Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 15 September 2023
Black Arrow Cyber Threat Intelligence Briefing 15 September 2023:
-Overconfident Organisations Prone to Cyber Breaches
-Board Members Struggling to Understand Cyber Risks
-Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them
-Cyber Attacks Reach Fever Pitch in Q2 2023
-Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats
-Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing
-Europol - Financial Crime Makes “Billions” and Impacts “Millions”
-Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security
-Hackers are Dropping USB Drives Outside Buildings to Target Networks
-Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night
-If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now
-Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Overconfident Organisations Prone to Cyber Breaches
A study found that 95% of UK enterprises were very confident or somewhat confident that they do not have gaps in their security controls, yet despite this, 69% have fallen victim to a cyber attack in the last two years. One of the reasons given for this false sense of confidence was the belief that more tools meant more security; worryingly, 45% of organisations struggled with the implementation of tools due to the need for expertise. Attackers are constantly adapting their tactics to bypass the security controls that most organisations implement. It is difficult for IT teams and business leaders to maintain an objective assessment of how effective their chosen security controls are against today’s attackers. Black Arrow provides the impartial and expert advice that businesses require, including a free initial assessment, with no vested interest other than helping our clients achieve pragmatic and proportionate security.
Source: [IT Security Guru]
Board Members Struggling to Understand Cyber Risks
Board members frequently struggle to understand cyber risks, putting businesses at higher risk of attacks, a new report has found. The report noted that Board interest is being piqued as a result of growing media reporting of cyber incidents, a heightened Board focus on operational resilience post-pandemic, investor pressure and a tightening regulatory environment.
Worryingly, despite the increase in interest and increased internal and external focus on cyber risk, a number of Board-level respondents reported that they felt scared or embarrassed to ask their CISO for fear of exposing their lack of understanding.
Source: [Infosecurity Magazine]
Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them
Senior executives in today's evolving work landscape face growing cyber security threats, including extortion and device theft. The rise of ‘workcations’, which blend work and leisure, has blurred professional and personal boundaries, exposing leaders to heightened risks, and necessitating a strong focus on cyber security.
These executives are particularly attractive targets due to their access to critical information and decision-making authority. To protect their organisations, they must prioritise robust security measures, such as stronger passwords, anti-theft safeguards for devices, multi factor authentication, and, where appropriate or necessary, the use of virtual private networks. As guardians of their businesses' well-being, executives carry the responsibility of upholding stringent cyber security practices, ensuring that the benefits of remote work do not compromise their organisations' security.
Source: [Fortune]
Cyber Attacks Reach Fever Pitch in Q2 2023
A report has found the global landscape of increasing digitisation, political unrest, the emergence of AI and the widespread adoption of work from home, have all contributed to an increase in attacks, which have increased 314% in the first half of this year compared the first half of 2022. Rather worryingly, between the first and second quarter this year, there was a 387% increase in activity.
Source: [Data Centre & Network News]
Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats
A report from the Information Commissioner’s Office (ICO) in the UK found ransomware attacks on UK organisations reached record levels last year, impacting over 700 organisations. This isn’t the true count though, as it does not factor the overwhelming majority of victims who do not report attacks, so the true number will be many times this. This increase comes as reports are finding that UK companies are struggling to address the growing threats, and this includes a lack of understanding at the Board level. In fact, 59% of directors say their Board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.
Sources: [The Record] [The Fintech Times] [Financial Times]
Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. Referring to one of the groups, Microsoft said “In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,". This tactic has also been used by Russian Nation State Actors.
Source: [Bleeping Computer]
Europol - Financial Crime Makes “Billions” and Impacts “Millions”
The European policing alliance’s first ever European Financial and Economic Crime Threat Assessment was compiled from “operational insights and strategic intelligence” contributed by member states and Europol partners. The assessment highlighted a criminal economy worth billions of euros and that impacts millions of victims each year.
Source: [Infosecurity Magazine]
Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security
A recent report found that 30% of parents have never spoken to their children about cyber security. Additionally, over 40% of parents, who themselves admitted that they didn’t know how to create strong passwords, still give their child access to their mobile phones and almost a third (32%) give them access to their computers. By doing so, parents are not only putting their children at risk, but inadvertently, themselves and the organisations they work for as well.
Black Arrow offers a range of training, including formal and informal training, for individuals, employees and business leaders. Contact us today for a free initial conversation.
Source: [IT Security Guru]
Hackers are Dropping USB Drives Outside Buildings to Target Networks
A mid-year cyber security report found that along with the explosive growth in AI, bad actors are still using tried and tested, but unfortunately still very effective, tactics such as dropping USB drives outside target buildings in the hope that an employee will pick them up and plug them into devices connected to the corporate network. Many times, these actors are banking on their targets lacking protections against these attacks. Think about your organisation, would someone plug a device they found in the street into their work computer out of curiosity? Does your organisation have controls in place to prevent this type of attack?
Source: [Tech Republic]
Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night
According to a recent survey, 55% of IT decision-makers cited data theft as their main concern, with ransomware placed third, after phishing. This comes as ransomware attackers are moving towards more exfiltration-based techniques. Exfiltration creates a significant number of issues for an organisation including the regulatory requirements of telling customers, to not knowing what data has been exfiltrated.
Source: [Information Security Buzz]
If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now
Criminals have had plenty of time to use encryption keys stolen in the 2022 LastPass hack to open vaults, and there has been a reported increase in the number of vaults that have been cracked. For those attackers that haven’t been able to crack your password, they're under no time constraints.
Whilst successful attackers may not directly target your email accounts, PayPal wallets, or banks, these assets can be packaged and sold to other criminal third parties. If any of the passwords stored in a LastPass vault prior to 2022 are still in use, you should change them immediately.
Source: [Make Use Of]
Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web
IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report. The latest haul of new CVEs brings the total number tracked by the vendor to 3,900; a number that has doubled since 2019. Similarly, a separate report from Palo Alto Networks found that 80% of security exposures exist in the cloud.
IBM highlighted that this has led to a number of cloud credentials being actively sold on the dark web, in some cases for the same price as a dozen doughnuts. These credentials are believed to account for almost 90% of goods and services for sale on the dark web.
Sources: [Infosecurity Magazine] [The Register] [TechTarget]
Governance, Risk and Compliance
Deputy PM urges UK plc not to lose focus on cyber | Computer Weekly
Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru
Global companies to hike security spending as threats rise - survey | Reuters
CISOs need to be forceful to gain leverage in the boardroom - Help Net Security
Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru
Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard
Cyber Security risks dampen corporate enthusiasm for tech investments - Help Net Security
CISOs and Board Reporting – an Ongoing Problem - SecurityWeek
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks hit record level in UK, according to neglected official data (therecord.media)
Ransomware tracker: The latest figures [September 2023] (therecord.media)
Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)
Ransomware thrives as cyber security remains lax, says UK report | Financial Times (ft.com)
Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family (thehackernews.com)
Ransomware in top three threats for 65% of organisations | Security Magazine
TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)
Don’t focus on ransomware variants, say UK’s national cyber and crime agencies (therecord.media)
Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor (darkreading.com)
Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors (darkreading.com)
Ransomware Victims
A phone call to helpdesk was likely all it took to hack MGM | Ars Technica
MGM, Caesars File SEC Disclosures on Cyber Security Incidents (darkreading.com)
Caesars paid millions in ransom to cybercrime group prior to MGM hack – NECN
Group in Casino Hacks Skilled at Duping Workers for Access (1) (bloomberglaw.com)
Ransomware tracker: The latest figures [September 2023] (therecord.media)
Rhysida gang claims to have hacked three more US hospitals (securityaffairs.com)
Ransomware crew claims to have hit Save The Children • The Register
Shell says Australian unit BG Group hit by MOVEit cyber security breach | Reuters
Dutch football association pays ransom to Russian cyber criminals – EURACTIV.com
Cyber security incident affects services at The Weather Network | CFJC Today Kamloops
Phishing & Email Based Attacks
Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security
Attackers Abuse Google Looker Studio to Evade DMARC, Email Security (darkreading.com)
$24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack
Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar
Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)
Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)
Journalists, authors, and other writers targeted by phishing emails | TechRadar
Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach - SecurityWeek
How should SMBs navigate the phishing minefield? - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Understanding the dangers of social engineering - Help Net Security
How to Avoid Smishing Attacks Targeting Subscription Service Users (securityintelligence.com)
Artificial Intelligence
Cyber Criminals Feasting On Artificial Intelligence (forbes.com)
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)
Cloud security in the era of artificial intelligence (securityintelligence.com)
Deepfake cyberthreats keep rising. Here's how to prevent them - SiliconANGLE
2FA/MFA
Malware
Microsoft Teams phishing attack pushes DarkGate malware (bleepingcomputer.com)
Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)
Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)
Protecting Your Microsoft IIS Servers Against Malware Attacks (thehackernews.com)
3 Strategies to Defend Against Resurging Infostealers (darkreading.com)
New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (thehackernews.com)
Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)
'Steal-It' Campaign Uses OnlyFans Models as Lures (darkreading.com)
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (welivesecurity.com)
Cybersecurity alert: Malware hidden in Microsoft Teams messages targeting users - OnMSFT.com
Iranian Cyberspies Deployed New Backdoor to 34 Organizations - SecurityWeek
Mobile
'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users (darkreading.com)
France halts iPhone 12 sales over radiation levels - BBC News
Denial of Service/DoS/DDOS
Massive DDoS attack on US financial company thwarted by cyber firm (therecord.media)
Akamai prevented largest DDoS attack on a US financial company (securityaffairs.com)
After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek
Yukon gov't website back after cyber attack, Nunavut gov't site still down | CBC News
Internet of Things – IoT
Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)
Wyze security camera owners report seeing strangers' camera feeds | Mashable
Hackers will hack anything — including your sex toys - The Hustle
Data Breaches/Leaks
Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru
LastPass Hackers Cracking Password Vaults - Experts Warns - Cyber Kendra
Dymocks Booksellers suffers data breach impacting 836k customers (bleepingcomputer.com)
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Capita class action: 2,000 sign up in wake of data theft • The Register
Airbus data leaked via infected customer computer • The Register
Threat actor leaks sensitive data belonging to Airbus (securityaffairs.com)
Organised Crime & Criminal Actors
How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Europol's spotlight report sheds light on evolving cyber attacks (amlintelligence.com)
Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Top blockchain Cyber security threats to watch out for (att.com)
$24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack
Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin
Hackers steal $53 million worth of cryptocurrency from CoinEx (bleepingcomputer.com)
Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Latest fraud schemes targeting the payments ecosystem - Help Net Security
Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News
Glasgow firm issues warning following recent cyber attack | Glasgow Times
Impersonation Attacks
Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security
Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)
Deepfakes
AML/CFT/Sanctions
Insurance
Dark Web
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)
Cloud credentials are the hot ticket item on the dark web • The Register
Supply Chain and Third Parties
Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard
Airbus Cyber Attack: Over 3,200 Vendor Data Accessed by Hackers (cybersecuritynews.com)
Capita class action: 2,000 sign up in wake of data theft • The Register
The rise and evolution of supply chain attacks - Help Net Security
A 2-Week Prescription for Eliminating Supply Chain Threats (darkreading.com)
Cloud/SaaS
Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar
7 Steps to Kickstart Your SaaS Security Program (thehackernews.com)
Cloud storage security: What's new in the threat matrix | Microsoft Security Blog
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Cloud credentials are the hot ticket item on the dark web • The Register
Palo Alto Networks: 80% of security exposures exist in cloud | TechTarget
Cloud security in the era of artificial intelligence (securityintelligence.com)
Containers
Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns (darkreading.com)
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)
Identity and Access Management
Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)
Companies need to rethink how they implement identity security - Help Net Security
Enterprises persist with outdated authentication strategies - Help Net Security
Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)
Encryption
API
How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)
Elevating API security to reinforce cyber defence - Help Net Security
Machine Learning is a Must for API Security - IT Security Guru
Open Source
Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)
Linux Malware! Read This If You Use Free Download Manager (itsfoss.com)
Passwords, Credential Stuffing & Brute Force Attacks
If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now (makeuseof.com)
Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)
New WiKI-Eve attack can steal numerical passwords over WiFi (bleepingcomputer.com)
Wi-Fi radio signal data can be used 'to predict passwords' • The Register
Cloud credentials are the hot ticket item on the dark web • The Register
Iranian hackers breach defence orgs in password spray attacks (bleepingcomputer.com)
Social Media
Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)
After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)
Training, Education and Awareness
How to Transform Security Awareness Into Security Culture (darkreading.com)
Elevating Cyber Awareness: A Strategic Approach (informationweek.com)
How end-user phishing training works (and why it doesn’t) (bleepingcomputer.com)
Great security training is a real challenge - Help Net Security
Digital Transformation
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
SEC Issues Final Rules on Cyber Security Disclosures | Kelley Drye & Warren LLP - JDSupra
What Makes an Incident ‘Material’? | Calloquy, PBC - JDSupra
The International Criminal Court will now prosecute cyberwar crimes | Ars Technica
Preparing For Cyber Security Disclosures Set For Public Companies (forbes.com)
Models, Frameworks and Standards
Backup and Recovery
How to develop a cloud backup ransomware protection strategy | TechTarget
How To Backup Data From NAS: A Complete Guide (informationsecuritybuzz.com)
Data Protection
Careers, Working in Cyber and Information Security
Cyber Security Skills Gap: Roadies & Gamers Are Untapped Talent (darkreading.com)
Three ways to overcome cyber security staff shortages (securitybrief.co.nz)
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
China
Risk & Repeat: Big questions remain on Storm-0558 attacks | TechTarget
Parliamentary researcher ‘who spied for China’ arrested | UK news | The Guardian
Arrest of alleged spy raises questions around UK’s China policy | Financial Times (ft.com)
Microsoft, Apple versus China, spyware actors (techrepublic.com)
Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)
Spies, Hackers, Informants: How China Snoops on the West - SecurityWeek
China caught with its malware in another nation's power grid • The Register
China Threat Recap: A Deeper Insight (informationsecuritybuzz.com)
Iran
Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)
‘Scan-and-exploit’ campaign snares unpatched Exchange servers | SC Media (scmagazine.com)
North Korea
Misc Nation State/Cyber Warfare
Vulnerability Management
Severe vulnerability found in all browsers, and it's being attacked | PCWorldOvercoming the Rising Threat of Session Hijacking (darkreading.com)
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica
Vulnerabilities
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws (bleepingcomputer.com)
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) - Help Net Security
Severe vulnerability found in all browsers, and it's being attacked | PCWorld
After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery - SecurityWeek
Notepad++ 8.5.7 released with fixes for four security vulnerabilities (bleepingcomputer.com)
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (bleepingcomputer.com)
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)
Cisco warns of VPN zero-day exploited by ransomware gangs (bleepingcomputer.com)
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Tools and Controls
Global companies to hike security spending as threats rise - survey | Reuters
Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru
What Is XDR and Why It's Changing the Security Industry - ReadWrite
Remote Desktop Protocol exposures leave 85% of organisations vulnerable to attack - SiliconANGLE
The Dark Web Is Expanding (As Is the Value of Monitoring It) (darkreading.com)
How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)
Elevating Cyber Awareness: A Strategic Approach (informationweek.com)
Great security training is a real challenge - Help Net Security
Companies need to rethink how they implement identity security - Help Net Security
Enterprises persist with outdated authentication strategies - Help Net Security
Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)
Easy Configuration Fixes Can Protect Your Server from Attack (securityintelligence.com)
Other News
The Weaponization of Operational Technology (securityintelligence.com)
ICS Computers in Western Countries See Increasing Attacks: Report - SecurityWeek
Cyber Trends: The Gunpowder of the Twenty-First Century (e-ir.info)
The 9 Top Technology Trends That Are Shaping the Future of Cyber Security (makeuseof.com)
The Cyber Security Risks In Education Cannot Be Ignored (forbes.com)
A new Repojacking attack exposed over 4,000 GitHub repositories to hack (securityaffairs.com)
Cyber attacks reach fever pitch in Q2 2023 - Data Centre & Network News (dcnnmagazine.com)
Rising OT/ICS cyber security incidents reveal alarming trend - Help Net Security
Brits happy to break cyber law if the price is right | Computer Weekly
British Military Hit by Six Million Cyber Attacks in 2022 (thedefensepost.com)
Trustwave report on hospitality industry security threats | Cyber Magazine
Cyber security impact on construction, engineering projects (csemag.com)
Cyber criminals come for schools — and schools aren’t ready (hechingerreport.org)
Professional Sports: The Next Frontier of Cyber Security? (darkreading.com)
How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)
Poison in the Water: The Physical Repercussions of IoT Security Threats (securityintelligence.com)
Australia Inc roiled by raft of cyber attacks since late 2022 | Reuters
Death by digital: attacks on healthcare put people at risk (synack.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 20 November 2020
Black Arrow Cyber Threat Briefing 20 November 2020
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
Cyber crime is 'a constant threat' to SMEs
Criminals are diversifying and growing more dangerous, while SMEs remain complacent and mostly oblivious to the threats.
With a quarter of small and medium-sized enterprises (SME) falling victim to a cyberattack in the last 12 months, the threat towards these organizations is constant. This is according to a new report from Direct Line – Business, which claims that businesses aren't doing all they can to stay safe.
The report states that, if a cyber attack were to occur, many organisations would find themselves in a seriously dangerous position given they hold less than $13,000 in cash reserves. Besides financial damage, many should also expect damaged client and customer relationships due to eroded trust.
With cybercriminals diversifying into different methods of attack, SMEs need to stay vigilant on multiple fronts. Phishing is still the most popular weapon for criminals, the report states, but malware and ransomware, as well as DDoS attacks, are also notable mentions.
https://www.itproportal.com/features/cybercrime-is-a-constant-threat-to-smes/
The most common passwords of 2020 are atrocious
Bottom line: Choosing secure passwords has never been humanity’s strong suit and let’s face it, it’s never going to be. People simply have too many accounts to protect these days, leading to poor practices such as simplifying passwords to make them easier to remember and reusing the same password across multiple accounts.
https://www.techspot.com/news/87657-most-common-passwords-2020-atrocious.html#Share
Why ransomware is still so successful: Over a quarter of victims pay the ransom
Over a quarter of organisations that fall victim to ransomware attacks opt to pay the ransom as they feel as if they have no other option than to give into the demands of cyber criminals – and the average ransom amount is now more than $1 million.
Cyber crime is maturing. Here are 6 ways organisations can keep up
In 2020, the world has experienced many challenges. Among them, hastened digitalisation has brought new opportunities but also new risks. According to the World Economic Forum Global Risks Report 2020, cyber attacks rank first among global human-caused risks and RiskIQ predicts that by 2021 cyber crime will cost the world $11.4 million each minute.
https://www.weforum.org/agenda/2020/11/how-to-protect-companies-from-cybercrime/
Ransomware-as-a-service: The pandemic within a pandemic
Ransomware is a massive problem. But you already knew that.
Technical novices, along with seasoned cyber security professionals, have witnessed over the past year a slew of ransomware events that have devastated enterprises around the world. Even those outside of cyber security are now familiar with the concept: criminals behind a keyboard have found a way into an organization’s system, prevented anyone from actually using it by locking it up, and won’t let anyone resume normal activity until the organization pays a hefty fee.
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
CISOs say a distributed workforce has critically increased security concerns
73% of security and IT executives are concerned about new vulnerabilities and risks introduced by the distributed workforce, Skybox Security reveals.
The report also uncovered an alarming disconnect between confidence in security posture and increased cyberattacks during the global pandemic.
https://www.helpnetsecurity.com/2020/11/18/distributed-workforce-security/
Threats
Ransomware
Capcom confirms Ragnar Locker ransomware attack, data exposure
Capcom has confirmed that a recent security incident was due to a Ragnar Locker ransomware infection, potentially leading to the exposure of customer records.
This week, the Japanese gaming giant confirmed that the company had fallen prey to "customized ransomware" which gave attackers unauthorised access to its network -- as well as the data stored on Capcom Group systems.
Ransomware attack forces web hosting provider Managed.com to take servers offline
One of the biggest providers of managed web hosting solutions, has taken down all its servers in order to deal with a ransomware attack.
The ransomware impacted the company's public facing web hosting systems, resulting in some customer sites having their data encrypted.
The incident only impacted a limited number of customer sites, which the company said it immediately took offline.
https://www.zdnet.com/article/web-hosting-provider-managed-shuts-down-after-ransomware-attack/
Phishing
Office 365 phishing campaign detects sandboxes to evade detection
Microsoft is tracking an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets.
"We’re tracking an active credential phishing attack targeting enterprises that uses multiple sophisticated methods for defence evasion and social engineering," Microsoft said.
"The campaign uses timely lures relevant to remote work, like password updates, conferencing info, helpdesk tickets, etc."
Malware
Adult site users targeted with ZLoader malware via fake Java update
A malware campaign ongoing since the beginning of the year has recently changed tactics, switching from exploit kits to social engineering to target adult content consumers.
The operators use an old trick to distribute a variant of ZLoader, a banking trojan that made a comeback earlier this year after an absence of almost two years, now used as an info stealer.
Lazarus malware strikes South Korean supply chains
Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates.
Cyber security researchers reported the abuse of the certificates, stolen from two separate, legitimate South Korean companies.
https://www.zdnet.com/article/lazarus-malware-strikes-south-korean-supply-chains/
Malware activity spikes 128%, Office document phishing skyrockets
The report demonstrates threat actors becoming even more ruthless. Throughout Q3, hackers shifted focus from home networks to overburdened public entities, including the education sector and the Election Assistance Commission (EAC). Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.
https://www.helpnetsecurity.com/2020/11/13/malware-activity-q3-2020/
Cloud
Attackers can abuse a misconfigured IAM role across 16 Amazon services
Researchers at Palo Alto’s Unit 42 have confirmed that they have compromised a customer’s AWS cloud account with thousands of workloads using a misconfigured identity and access management (IAM) role.
Vulnerabilities
More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug
A year and a half after Microsoft disclosed the BlueKeep vulnerability impacting the Windows RDP service, more than 245,000 Windows systems still remain unpatched and vulnerable to attacks.
The number represents around 25% of the 950,000 systems that were initially discovered to be vulnerable to BlueKeep attacks during a first scan in May 2019.
Windows Kerberos authentication breaks due to security updates
Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released to address CVE-2020-17049 during this month's Patch Tuesday, on November 10.
Cisco Patches Critical Flaw After PoC Exploit Code Release
A critical path-traversal flaw exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.
A day after proof-of-concept (PoC) exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch.
https://threatpost.com/critical-cisco-flaw-sensitive-data/161305/
Widespread Scans Underway for RCE Bugs in WordPress Websites
WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.
Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers.
According to the Wordfence Threat Intelligence team, more than 7.5 million probes targeting these vulnerabilities have been observed, against more than 1.5 million WordPress sites, just since Tuesday.
https://threatpost.com/widespread-scans-rce-bugs-wordpress-websites/161374/
Webex fixed some seriously spooky security flaws
Cisco has patched several troubling security vulnerabilities in its Webex video conferencing service.
The flaws in the video conferencing software were flagged. Researchers took a deeper look at the collaboration tools being used for day-to-day work to better understand how they could impact sensitive meetings now being held virtually. During its investigation, the company's security researchers discovered three vulnerabilities in Webex.
https://www.techradar.com/news/cisco-webex-had-some-very-spooky-security-flaws
Data Breaches
Animal Jam was hacked, and data stolen; here’s what parents need to know
WildWorks, the gaming company that makes the popular kids game Animal Jam, has confirmed a data breach.
Animal Jam is one of the most popular games for kids, ranking in the top five games in the 9-11 age category in Apple’s App Store in the U.S., according to data provided by App Annie. But while no data breach is ever good news, WildWorks has been more forthcoming about the incident than most companies would be, making it easier for parents to protect both their information and their kids’ data.
https://techcrunch.com/2020/11/16/animal-jam-data-breach/
Crown Prosecution Service guilty of ‘serious’ data breaches
Prosecutors are routinely guilty of “serious” data breaches that can endanger the public by disclosing addresses of people who report crimes, a watchdog has revealed.
Independent assessors of the Crown Prosecution Service found that prosecutors in England and Wales were responsible for “a significant number of data security breaches”.
Privacy
MacOS Big Sur reveals Apple secretly hates your VPN and firewall
If you're using a Mac VPN and recently updated your device to Big Sur, your privacy may be at risk as it was discovered that Apple apps are able to bypass both firewalls and VPN services in the company's latest version of macOS.
Twitter user mxswd first spotted the issue back in October and provided more details in a tweet which reads: “Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running”.
https://www.techradar.com/uk/news/macos-big-sur-reveals-apple-secretly-hates-your-vpn-and-firewall
Server failure unearths massive macOS tracking plans
More serious doubts have been raised about Apple's snooping tactics following fresh revelations about the company's macOS software. We’ve already reported how apps in the latest release of macOS can bypass firewalls and VPNs and how the release was bricking some older MacBook Pro machines.
https://www.techradar.com/news/server-failure-unearths-massive-macos-tracking-plans
Employee surveillance software demand increased as workers transitioned to home working
As people hunkered down to work from home during COVID-19, companies turned to employee surveillance software to track their staff.
What does the rise of intrusive tools such as employee surveillance software mean for workers at home?
A new study shows that the demand for employee surveillance software was up 55% in June 2020 compared to the pre-pandemic average. From webcam access to random screenshot monitoring, these surveillance software products can record almost everything an employee does on their computer.
Los Angeles police ban facial recognition software and launch review after officers accused of unauthorized use
The Los Angeles police department (LAPD) has banned commercial facial recognition software and launched a review after 25 officers were accused of using it unofficially to try to identify people.
https://www.theregister.com/2020/11/19/lapd_facial_recogntion/
Nation State Actors
More than 200 systems infected by new Chinese APT 'FunnyDream'
A new Chinese state-sponsored hacking group (also known as an APT) has infected more than 200 systems across Southeast Asia with malware over the past two years.
The malware infections are part of a widespread cyber-espionage campaign carried out by a group named FunnyDream, according to a new report published today by security firm Bitdefender.
The attacks have primarily targeted Southeast Asian governments. While Bitdefender has not named any victim countries, a report published earlier this spring by fellow security firm Kaspersky Lab has identified FunnyDream targets in Malaysia, Taiwan, and the Philippines, with the most victims being located in Vietnam.
https://www.zdnet.com/article/more-than-200-systems-infected-by-new-chinese-apt-funnydream/
Massive, China-state-funded hack hits companies around the world, report says
Attacks are linked to Cicada, a group believed to be funded by the Chinese state.
Researchers have uncovered a massive hacking campaign that’s using sophisticated tools and techniques to compromise the networks of companies around the world.
The hackers, most likely from a well-known group that’s funded by the Chinese government, are outfitted with both off-the-shelf and custom-made tools. One such tool exploits Zerologon, the name given to a Windows server vulnerability, patched in August, that can give attackers instant administrator privileges on vulnerable systems.
Other News
Hackers are leaning more heavily on cloud resources
Underground cloud services may seem like an oxymoron, but they are quite real, and criminals are using them to speed up attacks and leave very little room for compromised businesses to react.
This is according to a new report from cybersecurity firm Trend Micro, which found terabytes of internal business data and logins - including for Google, Amazon and PayPal - for sale on the dark web.
https://www.itproportal.com/news/hackers-are-leaning-more-heavily-on-cloud-resources/
CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024
Digital attack attempts in industrial environments are on the rise. In February 2020, IBM X-Force reported that it had observed a 2,000% increase in the attempts by threat actors to target Industrial Control Systems (ICS) and Operational Technology (OT) assets between 2018 and 2020. This surge eclipsed the total number of attacks against organizations’ industrial environments that had occurred over the previous three years combined.
Reports Published in the Last Week
Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world
https://nakedsecurity.sophos.com/2020/11/18/sophos-threat-report-2021/
Verizon Releases First Cyber-Espionage Report
https://www.infosecurity-magazine.com/news/verizon-releases-first-cyber/
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Cyber Weekly Flash Briefing for 01 February 2020 - Users fall for phishing, 68% of firms suffer end point attacks, Cisco WebEx flaws, cost to recover from ransomware doubles, UN hacked via SharePoint
Cyber Weekly Flash Briefing for 01 February 2020 - Users fall for phishing, 68% of firms victims of end point attacks, Cisco WebEx flaws, costs of recovering from ransomware doubles, UN hacked via SharePoint
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Phishing: You're not as good at spotting scams as you think you are
Most people say they know about phishing and what it involves yet just 5% were able to correctly identify all types of scams according to a survey of nearly 1,000 people from Security.org.
Nearly everyone (96%) knew about phishing and 88% said they could accurately define it. Yet nearly half (47%) didn't know that phishing can happen through software, 43% thought that advertisements are safe; and nearly one-third (30%) didn't know that social media platforms can be sources of phishing.
Phishing has grown in terms of the number of people affected, expanding by 59% over a four-year period. The FBI counted more than 26,300 victims in 2018. It is in the FBI's top four cybercrimes, which includes extortion, non-delivery and identity theft.
More here: https://www.zdnet.com/article/phishing-is-becoming-more-sophisticated-only-5-can-spot-all-scams/
68% of organizations were victims of endpoint attacks in 2019, 80% as a result of zero-days
Organisations are not making progress in reducing their endpoint security risk, especially against new and unknown threats, a Ponemon Institute study reveals.
68% IT security professionals say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019, an increase from 54% of respondents in 2017.
Of those incidents that were successful, researchers say that 80% were new or unknown, they define them as “zero-day attacks.” These attacks either involved the exploitation of undisclosed vulnerabilities or the use of new malware variants that signature-based, detection solutions do not recognise.
Read the full article here: https://www.helpnetsecurity.com/2020/01/31/endpoint-security-risk/
Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings
Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings – no authentication necessary.
A remote attacker would not need to be authenticated to exploit the flaw, according to Cisco. All an attacker would need is the meeting ID and a Webex mobile application for either iOS or Android.
Read the full article here: https://threatpost.com/cisco-webex-flaw-lets-unauthenticated-users-join-private-online-meetings/152191/
Average cost to Recover from Ransomware Skyrockets to over £64,000
It’s getting more and more expensive for victims of ransomware attacks to recover. The average cost more than doubled in the final quarter of 2019.
According to a new report, a typical total now stands at £63,757. That’s a little over double the previous figure of £31,227.
It’s not just the result of cybercriminals demanding steeper ransoms, though that’s certainly one factor. Others include hardware replacement and repair costs, lost revenues, and, in some incidents, damage to the victim’s brand.
Generally speaking, these costs all increase sharply in relation to the sophistication and duration of the attack.
Read the full article here: https://www.forbes.com/sites/leemathews/2020/01/26/average-cost-to-recover-from-ransomware-skyrockets-to-over-84000/#3c54c7c713a2
CEOs are deleting their social media accounts to protect against hackers
Cyberattacks are the biggest risk to businesses, with the prospect of falling victim to hacking and other cybercrime the threats that the majority of CEOs are most worried about, according to a new report on the views from the boardroom.
A professional services firm surveyed over 1,600 CEOs from around the world and found that cyberattacks have become the most feared threat for large organisations – and that many have taken actions around their personal use of technology to help protect against hackers.
A total of 80% of those surveyed listed cyber threats as the biggest risk to their business, making it the thing that most CEOs are worried about, ranking ahead of skills (79%) and the speed of technological change (75%).
Read more here: https://www.zdnet.com/article/ceos-are-deleting-their-social-media-accounts-to-protect-against-hackers/
UN hacked via unpatched SharePoint server
The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report.
The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which is a UN-founded publication that became independent in 2015 to report on the global aid community. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the “entire domain” was probably compromised by an attacker who was lurking on the UN’s networks.
Read more here: https://nakedsecurity.sophos.com/2020/01/31/un-hacked-via-unpatched-sharepoint-server/
UK proposes tougher security for smart home devices
The UK government plans to introduce a new law designed to improve the security standards of household products connected to the Internet of Things (IoT). The legislation stipulates that all consumer smart devices sold in the UK -- such as smart cameras and TVs, wearable health trackers and connected appliances -- adhere to three specific requirements.
Firstly, all IoT device passwords must be unique and unable to be reset to universal factory settings. Secondly, manufacturers must clearly provide a point of contact so anyone can get in touch to report a vulnerability, and finally, manufacturers must make it crystal clear how long their devices will receive security updates for, at the point of sale.
The proposed rules -- which are relatively straightforward from a manufacturers' point of view -- come after a long consultation period, whereby officials explored the potential impact of the growing popularity of connected devices: government research indicates there will be some 75 billion internet connected devices in homes around the world by the end of 2025. It's hoped such legislation will help prevent attacks that have, in the past, had widespread consequences. In 2016, for example, a Mirai botnet hacked into connected home devices and took down large chunks of the internet.
More here: https://www.engadget.com/2020/01/28/uk-proposes-tougher-security-for-smart-home-devices/