Threat Intelligence Blog

Subscribe to our Weekly Cyber Threat Intelligence Briefing

Black Arrow Admin 03/07/2021 Black Arrow Admin 03/07/2021

Black Arrow Cyber Threat Briefing 02 July 2021

Black Arrow Cyber Threat Briefing 02 July 2021: Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit; 71% Of Orgs Experienced BEC Attacks Over The Past Year; Cyber Insurance Making Ransomware Crisis Worse; Breach Exposes 92% Of LinkedIn Users; Users Clueless About Cyber Security Risks; Paying Ransoms Make You A Bigger Target; Cyber Crime Never Sleeps; Classified MOD Docs Found At Bus Stop; Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Image by Clker-Free-Vector-Images from Pixabay

Top Cyber Stories of the Last Week

Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit

Hackers began a ransomware attack on Friday, hitting at least 200 companies, according to cyber security researchers.

In what appears to be one of the largest supply chain attacks to date, hackers compromised Kaseya, an IT management software supplier, in order to spread ransomware to the managed service providers that use its technology, as well as to their clients in turn.

The attacks have been attributed t=to REvil, the notorious Russia-linked ransomware cartel that the FBI claimed was behind recent crippling attack on beef supplier JBS.

The attack is the latest example of hackers weaponising the IT supply chain in order to attack victims at scale, by breaching just one provider. Last year, it emerged that Russian state-backed hackers had hijacked the SolarWinds IT software group in order to penetrate the email networks of US federal agencies and corporations, for example.

Late on Friday, Kaseya urged those using the compromised “VSA server” tool, which provides remote monitoring and patching capabilities, to shut it down immediately.

https://www.ft.com/content/a8e7c9a2-5819-424f-b087-c6f2e8f0c7a1

71% Of Organisations Experienced BEC Attacks Over The Past Year

Business email compromise (BEC) attacks are one of the most financially damaging cyber crimes and have been on the rise over the past year. This is according to a new report which revealed that spoofed email accounts or websites accounted for the highest number of BEC attack as 71% of organisations acknowledged they had seen one over the past year. This is followed by spear phishing (69%) and malware (24%). Data from 270 IT and cyber security professionals were collected to identify the latest enterprise adoption trends, gaps and solution preferences related to phishing attacks.

https://www.helpnetsecurity.com/2021/06/25/bec-attacks-past-year/

Cyber Insurance Isn't Helping With Cyber Security, And It Might Be Making The Ransomware Crisis Worse, Say Researchers

Cyber insurance is designed to protect organisations against the fallout of cyber attacks, including covering the financial costs of dealing with incidents. However, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it's the customer that makes any decision to pay the ransom, not the insurer.

https://www.zdnet.com/article/ransomware-has-become-anc`-existential-threat-that-means-cyber-insurance-is-about-to-change/

LinkedIn Breach Reportedly Exposes Data Of 92% Of Users, Including Inferred Salaries

A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up to date. No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. https://9to5mac.com/2021/06/29/linkedin-breach/

Users Clueless About Cyber Security Risks

Organisations are facing yet another unprecedented threat to their cyber security now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new survey shows the mountains of work ahead for security teams in not just locking down their organisations’ systems but also in keeping users from getting duped into handing over the keys to the kingdom. 2,000 end users were surveyed in the U.S. and found the dangers to critical infrastructure, utilities and food supplies are not sinking in with the public, despite the deluge of headlines.

https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/

Ransomware: Paying Up Won't Stop You From Getting Hit Again, Says Cyber Security Chief

Ireland's Health Service Executive (HSE) has been praised for its response after falling victim to a major ransomware attack and for not giving into cyber criminals and paying a ransom. HSE was hit with Conti ransomware in May, significantly impacting frontline health services. The attackers initially demanded a ransom of $20 million in bitcoin for the decryption key to restore the network. While the gang eventually handed over a decryption key without receiving a ransom, they still published stolen patient data – a common technique by ransomware attackers, designed to pressure victims into paying.

https://www.zdnet.com/article/ransomware-paying-up-wont-stop-you-from-getting-hit-again-says-cybersecurity-chief/

Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk

Phishing attacks, insider threats, denial of service disruptions, malware and ransomware — cyber security incidents like these happen on a daily basis. For most of these incidents, the onsite IT team will remediate based on a pre-developed plan and process. And for many of these incidents, that’s a solid approach. But those incident response plans and strategies are IT oriented and geared toward short-term fixes and single incident responses. Meaning, if an incident accelerates beyond a handful of infected laptops or a compromised server and begins to affect operations of all or even part of the organisation, business itself can be disrupted — or even shut down entirely.

https://securityintelligence.com/posts/incident-response-vs-cyber-crisis-management-plan/

Cyber Crime Never Sleeps

When the Colonial Pipeline fell victim to a ransomware attack, people across the United States were shocked to find that a single episode of cyber crime could lead to widespread delays, gas shortages and soaring prices at the pump. But disruptive ransomware attacks like these are far from rare; in fact, they are becoming more and more frequent. Cyber crime is on the rise, and our cyber security infrastructure desperately needs to keep up. A quick look at the data from the last year confirms that cyber crime is a growing threat. Identity theft doubled in 2020 over 2019.

https://www.newsweek.com/cybercrime-never-sleeps-opinion-1603901

IT, Healthcare And Manufacturing Facing Most Phishing Attacks

Researchers examined more than 905 million emails for the H1 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. Researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked.

https://www.zdnet.com/article/it-healthcare-and-manufacturing-facing-most-phishing-attacks-report/

Classified Ministry Of Defence Documents Found At Bus Stop

Classified Ministry of Defence documents containing details about HMS Defender and the British military have been found at a bus stop in Kent. One set of documents discusses the likely Russian reaction to the ship's passage through Ukrainian waters off the Crimea coast on Wednesday. Another details plans for a possible UK military presence in Afghanistan after the US-led NATO operation there ends. The government said an investigation had been launched.

https://www.bbc.co.uk/news/uk-57624942

Cabinet Office Increases Cyber Security Training Budget By Almost 500%

The UK’s Cabinet Office increased its cyber security training budget to £274,142.85 in the fiscal year 2021 – a 483% increase from the £47,018 spent in the previous year. In its FOI response, the Cabinet Office detailed the cyber security courses attended by its staff, revealing that the number of booked courses grew from 35 in 2019-20 to 428 in the current fiscal year.

https://www.itpro.co.uk/security/cyber-security/360039/cabinet-office-increases-cyber-spending-by-almost-500-amid-cctv

Threats

Ransomware

Phishing

Malware

Organised Crime & Criminal Actors

Cryptocurrency/Cryptojacking

OT, ICS, IIoT and SCADA

USB Threats Could Critically Impact Business Operations

Nation State Actors

Cloud

Privacy

Data Collected To Promote Public Health Must Never Be Surrendered To Police

Vulnerabilities

Other News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin 26/06/2021 Black Arrow Admin 26/06/2021

Black Arrow Cyber Threat Briefing 25 June 2021

Black Arrow Cyber Threat Briefing 25 June 2021: BEC Losses Top $1.8B As Tactics Evolve; 30M Dell Devices At Risk For Remote BIOS Attacks, Remote Code Exploits; Bad Employee Behaviours Picked Up During Remote Working Pose Serious Security Risks; Ways Technical Debt Increases Security Risk; Orgs Ill-Equipped To Deal With Growing BYOD Security Threats; Firewall Manufacturer Sees 226.3 Million Ransomware Attack Attempts This Year; Ransomware Criminals Look To Other Hackers To Provide Them With Network Access

Top Cyber Stories of the Last Week

BEC Losses Top $1.8B As Tactics Evolve

Business email compromise (BEC) attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organisations with these types of attacks last year alone — and things are getting worse. BEC attacks are carried out by cyber criminals either impersonating someone inside an organisation, or masquerading as a partner or vendor, bent on financial scamming. A new report from Cisco’s Talos Intelligence examined the tactics of some of the most dangerous BEC attacks observed in the wild in 2020 and reminded the security community that in addition to technology, smart users armed with a healthy scepticism of outside communications and the right questions to ask are the best line of defence. “The reality is, these types of emails and requests happen legitimately all over the world every day, which is what makes this such a challenge to stop,” the report said.

https://threatpost.com/bec-losses-top-18b/167148/

30M Dell Devices At Risk For Remote BIOS Attacks, Remote Code Execution

A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide. According to analysis the bugs affect 129 models of laptops, tablet, and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.

https://threatpost.com/dell-bios-attacks-rce/167195/

Bad Employee Behaviours Picked Up During Remote Working Pose Serious Security Risks in the New Hybrid Workplace

Most employers are wary that the post-pandemic hybrid workforce would bring bad cyber security behaviours. More than half (56%) of employers believed that employees had picked bad security practices while working remotely. Similarly, nearly two-fifths (39%) of employees also admitted that their employee behaviours differed significantly while working from home compared to the office. Additionally, nearly a third (36%) admitted discovering ‘workarounds’ since they started working remotely. Younger workers were more prone to these bad employee behaviours, with 51% of 16-24, 46% of 25-34, and 35% of 35-44-year-olds using ‘workarounds.’ Close to half (49%) of workers adopted the risky behaviour because they felt that they were not being watched by IT departments. Nearly a third (30%) said they felt that they could get away with the risky employee behaviours while working away from the office.

https://www.cpomagazine.com/cyber-security/bad-employee-behaviors-picked-up-during-remote-working-pose-serious-security-risks-in-the-new-hybrid-workplace/

7 Ways Technical Debt Increases Security Risk

Two in three CISOs believe that technical debt, the difference between what's needed in a project and what's finally deployed, to be a significant cause of security vulnerability, according to the 2021 Voice of the CISO report. Most technical debt is created by taking shortcuts while placing crucial aspects such as architecture, code quality, performance, usability, and, ultimately, security on hold. Many large organisations are carrying tens or hundreds of thousands of discovered but un-remediated risks in their vulnerability management systems,. In many sectors there's this insidious idea that underfunded security efforts, plus risk management, are almost as good as actually doing the security work required, which is dangerously wrong.

https://www.csoonline.com/article/3621754/7-ways-technical-debt-increases-security-risk.html

Organisations Ill-Equipped To Deal With Growing BYOD Security Threats

A report shows the rapid adoption of unmanaged personal devices connecting to work-related resources (aka BYOD) and why organisations are ill-equipped to deal with growing security threats such as malware and data theft. The study surveyed hundreds of cyber security professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced using personal mobile devices. The insights in this report are especially relevant as more enterprises are shifting to permanent remote work or hybrid work models, connecting more devices to corporate networks and, as a result, expanding the attack surface.

https://www.helpnetsecurity.com/2021/06/17/byod-security/

Firewall Manufacturer SonicWall Sees 226.3 Million Ransomware Attack Attempts This Year

Firewall manufacturer SonicWall said it saw dramatic increases in almost every market, even in those such as the US and UK, where ransomware attacks were already common. The US saw a 149% spike, and the UK 69%. “The bombardment of ransomware attacks is forcing organisations into a constant state of defence rather than an offensive stance,” said the SonicWall CEO. “And as the tidal wave of ransomware attacks continues to crush company after company, there is a lot of speculation on how to keep individual organisations safe, but no real consensus on how to move forward when it comes to combating ransomware.

https://www.computerweekly.com/news/252502854/SonicWall-sees-2263-million-ransomware-attack-attempts-this-year

Ransomware Criminals Look To Other Hackers To Provide Them With Network Access

According to a new report, cyber criminals distributing ransomware are increasingly turning to other hackers to buy access into corporate networks.

Researchers said a robust and lucrative criminal ecosystem exists where criminals work together to carry out ransomware attacks. In this ecosystem, ransomware operators buy access from independent cyber criminal groups who infiltrate major targets for part of the ransom proceeds.

Cyber criminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network said researchers.

https://www.itpro.co.uk/security/ransomware/359919/ransomware-criminals-look-to-other-hackers-to-provide-them-with-network

5 Biggest Healthcare Security Threats For 2021

Cyber Attacks targeting the healthcare sector have surged because of the COVID-19 pandemic and the resulting rush to enable remote delivery of healthcare services. Security vendors and researchers tracking the industry have reported a major increase in phishing attacks, ransomware, web application attacks, and other threats targeting healthcare providers. The trend has put enormous strain on healthcare security organisations that already had their hands full dealing with the usual volume of threats before the pandemic. “The healthcare industry is under siege from a range of complex security risks," says Terry Ray. Cyber Criminals are hunting for the sensitive and valuable data that healthcare has access to, both patient data and corporate data, he says. Many organisations are struggling to meet the challenge because they are under-resourced and rely on vulnerable systems, third-party applications, and APIs to deliver services.

https://www.csoonline.com/article/3262187/biggest-healthcare-security-threats.html