Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 01 December 2023

Black Arrow Cyber Threat Intelligence Briefing 01 December 2023:

-Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack

-Approach Cyber Security Awareness Training by Engaging People at All Levels

-Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks

-Ransomware Attacks Surge 81% in October as New Threat Actors Emerge

-Hacked Microsoft Word Documents Being Used to Trick Windows Users

-Mitigating Deepfake Threats in The Corporate World

-Black Basta Ransomware Made Over $100 Million From Extortion Alone

-Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation

-Booking.com Customers Scammed in Novel Social Engineering Campaign

-Stop Panic Buying Your Security Products and Start Prioritising

-A Fifth of UK SMBs Unable to Spot Scams

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Strategic Cyber Stories of the Last Week

Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack

An estimated 80 to 200 law firms across the UK were impacted by a cyber attack on a third party firm in their supply chain. The attack was on managed service supplier CTS, who provide services to hundreds of law firms across the UK, especially those with conveyancing departments, and many property sales were impacted nationwide as a result of the attack.

This is against a sharp increase in the number of law firms being singled out by cyber threat actors; only recently, magic circle firm Allen & Overy confirmed themselves as a victim of ransomware.

Sources: [SC Media] [Lawyer Monthly] [Scottish Legal News] [Law Gazette] [Dark Reading]

Approach Cyber Security Awareness Training by Engaging People at All Levels

In the cyber security landscape, human-related factors like social engineering, compromised credentials, and errors are the top causes of breaches. Increased investment in threat detection doesn't guarantee foolproof security. Organisations need a proactive strategy focusing on human risks, a security mindset in employees, and a security culture. According to IBM’s latest data security report, high levels of security training can significantly reduce the impact, cost, and frequency of data breaches.

However, most employee training programmes fail due to staff resistance and lack of management support. The key is convincing leadership of its value. To achieve a successful and impactful security awareness programme, it is important that security teams understand their audiences (leaders, managers, and employees), address their requirements, and effectively communicate the benefits of security training.

Source: [CPO Magazine]

Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks

A recent report found that despite 95% of Chief Information Security Officers (CISOs) receiving budgetary and other support from their organisation after a cyber attack, this largely fails to prevent future incidents, with over half admitting they have experienced multiple “major cyber security incidents” in the last five years.

The report revealed that after an attack 46% of CISOs were given a bigger tech budget, 42% revised their security strategy, 41% adopted new frameworks, and 38% created new roles. However, incidents come with hidden consequences such as revenue loss, rising insurance premiums and declining reputation. CISOs need to have support from the board and executives from the start so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.

Sources: [Business Wire] [Silicon UK]

Ransomware Attacks Surge 81% in October as New Threat Actors Emerge

The NCC Group revealed that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. Ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022. As artificial intelligence, phishing kits and ransomware-as-a-service has improved, so too has the number of threat actors; those who were previously stunted by their technical know-how are now able to gain access to sophisticated attacks.

Source: [Security Brief]

Hacked Microsoft Word Documents Being Used to Trick Windows Users

Active campaigns carried out by cyber criminals are again using macros within Word documents to deploy malware, in spite of Microsoft’s efforts to stop these types of attacks. Most of the time the actor delivers the Word document via phishing emails, with the aim of convincing the user to click and run the macro. Once run, the malware has then achieved its goal of establishing itself on the victims’ machine and executing its malicious payload.

Source: [TechRadar]

Mitigating Deepfake Threats in The Corporate World

Deepfakes are synthetic media that are created or manipulated with the desired outcome of convincing the recipient of their legitimacy; and it’s entering the corporate world. Deepfake technology has already been used to impersonate Presidents and financial experts, however there has been an uprise in the number of these attacks. This has left the corporate world questioning existing operational procedures such as callbacks and how they will need to adjust to encompass the changing landscape.

Some of the ways a corporation can mitigate this, is to promote awareness within the workplace, adjust operational procedures to reflect the current landscape, and utilise advanced detection tools.

Source: [MSSP Alert]

Black Basta Ransomware Made Over $100 Million From Extortion Alone

The cyber crime operator “Black Basta” has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022. In total, 329 victims worldwide were targeted and research has estimated that at least 35% paid a ransom, with multiple payments over $1 million. Black Basta uses double extortion techniques, where data is both ransomed and exfiltrated. This way, victims are forced to pay to get their data back and not have it published online; the latter itself can lead to regulatory fines.

Source: [Bleeping Computer]

Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation

In the evolving cyber security landscape, organisations are increasingly investing in detection and prevention measures. However, there's a growing trend of neglecting post-attack recovery. While advanced security tools and technologies are crucial, recent ransomware incidents have shown that recovery is equally vital. Organisations have faced substantial downtime and financial losses due to attacks. Cyber resilience, the ability to bounce back quickly after an attack, is crucial, especially with the rise of remote work.

Budgets often prioritise prevention, leaving organisations ill-prepared for recovery. In 2023, a significant number of companies paid ransoms to regain data. To achieve true cyber resilience, a rebalance in approach is essential, focusing on preparation, response, and recovery alongside detection and prevention, ensuring rapid recovery and safeguarding of valuable assets.

Source: [TechRadar]

Booking.com Customers Scammed in Novel Social Engineering Campaign

According to new research by SecureWorks, Booking.com customers are being targeted by a novel social engineering campaign that is “paying serious dividends” for cyber criminals. Researchers believe the campaign has gone on for at least a year and it begins by deploying the Vidar infostealer to gain access partner hotels’ Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2,000 in two cyber crime forums.

Source: [Infosecurity Magazine]

Stop Panic Buying Your Security Products and Start Prioritising

In the cyber security landscape, impulse buying can lead to costly mistakes. Breaches are now more expensive than ever, underscoring the need to assess cyber security investments. Fear-driven tactics and the quest for a "silver bullet" solution can push organisations, especially smaller ones, into impulsive investments. These decisions may introduce even more risk by failing to integrate with existing systems, or buying systems but failing to configure them properly or utilising them to the fullest extent, leading to a false sense of security. The consequences can be severe, with breaches now costing organisations millions. To navigate this landscape, organisations must assess the real value of cyber security investments. Calculating risk by evaluating likelihood and impact can guide us in making informed decisions. Instead of impulse buying, assign a monetary value to cyber risks for strategic budget decisions in these economic times, ensuring investments align with security and business goals.

Source: [Help Net Security]

A Fifth of UK SMBs Unable to Spot Scams

New data from UK Finance reveals that 17% of UK small and medium-sized businesses (SMBs) struggle to identify online fraud and scam indicators. This is particularly alarming given the rise in authorised push payment (APP) scams in the UK, where fraudsters impersonate trusted entities to deceive victims into transferring money to controlled accounts. In the first half of 2023 alone, criminals stole a reported £42.6 million through such scams, with total losses including consumer impacts reaching £239 million. SMBs are increasingly targeted due to typically fewer anti-fraud and other countermeasures and controls, compared to larger and better protected larger firms. It is important for SMBs to be vigilant and verify payment details directly with suppliers to help avoid these types of scams.

Source: [Infosecurity Magazine]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 28 October 2022

Black Arrow Cyber Threat Briefing 28 October 2022:

-‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million

-Ransomware Threat Shifts from US to EMEA and APAC

-Phishing Attacks Increase by Over 31% In Third Quarter

-UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis

-HR Departments Play a Key Role in Cyber Security

-The Long-Term Psychological Effects of Ransomware Attacks

-7 Hidden Social Media Cyber Risks for Enterprises

-54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds

-Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before it’s Too Late

-Enterprise Ransomware Preparedness Improving but Still Lacking

-Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data

-How The "pizza123" Password Could Take Down an Organisation

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • ‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million

The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.

The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.

The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.

The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.

John Edwards, UK Information Commissioner, said:

 “The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.

 “Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.

 “Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/10/biggest-cyber-risk-is-complacency-not-hackers/

  • Ransomware Threat Shifts from US to EMEA and APAC

The volume of ransomware detections in Q3 2022 was the lowest in two years, but certain geographical regions have become bigger targets as attacks on US organisations wane, according to SonicWall. The security vendor used its own threat detection network, including over one million security sensors in more than 200 countries, to reveal the current landscape.

The good news is that global malware volumes have remained flat for the past three quarters, amounting to a total of over four billion detections in the year to date. Of these, ransomware is also trending down after a record-breaking 2021. Even so, SonicWall detected 338 million compromise attempts in the first three quarters of the year.

Year-to-date ransomware attempts in 2022 have already exceeded the full-year totals from four of the past five years, the vendor claimed. While attacks on US organisations dipped by 51% year-on-year during the period, they increased significantly in the UK (20%), EMEA (38%) and APAC (56%).

The cyber-warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.

https://www.infosecurity-magazine.com/news/ransomware-threat-shifts-from-us/

  • Phishing Attacks Increase by Over 31% In Third Quarter

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.

Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.

According to the report, email is the preferred attack vector for phishing and malware, as it gives hackers a direct channel to users, the weakest link in an organisation’s attack surface. The report analyses phishing and malware data captured by Vade, which does business internationally.

As attacks become more sophisticated, Vade said, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.

While the activity of threat actors fluctuates, Vade’s research found that impersonating trusted and established brands remains the most popular strategy for hackers. In the third quarter of 2022, Facebook was the most impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft.

The financial services sector remains the most impersonated industry, representing 32% of phishing emails detected by Vade, followed by cloud at 25%, social media at 22%, and internet/telco at 13%.

As phishing attacks increase, the techniques used by threat actors continue to evolve. While phishing campaigns were traditionally large scale and random, more recent campaigns seen by Vade suggest that hackers have pivoted to using more targeted campaigns.

https://www.csoonline.com/article/3678311/phishing-attacks-increase-by-over-31-in-third-quarter-report.html#tk.rss_news

  • UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis

Brits have been warned to “stay alert for fraud” as more people are out to make extra cash as the cost of living rises across the country.

UK Finance said that more than half (56%) of people admitted that they are likely to look for opportunities to make extra money in the coming months, which could leave some people more susceptible to fraud.

According to the trade association’s Take Five To Stop Fraud campaign, one in six, or 16%, of people said the rising cost of living means they are more likely to respond to an unprompted approach from someone offering an investment opportunity or a loan.

Young people were more likely to be at risk, the data suggested, which surveyed 2,000 people across the UK. More than a third (34%) of 18 to 34-year-olds said they are more likely to respond to an unprompted approach from someone, with three in 10 (30%) also more likely to provide their personal or financial details to secure the arrangement.

Overall, three in five people (60%) said they are concerned about falling victim to financial fraud or a scam. It comes as recent figures from UK Finance showed that £609.8m was lost due to fraud and scams in the first half of this year.

https://uk.news.yahoo.com/uk-watch-for-fraud-extra-cash-cost-of-living-crisis-230154352.html

  • HR Departments Play a Key Role in Cyber Security

A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the centre of how an organisation is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.

Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cyber security posture.

Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from bring-your-own-device (BYOD) and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.

Beyond malicious threats, even routine HR processes can introduce risk to the organisation when they're not adequately aligned with the IT processes in an organisation. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.

To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organisation, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.

https://www.darkreading.com/vulnerabilities-threats/hr-departments-play-a-key-role-in-cybersecurity

  • The Long-Term Psychological Effects of Ransomware Attacks

Northwave has conducted scientific research into the psychological effects of a ransomware crisis on both organisations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn in disarray long after the crisis itself has passed.

The research reveals how the psychological impact of ransomware attacks can persist on people in affected organisations for a very long time. It shows that crisis team members may develop serious symptoms far later. Top management and HR need to take measures against this, in fact right from the very beginning of the crisis. They are the ones bearing responsibility for the well-being of their staff.

They also discovered how teams have fallen apart some time after the crisis, with members leaving or staying home on sick-leave. The study reveals that effects can linger throughout the organisation. All in all the investigation shows that this invisible impact of a cyber crisis is an issue for the general business management, and certainly also for HR.

Northwave regards the response to a cyber attack as occurring in three phases. First comes the actual crisis situation, which evolves into an incident phase after about a week. A plan of action is then in place, and recovery measures are launched. The fire has been largely extinguished after a month or so, with the first (basic) functionalities available again.

Full recovery can take one to two years. Each phase has its specific effects on the minds and bodies of those involved, and by extension, on the organisation or parts of it. “On average a company is down for three weeks following a malware attack,” notes Van der Beijl. “But it surprised us that the impact persists for so long afterwards. Psychological issues are still surfacing a year after the actual crisis.”

One of every seven employees involved in the attack, either directly or indirectly, exhibits severe enough symptoms several months later, at a level considered to be above the clinical threshold at which professional trauma treatment help is needed. One in five employees say they would actually have needed more professional help subsequently in coming to terms with the attack. One in three liked to have more knowledge and concrete tools to deal with the psychological effects of the attack.

A ransomware attack has enduring psychological effects on the way employees view the world. Two-thirds of employees, including those not actually involved in the attack, now believe the world is less safe. As one IT manager pointed out, “I’ve become far more suspicious. The outside world is a dangerous place.”

https://www.helpnetsecurity.com/2022/10/25/psychological-effects-ransomware/

  • 7 Hidden Social Media Cyber Risks for Enterprises

Whether they use it to amplify the brand, recruit new employees, advertise new products, or even sell directly to consumers, corporate brands love social media.

According to recent figures, brand advertising on social media is up by 53% in the last year, and that's not accounting for further investments that brands are making in developing and distributing content. They're pushing viral videos, funny memes, podcasts, written material, and more to increase engagement with their customers.

And brands are doing it across not only the old reliable social networks like Facebook and Twitter, but also emerging platforms like TikTok. In fact, according to another recent study, in 2022 marketers are expanding their horizons, with their increased content investments focused on areas like live streaming, long-form and short-form video content, virtual reality and augmented reality content, experimental content, and live audio chat rooms. The top platforms they're focused on most for increasing spending are now TikTok, Instagram, YouTube, and LinkedIn.

With the broadening of these social-media marketing strategies comes more risk. Whether an organisation uses social media to amplify its brand, or its executives and employees leverage social channels to bolster their professional and personal brands, these marketing platforms are a breeding ground for a wide range of cyber attacks and scams, including in the areas of artificial intelligence, deepfakes, and biometrics.

Cyber criminals, fraudsters, spies, and activists work around the clock to take advantage of emerging attack surfaces that arise from enterprise use of social media. The article below presents just a few avenues that organisations may overlook when they double-down on their social media investments.

https://www.darkreading.com/application-security/7-hidden-social-media-cyber-risks-enterprises

  • 54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds

Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cyber security technology provider, Encore.

An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.

Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in. The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.

The immediate financial cost of a cyber-attack remains the number one concern for businesses, but security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers.

41% of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.

Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Encore believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.

https://www.darkreading.com/careers-and-people/54-of-staff-would-reconsider-working-for-a-firm-that-had-experienced-a-cyber-breach-research-finds

  • Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before It’s Too Late

According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. Proofpoint's 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over it can take an extended period of time to restore data.

One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.

The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.

https://www.itsecurityguru.org/2022/10/28/evolve-as-fast-as-the-cybercriminals-protect-your-business-now-before-its-too-late/

  • Enterprise Ransomware Preparedness Improving but Still Lacking

The majority of organisations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, "The Long Road Ahead to Ransomware Preparedness" by Enterprise Strategy Group, a division of TechTarget.

Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.

The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organisations plan to invest more in ransomware preparedness over the next 12 to 18 months.

With preparedness investments expected to grow, the survey asked how organisations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:

  • network security (43%)

  • backup infrastructure security (40%)

  • endpoint security (39%)

  • email security (36%)

  • data encryption (36%)

Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.

https://www.techtarget.com/searchsecurity/feature/Enterprise-ransomware-preparedness-improving-but-still-lacking

  • Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data

New details have emerged on the severity of the Australian Medibank hack, which has now affected all users. Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the Australian household names that have fallen victim to a data breach.

If it seems like barely a week goes by without news of another incident like this, you would be right. Cyber crime is on the rise – seven major Australian businesses were affected by data breaches in the past month alone.

But why now? And who is responsible for this latest wave of cyber attacks?

In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.

Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem. This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.

Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand. Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.

Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.

https://theconversation.com/why-are-there-so-many-data-breaches-a-growing-industry-of-criminals-is-brokering-in-stolen-data-193015

  • How The "pizza123" Password Could Take Down an Organisation

Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers, who described the attack in their own article on FastCompany.com before the publication took the site down.

The breach, the bitter taste of pizza123, and the plight of malicious push notifications, demand caution when selecting and managing passwords.

The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.

After decades of investment in sculpting the organisation's brand image, a business can watch its reputation flounder in the face of an obscene push notification. The sentiment of millions of faithful customers can turn sour in an instant. By the time organisations block the messages and make public apologies, the harm is done.

Customers can swap to a competitor, or even sue for the offence when they have entrusted a publisher to provide safe content. Regulatory bodies can fine organisations. The company can spend time and money defending itself in court and restoring its image. But malicious push notifications can do a lot worse than offend customers—criminal hackers can load messages with malware and infect consumer devices, leading to privacy violations and consumer financial fraud.

People often build passwords using the first word that comes to mind and a brief series of numbers. Pizza123 is a perfect example of an easy-to-guess password. Employees will create passwords already appearing on breached password lists. Criminal hackers use brute force attacks to confirm working passwords from the same lists.

Nearly two-thirds of employees reuse their passwords. The more they reuse them across business and personal accounts, the more likely criminal hackers will breach them and test them on the organisation. Hackers know to try the same passwords on different companies they hack because of password reuse.

Robust password management enables fine-grained password policies and policy customisation. With a custom password policy, organisations can increase complexity requirements, like length and previous-password change minimums. A custom password policy with increased complexity requirements will block 95% of weak and breached passwords.

Password length is a particularly critical component of strong passwords. Ninety-three percent of the passwords used in brute force attacks include eight or more characters. A custom password policy can require a minimum password length, decreasing password entropy.

https://www.bleepingcomputer.com/news/security/how-the-pizza123-password-could-take-down-an-organization/


Threats

Ransomware and Extortion

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Insurance

Dark Web

Software Supply Chain

Denial of Service DoS/DDoS

Cloud/SaaS

Hybrid Working

Attack Surface Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Data Protection

Law Enforcement Action and Take Downs

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine







Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More