponization of Operational Technology (securityintelligence.com)
ICS Computers in Western Countries See Increasing Attacks: Report - SecurityWeek
Cyber Trends: The Gunpowder of the Twenty-First Century (e-ir.info)
The 9 Top Technology Trends That Are Shaping the Future of Cyber Security (makeuseof.com)
The Cyber Security Risks In Education Cannot Be Ignored (forbes.com)
A new Repojacking attack exposed over 4,000 GitHub repositories to hack (securityaffairs.com)
Cyber attacks reach fever pitch in Q2 2023 - Data Centre & Network News (dcnnmagazine.com)
Rising OT/ICS cyber security incidents reveal alarming trend - Help Net Security
Brits happy to break cyber law if the price is right | Computer Weekly
British Military Hit by Six Million Cyber Attacks in 2022 (thedefensepost.com)
Trustwave report on hospitality industry security threats | Cyber Magazine
Cyber security impact on construction, engineering projects (csemag.com)
Cyber criminals come for schools — and schools aren’t ready (hechingerreport.org)
Professional Sports: The Next Frontier of Cyber Security? (darkreading.com)
How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)
Poison in the Water: The Physical Repercussions of IoT Security Threats (securityintelligence.com)
Australia Inc roiled by raft of cyber attacks since late 2022 | Reuters
Death by digital: attacks on healthcare put people at risk (synack.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 September 2023
Black Arrow Cyber Threat Intelligence Briefing 08 September 2023:
-More Than Half of UK Organisations Know They Aren’t Well Protected
-Generative AI Considered a Security Risk by 60% of Board Members: How Organisations Can Prepare
-Businesses Ignore Incident Response at Their Peril
-Blame Culture: An Organisation’s Ticking Time Bomb
-Spend to Save: CFO’s and Cyber Security Investment
-Cyber Security Tools Are New Targets for Attackers, including Nation-State Actors
-Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3
-Common Tactics Used by Threat Actors to Weaponise PDFs
-Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals
-Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m
-71% of Organisations are Impacted by Cyber Security Skills Shortage
-Multiple Schools Hit by Cyber Attacks Before Term Begins
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
More Than Half of UK Organisations Know They Aren’t Well Protected
According to a recent report, just 49% of business leaders report their organisation is well or very well protected. Cyber security featured as the third highest-rated business priority, with increasing revenues and reducing costs forming the top two. One of the ways an organisation can reduce cost is to outsource, and 63% of respondents agreed, reporting that they wanted to work with an external cyber security partner to improve their security.
Even if you’re in the 49% of organisations that believes it is well protected, this can be a dangerous self-assessment based on a lack of experience and impartiality. Business leaders need independent assurance to ensure their security controls are appropriate and in line with the organisation’s risk appetite. It is essential to dispel assumptions, by investigating your security before an attacker does.
Black Arrow Cyber Consulting offers a free, no-obligation, introductory consultation to help you gain an unbiased perspective on how your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.
Sources: [IT Security Guru][Beta News]
Generative AI Considered a Security Risk by 60% of Board Members. How Organisations Can Prepare
A recent report conducted by Proofpoint found that 60% of board members consider generative AI a security risk.
The rapid development and adoption of AI is double-edged in nature. Whilst it can yield positive benefits if used safely and responsibility within organisations, AI is also being used to great effect by malicious actors with AI abuse growing beyond phishing to increasing the efficacy of multistage attacks, being used to generated malware, and carrying out different types of social engineering attacks.
For this reason Boards and senior leaders are right to be concerned and should ensure appropriate measures are being taken.
Sources: [TheNationalNews] [SCMagazine] [CyberSecurityNews]
Further reading: [BusinessCloud.co.uk] [WIRED UK] [Help Net Security]
Businesses Ignore Incident Response at Their Peril
According to a UK Government report, a quarter of businesses don’t regard cyber incident response skills as essential and almost half said they weren’t confident they could put together an incident response plan. This led to 41% saying they were not very or not at all confident that they would be able to deal with a cyber security breach or attack.
Unfortunately, this leaves many organisations in a situation where they will have to learn the hard way about the implications of not having an incident response plan. A separate government report found that 37% of those hit by a cyber attack said it impacted operations and a quarter experienced negative consequences such as loss of money or data.
One of the ways organisations can circumnavigate their lack of confidence in their ability to construct an incident response plan is to use cyber security experts to construct it.
Source: [Infosecurity Magazine]
Blame Culture: An Organisation’s Ticking Time Bomb
An organisation’s attitude and responses to cyber security are almost as important as the actions taken to prevent cyber attacks. “Lessons learnt” are a common feature within mature and cyber resilient organisations. Incidents are a matter of when not if, and it is important that organisations know how to react.
Taking the example of a phishing attack, it is easy to blame the employee who opened it, potentially firing them. With phishing simulations, it is equally easy to discipline an employee who fell for it. The problem is, neither of these focus on what can be learned, such as why the employee fell for it in the first place. Additionally, there is the potential that employees become reserved or reticent about reporting potential events, due to the fear of being disciplined. This can be the difference between an organisation having an early detection of an incident and being able to invoke incident response plans sooner, or leaving the attacker in the system doing damage for longer before being reported.
Source: [ IT Security Guru]
Spend to Save: CFOs and Cyber Security Investment
For chief financial officers (CFOs), the increasing impact of data breaches creates a paradox. While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending is all about return on investment.
When looking at spending, CFOs need to keep in mind that the total cost of a breach is more than the initial currency loss: there is the knock-on effect of reputation and losses in customers. But it is not a case of spending more to protect more; spending must be tailored to the organisation and prioritise in terms of business needs.
Source: [Security Intelligence]
Cyber Security Tools Are New Targets for Attackers, Including Nation-State Actors
An increasing number of attacks by nation-state attackers are targeting cyber security tools in their campaigns. This includes the recent attacks on US officials which attacked and gained access through the firewalls of the victim. Security vendors, just like anyone, will have flaws in their software: there will be vulnerabilities. As such, organisations need to be aware of these vulnerabilities and when support runs out for their cyber security tools, to better protect themselves.
Source: [News Week]
Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3
Top secret military data from the UK’s Ministry of Defence was stolen and then sold by the ransomware gang LockBit. How, you might ask? Through a rogue Windows 7 PC that belonged to their fencing supplier, Zaun. The LockBit Ransom group conducted the attack on the supplier’s network, and Zaun admitted the group may have exfiltrated 10GB of data.
Many attackers have realised that if you cannot directly attack an organisation, then the supplier can present a way in. Organisations need to be sure of their suppliers’ security, and conduct third party security assessments to identify the risk the supplier may present to the organisation itself.
Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.
Source: [The Register] [Tech Monitor]
Common Tactics Used by Threat Actors to Weaponise PDFs
PDFs are often seen as safe, something that cannot be used by an attacker, but that’s wrong. Actors are using this trustworthiness, as well as the difficulty in detection and ubiquity of PDFs, to weaponise them. Common tactics involve malicious hyperlinks within PDFs and macros that run when a PDF is opened, and in some cases attackers are disguising a malicious Word document as a PDF to evade detection.
Source: [Cyber Security News]
Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals
A recent report has found that Microsoft vulnerabilities as old as 6 years are still being exploited, with one recorded as being exploited as recently as 31 August. In fact, since this particular vulnerability was fixed, it has been used to deploy 467 different malware types. This is not the number of attacks, but the number of different types of malware used in attacks.
The concept isn’t just for Microsoft. Many organisations do not employ effective patching strategies, and as such leave the doors open to attackers. Sometimes, these doors are open for years.
Source: [The Register]
Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m
As-a-service operations allow attackers to employ sophisticated attacks without the need for extensive knowledge; they simply just purchase the ability. Take phishing-as-a-service (PhaaS), where an attacker with very limited cyber knowledge simply needs to purchase a phishing kit and they are then well-equipped to target organisations. This availability in tools creates a significant surge in the number of cyber criminals, with one scheme alone raking in $64.5 billion in illegal gains.
Source: [IT Security Guru]
71% of Organisations are Impacted by Cyber Security Skills Shortage
Most organisations (71%) report that they’ve been impacted by the cyber security skills shortage, leading to an increased workload for the cyber security team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%). Further, 95% respondents state the cyber security skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has got worse.
Organisations need to continue maintaining and improving their security while their cyber security positions remain unfilled. Black Arrow supports firms to achieve this by providing expert resources on a flexible basis for technical, governance and transformational positions.
Source: [Security Magazine] [Digital Journal]
Multiple Schools Hit by Cyber Attacks Before Term Begins
Ahead of the new school term, a number of schools have become the victim of serious cyber attacks. The education sector isn’t a new target, with previous ransomware reports finding the education sector to account for 16% of victims.
The education sector remains a target due to the valuable data they hold, large attack surfaces and frequently a lack of resources and budgets, something many small and medium-sized business may share.
Source: [Infosecurity Magazine]
Governance, Risk and Compliance
The importance of CISOs is not recognised by senior leadership - IT Security Guru
Blame Culture: An Organisation's Ticking Time Bomb - IT Security Guru
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
SEC tells companies to “show their work” on cyber security - Red Canary
Cyber security: a life cycle, not a destination | Hydrocarbon Engineering
Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)
Compliance budgets under strain as inflation and workload grow - Help Net Security
Cyber Security pros battle discontent amid skills shortage - Help Net Security
CISOs weigh in on building security-focused culture | Healthcare IT News
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
IAM, cloud security to drive new cyber security spending | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Ministry of Defence documents leaked by LockBit (techmonitor.ai)
Attackers access military data through fencing supplier • The Register
Ransomware attackers are targeting exposed Microsoft SQL databases, report says (therecord.media)
Ransomware and Data Breaches: Impacts Continue to Grow Louder (govtech.com)
Education Sector Heavily Targeted as the School Year Begins (databreaches.net)
Killware vs. Ransomware: What's the Difference? (makeuseof.com)
Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)
To Pay or Not to Pay? The Ransomware Dilemma (informationweek.com)
Snake Ransomware Endangers Your Data: How Can You Stop It? (makeuseof.com)
How to Prevent Ransomware: 6 Key Steps to Safeguard Assets (techtarget.com)
Ransomware Victims
LockBit Leaks Documents Filched From UK Defence Contractor (darkreading.com)
Ministry of Defence documents leaked in cyber attack (civilserviceworld.com)
Debenham High School IT system hit by cyber attack - BBC News
Highgate Wood School delays term by 6 days after cyber attack | This Is Local London
Cyber attack hits Wokingham's Maiden Erlegh School | Reading Chronicle
Ransomware gang claims credit for Sabre data breach | TechCrunch
Hackers claim to publish prominent Israeli hospital’s patient data (therecord.media)
Phishing & Email Based Attacks
AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)
Google is enabling Chrome real-time phishing protection for everyone (bleepingcomputer.com)New phishing tool hijacked thousands of Microsoft business email accounts (therecord.media)
Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)
Spam is up, QR codes emerge as a significant threat vector - Help Net Security
From unsuspecting click to data compromise - Help Net Security
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)
Getting off the hook: 10 steps to take after clicking on a phishing link (welivesecurity.com)
Other Social Engineering; Smishing, Vishing, etc
Emerging threat: AI-powered social engineering - Help Net Security
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
How cyber criminals use look-alike domains to impersonate brands - Help Net Security
Artificial Intelligence
Generative AI considered a security risk by 60% of board members, survey finds (thenationalnews.com)
AI ‘triggers DeepTech anxiety for senior leaders’ (businesscloud.co.uk)
Emerging threat: AI-powered social engineering - Help Net Security
AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
UK tech tsar warns of AI cyber threat to NHS | Financial Times (ft.com)
It's the summer of adversarial chatbots. Here's how to defend against them - SiliconANGLE
Will the AI Arms Race Lead to the Pollution of the Internet? (darkreading.com)
UK cyber chief urges ‘Security by Design’ in AI development (ukdefencejournal.org.uk)
Generative AI’s Biggest Security Flaw Is Not Easy to Fix | WIRED UK
Developers have security, other generative AI concerns but use it anyway - ARN (arnnet.com.au)
How Companies Can Cope With the Risks of Generative AI Tools (darkreading.com)
3 ways to strike the right balance with generative AI - Help Net Security
Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk (darkreading.com)
Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
Malware
Common Tactics Used by Threat Actors to Weaponise PDFs (cybersecuritynews.com)
'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek
Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)
UNRAVELING EternalBlue: inside the WannaCry’s enabler (securityaffairs.com)
Malware configurations How to find and use them? (govinfosecurity.com)
Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)
New Python Variant of Chaes Malware Targets Banking and Logistics Industries (thehackernews.com)
New BLISTER Malware Update Fuelling Stealthy Network Infiltration (thehackernews.com)
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)
Mobile
Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch
September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)
Hacker exploits security flaw to target iPhone users with 'notification attack' | Macworld
Botnets
Denial of Service/DoS/DDOS
DDoS attack took down the site of German financial agency BaFin (securityaffairs.com)
Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)
CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack | CISA
BYOD
Internet of Things – IoT
Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)
Connected cars and cyber crime: A primer - Help Net Security
Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch
Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)
Why consumer drones represent a special cyber security risk (securityintelligence.com)
Like privacy? Then smart devices are a dumb idea • The Register
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch
Data Breaches/Leaks
Electoral Commission failed basic security test before hack - BBC News
Insurer fined $3M for exposing data of 650k clients for two years (bleepingcomputer.com)
Golf gear giant Callaway data breach exposes info of 1.1 million (bleepingcomputer.com)
Freecycle confirms massive data breach impacting 7 million users (bleepingcomputer.com)
Thousands of Popular Websites Leaking Secrets - SecurityWeek
Johnson & Johnson discloses IBM data breach impacting patients (bleepingcomputer.com)
Northern Ireland police chief quits in wake of data breach • The Register
Lawsuit blames Tesla for data breach it sued ex-staff over • The Register
Organised Crime & Criminal Actors
Popular 'As-a-Service' Operations Have Earned Cyber Criminals over $64m - IT Security Guru
Cyber Crime Tremors: Experts Forecast Qakbot Resurgence (govinfosecurity.com)
It might be too soon to claim victory against Qakbot | Computer Weekly
Cyber crime to cost Germany 206 billion euros in 2023, survey finds | Reuters
Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
YouTuber Loses $60K Worth of Crypto After Showing Seed Phrases on Stream - Decrypt
Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)
Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)
Bitcoin exchange exec admits he ignored anti-laundering laws • The Register
Cyber criminals target graphic designers with GPU miners (talosintelligence.com)
LastPass under fire again as users report stolen crypto keys and losses | Cybernews
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Popular 'As-a-Service' Operations Have Earned Cyber criminals over $64m - IT Security Guru
Fake YouPorn extortion scam threatens to leak your sex tape (bleepingcomputer.com)
Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)
Global roaming fraud losses to surpass $8 billion by 2028 - Help Net Security
Airlines Battle Surge in Loyalty Program Fraud - Infosecurity Magazine (infosecurity-magazine.com)
How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)
See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack - SecurityWeek
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
Impersonation Attacks
'Smishing Triad' Targeted USPS and US Citizens for Data Theft (securityaffairs.com)
How cyber criminals use look-alike domains to impersonate brands - Help Net Security
Deepfakes
Emerging threat: AI-powered social engineering - Help Net Security
Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur
AML/CFT/Sanctions
How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)
Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)
Bitcoin exchange exec admits he ignored anti-laundering laws • The Register
Insurance
Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm
Time and effort to obtain cyber insurance increasing for US businesses | CSO Online
Beazley expects to sponsor more cyber catastrophe bonds in 2024 - Artemis.bm
Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)
Dark Web
Supply Chain and Third Parties
Attackers access military data through fencing supplier • The Register
Ministry of Defence documents leaked by LockBit (techmonitor.ai)
Supply chain related security risks, and how to protect against them (malwarebytes.com)
5 ways to improve your supply chain security posture | IT Reseller Magazine (itrportal.com)
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
Creating a more cyber secure supply chain requires group effort - FreightWaves
Facing Third-Party Threats With Non-Employee Risk Management (darkreading.com)
Software Supply Chain
Cloud/SaaS
Step Up Your Defence Against Cloud-loving Cyber Criminals (informationsecuritybuzz.com)
IAM, cloud security to drive new cyber security spending | CSO Online
Hybrid/Remote Working
Attack Surface Management
What OSINT is, and why it’s dangerous | Kaspersky official blog
Armis report sheds light on top 10 targeted assets by cyber attackers - SiliconANGLE
Top 10 riskiest assets threatening global business - IT Security Guru
Encryption
Government denies U-turn on encrypted messaging row - BBC News
UK lawmakers back down on encryption-busting 'spy clause' | CyberScoop
API
Open Source
Software industry urged to assume risk on open source security | CIO Dive
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
It's a Zero-day? It's Malware? No! It's Username and Password (thehackernews.com)
Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)
Hacker gains admin control of Sourcegraph and gives free access to the masses | Ars Technica
Passwords From The November 2022 LastPass Breach Being Cracked? - PC Perspective
LastPass under fire again as users report stolen crypto keys and losses | Cybernews
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch
75% of education sector attacks linked to compromised accounts - Help Net Security
Social Media
Malvertising
Parental Controls and Child Safety
Children's snack recalled after its website caught serving porn (bleepingcomputer.com)
Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT
Regulations, Fines and Legislation
An Overview of ENISA’s Risk Management Standards Report | UpGuard
SEC tells companies to “show their work” on cyber security - Red Canary
Verizon to pay feds $4M over cyber security lapse | Light Reading
Government denies U-turn on encrypted messaging row - BBC News
UK drops 'spy clause' for scanning encrypted messages • The Register
Models, Frameworks and Standards
An Overview of ENISA’s Risk Management Standards Report | UpGuard
CIS Benchmarks Communities: Where configurations meet consensus - Help Net Security
Explaining The New NIST Cyber Security Framework to the C-Suite
Backup and Recovery
Careers, Working in Cyber and Information Security
71% of organisations are impacted by cyber security skills shortage | Security Magazine
Cyber Security Skills Gap set to cost UK £120 billion by 2023 - Essex-TV
6 free resources for getting started in cyber security - Help Net Security
Cyber professionals say industry urgently needs to confront mental health crisis | CyberScoop
Cyber security pros battle discontent amid skills shortage - Help Net Security
Law Enforcement Action and Take Downs
It might be too soon to claim victory against Qakbot | Computer Weekly
Cops drill into chat apps to thwart coke-smuggling ring • The Register
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russia-linked attackers hit UK Ministry of Defence, leak stolen data | CSO Online
Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR
China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM
Ukraine's CERT Thwarts APT28's Cyber Attack on Critical Energy Infrastructure (thehackernews.com)
Attackers access military data through fencing supplier • The Register
Russia-linked hack on Trident base sparks 'World War Three' warning from expert (yahoo.com)
Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)
Elon Musk's Father Fears Possible Assassination Attempt on His Son (businessinsider.com)
Big Tech failed to police Russian disinformation: EU study • The Register
North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne
China
How China gets free intel on tech companies’ vulnerabilities | Ars Technica
Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)
How Microsoft's highly secure environment was breached (malwarebytes.com)
Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)
China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM
Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)
German companies report more cyber attacks from Russia, China | Meta.mk
Microsoft finally explains cause of Azure breach: An engineer’s account was hacked | Ars Technica
South Korean Cyber Security Concerns Over Chinese-Made Cranes, Meteorological Gear | The Epoch Times
Huawei hits back in Portugal over 5G 'ban' with lawsuit - DCD (datacenterdynamics.com)
Iran
Hackers push anti-Iranian government messages to millions via breached app | CyberScoop
Iranian hackers breach US aviation org via Zoho, Fortinet bugs (bleepingcomputer.com)
North Korea
Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks (bleepingcomputer.com)
Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster (thehackernews.com)
Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR
North Korean hackers target security researchers with new zero-day (therecord.media)
North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne
Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)
Misc Nation State/Cyber Warfare
Nation-state 'hot zones' offer view of the future of cyber war – report - CIR Magazine
Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)
Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA
Vulnerability Management
Years-old Microsoft bugs are still hot targets for criminals • The Register
Old vulnerabilities are still a big problem - Help Net Security
Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)
How China gets free intel on tech companies’ vulnerabilities | Ars Technica
Vulnerabilities
Apple discloses 2 actively exploited zero-days in iPhones, Macs (securityaffairs.com)
Google patches 4 high-rated security issues in latest Chrome 116 update - gHacks Tech News
Two flaws in Apache SuperSet allow to remotely hack servers (securityaffairs.com)
Cisco Patches Critical Vulnerability in BroadWorks Platform - SecurityWeek
Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code (cybersecuritynews.com)
Hackers exploit MinIO storage system to breach corporate networks (bleepingcomputer.com)
ASUS routers vulnerable to critical remote code execution flaws (bleepingcomputer.com)
September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)
Cisco SSO authentication bug patched - Security - Networking - iTnews
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA
Security or performance? Zenbleed forces you to choose | Digital Trends
Tools and Controls
Many businesses still aren't using BYOD protection | TechRadar
Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
An Overview of ENISA’s Risk Management Standards Report | UpGuard
IOCs vs Artifacts How to Filter Out the Noise (govinfosecurity.com)
Time and effort to obtain cyber insurance increasing for US businesses | CSO Online
Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)
Dangling DNS Used to Hijack Subdomains of Major Organisations - SecurityWeek
Why DNS Security Can Be Your Most Problematic Blind Spot (hyas.com)
Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)
Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)
Why Cyber Security Risk Assessment Matters in the Banking Industry (securityintelligence.com)
Cut through cyber security vendor hype with these 6 tips | TechTarget
IAM, cloud security to drive new cyber security spending | CSO Online
Best practices for implementing a proper backup strategy - Help Net Security
Other News
Education Sector Heavily Targeted as the School Year Begins (databreaches.net)
Schools warned of cyberattack threat as new year begins | Science & Tech News | Sky News
Ways to protect WordPress sites and blogs from hacking | Kaspersky official blog
Insecure by design: What you need to know about defending critical infrastructure | CSO Online
Half of Switzerland's large companies have been the victim of a cyber attack | Euronews
Dangling DNS Used to Hijack Subdomains of Major Organizations - SecurityWeek
Securing the future: Safeguarding cyber-physical systems | CSO Online
25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy - SecurityWeek
Cyber security In Focus Ahead Of Berlin NATO Conference | OilPrice.com
10 old-school security principles that (still) rule | CSO Online
Surge in Hospital Hacks Endangers Patients, Cyber Official Says - WSJ
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 4th August 2023
Black Arrow Cyber Threat Intelligence Briefing 04 August 2023:
-Top 12 Exploited Vulnerabilities List Highlights Troubling Reality: Many Organisations Still Are Not Patching
-67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
-Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
-The Generative AI War Between Companies and Hackers is Starting
-Spend to Save: The CFO’s Guide to Cyber Security Investment
-Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
-How the Talent Shortage Impacts Cyber Security Leadership
-Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
-Cyber Insurance and the Ransomware Challenge
-Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
-66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
-Startups Should Move Fast and Remember Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching
A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.
This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.
Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]
67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.
A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.
The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Source: [Security Intelligence]
Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.
Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.
Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]
The Generative AI War Between Companies and Hackers is Starting
To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.
A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.
Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.
Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]
Spend to Save: The CFO’s Guide to Cyber Security Investment
As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.
The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.
It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.
Source: [Security Intelligence]
Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.
There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.
Source [CSO Online]
How the Talent Shortage Impacts Cyber Security Leadership
The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.
Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.
The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.
Source: [Security Intelligence]
Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.
Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.
Source: [Security Brief]
Cyber Insurance and the Ransomware Challenge
The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.
While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.
Sources: [RUSI] [Dark Reading]
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.
"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."
Source: [TheHackerNews]
66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.
In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.
Source: [ITSecurityWire]
UK legal Sector at Risk, National Cyber Security Centre Warns
Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.
The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.
Sources: [Todays Conveyancer] [Infosecurity Magazine]
Startups Should Move Fast and Remember Cyber Security
The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.
The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.
Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]
Governance, Risk and Compliance
Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
CISOs Need Backing to Take Charge of Security (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Threats
Ransomware, Extortion and Destructive Attacks
67% of data breaches start with a single click - Help Net Security
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
The race against time in ransomware attacks - Help Net Security
As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)
Ransomware gang increases attacks on insecure MSSQL servers | CSO Online
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber criminals pivot away from ransomware encryption | Computer Weekly
Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Ransomware Victims
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)
Scottish university UWS targeted by cyber attackers - BBC News
Tempur Sealy isolated tech system to contain cyber burglary • The Register
US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)
Phishing & Email Based Attacks
67% of data breaches start with a single click - Help Net Security
Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
UK calls artificial intelligence a “chronic risk” to its national security | CSO Online
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)
Intersection of generative AI, cyber security and digital trust | TechTarget
Hackers are using AI to create vicious malware, says FBI | Digital Trends
The generative A.I. war between companies and hackers is starting (cnbc.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
OWASP Top 10 for LLM applications is out! - Security Affairs
Think tank wants monitoring of China's AI-enabled products • The Register
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica
Organisations want stronger AI regulation amid growing concerns - Help Net Security
Malware
Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)
Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)
Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)
New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security
MacOS malware discovered on Russian dark web forum | Security Magazine
Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)
Mobile
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)
New smartphone vulnerability could allow hackers to track user location (techxplore.com)
Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
Botnets
Denial of Service/DoS/DDOS
Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)
Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)
Russian hackers crash Italian bank websites, cyber agency says | Reuters
"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Cyber security breaches exposed 146 million records - ITSecurityWire
Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)
Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)
Organised Crime & Criminal Actors
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
How Hackers Trick You With Basic Sales Techniques (makeuseof.com)
Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register
Insider Risk and Insider Threats
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
US military battling cyber threats from within and without • The Register
Deepfakes
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
AML/CFT/Sanctions
Insurance
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Dark Web
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Supply Chain and Third Parties
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Software Supply Chain
Cloud/SaaS
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek
Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop
Identity and Access Management
Encryption
Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)
SCARF cipher sets new standards in protecting sensitive data - Help Net Security
Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post
Open Source
Open-source security challenges and complexities - Help Net Security
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
Social media giants on notice over foreign cyber threat (themandarin.com.au)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Travel
Regulations, Fines and Legislation
Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)
CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch
What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget
Organizations want stronger AI regulation amid growing concerns - Help Net Security
Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)
Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra
Models, Frameworks and Standards
OWASP Top 10 for LLM applications is out! - Security Affairs
Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru
What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget
Careers, Working in Cyber and Information Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek
Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru
White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)
Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW
Law Enforcement Action and Take Downs
Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update
FBI: Without Section 702, we can't ID cyber criminals • The Register
Privacy, Surveillance and Mass Monitoring
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica
Tor’s shadowy reputation will only end if we all use it | Engadget
After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)
Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)
Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent
Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times
Russian hackers crash Italian bank websites, cyber agency says | Reuters
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
China
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica
US senator victim-blames Microsoft for Chinese hack • The Register
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)
US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)
Think tank wants monitoring of China's AI-enabled products • The Register
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
US military battling cyber threats from within and without • The Register
Iran
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Relying on CVSS alone is risky for vulnerability management - Help Net Security
40% of Log4j Downloads Still Vulnerable (securityintelligence.com)
What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)
Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)
Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica
Vulnerabilities
Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek
Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)
New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek
Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK
US fears attacks will continue against Ivanti MDM installs • The Register
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)
Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)
Firefox 116: improved upload performance and security fixes - gHacks Tech News
Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop
Tools and Controls
Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek
Data stolen from millions via missing web app access checks • The Register
Keeping the cloud secure with a mindset shift - Help Net Security
Strengthening security in a multi-SaaS cloud environment | TechCrunch
5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)
AI has a place in cyber, but needs effective evaluation | Computer Weekly
Top 5 benefits of SASE to enhance network security | TechTarget
MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert
What is Data Security Posture Management (DSPM)? (thehackernews.com)
Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)
What is an ISMS (Information Security Management System)? | UpGuard
VPNs remain a risky gamble for remote access - Help Net Security
Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Reports Published in the Last Week
Other News
UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)
Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)
How local governments can combat cyber crime - Help Net Security
Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)
Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)
Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek
80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 June 2023
Black Arrow Cyber Threat Briefing 30 June 2023:
-Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible
-Employees Worry Less About Cyber Security Best Practices in the Summer
-Businesses are Ignoring Third-Party Security Risks
-Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back
-Over 130 Organisations and Millions of Individuals Believed to Be Impacted by MOVEit Hack, it Keeps Growing
-Widespread BEC Attacks Threaten European Organisations
-Lloyd’s Syndicates Sued Over Cyber Insurance
-95% Fear Inadequate Cloud Security Detection and Response
-The Growing Use of Generative AI and the Security Risks They Pose
-The CISO’s Toolkit Must Include Political Capital Within The C-Suite
-Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime
-SMBs Plagued by Exploits, Trojans and Backdoors
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible
Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.
The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.
https://cybernews.com/zurich-insurance-data-leak/
Employees Worry Less About Cyber Security Best Practices in the Summer
IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.
In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.
https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/
https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/
Businesses are Ignoring Third-Party Security Risks
With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.
https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/
Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back
When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.
When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.
Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing
The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.
Widespread BEC Attacks Threaten European Organisations
Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.
BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?
This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.
https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/
Lloyd’s Syndicates Sued Over Cyber Insurance
The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.
UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.
95% Fear Inadequate Cloud Security Detection and Response
A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.
It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.
https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/
The Growing Use of Generative AI and the Security Risks They Pose
A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.
Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.
The CISO’s Toolkit Must Include Political Capital Within The C-Suite
Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime
Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.
This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.
https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah
https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html
SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics
Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.
This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.
The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.
https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors
Governance, Risk and Compliance
Businesses are ignoring third-party security risks - Help Net Security
Employees worry less about cyber security best practices in the summer - Help Net Security
Digital-First Economy Has Transformed Role of CISO- IT Security Guru
SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
NCSC Launches Cyber Risk Management Toolbox - Infosecurity Magazine (infosecurity-magazine.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit hackers may have found simpler business model beyond ransomware | SC Media (scmagazine.com)
Dozens of Businesses Hit Recently by '8Base' Ransomware Gang - SecurityWeek
UK cyber spies warn ransomware criminals targeting law firms • The Register
Cl0p in Your Network? Here's How to Find Out (darkreading.com)
July is Ransomware Month: Reminder to Prepare, Defend Against Hijackers - MSSP Alert
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)
Ransomware Victims
Casualties keep growing in this month’s mass exploitation of MOVEit 0-day | Ars Technica
8 Tech And IT Companies Targeted In The MOVEit Attacks | CRN
MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed (bleepingcomputer.com)
Clop names PWC, Ernst & Young, and Sony in MOVEit hack | Cybernews
UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks (darkreading.com)
Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack - SecurityWeek
10 banks alleged victims of ransomware attacks on file transfer software | American Banker
Almost 770,000 Calpers members hit by cyber attack | Financial Times (ft.com)
Ransomware and phishing attacks continue to plague businesses in Singapore | ZDNET
K-12 schools are revisiting their cyber strategies after year of ransomware attacks (axios.com)
Phishing & Email Based Attacks
Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
How a Layered Security Approach Can Minimise Email Threats - MSSP Alert
Less than half of UK banks implement most secure DMARC level | CSO Online
BEC – Business Email Compromise
Widespread BEC attacks threaten European organisations - Help Net Security
The Current State of Business Email Compromise Attacks (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)
Artificial Intelligence
Sharing Your Business’ Data With ChatGPT: How Risky Is It? - MSSP Alert
OpenAI lawsuit: Maker of ChatGPT sued over alleged data usage | CNN Business
Lawyers who cited fake cases invented by ChatGPT must pay • The Register
Generative AI Projects Pose Major Cyber security Risk to Enterprises (darkreading.com)
How to Deploy Generative AI Safely and Responsibly (trendmicro.com)
Generative-AI apps & ChatGPT: Potential risks and mitigation strategies (thehackernews.com)
Does the world need an arms control treaty for AI? | CyberScoop
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)
AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)
2FA/MFA
Malware
SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)
Hackers Use Weaponized PDF Files to Attack Organisations (cybersecuritynews.com)
New Mockingjay Process Injection Technique Could Let Malware Evade Detection (thehackernews.com)
Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online
NSA warns of ‘false sense of security’ against BlackLotus malware (therecord.media)
Trojanized Super Mario Bros game spreads malware- - Security Affairs
New PindOS JavaScript dropper deploys Bumblebee, IcedID malware (bleepingcomputer.com)
NPM Plagued with ‘Manifest Confusion’ Malware-Hiding Weakness (darkreading.com)
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data (thehackernews.com)
North Korean Andariel APT used a new malware named EarlyRat - Security Affairs
Mobile
Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge
Anatsa Android trojan now steals banking info from users in US, UK (bleepingcomputer.com)
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes (thehackernews.com)
Denial of Service/DoS/DDOS
Global rise in DDoS attacks threatens digital infrastructure - Help Net Security
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)
Internet of Things – IoT
Someone sent mysterious smartwatches to US Military personnel - Security Affairs
The tech flaw that lets hackers control surveillance cameras - BBC News
Data Breaches/Leaks
Latitude hit with $1 million lawsuit over data breach (9news.com.au)
Recruitment portal exposes data of US pilot candidates • The Register
3 Steps to Successfully & Ethically Navigate a Data Breach (darkreading.com)
Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek
US Patent Office Data Spill Exposes Trademark Applications (darkreading.com)
Organised Crime & Criminal Actors
2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek
Security analyst wanted by both Russia and the US • The Register
Former Group-IB manager has been arrested in Kazahstan - Security Affairs
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)
JOKERSPY used to target a cryptocurrency exchange in Japan - Security Affairs
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)
Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)
This Chatbot Gives Phone Call Scammers a Taste of Their Own Medicine (pcmag.com)
The robotic falcon maker who was targeted by cyber criminals - BBC News
Deepfakes
Insurance
University of California Sues Lloyd’s Syndicates Over Cyber Insurance - WSJ
Insurance companies using AI for underwriting and due diligence amid cyber threats | Fox Business
How Big Is the Cyber Insurance Market? Can It Keep Growing? | Lawfare (lawfaremedia.org)
Dark Web
Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs
Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities (bleepingcomputer.com)
Supply Chain and Third Parties
Cloud/SaaS
95% fear inadequate cloud security detection and response - Help Net Security
Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online
5 Pitfalls in Cloud Cyber security’s Shared Responsibility Model - MSSP Alert
Uncovering attacker tactics through cloud honeypots - Help Net Security
How hardening Microsoft 365 tenants mitigates potential cloud attacks - Help Net Security
Outlook for the web outage impacts users across America (bleepingcomputer.com)
3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)
Identity and Access Management
Encryption
Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge
Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer
How to stop quantum computers from breaking the internet’s encryption (sciencenews.org)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Travel
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)
US firm 'breached GDPR' by reputation-scoring EU citizens • The Register
JP Morgan accidentally deletes 47 million comms records • The Register
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
SEC notice to SolarWinds CISO and CFO roils cyber security industry | CSO Online
Skill gap plagues cyber security industry as jobs go unfilled | Mint (livemint.com)
Law Enforcement Action and Take Downs
Hacker responsible for 2020 Twitter breach sentenced to prison | TechCrunch
Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs
2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers (thehackernews.com)
Russian Spies, War Ministers Reliant on Cyber Crime in Pariah State (darkreading.com)
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)
Microsoft hackers say they work for Sudan, not Russia | Fortune
'Chinese spy balloon' was 'crammed' with US hardware • The Register
Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group | CyberScoop
China
China's 'Volt Typhoon' APT Now Exploits Zoho ManageEngine (darkreading.com)
'Chinese spy balloon' was 'crammed' with US hardware • The Register
Iran
The potent cyber adversary threatening to further inflame Iranian politics | CyberScoop
From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon (thehackernews.com)
Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer
North Korea
Misc/Other/Unknown
Vulnerability Management
SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)
Remediation Ballet Is a Pas de Deux of Patch and Performance (darkreading.com)
Micropatches: What they are and how they work - Help Net Security
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)
It's 2023 and out-of-bounds write bugs are still number one • The Register
Vulnerabilities
VMware fixed five memory corruption issues in vCenter Server - Security Affairs
US Cyber security Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog (thehackernews.com)
CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks - SecurityWeek
Serious IDOR Vulnerability Found In Microsoft Teams (latesthackingnews.com)
Fortinet fixes critical FortiNAC RCE, install updates asap - Security Affairs
Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain - SecurityWeek
Critical flaw in VMware Aria Operations for Networks sees mass exploitation | CSO Online
Internet Systems Consortium (ISC) fixed three DoS flaw in BIND - Security Affairs
Chrome 114 Update Patches High-Severity Vulnerabilities - SecurityWeek
Grafana warns of critical auth bypass due to Azure AD integration (bleepingcomputer.com)
The tech flaw that lets hackers control surveillance cameras - BBC News
Exploit released for new Arcserve UDP auth bypass vulnerability (bleepingcomputer.com)
Tools and Controls
95% fear inadequate cloud security detection and response - Help Net Security
How a Layered Security Approach Can Minimize Email Threats - MSSP Alert
ITDR Combines and Refines Familiar Cyber security Approaches (darkreading.com)
Uncovering attacker tactics through cloud honeypots - Help Net Security
10 things every CISO needs to know about identity and access management (IAM) | VentureBeat
FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise (darkreading.com)
3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)
Other News
Businesses count the cost of network downtime - Help Net Security
Exploring the persistent threat of cyber attacks on healthcare - Help Net Security
How Can Manufacturers Stop Being The Top Target For Cyber Crime? (informationsecuritybuzz.com)
Ex-FBI employee jailed for mishandling classified material • The Register
Rapid7: Japan Threat Landscape Takes on Global Significance - SecurityWeek
Over 1500 gas stations disrupted in Canada, after energy giant hacked (bitdefender.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 February 2023
Black Arrow Cyber Threat Briefing 10 February 2023:
-Companies Banned from Paying Hackers After Attacks on Royal Mail and Guardian
-Fraud Set to Be Upgraded as a Threat to National Security
-98% of Attacks are Not Reported by Employees to their Employers
-UK Second Most Targeted Nation Behind America for Ransomware
-Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks
-An Email Attack Can End Up Costing You Over $1 Million
-Cyber Crime Shows No Signs of Slowing Down
-Surge of Swatting Attacks Targets Corporate Executive and Board Members
-Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom
-Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn
-Crypto Investors Lost Nearly $4 Billion to Hackers in 2022
-PayPal and Twitter Abused in Turkey Relief Donation Scams
-Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian
British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.
UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.
Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.
The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.
Fraud Set to Be Upgraded as a Threat to National Security
Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.
It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.
It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.
https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/
98% of Attacks are Not Reported by Employees to their Employers
Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.
UK Second Most Targeted Nation Behind America for Ransomware
Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.
Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks
This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.
An Email Attack Can End Up Costing You Over $1 Million
According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.
https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/
Cyber Crime Shows No Signs of Slowing Down
Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.
https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down
Surge of Swatting Attacks Targets Corporate Executive and Board Members
Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.
Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom
Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.
https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead
Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn
A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.
https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks
Crypto Investors Lost Nearly $4 Billion to Hackers in 2022
Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.
PayPal and Twitter Abused in Turkey Relief Donation Scams
Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.
Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers
For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.
Threats
Ransomware, Extortion and Destructive Attacks
UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online
US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek
UK second most targeted nation behind America for Ransomware - IT Security Guru
Hackers who breached ION say ransom paid; company declines comment | Reuters
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (bleepingcomputer.com)
Royal Ransomware adds support for encrypting Linux, VMware ESXi systems-security affairs
Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualisation Risks (darkreading.com)
Lessons Learned on Ransomware Prevention from the Rackspace Attack (bleepingcomputer.com)
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek
Ransomware Revolution: 4 Types of Cyber Risks in 2023 (trendmicro.com)
Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget
Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)
Nevada Ransomware has released upgraded locker - Help Net Security
Italy, France and Singapore Warn of a Spike in ESXI Ransomware-security affairs
Massive ransomware attack targets VMware ESXi servers worldwide | CSO Online
LockBit ransomware gang claims Royal Mail cyber ttack (bleepingcomputer.com)
Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)
New Linux variant of Clop Ransomware uses a flawed encryption-security affairs
After Hive takedown, could the LockBit ransomware crew be the next to fall? | CyberScoop
Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack (gizmodo.com)
Largest Canadian bookstore Indigo shuts down site after cyber ttack (bleepingcomputer.com)
Hackers hit Vesuvius, UK engineering company shuts down affected systems • Graham Cluley
MKS Instruments falls victim to ransomware attack | CSO Online
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | CyberScoop
Phishing & Email Based Attacks
Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)
Employees Fail to Report 98% of Email Cyber Hacks To Security Teams, Study Finds - MSSP Alert
An email attack can end up costing you over $1 million - Help Net Security
What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)
How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)
Cyber criminals exploit volatile job market for targeted email attacks - Help Net Security
'Phishing-as-a-service' kits drive uptick in theft: One business owner's story (cnbc.com)
Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)
NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)
BEC – Business Email Compromise
Malware
Hacker develops new 'Screenshotter' malware to find high-value targets (bleepingcomputer.com)
Threat group targets over 1,000 companies with screenshotting and infostealing malware | CSO Online
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek
Android mobile devices from top vendors in China have pre-installed malware-security affairs
Hackers backdoor Windows devices in Sliver and BYOVD attacks (bleepingcomputer.com)
GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (thehackernews.com)
Novel Banking Trojan 'PixPirate' Targets Brazil - Infosecurity Magazine (infosecurity-magazine.com)
New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)
Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (thehackernews.com)
Mobile
Android mobile devices from top vendors in China have pre-installed malware-security affairs
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek
Android phones from Chinese vendors share private data • The Register
'Money Lover' Finance App Exposes User Data (darkreading.com)
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
Android 14 to block malware from abusing sensitive permissions (bleepingcomputer.com)
UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)
Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek
Denial of Service/DoS/DDOS
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
Tor and I2P networks hit by wave of ongoing DDoS attacks (bleepingcomputer.com)
Experts published a list of proxy IPs used by the group Killnet-security affairs
Internet of Things – IoT
Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)
Security manufacturer’s smart cameras went dark for two hours (mybroadband.co.za)
Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek
NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)
Data Breaches/Leaks
Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)
Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (bleepingcomputer.com)
20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder - SecurityWeek
Over 12% of analysed online stores expose private data, backups (bleepingcomputer.com)
'Money Lover' Finance App Exposes User Data (darkreading.com)
Reddit Suffers Security Breach Exposing Internal Documents and Source Code (thehackernews.com)
Organised Crime & Criminal Actors
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)
Minister: Cyber crimes Now 20% of Spain’s Registered Offenses - SecurityWeek
Finland’s Most-Wanted Hacker Nabbed in France – Krebs on Security
Australian Man Sentenced for Scam Related to Optus Hack - SecurityWeek
Bungling Optus scammer was no criminal mastermind • Graham Cluley
Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto investors lost nearly $4 billion to hackers in 2022 (cnbc.com)
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)
Avraham Eisenberg in court accused of crypto exchange crash • The Register
Crypto Drainers Are Ready to Ransack Investor Wallets (darkreading.com)
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
FTX Being Advised by Cyber security Firm Sygnia on Hack Inquiry, CEO Ray Says (coindesk.com)
Scammers steal $4 million in crypto during in-person meeting • The Register
Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs (trendmicro.com)
Insider Risk and Insider Threats
Another RAC staffer nabbed for sharing road accident data • The Register
Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (bitdefender.com)
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Fraud, Scams & Financial Crime
PayPal and Twitter abused in Turkey relief donation scams (bleepingcomputer.com)
Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)
Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
As V-Day nears: Romance scams cost victims $1.3B last year • The Register
What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)
Father killed himself after falling victim to romance scam | News | The Times
'Brushing' scams send people free items, but could be a warning sign about a data breach - ABC News
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
Banks leave doors open for scammers with flaws in online security | This is Money
Trio Arrested in COVID PPE Fraud Probe - Infosecurity Magazine (infosecurity-magazine.com)
Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs
Impersonation Attacks
What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)
HTML smuggling campaigns impersonate well-known brands to deliver malware | CSO Online
AML/CFT/Sanctions
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online
US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek
Insurance
Tackling the New Cyber Insurance Requirements: Can Your Organisation Comply? (thehackernews.com)
How to Optimise Your Cyber Insurance Coverage (darkreading.com)
Dark Web
BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow (informationsecuritybuzz.com)
Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Supply Chain and Third Parties
Have we learnt nothing from SolarWinds supply chain attacks? • The Register
Vulnerability Provided Access to Toyota Supplier Management Network - SecurityWeek
Software Supply Chain
Cloud/SaaS
Cloud Apps Still Demand Way More Privileges Than They Use (darkreading.com)
Amazon S3 to apply security best practices for all new buckets - Help Net Security
Why Some Cloud Services Vulnerabilities Are So Hard to Fix (darkreading.com)
Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)
7 Critical Cloud Threats Facing the Enterprise in 2023 (darkreading.com)
Hybrid/Remote Working
Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)
Predictions For Securing Today's Hybrid Workforce (darkreading.com)
Identity and Access Management
Encryption
It Isn't Time to Worry About Quantum Computing Just Yet (darkreading.com)
UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)
API
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis? (darkreading.com)
Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs
Malvertising
Training, Education and Awareness
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Infosec Launches New Office Comedy Themed Security Awareness Training Series (darkreading.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)
While governments pass privacy laws, companies struggle to change - Help Net Security
Prioritising Cyber security Regulation Harmonisation (darkreading.com)
Governance, Risk and Compliance
Quarter of CFOs Have Suffered $1m+ Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)
Trends that impact on organisations' 2023 security priorities - Help Net Security
With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)
Optimising Cyber security Investments in a Constrained Spending Environment (darkreading.com)
Surge of swatting attacks targets corporate executives and board members | CSO Online
Lessons From the Cold War: How Quality Trumps Quantity in Cyber security (darkreading.com)
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Models, Frameworks and Standards
Data Protection
Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)
While governments pass privacy laws, companies struggle to change - Help Net Security
Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)
Law Enforcement Action and Take Downs
European Police Arrest 42 After Cracking Covert App - SecurityWeek
Eurocops shut down Exclu encrypted messaging app • The Register
Finnish psychotherapy extortion suspect arrested in France – Naked Security (sophos.com)
Privacy, Surveillance and Mass Monitoring
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
Steps To Planning And Implementation Of Data Privacy (informationsecuritybuzz.com)
ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica
Artificial Intelligence
Adversaries Using OpenAI’s ChatGPT Chatbot for Cyber Attacks? Here are Some Clues - MSSP Alert
Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)
IT Leaders Reveal Cyber Fears Around ChatGPT - Infosecurity Magazine (infosecurity-magazine.com)
How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)
ChatGPT's potential to aid attackers puts IT pros on high alert - Help Net Security
Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica
ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica
Jailbreak Trick Breaks ChatGPT Content Safeguards (darkreading.com)
Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)
Google's Bard AI bot mistake wipes $100bn off shares - BBC News
$120bn wiped off Google after Bard AI chatbot gives wrong answer (telegraph.co.uk)
Why ChatGPT Isn't a Death Sentence for Cyber Defenders (darkreading.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Pro-Russian hacktivist group Killnet could just be getting started (axios.com)
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
Android mobile devices from top vendors in China have pre-installed malware-security affairs
China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
What is hybrid warfare? Inside the centre dealing with modern threats - BBC News
DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)
Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)
The impact of Russia's Ukraine invasion on digital threats - Help Net Security
Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)
Spies, Hackers, Informants: How China Snoops on the US - SecurityWeek
US teases new China tech sanctions to deflate balloon-makers • The Register
Nation State Actors
Pro-Russian hacktivist group Killnet could just be getting started (axios.com)
With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
Android mobile devices from top vendors in China have pre-installed malware-security affairs
China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)
Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op - SecurityWeek
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
Android phones from Chinese vendors share private data • The Register
DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)
SNP MP Stewart McDonald's emails hacked by Russian group - BBC News
Australia to remove Chinese surveillance cameras amid security fears - BBC News
Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
UN Experts: North Korean Hackers Stole Record Virtual Assets - SecurityWeek
Mysterious Russian satellites are now breaking apart in low-Earth orbit | Ars Technica
The impact of Russia's Ukraine invasion on digital threats - Help Net Security
Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)
Experts published a list of proxy IPs used by the group Killnet-security affairs
NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)
US teases new China tech sanctions to deflate balloon-makers • The Register
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | Cyber scoop
Vulnerability Management
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition | CSO Online
Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)
Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget
How to fix the top 5 cyber security vulnerabilities | TechTarget
20 Powerful Vulnerability Scanning Tools In 2023 (informationsecuritybuzz.com)
Vulnerabilities
High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)
GoAnywhere MFT Users Warned of Zero-Day Exploit - SecurityWeek
Serious security hole plugged in infosec tool binwalk | The Daily Swig (portswigger.net)
Cisco fixed command injection bug in IOx Application Hosting Environment-security affairs
Vulnerability In F5 BIG-IP May Cause DoS And Code Execution (informationsecuritybuzz.com)
GoAnywhere MFT zero-day flaw actively exploited-security affairs
Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release-security affairs
Critical vulnerability patched in Jira Service Management Server and Data Center | CSO Online
Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (thehackernews.com)
Exploit released for actively exploited GoAnywhere MFT zero-day (bleepingcomputer.com)
Patch Released for Actively Exploited GoAnywhere MFT Zero-Day - SecurityWeek
Unpatched Security Flaws Disclosed in Multiple Document Management Systems (thehackernews.com)
SonicWall warns web content filtering is broken on Windows 11 22H2 (bleepingcomputer.com)
OpenSSL Fixes Multiple New Security Flaws with Latest Update (thehackernews.com)
Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek
Tools and Controls
Other News
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
How to Think Like a Hacker and Stay Ahead of Threats (thehackernews.com)
Surge of swatting a attacks targets corporate executives and board members | CSO Online
Bermuda: Major Internet And Power Outage Strikes (informationsecuritybuzz.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 July 2022
Black Arrow Cyber Threat Briefing 08 July 2022:
-Businesses Urged Not To Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts
-People Are the Primary Attack Vector Around the World
-Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams
-54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)
-New Cyber Threat Emerges from the Inside, Research Report Finds
-Ransomware: Why it's still a big threat, and where the gangs are going next
-NCSC: Prepare for Protected Period of Heightened Cyber-Risk
-69% Of Employees Need to Deal With More Security Measures In A Hybrid Work Environment
-FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying
-As Cyber Criminals Recycle Ransomware, They're Getting Faster
-UK Military Investigates Hacks on Army Social Media Accounts
-APT Campaign Targeting SOHO Routers Highlights Risks to Remote Workers
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Businesses Urged Not to Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts
While there have been arguments made for criminalising the payment of ransoms, it poses a number of additional risks such as providing the criminals with an additional factor they could use to extort their victims.
Businesses are being urged not to pay cyber extortionists as authorities say they are seeing evidence of a rise in ransomware payments.
In a joint letter to the Law Society, the National Cyber Security Centre (NCSC) and the Information Commissioner's Office are warning solicitors who may have been advising their clients to pay.
It follows warnings earlier this year by cyber security experts from the UK, US, and Australia of a "growing wave of increasingly sophisticated ransomware attacks" which could have "devastating consequences".
The joint letter states that while ransomware payments are "not unusually unlawful" those who pay them "should be mindful of how relevant sanctions regimes (particularly those related to Russia)" when considering making the payment.
The US sanctioned in December 2019 any financial dealings with a Russian cyber crime group that was accused of working with Russian intelligence to steal classified government documents.
Despite the spillover from the Russian war in Ukraine - in one case knocking 5,800 wind turbines in Germany offline - the NCSC says it has not detected any increase in hostile activity targeting Britain during the conflict.
Businesses however had been warned that there is a heightened threat level when it comes to cyber attacks due to the conflict which is likely to be here "for the long-haul".
People Are the Primary Attack Vector Around the World
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber secure workforce and an engaged security culture.
People have become the primary attack vector for cyber-attackers around the world. Humans, rather than technology, represent the greatest risk to organisations and the professionals who oversee security awareness programs are the key to effectively managing that risk.
Awareness programs enable security teams to effectively manage their human risk by changing how people think about cyber security and help them exhibit secure behaviours, from the Board of Directors on down.
Effective and mature security awareness programs not only change their workforce’s behaviour and culture but also measure and demonstrate their value to leadership via a metrics framework. Organisations can no longer justify an annual training to tick the compliance box, and it remains critical for organisations to dedicate enough personnel, resources, and tools to manage their human risk effectively.
https://www.helpnetsecurity.com/2022/07/05/people-primary-attack-vector/
Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails.
Avoiding a costly social engineering attack often requires employees to spot suspicious emails before threat actors request sensitive information or access.
Cofense Intelligence published new research Thursday that showed most business email compromise (BEC) scams can be thwarted in their initial stages when the attackers are not asking for money or a transfer of funds. The cyber security vendor analysed hundreds of BEC emails sent to customers during March and April, and engaged with the threat actors in approximately half the cases.
The company found that only 36% of attackers looking to conduct fraud attacks opened with a cordial greeting and request for cash, gift cards or confidential payment information. Most BEC scams, Cofense found, attempt to slowly build up trust over the course of multiple email exchanges with the target and ingratiate them with common phrases like "sorry to bother you."
Once they realise they can get money out of you, they will do everything they can to drain you dry. For many of the scammers, this becomes a literal hustle, where they will quickly pivot to other cash-out methods. Just because something starts as a wire transfer doesn't mean they won't ask you to send cryptocurrency, gift cards, a cheque, or use your personal Venmo or PayPal to wire them money.
54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)
SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business Multi-Factor Authentication (MFA) Study released by the Cyber Readiness Institute (CRI).
Services that enforce MFA require users to present more than one piece of evidence whenever they log in to a business account (e.g., company email, payroll, human resources, etc.).
MFA has been in use for decades and is widely recommended by cyber security experts, yet 55% of SMBs surveyed are not “very aware” of MFA and its security benefits, and 54% do not use it for their business. Of the businesses that have not implemented MFA, 47% noted they either didn’t understand MFA or didn’t see its value. In addition, nearly 60% of small business and medium-sized owners have not discussed MFA with their employees.
Nearly all account compromise attacks can be stopped outright, just by using MFA. It’s a proven, effective way to thwart bad actors.
Of the companies that have implemented some form of MFA, many still seem to have done so haphazardly. Only 39% of those who offer MFA have a process for prioritising critical hardware, software, and data, with 49% merely “encouraging the use of MFA when it is available.”
https://www.helpnetsecurity.com/2022/07/08/smb-implement-mfa/
New Cyber Threat Emerges from the Inside, Research Report Finds
In its 2022 Insider Risk Intelligence & Research Report, DTEX Systems, a workforce cyber intelligence and security company, identifies a new cyber threat: the “Super Malicious Insider.”
Just what is a Super Malicious Insider and where does it come from? Well, it comes from inside your own organisation or someone who recently worked for you — a threat actor who may be truly of your own making.
“It was the year (2021) we all came to realise the Work-from-Anywhere (WFA) movement was here to stay,” DTEX reports. “For security and risk professionals, this hastened the end of corporate perimeter-centric security, and a requirement to protect hundreds of thousands of ‘remote offices’ outside of traditional corporate controls. To make matters worse, a measurable increase in employee attrition toward the end of 2021 created the perfect storm for insider threats.”
So, if your organisation didn’t observe a proportional increase in attempted or actual data loss, then you were likely not looking, DTEX asserts.
Critically your insiders know your vulnerabilities and can exploit them, for example, when an employee quits to join a competitor, it is often tempting to take proprietary information with them. This can include customer lists, product plans, financial data and other intellectual property.
The Super Malicious Insider is better able to hide their activities, obfuscate data and exfiltrate sensitive information without detection. Importantly, in numerous insider incidents reviewed in 2021, the Super Malicious Insider had made significant efforts to appear normal by not straying outside of their day-to-day routine, DTEX reports.
Here are some key statistics from the report:
Industrial espionage is at an all-time high. In 2021, 72% of respondents saw an increase in actionable insider threat incidents. IP or data theft led the list at 42% of incidents, followed by unauthorised or accidental disclosure (23%), sabotage (19%), fraud (%) and other (7%). In fact, 42% of all DTEX i3 investigations involved theft of IP or customer data.
The technology industry (38%), followed by pharma/life sciences (21%), accounted for the most IP theft incidents. In addition, technology (33%) had the most super malicious incidents, followed by critical infrastructure (24%) and government (11%).
Investigations that led to criminal prosecution occurred within someone’s home 75% of the time. More telling, 32% of malicious incident incidents included sophisticated insider techniques.
Ransomware: Why It's Still A Big Threat, And Where The Gangs Are Going Next
Ransomware attacks are still lucrative for cyber criminals because victims pay ransoms - and the threat is still evolving.
Ransomware has been a cyber security issue for a long time, but last year it went mainstream. Security threats like malware, ransomware and hacking gangs are always evolving.
Major ransomware attacks like those on Colonial Pipeline, the Irish Healthcare Executive and many others demonstrated how significant the problem had become as cyber attacks disrupted people's lives.
What was once a small cyber-criminal industry based around encrypting files on personal computers and demanding a ransom of a few hundred dollars for a decryption key had evolved into a massive ecosystem designed around holding critical services and infrastructure to ransom - and making extortion demands of millions of dollars.
No wonder Lindy Cameron, head of the UK's National Cyber Security Centre (NCSC), has described ransomware as "the biggest global cyber threat".
Ransomware is continually evolving, with new variants appearing, new ransomware groups emerging, and new techniques and tactics designed to make the most money from attacks.
And as the recent Conti ransomware leaks showed, the most successful ransomware gangs are organised as if they were any other group of software developers.
They are really acting like a business. Aside from the fact they're not legitimately registered, they really are. They're functioning like a real business and sometimes the number of people within these organisations is bigger than some startups. They have shown a lot of resilience and a lot of agility in adapting to what's new.
NCSC: Prepare for Protracted Period of Heightened Cyber Risk
The UK’s leading cyber security agency has urged organisations to follow best practices and take care of their infosecurity staff in order to weather an extended period of elevated cyber risk due to the ongoing war in Ukraine.
The National Cyber Security Centre (NCSC) guide, Maintaining A Sustainable Strengthened Cyber Security Posture, comes on the back of warnings that organisations must “prepare for the long haul” as the conflict enters its fifth month.
Alongside basic hygiene controls, the strengthening of cyber-resilience and revisiting of risk-based decisions made in the earlier acute phase of the war, organisations should pay special attention to their security staff, the NCSC said.
“Increased workloads for cyber security staff over an extended period can harm their wellbeing and lead to lower productivity, with a potential rise in unsafe behaviours or errors,” it said.
With this in mind, the guide highlighted several steps IT security managers should consider:
Empower staff to make decisions in order to improve agility and free-up leaders to focus on medium-term priorities
Spread workloads evenly across a wider pool of staff to reduce the risk of burnout and enable less experienced employees to benefit from development opportunities
Provide opportunities for staff to recharge through more frequent breaks and time away from the office, as well as work on less pressured tasks
Look after each other by watching for signs that colleagues are struggling and ensuring they always have the right resources to hand
Engage the entire workforce with the right internal communications processes, and support so that all staff are able to identify and report suspicious behaviour
https://www.infosecurity-magazine.com/news/ncsc-prepare-cyber-risk/
69% Of Employees Need to Deal with More Security Measures In A Hybrid Work Environment
Security firm Ivanti worked with global digital transformation experts and surveyed 10,000 office workers, IT professionals, and the C-Suite to evaluate the level of prioritisation and adoption of digital employee experience in organisations and how it shapes the daily working experiences for employees. The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe that the way they interact with technology directly impacts morale.
One of the biggest challenges facing IT leaders today is the need to enable a seamless end user experience while maintaining robust security. The challenge becomes more complex when there is pressure from the top to bypass security measures, with 49% of C-level executives reporting they have requested to bypass one or more security measures in the last year.
Maintaining a secure environment and focusing on the digital employee experience are two inseparable elements of any digital transformation. In the war for talent a key differentiator for organisations is providing an exceptional and secure digital experience. Ivanti, a cyber security software provider, says “We believe that organisations not prioritising how their employees experience technology is a contributing factor for the Great Resignation”.
https://www.helpnetsecurity.com/2022/07/04/security-measures-hybrid-work-environment/
FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying
The head of the FBI and the leader of Britain’s domestic intelligence agency have delivered an unprecedented joint address, raising fresh alarm about the Chinese government, warning business leaders that Beijing is determined to steal their technology for competitive gain.
In a speech at MI5’s London headquarters intended as a show of western solidarity, Christopher Wray, the FBI director, stood alongside the MI5 director general, Ken McCallum. Wray reaffirmed longstanding concerns about economic espionage and hacking operations by China, as well as the Chinese government’s efforts to stifle dissent abroad.
“We consistently see that it’s the Chinese government that poses the biggest long-term threat to our economic and national security, and by ‘our’, I mean both of our nations, along with our allies in Europe and elsewhere,” Wray said.
He told the audience the Chinese government was “set on stealing your technology, whatever it is that makes your industry tick, and using it to undercut your business and dominate your market”.
Ken McCallum said MI5 was running seven times as many investigations into China as it had been four years ago and planned to “grow as much again” to tackle the widespread attempts at inference which pervade “so many aspects of our national life”.
https://www.theguardian.com/world/2022/jul/06/fbi-mi5-china-spying-cyberattacks-business-economy
As Cyber Criminals Recycle Ransomware, They're Getting Faster
Like history, ransomware repeats itself. Researchers recently encountered a new variant of a ransomware campaign and observed that it has been improving itself by reusing code from publicly available sources.
Nokoyawa is a new ransomware for Windows that first appeared at the beginning of this year. The first samples found by researchers were gathered in February 2022 and contain significant coding similarities with other older ransomware strains, some going back to 2019.
These new variants had been improving themselves by reusing code from publicly available sources. The April 2022 samples include three new features that increase the number of files that Nokoyawa can encrypt. These features already existed in recent ransomware families, and their addition just indicates that Nokoyawa developers are trying to match pace with other operators in terms of technological capability.
https://www.securityweek.com/cybercriminals-recycle-ransomware-theyre-getting-faster
UK Military Investigates Hacks on Army Social Media Accounts
British military authorities are trying to find out who hacked the army’s social media accounts over the weekend, flooding them with cryptocurrency videos and posts related to collectible electronic art.
The investigation was launched after authorised content on the army’s YouTube account was replaced with a video feed promoting cryptocurrencies that included images of billionaire Elon Musk. The Army’s Twitter account retweeted a number of posts about non-fungible tokens, unique digital images that can be bought and sold but have no physical counterpart.
“Apologies for the temporary interruption to our feed,” the Army said in a tweet posted after the Twitter account was restored on Sunday. “We will conduct a full investigation and learn from this incident. Thanks for following us, and normal service will now resume.”
The Ministry of Defence said late Sunday that both breaches had been “resolved.”
While internet users were unable to access the Army’s YouTube site on Monday, a spokesperson said the site was down for standard maintenance. The Twitter feed was operating normally.
Although U.K. officials have previously raised concerns about state-sponsored Russian hacking, the military did not speculate on who was responsible for Sunday’s breaches.
“The Army takes information security extremely seriously, and until their investigation is complete it would be inappropriate to comment further,” the Ministry of Defence said.
https://www.securityweek.com/uk-military-investigates-hacks-army-social-media-accounts
Campaign Targeting SOHO Routers Highlights Risks to Remote Workers
A targeted attack campaign has been compromising small office/home office (SOHO) routers since late 2020, with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself.
"The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defence-in-depth protections by targeting the weakest points of the new network perimeter - devices that are routinely purchased by consumers but rarely monitored or patched - small office/home office (SOHO) routers," researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.
Threats
Ransomware
Lawyers Urged to Stop Advising Clients to Pay Ransomware Demands - Infosecurity Magazine
Ransomware in 2022: Evolving threats, slow progress (techtarget.com)
AstraLocker ransomware closes doors to pursue cryptojacking • The Register
Ransomware gangs are feeling the crypto winter's impact | TechSpot
LockBit explained: How it has become the most popular ransomware | CSO Online
Hive ransomware gang turns to Rust, more complex encryption • The Register
New RedAlert Ransomware targets Windows, Linux VMware ESXi servers (bleepingcomputer.com)
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)
North Korean ransomware dubbed Maui active since May 2021 • The Register
Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method (thehackernews.com)
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)
New 'HavanaCrypt' Ransomware Distributed as Fake Google Software Update | SecurityWeek.Com
As New Clues Emerges, Experts Wonder: Is REvil Back? (thehackernews.com)
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)
New 0mega ransomware targets businesses in double-extortion attacks (bleepingcomputer.com)
Evolution of the LockBit Ransomware operation relies on new techniques - Security Affairs
AstraLocker ransomware shuts down and releases decryptors (bleepingcomputer.com)
QNAP warns of new Checkmate ransomware targeting NAS devices (bleepingcomputer.com)
Quantum ransomware attack affects 657 healthcare orgs (bleepingcomputer.com)
How Conti ransomware group crippled Costa Rica — then fell apart | Financial Times (ft.com)
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)
EternalBlue 5 years after WannaCry and NotPetya - SANS Internet Storm Center
Phishing & Email Based Attacks
Malware
Hackers Exploiting Follina Bug to Deploy Rozena Backdoor (thehackernews.com)
Dangerous new malware dances past more than 50 antivirus services | TechRadar
Raspberry Robin campaign leverages compromised QNAP devicesSecurity Affairs
Malware knocks IT services vendor SHI offline • The Register
Near-undetectable malware linked to Russia's Cozy Bear • The Register
New stealthy OrBit malware steals data from Linux devices (bleepingcomputer.com)
Hackers are using YouTube videos to trick people into installing malware | TechRadar
Mobile
This WhatsApp scam promises big, but just sends you into a spiral | ZDNet
Android malware subscribes you to premium services without you knowing - GSMArena.com news
Free smartphone stalkerware detection tool gets dedicated hub (bleepingcomputer.com)
Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)
Internet of Things – IoT
Data Breaches/Leaks
Marriott Data Breach Exposes PII, Credit Cards (darkreading.com)
Aon Hack Exposed Sensitive Information of 146,000 Customers - Infosecurity Magazine
Hackers Claim to Have Stolen Police Data in China’s Largest Cyber Security Breach - Bloomberg
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ransomware gangs are feeling the crypto winter's impact | TechSpot
AstraLocker ransomware closes doors to pursue cryptojacking • The Register
Hackers are using YouTube videos to trick people into installing malware | TechRadar
PennyWise crypto-stealing malware spreads through YouTube (cointelegraph.com)
US urges Japan to step up pressure on crypto miners with links to Russia | Financial Times (ft.com)
Large-scale cryptomining campaign is targeting the NPM repositorySecurity Affairs
ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru
Insider Risk and Insider Threats
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost
HackerOne incident raises concerns for insider threats (techtarget.com)
Fraud, Scams & Financial Crime
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru
What Do All of Those Cloud Cyber Security Acronyms Mean? (darkreading.com)
Identity and Access Management
Asset Management
Encryption
Encryption is high up on corporate priority lists - Help Net Security
Quantum-resistant encryption recommended for standardization • The Register
The threat of quantum computing to sensitive data - Help Net Security
Inside NIST's 4 Crypto Algorithms for a Post-Quantum World (darkreading.com)
End-to-end encryption’s central role in modern self-defence | Ars Technica
API
Open Source
Social Media
Digital Transformation
Travel
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
ICO Set to Scale Back Public Sector Fines - Infosecurity Magazine
ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)
Wegmans hit with $400,000 data-breach penalty (democratandchronicle.com)
Models, Frameworks and Standards
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware (thehackernews.com)
Pro-Kremlin hackers Killnet hit Latvia with biggest cyber attack in its history | World | The Times
TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (thehackernews.com)
NATO Announce Plans to Develop Cyber Rapid Response Capabilities - IT Security Guru
FBI and MI5 bosses: China cheats and steals at massive scale • The Register
Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop
In Switch, Trickbot Group Now Attacking Ukrainian Targets (darkreading.com)
Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)
Nation State Actors
Nation State Actors – Russia
Russian Info Ops Ramp Up Effort to Divide West on Ukraine - Infosecurity Magazine
Near-undetectable malware linked to Russia's Cozy Bear • The Register
Nation State Actors – China
China Censors What Could Be Biggest Data Hack in History (gizmodo.com)
Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop
China’s Cabinet Stresses Cyber Security After Data Leak - Bloomberg
Security warning after sale of stolen Chinese data - BBC News
Five accused of trying to silence China critics in US • The Register
50 Chinese students leave UK in three years after spy chiefs’ warning | Espionage | The Guardian
More UK calls for ban of CCTV makers Hikvision, Dahua • The Register
Nation State Actors – North Korea
Russian information operations focus on dividing Western coalition supporting Ukraine - CyberScoop
North Korean ransomware dubbed Maui active since May 2021 • The Register
Nation State Actors – Iran
Vulnerabilities
Cisco and Fortinet Release Security Patches for Multiple Products (thehackernews.com)
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE - Security Affairs
Django fixes SQL Injection vulnerability in new releases (bleepingcomputer.com)
Google fixes the fourth Chrome zero-day in 2022 - Security Affairs - Security Affairs
Tens of Jenkins plugins are affected by zero-day vulnerabilities - Security Affairs
OpenSSL fixes two “one-liner” crypto bugs – what you need to know – Naked Security (sophos.com)
Fortinet addressed multiple vulnerabilities in several products - Security Affairs
There’s a Nasty Security Hole in the Apache Webserver – The New Stack
Sector Specific
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
We currently provide tailored threat intelligence based on the following sectors, additional sectors by arrangement:
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Other News
These are the cyber security threats of tomorrow that you should be thinking about today | ZDNet
Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk (darkreading.com)
Microsoft rolls back plan to block macros by default • Graham Cluley
Attacker groups adopt new penetration testing tool Brute Ratel | CSO Online
Security tester says he broke into datacenter via toilets • The Register
SQL injection, XSS vulnerabilities continue to plague organisations | CSO Online
Imagination is key to effective data loss prevention - Help Net Security
The Age of Collaborative Security: What Tens of Thousands of Machines Witness (thehackernews.com)
Maintaining a sustainable strengthened cyber security posture - NCSC.GOV.UK
Zero Trust Bolsters Our National Defence Against Rising Cyber Threats (darkreading.com)
Security advisory accidentally exposes vulnerable systems (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 June 2022
Black Arrow Cyber Threat Briefing 03 June 2022
-Turbulent Cyber Insurance Market Sees Rising Prices and Sinking Coverage
-Ransomware Attacks Still The #1 Threat to Businesses and Organisations
-Third of UK Firms Have Experienced a Security Breach Since 2020
-There Is No Good Digital Transformation Without Cyber Security
-Ransomware Gang Now Hacks Corporate Websites to Show Ransom Notes
-Attackers Are Leveraging Follina, a Critical Microsoft Windows Vulnerability Affecting Nearly All Versions of Windows and Windows Server. What Can You Do?
-Ransomware Attacks Need Less Than Four Days to Encrypt Systems
-57% Of All Digital Crimes In 2021 Were Scams
-Intelligence Is Key to Strategic Business Decisions
-How Cyber Criminals Are Targeting Executives at Home and Their Families
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Turbulent Cyber Insurance Market Sees Rising Prices And Sinking Coverage
As insurers and brokers reckon with unexpected losses, they're charging more for policies and setting higher requirements.
Chaos reigns in the cyber insurance market. Brokers and cyber insurance carriers — the companies that actually offer the policies — are tightening requirements on what applicants need to do to obtain policies due to losses the insurers have suffered from ransomware coverage. During the past year, premiums grew 18% in the first quarter of 2021 and were up 34% in the fourth quarter of 2021, according to Jess Burn, senior analyst at Forrester.
Organisations often find they cannot obtain cyber insurance, are not being renewed for coverage they already have, or are faced with soaring prices and shrinking coverage. Despite the value many organisations put on cyber insurance — in some cases, they're required to carry it to comply with regulations — obtaining such policies is getting more difficult.
While raising premiums, some insurers are reducing coverage. If an organisation bought $10 million worth of coverage for a given price in 2021, for example, renewing that policy in 2022 might see the coverage amount fall to $3 million and the premiums for that lower coverage rise. This phenomenon is due, in part, to insurers trying to strike the right balance of customers' risk profile versus their risk-mitigation efforts.
Ransomware Attacks Still The #1 Threat To Businesses And Organisations
In 2021, ransomware attacks continued to be one of the most prominent threats targeting businesses and organisations worldwide.
High-profile attacks disrupted operations of companies in various sectors.
For example, the Colonial Pipeline attack interrupted critical infrastructure, the JBS Foods attack influenced food processing, and the CNA breach disrupted the insurance industry.
Following the attacks, pressure of law enforcement on ransomware gangs intensified, though simultaneously these threat actors continued to evolve.
They are not only becoming more technologically sophisticated but are also extensively leveraging the growing cyber crime ecosystem looking to find new partners, services and tools for their operations.
https://www.helpnetsecurity.com/2022/05/30/ransomware-trends-video/
Third Of UK Firms Have Experienced A Security Breach Since 2020
Cyber threats are behind soaring fraud and economic crime in the UK, where rates are now second only globally to South Africa, according to PwC.
The consulting giant’s latest Global Economic Crime Survey revealed that nearly two-thirds (64%) of UK businesses experienced fraud, corruption or other economic/financial crime during the past 24 months, a significant increase on the 56% recorded in 2020, and 50% in 2018.
It’s also much higher than the 2022 global average of 46%, PwC said.
Cyber crime was the most commonly reported fraud type, although figures here dropped from 42% in 2020 to 32% in 2022. Included for the first time in the report, supply chain incidents accounted for 19%.
Most (51%) reported fraud cases in the UK were traced back to external parties, versus just 43% globally. The top three culprits were cited as customers, hackers and vendors/suppliers.
https://www.infosecurity-magazine.com/news/third-uk-security-breach-2020/
There Is No Good Digital Transformation Without Cyber Security
Network engineers and CIOs agree that cyber security issues represent the biggest risk for organisations that fail to put networks at the heart of digital transformation plans. According to research commissioned by Opengear, 53% of network engineers and 52% of CIOs polled in the US, UK, France, Germany, and Australia rank cyber security among the list of their biggest risks.
The concerns are fuelled by an escalating number of cyber attacks. In fact, 61% of CIOs report an increase in cyber security attacks/breaches from 2020-21 compared to the preceding two years. For digital transformation of networking, 70% of network engineers say security is the most important focus area, and 31% say network security is their biggest networking priority.
Digital transformation is a priority, but cyber security risk remains. CIOs also understand the importance of the issues. 51% of network engineers say their CIOs have consulted them on investments to deliver digital transformation plans, the highest priority in the survey.
What’s more, 41% of CIOs rank cyber security among their organisation’s most important investment priorities over the next year, with 35% stating it is among the biggest over the next five years. In both cases, cyber security ranks higher than any other factor.
https://www.helpnetsecurity.com/2022/05/31/digital-transformation-cybersecurity-risk/
Ransomware Gang Now Hacks Corporate Websites To Show Ransom Notes
A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes.
This new extortion strategy is being conducted by Industrial Spy, a data extortion gang that recently began using ransomware. As part of their attacks, Industrial Spy will breach networks, steal data, and deploy ransomware on devices. The threat actors then threaten to sell the stolen data on their Tor marketplace if a ransom is not paid.
When ransomware gangs extort a victim, they typically give them a short window, usually a few weeks, to negotiate and pay a ransom before they start leaking data.
During this negotiation process, the threat actors promise to keep the attack secret, provide a decryption key, and delete all data if a ransom is paid.
After this period, the threat actors will use various methods to increase pressure, including DDoS attacks on corporate websites, emailing customers and business partners, and calling executives with threats.
These tactics are all done privately or with minimal exposure on their data leak sites, which are usually only visited by cyber security researchers and the media.
However, this is the first time we have seen a ransomware gang defacing a website to very publicly display a ransom note.
Attackers Are Leveraging Follina, A Critical Microsoft Windows Vulnerability Affecting Nearly All Versions of Windows and Windows Server. What Can You Do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns.
Microsoft has described CVE-2022-30190 as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability, confirmed it affects an overwhelming majority of Windows and Windows Server versions, and advised on a workaround to be implemented until a patch is ready.
https://www.helpnetsecurity.com/2022/06/03/patch-cve-2022-30190/
Ransomware Attacks Need Less Than Four Days To Encrypt Systems
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019.
This change reflects a more streamlined approach that developed gradually over the years to make large-scale operations more profitable.
At the same time, improvements in incident response and threat detection have forced threat actors to move quicker, to leave defenders with a smaller reaction margin.
The data was collected by researchers at IBM's X-Force team from incidents analysed in 2021. They also noticed a closer collaboration between initial access brokers and ransomware operators.
Previously, network access brokers might wait for multiple days or even weeks before they found a buyer for their network access.
In addition, some ransomware gangs now have direct control over the initial infection vector, an example being Conti taking over the TrickBot malware operation.
Malware that breaches corporate networks is quickly leveraged to enable post-exploitation stages of the attack, sometimes completing its objectives in mere minutes.
57% Of All Digital Crimes In 2021Were Scams
Group-IB shares its analysis of the landscape of the most widespread cyber threat in the world: scams. Accounting for 57% of all financially motivated cyber crime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups.
The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to SaaS (Scam-as-a-Service), in 2021 the number of cyber criminals in one scam gang increased 10 times compared to 2020 and now reaches 100.
Traffic has become the circulatory system of scam projects: researchers emphasise that the number of websites used for purchasing and providing “grey” and illegal traffic and that lure victims into fraudulent schemes has increased by 1.5 times. Scammers are going into 2022 on a new level of scam attack automation: no more non-targeted users. Scammers are now attracting specific groups of victims to increase conversion rates. Social media are more often becoming the first point of contact between scammers and their potential victims.
https://www.helpnetsecurity.com/2022/05/31/scams-widespread-cyber-threat/
Intelligence Is Key To Strategic Business Decisions
Businesses have a growing need for greater relevance in the intelligence they use to inform critical decision-making. Currently just 18% of professionals responsible for security, risk, or compliance in their organisation feel that the intelligence they receive is “very specific and focused on their business”, a S-RM research reveals.
6 in 10 respondents also say the intelligence they receive takes too much time to analyse, meaning it does not always result in better informed decision making. This was the top reason behind dissatisfaction with external intelligence, identified by over 200 professionals working at companies with revenues of over $250 million.
The second most likely reason was that information was not tailored to business needs (47%), followed by too much information (35%).
Growing demand for the use of strategic intelligence has been prompted by increasing cyber (51%) and regulatory concerns (50%). And while these two factors have been climbing the boardroom agenda for years, geopolitical uncertainty has made the need to respond to these developments more acute. In particular, the Russia-Ukraine conflict has created a complex sanctions regime for businesses to operate.
Additionally, navigating the complexities of the COVID-19 pandemic has been a key challenge for businesses in the past three years, with 40% citing this as a catalyst in driving a growing need for strategic intelligence.
https://www.helpnetsecurity.com/2022/06/03/intelligence-decision-making/
How Cyber Criminals Are Targeting Executives At Home And Their Families
Top executives and their families are increasingly being targeted on their personal devices and home networks, as sophisticated threat actors look for new ways to bypass corporate security and get direct access to highly sensitive data.
https://www.helpnetsecurity.com/2022/06/01/cybercriminals-targeting-executives-video/
Threats
Ransomware
Cyber criminals Expand Attack Radius and Ransomware Pain Points | Threatpost
FBI, CISA warn: Don't get caught in Karakurt's web • The Register
Conti ransomware targeted Intel firmware for stealthy attacks (bleepingcomputer.com)
YourCyanide Ransomware Propagates With PasteBin, Discord, Microsoft Links (darkreading.com)
Conti Leaks Reveal Ransomware Gang's Interest in Firmware-based Attacks (thehackernews.com)
Evil Corp switches to LockBit ransomware to evade sanctions (bleepingcomputer.com)
Ransomware attack sends New Jersey county back to 1977 • The Register
Ransomware roundup: System-locking malware dominates headlines | CSO Online
What if ransomware evolved to hit IoT in the enterprise? • The Register
How Costa Rica found itself at war over ransomware | CSO Online
Experts warn of ransomware attacks on government orgs of small states - Security Affairs
Foxconn confirms ransomware attack disrupted production in Mexico (bleepingcomputer.com)
Why Ransomware Timeline Shrinks By 94%? – Information Security Buzz
Hundreds of Elasticsearch databases targeted in ransom attacks (bleepingcomputer.com)
BEC – Business Email Compromise
Phishing & Email Based Attacks
Watch out for phishing emails that inject spyware trio • The Register
Telegram’s blogging platform abused in phishing attacks (bleepingcomputer.com)
Other Social Engineering
Vishing attacks: What they are and how organisations can protect themselves - Help Net Security
Beware the Smish! Home delivery scams with a professional feel… – Naked Security (sophos.com)
Malware
New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers (thehackernews.com)
LuoYu APT delivers WinDealer malware via man-on-the-side attacks - Security Affairs
EnemyBot malware adds enterprise flaws to exploit arsenal • The Register
Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network (thehackernews.com)
Logic bombs explained: Definition, examples, and prevention | CSO Online
Mobile
Top 10 Android banking trojans target apps with 1 billion downloads (bleepingcomputer.com)
WhatsApp accounts hijacked by call forwarding | Malwarebytes Labs
SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities (thehackernews.com)
SMSFactory Android malware sneakily subscribes to premium services (bleepingcomputer.com)
Phishers Having a Field Day on WhatsApp, Telegraph (darkreading.com)
Apple blocked 1.6 millions apps from defrauding users in 2021 (bleepingcomputer.com)
Organised Crime & Criminal Actors
FBI warns of Ukrainian charities impersonated to steal donations (bleepingcomputer.com)
Euro Cops Bust $47m Money Laundering Operation - Infosecurity Magazine (infosecurity-magazine.com)
Three Nigerian Users of Agent Tesla RAT Arrested | SecurityWeek.Com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Americans report losing over $1 billion to cryptocurrency scams (bleepingcomputer.com)
Clipminer malware gang stole $1.7M by hijacking crypto payments (bleepingcomputer.com)
Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack (bleepingcomputer.com)
WatchDog hacking group launches new Docker cryptojacking campaign (bleepingcomputer.com)
Fraud, Scams & Financial Crime
$39.5 billion lost to phone scams in last year - Help Net Security
Britain's biggest bank issues 'urgent warning' over new scam (telegraph.co.uk)
Scams account for most of all financially motivated cyber crime - Help Net Security
AML/CFT/Sanctions
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Open Source
Linux malware is on the rise—6 types of attacks to look for | CSO Online
The Open Source Software Security Mobilization Plan: Takeaways for security leaders | CSO Online
Privacy
Vodafone plans carrier-level user tracking for targeted ads (bleepingcomputer.com)
Europe's hope to scan devices for unlawful files criticized • The Register
Passwords & Credential Stuffing
Regulations, Fines and Legislation
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
NSA general confirms US offensive cyber ops in Ukraine war • The Register
Deadly Secret: Electronic Warfare Shapes Russia-Ukraine War | SecurityWeek.Com
Anonymous: Operation Russia after 100 days of war - Security Affairs
Chinese LuoYu hackers deploy cyber-espionage malware via app updates (bleepingcomputer.com)
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
China-linked TA413 group actively exploits Microsoft Follina Zero-Day flawSecurity Affairs
Chinese state media propaganda found in 88% of Google, Bing news searches - CyberScoop
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor (thehackernews.com)
How Beijing’s surveillance cameras crept into Britain’s corridors of power (telegraph.co.uk)
Nation State Actors – North Korea
Nation State Actors – Iran
Nation State Actors – Misc APT
Vulnerability Management
Vulnerabilities
CISA adds 75 vulnerabilities to catalogue in 3 days- IT Security Guru
Fighting Follina: Application Vulnerabilities and Detection Possibilities (darkreading.com)
Yet another zero-day (sort of) in Windows “search URL” handling – Naked Security (sophos.com)
Actively Exploited Atlassian Zero-Day Bug Allows Full System Takeover (darkreading.com)
Microsoft Azure vulnerabilities pose new cloud security risk - Protocol
GitLab Issues Security Patch for Critical Account Takeover Vulnerability (thehackernews.com)
New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email (thehackernews.com)
Sector Specific
Financial Services Sector
Government
Health/Medical/Pharma Sector
Twice as Many Healthcare Organisations Now Pay Ransom - Infosecurity Magazine
Novartis says no sensitive data was compromised in cyber attack (bleepingcomputer.com)
Costa Rica’s public health agency hit by Hive ransomware (bleepingcomputer.com)
Transport and Aviation
CNI, OT, ICS, IIoT and SCADA
Food and Agriculture
Web3
Other News
How Failing to Prioritize Cyber Security can Hurt Your Company (analyticsinsight.net)
Bad news: The cyber security skills crisis is about to get even worse | ZDNet
Nearly Three-Quarters of Firms Suffer Downtime from DNS Attacks - Infosecurity Magazine
CIOs and network engineers rank cyber security among the biggest risks - Help Net Security
How USB Drives Can Be a Danger to Your Computer (howtogeek.com)
Australian digital driver's licenses hackable in minutes • The Register
Over 3.6 million MySQL servers found exposed on the Internet (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 March 2022
Black Arrow Cyber Threat Briefing 18 March 2022
-Guernsey Cyber Security Warning For Islanders And Businesses
-CISOs Face 'Perfect Storm' Of Ransomware And State-Supported Cyber Crime
-Four Key Risks Exacerbated By Russia’s Invasion Of Ukraine
-These Four Types Of Ransomware Make Up Nearly Three-Quarters Of Reported Incidents
-Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'
-Cyber Insurance War Exclusions Loom Amid Ukraine Crisis
-Zelenskyy Deepfake Crude, But Still Might Be A Harbinger Of Dangers Ahead
-Cyber Crooks’ Political In-Fighting Threatens the West
-Cloud-Based Email Threats Surge 50% in 2021
-Millions of New Mobile Malware Strains Blitzed Enterprise in 2021
-UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit
-Russian Ransomware Gang Retool Custom Hacking Tools Of Other APT Groups
-The Massive Impact of Vulnerabilities In Critical Infrastructure
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Guernsey Cyber Security Warning for Islanders and Businesses
There has been a rise in cyber-attacks since the war in Ukraine began, according to the States of Guernsey and a cyber-security firm.
The States said: "We have seen a noticeable increase in the number of phishing emails since the war began."
The Channel Islands see more than 10 million cyber attacks every month, according to research by Guernsey firm Black Arrow Cyber Consulting.
It encouraged vigilance, as the islands are not immune to these attacks.
A States spokesman said: "The whole community needs to remain vigilant against such emails, which are designed to appear to be from reputable sources in order to dupe people into providing personal information or access to their device via the clicking of a link."
Bruce McDougall, from Black Arrow Cyber Consulting, said: "Criminals don't let a good opportunity go to waste. So they're conducting scams encouraging people to make false payments in the belief they're collecting for charities."
https://www.bbc.co.uk/news/world-europe-guernsey-60763398
CISOs Face 'Perfect Storm' Of Ransomware and State-Supported Cyber Crime
As some nations turn a blind eye, defence becomes life-or-death matter
With ransomware gangs raiding network after network, and nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.
"There's this marriage right now of financially motivated cyber crime that can have a critical infrastructure and economic impact," Curry said during a CISO roundtable hosted by his endpoint security shop. "And there are some nation states that do what we call state-ignored sanctioning," he continued, using Russia-based REvil and Conti ransomware groups as examples of criminal operations that benefit from their home governments looking the other way.
"You get the umbrella of sovereignty, and you get the free license to be a privateer in essence," Curry said. "It's not just an economic threat. It's not just a geopolitical threat. It's a perfect storm."
It's probably not a huge surprise to anyone that destructive cyber attacks keep CISOs awake at night. But as chief information security officers across industries — in addition to Curry, the four others on the roundtable spanned retail, biopharmaceuticals, electronics manufacturing, and a cruise line — have watched threats evolve and criminal gangs mature, it becomes a battle to see who can innovate faster; the attackers or the defenders.
https://www.theregister.com/2022/03/18/ciso_security_storm/
Four Key Risks Exacerbated by Russia’s Invasion of Ukraine
Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.
“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.
“As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”
There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues: Talent Risk, Cyber Security Risk, Financial Risk and Supply Chain Risk
https://www.helpnetsecurity.com/2022/03/17/erm-leaders-risk/
These Four Types of Ransomware Make Up Nearly Three-Quarters of Reported Incidents
Any ransomware is a cyber security issue, but some strains are having more of an impact than others.
Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.
According to analysis by cyber security company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice.
Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare Executive. The group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each.
"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.
Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'
The cyber crime underground has fractured into pro-Ukraine and pro-Russia camps, with the latter increasingly focused on critical national infrastructure (CNI) targets in the West, according to a new report from Accenture.
The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm warned that the ideological schism could spell mounting risk for Western organisations as pro-Kremlin criminal groups adopt quasi-hacktivist tactics to choose their next victims.
Organisations in the government, media, finance, insurance, utilities and resources sectors should be braced for more attacks, said ACTI.
https://www.infosecurity-magazine.com/news/critical-infrastructure-threat/
Cyber Insurance War Exclusions Loom Amid Ukraine Crisis
An expanding threat landscape is testing the limits of cyber insurance coverage.
The industry experienced a rapid maturation over the past three years as enterprises required a broader umbrella of insurance coverage to combat increasing cyber risks. While demands and premiums continue to rise, one recent area of contention involves war and hostile acts, an exclusion that's becoming harder to categorize.
A judgment in December, coupled with the Russian invasion last month that posed potential cyber retaliations to Ukraine allies, highlighted shortcomings in insurance policies when it comes to cyber conflicts.
Zelenskyy Deepfake Crude, But Still Might Be a Harbinger of Dangers Ahead
Several deepfake video experts called a doctored video of Ukrainian President Volodymyr Zelenskyy that went viral this week before social media platforms removed it a poorly executed example of the form, but nonetheless damaging.
Elements of the Zelenskyy deepfake — which purported to show him calling for surrender — made it easy to debunk, they said. But that won’t always be the case.
https://www.cyberscoop.com/zelenskyy-deepfake-troubles-experts/
Cyber Crooks’ Political In-Fighting Threatens the West
They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.
A rift has formed in the cyber crime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware.
According to a report, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along ideological factions.”
“Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine,” wrote researchers from Accenture’s Cyber Threat Intelligence (ACTI). “However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering.”
What might otherwise seem like a good thing – bad guys fighting bad guys – may in fact pose an increased threat to the West.
https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/
Cloud-Based Email Threats Surge 50% in 2021
There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro.
The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence.
It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020.
The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed.
https://www.infosecurity-magazine.com/news/cloudbased-email-threats-surge-2021/
Millions of New Mobile Malware Strains Blitzed Enterprise in 2021
Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.
Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.
UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit
Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.
The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018.
The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.
https://www.theregister.com/2022/03/15/brit_solicitor_fined_for_failing/
Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups
A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found.
The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.
Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack.
The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as ADFind, NetScan, SoftPerfect, and LaZagne. Also employed is an AccountRestore executable to brute-force administrator credentials and a forked version of a reverse tunneling tool called Ligolo.
https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html
The Massive Impact of Vulnerabilities in Critical Infrastructure
Recent cyber events have shown how extremely vulnerable critical infrastructure is. What are the biggest security concerns?
In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is that there will be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict.
Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyber attacks. Though businesses are ramping up their security initiatives and investments to defend and protect, their efforts have largely been siloed, reactive, and lack business context. Lack of visibility of risk across the estate is a huge problem for this sector.
https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/
Threats
Ransomware
Nearly 34 Ransomware Variants Observed in Hundreds of Cyber Attacks in Q4 2021 (thehackernews.com)
Franchises, Partnerships Emerge in Ransomware-as-a-Service Operations | ZDNet
Dozens of Ransomware Variants Used In 722 Attacks Over 3 Months (bleepingcomputer.com)
Conti Leak: A Ransomware Gang's Chats Expose Its Crypto Plans | WIRED
Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops | Threatpost
SEC Filings Show Hidden Ransomware Costs And Losses | CSO Online
Exotic Lily Sells Ransomware Groups Access To Targets • The Register
New "Initial Access Broker" Working with Conti gang - IT Security Guru
Google Exposes Tactics Of A Conti Ransomware Access Broker (bleepingcomputer.com)
Avoslocker Ransomware Gang Targets US Critical Infrastructure - Security Affairs
How Prepared Are Organisations To Face A Ransomware Attack On Kubernetes? - Help Net Security
Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware (thehackernews.com)
Bridgestone Cyber Attack Timeline and Ransomware Recovery Details - MSSP Alert
Automotive Giant Denso Confirms Hack, Pandora Ransomware Group Takes Credit | ZDNet
Phishing & Email
Massive Phishing Campaign Uses 500+ Domains To Steal Credentials (bleepingcomputer.com)
How CAPTCHA Puzzles Cloak Phishing Page URLs In Emails • The Register
Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks (darkreading.com)
76,000 Scams Taken Down Through Email Reporting - IT Security Guru
Phony Instagram ‘Support Staff’ Emails Hit Insurance Company | Threatpost
This Browser-In-The-Browser Attack Is Perfect For Phishing • The Register
Malware
New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw (thehackernews.com)
Attacker Uses Websites' Contact Forms To Spread BazarLoader Malware | TechRepublic
Gh0stCringe RAT Targeting Database Servers in Recent Attacks | SecurityWeek.Com
Cyclops Blink Malware Sets Up Shop in ASUS Routers • The Register
DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (thehackernews.com)
Linux Botnet Exploits Log4j Flaw To Hijack Arm, x86 Systems • The Register
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel (360.com)
Russian Cyclops Blink Botnet Launches Assault Against Asus Routers | ZDNet
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control (thehackernews.com)
Mobile
2021 Mobile Security: Android More Vulnerabilities, iOS More Zero-Days (bleepingcomputer.com)
Thousands of Secret Keys Found in Leaked Samsung Source Code | SecurityWeek.Com
Scammers Have 2 Clever New Ways To Install Malicious Apps on iOS Devices | Ars Technica
Threat Intel Report: Who Is Behind Staggering 190GB Samsung Galaxy Hack? (forbes.com)
Android Trojan Persists On The Google Play Store Since January (bleepingcomputer.com)
IoT
Organised Crime & Criminal Actors
Financially Motivated Threat Actors Willing To Go After Russian Targets - Help Net Security
A Third of Malicious Logins Originate in Nigeria - Infosecurity Magazine
Phishers Exploit Ukraine Conflict To Solicit Crypto - IT Security Guru
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Supply Chain
DoS/DDoS
Cloud
How Cloud Services Become Weapons In Russia-Ukraine Cyber Conflict | ZDNet
The Next Big Cyber Security Threat Is Connected SaaS Platforms (thenextweb.com)
Privacy
Passwords & Credential Stuffing
Regulations, Fines and Legislation
CafePress Fined For Covering Up Customer Info Leak • The Register
Meta Fined €17 Million by Irish Regulator for GDPR Violations | CSO Online
Spyware, Espionage & Cyber Warfare
Nation State Actors
Nation State Actors – Russia
Conti Leaks Reveal the Ransomware Group’s Links to Russia | WIRED
How The Cyber World Can Support Ukraine | World Economic Forum (weforum.org)
FBI Warns of MFA Flaw Used By State Hackers For Lateral Movement (bleepingcomputer.com)
Ukraine Secret Service Arrests Hacker Helping Russian Invaders (thehackernews.com)
Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers (vice.com)
German Government Advises Against Using Kaspersky Antivirus (bleepingcomputer.com)
Ukraine's "IT Army" Hit With Info-Stealing Malware- IT Security Guru
Mozilla Firefox Removes Russian Search Providers Over Misinformation Concerns (bleepingcomputer.com)
Fake Antivirus Updates Used To Deploy Cobalt Strike in Ukraine (bleepingcomputer.com)
Ukrainian Hacktivists Allegedly Dumps Kaspersky Product Source Code Online (Updated) - Lowyat.NET
New CaddyWiper Data Wiping Malware Hits Ukrainian Networks (bleepingcomputer.com)
Top Ukrainian Cyber Official Praises Volunteer Hacks On Russian Targets, Offers Updates - CyberScoop
Anonymous Sent A Message To Russians: "Remove Putin" - Security Affairs
Cyber Attacks Cripple Russian Websites After Ukraine Invasion (gizmodo.com)
Russia Faces IT Crisis With Just Two Months Of Data Storage Left (bleepingcomputer.com)
Russia Labels Meta 'Extremist Organisation, Bans Instagram • The Register
Nation State Actors – China
China-Linked Threat Actors Are Targeting The Government Of Ukraine - Security Affairs
China Claims It Captured NSA Spy Tool That Already Leaked • The Register
Nation State Actors – Iran
Vulnerabilities
CISA Adds 15 Vulnerabilities To List Of Flaws Exploited In Attacks (bleepingcomputer.com)
New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access (thehackernews.com)
Apple Patch Day: Gaping Security Holes in iOS, macOS, iPadOS | SecurityWeek.Com
OpenSSL Patches Denial-Of-Service Certificate Flaw • The Register
OpenSSL Patches Infinite-Loop DoS Bug In Certificate Verification – Naked Security (sophos.com)
SolarWinds Warns Of Attacks Targeting Web Help Desk Instances (bleepingcomputer.com)
High-Severity Vulnerabilities Patched in BIND Server | SecurityWeek.Com
QNAP Warns Severe Linux Bug Affects Most Of Its NAS Devices (bleepingcomputer.com)
Sector Specific
Financial Services Sector
Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines (thehackernews.com)
Banks on Alert For Russian Reprisal Cyber Attacks on Swift | Ars Technica
Fraudsters Use Intelligent Bots To Attack Financial Institutions (scmagazine.com)
70% of Financial Service Providers Are Implementing API Security - Help Net Security
Health/Medical/Pharma Sector
Transport and Aviation
Reports Published in the Last Week
Other News
Does the Free World Need a Global Cyber Alliance? | SecurityWeek.Com
Why EDR Is Not Sufficient To Protect Your Organisation - Help Net Security
Public and Private Sector Security: Better Protection by Collaboration | SecurityWeek.Com
The Importance Of Building In Security During Software Development - Help Net Security
How Fast Can Organisations Respond To A Cyber Security Crisis? - Help Net Security
Researcher Uses 379-Year-Old Algorithm To Crack Crypto Keys Found In The Wild | Ars Technica
How Pen Testing Gains Critical Security Buy-in and Defence Insight (darkreading.com)
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data | Threatpost
When IT Spending Plans Don't Reflect Security Priorities (darkreading.com)
Half of People Accept All Cookies Despite The Security Risk | TechRadar
Business Is At Last Collaborating On Cyber Security | Financial Times (ft.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 04 March 2022
Black Arrow Cyber Threat Briefing 04 March 2022
-Cyber Criminals Exploit Invasion of Ukraine
-UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat
-Phishing - Still a Problem, Despite All The Work
-Phishing Attacks Hit All-Time High In December 2021
-Ransomware Infections Top List Of The Most Common Results Of Phishing Attacks
-Social Media Phishing Attacks Are at An All Time High
-Insurance Giant AON Hit by a Cyber Attack
-How Prepared Are Organisations To Face Email-Based Ransomware Attacks?
-The Most Impersonated Brands in Phishing Attacks
-As War Escalates In Europe, It’s ‘Shields Up’ For The Cyber Security Industry
-2022 May Be The Year Cyber Crime Returns Its Focus To Consumers
-Kaspersky Neutral Stance In Doubt As It Shields Kremlin
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Criminals Exploit Invasion of Ukraine
Cyber criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.
In a blog, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.
Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos remote access Trojans.
Agent Tesla is a malware-as-a-service (MaaS) Remote Access Trojan (RAT) and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.
Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.
https://www.infosecurity-magazine.com/news/cyber-criminals-invasion-ukraine/
UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat
The UK’s Information Commissioner’s Office (ICO) reports a ‘steady and significant’ increase in cyber-attacks against UK firms over the past two years.
Employees should report any suspicious emails rather than delete them and firms must step up their vigilance against cyber-attacks in the face of a heightened threat from Russian hackers, the UK’s data watchdog has said.
John Edwards, the Information Commissioner, said a new era of security had begun where instead of blacking out windows, people needed to maintain vigilance over their inboxes.
Experts including the UK’s cyber security agency have said Russian hackers could target Britain, and the imposition of sanctions by London on Moscow has increased those fears.
Asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK, Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.”
Phishing - Still a Problem, Despite All The Work
Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.
Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?
https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work
Phishing Attacks Hit All-Time High in December 2021
The Anti-Phishing Working Group international consortium (APWG) saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it began its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.
In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.
Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.
The solution provider Abnormal Security observed 4,200 companies, organisations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.
“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.
https://www.helpnetsecurity.com/2022/03/03/phishing-attacks-december-2021/
Ransomware Infections Top List of The Most Common Results of Phishing Attacks
A report from insider threat management software company Egress found some startling conclusions when it spoke to IT leadership: Despite the pervasive and very serious threat of ransomware, very few boards of directors consider it a top priority.
Eighty-four percent of organisations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren’t hit with a phishing attack, and you still end up at around 50% of all organisations having been hit with ransomware in 2021.
Egress said that its data shows there has been a 15% increase in successful phishing attacks over the past 12 months, with the bulk of the attacks utilising malicious links and attachments. Those methods aren’t new, but a 15% increase in successful attacks means that something isn’t working.
Social Media Phishing Attacks Are at An All Time High
Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.
The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analysed phishing attack patterns that unfolded throughout 2021.
As part of their report, Vade analysed 184,977 phishing pages to create stats based on a billion corporate and consumer mailboxes that the cyber security firm protects.
Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures.
Insurance Giant AON Hit by a Cyber Attack
Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.
AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cyber security consulting, risk solutions, healthcare insurance, and wealth management products.
AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.
In a filing with the US SEC, AON has disclosed that they suffered a cyberattack on February 25th, 2022.
AON has not provided any details of the attack other than that it occurred and affected a limited number of systems.
The company stated that although in the early stages of assessing the incident, based on the information currently known, the company did not expect the incident to have a material impact on its business, operations or financial condition.
In addition to being an insurance broker, AON is also a leading reinsurance company, meaning that they insure the insurance companies.
How Prepared Are Organisations to Face Email-Based Ransomware Attacks?
Proofpoint released a report which provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cyber criminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities
This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses data from nearly 100 million simulated phishing attacks sent by customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.
Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. In line with this, 68% of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.
https://www.helpnetsecurity.com/2022/02/28/email-based-ransomware-attacks/
The Most Impersonated Brands in Phishing Attacks
Vade announced its annual ranking of the top 20 most impersonated brands in phishing. Facebook, which was in the second spot in 2020, rose to the top spot for 2021, representing 14% of phishing pages, followed by Microsoft, with 13%.
The report analysed 184,977 phishing pages linked from unique phishing emails between January 1, 2021 and December 31, 2021.
Key findings:
· Financial services is the most impersonated industry
· Microsoft is the most impersonated cloud brand and the top corporate brand
· Facebook dominates social media phishing
· 35% of all phishing pages impersonated financial services brands
· Mondays and Tuesdays are the top days for phishing
· 78% of phishing attacks occur on weekdays
· Monday and Thursday are the top days for Facebook phishing
· Thursday and Friday are the top days for Microsoft phishing
https://www.helpnetsecurity.com/2022/03/04/most-impersonated-brands-phishing/
As War Escalates in Europe, It’s ‘Shields Up’ For The Cyber Security Industry
In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the US Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organisations — regardless of size — adopt a heightened posture when it comes to cyber security and protecting their most critical assets.”
The blanket warning is for all industries to take notice. Indeed, it’s a juxtaposition of sorts to think the cyber security industry is vulnerable to cyber attack, but for many nation state groups, this is their first port of call.
Inspired by the spike in attacks on cyber security agencies globally, a report from Reposify assessed the state of the cyber security industry’s external attack surface (EAS). It coincides with CISA’s warning, and highlights critical areas of concern for the sector and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organisations can focus their efforts, and reinforce the digital perimeter.
2022 May Be The Year Cyber Crime Returns Its Focus to Consumers
Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.
This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.
ReasonLabs has compiled a detailed report on the status of consumer-level cyber security and what trends are most likely to emerge this year.
Kaspersky Neutral Stance in Doubt As It Shields Kremlin
Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.
The company insists that they ‘never provide any law enforcement or government organisation with access to user data or the company's infrastructure.”
Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cyber security community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.
"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.
https://cybernews.com/security/kaspersky-neutral-stance-in-doubt-as-it-shields-kremlin/
Threats
Ransomware
Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response (darkreading.com)
Toyota Japan Shutters 14 Plants After Probable Cyber Attack • The Register
Bridgestone Still Struggling With Plant Closures Across North America After Cyber Attack | ZDNet
Cyber Criminals Who Breached Nvidia Issue One Of The Most Unusual Demands Ever | Ars Technica
Conti Ransomware's Internal Chats Leaked After Siding With Russia (bleepingcomputer.com)
Conti Group Encrypts Karma Ransomware Extortion Notes - Infosecurity Magazine
Phishing & Email
Other Social Engineering
'Several Combinations Of Social Engineering' Used During Cyber Attack On Camera Maker Axis | ZDNet
Instagram Scammers As Busy As Ever: Passwords And 2FA Codes At Risk – Naked Security (sophos.com)
Malware
TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (thehackernews.com)
Rebirth of Emotet: New Features of the Botnet and How to Detect it (thehackernews.com)
Mobile
How Much Do Different Generations Trust Their Mobile Devices' Security? - Help Net Security
TeaBot Android Banking Trojan Continues Its Global Conquest With New Upgrades | ZDNet
SharkBot Malware Hides As Android Antivirus In Google Play (bleepingcomputer.com)
Data Breaches/Leaks
Hackers Leak 190GB Of Alleged Samsung Data, Source Code (bleepingcomputer.com)
NVIDIA Data Breach Exposed Credentials Of Over 71,000 Employees (bleepingcomputer.com)
250,000-Plus Lawyer Disciplinary Records Leak • The Register
Swiss Bank Requests Destruction of Documents - Infosecurity Magazine
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Hackers Threaten To Turn Every Nvidia GPU Into A Bitcoin Mining Machine | TechRadar
Beware of Ongoing Crypto Cyber War Amidst the Ukraine Russian War in 2022 (analyticsinsight.net)
Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)
Fraud, Scams & Financial Crime
DoS/DDoS
DDoSers Are Using A Potent New Method To Deliver Attacks Of Unthinkable Size | Ars Technica
DDoS Attackers Have Found This New Trick To Knock Over Websites | ZDNet
Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks (thehackernews.com)
Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)
Nation State Actors
Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation | Mandiant
Charities, Aid Orgs In Ukraine Attacked With Malware (bleepingcomputer.com)
Cyber Attacks In Ukraine Could Reach Other Countries - IT Security Guru
Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (thehackernews.com)
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar | SecurityWeek.Com
Ukraine Security Agencies Warn Of Ghostwriter Threat Activity, Phishing Campaigns | ZDNet
Ukraine Asks ICANN To Revoke Russian Domains And Shut Down DNS Root Servers | Ars Technica
IsaacWiper, The Third Wiper Spotted Since The Beginning Of Russian Invasion - Security Affairs
Ukrainian Sites Saw A 10x Increase In Attacks When Invasion Started (bleepingcomputer.com)
Chinese Malware Targeted Multiple Governments • The Register
Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (thehackernews.com)
Passwords & Credential Stuffing
Spyware, Espionage & Cyber Warfare
Cyber Attack on NATO Could Trigger Collective Defence Clause - Official | Reuters
Ukraine Conflict Spurs Questions Of How To Define Cyberwar - CyberScoop
How China Built A One-Of-A-Kind Cyber-Espionage Behemoth To Last | MIT Technology Review
Russia's Space Chief Says Hacking Satellites 'A Cause For War' - POLITICO
Ukraine Is Building An 'It Army' Of Volunteers, Something That's Never Been Tried Before | ZDNet
China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (thehackernews.com)
Vulnerabilities
Get Patching Now: CISA Adds Another 95 Flaws To Its Known Exploited Vulnerabilities List | ZDNet
Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products | SecurityWeek.Com
Firefox Patches Two In-The-Wild Exploits – Update Now! – Naked Security (sophos.com)
New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container (thehackernews.com)
Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (thehackernews.com)
New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances (thehackernews.com)
Sector Specific
Financial Services Sector
Health/Medical/Pharma Sector
CNI, OT, ICS, IIoT and SCADA
Reports Published in the Last Week
Other News
Ukraine Conflict Puts Organisations’ Cyber-resilience To The Test - Information Security Buzz
The Cyber Security Implications Of The Russia-Ukraine Conflict (forbes.com)
Multifactor Authentication Is Being Targeted by Hackers – The New Stack
Attacks Abusing Programming APIs Grew Over 600% In 2021 (bleepingcomputer.com)
Soaring Cyber Attacks On BBC – ‘No Industry Is Untouchable’ - Information Security Buzz
Bad Actors Are Becoming More Successful At Evading AI/ML Technologies - Help Net Security
Why the Shifting Nature of Endpoints Requires a New Approach to Security (darkreading.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 February 2022
Black Arrow Cyber Threat Briefing 25 February 2022
-Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates
-Ransomware Extortion Doesn't Stop After Paying The Ransom
-Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces
-Study: UK Firms Most Likely To Pay Ransomware Hackers
-Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks
-91% of UK Organisations Compromised by an Email Phishing Attack in 2021
-Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021
-Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion
-Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds
-The Future of Cyber Insurance
-Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices
-Microsoft Teams Is The New Frontier For Phishing Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates
Britain warned of potential cyber attacks with "international consequences" this week after Russian President Vladimir Puitin ordered troops to two breakaway regions in eastern Ukraine.
Britain's National Cyber Security Centre (NCSC), a part of the GCHQ eavesdropping intelligence agency, called on British organisations to "bolster their online defences" following the developments.
"While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences," it said in a statement.
Last week, Ukranian banking and government websites were briefly knocked offline by a spate of distributed denial of service (DDoS) attacks which the United States and Britain said were carried out by Russian military hackers.
Ransomware Extortion Doesn't Stop After Paying The Ransom
A global survey that looked into the experience of ransomware victims highlights the lack of trustworthiness of ransomware actors, as in most cases of paying the ransom, the extortion simply continues.
This is not a surprising or new discovery, but when seeing it reflected in actual statistics, one can appreciate the scale of the problem in full.
The survey was conducted by cyber security specialist Venafi, and the most important findings that emerge from the respondents are the following:
18% of victims who paid the ransom still had their data exposed on the dark web.
8% refused to pay the ransom, and the attackers tried to extort their customers.
35% of victims paid the ransom but were still unable to retrieve their data.
As for the ransomware actor extortion tactics, these are summarized as follows:
83% of all successful ransomware attacks featured double and triple extortion.
38% of ransomware attacks threatened to use stolen data to extort customers.
35% of ransomware attacks threatened to expose stolen data on the dark web.
32% of attacks threatened to directly inform the victim's customers of the data breach incident.
Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces
The government of Ukraine is calling on the hacking community to volunteer its expertise and capabilities, following the invasion of the country by Russian forces.
Reuters reports that Yegor Aushev, the CEO of Kyiv-based Cyber Unit Technologies which has worked with Ukraine's government on the defence of critical infrastructure, claims to have been asked to post a digital call-to-arms after being asked by "a senior Defence Ministry official."
The message, which was posted on hacking forums by Aushev on Thursday, begins "Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country," and calls for cybersecurity experts and hackers to apply as a volunteer via a Google Docs link. The page volunteers are directed to asks applicants to list their specialities, such as if they have developed malware, and professional references.
According to Aushev, volunteers will be divided into two groups - tasked with offensive and defensive cyber operations.
Study: UK Firms Most Likely To Pay Ransomware Hackers
Some 82% of British firms which have been victims of ransomware attacks paid the hackers in order to get back their data, a new report suggests.
The global average was 58%, making the UK the most likely country to pay cyber-criminals.
Security firm Proofpoint's research also found that more than three-quarters of UK businesses were affected by ransomware in 2021.
Phishing attacks remain the key way criminals access networks, it found.
Phishing happens when someone in a firm is lured into clicking on a link in an email that contains malware, which in turn can help cyber-criminals access company networks.
https://www.bbc.co.uk/news/business-60478725
Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks
An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”
The gang said that it would use “all possible resources to strike back at the critical infrastructures” of any entity that organises a cyberattack “or any war activities against Russia.” The message appeared Friday on the dark-web site used by ransomware group Conti to post threats and its victims’ data. Security researchers believe the gang to be Russia-based.
Conti ransomware was part of more than 400 attacks against mostly U.S. targets between spring 2020 and spring 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September.
https://www.cyberscoop.com/conti-ransomware-russia-ukraine-critical-infrastructure/
91% of UK Organisations Compromised by an Email Phishing Attack in 2021
More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report.
The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business email compromise (BEC) attacks, the latter an 18% year-on-year increase from 2020.
The survey of 600 information and IT security professionals and 3500 workers in the US, Australia, France, Germany, Japan, Spain and the UK also found that attacks in 2021 were more likely to be successful than in 2020. More than four in five (83%) respondents said their organization experienced at least one successful email-based phishing attack last year, up from 57% in 2020. In addition, 68% of organizations admitted they had to deal with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery or other exploit.
Worryingly, 60% of organizations infected with ransomware admitted to paying a ransom, with around a third (32%) paying additional sums to regain access to data and systems.
https://www.infosecurity-magazine.com/news/uk-organizations-email-phishing/
Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021
Researchers have found almost 100,000 new variants of mobile banking Trojans in just a year.
As our digital lives have begun to centre more on handsets rather than just desktop PCs, many malware developers have shifted part of their focus to the creation of mobile threats.
Many of the traditional infection routes are still workable -- including phishing and the download and execution of suspicious software -- but cyber attackers are also known to infiltrate official app stores, including Google Play, to lure handset owners into downloading software that appears to be trustworthy.
This technique is often associated with the distribution of Remote Access Trojans (RATs). While Google maintains security barriers to stop malicious apps from being hosted in its store, there are methods to circumvent these controls quietly.
https://www.zdnet.com/article/almost-100000-new-mobile-banking-trojans-detected-in-2021/
Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion
A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion of Ukraine its members have taken down the website of the Russian propaganda station RT News and news of the day is the attack against the servers of the Russian Defense Ministry.
“Anonymous, a group of hacktivists, successfully hacked and leaked the database of the website of the Ministry of Defense of Russia.” reported the Pravda agency.
The website of the Kremlin (Kremlin.ru) is also unreachable, but it is unclear if it is the result of the Anonymous attack or if the government has taken offline it to prevent disruptive attacks.
The Russian Government’s portal, and the websites of other ministries are running very slow.
The collective is also threatening the Russian Federation and private organizations of attacks, it is a retaliation against Putin’s tyranny.
Anonymous pointed out that it is not targeting Russian citizens, but only their government.
“We want the Russian people to understand that we know it’s hard for them to speak out against their dictator for fear of reprisals.”
https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html
Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds
If you don’t know what it is, if you can’t identify it and if you can’t make sure you don’t topple into its traps, then you can’t fight it, suggests a new report by security provider Proofpoint in its eighth annual State of the Phish report.
The “it” is email-based malware attacks, the kingpin of all hacking methods, that victims often fall for out of a lack of awareness, inadequate training or risky behaviours, such as using a company mobile device for home use.
Proofpoint’s report takes an in-depth look at user phishing awareness, vulnerability and resilience and comes away with some startling numbers: More than three-quarters of organizations associated with the 4,100 IT security professionals and staffers in the worldwide study were hit by email-based ransomware attacks in 2021 and an equal number were victimized by business email compromise attacks, an 18 percent spike from 2020.
What explains the year-over-year climb? Answer: Cyber criminals continue to focus on compromising people, not necessarily systems, Proofpoint said. Email remains cyber criminals’ go-to attack strategy, said Alan Lefort, Proofpoint security awareness training senior vice president and general manager. “Infosec and IT survey participants experienced an increase in targeted attacks in 2021 compared to 2020, yet our analysis showed the recognition of key security terminology such as phishing, malware, smishing (text-based ruse), and vishing (telephone trickery) dropped significantly,” said Lefort. “The awareness gaps and lax security behaviors demonstrated by workers creates substantial risk for organizations and their bottom line.”
The Future of Cyber Insurance
In 2016, just 26% of insurance clients had cyber coverage. That number rose to 47% in 2020, according to a US Government Accountability Office (GAO) report. But the demand for cyber coverage isn't the only thing soaring.
At the end of 2020, insurance prices jumped anywhere from 10% to 30%. In the third quarter of 2021, the average cost of cyber insurance premiums climbed a record 27.6%.
If the rates continue to rise, companies might decide it's not worth the cost. That is, if insurers continue to cover their industry.
https://www.darkreading.com/risk/the-future-of-cyber-insurance
Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices
Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, and a division of TechTarget, Inc., today announced new research into security hygiene and posture management – a foundational part of a strong security program. The study reveals that many aspects of cyber security are managed independently and with antiquated tools, leaving organisations with limited visibility and weak defenses against an ever-evolving threat landscape. Since strong cybersecurity starts with the basics, like knowing about all IT assets deployed, this situation makes organisations vulnerable to advanced threats among strategic, yet often hurried, cloud and digital transformation initiatives.
The new report, Security Hygiene and Posture Management, summarizes a survey of 398 IT and cyber security professionals responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management, including vulnerability management, asset management, attack surface management, and security testing tools. The data reveals that organisations must aim to further assess security posture management processes, examine vendor risk management requirements, and test security tool and processes more frequently.
Microsoft Teams Is The New Frontier For Phishing Attacks
Even with email-based phishing attacks proving to be more successful than ever, cyberattackers are ramping up their efforts to target employees on additional platforms, such as Microsoft Teams and Slack.
One advantage is that in those applications, most employees still assume that they’re actually talking to their boss or coworker when they receive a message.
“The scary part is that we trust these programs implicitly — unlike our email inboxes, where we’ve learned to be suspicious of messages where we don’t recognize the sender’s address,” said anti-fraud technology firm Outseer.
Notably, traditional phishing has seen no slowdown: Proofpoint reported that 83% of organizations experienced a successful email-based phishing attack in 2021 — a massive jump from 57% in 2020. And outside of email, SMS attacks (smishing) and voice-based attacks (vishing) both grew in 2021, as well, according to the email security vendor.
However, it appears that attackers now view widely used collaboration platforms, such as Microsoft Teams and Slack, as another growing opportunity for targeting workers, security researchers and executives say. For some threat actors, it’s also a chance to leverage the additional capabilities of collaboration apps as part of the trickery.
https://venturebeat.com/2022/02/23/microsoft-teams-is-the-new-frontier-for-phishing-attacks/
Threats
Ransomware
Russia-Based Ransomware Group Conti Issues Warning To Kremlin Foes | Reuters
Conti Ransomware 'Acquires' TrickBot as It Thrives Amid Crackdowns | SecurityWeek.Com
Ransomware Is Top Attack Vector On Critical Infrastructure | CSO Online
TrickBot Malware Operation Shuts Down, Devs Move To Stealthier Malware (bleepingcomputer.com)
Microsoft Exchange Servers Hacked To Deploy Cuba Ransomware (bleepingcomputer.com)
Attackers Used Dridex To Deliver Entropy Ransomware, Code Resemblance Uncovered - Help Net Security
Expeditors Shuts Down Global Operations After Likely Ransomware Attack (bleepingcomputer.com)
Chipmaker Giant Nvidia Hit By A Ransomware Attack - Security Affairs
Backups ‘No Longer Effective’ For Stopping Ransomware Attacks (computerweekly.com)
BEC – Business Email Compromise
Phishing & Email
Cyber Attackers Leverage DocuSign to Steal Microsoft Outlook Logins | Threatpost
New Phishing Campaign Targets Monzo Online-Banking Customers (bleepingcomputer.com)
Devious Phishing Method Bypasses MFA Using Remote Access Software (bleepingcomputer.com)
Other Social Engineering
Malware
Over 2.7 Million Cases Of Emotet Malware Detected Globally - Japan Today
Jester Stealer Malware Adds More Capabilities To Entice Hackers (bleepingcomputer.com)
Beware: New Kraken Botnet Easily Fools Windows Defender And Steals Crypto Wallet Data - Neowin
Threat Actors Target Poorly Protected Microsoft SQL Servers - Security Affairs
New Golang Botnet Empties Windows Users’ Cryptocurrency Wallets (bleepingcomputer.com)
Revamped CryptBot Malware Spread By Pirated Software Sites (bleepingcomputer.com)
Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (thehackernews.com)
Mobile
New Xenomorph Android Malware Targets Customers Of 56 Banks (bleepingcomputer.com)
Gaming, Banking Trojans Dominate Mobile Malware Scene | Threatpost
Samsung Shipped '100m' Android Phones With Flawed Encryption • The Register
Data Breaches/Leaks
Organised Crime & Criminal Actors
Police Dismantled Gang That Used Phishing Sites To Steal Credit Cards - Security Affairs
Nigerian Hacker Pleads Guilty To Stealing Payroll Deposits (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking
Insider Risk and Insider Threats
Employees Are Often Using Devices In Seriously Risky Ways - Help Net Security
Insider Threats Are More Than Just Malicious Employees (darkreading.com)
83% Of Employees Continue Accessing Old Employer's Accounts - Help Net Security
Motorola Case Shows Importance Of Detecting Insider IP Theft Quickly | CSO Online
Fraud, Scams & Financial Crime
Think You Couldn't Be Duped By a Con Artist? Think Again | Psychology Today
French Speakers Blasted By Sextortion Scams With No Text Or Links – Naked Security (sophos.com)
Digital Ad Fraud Set to Hit $68bn in 2022 - Infosecurity Magazine
Supply Chain
Nation State Actors
Russia-Backed Hackers Behind Powerful New Malware, UK and US Say | Russia | The Guardian
Ransomware Used as Decoy in Destructive Cyber Attacks on Ukraine | SecurityWeek.Com
Data Wiper Attacks On Ukraine Were Planned At Least In November - Security Affairs
Russia’s Sandworm Hackers Have Built a Botnet of Firewalls | WIRED
China-linked APT10 Target Taiwan's Financial Trading Industry - Security Affairs
US and UK Details a New Python Backdoor Used by MuddyWater APT - Security Affairs
Privacy
Spyware, Espionage & Cyber Warfare
Sector Specific
Financial Services Sector
Defence
Health/Medical/Pharma Sector
Construction
Reports Published in the Last Week
Other News
War in Ukraine Risks Scrambling the Logic of Cyber Security | Financial Times (ft.com)
Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (thehackernews.com)
22 Very Bad Stats On The Growth Of Phishing, Ransomware | VentureBeat
Data Leaks And Shadow Assets Greatly Exposing Organisations To Cyber Attacks - Help Net Security
50% of Websites Vulnerable to Hacking All Year in 2021, New Report Says - MSSP Alert
Is Multifactor Authentication Less Effective Than It Used To Be? (slate.com)
How To Keep Pace With Rising Data Protection Demands - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 February 2022
Black Arrow Cyber Threat Briefing 18 February 2022
-Small Businesses Facing Upwards of 11 Cyber Threats Per Day Per Device
-As Ukraine Tensions Rise, UK Organisations Should Protect Themselves From Cyber Threats
-Microsoft Teams Targeted With Takeover Trojans
-The European Central Bank is Warning Banks of Possible Russia-Linked Cyber Attack Amid the Rising Crisis With Ukraine
-Companies Face Soaring Prices For Cyber Insurance
-Even When Warned, Businesses Ignore Critical Vulnerabilities And Hope For The Best
-Ransomware-Related Data Leaks Nearly Doubled in 2021: Report
-Online Fraud Skyrocketing: Gaming, Streaming, Social Media, Travel and Ecommerce Hit the Most
-Poor Security Hygiene Organisations and Ransomware Attacks: Painful Math
-Security Teams Expect Attackers to Go After End Users First
-US Warns of Imminent Russian Invasion of Ukraine With Tanks, Jet Fighters, Cyber Attacks
-TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
As Ukraine Tensions Rise, UK Organisations Should Protect Themselves From Cyber Threats
In a world that is so dependent on digital assets, cyber resilience is more important than ever. At the National Cyber Security Centre – a part of GCHQ – the mission is to make the UK the safest place to live and work online, but they have said they cannot do it alone.
Now, at a time of heightened cyber threats, the NCSC is urging all organisations to follow their advice on the steps they should take to improve their resilience.
The UK is closer to the crisis in Ukraine than you might think. While 2,000-odd miles separate us physically from their borders with Russia, that distance is much shorter in cyber space – and attacks targeting Ukraine’s digital infrastructure could be felt here in Britain.
Cyber attacks do not respect geographic boundaries. On a daily basis, businesses in the UK are targeted by ransomware attacks from criminals overseas.
And as tensions have risen in Ukraine in recent weeks, authorities have already seen a number of cyber attacks occurring. On Friday evening, the UK government judged that the Russian Main Intelligence Directorate (GRU) was involved in last week’s distributed denial of service attacks against the financial sector in Ukraine.
If the situation continues to escalate, we could see cyber attacks that have international consequences, intentional or not. Rising tensions in the region, with the risk of overspill, are why the National Cyber Security Centre (NCSC) has said that the UK’s cyber risk has heightened in the last month, although there is no evidence of the UK being specifically targeted.
Small Businesses Facing Upwards of 11 Cyber Threats Per Day Per Device
BlackBerry's 2022 Threat Report highlights growing threats to SMBs, calls on government to make cyber security top priority
BlackBerry Limited has released the 2022 BlackBerry Annual Threat Report, highlighting a cybercriminal underground which it says has been optimised to better target local small businesses. Small businesses will continue to be an epicentre for cybercriminal focus as SMBs facing upward of 11 cyber threats per device per day, which only stands to accelerate as cybercriminals increasingly adopt collaborative mindsets.
The report also uncovered cyber breadcrumbs from some of last year’s most notorious ransomware attacks, suggesting some of the biggest culprits may have simply been outsourced labour. In multiple incidents BlackBerry identified threat actors leaving behind playbook text files containing IP addresses and more, suggesting the authors of this year’s sophisticated ransomware are not the ones carrying out attacks. This highlights the growing shared economy within the cyber underground.
Microsoft Teams Targeted With Takeover Trojans
Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found.
Researchers began tracking the campaign in January, which drops malicious executable files in Teams conversations that, when clicked on, eventually take over the user’s computer, according to a report published Thursday.
Using an executable file, or a file that contains instructions for the system to execute, hackers can install DLL files and allow the program to self-administer and take control over the computer. By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users.
Cyber criminals long have targeted Microsoft’s ubiquitous document-creation and sharing suite – the legacy Office and its cloud-based version, Office 365 – with attacks against individual apps in the suite such as PowerPoint as well as business email compromise and other scams.
Now Microsoft Teams – a business communication and collaboration suite – is emerging as an increasingly popular attack surface for cybercriminals.
https://threatpost.com/microsoft-teams-targeted-takeover-trojans/178497/
The European Central Bank is Warning Banks of Possible Russia-Linked Cyber Attack Amid the Rising Crisis With Ukraine
The European Central Bank is warning banks of possible Russia-linked cyber attack amid the rising crisis with Ukraine and is inviting them to step up defences.
The news was reported by Reuters, citing two unnamed sources. The ECB pointed out that addressing cyber security is a top priority for the European agency.
“The European Central Bank is telling euro zone banks zone to step up their defences against cyber attacks, also in the context of geopolitical tensions such as the stand-off between Russia and Ukraine, the ECB’s top supervisor said on Thursday.” reported Reuters.
ECB warned that the rising risk from cyber attacks begun in 2020.
Companies Face Soaring Prices For Cyber Insurance
The cost of cyber insurance has risen steeply over the past year. According to Marsh, the price of cover in the US grew by 130 per cent in the fourth quarter of 2021 alone, while in the UK it grew by 92 per cent. That has increased pressure on companies who are facing cost inflation in other parts of their business.
The steep hikes in the cost of cyber insurance come against a backdrop of rising prices more broadly. According to Marsh, commercial insurance prices rose 13 per cent in the final quarter of 2021.
The hardening market from reduced capacity allied with increasing cyber fraud are potent forces. Pricing becomes more challenging, reinsurance appetite reduced whilst costs increasing and fraudsters have as much access to the latest technologies as do enterprises, the government sector and the insurance industry.
There may be limits to what insurers can cover. Speaking to the Financial Times last week the chief executive of Zurich said: “A connected economy offers lots of opportunities for cyber attacks.” A major cyber risk, he added, “is something only governments can manage”.
Companies will have to do more themselves to fight cyber fraud with technology partners. Meanwhile brokers and insurers must review underwriting data and practices and government raise effectiveness at prosecuting criminals.
https://www.ft.com/content/60ddc050-a846-461a-aa10-5aaabf6b35a5
Even When Warned, Businesses Ignore Critical Vulnerabilities And Hope For The Best
A Bulletproof research found the extent to which businesses are leaving themselves open to cyber attack. When tested, 28% of businesses had critical vulnerabilities – vulnerabilities that could be immediately exploited by cyber attacks.
A quarter of businesses neglected to fix those critical vulnerabilities, even though penetration testing had highlighted them to the business after a retest was completed.
The research analyzed data from over 3,800 days’ worth of penetration testing services. These tests are a means of identifying vulnerabilities within an organisation’s security systems by simulating how malicious actors would seek to exploit such shortcomings.
https://www.helpnetsecurity.com/2022/02/18/businesses-critical-vulnerabilities/
Ransomware-Related Data Leaks Nearly Doubled in 2021: Report
There was a significant increase in ransomware-related data leaks and interactive intrusions in 2021, according to the 2022 Global Threat Report released on Tuesday by endpoint security firm CrowdStrike.
The number of ransomware attacks that led to data leaks increased from 1,474 in 2020 to 2,686 in 2021, which represents an 82% increase. The sectors most impacted by data leaks in 2021 were industrial and engineering, manufacturing, and technology.
The growth and impact of big game hunting in 2021 was a palpable force felt across all sectors and in nearly every region of the world. Although some adversaries and ransomware ceased operations in 2021, the overall number of operating ransomware families increased,” CrowdStrike said in its report.
https://www.securityweek.com/ransomware-related-data-leaks-nearly-doubled-2021-report
Online Fraud Skyrocketing: Gaming, Streaming, Social Media, Travel and Ecommerce Hit the Most
An Arkose Labs report is warning UK commerce that it faces its most challenging year ever. Experts analyzed over 150 billion transaction requests across 254 countries and territories in 2021 over 12 months to discover that there has been an 85% increase in login attacks and fake consumer account creation at businesses.
Alongside this, it identified that one in four new online accounts created were fake. A further 21% of all traffic was confirmed as a fraudulent cyber attack.
From the earliest days of online information to the rapid evolution of today’s metaverses, the internet has come a long way. However, this latest data shows that it is more under attack than ever before.
Your digital identity is a currency for fraudsters and wherever there is online commerce, cyber criminals are quick to identify vulnerabilities.
https://www.helpnetsecurity.com/2022/02/14/fake-consumer-account/
Poor Security Hygiene Organisations and Ransomware Attacks: Painful Math
Poor cyber security hygiene is widely considered to be a major influencing factor for exposure to a ransomware attack. But is that an accurate assessment?
In a new study, RiskRecon, a security best practices specialist, investigated 600+ cyber hijacks to determine if companies victimized by a “detonation” had poor cyber security hygiene at the time and which factors, such as web encryption, application security and email security, are key gaps in coverage.
The answer: Cyber security hygiene does in fact play a large role in an organisation’s vulnerability to a ransomware attack. RiskRecon analyzed the cyber security hygiene on the day of ransomware incident for 622 organisations spanning 633 ransomware events occurring between 2017 and 2021. Based on a comparison population of cyber security ratings and assessments of some 100,000 entities, companies that have very poor cyber security hygiene in their internet-facing systems (a ‘D’ or ‘F’ RiskRecon rating) have about a 40 times higher rate of destructive ransomware events as compared to those with clean cyber security hygiene. Only .03 percent of ‘A-rated’ companies were victims of a destructive ransomware attack, compared with 1.08 percent of ‘D-rated’ and 0.91 percent of ‘F-rated’ companies.
The cyber security conditions underlying the RiskRecon rating reveal just how poor the cyber security hygiene is of companies, on average, that fall victim to a material system-encrypting ransomware attack. For example, ransomware victims have an average of 11 material software vulnerabilities in their internet-facing systems, in comparison with only one issue in the general population. Looking at network services that criminals commonly exploit, ransomware victims expose 3.3 times more unsafe network services to the internet than the general population.
Security Teams Expect Attackers to Go After End Users First
Phishing, malware, and ransomware have spurred organisations to increase their investments in endpoint security, according to Dark Reading’s Endpoint Security Survey.
The shift to a more distributed work environment and an increase in digital transformation initiatives have motivated organisations to bolster their endpoint security defences. However, end users continue to be a major source of worry for IT and security decision-makers, according to the latest Dark Reading survey.
Phishing, malware, and ransomware pose major threats to organisations, as do attacks involving credential theft. An overwhelming 93% of IT and security professionals in Dark Reading’s "2022 Endpoint Security Survey" cite the growing number of ransomware attacks as the reason behind increased investments in endpoint security. Similarly, 83% say the increase in attacks using end-user credentials spurred their endpoint investments.
End users pose one of the biggest threats to the organisation, as 87% expect that if attackers wanted to steal the organisation’s data, they would begin by targeting a single end user.
Concerns about the end user are not new. Verizon’s "2021 Data Breach Investigations Report" found that 85% of the breaches it investigated in 2020 involved end users in some way – such as stolen account credentials, incorrectly assigned privileges or elevated privileges, social engineering, and user error.
US Warns of Imminent Russian Invasion of Ukraine With Tanks, Jet Fighters, Cyber Attacks
President Biden said Friday he is convinced Russian President Vladimir Putin has decided to invade Ukraine and that he expects an attack in the coming days, with targets including the Ukrainian capital, Kyiv.
US officials said a Russian attack could involve a broad combination of jet fighters, tanks, ballistic missiles and cyberattacks, with the ultimate intention of rendering Ukraine’s leadership powerless.
The officials said Mr. Putin has laid the groundwork in recent days through a series of destabilizing activities and false-flag operations, long predicted by U.S. and allied officials and intended to make it look as if Ukraine has provoked Russia into a conflict, thus justifying the Russian invasion.
TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020
The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features.
TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand.
In addition to being both prevalent and persistent, TrickBot has continually evolved its tactics to go past security and detection layers. To that end, the malware's "injectDll" web-injects module, which is responsible for stealing banking and credential data, leverages anti-deobfuscation techniques to crash the web page and thwart attempts to scrutinize the source code.
Also put in place are anti-analysis guardrails to prevent security researchers from sending automated requests to command-and-control (C2) servers to retrieve fresh web injects.
https://thehackernews.com/2022/02/trickbot-malware-targeted-customers-of.html
Threats
Ransomware
Ransomware’s Savage Reign Continues As Attacks Increase 105% - Help Net Security
SonicWall CEO on ransomware: Every good vendor was hit in past 2 years - The Register
Are You Prepared for 2022's More Destructive Ransomware? | SecurityWeek.Com
CISA Advisory Cautions MSPs: Beware More Ransomware Attacks - MSSP Alert
Conti Ransomware Gang Takes Over Trickbot Malware Operation (bleepingcomputer.com)
FBI Eyes Ransomware Profits With New Cryptocurrency Crimes Unit | TechCrunch
FBI Warns BlackByte Ransomware Is Targeting US Critical Infrastructure | TechCrunch
BEC – Business Email Compromise
Phishing & Email
Malware
Emotet Now Spreading Through Malicious Excel Files | Threatpost
PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans (thehackernews.com)
Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators | Threatpost
25 Years On, Microsoft Makes Another Stab At Stopping Macro Malware • Graham Cluley
Three-Fifths of Cyber-Attacks in 2021 Were Malware-Free - Infosecurity Magazine
Data Breaches/Leaks
Organised Crime & Criminal Actors
74% of Ransomware Revenue Goes to Russia-Linked Hackers - BBC News
Interpol Must Change With Cyber Crime, Says Director • The Register
Attackers Hone Their Playbooks, Become More Agile (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking
SIM-Swapping Attacks, Many Aimed at Crypto Accounts, Are on the Rise - WSJ
FBI Says Crypto Payments Are a 'Huge Challenge' Amid Rise in Ransomware Attacks - Decrypt
Insider Risk and Insider Threats
The Rise Of The Super Malicious Insider: Yes, We Need To Worry - Help Net Security
Finance Officer Jailed After Stealing £200,000 from Charity - Infosecurity Magazine
Ex IT Tech Jailed For Wiping School Network During Lockdown • The Register
Fraud, Scams & Financial Crime
Barclays: Scams Surged in Final Quarter of 2021 - Infosecurity Magazine
Fraud and Scam Activity Hits All-Time High - Help Net Security
Soaring Losses Accelerate Investments In Anti-Fraud Tech - Help Net Security
Threat Actors Still Love a Romance Scam - Infosecurity Magazine
Singapore Introduces Strong Measures To Stop Online Scams • The Register
7 Tips for How To Spot a Scammer and Protect Yourself | Well+Good
DoS/DDoS
Nation State Actors
Russia’s Offensive Cyber Actions Should Be A Cause For Concern For CISOs | CSO Online
Russia Stole US Defense Data From IT Systems, Says CISA • The Register
Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA (thehackernews.com)
Chinese MI6 Informant Gave Information To MPs About Huawei Threat | Huawei | The Guardian
Red Cross Attributes Server Breach To Nation-State Actor - CyberScoop
Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware (thehackernews.com)
Cloud
Report: 63% of IT Pros Say Cyber Threats Are Top Obstacle To Cloud Adoption Strategy | VentureBeat
EU Watchdog To Probe Public Sector's Love Affair With Cloud • The Register
Privacy
Spyware, Espionage & Cyber Warfare
The Conflict In Ukraine Proves Cyber-Attacks Are Now Weapons Of War (thenextweb.com)
Cyber Warfare In Ukraine Poses A Threat To The Global System | Financial Times (ft.com)
EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware (thehackernews.com)
Using Mobile Networks For Cyber Attacks As Part Of A Warfare Strategy - Help Net Security
Moses Staff Hackers Targeting Israeli Organisations for Cyber Espionage (thehackernews.com)
Vulnerabilities
Squirrelwaffle, Microsoft Exchange Server Vulnerabilities Exploited For Financial Fraud | ZDNet
Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails (thehackernews.com)
New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP! (thehackernews.com)
Multiple Vulnerabilities Put 40 Million Ubuntu Users At Risk | TechRadar
Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites (thehackernews.com)
High-Severity Vulnerability Found in Apache Database System Used by Major Firms | SecurityWeek.Com
VMware Fixes Holes That Could Allow Virtual Machine Escapes – Naked Security (sophos.com)
Another Critical RCE Discovered in Adobe Commerce and Magento Platforms (thehackernews.com)
T2 Mac Security Vulnerability: Passwords Can Now Be Cracked - 9to5Mac
Sector Specific
Financial Services Sector
Open Banking Innovation: A Race Between Developers And Cyber Criminals - Help Net Security
Canada's Major Banks Go Offline In Mysterious Hours-Long Outage (bleepingcomputer.com)
Defence
Transport and Aviation
Energy & Utilities
Other News
Over 28,000 Vulnerabilities Disclosed in 2021: Report | SecurityWeek.Com
Web Application Firewalls (WAFs) Can't Give Organisations The Security They Need - Help Net Security
How Challenging Is Corporate Data Protection? - Help Net Security
Local Authority Sets Aside £380k for Cyber-Attack Recovery - Infosecurity Magazine
Traditional MFA Is Creating A False Sense Of Security - Help Net Security
Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry | Threatpost
Be Flexible About Where People Work — But Not on Data Privacy (darkreading.com)
Researchers Block “Largest Ever” Bot Attack - Infosecurity Magazine
BadUSB: The Cyber Threat That Gets You To Plug It In – CloudSavvy IT
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 February 2022
Black Arrow Cyber Threat Briefing 11 February 2022:
-UK, US, Australia Issue Joint Advisory: Ransomware on the Loose, Critical National Infrastructure Affected
-Ransomware Groups and APT Actors Laser-Focused on Financial Services
-Why the C-Suite Should Focus on Understanding Cybersecurity and Investing Appropriately
-Almost $1.3bn Paid to Ransomware Actors Since 2020
-Cyber Crooks Frame Targets by Planting Fabricated Digital Evidence
-Highly Evasive Adaptive Threats (HEAT) Bypassing Traditional Security Defenses
-LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
-2021 Was The Most Prolific Year On Record For Data Breaches
-$1.3 Billion Lost to Romance Scams in the Past Five Years
-Cyber Security Compliance Still Not A Priority For Many
-The World is Falling Victim to the Growing Trickbot Attacks in 2022
-“We Absolutely Do Not Care About You”: Sugar Ransomware Targets Individuals
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK, US, Australia Issue Joint Advisory: Ransomware on the Loose, Critical National Infrastructure Affected
Firms shelled out $5bn in Bitcoin in 6 months
Ransomware attacks are proliferating as criminals turn to gangs providing turnkey post-compromise services, Britain's National Cyber Security Centre (NCSC) has warned.
In a joint UK-US-Australia advisory issued this week, the three countries said they had "observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally."
The warning comes hot on the heels of several high-profile attacks against oil distribution companies and also businesses that operate ports in the West – though today's note insists there was a move by criminals away from "big game hunting" against US targets.
Among the main threats facing Western organisations were the use of "cybercriminal services-for-hire". These, as detailed in the advisory, include "independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals."
https://www.theregister.com/2022/02/09/uk_us_au_ransomware_warning/
Ransomware Groups and APT Actors Laser-Focused on Financial Services
Trellix released a report, examining cybercriminal behaviour and activity related to cyber threats in the third quarter (Q3) of 2021. Among its findings, the research reports that despite a community reckoning to ban ransomware activity from online forums, hacker groups used alternate personas to continue to proliferate the use of ransomware against an increasing spectrum of sectors – hitting the financial, utilities and retail sectors most often, accounting for nearly 60% of ransomware detections.
“While we ended 2021 focused on a resurgent pandemic and the revelations around the Log4j vulnerability, our third-quarter deep dive into cyber threat activity found notable new tools and tactics among ransomware groups and advanced global threat actors,” said Trellix.
https://www.helpnetsecurity.com/2022/02/07/cyber-threats-q3-2021/
Why the C-Suite Should Focus on Understanding Cyber Security and Investing Appropriately
Trend Micro has published a research revealing that persistently low IT/C-suite engagement may imperil investments and expose organisations to increased cyber risk. Over 90% of the IT and business decision makers surveyed expressed particular concern about ransomware attacks.
Despite widespread concern over spiralling threats, the study found that only 57% of responding IT teams discuss cyber risks with the C-suite at least weekly.
Vulnerabilities used to go months or even years before being exploited after their discovery.
“Now it can be hours, or even sooner. More executives than ever understand that they have a responsibility to be informed, but they often feel overwhelmed by how rapidly the cyber security landscape evolves. IT leaders need to communicate with their board in such a way that they can understand where the organisation’s risk is and how they can best manage it.”
https://www.helpnetsecurity.com/2022/02/10/c-suite-engagement/
Almost $1.3bn Paid to Ransomware Actors Since 2020
Cryptocurrency experts have identified $602m of ransomware payments made in 2021, but warned the real figure will likely surpass the $692m paid to cybercrime groups in 2020.
The findings come from the Ransomware Crypto Crime Report produced by blockchain investigations and analytics company Chainalysis. It reveals some fascinating insight into current industry trends.
Average payment size has soared over recent years, from $25,000 in 2019 to $88,000 a year later and $118,000 in 2021. That’s due in part to a surge in targeted attacks on major organisations, known as “big-game hunting,” which can net threat actors tens of millions in a single compromise.
“This big-game hunting strategy is enabled in part by ransomware attackers’ usage of tools provided by third-party providers to make their attacks more effective,” the report explained. “Usage of these services by ransomware operators spiked to its highest ever levels in 2021.”
https://www.infosecurity-magazine.com/news/almost-13bn-paid-to-ransomware/
Cyber Crooks Frame Targets by Planting Fabricated Digital Evidence
The ‘ModifiedElephant’ threat actors are technically unimpressive, but they’ve evaded detection for a decade, hacking human rights advocates’ systems with dusty old keyloggers and off-the-shelf RATs.
Threat actors are hijacking the devices of India’s human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn.
The actor, dubbed ModifiedElephant, has been at it for at least 10 years, and it’s still active. It’s been shafting targets since 2012, if not sooner, going after hundreds of groups and individuals – some repeatedly – according to SentinelLabs researchers.
The operators aren’t what you’d call technical prodigies, but that doesn’t matter. Threat researchers at SentinelOne, said that the advanced persistent threat (APT) group – which may be tied to the commercial surveillance industry – has been muddling along just fine using rudimentary hacking tools such as commercially available remote-access trojans (RATs)
https://threatpost.com/cybercrooks-frame-targets-plant-incriminating-evidence/178384/
Highly Evasive Adaptive Threats (HEAT) Bypassing Traditional Security Defences
Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defences.
HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, that in many cases leads to ransomware attacks.
In an analysis of almost 500,000 malicious domains, the research team discovered that 69% of these websites used HEAT tactics to deliver malware. These attacks allow bad actors to deliver malicious content to the endpoint by adapting to the targeted environment. Since July 2021, there was a 224% increase in HEAT attacks.
“With the abrupt move to remote working in 2020, every organisation had to pivot to a work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them,” said Menlo Security.
https://www.helpnetsecurity.com/2022/02/08/cyberthreats-bypass-security-defences/
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.
Law enforcement, C-suite executives and the cyber security community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs, plus this weekend’s hit on the Swissport airport ground-logistics company, shows the scourge is far from over.
It’s more expensive and riskier than ever to launch ransomware attacks, and ransomware groups have responded by mounting fewer attacks with higher ransomware demands, Coveware has reported, finding that the average ransomware payment in the fourth quarter of last year climbed by 130 percent to reach $322,168. Likewise, Coveware found a 63 percent jump in the median ransom payment, up to $117,116.
“Average and median ransom payments increased dramatically during Q4, but we believe this change was driven by a subtle tactical shift by ransomware-as-a-service (RaaS) operations that reflected the increasing costs and risks previously described,” Coveware analysts said. “The tactical shift involves a deliberate attempt to extort companies that are large enough to pay a ‘big game’ ransom amount but small enough to keep attack operating costs and resulting media and law enforcement attention low.”
https://threatpost.com/lockbit-blackcat-swissport-ransomware-activity/178261/
2021 Was The Most Prolific Year On Record For Data Breaches
Spirion released a guide which provides a detailed look at sensitive data breaches in 2021 derived from analysis conducted against the Identity Theft Resource Center (ITRC) database of publicly reported data breaches in the United States.
The guide is based on the analysis of more than 1,500 data incidents that occurred in the United States during 2021 that specifically involved sensitive data, including personally identifiable information (PII). The report identifies the top sensitive data breaches by the number of individuals impacted, number of records compromised, threat actor, exposure vector, and types of sensitive data exposed by industry sector.
2021 was the most prolific year on record for data breaches, surpassing 2017’s all-time high. Last year a total of 1,862 data compromises were reported by US organisations—a 68 percent increase over 2020. ITRC data revealed that 83% of the year’s incidents exposed 889 million sensitive data records that impacted more than 150 million individuals.
https://www.helpnetsecurity.com/2022/02/09/2021-sensitive-data-breaches/
$1.3 Billion Lost to Romance Scams in the Past Five Years
Romance scams are reaching record-highs, regulators warn.
Netflix's new documentary, The Tinder Swindler, is a wild ride.
The show examines how an alleged fraudster impacted the lives of multiple women, matching with them on Tinder and treating them to expensive dates to gain their trust -- and eventually asking for huge sums of money.
While you may watch the show and wonder how someone -- no matter their gender -- could allow themselves to be swindled out of their savings, romance scams are common, breaking hearts and wiping bank balances around the world every day.
We've moved on from the days of "lonely hearts" columns to dating apps, and they're popular channels to conduct fraud.
Fake profiles, stolen photos and videos, and sob stories from fraudsters (their car has broken down, they can't afford to meet a match, or, in The Tinder Swindler's case, their "enemies" are after them) are all weapons designed to secure interest and sympathy.
https://www.zdnet.com/article/1-3-billion-lost-to-romance-scams-in-the-past-five-years-ftc/
Cyber Security Compliance Still Not A Priority For Many
IBM survey suggests that cyber security still isn't a priority for many companies
The most consistent data point in the IBM i Marketplace Survey Results over recent years has been the ever-present cyber security threat. This year is no exception. The study shows that 62% of organisations consider cyber security a number one concern as they plan their IT infrastructure. 22% cite regulations and compliance in their top five. While companies that prioritise security seem to be implementing multiple solutions, it’s still alarming that nearly half of them do not plan to implement them.
The complexity of cyber security often leaves industry leaders confused and overwhelmed, unable to produce the sound, proactive stance that is so essential.
Cyber security standards can be confusing, but they are necessary. Tighter security can be encouraged with an understanding of cyber security guidelines
For many organisations, cyber security standards are just too complex to wrap their hands around, but that doesn’t mean it’s not necessary. Understanding how cyber security guidelines affect companies’ legal standing can help encourage tighter security.
https://www.itsecurityguru.org/2022/02/07/cybersecurity-compliance-still-not-a-priority-for-many/
The World is Falling Victim to the Growing Trickbot Attacks in 2022
The malware goons are back again. The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defence to slip past antimalware products.
TrickBot, which started out as a banking trojan, has evolved into a multi-purpose crimeware-as-a-service (CaaS) that’s employed by a variety of actors to deliver additional payloads such as ransomware. Over 100 variations of TrickBot have been identified to date, one of which is a “Trickboot” module that can modify the UEFI firmware of a compromised device. In the fall of 2020, Microsoft along with a handful of U.S. government agencies and private security companies teamed up to tackle the TrickBot botnet, taking down much of its infrastructure across the world in a bid to stymie its operations. But TrickBot has proven to be impervious to takedown attempts, what with the operators quickly adjusting their techniques to propagate multi-stage malware through phishing and malspam attacks, not to mention expanding their distribution channels by partnering with other affiliates like Shathak (aka TA551) to increase scale and drive profits.
Russian-based criminals behind the notorious malware known as Trickbot appear to be working overtime to upgrade the threat’s capabilities. Researchers announced last week the discovery of new malware components that enable monitoring and intelligence gathering on victims. The research findings include the detection of a VNC module that uses a custom communications protocol to obfuscate any data being transmitted between the command-and-control (C2) servers and the victims, making the attacks harder to find. The module is in active development and is being updated by criminals at a rapid pace.
“We Absolutely Do Not Care About You”: Sugar Ransomware Targets Individuals
Ransomware tends to target organisations. Corporations not only house a trove of valuable data they can’t function without, but they are also expected to cough up a considerable amount of ransom money in exchange for their encrypted files. And while corporations struggle to keep up with attacks, ransomware groups have left the average consumer relatively untouched—until now.
Sugar ransomware, a new strain recently discovered by the Walmart Security Team, is a ransomware-as-a-service (RaaS) that targets single computers and (likely) small businesses, too. Sugar, also known to many as Encoded01, has been in operation since November 2021.
Threats
Ransomware
NCSC Joins US and Australian Partners to Reveal Latest Ransomware Trends - NCSC.GOV.UK
Russian Ransomware Attacks Increased During 2021, Joint Review Finds | Cybercrime | The Guardian
FBI: Watch Out For LockBit 2.0 Ransomware, Here's How To Reduce The Risk To Your Network | ZDNet
Law Enforcement Action Push Ransomware Gangs To Surgical Attacks (bleepingcomputer.com)
Europe's Biggest Car Dealer Hit With Ransomware Attack | ZDNet
Swissport Ransomware Incident Delayed Flights - Infosecurity Magazine
How a Texas Hack Changed the Ransomware Business Forever - The Record by Recorded Future
Puma Hit By Data Breach After Kronos Ransomware Attack (bleepingcomputer.com)
Vodafone Portugal Hit By A Massive Cyber Attack - Security Affairs
Fortune 500 Service Provider Says Ransomware Attack Led To Leak Of More Than 500k SSNs | ZDNet
Phishing
Hackers Using Fake Job Offers in Latest Catfishing Scheme - ClearanceJobs
Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks (darkreading.com)
ICO Hit by 2650% Rise in Email Attacks - Infosecurity Magazine
Other Social Engineering
Roaming Mantis SMSishing Campaign Now Targets Europe - Security Affairs
FBI: SIM Swapping Attacks Have Surged Five-Fold - Infosecurity Magazine
Malware
Qbot Needs Only 30 Minutes To Steal Your Credentials, Emails (bleepingcomputer.com)
Linux Malware Attacks Are On The Rise, And Businesses Aren't Ready For It | ZDNet
This Password-Stealing Malware Posed As A Windows 11 Download | ZDNet
Several Malware Families Using Pay-Per-Install Service to Expand Their Targets (thehackernews.com)
Qbot, Lokibot Malware Switch Back To Windows Regsvr32 Delivery (bleepingcomputer.com)
Mobile
Medusa Malware Joins Flubot's Android Distribution Network | Threatpost
Critical Android 12 Bug Fixed In February Security Patches • The Register
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Supply Chain
DoS/DDoS
Nation State Actors
Russian APT Steps Up Malicious Cyber Activity in Ukraine (darkreading.com)
Iran Malware in HPE Server Stuns Cyber Security Experts - Bloomberg
Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign (thehackernews.com)
Cloud
Privacy
Meta Threatens to Shut Down Facebook and Instagram in Europe | The Independent
Facebook Exposes 'God Mode' Token Miscreants Could Use • The Register
Spyware, Espionage & Cyber Warfare
Vulnerabilities
Microsoft, Oracle, Apache and Apple vulnerabilities added to CISA catalog | ZDNet
CISA Says 'HiveNightmare' Windows Vulnerability Exploited in Attacks | SecurityWeek.Com
Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans (bleepingcomputer.com)
Microsoft and Other Major Software Firms Release February 2022 Patch Updates (thehackernews.com)
Apple Patches New Zero-Day Exploited To Hack iPhones, iPads, Macs (bleepingcomputer.com)
CISA Urges Orgs To Patch Actively Exploited Windows SeriousSAM Bug (bleepingcomputer.com)
CISA Warns Admins To Patch Maximum Severity SAP Vulnerability (bleepingcomputer.com)
Adobe Patches 13 Vulnerabilities in Illustrator | SecurityWeek.Com
PHP Everywhere RCE Flaws Threaten Thousands of WordPress Sites (bleepingcomputer.com)
Sector Specific
Financial Services Sector
Defence
Health/Medical/Pharma Sector
Retail/eCommerce
Wave of MageCart Attacks Target Hundreds Of Outdated Magento Sites (bleepingcomputer.com)
Threat Actors Compromised +500 Magento-Based E-Stores With E-Skimmers - Security Affairs
Transport and Aviation
Education and Academia
Other News
A "light" February 2022 Patch Tuesday That Should Not Be Ignored - Help Net Security
Organisations Still Struggling To Use APIs Effectively - Help Net Security
Threat Hunting: Your Best Defence Against Unknown Threats - MSSP Alert
UK Foreign and Commonwealth Office Suffered Serious Cyber Attack Earlier This Year | Reuters
European Police Flag 500+ Pieces of “Terrorist” Content - Infosecurity Magazine
A Quarter of New Online Accounts Are Fake – Report - Infosecurity Magazine
Microsoft To Make Enabling 'Untrusted' Office Macros Tougher In The Name Of Security | ZDNet
Cyber Terrorism Is a Growing Threat & Governments Must Take Action (darkreading.com)
Hackers Have Begun Adapting To Wider Use Of Multi-Factor Authentication | TechRepublic
The Race To Save The Internet From Quantum Hackers (nature.com)
Disaster Recovery Is Critical For Business Continuity - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 February 2022
Black Arrow Cyber Threat Briefing 02 February 2022:
-Why Cyber Change Outpaces Boardroom Engagement
-NCSC Alerts UK Orgs To Brace For Destructive Russian Cyber Attacks
-Ransomware: Over Half Of Attacks Are Targeting These Three Industries
-Third of Employees Admit to Exfiltrating Data When Leaving Their Job
-Massive Social Engineering Waves Have Impacted Banks In Several Countries
-Ransomware Is Terrifying – But Never Underestimate The Damage An Employee With Unmonitored Access Can Do
-People Working In IT Related Roles Equally Susceptible To Phishing Attempts As The General Population
-FBI Says More Cyber Attacks Come From China Than Everywhere Else Combined
-Managing Detections Is Not the Same as Stopping Breaches
-From War to Web Security, Protect Your Attack Surface from the Weakest Link
-Number Of Data Compromises Reaching All-Time High
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Change Outpaces Boardroom Engagement
We all know the story of the past two years. Mass digital investments in SaaS collaboration suites, cloud infrastructure and other tools helped to keep organisations operational when they needed it most. The money continues to flow today, as those same companies realize they must keep on pumping funds into digital to stay competitive amidst rising customer expectations. Gartner predicted public cloud spending growth would hit 23% year-on-year in 2021 and increase 20% this year to top $397bn.
From a cyber security perspective, these business decisions are loaded with risk if protections are not built into projects from the start. A recent global poll revealed that of 90% of business and IT decision makers are concerned about the impact of ransomware. It also found generally poor levels of cyber-awareness among board members. Less than half (46%) of respondents claimed concepts like “cyber risk” and “cyber risk management” were known extensively in their organisation.
The truth is that many board leaders do understand the need for greater investment in security as a strategic growth driver. But they find it hard to keep pace with a threat landscape that moves at the speed of light. Vulnerabilities used to go months or years before they were exploited, for example, but today threat actors are working on exploits for bugs like Log4Shell within hours of their discovery. That makes the fast-changing risk landscape difficult to grasp for even tech-savvy C-suite leaders. As a result, cyber risk continues to be managed reactively, which puts the organisation perpetually on the back foot.
https://www.trendmicro.com/en_us/research/22/b/why-cyber-change-outpaces-boardroom-engagement.html
NCSC Alerts UK Orgs to Brace for Destructive Russian Cyber Attacks
The UK’s National Cyber Security Centre (NCSC) is urging organisations to bolster security and prepare for a potential wave of destructive cyber attacks after recent breaches of Ukrainian entities.
The NCSC openly warns that Russian state-sponsored threat actors will likely conduct the attacks and reminds of the damage done in previous destructive cyber attacks, like NotPetya in 2017 and the GRU campaign against Georgia in 2019.
These warnings come after Ukrainian government agencies and corporate entities suffered cyber attacks where websites were defaced, and data-wiping malware was deployed to destroy data and make Windows devices inoperable.
The cause for the resurgence of attacks is the tensions between Russia and Ukraine, and attempts to negotiate a way out of the Ukraine crisis have failed so far.
Ukraine and Russia have engaged in cyber warfare for many years, but recent Russian military mobilization was accompanied by new waves of attacks, with European countries and the USA expected to be targeted next.
Over Half of Ransomware Attacks are Targeting Financial Services, Utilities and Retail
Three sectors have been the most common target for ransomware attacks, but researchers warn "no business or industry is safe".
Over half of ransomware attacks are targeting one of three industries; banking, utilities and retail, according to analysis by cyber security researchers – but they've also warned that all industries are at risk from attacks.
The data has been gathered by Trellix – formerly McAfee Enterprise and FireEye – from detected attacks between July and September 2021, a period when some of the most high-profile ransomware attacks of the past year happened.
According to detections by Trellix, banking and finance was the most common target for ransomware during the reporting period, accounting for 22% of detected attacks. That's followed by 20% of attacks targeting the utilities sector and 16% of attacks targeting retailers. Attacks against the three sectors in combination accounted for 58% of all of those detected.
https://www.zdnet.com/article/ransomware-over-half-of-attacks-are-targeting-these-three-industries/
Third of Employees Admit to Exfiltrating Data When Leaving Their Job
Nearly one-third (29%) of employees admitted taking data with them when they leave their job, according to new research from Tessian.
The findings follow the ‘great resignation’ of 2021, when workers quit their jobs in huge waves following the COVID-19 pandemic. Unsurprisingly, close to three-quarters (71%) of IT leaders believe this trend has increased security risks in their organisations.
In addition, nearly half (45%) of IT leaders said they had seen incidents of data exfiltration increase in the past year due to staff taking data with them when they left.
The survey of 2000 UK workers also looked at employees' motives for taking such information. The most common reason was that the data would help them in their new job (58%). This was followed by the belief that the information belonged to them because they worked on the document (53%) and to share it with their new employer (44%).
The employees most likely to take data with them when leaving their job worked in marketing (63%), HR (37%) and IT (37%).
https://www.infosecurity-magazine.com/news/third-employees-exfiltrating-data/
Massive Social Engineering Waves Have Impacted Banks in Several Countries
A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, the UK, and France. According to Segurança Informática publication, the malicious waves have impacted banking organisations with the goal of stealing the users’ secrets, accessing the home banking portals, and also controlling all the operations on the fly via Command and Control (C2) servers geolocated in Brazil.
In short, criminal groups are targeting victims’ from different countries to collect their home banking secrets and payment cards. The campaigns are carried out by using social engineering schemas, namely smishing, and spear-phishing through fake emails.
Criminals obtain lists of valid and tested phone numbers and emails from other malicious groups, and the process is performed on underground forums, Telegram channels or Discord chats.
The spear-phishing campaigns try to lure victims with fake emails that impersonate the banking institutions. The emails are extremely similar to the originals, exception their content, mainly related to debts or lack of payments.
https://securityaffairs.co/wordpress/127516/cyber-crime/massive-social-engineering-banks.html
Ransomware is Terrifying – But Never Underestimate the Damage an Employee with Unmonitored Access Can Do
Is the biggest threat to your data a mysterious ransomware merchant or an advanced persistent threat cartel?
Or is it a security system that will show you that data has been exfiltrated from your organisation – but only after the fact, leaving open the possibility that your valuable IP could have already been shared with unauthorized parties?
It was the latter scenario that allegedly resulted in 12,000 internal documents being lifted from Pfizer’s systems by a soon-to-depart employee last year. Those documents reportedly included details of COVID-19 vaccine research and a new melanoma drug.
The incident shows how today’s cloud infrastructure can exacerbate security gaps and why simply detecting a potential data leak isn’t enough. Companies need to have deep insight into what their employees are doing, as well as technology that can actively enforce policy and prevent unencrypted data from ever leaving the enterprise.
https://www.theregister.com/2022/02/03/ransomware_terrifying/
People Working in IT Related Roles Equally Susceptible to Phishing Attempts as the General Population
Phishing emails that mimic HR announcements or ask for assistance with invoicing get the most clicks from recipients, according to a study from F-Secure.
The study, which included 82,402 participants, tested how employees from four different organisations responded to emails that simulated one of four commonly used phishing tactics.
22% of recipients that received an email simulating a human resources announcement about vacation time clicked, making emails that mimic those sent by HR the most frequent source of clicks in the study.
An email asking the recipient to help with an invoice (referred to as CEO Fraud in the report) was the second most frequently engaged with email type, receiving clicks from 16% of recipients.
https://www.helpnetsecurity.com/2022/02/03/phishing-emails-clicks/
FBI Says More Cyber Attacks Come from China than Everywhere Else Combined
US Federal Bureau of Investigation director Christopher Wray has named China as the source of more cyber-attacks on the USA than all other nations combined.
In a Monday speech titled Countering Threats Posed by the Chinese Government Inside the US, Wray said the FBI is probing over 2,000 investigations of incidents assessed as attempts by China's government "to steal our information and technology."
"The Chinese government steals staggering volumes of information and causes deep, job-destroying damage across a wide range of industries – so much so that, as you heard, we're constantly opening new cases to counter their intelligence operations, about every 12 hours or so."
Wray rated China's online offensive as "bigger than those of every other major nation combined," adding it has "a lot of funding and sophisticated tools, and often joining forces with cyber criminals – in effect, cyber mercenaries."
https://www.theregister.com/2022/02/03/fbi_china_threat_to_usa/
Managing Detections is Not the Same as Stopping Breaches
Enterprises interested in managed detection and response (MDR) services to monitor endpoints and workloads should make sure the providers have rock-solid expertise in detecting and responding to threats.
The fundamental challenge in cyber security is that adversaries move quickly. We know from observation that attackers go from initial intrusion to lateral movement in a matter of a couple hours or less.
If security teams are going to successfully stop a breach, they need to operate within the same timeframe, containing and remediating threats within minutes, 24 hours a day, 7 days a week. Such constant vigilance can be challenging for in-house staff. This is why many organisations engage a provider of managed detection and response (MDR) security services, which monitors endpoints, workloads, and other systems to detect and monitor threats.
Unfortunately, even most managed services have several fundamental flaws that prevent them from executing on the core mission of stopping breaches.
https://www.darkreading.com/crowdstrike/managing-detections-is-not-the-same-as-stopping-breaches
From War to Web Security, Protect Your Attack Surface from the Weakest Link
With the rapid proliferation of data, increasing number of domains and subdomains as well as rise in third-party providers, the number of entry points through which attackers can infiltrate a company’s web environment is endless. Attacks are increasingly causing consequences felt beyond the perimeter of an organisation, as demonstrated earlier this year with the Colonial Pipeline breach, which caused fuel prices along the US East Coast to soar, and the attack on software provider Kaseya that forced hundreds of grocery stores in the Nordics to shut down business for days.
Security breaches often happen through an avenue that no one saw coming — a server no one knew existed, an old landing page, weak passwords or an application that was missing a patch. It’s perhaps never been clearer than today that a company is only as strong as the weakest link in its growing attack surface.
https://thenewstack.io/from-war-to-web-security-protect-your-attack-surface-from-the-weakest-link/
Number of Data Compromises Reaching All-Time High
According to an Identity Theft Resource Center (ITRC) report, the overall number of data compromises (1,862) is up more than 68 percent compared to 2020.
The new record number of data compromises is 23 percent over the previous all-time high (1,506) set in 2017. The number of data events that involved sensitive information (Ex: Social Security numbers) increased slightly compared to 2020 (83 percent vs. 80 percent). However, it remained well below the previous high of 95 percent set in 2017.
The number of victims continues to decrease (down five (5) percent in 2021 compared to the previous year) as identity criminals focus more on specific data types rather than mass data acquisition. However, the number of consumers whose data was compromised multiple times per year remains alarmingly high.
https://www.helpnetsecurity.com/2022/01/31/data-compromises-up/
Threats
Ransomware
Aggressive BlackCat Ransomware on the Rise (darkreading.com)
A Look At The New Sugar Ransomware Demanding Low Ransoms (bleepingcomputer.com)
BlackCat Ransomware - What You Need To Know | The State of Security (tripwire.com)
KP Snacks Giant Hit By Conti Ransomware, Deliveries Disrupted (bleepingcomputer.com)
Hacker Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks (thehackernews.com)
Financially Motivated Hackers Use Leaked Conti Ransomware Techniques in Attacks | SecurityWeek.Com
FBI Shares Lockbit Ransomware Technical Details, Defense Tips (bleepingcomputer.com)
BlackCat (ALPHV) Ransomware Linked To BlackMatter, DarkSide Gangs (bleepingcomputer.com)
Over 500,000 People Impacted By A Ransomware Attack That Hit Morley - Security Affairs
Scottish Agency Still Recovering from 2020 Ransomware Attack - Infosecurity Magazine
Conti Ransomware Encrypted 80% of Ireland's HSE IT Systems (bleepingcomputer.com)
Ransomware Wants You to Like and Subscribe, Or Else (vice.com)
Ransomware Means Your Database IS The Front Line. How Are You Defending It? • The Register
Phishing
Low-Detection Phishing Kits Increasingly Bypass MFA | Threatpost
MFA Adoption Pushes Phishing Actors To Reverse-Proxy Solutions (bleepingcomputer.com)
Intuit Warns Of Phishing Emails Threatening To Delete Accounts (bleepingcomputer.com)
Strong Authentication Protects Against Phishing. So Why Aren't More People Using It? | ZDNet
Microsoft Blocked Billions Of Brute-Force And Phishing Attacks Last Year (bleepingcomputer.com)
Other Social Engineering
Malware
Malicious CSV Text Files Used To Install BazarBackdoor Malware (bleepingcomputer.com)
New Malware Used by SolarWinds Attackers Went Undetected for Years (thehackernews.com)
Microsoft: This Mac Malware Is Getting Smarter And More Dangerous | ZDNet
Data Breaches/Leaks
The 3 Most Common Causes of Data Breaches in 2021 (darkreading.com)
British Council Exposed More Than 100,000 Files With Student Records (bleepingcomputer.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Supply Chain
DoS/DDoS
CNI, OT, ICS, IIoT and SCADA
Nation State Actors
Russian 'Gamaredon' Hackers Use 8 New Malware Payloads In Attacks (bleepingcomputer.com)
State Hackers' New Malware Helped Them Stay Undetected For 250 Days (bleepingcomputer.com)
Charming Kitten Sharpens Its Claws with PowerShell Backdoor | Threatpost
FBI's Warning About Iranian Firm Highlights Common Cyber Attack Tactics | CSO Online
Cloud
Passwords & Credential Stuffing
Spyware, Espionage & Cyber Warfare
Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers (thehackernews.com)
Gamaredon (Primitive Bear) Russian APT Group Actively Targeting Ukraine (paloaltonetworks.com)
Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users (thehackernews.com)
Cyber Spies Linked To Memento Ransomware Use New PowerShell Malware (bleepingcomputer.com)
NSO Group's Pegasus Spyware and Phantom Encryption Cracker Trigger Fresh Concerns - MSSP Alert
Vulnerabilities
Apple, SonicWall, Internet Explorer Vulnerabilities Added To CISA List | ZDNet
Samba 'Fruit' Bug Allows RCE, Full Root User Access | Threatpost
Tens of Thousands of Websites Vulnerable to RCE Flaw in WordPress Plug-in (darkreading.com)
Cisco Fixes Critical Bugs In SMB Routers, Exploits Available (bleepingcomputer.com)
UEFI Firmware Vulnerabilities Affect At Least 25 Computer Vendors (bleepingcomputer.com)
Google Patches 27 Vulnerabilities With Release of Chrome 98 | SecurityWeek.Com
Intel Patched 226 Vulnerabilities in 2021 | SecurityWeek.Com
600K WordPress Sites Impacted By Critical Plugin RCE Vulnerability (bleepingcomputer.com)
Critical Log4j Vulnerabilities Are the Ultimate Gift for Cyber Criminals (darkreading.com)
ESET Antivirus Bug Let Attackers Gain Windows SYSTEM Privileges (bleepingcomputer.com)
Sector Specific
Financial Services Sector
Retail
Transport and Aviation
Reports Published in the Last Week
Other News
Hackers Went Wild in 2021 — Every Company Should Do These 5 Things in 2022 (darkreading.com)
Rush To Remote Work Left Sysadmins Struggling To Keep Businesses Safe - Help Net Security
Telco Fined €9 Million For Hiding Cyber Attack Impact From Customers (bleepingcomputer.com)
90% of Security Leaders Warn of Skills Shortage - Infosecurity Magazine (infosecurity-magazine.com)
Hundreds Of Thousands Of Routers Exposed To Eternal Silence Campaign Via UPnP - Security Affairs
Social Security Numbers Most Targeted Sensitive Data - Infosecurity Magazine
NIST's New Cyber-Resiliency Guidance: 3 Steps For Getting Started | CSO Online
Organisations Neglecting Microsoft 365 Cyber Security Features - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28 January 2022
Black Arrow Cyber Threat Briefing 28 January 2022
-UK Warned To Bolster Defences Against Cyber Attacks As Russia Threatens Ukraine - BBC News
-Cyber Attacks And Ransomware Hit A New Record In 2021, Says Report
-Ransomware Families Becoming More Sophisticated With Newer Attack Methods
-More Than 90% Of Enterprises Surveyed Have Been Hit By Successful Cyberattacks
-Ransomware Gangs Increase Efforts To Enlist Insiders For Attacks
-Shipment-Delivery Scams Become the Favoured Way to Spread Malware
-Most Ransomware Infections Are Self-Installed
-Staff Negligence Is Now A Major Reason For Insider Security Incidents
-22 Cyber Security Myths Organisations Need To Stop Believing In 2022
-Android Malware Can Factory-Reset Phones After Draining Bank Accounts
-GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study
-Cyber Security In 2022 – A Fresh Look At Some Very Alarming Stats
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Warned To Bolster Defences Against Cyber Attacks As Russia Threatens Ukraine - BBC News
UK organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.
The National Cyber Security Centre (NCSC) has issued new guidance, saying it is vital companies stay ahead of a potential threat.
The centre said it was unaware of any specific threats to UK organisations.
It follows a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies.
In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours.
It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.
"It was a complex operation," says John Hultquist, an expert on Russian cyber operations at the US security firm Mandiant. "They even disrupted the telephone lines so that the engineers couldn't make calls."
Ukraine has been on the front line of a cyber conflict for years. But if Russia does invade the country soon, tanks and troops will still be at the forefront.
https://www.bbc.co.uk/news/uk-60158874
Cyber Attacks And Ransomware Hit A New Record In 2021, Says Report
Ransomware attacks have doubled for the past two years, says a new report—but a lot of people aren’t bothering to change their passwords.
Hackers made up for some lost time last year.
After seeing the number of data breaches decline in 2020, the Identity Theft Resource Center’s 16th Annual Data Breach Report says the number of security compromises was up more than 68% in 2021. That tops the all-time high by a shocking 23%.
All told, there were 1,862 breaches last year, says the ITRC, 356 more than in 2017, the previous busiest year on record.
“Many of the cyber attacks committed were highly sophisticated and complex, requiring aggressive defences to prevent them,” Eva Velasquez, ITRC president and CEO, said in a statement. “If those defences failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”
https://www.fastcompany.com/90715622/cyberattacks-ransomware-data-breach-new-record-2021
Ransomware Families Becoming More Sophisticated With Newer Attack Methods
Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year.
The report also found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate crippling attacks. At the same time, they are broadening their attack spheres and finding newer ways to compromise organisational networks and fearlessly trigger high-impact assaults.
https://www.helpnetsecurity.com/2022/01/28/new-ransomware-families/
More Than 90% Of Enterprises Surveyed Have Been Hit By Successful Cyber Attacks
Cyber attacks can impact any organisation, big or small. But large enterprises are often more tempting targets due to the vast amount of lucrative data they hold. A new report from cyber security firm Anomali reveals an increase in successful cyber attacks and offers ideas on how organisations can better protect themselves.
Published on Thursday, the "2022 Anomali Cyber security Insights Report" is based on a survey of 800 cyber security decision makers commissioned by Anomali and conducted by Harris between September 9 and October 13 of 2021. The survey elicited responses from professionals in the US, UK, Canada and other countries who work full time in such industries as manufacturing, telecommunications and financial services.
Among the respondents, 87% said that their organisations were victims of successful cyber attacks sometime over the past three years. In this case, a successful attack is one that caused damage, disruption or a data breach. Since the pandemic started almost two years ago, 83% of those polled have experienced an increase in attempted cyber attacks, while 87% have been hit with a rise in phishing emails, many of them exploiting coronavirus-related themes.
Ransomware Gangs Increase Efforts To Enlist Insiders For Attacks
A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.
The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.
Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.
Shipment-Delivery Scams Become the Favoured Way to Spread Malware
Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.
Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found.
Researchers from Avanan, a Check Point company, and Cofense have discovered recent phishing campaigns that include malicious links or attachments aimed at infecting devices with Trickbot and other dangerous malware, they reported separately on Thursday.
The campaigns separately relied on trust in widely used methods for shipping and employees’ comfort with receiving emailed documents related to shipments to try to elicit further action to compromise corporate systems, researchers said.
https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/
Most Ransomware Infections Are Self-Installed
New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed.
The finding was included in the company’s inaugural annual report on cyber security trends and predictions, Great eXpeltations, published on Thursday.
Researchers found eight out of ten ransomware infections occurred after victims unwittingly opened a zipped file containing malicious code. Abuse of third-party access accounted for 3% of all ransomware incidents, and 4% were caused by exploiting a software vulnerability on the perimeter.
The report was based on the analysis of data aggregated from Expel’s security operations center (SOC) concerning incidents spanning January 1 2021 to December 31 2021.
Other key findings were that 50% of incidents were BEC (business email compromise) attempts, with SaaS apps a top target.
https://www.infosecurity-magazine.com/news/most-ransomware-infections-self/
Staff Negligence Is Now A Major Reason For Insider Security Incidents
Insider threats cost organisations approximately $15.4 million every year, with negligence a common reason for security incidents, new research suggests.
Enterprise players today are facing cyber security challenges from every angle. Weak endpoint security, unsecured cloud systems, vulnerabilities -- whether unpatched or zero-days -- the introduction of unregulated internet of things (IoT) devices to corporate networks and remote work systems can all become conduits for a cyber attack to take place.
When it comes to the human element of security, a lack of training or cyber security awareness, mistakes, or deliberate, malicious actions also needs to be acknowledged in managing threat detection and response.
22 Cyber Security Myths Organisations Need To Stop Believing In 2022
Security teams trying to defend their organisations need to adapt quickly to new challenges. Yesterday’s buzzwords and best practices have become today’s myths.
The past few years have seen a dramatic shift in how organisations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.
This convoluted environment requires a new mindset to defend, and things that might have held true in the past might no longer be useful. Can digital certificates' expiration dates still be managed in a spreadsheet? Is encryption 'magic dust'? And are humans actually the weakest link?
Security experts weigh in the 22 cyber security myths that we finally need to retire in 2022.
Android Malware Can Factory-Reset Phones After Draining Bank Accounts
A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean.
Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks.
GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study
Fines issued for GDPR non-compliance increased sevenfold from 2020 to 2021, analysis shows
In its latest annual GDPR summary, international law firm DLA Piper focuses attention in two areas: fines imposed and the evolving effect of the Schrems II ruling of 2020. Fines are increasing and Schrems II issues are becoming more complex.
Fines issued for GDPR non-compliance increased significantly (sevenfold) in 2021, from €158.5 million (approximately $180 million) in 2020 to just under €1.1 billion (approximately $1.25 billion) in 2021. The largest fines came from Luxembourg against Amazon (€746 million / $846 million), and Ireland against WhatsApp (€225 million / $255 million). Both are currently being appealed.
The WhatsApp fine is interesting. The original fine proposed by the Irish Data Protection Commission (DPC) was for €30 million to €50 million. However, other European regulators objected, and the European Data Processing Board (EDPB) adjudicated – instructing Ireland to increase the fine by 350%.
https://www.securityweek.com/gdpr-fines-surged-sevenfold-125-billion-2021-study
Cyber Security In 2022 – A Fresh Look At Some Very Alarming Stats
Last year Forbes wrote a couple of articles that highlighted some of the more significant cyber statistics associated with our expanding digital ecosystem. In retrospect, 2021 was a very trying year for cyber security in so many areas. There were high profile breaches such as Solar Winds, Colonial Pipeline and dozens of others that had major economic and security related impact. Ransomware came on with a vengeance targeting many small and medium businesses.
Perhaps most worrisome was how critical infrastructure and supply chains security weaknesses were targeted and exploited by adversaries at higher rates than in the past. Since it is only January, we are just starting to learn of some of the statistics that certainly will trend in 2022. By reviewing the topics below, we can learn what we need to fortify and bolster in terms of cyber security throughout the coming year.
Buy now, pay later fraud, romance and cryptocurrency schemes top the list of threats this year
Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud.
The main areas they are predicting seeing rises in fraud are:
-Buy now, pay never
-Cryptocurrency scams
-Doubling ransomware attacks
-More increases in romance fraud
-Digital elder abuse will rise
https://www.helpnetsecurity.com/2022/01/26/fraud-threats-this-year/
Threats
Ransomware
Ransomware: More Families, More Vulnerabilities, More Weaponry Dominate 2021 - MSSP Alert
Linux Version Of LockBit Ransomware Targets VMware ESXi Servers (bleepingcomputer.com)
BlackCat Ransomware Targeting US, European Retail, Construction And Transportation Orgs | ZDNet
Conti Ransomware Hits Apple, Tesla Supplier - The Record by Recorded Future
Phishing
There's Been A Big Rise In Phishing Attacks Using Microsoft Excel XLL Add-Ins | ZDNet
Microsoft warns of multi-stage phishing campaign leveraging Azure AD (bleepingcomputer.com)
Other Social Engineering
Malware
Trickbot Injections Get Harder to Detect & Analyze (darkreading.com)
Log4j: Mirai Botnet Found Targeting ZyXEL Networking Devices | ZDNet
Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks (thehackernews.com)
TrickBot Malware Using New Techniques to Evade Web Injection Attacks (thehackernews.com)
Mobile
105 Million Android Users Targeted By Subscription Fraud Campaign (bleepingcomputer.com)
2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan | Ars Technica
New FluBot And TeaBot Campaigns Target Android Devices Worldwide (bleepingcomputer.com)
Latest Version Of Android RAT BRATA Wipes Devices After Stealing Data - Security Affairs
IoT
As IoT Attacks Increase, Experts Fear More Serious Threats (darkreading.com)
Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHub (darkreading.com)
19-Year-Old Describes How He Remotely Hacked 25+ Teslas (businessinsider.com)
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Supply Chain
DoS/DDoS
Microsoft Mitigates Largest DDoS Attack 'Ever Reported In History' (bleepingcomputer.com)
Nobel Foundation Site Hit By DDoS Attack On Award Day (bleepingcomputer.com)
CNI, OT, ICS, IIoT and SCADA
Over 20,000 Data Center Management Systems Exposed To Hackers (bleepingcomputer.com)
Energy Sector Still Needs to Shut the Barn Door (darkreading.com)
Nation State Actors
North Korean Hackers Using Windows Update Service to Infect PCs with Malware (thehackernews.com)
Russian APT29 Hackers' Stealthy Malware Undetected For Years (bleepingcomputer.com)
North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware (thehackernews.com)
German Intel Warns Of APT27 Targeting Commercial Organisations - Security Affairs
Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign (darkreading.com)
Cloud
Top 5 Cloud Security Data Breaches in Recent Years (makeuseof.com)
Molerats Group Uses Public Cloud Services As Attack Infrastructure - Security Affairs
Privacy
Passwords & Credential Stuffing
65% Of Organisations Continue To Rely On Shared Logins - Help Net Security
Strong Security Starts With The Strengthening Of The Weakest Link: Passwords - Help Net Security
Spyware, Espionage & Cyber Warfare
Vulnerabilities
Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’ | Threatpost
Outlook Security Feature Bypass Allowed Sending Malicious Links | SecurityWeek.Com
Attackers Now Actively Targeting Critical SonicWall RCE Bug (bleepingcomputer.com)
Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? (thehackernews.com)
Apple Fixes New Zero-Day Exploited To Hack macOS, iOS Devices (bleepingcomputer.com)
F5 Fixes 25 Flaws In BIG-IP, BIG-IQ, and NGINX Products - Security Affairs
Sector Specific
Health/Medical/Pharma Sector
Education and Academia
Reports Published in the Last Week
Aqua Security Reports Large Increase in Supply Chain Attacks (infoq.com)
Other News
Cyber Security: 11 Steps To Take As Threat Levels Increase | ZDNet
Right of Boom: Can Your MSP Really Survive A Cyber Attack? - MSSP Alert
Are You Prepared to Defend Against a USB Attack? (darkreading.com)
VW Fired Senior Employee After They Raised Cyber Security Concerns | Financial Times
Microsoft Outlook RCE Zero-Day Exploits Now Selling For $400,000 (bleepingcomputer.com)
Hackers Are Taking Over CEO Accounts With Rogue OAuth Apps (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 December 2021
Black Arrow Cyber Threat Briefing 10 December 2021
-Beware Of Ransomware Attacks Between Christmas and New Year’s!
-Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)
-Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool
-SolarWinds Attackers Spotted Using New Tactics, Malware
-Cyber Crime Supply Chain: Fueling The Rise In Ransomware
-Weak Passwords Caused 30% Of Security Breaches
-Work-from-Anywhere Requires "Work-from-Anywhere Security"
-Just 3% of UK Firms Escaped a Supply Chain Breach in 2021
-Critical Flaw In ManageEngine Desktop Central MSP Tool Exploited In The Wild
-New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security
-UK’s Poor Cyber Risk Planning Could “Wreak Havoc”
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Beware Of Ransomware Attacks Between Christmas And New Year’s!
Darktrace reported that its security researchers discovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared to the monthly average.
The researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February. Following a record number of ransomware attacks this year, the company expects the spike to be higher over the 2021 holiday period.
https://www.helpnetsecurity.com/2021/12/09/ransomware-attacks-holiday/
Why Holidays Put Your Company at Risk of Cyber Attack (And How to Take Precautions)
It is a time when many are thinking of their families and loved ones, time off work, and gift-giving – the holidays. However, while many have their minds outside the realm of work during the holiday season, often, this is when attackers plan their most sinister attacks.
So how can you take precautions to protect your organisation during these times?
Attackers today do not have a soft spot for businesses and give companies a break at any time of the year, especially not during holidays. On the contrary, any time of the year where companies may be less prepared to fend off a cyberattack is an opportunity for successful compromise. As a result, the holidays put your company at a higher risk of cyberattack.
https://thehackernews.com/2021/12/why-holidays-put-your-company-at-risk.html
Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool
Security experts are sounding the equivalent of a five-alarm fire on a critical new zero-day vulnerability in Log4j, a logging framework that is ubiquitously present in Java software.
The flaw (CVE-2021-44228) could allow remote attackers to run arbitrary code on any application that uses Log4j and is already being actively exploited. Some vendors have observed mass scanning activity — presumably by threat actors — for vulnerable applications, and there are some reports of exploit activity against organisations. Attacks against the flaw take little skill to execute and are being fueled by proof-of-concept code in the wild.
SolarWinds Attackers Spotted Using New Tactics, Malware
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.
One year after the notorious and far-reaching SolarWinds supply-chain attacks, its orchestrators are on the offensive again. Researchers said they’ve seen the threat group – which Microsoft refers to as “Nobelium” and which is linked to Russia’s spy agency – compromising global business and government targets with novel tactics and custom malware, stealing data and moving laterally across networks.
https://threatpost.com/solarwinds-attackers-new-tactics-malware/176818/
Cyber Crime Supply Chain: Fuelling The Rise In Ransomware
Trend Micro released a research detailing the murky cybercrime supply chain behind much of the recent surge in ransomware attacks. Demand has increased so much over the past two years that many cybercriminal markets now have their own “Access-as-a-Service” sections.
https://www.helpnetsecurity.com/2021/12/06/cybercrime-supply-chain/
Weak Passwords Caused 30% Of Security Breaches
A recent survey assessed the risk factors associated with password management and how to safeguard them from attacks or breaches. The results revealed that 30% of respondents reported password leaks and security breaches as a result of poor password practices. Respondees admitted to making poor password choices, such as sharing them with colleagues, family members or friends; writing them on sticky notes, papers, planners; re-using passwords across multiple sites and only changing them when prompted.
Consequently, researchers revealed some of the best password practices to create unhackable passwords. These practices include using secure VPNs, two-factor authentication, using a password management software and creating unique passwords that aren’t easily deduced .
https://www.itsecurityguru.org/2021/12/10/weak-passwords-caused-30-of-security-breaches/
Work-from-Anywhere Requires "Work-from-Anywhere Security"
Securing today's expanding networks often includes adding additional technologies to an already overburdened security environment. With organisations already struggling to manage an average of 45 security tools, with each incident requiring coordination across 19 different devices, adding new technologies to the mix may be the straw that breaks the camel's back.
The most recent example of the rapid expansion of the network's attack surface has been remote work. The COVID-19 pandemic accelerated the need for a work-from-anywhere (WFA) strategy. And now, as workers begin to return to the office, a hybrid approach to work has become the new status quo. According to Accenture, 83% of workers prefer a hybrid work model that allows them to work remotely between 25% and 75% of the time. And businesses are listening. 63% of high-revenue growth companies have already enabled productivity anywhere workforce models.
One of the biggest security challenges of a hybrid workforce is that employees need to move seamlessly between the corporate office, their home network, and other remote locations. Applications, whether deployed in the data centre, SaaS, or cloud, not only need to be available from anywhere, but user experience—and security—needs to be consistent from any location as well.
https://www.securityweek.com/work-anywhere-requires-work-anywhere-security
Just 3% of UK Firms Escaped a Supply Chain Breach in 2021
Some 97% of UK organisations suffered a supply chain breach over the past year, up from 82% in 2020 and the second highest figure globally, according to BlueVoyant.
The security firm polled 1200 C-level executives with responsibility for managing risk in supply chains, across the UK, US, Singapore, Canada, Germany and the Netherlands.
UK firms also experienced a higher-than-average percentage of breaches: 59% suffered between two and five supply chain incidents compared to an overall average of 49%. The average number of breaches in the country grew from 2.64 in 2020 to 3.57 in 2021.
Perhaps unsurprisingly given these figures, only a quarter (27%) of UK respondents said they consider third-party cyber risk a key priority versus a 42% global average.
https://www.infosecurity-magazine.com/news/just-3-uk-firms-escaped-supply/
Critical Flaw In ManageEngine Desktop Central MSP Tool Exploited In The Wild
News of this latest zero-day vulnerability comes after hackers exploited at least two other flaws in ManageEngine products this year. Attacks against MSPs and their tools have seen a rise over the past several years due to hackers realizing that compromising such organisations can provide an easy way into the networks of thousands of businesses that rely on them to manage their IT assets.
News of this latest zero-day vulnerability comes after hackers exploited at least two other flaws in ManageEngine products this year. Attacks against MSPs and their tools have seen a rise over the past several years due to hackers realizing that compromising such organisations can provide an easy way into the networks of thousands of businesses that rely on them to manage their IT assets.
New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security
Continuity™, the first dedicated storage and backup security provider, this week announced findings from its Security Intelligence Report: Analysis of Storage and Backup Security in the Financial Services & Banking Sector. This extensive study – the first of its kind – explores the security posture of storage and backup environments in the global financial services industry.
The survey of 200 financial services firms and banks from 45 countries revealed that most of these organisations have not yet reached a satisfactory level of storage and backup maturity. Notably, more than half (52%) of the respondents were not strongly confident about their storage and backup security, and a quarter (25%) noted they were significantly concerned (low or no confidence).
UK’s Poor Cyber Risk Planning Could “Wreak Havoc”
The UK’s long-term risk planning is under-powered and could expose the nation if it is struck by a serious cyber-threat, a new House of Lords (HoL) report has found.
The study, Preparing for Extreme Risks: Building a Resilient Society, was produced by the upper chamber’s Select Committee on Risk Assessment and Risk Planning after interviews with 85 expert witnesses.
It claimed that the government spends too much of its time reacting to crises and emergencies, neglecting the kind of long-term planning which would have prepared the country better for the COVID-19 pandemic.
“The UK’s unpreparedness to manage the outbreak of the COVID-19 virus was and is clear. More broadly, our inquiry has analyzed the UK’s risk assessment process and found that our current system is deficient at assessing and addressing future threats and hazards,” it argued.
“However, pandemics are only one of a number of extreme risks facing the UK. Severe space weather events could render smart technologies on which much of society relies inoperable for weeks or longer; this would include GPS, the internet, communications systems and power supplies. A cyber or physical attack on our critical national infrastructure could wreak havoc.”
https://www.infosecurity-magazine.com/news/uks-poor-cyber-risk-planning-could/
Threats
Ransomware
Ransomware Attacks Soar, Hackers Set To Become More Aggressive | Reuters
Emotet’s Behaviour & Spread Are Omens of Ransomware Attacks | Threatpost
Ireland Conti Ransomware Attack Vector Was Spam Email • The Register
Crackdown On Crypto Firms Needed To ‘Wreck’ Ransomware, Says Ex-GCHQ Boss (telegraph.co.uk)
Companies Linked to Russian Ransomware Hide in Plain Sight - The New York Times (nytimes.com)
New 'Karakurt' Cyber Crime Gang Focuses On Data Theft And Extortion - Security Affairs
More Than 300 Spar Shops In North Of England Hit By Cyber Attack | Hacking | The Guardian
New Cerber Ransomware Targets Confluence And GitLab Servers (Bleepingcomputer.Com)
Ransomware Attack Locks Hotel Guests Out Of Rooms - IT Security Guru
BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild (thehackernews.com)
ALPHV BlackCat - This Year's Most Sophisticated Ransomware (Bleepingcomputer.Com)
Phishing
Microsoft, Google OAuth Flaws Can Be Abused In Phishing Attacks (Bleepingcomputer.Com)
Researchers Explore Microsoft Outlook Phishing Techniques (darkreading.com)
Convincing Microsoft Phishing Uses Fake Office 365 Spam Alerts (Bleepingcomputer.Com)
Study: Most Phishing Pages Are Abandoned Or Disappear In A Matter Of Days - Techrepublic
Phishing Attacks Use QR Codes To Steal Banking Credentials (Bleepingcomputer.Com)
Malware
Emotet Is Back and More Dangerous Than Before (darkreading.com)
Malicious Notepad++ Installers Push StrongPity Malware (bleepingcomputer.com)
Mobile
IOT
IoT Under Attack: Security Is Still Not Good Enough On These Edge Devices | ZDNet
Three-Quarters of Firms Admit to Sub-Optimal IoT Security - Infosecurity Magazine
Data Breaches/Leaks
Organised Crime & Criminal Actors
Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers (thehackernews.com)
Google Disrupts Massive Glupteba Botnet, Sues Russian Operators (Bleepingcomputer.Com)
Cyber Criminals Are Using Fake Advertising To Distribute Malware | Techspot
Cryptocurrency/Cryptojacking
Hackers Are Minting Their Own Crypto To Use In Elaborate Phishing Scams | Techradar
Tor2Mine Cryptominer Is Warning Sign Of Network Exploitation • The Register
QNAP Warns Users Of Bitcoin Miner Targeting Their NAS Devices (Bleepingcomputer.com)
Insider Risk and Insider Threats
Fraud & Financial Crime
Dark Web
OT, ICS, IIoT and SCADA
Nation State Actors
UK Spy Chief Raises Fears Over China’s Digital Renminbi | Financial Times (FT.com)
Russia Blocks Tor Privacy Service in Latest Censorship Move (thehackernews.com)
Cloud
Vulnerabilities
Your Microsoft Network Is Only As Secure As Your Oldest Server | CSO Online
Lack of Patching Leaves 300,000 Routers at Risk for Attack (darkreading.com)
Vulnerability In Windows 10 URI Handler Leads To Remote Code Execution | Malwarebytes Labs
Dark Mirai Botnet Targeting RCE On Popular TP-Link Router (Bleepingcomputer.Com)
Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites | Threatpost
Sector Specific
Financial Services Sector
US Bank Regulator Urges Vigilance As Ransomware Attacks On The Rise | Reuters
Israel Leads 10-Country Simulation Of Major Cyber Attack On World Markets | The Times Of Israel
Health/Medical/Pharma Sector
Retail
Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity | Threatpost
Hackers Infect Random WordPress Plugins To Steal Credit Cards (Bleepingcomputer.Com)
Transport and Aviation
Other News
Google, Microsoft: Internet Whac-a-Mole vs. Cyber Criminals - MSSP Alert
Are You Guilty of These 8 Network-Security Bad Practices? | Threatpost
1.6 Million WordPress Sites Under Cyber Attack From Over 16,000 IP Addresses (thehackernews.com)
Next-Gen Maldocs & How to Solve the Human Vulnerability | Threatpost
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 26 November 2021
Black Arrow Cyber Threat Briefing 26 November 2021
-70% Of IT Pros Say Security Hygiene Has Gotten Harder Over Past Two Years
-As Digital Shopping Surges, Researchers Predict 8 Million Daily Attacks
-More Ransomware Attacks Up to September Than Whole of 2020
-Ransomware Warning: Hackers See Holidays And Weekends As A Great Time To Attack
-Suspect Arrested In 'Ransom Your Employer' Criminal Scheme
-The Newer Cyber Crime Triad: Trickbot-Emotet-Conti
-Threat Actors Find And Compromise Exposed Services In 24 Hours
-Does Your Company Employ A CISO? Many Are Operating Without Security Leadership
-New Malware Is Capable Of Evading Almost All Antivirus Products
-Interpol Arrests Over 1,000 Suspects Linked To Cyber Crime
-Researchers Warn Of Severe Risks From ‘Printjack’ Printer Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
70% Of IT Pros Say Security Hygiene Has Got Harder Over Past Two Years
A new report from Enterprise Strategy Group (ESG) and JupiterOne warns of inadequate security hygiene and posture management practices at many organizations. The research found that 86% of organizations believe they follow best practices for security hygiene and posture management. However, 70% of organizations said they use more than ten security tools to manage security hygiene and posture management, which raises concerns about data management and operations overhead.
In addition, 73% of security professionals admitted that they still depend on spreadsheets to manage security hygiene and posture at their organizations. As a result, 70% of respondents said that security hygiene and posture management had become more difficult over the past two years as their attack surfaces have grown.
As Digital Shopping Surges, Researchers Predict 8 Million Daily Attacks
Arkose Labs released new data on the latest fraud trends, revealing increased threats during the holidays, rising bot attacks, and a resurgence in attacks on travel companies. As shoppers fill their online carts, account takeover (ATO) attacks and gift-card fraud remain persistent.
The report shares the top six fraud-fighting trends from the previous 3 months and provides data highlighting that no digital business is immune from attack. Financial industries saw 32 percent more attacks than in the first half of 2021.
Retail and travel attacks increased 63 percent in Q3, and gaming saw a spate of fake new accounts being set up for fraudulent purposes. Media and streaming businesses saw 60 percent of malicious activity targeting logins, and 20 percent of these attacks originating from human fraud farms.
Technology platforms see 91 percent of all attacks powered by bots. Overall, attacks are increasing in every industry, and they are growing more sophisticated.
https://www.helpnetsecurity.com/2021/11/22/threats-during-holidays/
More Ransomware Attacks Up to September Than Whole of 2020
Most UK business leaders expect cyber-threats to surge next year, with ransomware, business email compromise (BEC), cloud and supply chain attacks all predicted to increase, according to PwC.
The findings come from the consulting giant’s 2022 Global Digital Trust Insights Survey and were distilled from interviews with 257 business and technology executives in the UK.
Although most (63%) respondents said they expect security budgets to increase next year, even more (66%) predicted cyber-threats would rise. Ransomware (61%), BEC (61%), malware via software updates (63%), and cloud compromise (64%) were among the most notable.
Bobbie Ramsden-Knowles, crisis and resilience partner at PwC UK, claimed the firm’s threat intelligence team has tracked more ransomware incidents globally up to September this year than for the whole of 2020.
https://www.infosecurity-magazine.com/news/more-ransomware-attacks-september/
Ransomware Warning: Hackers See Holidays And Weekends As A Great Time To Attack
Just because you're taking a break, that doesn't mean hackers will be too.
Ahead of the holidays cyber agencies have released a warning to stay vigilant on holidays and weekends, because hackers don't plan on taking a holiday break.
Warnings remind organisations that ransomware attackers often choose to launch attacks on holidays and weekends, specifically when businesses are likely to be closed.
Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure.
Some of the worst ransomware attacks happened on holidays and weekends.
Suspect Arrested In 'Ransom Your Employer' Criminal Scheme
A Nigerian man has been arrested in connection to a scheme attempting to lure insiders to deploy ransomware on employer systems.
On November 22, security expert Brian Krebs reported that the man, Oluwaseun Medayedupin, was arrested by Nigerian authorities on Friday.
The suspect is allegedly linked to a 'ransom your employer' scheme investigated by Abnormal Security in August.
Customers of the cybersecurity firm were sent emails with the subject "Partnership affiliate offer," requesting that the recipient considered becoming an accomplice in a cyberattack.
The emails offered a 40% cut of an anticipated $2.5 million ransomware payment in Bitcoin (BTC), made after the recipients installed the DemonWare ransomware on their employer's systems.
https://www.zdnet.com/article/suspect-arrested-in-ransom-your-employer-criminal-scheme/
The Newer Cyber Crime Triad: Trickbot-Emotet-Conti
Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang.
Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action.
This operation was the result of a joint effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust.
The law enforcement agency was able to take over at least 700 servers used as part of the Emotet botnet’s infrastructure. The FBI collected millions of email addresses used by Emotet operators in their malware campaigns as part of the cleanup operation.
The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. The infamous banking trojan was also used to deliver other malicious code, such as Trickbot and QBot trojans, or ransomware such as Conti, ProLock, Ryuk, and Egregor.
https://securityaffairs.co/wordpress/124807/cyber-crime/trickbot-emotet-conti-triad.html
Threat Actors Find And Compromise Exposed Services In 24 Hours
Researchers set up 320 honeypots to see how quickly threat actors would target exposed cloud services and report that 80% of them were compromised in under 24 hours.
Malicious actors are constantly scanning the Internet for exposed services that could be exploited to access internal networks or perform other malicious activity.
To track what software and services are targeted by threat actors, researchers create publicly accessible honeypots. Honeypots are servers configured to appear as if they are running various software as lures to monitor threat actors' tactics.
Does Your Company Employ A CISO? Many Are Operating Without Security Leadership
45% of companies do not employ a Chief Information Security Officer (CISO), a Navisite research found. Of this group, 58% think their company should hire a CISO.
Only 40% of respondents stated their cybersecurity strategy was developed by a CISO or member of the security team, with 60% relying on other parts of their organization, including IT, executive leadership and compliance.
130 security, IT and compliance professionals were polled in the US to determine their perceptions on the state of cybersecurity leadership and readiness within their organizations. More than 80% of respondents described their job title as either executive leadership or management, with more than 60% of respondents coming from mid-sized organizations between 100-5,000 employees.
Why you should employ a CISO?
· 21% of respondents admit their company does not have a dedicated person or staff whose sole responsibility is security/cybersecurity.
· 75% of respondents said their company experienced an increase in overall cybersecurity threat volume in the last year.
· 80% of respondents felt their company exhibited strong cybersecurity leadership during the COVID-19 pandemic.
· 70% of respondents expressed confidence in the effectiveness of their cybersecurity program—but that confidence dropped to 58% for companies without a CISO.
· 47% of survey takers believe their company spends too little on cybersecurity.
https://www.helpnetsecurity.com/2021/11/23/employ-ciso/
New Malware Is Capable Of Evading Almost All Antivirus Products
There’s a new JavaScript downloader on the prowl that not only distributes eight different Remote Access Trojans (RATs), keyloggers and information stealers, but is also able to bypass detection by a majority of security tools, experts have warned.
Cyber security researchers at HP Wolf Security named the malware RATDispenser, noting that while JavaScript downloaders typically have a lower detection rate than other downloaders, this particular malware is more dangerous since it employs several techniques to evade detection.
“It’s particularly concerning to see RATDispenser only being detected by about 11% of antivirus systems, resulting in this stealthy malware successfully deploying on victims’ endpoints in most cases,” noted Patrick Schlapfer, Malware Analyst at HP.
https://www.techradar.com/news/new-malware-is-capable-of-evading-almost-all-antivirus-products
Interpol Arrests Over 1,000 Suspects Linked To Cyber Crime
Interpol has coordinated the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling.
This crackdown results from a four-month action codenamed ‘Operation HAEICHI-II,’ which took place in twenty countries between June and September 2021.
These were Angola, Brunei, Cambodia, Colombia, China, India, Indonesia, Ireland, Japan, Korea (Rep. of), Laos, Malaysia, Maldives, Philippines, Romania, Singapore, Slovenia, Spain, Thailand, and Vietnam.
On the financial aspect of the operation, the authorities have also intercepted nearly $27,000,000 and froze 2,350 banking accounts linked to various online crimes.
As the Interpol announcement details, at least ten new criminal modus operandi were identified in HAEICHI-II, indicative of the evolving nature of cyber-crime.
Researchers Warn Of Severe Risks From ‘Printjack’ Printer Attacks
A team of Italian researchers has compiled a set of three attacks called 'Printjack,' warning users of the significant consequences of over-trusting their printer.
The attacks include recruiting the printers in DDoS swarms, imposing a paper DoS state, and performing privacy breaches.
As the researchers point out, modern printers are still vulnerable to elementary flaws and lag behind other IoT and electronic devices that are starting to conform with cybersecurity and data privacy requirements.
By evaluating the attack potential and the risk levels, the researchers found non-compliance with GDPR requirements and the ISO/IEC 27005:2018 (framework for managing cyber-risks).
This lack of in-built security is particularly problematic when considering how omnipresent printers are, being deployed in critical environments, companies, and organizations of all sizes.
Threats
Ransomware
Defense Contractors Are Highly Susceptible To Ransomware Attacks - Help Net Security
Holidays Don't Mean Much To Ransomware Attackers - Help Net Security
BEC – Business Email Compromise
Phishing
Malware
Crooks Compromise Microsoft Exchange Servers To Hijack Internal Email Chains - Security Affairs
Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware (thehackernews.com)
Malicious Python Packages Employ Advanced Detection Evasion Techniques - Help Net Security
Stealthy New JavaScript Malware Infects Windows PCs with RATs (bleepingcomputer.com)
New Golang-based Linux Malware Targeting eCommerce Websites (thehackernews.com)
Mobile
Spyware Alert! 23 Apps Found Spying On Android Users Via Mobile Camera | techgig
MediaTek Chip Flaw Could Have Let Attackers Spy on Android Phones (darkreading.com)
Over 9 Million Android Phones Running Malware Apps from Huawei's AppGallery (thehackernews.com)
IOT
Hikvision Security Cameras Potentially Exposed to Remote Code Execution (sans.edu)
Some Tesla Owners Unable To Unlock Cars Due To Server Errors (Bleepingcomputer.Com)
Vulnerabilities
All Versions of Windows Are Vulnerable to a New Zero-Day Exploit (pcmag.com)
Attackers Hijack Email Using Proxy Logon/Proxyshell Flaws | Threatpost
Expert Discloses Details Of Flaws In Oracle VirtualBox - Security Affairs
VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client (thehackernews.com)
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
Fraud & Financial Crime
Insurance
Nation State Actors
NCSC Warns Industry, Academia Of Foreign Threats To Their Intellectual Property | CSO Online
North Korean Hackers Found Behind a Range of Credential Theft Campaigns (thehackernews.com)
US Bans Chinese Firms For Feeding Tech To The Military • The Register
Cloud
Passwords
Parental Controls
Sector Specific
Financial Services Sector
SMBs – Small and Medium Businesses
Defence
Health/Medical/Pharma Sector
Devious ‘Tardigrade’ Malware Hits Biomanufacturing Facilities | WIRED
Preventing a Cyber Pandemic in Healthcare | SecurityWeek.Com
Healthcare Organisations At Risk: The Attack Surface Is Expanding - Help Net Security
ENISA - The Need For Incident Response Capabilities In The Health Sector - Security Affairs
Philips Working on Patches for Vulnerabilities Found in Medical Products | SecurityWeek.Com
Transport and Aviation
Maritime
Reports Published in the Last Week
Other News
As Digital Shopping Surges, Researchers Predict 8 Million Daily Attacks - Help Net Security
Rising Cyber Crime Demands Laws And Users Keep Up | The Seattle Times
IKEA Email Systems Hit By Ongoing Cyber Attack (Bleepingcomputer.Com)
UK and German Police Take Down 21 Jihadist Websites - Infosecurity Magazine
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 November 2021
Black Arrow Cyber Threat Briefing 19 November 2021
-Insurers Run From Ransomware Cover As Losses Mount
-The Ransomware Threat Is Getting Worse. But Businesses Still Aren't Taking It Seriously
-Ransomware Is Now A Giant Black Hole That Is Sucking In All Other Forms Of Cyber Crime
-52% Of SMBs Have Experienced A Cyber Attack In The Last Year
-Ransomware Phishing Emails Sneak Through SEGs
-Reality Check: Your Security Hygiene Is Worse Than You Think It Is
-The Covid-19 Crisis Has Fueled The Increase Of Cyber Crime In All Its Forms
-Ransomware Attacks Are Getting More Complex And Even Harder To Prevent
-Most Ransomware Attacks Rely On Exploiting Older, Unpatched Vulnerabilities
-Out-Of-Hours Ransomware Attacks Have A Greater Impact On Revenue
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Insurers Run From Ransomware Cover As Losses Mount
Insurers have halved the amount of cyber cover they provide to customers after the pandemic and home-working drove a surge in ransomware attacks that left them smarting from hefty payouts.
Faced with increased demand, major European and US insurers and syndicates operating in the Lloyd's of London market have been able to charge higher premium rates to cover ransoms, the repair of hacked networks, business interruption losses and even PR fees to mend reputational damage.
But the increase in ransomware attacks and the growing sophistication of attackers have made insurers wary. Insurers say some attackers may even check whether potential victims have policies that would make them more likely to pay out.
"Insurers are changing their appetites, limits, coverage and pricing," Caspar Stops, head of cyber at insurance firm Optio, said. "Limits have halved – where people were offering 10 million pounds ($13.50 million), nearly everyone has reduced to five."
Lloyd's of London, which has around a fifth of the global cyber market, has discouraged its 100-odd syndicate members from taking on cyber business next year, industry sources say on condition of anonymity. Lloyd's declined to comment.
https://www.reuters.com/markets/europe/insurers-run-ransomware-cover-losses-mount-2021-11-19/
The Ransomware Threat Is Getting Worse. But Businesses Still Aren't Taking It Seriously
Ransomware is the most significant cybersecurity threat facing the country today, but many businesses still aren't taking the threat as seriously as they should be, the National Cyber Security Centre (NCSC) has warned.
In its newly published annual review, the NCSC – the cybersecurity arm of intelligence agency GCHQ – details the incidents and threats the UK has faced during the past 12 months, including cyberattacks against the health service and vaccine developers during the coronavirus pandemic, state-sponsored cyber-espionage campaigns, phishing scams and more.
But, because of the likely impact a successful attack could have on essential services or critical national infrastructure, it's ransomware that is viewed as the most dangerous cyber threat – and one that more leadership teams need to think about.
Ransomware Is Now A Giant Black Hole That Is Sucking In All Other Forms Of Cyber Crime
File-encrypting malware is where the money is -- and that's changing the whole online crime ecosystem.
Ransomware is so lucrative for the gangs involved that other parts of the cybercrime ecosystem are being repurposed into a system for delivering potential victims.
"The gravitational force of ransomware's black hole is pulling in other cyberthreats to form one massive, interconnected ransomware delivery system -- with significant implications for IT security," said security company Sophos in a report.
Ransomware is considered by many experts to be most pressing security risk facing businesses -- and its extremely lucrative for the gangs involved, with ransom payouts increasing significantly.
52% Of SMBs Have Experienced A Cyber Attack In The Last Year
The consequences of a breach have never been more severe, with global cybercrime collectively totalling $16.4 billion each day, a Devolutions survey reveals.
A recent study by IBM revealed that organizations with fewer than 500 employees had an average data breach cost of $2.98 million per incident in 2021. As has been reported, approximately 60% of SMBs go out of business within six months of getting hacked.
Smaller companies are not exempt from cyberattacks; in fact, it’s quite the opposite. Yet many of the tools and resources that larger companies have at their disposal to protect them from cyber attacks are not befitting for smaller companies. There is a gap in the market.
https://www.helpnetsecurity.com/2021/11/19/smbs-cyberattack/
Ransomware Phishing Emails Sneak Through SEGs
Secure email gateway (SEG) protections aren’t necessarily enough to stop phishing emails from delivering ransomware to employees, especially if the cybercrooks are using legitimate cloud services to host malicious pages.
Researchers are raising the alarm over a phishing email kicking off a Halloween-themed MICROP ransomware offensive, which they observed making its way to a target’s inbox despite its being secured by an SEG.
https://threatpost.com/ransomware-phishing-emails-segs/176470/
Reality Check: Your Security Hygiene Is Worse Than You Think It Is
Sevco Security published a report which explores the gap between perceptions and realities of security hygiene and asset management. Leveraging findings from ESG’s “Security Hygiene and Posture Management Survey,” Sevco’s report addresses five unfounded perceptions that many security teams assume to be true and the realities that unveil alarming security risks.
The report reveals that the perception of good security hygiene often leads to gaps in asset inventory that leave organizations open to security incidents. One such gap is the assumption that organizations have an accurate understanding of asset inventory. The reality is that on average, organizations discover 20-30% previously unknown devices once various inventory sources have been analysed and reconciled.
https://www.helpnetsecurity.com/2021/11/18/perception-good-security-hygiene/
The Covid-19 Crisis Has Fueled The Increase Of Cyber Crime In All Its Forms
The accelerated digitalization related to the COVID-19 pandemic has significantly influenced the development of a number of cyber threats, according to the new edition of Europol’s Internet Organised Crime Threat Assessment.
Criminals have been quick to abuse the current circumstances to increase profits, spreading their tentacles to various areas and exposing vulnerabilities, connected to systems, hospitals or individuals.
While ransomware groups have taken advantage of widespread teleworking, scammers have abused COVID-19 fears and the fruitless search for cures online to defraud victims or gain access to their bank accounts. The increase of online shopping in general has attracted more fraudsters. With children spending a lot more time online, especially during lockdowns, grooming and dissemination of self-produced explicit material have increased significantly.
https://www.helpnetsecurity.com/2021/11/18/covid-19-cybercrime/
Ransomware Attacks Are Getting More Complex And Even Harder To Prevent
Ransomware attackers are probing known common vulnerabilities and exposures (CVEs) for weaknesses and quickly capitalizing on them, launching attacks faster than vendor teams can patch them. Unfortunately, ransomware attackers are also making attacks more complex, costly, and challenging to identify and stop, acting on potential targets’ weaknesses faster than enterprises can react.
Two recent research studies — Ivanti’s latest ransomware report, conducted with Cyber Security Works and Cyware, and a second study by Forrester Consulting on behalf of Cyware — show there’s a widening gap between how quickly enterprises can identify a ransomware threat versus the quickness of a cyberattack. Both studies provide a stark assessment of how far behind enterprises are on identifying and stopping ransomware attacks.
Most Ransomware Attacks Rely On Exploiting Older, Unpatched Vulnerabilities
Ransomware attackers exploited a dozen new vulnerabilities in campaigns in Q3 2021, bringing the total number of vulnerabilities associated with ransomware to 278, claims a new report.
Compiled by cybersecurity vendor Ivanti, the report reveals that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021.
It tracked a 4.5% increase in CVEs associated with ransomware in Q3 2021, along with a similar increase in actively exploited and trending vulnerabilities, along with a 3.4% increase in ransomware families, as compared to Q2 2021.
Out-Of-Hours Ransomware Attacks Have A Greater Impact On Revenue
Ransomware attacks at weekends and holidays are throwing victims into disarray, according to a study released by security company Cybereason.
The report, “Organizations at Risk: Ransomware Attackers Don’t Take Holidays,” surveyed security professionals whose organizations suffered a ransomware attack during a holiday or weekend in the last 12 months. It found 86% of them reported missing holiday or weekend activities with friends and family when responding to these attacks.
Of those surveyed, 60% take longer to assess the scope of an attack that happened over the weekend or on a holiday. Half said out-of-hours attacks led to a slower response overall.
One problem was assembling the right team, with just over a third reporting difficulties in getting the necessary people together. When those people do clock in unexpectedly, they might not be fully fit for duty. In fact, 70% were intoxicated when called in to address the attack, the report added.
Threats
Ransomware
UK Fighting Hacking Epidemic As Russian Ransomware Attacks Increase | Cybercrime | The Guardian
Ransomware Gangs Are Now Rich Enough To Buy Zero-Day Flaws, Say Researchers | ZDNet
Russian Ransomware Gangs Start Collaborating With Chinese Hackers (Bleepingcomputer.Com)
Exchange Exploit Leads to Domain Wide Ransomware (thedfirreport.com)
New Memento Ransomware Switches To Winrar After Failing At Encryption (Bleepingcomputer.Com)
ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyber Attacks - Truesec
Fake Ransomware Warnings Hit Wordpress Sites: How To Stay Safe - Malwarebytes Labs
MosesStaff Locks Up Targets, with No Ransom Demand, No Decryption | Threatpost
BEC - Business Email Compromise
Phishing
Malware
Emotet Malware Is Back And Rebuilding Its Botnet Via TrickBot (Bleepingcomputer.Com)
New Mac Malware Raises More Questions About Apple's Security Patching - Malwarebytes Labs
Mobile
New Banking Trojan SharkBot Makes Waves Across Europe, US | ZDNet
Android Malware BrazKing Returns As A Stealthier Banking Trojan (Bleepingcomputer.Com)
Android Malware That Spies On Your Phone Identified With 23 Apps. (livemint.com)
Vulnerabilities
Intel Vulnerabilities: Bios Bugs Put Cars, Laptops, Devices at Risk to Hackers - MSSP Alert
Microsoft Informs Users of High-Severity Vulnerability in Azure AD | SecurityWeek.Com
New Secret-Spilling Hole In Intel CPUs Sends Company Patching (Again) | Ars Technica
Netgear Fixes Code Execution Flaw In Many SOHO Devices - Security Affairs
Six Million Sky Routers Exposed To Takeover Attacks For 17 Months (Bleepingcomputer.Com)
WordPress Template Plugin Vulnerability Hits +1 Million Sites (searchenginejournal.com)
10,000+ Websites And Apps Are Vulnerable To Magecart - Help Net Security
Linux Has A Serious Security Problem That Once Again Enables DNS Cache Poisoning | Ars Technica
Data Breaches/Leaks
Organised Crime & Criminal Actors
Russian Cyber Crime Forums Throw Doors Open to Chinese-Speakers - Infosecurity Magazine
A Canadian Teen Was Arrested in a $36.5M SIM-Swap Heist | WIRED
Cryptocurrency/Cryptojacking
Cyber Criminals Increasingly Employ Crypto-Mixers to Launder Stolen Profits (darkreading.com)
Chinese Communist Party Official Expelled For Mining Crypto • The Register
Supply Chain
New Type of Supply Chain Attack Could Put Popular Admin Tools at Risk (intezer.com)
Hackers Are Threatening The Global Supply Chain | OilPrice.com
DoS/DDoS
Nation State Actors
Cyber War’s Global Players—It’s Not Always Russia Or China | CSO Online
FBI Warns Of APT Group Exploiting FatPipe VPN Zero-Day Since May (Bleepingcomputer.com)
Iranian Targeting Of IT Sector On The Rise - Microsoft Security Blog
Iranians Charged in Cyber Attacks Against US 2020 Election | Threatpost
Microsoft Warns about 6 Iranian Hacking Groups Turning to Ransomware (thehackernews.com)
Cloud
Cyber Criminals Target Alibaba Cloud for Cryptomining, Malware | Threatpost
Cloud Compliance: Falling Out Of It Could Spell Doom - Help Net Security
Financial Services Sector
Health Sector
Reports Published in the Last Week
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 November 2021
Black Arrow Cyber Threat Briefing 12 November 2021:
-Covid Impact Heightens Risk Of Cyber Security Breaches
-81% of Organisations Experienced Increased Cyber-Threats During COVID-19
-Phishing Attacks Grow 31.5% Over 2020, Social Media Attacks Continue To Climb
-Threat from Organised Cybercrime Syndicates Is Rising
-Ransomware Gangs Are Using These 'Ruthless' Tactics As They Aim For Bigger Payouts
-Firms Will Struggle to Secure Extended Attack Surface in 2022
-Millions Of Home Wi-Fi Routers Threatened By Malware — What To Do
-Vulnerabilities Associated With Ransomware Increased 4.5% In Q3 2021
-80% Of Organisations Experienced Employees Misusing And Abusing Access To Business Apps
-Gen Z Is Behaving Recklessly Online - And Will Live To Regret It
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Covid Impact Heightens Risk Of Cyber Security Breaches
CYBER SECURITY breaches are the biggest staff-related risk as Covid-19 and recruitment difficulties continue to impact workplaces, according to a survey of Channel Island employers.
Seven out of ten senior HR professionals and business leaders saw a cyber security breach as the greatest staff-related risk for a regulated financial services business – way ahead of employees leaving (16%) and employees working from home (10%). Some 57% of employers said Covid-19 had changed their policies, procedures and systems ‘moderately’, with 29.5% reporting ‘significant’ changes, according to the research undertaken at a virtual employment conference organised by Walkers last month.
https://guernseypress.com/news/2021/11/12/covid-impact-heightens-risk-of-cyber-security-breaches/
81% of Organisations Experienced Increased Cyber Threats During COVID-19
More than four in five (81%) organisations experienced increased cyber-threats during the COVD-19 pandemic, according to a new study by McAfee and FireEye.
The global survey of 1451 IT and line of business decision-makers found that close to half (43%) have suffered from downtime due to a cyber concern. This resulted in costs of $100,000 for some organisations.
Despite the increased threat landscape and the fact that over half (57%) of organisations saw a rise in online/web activity, 24% of respondents revealed they have had their technology and security budgets reduced over this period.
https://www.infosecurity-magazine.com/news/81-orgs-cyber-threats-covid19/
Phishing Attacks Grow 31.5% Over 2020, Social Media Attacks Continue To Climb
Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020, according to a PhishLabs report. Notably, attacks in September 2021 were more than twice as high as the previous year.
https://www.helpnetsecurity.com/2021/11/11/phishing-attacks-grow-2020/
Threat from Organised Cyber Crime Syndicates Is Rising
Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.
From encrypting communications to fencing ill-gotten gains on underground sites, organised crime is cashing in on the digital revolution.
The latest organised crime threat assessment from Europol issues a dire warning about the corrosive effect the rising influence of criminal syndicates is having on both the economy and society of the European Union. And it’s all happening online.
https://threatpost.com/organised-cybercrime-syndicates-europol/176326/
Ransomware Gangs Are Using These 'Ruthless' Tactics As They Aim For Bigger Payouts
More sophisticated ransomware attacks are on the way as cyber criminals tailor campaigns to raise the chances of a ransom payment.
Ransomware attacks are becoming more sophisticated as cyber criminals continue to develop new techniques to make campaigns more effective and increase their chances of successfully demanding a ransom payment.
According to the European law enforcement agency Europol there was a 300% increase in the number of ransom payments between 2019 and 2020 alone – and that doesn't account for 2021 being another bumper year for cyber criminals launching ransomware attacks, as they've taken advantage of security vulnerabilities presented by the rise in remote working.
Europol's Internet Organised Crime Threat Assessment (IOCT) shows that while cybercrime, including malware and DDoS attacks, continues to evolve, it's ransomware attacks that have been a significant amount of disruption over the course of the past year.
Firms Will Struggle to Secure Extended Attack Surface in 2022
Companies are relying more heavily on third parties, remote employees, and partners, expanding their attack surface area beyond traditional boundaries.
In 2022, much of cybersecurity will boil down to managing the security of relationships, as companies adapt to the post-pandemic remote workforce and the increased use of third-party providers, a panel of analysts stated at the Forrester Research Security & Risk 2021 Conference.
Among five predictions for the coming year, the analysts argued that companies' attempts to manage remote employees would stray into intrusive territory, causing workers to push back and hampering security-focused monitoring, such as that for insider threats. Other predictions maintain that 60% of security incidents in the next year will come from issues with third parties, while the cybersecurity workforce will suffer from burnout and join what's been called the "Great Resignation," the recent trend of workers leaving the workforce.
https://www.darkreading.com/risk/firms-will-struggle-to-secure-extended-attack-surface-in-2022
Millions Of Home Wi-Fi Routers Threatened By Malware — What To Do
Netgear, Linksys, D-Link routers among those targeted
There's a nasty new piece of malware out there targeting Wi-Fi routers, and you'll want to make sure yours is fully updated so it doesn't get infected.
The AT&T researchers who discovered the malware are calling it BotenaGo, and it's apparently different from the Mirai botnet malware that's been attacking routers since 2016. BotenaGo packs in exploits for 33 different known vulnerabilities in 12 different router brands, including D-Link, Linksys, Netgear, Tenda, Totolink, Zyxel and ZTE. A full list is on the AT&T Cybersecurity blog post.
To avoid infection, ensure you update your router with the latest firmware.
https://www.tomsguide.com/uk/news/botenago-router-malware
Vulnerabilities Associated With Ransomware Increased 4.5% In Q3 2021
Ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021, a report by Ivanti, Cyber Security Works and Cyware reveals.
This last quarter saw a 4.5% increase in CVEs associated with ransomware, a 4.5% increase in actively exploited and trending vulnerabilities, a 3.4% increase in ransomware families, and a 1.2% increase in older vulnerabilities tied to ransomware compared to Q2 2021.
https://www.helpnetsecurity.com/2021/11/10/vulnerabilities-associated-with-ransomware/
80% Of Organisations Experienced Employees Misusing And Abusing Access To Business Apps
Organisations continue to operate with limited visibility into user activity and sessions associated with web applications, despite the ever-present risk of insider threats and credential theft, a CyberArk research reveals.
While the adoption of web applications has brought flexibility and increased productivity, organisations often lag in implementing the security controls necessary to mitigate risk of human error or malicious intent.
https://www.helpnetsecurity.com/2021/11/08/user-activity-visibility/
Gen Z Is Behaving Recklessly Online - And Will Live To Regret It
Handing out personal information could be a slippery slope
Members of Generation Z, the cohort of people born in the first decade of the 21st century, care about digital privacy, but their desire for online fame and popularity is greater, a new study from ExpressVPN suggests.
The VPN provider surveyed 1,500 young adults from the US to evaluate their online habits and attitudes towards social media, and identified a troubling pattern that could have dire consequences.
The survey found that Generation Z isn’t trusting of the social media platforms they frequent, expressing concern that platforms may be using their images for facial recognition (67%) and wariness about oversharing personal information (66%).
https://www.techradar.com/news/gen-z-is-behaving-recklessly-online-and-will-live-to-regret-it
Threats
Ransomware
Average Ransomware Payment For US Victims More Than $6 Million, Survey Says | ZDNet
Ransomware Disrupted Store Operations In The Netherlands And Germany - Security Affairs
Toronto’s Transit Agency Cyber Attack Exposes 25,000 Employees’ Data | Techcrunch
Comic Book Distributor Struggling With Shipments After Ransomware Attack | ZDNet
Ransomware Attack Hits UK Fertility Clinic - Infosecurity Magazine (infosecurity-magazine.com)
Spanish Brewery “Paralyzed” by Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)
TrickBot Teams Up With Shatak Phishers For Conti Ransomware Attacks (Bleepingcomputer.Com)
BEC
Interpol Closes in on Global BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Tiny Font Size Fools Email Filters in BEC Phishing | Threatpost
Phishing
How Cyber Criminals Use Bait Attacks To Gather Info About Their Intended Victims - TechRepublic
Microsoft Warns Of Surge In HTML Smuggling Phishing Attacks (Bleepingcomputer.Com)
Shadow IT Makes People More Vulnerable to Phishing (sans.edu)
Gmail Accounts Are Used In 91% Of All Baiting Email Attacks (Bleepingcomputer.Com)
Other Social Engineering
Malware
QAKBOT Loader Returns With New Techniques and Tools (trendmicro.com)
Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux (thehackernews.com)
GravityRAT Returns Disguised As An End-To-End Encrypted Chat App - Security Affairs
Report: 57% Of All Ecommerce Cyber Attacks Are Bot-Driven | Venturebeat
New BazarBackdoor Attack Discovered - Infosecurity Magazine (infosecurity-magazine.com)
Mobile
IOT
BotenaGo Botnet Targets Millions Of IoT Devices With 33 Exploits (Bleepingcomputer.Com)
Why the NSA Wants To Protect You From Your Toothbrush (msnbc.com)
Vulnerabilities
Intel And AMD Address High Severity Vulnerabilities In Products And Drivers - Security Affairs
Samba Update Patches Plaintext Passwork Plundering Problem – Naked Security (Sophos.Com)
Palo Alto Networks Patches Zero-Day Affecting Firewalls Using GlobalProtect Portal VPN | ZDNet
Researchers Wait 12 Months To Report Vulnerability With 9.8 Out Of 10 Severity Rating | Ars Technica
Google Warns Hackers Used MacOS Zero-Day Flaw, Could Capture Keystrokes, Screengrabs | ZDNet
Data Breaches/Leaks
Robinhood Discloses Data Breach Impacting 7 Million Customers (Bleepingcomputer.Com)
This Top VPN Provider May Have Leaked Millions Of User Details | Techradar
Organised Crime & Criminal Actors
UK Recorded 1.8m Computer Misuse Crimes During 2019 • The Register
These Are The Top-Level Domains Threat Actors Like The Most (Bleepingcomputer.Com)
Aleksandr Zhukov, Self-Described 'King Of Fraud,' Is Sentenced To 10 Years - Cyberscoop
Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash | Threatpost
Humanizing Hackers: Entering The Minds Of Those Behind The Attacks - Help Net Security
Cryptocurrency/Cryptojacking
Insider Threats
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
State Hackers Breach Defence, Energy, Healthcare Orgs Worldwide (Bleepingcomputer.Com)
China’s next generation of hackers won’t be criminals. That’s a problem. | TechCrunch
Russian Cyber Crime Group Exploits SolarWinds Serv-U Vulnerability | SecurityWeek.Com
North Korean Hackers Target The South's Think Tanks Through Blog Posts | ZDNet
Iranian Threat Actors Attempt To Buy Stolen Data Of US Orgs, FBI Warns - Security Affairs
'Lyceum' Threat Group Broadens Focus to ISPs (darkreading.com)
Cloud
Privacy
Reports Published in the Last Week
Other News
Booking.com Was Reportedly Hacked By A Us Intel Agency But Never Told Customers | Ars Technica
Younger Generations Care Little About Cybersecurity - Help Net Security
The Rising Threat Stemming From Identity Sprawl | SecurityWeek.Com
Playstation 5 Hacked—Twice! - Malwarebytes Labs | Malwarebytes Labs
Hong Kong Cyber Attack Reveals That Apple Favours Latest OS Versions For Security Updates | Techspot
Unique Challenges to Cyber-Security in Healthcare and How to Address Them (thehackernews.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 October 2021
Black Arrow Cyber Threat Briefing 29 October 2021
-Protect Your Passwords, Warns Spy Chief, As Ransomware Cyber Attacks Double
-Graff Multinational Jeweller Hit by Conti Gang, Data of its Rich Clients Are At Risk
-Business Email Compromise (BEC) Costs UK Firms £140M Over Past Year
-Ransomware: It's A 'Golden Era' For Cyber Criminals - And It Could Get Worse Before It Gets Better
-Despite Increased Cyber Threats, Many Organisations Have No Defence Plans In Place
-Serious Warning Issued For Millions Of Apple iPhone Users
-Ransomware Attacks Are Evolving. Your Security Strategy Should, Too
-Solarwinds Hackers Are Targeting The Global It Supply Chain, Microsoft Says
-Defenders Worry Orgs Are More Vulnerable Than Last Year
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Protect Your Passwords, Warns Spy Chief, As Ransomware Cyber Attacks Double
Ransomware cyber attacks doubled in the past year, the chief of GCHQ has revealed - as he warned Britain must “pay attention” to attacks from China.
Sir Jeremy Fleming, director of the cyber spy agency, called for more action to "sort out" ransomware attacks across the UK, adding it was not "rocket science".
He said such attacks have doubled in the last year, with hackers using software to lock files on computers and stop victims from accessing their own data.
This essentially holds them hostage until the hackers receive payment and then give a decryption key to the victim, so they can regain access.
‘Criminals are making very good money from it’
Sir Jeremy said ransomware "just pays" and added that "criminals are making very good money from it and are often feeling that that's largely uncontested".
While cautious of “keeping up” with security challenges alongside European partners, he said the immediate priority was tackling “links between criminal and state actors” to defeat ransomware, which he said “is no mean feat in itself”. https://www.telegraph.co.uk/news/2021/10/25/ransomware-cyber-attacks-double-year-reveals-spy-chief/
Graff Multinational Jeweller Hit by Conti Gang. Data of its Rich Clients Are At Risk, Including Trump and Beckham, as the Gang Threaten to Release Private Details of World Leaders, Actors and Tycoons
The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff and asked the payment of a multi-million ransom to avoid leaking details of world leaders, actors and tycoons.
The customers of the company are the richest people on the globe, including Donald Trump, David Beckham, Tom Hanks, Samuel L Jackson, Alec Baldwin, and Sir Philip Green.
As proof of the hack, the group already published on its leak site files related to purchases made by David Beckham, Oprah, and Donald Trump.
The Conti gang has already leaked 69,000 confidential documents, leaked files include customer lists, invoices, receipts, and credit notes. https://securityaffairs.co/wordpress/123980/cyber-crime/conti-ransomware-graff-jeweller.html
Business Email Compromise (BEC) Costs UK Firms £140M Over Past Year
Reported business email compromise (BEC) incidents have hit 4600 cases over the past 12 months, costing individuals and businesses £138m in losses, according to new figures from the UK’s National Economic Crime Centre (NECC).
The government body is working with the National Crime Agency (NCA), City of London Police, banking group UK Finance and fraud prevention non-profit Cifas on a new campaign to raise awareness of the crime, also dubbed “mandate fraud” or “payment diversion fraud.”
It claimed that the average amount lost over those 4600 cases was £30,000, with criminals typically impersonating others and creating or amending invoices to trick victims into diverting money to accounts under their control. https://www.infosecurity-magazine.com/news/bec-costs-uk-firms-140m-past-year/
Ransomware: It's A 'Golden Era' For Cyber Criminals - And It Could Get Worse Before It Gets Better
Ransomware is the most significant cybersecurity threat facing organisations today as increasingly professional and sophisticated cyber criminals follow the money in order to maximise the profit from illicit campaigns.
ENISNA, the European Union Agency for Cybersecurity, has released the latest edition of the ENISA Threat Landscape (ETL) report, which analyses cyber-criminal activity between April 2020 and July 2021. It warns of a surge in cyber criminality, much of it driven by the monetisation of ransomware attacks.
Although the paper warns that many different cybersecurity threats are on the rise, ransomware represents the 'prime threat' faced by organisations today, with a 150% rise in ransomware attacks during the reporting period. And there are fears that despite the problem of ransomware attracting the attention of world leaders, the problem will get worse before it gets better. https://www.zdnet.com/article/ransomware-its-a-golden-era-for-cyber-criminals-and-it-could-get-worse-before-it-gets-better/
Despite Increased Cyber Threats, Many Organisations Have No Defence Plans In Place
98% of US executives report that their organisations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-US executives, according to a Deloitte survey.
Further, COVID-19 pandemic disruption led to increased cyber threats to US executives’ organisations (86%) at a considerably higher rate than non-US executives experienced (63%). Yet, 14% of US executives say their organisations have no cyber threat defence plans, a rate more than double that of non-US executives (6%).
The biggest fallout US execs report from cyber incidents or breaches at their organisations during the past year include operational disruption (28%), share price drop (24%), leadership change (23%), intellectual property theft (22%) and loss of customer trust (22%).
Increases in data management, perimeter and complexities (38%), inability to match rapid technology changes (35%) and a need for better prioritization of cyber risk across the enterprise (31%) all pose obstacles to US executives’ organisation-wide cybersecurity management programs.
“No CISO or CSO ever wants to tell organisational stakeholders that efforts to manage cyber risk aren’t keeping-up with the speed of digital transformations made, or bad actors’ improving tactics”. https://www.helpnetsecurity.com/2021/10/28/threat-defence-plans/
Serious Warning Issued For Millions Of Apple iPhone Users
While iPhone 13 sales continue to soar, iPhones owners have faced growing security threats, multiple App Store scams, potential privacy violations and zero day hacks. Now a shocking account of extreme iPhone hacking has been revealed.
In a remarkable report, New York Times senior reporter Ben Hubbard has revealed how his iPhone was hacked multiple times over a period of several years, and without any human interaction or knowledge the attacks were taking place. And the experience results in a stark warning: “the spyware used against me makes us all vulnerable”.
“It’s like being robbed by a ghost,” explains Hubbard, recounting the experience. “I didn’t even have to click on a link for my phone to be infected.” https://www.forbes.com/sites/gordonkelly/2021/10/27/apple-iphone-warning-pegasus-hack-upgrade-ios-15-security/
Ransomware Attacks Are Evolving. Your Security Strategy Should, Too
Ransomware is an intensifying problem for all organisations, and it’s only going to get worse. What started as a floppy disk-based attack with a $189 ransom demands has grown from a minor inconvenience for organisations into a multi-billion dollar cyber crime industry.
The organisational threat of these types of attacks goes well beyond encryption of sensitive or mission-critical data – for many companies, the thought of a breach and data becoming publicly available on the internet makes a high ransom seem worth it. No wonder ransomware is on the rise: Organisations pay an average of $220,298 and suffer 23 days of downtime following an attack. https://threatpost.com/ransomware-attacks-evolving-security-strategy/175835/
Solarwinds Hackers Are Targeting The Global IT Supply Chain, Microsoft Says
The Russian-linked hacking group that’s been blamed for an attack on the US government and a significant number of private US companies last year is targeting key players in the global technology supply chain, according to cybersecurity experts at Microsoft.
Nobelium, as the hacking group is known, is infamous for the SolarWinds hack.
On Monday, Tom Burt, Microsoft corporate vice president of customer security and trust, said Nobelium has “been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain.”
“This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers” https://www.cnbc.com/2021/10/25/solarwinds-hackers-targeting-global-it-supply-chain-microsoft-says.html
Defenders Worry Orgs Are More Vulnerable Than Last Year
Enterprise security defenders find themselves in a rough spot: The number of threats against their organisations is growing and that they're vulnerable to attacks. Data from Dark Reading's 2021 Strategic Security Survey suggest that even though most IT and security leaders are confident about the security defences they have implemented, they also believe their organisations are more vulnerable to attacks compared with a year ago.
The reasons for this pessimism vary. For 67% of respondents, the biggest concern lies in the fact that there are more attacks this year than there were last year. However, 56% say the increased sophistication of the threats they are facing is why their organisations are more vulnerable to compromise. Other reasons include the surge in ransomware attacks and shortage of skilled security professionals to detect and respond to threats. https://www.darkreading.com/edge-threat-monitor/defenders-worry-orgs-are-more-vulnerable-than-last-year
Threats
Ransomware
These Companies Are Most at Risk for Ransomware Attacks | PCMag
As Fewer Victims Pay Ransoms, Conti Gang Looks To Sell Victim Data | Sc Media (Scmagazine.Com)
Europol Announces “Targeting” Of 12 Suspects In Ransomware Attacks – Naked Security (Sophos.Com)
Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide (thehackernews.com)
SEO Poisoning Used to Distribute Ransomware (darkreading.com)
FBI Warns Of Ranzy Locker Ransomware Threat, As Over 30 Companies Hit (Tripwire.Com)
Ransomware Has Disrupted Almost 1,000 Schools in the US This Year (vice.com)
Chaos Ransomware Targets Gamers Via Fake Minecraft Alt Lists (Bleepingcomputer.Com)
Phishing
Phishing as a Ransomware Precursor - MSP Insights - MSSP Alert
Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam | Threatpost
Other Social Engineering
Malware
Squid Game Malware Might Be The Scariest Thing You See This Halloween | Techradar
TA575 Criminal Group Using 'Squid Game' Lures For Dridex Malware | ZDNet
Snake Malware Biting Hard On 50 Apps For Only $25 (Bleepingcomputer.Com)
New WSlink Malware Loader Runs as a Server and Executes Modules in Memory (thehackernews.com)
Mobile
6 Ways Your Cell Phone Can Be Hacked—Are You Safe? (makeuseof.com)
Millions Of Android Users Targeted In Subscription Fraud Campaign (Bleepingcomputer.Com)
New AbstractEmu Malware Roots Android Devices, Evades Detection (Bleepingcomputer.Com)
IOT
Vulnerabilities
All Windows Versions Impacted By New LPE Zero-Day Vulnerability (Bleepingcomputer.Com)
Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs (thehackernews.com)
Adobe's Surprise Security Bulletin Dominated by Critical Patches | Threatpost
WordPress Plugin Bug Lets Subscribers Wipe Sites | Threatpost
Over 1 Million WordPress Sites Affected by OptinMonster Plugin Flaws - Security Affairs
Cisco SD-WAN Flaw Could Lead To Arbitrary Code Execution, Patch It Now! Security Affairs
Data Breaches/Leaks
Millions Of Healthcare Records Reportedly Exposed In Mega Data Breach | Techradar
Location Data Collection Firm Admits Privacy Breach - BBC News
HIV Scotland Reveals Patient-Advocates' Names In Email Fail • The Register
Organised Crime & Criminal Actors
Dark Web
Supply Chain
The SolarWinds Hackers Are Looking for Their Next Big Score | WIRED
North Korean Lazarus Attackers Turn to the IT Supply Chain | Threatpost
6 Eye-Opening Statistics About Software Supply Chain Security (darkreading.com)
Nation State Actors
Other News
All Sectors Are Now Prey as Cyber Threats Expand Targeting | Threatpost
Microsoft Warns Over Uptick In Password Spraying Attacks | ZDNet
Increased Risk Tolerances Are Making Digital Transformation Programs Vulnerable - Help Net Security
MITRE and CISA Publish The 2021 List of Most Common Hardware Weaknesses - Security Affairs
Enterprises Allocating More IT Dollars on Cybersecurity (darkreading.com)
Threat Actor Leaks Mercedes-Benz Platform’s Source Code | CyberNews
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.