Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 12 August 2022
Black Arrow Cyber Threat Briefing 12 August 2022
-Three Ransomware Gangs Consecutively Attacked the Same Network
-As The Cost of Cyber Insurance Rises, The Number of Organisations Who Can’t Afford It Is Set to Double
-Identity Cyber Attacks, Microsoft 365 Dominate Cybersecurity Incidents, Expel Research Finds
-Exploit Activity Surges 150% in Q2 Thanks to Log4Shell
-Ransomware Is Not Going Anywhere: Attacks Are Up 24%
-Email Is the Single Biggest Threat to Businesses, And Here’s What You Can Do About It
-Realtek SDK Vulnerability Exposes Routers from Many Vendors to Remote Attacks
-Most Companies Are at An Entry-Level When It Comes to Cloud Security
-The Impact of Exploitable Misconfigurations on Network Security
-Industrial Spy Ransomware: New Threat Group Emerges to Exfiltrate Data, Extort Victims
-UK NHS Service Recovery May Take a Month After MSP Ransomware Attack
-A Single Flaw Broke Every Layer of Security in MacOS
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Three Ransomware Gangs Consecutively Attacked the Same Network
Hive, LockBit and BlackCat, three prominent ransomware gangs, consecutively attacked the same network, according to Sophos. The first two attacks took place within two hours, and the third attack took place two weeks later. Each ransomware gang left its own ransom demand, and some of the files were triple encrypted.
It’s bad enough to get one ransomware note, let alone three. Multiple attackers create a whole new level of complexity for recovery, particularly when network files are triple encrypted. Cyber security that includes prevention, detection and response is critical for organisations of any size and type—no business is immune.
The “Multiple Attackers: A Clear and Present Danger” whitepaper further outlines additional cases of overlapping cyber attacks, including cryptominers, remote access trojans (RATs) and bots. In the past, when multiple attackers have targeted the same system, the attacks usually occurred across many months or multiple years. The attacks described in Sophos’ whitepaper took place within days or weeks of each other—and, in one case, simultaneously—often with the different attackers accessing a target’s network through the same vulnerable entry point.
Typically, criminal groups compete for resources, making it more difficult for multiple attackers to operate simultaneously. Cryptominers normally kill their competitors on the same system, and today’s RATs often highlight bot killing as a feature on criminal forums. However, in the attack involving the three ransomware groups, for example, BlackCat—the last ransomware group on the system—not only deleted traces of its own activity, but also deleted the activity of LockBit and Hive.
In another case, a system was infected by LockBit ransomware. Then, about three months later, members of Karakurt Team, a group with reported ties to Conti, was able to leverage the backdoor LockBit created to steal data and hold it for ransom.
https://www.helpnetsecurity.com/2022/08/09/ransomware-gangs-attacks/
As The Cost of Cyber Insurance Rises, The Number of Organisations Who Can’t Afford It Is Set to Double
The number of organisations that will be either unable to afford cyber insurance, be declined cover, or experience significant coverage limitations is set to double in 2023, according to Huntsman Security.
Even for those insured, the perfect storm of ongoing attacks, tightening regulations and growing financial pressures is making it more likely that any attack on an organisation will leave it exposed.
Factors like the supply chain crisis, inflation and skill shortages are all adding to the difficulty for organisations trying to execute on their cyber security strategy. At the same time, increases in insurance premiums, limits on coverage, increasing underwriting rigour, and capacity constraints are all limiting the accessibility of cyber insurance, for many.
Loss ratios will not improve until premium incomes better match the current level of pay-outs. With this reduced insurance access alongside increasing cyber threats and tightening regulations, many organisations are losing cyber insurance as an important risk management tool. Even those who can still get insurance are paying a prohibitively high cost.
With a third of UK firms subject to cyber attacks at least once a week, cyber insurance as part of overall risk management is crucial. To bridge this accessibility gap insurers are seeking to improve the quality of risk information, so premiums better reflect the true cost of that risk. Unless organisations can demonstrate they have insurers’ specified controls in place to manage their security risks, insurers will continue to have difficulty quantifying that risk. It’s for these reasons that insurers have changed the basis upon which their products are offered to reflect the risk being underwritten more accurately.
In this environment, improving and demonstrating the effectiveness of security controls will now be essential: both for organisations looking to improve their cyber resilience and oversight while enhancing their eligibility for insurers, and for insurers who need to minimise their own exposure by ensuring the accuracy of their risk pricing process.
https://www.helpnetsecurity.com/2022/08/11/afford-cyber-insurance/
Identity Cyber Attacks, Microsoft 365 Dominate Cyber Security Incidents, Expel Research Finds
Identity-based cyber attacks (including credential theft, credential abuse and long-term access key theft) accounted for 56% of all incidents in Q2 of 2022, and Microsoft 365 remained the prime target for SaaS attacks, according to Expel’s Quarterly Threat Report.
Among the key findings:
Business email compromise (BEC) and business application compromise (BAC) access to application data represented 51% of all incidents.
Identity-based attacks in popular cloud environments like Amazon Web Services (AWS) accounted for 5%.
Ransomware groups change tactics, with threat groups and their affiliates all but abandoning the use of Visual Basic for Application (VBA) macros and Excel 4.0 macros to gain initial entry to Windows-based environments. In Q1, a macro-enabled Microsoft Word document (VBA macro) or Excel 4.0 macro was the initial attack vector in 55% of all pre-ransomware incidents. In Q2, that figure fell sharply to 9%. Instead, ransomware operators opted to use disk image (ISO), short-cut (LNK) and HTML application (HTA) files to gain initial entry.
Cloud attacks are becoming more sophisticated, with 14% of identity attacks against cloud identity providers tackling the multi-factor authentication (MFA) requirement by continuously sending push notifications.
Microsoft 365 is a common threat target, with BEC in Microsoft Office 365 (O365) remaining the top threat to organisations in Q2. 45% of all Q2 incidents were BEC attempts in O365. No BEC attempts were identified in Google Workspaces. 19% of BEC attempts bypassed MFA in O365 using legacy protocols, a 16% increase of compared to Q1.
Exploit Activity Surges 150% in Q2 Thanks to Log4Shell
Detections of malware events, botnet activity and exploits all increased significantly in the second quarter of 2022, according to new data from Nuspire.
The managed security services provider (MSSP) gathered the data from its endpoint detection and response (EDR) and managed detection and response (MDR) tools to produce its Q2 2022 Quarterly Threat Report.
The company recorded an increase in malware events of over 25%, a doubling of botnet detections and a rise in exploit activity of 150% versus the first quarter.
Botnet activity in particular surged towards the end of Q2, thanks to the Torpig Mebroot botnet – a banking trojan designed to scrape credit card and payment information from infected devices, the report revealed. Nuspire claimed it is particularly difficult to detect and remove, because it targets a machine’s master boot record.
It attributed much of the surge in exploit activity to the persistent threat posed by the Log4j bugs discovered at the end of December 2021. At the time, experts warned that the ubiquity of the utility, and the difficulty many organisations have in finding all instances of the CVE due to complex Java dependencies, means it may be exploited for years.
https://www.infosecurity-magazine.com/news/exploit-activity-150-q2-log4shell/
Ransomware Is Not Going Anywhere: Attacks Are Up 24%
Avast released a report revealing a significant increase in global ransomware attacks, up 24% from Q1/2022. Researchers also uncovered a new zero-day exploit in Chrome, as well as signals of how cyber criminals are preparing to move away from macros as an infection vector.
After months of decline, global ransomware attacks increased significantly in Q2/2022, up 24% from the previous quarter. The highest quarter-on-quarter increases in ransomware risk ratio occurred in Argentina (+56%), UK (+55%), Brazil (+50%), France (+42%), and India (+37%).
Businesses and consumers should be on guard and prepared for encounters with ransomware, as the threat is not going anywhere anytime soon.
The decline in ransomware attacks observed in Q4/2021 and Q1/2022 were thanks to law enforcement agencies busting ransomware group members, and caused by the war in Ukraine, which also led to disagreements within the Conti ransomware group, halting their operations. Things dramatically changed in Q2/2022. Conti members have now branched off to create new ransomware groups, like Black Basta and Karakurt, or may join other existing groups, like Hive, BlackCat, or Quantum, causing an uptick in activity.
https://www.helpnetsecurity.com/2022/08/12/increase-ransomware-attacks/
Email Is the Single Biggest Threat to Businesses, And Here’s What You Can Do About It
Email remains one of the most popular methods of communication, particularly for business communications. There were 316.9 billion emails sent and received every day in 2021, and this is set to increase to 376.4 billion by 2025. But despite the scale of its use and how much people exchange confidential information over email, it is not a secure system by design.
Consequently, email is a major attack vector for organisations of all sizes. Deloitte found that 91% of all cyber attacks originate from a phishing email (an email that attempts to steal money, identity or personal information through a spoof website link that looks legitimate). The cost to organisations can be catastrophic with the National Cyber Security Centre (NCSC) reporting in August 2021 that phishing email attacks had cost UK organisations more than £5 million in the past 13 months.
It’s not enough for individuals to create complex passwords or rely on the security services of their email provider. Spam filters are not enough to stop malicious emails creeping into inboxes. Fortunately, safeguarding your emails with enterprise-grade email security doesn’t have to cost the earth or be hard to integrate so businesses of any size can protect themselves.
Realtek SDK Vulnerability Exposes Routers from Many Vendors to Remote Attacks
A serious vulnerability affecting the embedded Configurable Operating System (eCos) software development kit (SDK) made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.
The security hole, tracked as CVE-2022-27255 and rated ‘high severity’, has been described as a stack-based buffer overflow that can allow a remote attacker to cause a crash or achieve arbitrary code execution on devices that use the SDK. An attack can be carried out through the wide area network (WAN) interface using specially crafted session initiation protocol (SIP) packets.
The Realtek eCos SDK is provided to companies that manufacture routers, access points and repeaters powered by RTL819x family SoCs. The SDK implements the base functionalities of the router, including the web administration interface and the networking stack. Vendors can build on top of this SDK to add custom functionality and their branding to the device.
Realtek informed customers about the eCos SDK vulnerability in March, when it announced the availability of a patch. However, it’s up to the original equipment manufacturer (OEM) using the SDK to ensure that the patch is distributed to end-user devices.
The vulnerability can be exploited remotely — directly from the internet — to hack affected routers running with default settings. No user interaction is required for successful exploitation.
https://www.securityweek.com/realtek-sdk-vulnerability-exposes-routers-many-vendors-remote-attacks
Most Companies Are at An Entry-Level When It Comes to Cloud Security
Ermetic released a study by Osterman Research that found 84% of respondents were at an entry-level (one or two rating, with four being the highest) in terms of their cloud security capabilities.
The study found that only 16% ranked on the Ermetic Cloud Security Model at the top two levels, and 80% of companies said they lack a dedicated security team responsible for protecting cloud resources from threats.
“One of the most unexpected findings that emerged from this study was the lack of cloud security maturity among the largest enterprises surveyed,” said the author of the report. “Less than 10% of companies with more than 10,000 employees reported being at the top two maturity levels, while nearly 20% of smaller enterprises have achieved repeatable or automated & integrated cloud security capabilities.”
The report shows why new cloud data breaches are being reported all the time. Multi-cloud deployments, plus low investment in security, does not make for a good combination.
The new frontiers of cyber security, such as cloud security or internet of things (IoT) security are often at early stages of maturity. Organisations that are mature in their IT and data centre security are already overwhelmed and stretched thin and that’s why automation and simplification will help organisations accelerate their maturity in areas like cloud security.
There’s a mistaken belief that cloud computing environments inherently have security built-in — they don’t.
The Impact of Exploitable Misconfigurations on Network Security
Network professionals feel confident with their security and compliance practices but data suggests that they also leave their organisations open to risk, which is costing a significant amount of revenue, according to Titania.
In addition, some businesses are not minimising their attack surface effectively. Companies are prioritising firewall security and chronicle a fast time to respond to misconfigurations when detected in annual audits. However, switches and routers are only included in 4% of audits and these devices play a vital role in reducing an organisation’s attack surface and preventing lateral movement across the network.
Respondents also indicated that financial resources allocated to mitigating network configuration, which currently stands around 3.4% of the total IT budget, and a lack of accurate automation are limiting factors in misconfiguration risk management.
The study, which surveyed 160 senior cyber security decision-makers revealed:
Misconfigurations cost organisations millions, up to 9% of their annual revenue but the true cost is likely to be higher.
Compliance is a top priority, with 75% of organisations across all sectors saying their business relies on compliance to deliver security. Whilst almost every organisation reported that it is meeting its security and compliance requirements, this is at odds with a number of the other findings from the survey and other reports that show a decline in organisations maintaining full compliance with regulated data security standards.
Remediation prioritisation is a challenge. 75% said their network security tools meant they could categorise and prioritise compliance risks ‘very effectively’. However, 70% report difficulties prioritising remediation based on risk and also claim inaccurate automation as the top challenges when meeting security and compliance requirements.
Routers and switches are mostly overlooked. 96% of organisations prioritise the configuration and auditing of firewalls, but not routers or switches. This leaves these devices exposed to potentially significant and unidentified risks.
https://www.helpnetsecurity.com/2022/08/12/impact-exploitable-misconfigurations-network-security/
Industrial Spy Ransomware: New Threat Group Emerges to Exfiltrate Data, Extort Victims
A new ransomware group dubbed Industrial Spy that first emerged in April 2022 is specialising in exfiltration and double extortion tactics and has the potential to do significant damage, Zscaler’s threat tracking team said.
The threat crew has shown that it possesses the capability to breach organisations and have been “actively adding unencrypted data from two or three victims every month,” Zscaler said. In some instances, the threat group appears to only exfiltrate and ransom data. In other cases, they encrypt, exfiltrate and ransom the data, the cloud security provider said.
At this point, it’s not clear who’s behind the threat entry or if it’s nation-state affiliated. The group started as a data extortion marketplace where criminals could buy large companies’ internal data, promoting the marketplace through Readme.txt files downloaded using malware downloaders.
In May, 2022, the threat group introduced their own ransomware to create double extortion attacks that combine data theft with file encryption.
What you need to know:
Industrial Spy started by ransoming stolen data and more recently has combined these attacks with ransomware.
The threat group exfiltrates and sells data on their dark web marketplace, but does not always encrypt a victim’s files.
The ransomware utilises a combination of RSA and 3DES to encrypt files.
Industrial Spy lacks many common features present in modern ransomware families.
The Industrial Spy ransomware family is relatively basic, and parts of the code appear to be in development.
UK NHS Service Recovery May Take a Month After MSP Ransomware Attack
Managed service provider (MSP) Advanced confirmed that a ransomware attack on its systems disrupted emergency services (111) from the United Kingdom's National Health Service (NHS). Customers of seven solutions from the British MSP have been impacted either directly or indirectly, the company said. The first has stated it could take a month to recover systems to full service.
The ransomware attack started to disrupt Advanced systems on Thursday, August 4 and was identified around 7 AM. It caused a major outage to NHS emergency services across the UK.
Advanced did not disclose the ransomware group behind the attack but said that it took immediate action to mitigate the risk and isolated Health and Care environments where the incident was detected. The company is working with forensic experts from Microsoft (DART) and Mandiant, who are also helping bring the affected systems back online securely and with added defences:
Implementing additional blocking rules and further restricting privileged accounts for Advanced staff
Scanning all impacted systems and ensuring they are fully patched
Resetting credentials
Deploying additional endpoint detection and response agents
Conducting 24/7 monitoring
After implementing the security measures above, Advanced said it would restore connectivity to its environments and assist customers to gradually reconnect safely and securely.
A Single Flaw Broke Every Layer of Security in MacOS
Every time you shut down your Mac, a pop-up appears: “Are you sure you want to shut down your computer now?” Nestled under the prompt is another option most of us likely overlook: the choice to reopen the apps and windows you have open now when your machine is turned back on. Researchers have now found a way to exploit a vulnerability in this “saved state” feature—and it can be used to break the key layers of Apple’s security protections.
The vulnerability, which is susceptible to a process injection attack to break macOS security, could allow an attacker to read every file on a Mac or take control of the webcam. It's basically one vulnerability that could be applied to three different locations.
https://www.wired.com/story/a-single-flaw-broke-every-layer-of-security-in-macos/
Threats
Ransomware
Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen (bleepingcomputer.com)
Ransomware, email compromise are top security threats, but deepfakes increase | CSO Online
Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics | Threatpost
Black Basta: New ransomware threat aiming for the big league | CSO Online
Could criminalizing ransomware payments put a stop to the current crime wave? - Help Net Security
7-Eleven Denmark confirms ransomware attack behind store closures (bleepingcomputer.com)
Update: Colosseum Dental Benelux pays ransom to threat actors (databreaches.net)
SolidBit Ransomware Group Recruiting New Affiliates on Dark Web - Infosecurity Magazine
Fears for patient data after ransomware attack on NHS software supplier | NHS | The Guardian
US reveals 'Target' pic of Conti man with $10m reward offer • The Register
Organisations would like the government to help with ransomware demand costs - Help Net Security
Hacker uses new RAT malware in Cuba Ransomware attacks (bleepingcomputer.com)
Maui ransomware linked to North Korean group Andariel • The Register
How to Stop Zeppelin Ransomware Attacks: CISA, FBI Mitigation Guidance - MSSP Alert
Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan (darkreading.com)
US govt will pay you $10 million for info on Conti ransomware members (bleepingcomputer.com)
Phishing & Email Based Attacks
Other Social Engineering; SMishing, Vishing, etc
Hackers Behind Twilio Breach Also Targeted Cloudflare Employees (thehackernews.com)
SMS phishing nabs Twilio employee credentials, allowed access customer data (scmagazine.com)
Malware
Emotet Tops List of July's Most Widely Used Malware - Infosecurity Magazine
Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass (bleepingcomputer.com)
Mobile
Google researchers dissect Android spyware, zero days (techtarget.com)
Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan (darkreading.com)
Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments (thehackernews.com)
Hackers install Dracarys Android malware using modified Signal app (bleepingcomputer.com)
Internet of Things – IoT
The Time Is Now for IoT Security Standards (darkreading.com)
Introducing the book: If It's Smart, It's Vulnerable - Help Net Security
Organised Crime & Criminal Actors
Cisco hacked by access broker with Lapsus$ ties (techtarget.com)
New dark web markets claim association with criminal cartels (bleepingcomputer.com)
Dark Utilities C2 service draws thousands of cyber criminals • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Email marketing firm hacked to steal crypto-focused mailing lists (bleepingcomputer.com)
Swan Bitcoin Discloses Data Leak Due to Phishing Attack on Newsletter Provider - Decrypt
Phishers Swim Around 2FA in Coinbase Account Heists | Threatpost
Crypto and the US government are headed for a decisive showdown | Ars Technica
Cameo’s CEO fell victim to the latest Bored Ape NFT heist - The Verge
Fraud, Scams & Financial Crime
“Hi Mum” Phishing Scam Swindles Unsuspecting Parents (informationsecuritybuzz.com)
How hackers are stealing credit cards from classifieds sites (bleepingcomputer.com)
AML/CFT/Sanctions
US Sanctions Crypto 'Laundering' Service Tornado | SecurityWeek.Com
Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs | Threatpost
Greece Flies Russian Money Launderer to US: Lawyer | SecurityWeek.Com
Insurance
BlackBerry Study: Most SMBs Have Less Than $600K in Ransomware Coverage - MSSP Alert
Number Of Firms Unable To Access Cyber-Insurance Set To Double (informationsecuritybuzz.com)
Australian court finds insurer not liable for ransomware clean-up costs - Security - iTnews
Cloud/SaaS
Implementing zero trust for a secure hybrid working enterprise - Help Net Security
How to Clear Security Obstacles and Achieve Cloud Nirvana (darkreading.com)
Why SAP systems need to be brought into the cyber security fold - Help Net Security
Open Source
Social Media
Facebook's Metaverse is Expanding the Attack Surface (trendmicro.com)
Meta's chatbot says the company 'exploits people' - BBC News
Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’ | Threatpost
Training, Education and Awareness
Privacy
Travel
Parental Controls and Child Safety
Predator Pleads Guilty After Targeting Thousands of Young Girls Online - Infosecurity Magazine
Online sexual blackmail of primary school children surges since lockdown (telegraph.co.uk)
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russia's digital attacks are haphazard, chaotic, says top Ukrainian cyber official - CyberScoop
Cyberspying Aimed at Industrial Enterprises in Russia and Ukraine Linked to China | SecurityWeek.Com
Killnet Releases 'Proof' of its Attack Against Lockheed Martin | SecurityWeek.Com
Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook (thehackernews.com)
Ex Twitter employee found guilty of spying for Saudi Arabia - Security Affairs
Ex-CIA security boss predicts coming crackdown on spyware • The Register
Nation State Actors
Nation State Actors – Russia
Russia Is Escalating Ukraine Hacking, Black Hat Research Says (gizmodo.com)
Russian invasion has destabilized cyber security norms • The Register
Russia-Ukraine Conflict Holds Cyberwar Lessons (darkreading.com)
Industroyer2: How Ukraine avoided another blackout attack (techtarget.com)
Nation State Actors – China
China-linked spies used six backdoors to steal defence info • The Register
Mandiant researchers uncover significant new disinformation campaign (securitybrief.co.nz)
Stats say Chinese researchers are not deterred by China's vulnerability law (scmagazine.com)
Chinese scammers target kids with promise of extra gaming • The Register
Chinese hackers backdoor chat app with new Linux, macOS malware (bleepingcomputer.com)
Nation State Actors – North Korea
Vulnerabilities
Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws | Threatpost
Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions (thehackernews.com)
Yet another Microsoft RCE bug under active exploit • The Register
Palo Alto Networks: New PAN-OS DDoS flaw exploited in attacks (bleepingcomputer.com)
CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog - Security Affairs
Zimbra auth bypass bug exploited to breach over 1,000 servers (bleepingcomputer.com)
Researchers Debut Fresh RCE Vector for Common Google API Tool (darkreading.com)
Surge in CVEs as Microsoft Fixes Exploited Zero Day Bugs - Infosecurity Magazine
Risky Business: Enterprises Can’t Shake Log4j flaw - Security Affairs
Three flaws allow attackers to bypass UEFI Secure Boot feature - Security Affairs
Windows devices with newest CPUs are susceptible to data damage (bleepingcomputer.com)
Critical Flaws Disclosed in Device42 IT Asset Management Software (thehackernews.com)
Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key - Security Affairs
Organisations Warned of Critical Vulnerabilities in NetModule Routers | SecurityWeek.Com
4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls (darkreading.com)
New vulnerability in AMD Ryzen CPUs could seriously jeopardize performance | TechRadar
ÆPIC Leak: Architectural Bug in Intel CPUs Exposes Protected Data | SecurityWeek.Com
Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year | SecurityWeek.Com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Other News
Microsoft 365 outage triggered by Meraki firewall false positive (bleepingcomputer.com)
Why VPN no longer has a place in a secure work environment | TechRadar
VMware: The threat of lateral movement is growing (techtarget.com)
5 key things learned from CISOs of smaller enterprises survey - Help Net Security
Stolen credentials are the most common attack vector companies face - Help Net Security
Your cyber security staff are burned out - and many have thought about quitting | ZDNet
Researchers Use ‘Invisible Finger’ to Remotely Control Touchscreens (vice.com)
Businesses are struggling to balance security and end-user experience - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 01 July 2022
Black Arrow Cyber Threat Briefing 01 July 2022:
-Ransomware Is the Biggest Global Cyber Threat. And The Attacks Are Still Evolving
-Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion
-Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
-Three in Four Vulnerability Management Programs Ineffective, NopSec Research Finds
-EMEA Continues to Be a Hotspot for Malware Threats
-A New, Remarkably Sophisticated Malware Is Attacking Home and Small Office Routers
-What Are Shadow IDs, and How Are They Crucial in 2022?
-Zero-Days Aren't Going Away Anytime Soon & What Leaders Need to Know
-Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities
-Human Error Remains the Top Security Issue
-Carnival Cruises Torpedoed by US States, Agrees to Pay $6m After Wave of Cyber Attacks
-Uber Ex-Security Chief Accused of Hacking Coverup Must Face Fraud Charges, Judge Rules
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Is the Biggest Global Cyber Threat. And The Attacks Are Still Evolving
Ransomware is the biggest cyber security threat facing the world today, with the potential to significantly affect whole societies and economies – and the attacks are unrelenting, the head of the National Cyber Security Centre (NCSC) has warned.
"Even with a war raging in Ukraine – the biggest global cyber threat we still face is ransomware. That tells you something of the scale of the problem. Ransomware attacks strike hard and fast. They are evolving rapidly, they are all-pervasive, they're increasingly offered by gangs as a service, lowering the bar for entry into cyber crime," said Lindy Cameron, CEO of the NCSC in a speech at Tel Aviv Cyber Week.
She added that the NCSC has dealt with "nationally significant incidents" along with hundreds of general cyber incidents that "affect the UK more widely every year".
While she didn't detail any specific instances of responding to ransomware incidents, Cameron warned that "these complex attacks have the potential to affect our societies and economies significantly", and implied that if it weren't for the work of NCSC incident responders, alongside their counterparts in the industry and international counterparts, the attacks could have had a major impact.
Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion
Titaniam, Inc., the data security platform, announced the ‘State of Data Exfiltration & Extortion Report.’ The survey revealed that while over 70% of organisations have an existing set of prevention, detection, and backup solutions, nearly 40% of organisations have been hit with ransomware attacks in the last year, and more than 70% have experienced one in the previous five years, proving existing solutions to be woefully inadequate in managing the risks and impacts from these attacks.
Data exfiltration during ransomware attacks is up 106% relative to where it was five years ago. We are seeing the emergence of a new trend where cyber criminals are no longer limiting themselves to just encrypting entire systems—they are making sure to steal data ahead of the encryption so that they can have additional leverage on the victim. The survey found that 65% of those who have experienced a ransomware attack have also experienced data theft or exfiltration due to the incident. Of those victims, 60% say the hackers used the data theft to extort them further, known as double extortion. Most of them, i.e., 59% of victims, paid the hackers, implying that they were not helped by their backup or data security tools to prevent this fate.
Data is being exposed for theft and extortion in other ways too. Nearly half (47%) uncovered publicly exposed data in their systems in the last 24 months. It was found that respondents have a mix of data security & protection (78%), prevention & detection (75%), and backup and recovery (73%) in their cyber security stacks. Still, exposure and extortion numbers imply a missing puzzle piece regarding attacks.
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against companies spiked in Q1 2022 with patchable and preventable external vulnerabilities responsible for the bulk of attacks.
Eighty-two percent of attacks on organisations in Q1 2022 were caused by the external exposure of known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18 percent.
The numbers come from Tetra Defense and its quarterly report that sheds light on a notable uptick in cyber attacks against United States organisations between January and March 2022.
The report did not let employee security hygiene, or a lack thereof, off the hook. Tetra revealed that a lack of multi-factor authentication (MFA) mechanisms adopted by firms and compromised credentials are still major factors in attacks against organisations.
https://threatpost.com/lead-causes-of-q1-attacks/180096/
Three in Four Vulnerability Management Programs Ineffective
How at risk are organisations to unsecured vulnerabilities in their networks? NopSec, a threat and exposure management provider, gives us the answers in a new study of some 430 cyber security professionals.
Are security teams finding successful approaches to their vulnerability management, or are “open doors around their attack surface” leaving them susceptible to disaster in their organisation? The answer, as it turns out, is that some organisations are better at detection, response and remediation of their vulnerabilities.
Perhaps more importantly, others are not as locked down as they believe, according to the report. Keeping track of known vulnerabilities and responding quickly is one thing, but locating flaws they did not previously know existed is quite another.
Seventy percent of respondent say their vulnerability management program (VMP) is only somewhat effective or worse, blind spots and shadow IT remain top challenges, and vulnerabilities take too long to patch.
EMEA Continues to Be a Hotspot for Malware Threats
Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to the latest quarterly Internet Security Report from the WatchGuard Threat Lab. Researchers also found that the Emotet botnet came back in a big way, the infamous Log4Shell vulnerability tripled its attack efforts and malicious cryptomining activity increased.
Although findings from the Threat Lab’s Q4 2021 report showed ransomware attacks trending down year over year, that all changed in Q1 2022 with a massive explosion in ransomware detections. While Q4 2021 saw the downfall of the infamous REvil cybergang, WatchGuard analysis suggests that this opened the door for the LAPSUS$ extortion group to emerge, which along with many new ransomware variants such as BlackCat – the first known ransomware written in the Rust programming language – could be contributing factors to an ever-increasing ransomware and cyber-extortion threat landscape.
The report also shows that EMEA continues to be a hotspot for malware threats. Overall regional detections of basic and evasive malware show WatchGuard Fireboxes in EMEA were hit harder than those in North, Central and South America (AMER) at 57% and 22%, respectively, followed by Asia-Pacific (APAC) at 21%.
https://www.helpnetsecurity.com/2022/06/30/emea-malware-threats/
A New, Remarkably Sophisticated Malware Is Attacking Home and Small Office Routers
An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on June 28.
So far, researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.
The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive, and remain undetected, is the hallmark of a highly sophisticated threat actor.
"While compromising small office/home office (SOHO) routers as a vector to gain access to an adjacent LAN is not a novel technique, it has seldom been reported," Black Lotus Labs researchers wrote. "Similarly, reports of person-in-the-middle style attacks, such as DNS and HTTP hijacking, are even rarer and a mark of a complex and targeted operation. The use of these two techniques congruently demonstrated a high level of sophistication by a threat actor, indicating that this campaign was possibly performed by a state-sponsored organisation."
The campaign comprises at least four pieces of malware, three of them written from scratch by the threat actor. The first piece is the MIPS-based ZuoRAT, which closely resembles the Mirai internet-of-things malware that achieved record-breaking distributed denial-of-service attacks that crippled some Internet services for days. ZuoRAT often gets installed by exploiting unpatched vulnerabilities in SOHO devices.
https://www.wired.com/story/zuorat-trojan-malware-hacking-routers/
What Are Shadow IDs, and How Are They Crucial in 2022?
Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool that they preferred over any other sanctioned products (which JPMorgan certainly has quite a few of.)
Visibility into unknown and unsanctioned applications has been required by regulators and also recommended by the Center for Internet Security community for a long time. Yet it seems that new and better approaches are still in demand. Gartner has identified External Attack Surface Management, Digital Supply Chain Risk, and Identity Threat Detection as the top three trends to focus on in 2022, all of which are closely intertwined with Shadow IT.
"Shadow IDs," or in other words, unmanaged employee identities and accounts in third-party services, are often created using a simple email-and-password-based registration. Cloud access security broker (CASB) and corporate single-sign-on (SSO) solutions are limited to a few sanctioned applications, and are not widely adopted on most websites and services either. This means, that a large part of an organisation's external surface - as well as its user identities - may be completely invisible.
https://thehackernews.com/2022/06/what-are-shadow-ids-and-how-are-they.html
Zero-Days Aren't Going Away Anytime Soon, and What Leaders Need to Know
Few security exploits are the source of more sleepless nights for security professionals than zero-day attacks. Just recently, researchers discovered a new vulnerability enabling hackers to achieve remote code execution within Microsoft Office. Dubbing the evolving threat the Follina exploit, researchers say all versions of Office are at risk. And because the internal security teams have no time to prepare or patch their systems to defend against these software vulnerabilities, crafty threat actors can take advantage, taking their time after they've accessed an organisation's environment to observe and exfiltrate data while remaining completely unseen.
And though sophisticated threat actors and nations have exploited zero-days for nearly two decades, last year saw a historic rise in the number of vulnerabilities detected. Both Google and Mandiant tracked a record number of zero-days last year, with the caveat that more zero-days are being discovered because security companies are getting better at finding them — not necessarily because hackers are coming up with new vulnerabilities. Not all zero-days are created equal, though. Some require sophisticated and novel techniques, like the attack on SolarWinds, and others exploit simple vulnerabilities in commonly used programs like Windows. Thankfully, there's some basic cyber hygiene strategies that can keep your organisation sufficiently prepared to mitigate zero-day exploits.
Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities
Google Project Zero has observed a total of 18 exploited zero-day vulnerabilities in the first half of 2022, at least half of which exist because previous bugs were not properly addressed.
According to Google Project Zero researcher Maddie Stone, nine of the in-the-wild zero-days seen so far this year could have been prevented had organisations applied more comprehensive patching.
“On top of that, four of the 2022 zero-days are variants of 2021 in-the-wild zero-days. Just 12 months from the original in-the-wild zero-day being patched, attackers came back with a variant of the original bug,” Stone says.
The most recent of these issues is the Follina vulnerability in the Windows platform. Tracked as CVE-2022-30190, it is a variant of an MSHTML zero-day tracked as CVE-2021-40444.
CVE-2022-21882 is another Windows vulnerability that is a variant of an in-the-wild zero-day that was improperly resolved last year, namely CVE-2021-1732.
An iOS IOMobileFrameBuffer bug (CVE-2022-22587) and a type confusion flaw in Chrome’s V8 engine (CVE-2022-1096) are two other zero-days that are variants of exploited security flaws found last year – CVE-2021-30983 and CVE-2021-30551, respectively.
Other 2022 zero-days that are variants of improperly addressed security defects are CVE-2022-1364 (Chrome), CVE-2022-22620 (WebKit), CVE-2021-39793 (Google Pixel), CVE-2022-26134 (Atlassian Confluence), and CVE-2022-26925 (Windows flaw called PetitPotam).
https://www.securityweek.com/google-half-2022s-zero-days-are-variants-previous-vulnerabilities
Human Error Remains the Top Security Issue
Human error remains the most effective vector for conducting network infiltrations and data breaches.
The SANS Institute security centre issued its annual security awareness report Wednesday, which was based on data from 1,000 infosec professionals and found that employees and their lack of security training remain common points of failure for data breaches and network attacks. The report also tracked the maturity level of respondents' security awareness programs and their effectiveness in reducing human risk.
"This year's report once again identifies what we have seen over the past three years: that the most mature security awareness programs are those that have the most people dedicated to managing and supporting it," the cyber security training and education organisation said.
"These larger teams are more effective at working with the security team to identify, track, and prioritise their top human risks, and at engaging, motivating, and training their workforce to manage those risks."
The SANS Institute study ranked maturity by five levels, from lowest to highest: nonexistent, compliance-focused, promoting awareness and behaviour change, long-term sustainment and culture change, and metrics framework. The report found that while approximately 400 respondents said their programs promote awareness and behaviour change - the highest such response for any maturity level - the number represented a 10% decrease from the previous year's report.
Carnival Cruises Torpedoed by US States, Agrees to Pay $6m After Wave of Cyber Attacks
Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyber attacks.
A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based business revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.
It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.
Back in 2019, the security operations team spotted an internal email account sending spam to other addresses. It turned out miscreants had hijacked 124 employee Microsoft Office 365 email accounts, and were using them to send phishing emails to harvest more credentials. This, we're told, gave the intruders access to personal data on 180,000 Carnival employees and customers. It's likely the miscreants first broke in using phishing mails or brute-forcing passwords; either way, there was no multi-factor authentication.
Then in August 2020, the company said it was hit with the aforementioned ransomware, and copies of its files were siphoned. In January 2021, it was infected again with malware, and again sensitive information – specifically, customer passport numbers and dates of birth, and employee credit card numbers – were downloaded. And in March that year, a staffer's work email account was compromised again to send out a phishing email; more sensitive information was exposed.
https://www.theregister.com/2022/06/28/carnival-cybersecurity-fines/
Uber Ex-Security Chief Accused of Hacking Coverup Must Face Fraud Charges, Judge Rules
A federal judge on Tuesday said a former Uber Technologies Inc. security chief must face wire fraud charges over his alleged role in trying to cover up a 2016 hacking that exposed personal information of 57 million passengers and drivers.
The US Department of Justice had in December added the three charges against Joseph Sullivan to an earlier indictment, saying he arranged to pay money to two hackers in exchange for their silence, while trying to conceal the hacking from passengers, drivers and the US Federal Trade Commission.
Threats
Ransomware
Record-Breaking Year for Ransomware Attacks, WatchGuard Research Predicts - MSSP Alert
Cyber Security Experts Warn of Emerging Threat of "Black Basta" Ransomware (thehackernews.com)
AstraLocker 2.0 infects users directly from Word attachments (bleepingcomputer.com)
Black Basta Ransomware Gang Attacks 50 Companies, Cybereason Reports - MSSP Alert
How Dangerous Is BlackBasta Ransomware? (informationsecuritybuzz.com)
LockBit 3.0 Debuts With Ransomware Bug Bounty Program (darkreading.com)
Son of Conti: Ransomware tries its hand at politics - The Record by Recorded Future
Kaseya Ransomware - Cyber Leader’s Thoughts & Learnings One Year Later (informationsecuritybuzz.com)
Are Protection Payments the Future of Ransomware? (tripwire.com)
Conti vs. LockBit: A Comparative Analysis of Ransomware Groups (trendmicro.com)
This new malware is at the heart of the ransomware ecosystem | ZDNet
Macmillan Publishing shuts down systems after likely ransomware attack (bleepingcomputer.com)
Walmart denies being hit by Yanluowang ransomware attack (bleepingcomputer.com)
Fake copyright infringement emails install LockBit ransomware (bleepingcomputer.com)
Cisco Talos techniques uncover ransomware sites on dark web (techtarget.com)
RansomHouse gang claims to have some stolen AMD data • The Register
'Prolific' NetWalker extortionist pleads guilty • The Register
Phishing & Email Based Attacks
Google Warns About Hacker-for-Hire Services Trying to Phish Users (pcmag.com)
Clever phishing method bypasses MFA using Microsoft WebView2 apps (bleepingcomputer.com)
Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)
How phishing attacks are becoming more sophisticated - Help Net Security
How Evilnum Cyber Attacks Target Microsoft Office Files - MSSP Alert
New Matanbuchus Campaign drops Cobalt Strike beacons - Security Affairs
Kaspersky Reveals Phishing Emails That Employees Find Most Confusing (darkreading.com)
Ukraine arrests cyber crime gang operating over 400 phishing sites (bleepingcomputer.com)
Malware
Microsoft finds Raspberry Robin worm in hundreds of Windows networks (bleepingcomputer.com)
Microsoft Exchange servers worldwide backdoored with new malware (bleepingcomputer.com)
Microsoft warning: This malware that targets Linux just got a big update | ZDNet
ZuoRAT Hijacks SOHO Routers From Cisco, Netgear (darkreading.com)
XFiles info-stealing malware adds support for Follina delivery (bleepingcomputer.com)
Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)
PyPi python packages caught sending stolen AWS keys to unsecured sites (bleepingcomputer.com)
Mobile
Android Spyware 'Revive' Upgraded to Banking Trojan - Infosecurity Magazine
Phone Hackers: 9 Ways To Tell If You Have Fallen Victim (informationsecuritybuzz.com)
Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru
Internet of Things – IoT
Data Breaches/Leaks
Leaky Access Tokens Exposed Amazon Photos of Users | Threatpost
California gun dashboards expose 10 years of personal data • The Register
Organised Crime & Criminal Actors
Russia-China cyber criminal collaboration could “destabilize” international order | CSO Online
Canadian admits to hacking spree with Russian cyber-gang - BBC News
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Pentagon finds concerning vulnerabilities on blockchain | TechRepublic
Hackers steal $100m from another breached crypto bridge | TechRadar
Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine
Dozens of cryptography libraries vulnerable to private key theft | The Daily Swig (portswigger.net)
Missing Cryptoqueen: FBI adds Ruja Ignatova to top ten most wanted - BBC News
Singapore warns of ‘brutal, unrelentingly hard’ crypto regs • The Register
Insider Risk and Insider Threats
Rogue HackerOne employee steals bug reports to sell on the side (bleepingcomputer.com)
Japanese worker loses city's personal data in USB fail • The Register
How you handle independent contractors may determine your insider threat risk | CSO Online
Fraud, Scams & Financial Crime
Threat actors increasingly use third parties to run their scams - Help Net Security
Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine
Evolving online habits have paved the way for fraud. What can we do about it? - Help Net Security
Insurance
Software Supply Chain
It's a Race to Secure the Software Supply Chain — Have You Already Stumbled? (darkreading.com)
Over a Decade in Software Security: What Have We learned? - IT Security Guru
Denial of Service DoS/DDoS
Attack Surface Management
Shadow IT
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
RansomHouse Hackers Claim to Breach AMD With Bad Passwords (gizmodo.com)
Breaking Down the Zola Hack and Why Password Reuse is so Dangerous (bleepingcomputer.com)
Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)
Social Media
Verified Twitter accounts hacked to send fake suspension notices (bleepingcomputer.com)
Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign (darkreading.com)
New YTStealer malware steals accounts from YouTube Creators (bleepingcomputer.com)
Facebook 2FA phish arrives just 28 minutes after scam domain created – Naked Security (sophos.com)
Training, Education and Awareness
Privacy
‘Supercookies’ Have Privacy Experts Sounding the Alarm | WIRED
UK should immediately ban use of live facial recognition, warns report | Financial Times (ft.com)
Snoopers’ Charter Ruled Partially Unlawful - Infosecurity Magazine
We must stop sleepwalking towards a surveillance state | Financial Times (ft.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Manx government department fined over data breach - BBC News
Clearview fine: The unacceptable face of modern surveillance - Help Net Security
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
NATO to create cyber rapid response force, increase cyber defence aid to Ukraine - CyberScoop
Evilnum hackers return in new operation targeting migration orgs (bleepingcomputer.com)
Commercial cyber products must be used responsibly, says NCSC CEO (computerweekly.com)
G7 to tackle cyber threats and disinformation from Russia: communique | Reuters
Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru
China lured graduate jobseekers into digital espionage | Ars Technica
Nation State Actors
Nation State Actors – Russia
Ukraine targeted by almost 800 cyber attacks since the war started (bleepingcomputer.com)
Russian Hacker Group Says Cyber Attacks Continue On Lithuania (informationsecuritybuzz.com)
Russian hacktivists take down Norway govt sites in DDoS attacks (bleepingcomputer.com)
Russia's Killnet hacker group says it attacked Lithuania | Reuters
Nation State Actors – China
Chinese Hackers Target Building Management Systems | SecurityWeek.Com
China lured graduate jobseekers into digital espionage | Ars Technica
Nation State Actors – North Korea
Vulnerability Management
Why more zero-day vulnerabilities are being found in the wild | CSO Online
Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)
Microsoft's quiet mishandling of vulnerabilities is becoming a public mess - OnMSFT.com
Vulnerabilities
MITRE shares this year's list of most dangerous software bugs (bleepingcomputer.com)
How and why threat actors target Microsoft Active Directory | CSO Online
Atlassian Confluence Exploits Peak at 100K Daily (darkreading.com)
Patch Now: Linux Container-Escape Flaw in Azure Service Fabric (darkreading.com)
Zoho ManageEngine ADAudit Plus bug gets public RCE exploit (bleepingcomputer.com)
OpenSSL 3.0.5 awaits release to fix potential security flaw • The Register
CISA: Adopt Modern Auth now for Exchange Online • The Register
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild (thehackernews.com)
CISA orders agencies to patch Windows LSA bug exploited in the wild (bleepingcomputer.com)
Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware (trendmicro.com)
Jenkins discloses dozens of zero-day bugs in multiple plugins (bleepingcomputer.com)
New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers (thehackernews.com)
Sector Specific
Critical National Infrastructure (CNI)
Financial Services Sector
FinTech
A Fintech Horror Story: How One Company Prioritizes Cyber Security (darkreading.com)
Security and compliance concerns limit ‘open finance’ expansion, say executives (scmagazine.com)
Telecoms
OT, ICS, IIoT, SCADA and Cyber-Physical Systems
APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor (thehackernews.com)
Cyber-Physical Security: Benchmarking to Advance Your Journey | SecurityWeek.Com
Critical Security Flaws Identified in CODESYS ICS Automation Software (thehackernews.com)
Microsoft Exchange bug abused to hack building automation systems (bleepingcomputer.com)
5 Cyber Security Tips for Smart Buildings - IT Security Guru
Chinese Hackers Target Building Management Systems | SecurityWeek.Com
OT security: Helping under-resourced critical infrastructure organisations - Help Net Security
Energy & Utilities
Oil, Gas and Mining
Food and Agriculture
Education and Academia
Web3
Reports Published in the Last Week
Q1 2022 Incident Response Insights from Tetra Defense | Arctic Wolf
Defending Ukraine: Early Lessons from the Cyber War - Microsoft On the Issues
Other News
Cyber Attacks Gain Steam in Early '22: Tetra Defense Report - MSSP Alert
FBI warns crooks are using deepfake videos in job interviews • The Register
Destructive firmware attacks pose a significant threat to businesses - Help Net Security
48% of security practitioners seeing 3x increase in alerts per day - Help Net Security
Adversarial machine learning explained: How attackers disrupt AI and ML systems | CSO Online
82% Cyber Breaches In Verizon’s Report Preventable, Says MyCena (informationsecuritybuzz.com)
SolarWinds hack explained: Everything you need to know (techtarget.com)
Properly securing APIs is becoming increasingly urgent - Help Net Security
97% Of UK Business Leaders Expect Quantum Computing to Disrupt Their Sectors - Infosecurity Magazine
LGBTQ+ folks warned of dating app extortion scams • The Register
What is Zero Trust and why would you want it? • The Register
Tencent admits to poisoned QR code attack on QQ accounts • The Register
Exploring the insecurity of readily available Wi-Fi networks - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.