Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Week in review 03 November 2019: Norsk Hydro insurance payout falls short, breaches from October 2019, businesses stung by Office 365 voicemail scam, Google Chrome flaw exploited in the wild
Week in review 03 November 2019: Norsk Hydro insurance payout falls short, breaches from October 2019, businesses stung by Office 365 voicemail scam, Google Chrome flaw exploited in the wild
Round up of the most significant open source stories of the last week
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Insurance Pays Out a Sliver of Norsk Hydro’s Cyberattack Damages
The company received $3.6 million in cyber insurance – out of $71 million incurred in damages after a massive March cyberattack.
On the heels of a severe cyberattack, aluminum giant Norsk Hydro has received only $3.6 million in cyber-insurance – just a fraction of the total costs in damage.
Overall, the Oslo, Norway-based company incurred between $60 million to $71 million in damages from the incident, which forced it to shut down or isolate several plants and send several more into manual mode. While Norsk Hydro said it expects more future compensation from its lead cyberinsurer, AIG, the payment received so far covers only 6 percent of the total damages.
“The cyberattack on Hydro on March 19 affected the entire global organization, with Extruded Solutions having suffered the most significant operational challenges and financial losses,” according to Norsk Hydro’s 2019 third-quarter report. “The financial impact of the cyberattack is estimated to around NOK 550-650 million [$60 to 70 million USD] in the first half year with limited financial effects for the third quarter. Hydro has a robust cyber-insurance in place with recognized insurers. Hydro has recognized NOK 33 million [$3.6 million USD] insurance compensation in the third quarter.”
Full article on ThreatPost here: https://threatpost.com/insurance-pays-norsk-hydro-cyberattack-damages/149707/
List of data breaches and cyber attacks in October 2019 – 421 million records breached
In a month where security experts across Europe were boosting awareness of cyber security, organisations had mixed results in their own data protection practices.
On the one hand, the 421,103,896 data records that were confirmed to have been breached in October represents about 50% of the monthly average.
But on the other hand, there were a staggering 111 incidents, including several in which sensitive and financial information was compromised.
It was also a particularly bad month for the UK, with 9 confirmed breaches.
Full list here: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-october-2019
Businesses stung by highly convincing Office 365 voicemail scam
Cyber criminals are stealing the login credentials of Microsoft Office 365 users using a phishing campaign that tricks victims into believing they've been left voicemail messages.
In the last few weeks, there's been a surge in the number of employees being sent malicious emails that allege they have a missed call and voicemail message, along with a request to login to their Microsoft accounts.
The phishing emails also contain an HTML file, which varies slightly from victim to victim, but the most recent messages observed include a genuine audio recording, researchers with McAfee Labs have discovered.
Full article on ITPro here: https://www.itpro.co.uk/phishing/34723/businesses-stung-by-highly-convincing-office-365-voicemail-scam
Phishing is no longer limited to email only.
Phishing is a much wider issue than originally thought, Akamai claims in its latest report. In it, it also details which companies are most at risk of phishing attacks, as well as the various techniques that hackers use to try and breach these companies’ security systems.
Phishing, but also phishing as a service (PaaS) is a hacking method in which a hacker impersonates a legitimate person/company, and asks for personal information. Usually, it is done through email, but Akamai claims that hackers are also leveraging social media and SMS channels, as well.
Hackers were mostly targeting the high technology industry, Akamai claims, saying it analysed 6,035 domains and identified 120 kit variations in the industry. The second most-targeted industry was financial services, with 3,658 domains and 83 kit variants used, followed by e-commerce as third.
Microsoft, PayPal, DHL, and Dropbox were the top targeted brands. Microsoft took up 21.88 per cent of total domains, followed by PayPal with 9.37 per cent, DHL with 8.79 per cent and Dropbox with 2.59 per cent.
Phishing is a long-term problem that will have adversaries continuously going after consumers and businesses alike until personalised awareness training programs and layered defence techniques are put in place.
As businesses improve their defences, hackers look to new and creative solutions. Thus, Akamai says, most of the phishing kits were active 20 days or less, in order to avoid being spotted.
Via: https://www.itproportal.com/news/these-are-the-companies-most-at-risk-of-phishing-attacks/
More info here: https://www.akamai.com/us/en/about/news/press/2019-press/state-of-the-internet-security-phishing-baiting-the-hook.jsp
Google Discloses Chrome Flaw Exploited in the Wild
Google is warning users of a high-severity vulnerability in its Chrome browser that is currently being exploited by attackers to hijack computers.
The flaw (CVE-2019-13720), discovered by security researchers at Kaspersky, exists in Google Chrome’s audio component. Google is urging users to update to the latest version of Chrome, 78.0.3904.87 (for Windows, Mac, and Linux) as soon as possible.
This updated version addresses vulnerabilities that an attacker could exploit to take control of an affected system according to the alert. The vulnerability was detected in exploits in the wild.”
More from ThreatPost here: https://threatpost.com/google-discloses-chrome-flaw-exploited-in-the-wild/149784/
Keeping up with the evolving ransomware security landscape
Cybercrime is ever-evolving, and is consistently becoming more effective and damaging. While the range of attack vectors available to malicious actors are vast, ransomware remains one of the most prolific forms of cybercrime and has held on to its top spot as leading cyber threat this year.
Hardly a day goes by without reports of another high-profile incident, with large companies and government organisations (particularly in education and healthcare) often at the receiving end – due to weak, legacy infrastructure and poor operational security. Of course, it was also responsible for some of the most damaging attacks ever – with the infamous WannaCry and NotPetya strains that hit headlines in 2017.
As ransomware attacks continue to become more sophisticated, it has never been more important for businesses of all sizes to take a proactive approach to cybersecurity. While this can feel like a seemingly impossible task when you take into consideration the variety of forms and methods of entry that ransomware can take, businesses can ensure they’re adequately protected by reviewing their existing security strategy and ensuring they have adopted a layered approach.
Read the full article on HelpNetSecurity here: https://www.helpnetsecurity.com/2019/11/01/ransomware-security-landscape/
The nastiest ransomware, phishing and botnets of 2019
Vendor Webroot released its annual Nastiest Malware list, shedding light on 2019’s worst cybersecurity threats. From ransomware strains and cryptomining campaigns that delivered the most attack payloads to phishing attacks that wreaked the most havoc, it’s clear that cyber threats across the board are becoming more advanced and difficult to detect.
Full article here: https://www.helpnetsecurity.com/2019/10/30/nastiest-malware-2019/
The scariest hacks and vulnerabilities of 2019
Yes, this is one of those end-of-year summaries. And it's a long one, since 2019 has been a disaster in terms of cyber-security news, with one or more major stories breaking on a weekly basis.
See the full summary for the past 10 months of security disasters, organized by month here: https://www.zdnet.com/article/the-scariest-hacks-and-vulnerabilities-of-2019/
One in five IT workers doesn't know what a cyberattack is
A survey of over 1,000 IT workers, carried out by technology services provider Probrand reveals that more than one in five (21 percent) don't actually know what constitutes a 'cyberattack'.
Used as a catch-all term, cyberattack can cover everything from a simple phishing email, right across to a large-scale server attack, however, many IT workers have never seen, or don't understand, what the real detail of an attack actually looks like.
Almost half (43 percent) of those surveyed admit to being unaware of how to defend their company from a cyberattack, with one in three (32 percent) relying on external agencies for crisis support.
"The term, 'cyberattack' is firmly set in business vocabulary, and rightly so as cyber threats present the greatest risk of crisis to most organizations," Matt Royle, marketing director at Probrand says. "However, it is worrying to discover many do not know the details of what a threat looks like, so have little chance of protecting themselves from it."
In addition the study finds that only just over one in ten (12 percent) of respondents say they know what their company's business continuity plan fully constitutes.
"Where no IT team exists, business leaders are exposed to threats without knowledge of how to protect themselves. Where IT teams do exist, managers are hampered by end user issues, lack of budget or time to truly focus on IT strategy, which includes security," adds Royle. "Business leaders need to take another look at prioritizing investment in people, technology and employee training to combat cyber security and protect the continuity of their business."
This article originally appeared on BetaNews: https://betanews.com/2019/11/01/workers-lack-cyberattack-knowledge/