Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 15 September 2023

Black Arrow Cyber Threat Intelligence Briefing 15 September 2023:

-Overconfident Organisations Prone to Cyber Breaches

-Board Members Struggling to Understand Cyber Risks

-Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them

-Cyber Attacks Reach Fever Pitch in Q2 2023

-Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats

-Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing

-Europol - Financial Crime Makes “Billions” and Impacts “Millions”

-Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security

-Hackers are Dropping USB Drives Outside Buildings to Target Networks

-Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night

-If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now

-Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Overconfident Organisations Prone to Cyber Breaches

A study found that 95% of UK enterprises were very confident or somewhat confident that they do not have gaps in their security controls, yet despite this, 69% have fallen victim to a cyber attack in the last two years. One of the reasons given for this false sense of confidence was the belief that more tools meant more security; worryingly, 45% of organisations struggled with the implementation of tools due to the need for expertise. Attackers are constantly adapting their tactics to bypass the security controls that most organisations implement. It is difficult for IT teams and business leaders to maintain an objective assessment of how effective their chosen security controls are against today’s attackers. Black Arrow provides the impartial and expert advice that businesses require, including a free initial assessment, with no vested interest other than helping our clients achieve pragmatic and proportionate security.

Source: [IT Security Guru]

Board Members Struggling to Understand Cyber Risks

Board members frequently struggle to understand cyber risks, putting businesses at higher risk of attacks, a new report has found. The report noted that Board interest is being piqued as a result of growing media reporting of cyber incidents, a heightened Board focus on operational resilience post-pandemic, investor pressure and a tightening regulatory environment.

Worryingly, despite the increase in interest and increased internal and external focus on cyber risk, a number of Board-level respondents reported that they felt scared or embarrassed to ask their CISO for fear of exposing their lack of understanding.

Source: [Infosecurity Magazine]

Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them

Senior executives in today's evolving work landscape face growing cyber security threats, including extortion and device theft. The rise of ‘workcations’, which blend work and leisure, has blurred professional and personal boundaries, exposing leaders to heightened risks, and necessitating a strong focus on cyber security.

These executives are particularly attractive targets due to their access to critical information and decision-making authority. To protect their organisations, they must prioritise robust security measures, such as stronger passwords, anti-theft safeguards for devices, multi factor authentication, and, where appropriate or necessary, the use of virtual private networks. As guardians of their businesses' well-being, executives carry the responsibility of upholding stringent cyber security practices, ensuring that the benefits of remote work do not compromise their organisations' security.

Source: [Fortune]

Cyber Attacks Reach Fever Pitch in Q2 2023

A report has found the global landscape of increasing digitisation, political unrest, the emergence of AI and the widespread adoption of work from home, have all contributed to an increase in attacks, which have increased 314% in the first half of this year compared the first half of 2022.  Rather worryingly, between the first and second quarter this year, there was a 387% increase in activity.

Source: [Data Centre & Network News]

Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats

A report from the Information Commissioner’s Office (ICO) in the UK found ransomware attacks on UK organisations reached record levels last year, impacting over 700 organisations. This isn’t the true count though, as it does not factor the overwhelming majority of victims who do not report attacks, so the true number will be many times this. This increase comes as reports are finding that UK companies are struggling to address the growing threats, and this includes a lack of understanding at the Board level. In fact, 59% of directors say their Board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.

Sources: [The Record] [The Fintech Times] [Financial Times]

Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. Referring to one of the groups, Microsoft said “In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,". This tactic has also been used by Russian Nation State Actors.

Source: [Bleeping Computer]

Europol - Financial Crime Makes “Billions” and Impacts “Millions”

The European policing alliance’s first ever European Financial and Economic Crime Threat Assessment was compiled from “operational insights and strategic intelligence” contributed by member states and Europol partners. The assessment highlighted a criminal economy worth billions of euros and that impacts millions of victims each year.

Source: [Infosecurity Magazine]

Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security

A recent report found that 30% of parents have never spoken to their children about cyber security. Additionally, over 40% of parents, who themselves admitted that they didn’t know how to create strong passwords, still give their child access to their mobile phones and almost a third (32%) give them access to their computers. By doing so, parents are not only putting their children at risk, but inadvertently, themselves and the organisations they work for as well.

Black Arrow offers a range of training, including formal and informal training, for individuals, employees and business leaders. Contact us today for a free initial conversation.

Source: [IT Security Guru]

Hackers are Dropping USB Drives Outside Buildings to Target Networks

A mid-year cyber security report found that along with the explosive growth in AI, bad actors are still using tried and tested, but unfortunately still very effective, tactics such as dropping USB drives outside target buildings in the hope that an employee will pick them up and plug them into devices connected to the corporate network. Many times, these actors are banking on their targets lacking protections against these attacks. Think about your organisation, would someone plug a device they found in the street into their work computer out of curiosity? Does your organisation have controls in place to prevent this type of attack?

Source: [Tech Republic]

Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night

According to a recent survey, 55% of IT decision-makers cited data theft as their main concern, with ransomware placed third, after phishing. This comes as ransomware attackers are moving towards more exfiltration-based techniques. Exfiltration creates a significant number of issues for an organisation including the regulatory requirements of telling customers, to not knowing what data has been exfiltrated.

Source: [Information Security Buzz]

If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now

Criminals have had plenty of time to use encryption keys stolen in the 2022 LastPass hack to open vaults, and there has been a reported increase in the number of vaults that have been cracked. For those attackers that haven’t been able to crack your password, they're under no time constraints.

Whilst successful attackers may not directly target your email accounts, PayPal wallets, or banks, these assets can be packaged and sold to other criminal third parties. If any of the passwords stored in a LastPass vault prior to 2022 are still in use, you should change them immediately.

Source: [Make Use Of]

Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web

IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report. The latest haul of new CVEs brings the total number tracked by the vendor to 3,900; a number that has doubled since 2019. Similarly, a separate report from Palo Alto Networks found that 80% of security exposures exist in the cloud.

IBM highlighted that this has led to a number of cloud credentials being actively sold on the dark web, in some cases for the same price as a dozen doughnuts. These credentials are believed to account for almost 90% of goods and services for sale on the dark web.

Sources: [Infosecurity Magazine] [The Register] [TechTarget]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Containers

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Digital Transformation

Parental Controls and Child Safety

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Privacy, Surveillance and Mass Monitoring


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Misc Nation State/Cyber Warfare





Other News


Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 20 November 2020

Black Arrow Cyber Threat Briefing 20 November 2020

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.


Top Cyber Headlines of the Week


Cyber crime is 'a constant threat' to SMEs

Criminals are diversifying and growing more dangerous, while SMEs remain complacent and mostly oblivious to the threats.

With a quarter of small and medium-sized enterprises (SME) falling victim to a cyberattack in the last 12 months, the threat towards these organizations is constant. This is according to a new report from Direct Line – Business, which claims that businesses aren't doing all they can to stay safe.

The report states that, if a cyber attack were to occur, many organisations would find themselves in a seriously dangerous position given they hold less than $13,000 in cash reserves. Besides financial damage, many should also expect damaged client and customer relationships due to eroded trust.

With cybercriminals diversifying into different methods of attack, SMEs need to stay vigilant on multiple fronts. Phishing is still the most popular weapon for criminals, the report states, but malware and ransomware, as well as DDoS attacks, are also notable mentions.

https://www.itproportal.com/features/cybercrime-is-a-constant-threat-to-smes/

The most common passwords of 2020 are atrocious

Bottom line: Choosing secure passwords has never been humanity’s strong suit and let’s face it, it’s never going to be. People simply have too many accounts to protect these days, leading to poor practices such as simplifying passwords to make them easier to remember and reusing the same password across multiple accounts.

https://www.techspot.com/news/87657-most-common-passwords-2020-atrocious.html#Share

Why ransomware is still so successful: Over a quarter of victims pay the ransom

Over a quarter of organisations that fall victim to ransomware attacks opt to pay the ransom as they feel as if they have no other option than to give into the demands of cyber criminals – and the average ransom amount is now more than $1 million.

https://www.zdnet.com/article/why-ransomware-is-still-so-successful-over-a-quarter-of-victims-pay-the-ransom/

Cyber crime is maturing. Here are 6 ways organisations can keep up

In 2020, the world has experienced many challenges. Among them, hastened digitalisation has brought new opportunities but also new risks. According to the World Economic Forum Global Risks Report 2020, cyber attacks rank first among global human-caused risks and RiskIQ predicts that by 2021 cyber crime will cost the world $11.4 million each minute.

https://www.weforum.org/agenda/2020/11/how-to-protect-companies-from-cybercrime/

Ransomware-as-a-service: The pandemic within a pandemic

Ransomware is a massive problem. But you already knew that.

Technical novices, along with seasoned cyber security professionals, have witnessed over the past year a slew of ransomware events that have devastated enterprises around the world. Even those outside of cyber security are now familiar with the concept: criminals behind a keyboard have found a way into an organization’s system, prevented anyone from actually using it by locking it up, and won’t let anyone resume normal activity until the organization pays a hefty fee.

https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/

CISOs say a distributed workforce has critically increased security concerns

73% of security and IT executives are concerned about new vulnerabilities and risks introduced by the distributed workforce, Skybox Security reveals.

The report also uncovered an alarming disconnect between confidence in security posture and increased cyberattacks during the global pandemic.

https://www.helpnetsecurity.com/2020/11/18/distributed-workforce-security/


Threats


Ransomware

Capcom confirms Ragnar Locker ransomware attack, data exposure

Capcom has confirmed that a recent security incident was due to a Ragnar Locker ransomware infection, potentially leading to the exposure of customer records.

This week, the Japanese gaming giant confirmed that the company had fallen prey to "customized ransomware" which gave attackers unauthorised access to its network -- as well as the data stored on Capcom Group systems.

https://www.zdnet.com/article/capcom-confirms-ransomware-attack-potential-theft-of-customer-employee-data/

Ransomware attack forces web hosting provider Managed.com to take servers offline

One of the biggest providers of managed web hosting solutions, has taken down all its servers in order to deal with a ransomware attack.

The ransomware impacted the company's public facing web hosting systems, resulting in some customer sites having their data encrypted.

The incident only impacted a limited number of customer sites, which the company said it immediately took offline.

https://www.zdnet.com/article/web-hosting-provider-managed-shuts-down-after-ransomware-attack/


Phishing

Office 365 phishing campaign detects sandboxes to evade detection

Microsoft is tracking an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets.

"We’re tracking an active credential phishing attack targeting enterprises that uses multiple sophisticated methods for defence evasion and social engineering," Microsoft said.

"The campaign uses timely lures relevant to remote work, like password updates, conferencing info, helpdesk tickets, etc."

https://www.bleepingcomputer.com/news/security/office-365-phishing-campaign-detects-sandboxes-to-evade-detection/


Malware

Adult site users targeted with ZLoader malware via fake Java update

A malware campaign ongoing since the beginning of the year has recently changed tactics, switching from exploit kits to social engineering to target adult content consumers.

The operators use an old trick to distribute a variant of ZLoader, a banking trojan that made a comeback earlier this year after an absence of almost two years, now used as an info stealer.

https://www.bleepingcomputer.com/news/security/adult-site-users-targeted-with-zloader-malware-via-fake-java-update/

Lazarus malware strikes South Korean supply chains

Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates.

Cyber security researchers reported the abuse of the certificates, stolen from two separate, legitimate South Korean companies.

https://www.zdnet.com/article/lazarus-malware-strikes-south-korean-supply-chains/

Malware activity spikes 128%, Office document phishing skyrockets

The report demonstrates threat actors becoming even more ruthless. Throughout Q3, hackers shifted focus from home networks to overburdened public entities, including the education sector and the Election Assistance Commission (EAC). Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

https://www.helpnetsecurity.com/2020/11/13/malware-activity-q3-2020/


Cloud

Attackers can abuse a misconfigured IAM role across 16 Amazon services

Researchers at Palo Alto’s Unit 42 have confirmed that they have compromised a customer’s AWS cloud account with thousands of workloads using a misconfigured identity and access management (IAM) role.

https://www.scmagazine.com/home/security-news/cloud-security/attackers-can-abuse-a-misconfigured-iam-role-across-16-aws-services/


Vulnerabilities

More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug

A year and a half after Microsoft disclosed the BlueKeep vulnerability impacting the Windows RDP service, more than 245,000 Windows systems still remain unpatched and vulnerable to attacks.

The number represents around 25% of the 950,000 systems that were initially discovered to be vulnerable to BlueKeep attacks during a first scan in May 2019.

https://www.zdnet.com/article/more-than-245000-windows-systems-still-remain-vulnerable-to-bluekeep-rdp-bug/

Windows Kerberos authentication breaks due to security updates

Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released to address CVE-2020-17049 during this month's Patch Tuesday, on November 10.

https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-due-to-security-updates/

Cisco Patches Critical Flaw After PoC Exploit Code Release

A critical path-traversal flaw exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.

A day after proof-of-concept (PoC) exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch.

https://threatpost.com/critical-cisco-flaw-sensitive-data/161305/

Widespread Scans Underway for RCE Bugs in WordPress Websites

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.

Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers.

According to the Wordfence Threat Intelligence team, more than 7.5 million probes targeting these vulnerabilities have been observed, against more than 1.5 million WordPress sites, just since Tuesday.

https://threatpost.com/widespread-scans-rce-bugs-wordpress-websites/161374/

Webex fixed some seriously spooky security flaws

Cisco has patched several troubling security vulnerabilities in its Webex video conferencing service.

The flaws in the video conferencing software were flagged. Researchers took a deeper look at the collaboration tools being used for day-to-day work to better understand how they could impact sensitive meetings now being held virtually. During its investigation, the company's security researchers discovered three vulnerabilities in Webex.

https://www.techradar.com/news/cisco-webex-had-some-very-spooky-security-flaws


Data Breaches

Animal Jam was hacked, and data stolen; here’s what parents need to know

WildWorks,  the gaming company that makes the popular kids game Animal Jam, has confirmed a data breach.

Animal Jam is one of the most popular games for kids, ranking in the top five games in the 9-11 age category in Apple’s App Store in the U.S., according to data provided by App Annie. But while no data breach is ever good news, WildWorks has been more forthcoming about the incident than most companies would be, making it easier for parents to protect both their information and their kids’ data.

https://techcrunch.com/2020/11/16/animal-jam-data-breach/

Crown Prosecution Service guilty of ‘serious’ data breaches

Prosecutors are routinely guilty of “serious” data breaches that can endanger the public by disclosing addresses of people who report crimes, a watchdog has revealed.

Independent assessors of the Crown Prosecution Service found that prosecutors in England and Wales were responsible for “a significant number of data security breaches”.

https://www.thetimes.co.uk/article/crown-prosecution-service-guilty-of-serious-data-breaches-k7vhl0hnf


Privacy

MacOS Big Sur reveals Apple secretly hates your VPN and firewall

If you're using a Mac VPN and recently updated your device to Big Sur, your privacy may be at risk as it was discovered that Apple apps are able to bypass both firewalls and VPN services in the company's latest version of macOS.

Twitter user mxswd first spotted the issue back in October and provided more details in a tweet which reads: “Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running”.

https://www.techradar.com/uk/news/macos-big-sur-reveals-apple-secretly-hates-your-vpn-and-firewall

Server failure unearths massive macOS tracking plans

More serious doubts have been raised about Apple's snooping tactics following fresh revelations about the company's macOS software. We’ve already reported how apps in the latest release of macOS can bypass firewalls and VPNs and how the release was bricking some older MacBook Pro machines.

https://www.techradar.com/news/server-failure-unearths-massive-macos-tracking-plans

Employee surveillance software demand increased as workers transitioned to home working

As people hunkered down to work from home during COVID-19, companies turned to employee surveillance software to track their staff.

What does the rise of intrusive tools such as employee surveillance software mean for workers at home?

A new study shows that the demand for employee surveillance software was up 55% in June 2020 compared to the pre-pandemic average. From webcam access to random screenshot monitoring, these surveillance software products can record almost everything an employee does on their computer.

https://www.zdnet.com/article/employee-surveillance-software-demand-increased-as-workers-transitioned-to-home-working/

Los Angeles police ban facial recognition software and launch review after officers accused of unauthorized use

The Los Angeles police department (LAPD) has banned commercial facial recognition software and launched a review after 25 officers were accused of using it unofficially to try to identify people.

https://www.theregister.com/2020/11/19/lapd_facial_recogntion/


Nation State Actors

More than 200 systems infected by new Chinese APT 'FunnyDream'

A new Chinese state-sponsored hacking group (also known as an APT) has infected more than 200 systems across Southeast Asia with malware over the past two years.

The malware infections are part of a widespread cyber-espionage campaign carried out by a group named FunnyDream, according to a new report published today by security firm Bitdefender.

The attacks have primarily targeted Southeast Asian governments. While Bitdefender has not named any victim countries, a report published earlier this spring by fellow security firm Kaspersky Lab has identified FunnyDream targets in Malaysia, Taiwan, and the Philippines, with the most victims being located in Vietnam.

https://www.zdnet.com/article/more-than-200-systems-infected-by-new-chinese-apt-funnydream/

Massive, China-state-funded hack hits companies around the world, report says

Attacks are linked to Cicada, a group believed to be funded by the Chinese state.

Researchers have uncovered a massive hacking campaign that’s using sophisticated tools and techniques to compromise the networks of companies around the world.

The hackers, most likely from a well-known group that’s funded by the Chinese government, are outfitted with both off-the-shelf and custom-made tools. One such tool exploits Zerologon, the name given to a Windows server vulnerability, patched in August, that can give attackers instant administrator privileges on vulnerable systems.

https://arstechnica.com/information-technology/2020/11/massive-china-state-funded-hack-hits-companies-around-the-word-report-says/


Other News

Hackers are leaning more heavily on cloud resources

Underground cloud services may seem like an oxymoron, but they are quite real, and criminals are using them to speed up attacks and leave very little room for compromised businesses to react.

This is according to a new report from cybersecurity firm Trend Micro, which found terabytes of internal business data and logins - including for Google, Amazon and PayPal - for sale on the dark web.

https://www.itproportal.com/news/hackers-are-leaning-more-heavily-on-cloud-resources/

CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024

Digital attack attempts in industrial environments are on the rise. In February 2020, IBM X-Force reported that it had observed a 2,000% increase in the attempts by threat actors to target Industrial Control Systems (ICS) and Operational Technology (OT) assets between 2018 and 2020. This surge eclipsed the total number of attacks against organizations’ industrial environments that had occurred over the previous three years combined.

https://www.tripwire.com/state-of-security/risk-based-security-for-executives/ceo-personally-liable-cyber-physical-security-incidents/


Reports Published in the Last Week

Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world

https://nakedsecurity.sophos.com/2020/11/18/sophos-threat-report-2021/

Verizon Releases First Cyber-Espionage Report

https://www.infosecurity-magazine.com/news/verizon-releases-first-cyber/


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

 

Read More
Black Arrow Admin Black Arrow Admin

Cyber Weekly Flash Briefing for 01 February 2020 - Users fall for phishing, 68% of firms suffer end point attacks, Cisco WebEx flaws, cost to recover from ransomware doubles, UN hacked via SharePoint

Cyber Weekly Flash Briefing for 01 February 2020 - Users fall for phishing, 68% of firms victims of end point attacks, Cisco WebEx flaws, costs of recovering from ransomware doubles, UN hacked via SharePoint

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.


Phishing: You're not as good at spotting scams as you think you are

Most people say they know about phishing and what it involves yet just 5% were able to correctly identify all types of scams according to a survey of nearly 1,000 people from Security.org.

Nearly everyone (96%) knew about phishing and 88% said they could accurately define it. Yet nearly half (47%) didn't know that phishing can happen through software, 43% thought that advertisements are safe; and nearly one-third (30%) didn't know that social media platforms can be sources of phishing.

Phishing has grown in terms of the number of people affected, expanding by 59% over a four-year period. The FBI counted more than 26,300 victims in 2018. It is in the FBI's top four cybercrimes, which includes extortion, non-delivery and identity theft.

More here: https://www.zdnet.com/article/phishing-is-becoming-more-sophisticated-only-5-can-spot-all-scams/


68% of organizations were victims of endpoint attacks in 2019, 80% as a result of zero-days

Organisations are not making progress in reducing their endpoint security risk, especially against new and unknown threats, a Ponemon Institute study reveals.

68% IT security professionals say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019, an increase from 54% of respondents in 2017.

Of those incidents that were successful, researchers say that 80% were new or unknown, they define them as “zero-day attacks.” These attacks either involved the exploitation of undisclosed vulnerabilities or the use of new malware variants that signature-based, detection solutions do not recognise.

Read the full article here: https://www.helpnetsecurity.com/2020/01/31/endpoint-security-risk/


Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

Cisco Systems has fixed a high-severity vulnerability in its popular Webex video conferencing platform, which could let strangers barge in on password-protected meetings – no authentication necessary.

A remote attacker would not need to be authenticated to exploit the flaw, according to Cisco. All an attacker would need is the meeting ID and a Webex mobile application for either iOS or Android.

Read the full article here: https://threatpost.com/cisco-webex-flaw-lets-unauthenticated-users-join-private-online-meetings/152191/


Average cost to Recover from Ransomware Skyrockets to over £64,000

It’s getting more and more expensive for victims of ransomware attacks to recover. The average cost more than doubled in the final quarter of 2019.

According to a new report, a typical total now stands at £63,757. That’s a little over double the previous figure of £31,227.

It’s not just the result of cybercriminals demanding steeper ransoms, though that’s certainly one factor. Others include hardware replacement and repair costs, lost revenues, and, in some incidents, damage to the victim’s brand.

Generally speaking, these costs all increase sharply in relation to the sophistication and duration of the attack.

Read the full article here: https://www.forbes.com/sites/leemathews/2020/01/26/average-cost-to-recover-from-ransomware-skyrockets-to-over-84000/#3c54c7c713a2


CEOs are deleting their social media accounts to protect against hackers

Cyberattacks are the biggest risk to businesses, with the prospect of falling victim to hacking and other cybercrime the threats that the majority of CEOs are most worried about, according to a new report on the views from the boardroom.

A professional services firm surveyed over 1,600 CEOs from around the world and found that cyberattacks have become the most feared threat for large organisations – and that many have taken actions around their personal use of technology to help protect against hackers.

A total of 80% of those surveyed listed cyber threats as the biggest risk to their business, making it the thing that most CEOs are worried about, ranking ahead of skills (79%) and the speed of technological change (75%).

Read more here: https://www.zdnet.com/article/ceos-are-deleting-their-social-media-accounts-to-protect-against-hackers/


UN hacked via unpatched SharePoint server

The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report.

The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which is a UN-founded publication that became independent in 2015 to report on the global aid community. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the “entire domain” was probably compromised by an attacker who was lurking on the UN’s networks.

Read more here: https://nakedsecurity.sophos.com/2020/01/31/un-hacked-via-unpatched-sharepoint-server/


UK proposes tougher security for smart home devices

The UK government plans to introduce a new law designed to improve the security standards of household products connected to the Internet of Things (IoT). The legislation stipulates that all consumer smart devices sold in the UK -- such as smart cameras and TVs, wearable health trackers and connected appliances -- adhere to three specific requirements.

Firstly, all IoT device passwords must be unique and unable to be reset to universal factory settings. Secondly, manufacturers must clearly provide a point of contact so anyone can get in touch to report a vulnerability, and finally, manufacturers must make it crystal clear how long their devices will receive security updates for, at the point of sale.

The proposed rules -- which are relatively straightforward from a manufacturers' point of view -- come after a long consultation period, whereby officials explored the potential impact of the growing popularity of connected devices: government research indicates there will be some 75 billion internet connected devices in homes around the world by the end of 2025. It's hoped such legislation will help prevent attacks that have, in the past, had widespread consequences. In 2016, for example, a Mirai botnet hacked into connected home devices and took down large chunks of the internet.

More here: https://www.engadget.com/2020/01/28/uk-proposes-tougher-security-for-smart-home-devices/


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Read More