Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 25 August 2023
Black Arrow Cyber Threat Intelligence Briefing 25 August 2023:
-Cloud Hosting Firm Loses All Customer Data After Ransomware Attack
-Would You Infect Others to Rid Yourself of Ransomware?
-Artificial Intelligence and USBs Drive 8% Rise in Cyber Attacks
-Ransomware Attacks Broke Records in July, Mainly Driven By One Group
-Cyber Risk in The Boardroom
-Malware-Infected Advertising Grows Ever More Sophisticated, And More Damaging
-Cyber Security is Everyone’s Responsibility
-QR Code Hacks Are Another Thing to Worry About Now
-Security Basics Aren’t So Basic Anymore
-Apple MacOS Security Myths
-Security Leaders Report Misalignment of Investments and Risk Reduction
-Many CISOs Tout SaaS (Cloud) Cyber Security Confidence, but 79% Admit to SaaS Incidents, New Report Finds
-If You Ever Used Duolingo, Watch Out for Phishing Email
-91% of Security and IT Professionals Agree Cyber Criminals are Already Using AI in Email Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cloud Hosting Firm Loses All Customer Data After Ransomware Attack
CloudNordic, a Danish cloud hosting provider, has told customers to consider all of their data as having been lost following a ransomware infection that encrypted the large Danish cloud provider. The threat actors had destroyed the organisation’s backups, which prevented the firm from recovering effectively. The attack also impacted AzeroCloud, which is owned by the same company.
Worryingly, many organisations believe that having backups and using the cloud is enough for them to be able to recover from any cyber incident; unfortunately, as shown in the CloudNordic and AzeroCloud attacks, it is not enough. Organisations need to have a recovery plan in place which is tested and improved, to best strengthen themselves in the event of a cyber incident.
Sources: [The Register] [Bleeping Computer] [Help Net Security]
Would You Infect Others to Rid Yourself of Ransomware?
Hackers continually develop ransomware with new and creative attack methods that keep internet security professionals on their toes and pose challenges for people trying to detect threats. Victims of ransomware usually see messages asking them to pay for file access restoration; however, the Popcorn Time ransomware group takes a different approach to getting victims involved.
The Popcorn Time ransomware approach works via the referral method. The ransomware group is willing to give victims access to their files if they send the referral link to two other people, extending the attacker’s reach. Most people would hesitate to distribute a ransomware link through email, WhatsApp, or another method that is easy for victims to identify them as the perpetrators. Law enforcement bodies categorise ransomware attacks as crimes that come with hefty fines and prison time. Even those choosing to send the links to people they know face disastrous consequences beyond law enforcement, including the loss of jobs and relationships.
Source: [CyberNews]
Artificial Intelligence and USBs Drive 8% Rise in Cyber Attacks
Checkpoint’s 2023 Mid-Year Security Report shows an 8% surge in global weekly cyber attacks during Q2, marking the most significant increase in two years. The report highlights the fusion of advanced artificial intelligence (AI) technology with traditional tools like USB devices used for disruptive cyber attacks.
Other significant findings include the evolution of ransomware tactics. The report found that ransomware groups are exploiting vulnerabilities in common corporate software and shifting focus from encrypting data to stealing it. USB devices have resurfaced as threats, employed by both state-affiliated groups and cyber-criminals to distribute malware globally. The misuse of AI has escalated, as attackers use generative AI tools for phishing emails, keystroke monitoring malware and basic ransomware code.
Source: [InfoSecurity Magazine]
Ransomware Attacks Broke Records in July, Mainly Driven By One Group
A number of ransomware actors are utilising the threat of releasing sensitive data to get organisations to pay ransoms; in some cases this is combined with encryption to give the actor two avenues of payment. A report has found there were over 500 attacks last month, an increase of 153% compared to one year ago, and a 16% increase compared to June. Within Europe, there was a 59% increase in ransomware attacks from June to July.
Part of the significant rise is due to the ransomware group called Cl0p, whose attack on the MOVEit software has accounted for hundreds of victims this year. The Cl0p ransomware group has kept its promise to publish files on the clearweb of all its victims if contact was not made. The clearweb is simply what we know as the internet; anyone can access it. As such, there will be many organisations who are now having their sensitive data published and readily viewable for anyone who has access to the internet.
Sources: [Gov Info Seccurity] [Security Week] [ZDNET] [Cyber News]
Cyber Risk in The Boardroom
The relationship between the CISO and the wider boardroom has become increasingly cooperative, with 77% of CEO’s seeing cyber as a strategic function and a potential source of competitive advantage. While it is ultimately up to the board to take steps to keep cybersecurity high on the agenda, the CISO also has a responsibility to press the message and bridge any gaps.
CISOs must deliver concerns, strategies and recommendations in a business-first manner, while avoiding jargon and overly technical language. Attracting and retaining good quality senior security professionals is very challenging in the current market and Black Arrow offer a fractional CISO service, giving access to a whole team of specialists with wider expertise, experience and backgrounds, for less than the cost of hiring one individual.
Sources: [Security Week] [TechRadar]
Malware-Infected Advertising Grows Ever More Sophisticated, And More Damaging
The malware exploits known as malware-infected ads, or malvertising, have been around for decades, but new reports point to a steady rise in efficacy. With malvertising, the infected ads are typically placed on legitimate ad networks, which makes them more difficult to spot and remove. The technique continues to use more and more sophisticated mechanisms for getting their infections spread throughout the web and keeping them running for a long time. The exploits can operate in one of several ways, including intercepting a user’s clickstream on random hyperlinks and substituting them with redirects to advertising websites.
Adblockers either on endpoints or at the network level can also help to prevent malvertising from causing harm.
Source: [SiliconAngle]
Cyber Security is Everyone’s Responsibility
A recent survey found that 41% of respondents said that poor quality training, or a lack of training altogether, and insider threats were impacting their organisation’s security. Cyber security involves everyone as any employee can be an entry point for a cyber incident, but they also have the power to prevent one. It is important to make sure all employees are provided adequate training. Not every role requires the same training however, so it is important for organisations to identify and provide training that is appropriate to employees. Black Arrow provide live in person and online instructor lead cyber security training, both through Cyber Risk and Governance Workshops for Senior Leadership and Awareness, Behaviour and Culture Training for employees and contractors.
Source: [IT Pro Today]
QR Code Hacks Are Another Thing to Worry About Now
One of the upcoming technologies thrust upon us is QR codes. At this point, you can find them at most restaurants and parking sites. You simply scan the code and you are taken to the relevant site, for example, the menu for the restaurant. Attackers have cottoned on to this and started to use QR codes in phishing attacks; the idea being that the victim will scan the code without scrutinising it and be taken to a malicious website instead.
Source: [Bloomberg]
Security Basics Aren’t So Basic Anymore
The basics of cyber security, it turns out, aren’t so basic anymore. What was considered basic has moved way beyond just having firewalls and antivirus, and the most basic controls nowadays include more advanced controls such as robust identity and access management, multi-factor authentication (MFA) and patching and vulnerability management. Many of these now basic controls are lacking or non-existent across the economy according to cyber security experts. A report found that only 28% of Microsoft users had MFA enabled as 2022 closed.
You can’t solve all the problems at once. However, progress on these fronts also relies heavily on the need for a cultural shift. Organisations need to get to the point where they view cyber security in the same light as locks on doors and seatbelts in cars.
Source: [CioDive]
Apple MacOS Security Myths
Apple has maintained a reputation as being more secure than other manufacturers, and whilst Apple has put many different security mechanisms into its operating system, no technology is bulletproof. Assuming an Apple device is invulnerable can lead users to believe that their Mac will not get viruses or be subject to a plethora of other cyber threats. As a result, this can lead to poor cyber hygiene from the individual, as they assume they are safe regardless of what they do. Apple users need to remain every bit as aware of risks, social engineering, keeping devices up to date, and having appropriate security controls.
Source: [Huntress]
Security Leaders Report Misalignment of Investments and Risk Reduction
The cyber risk landscape was analysed in a recent report that examined the amount of risk that organisations are willing to accept, their resource constraints and key priorities for approaching cyber risk in the future. The report found 66% of respondents indicating that they have limited visibility and insight into their cyber risk profiles, hindering their ability to prioritise investments and allocate resources effectively. 67% of organisations experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place. Further, 61% of security executives expressed concerns over the current misalignment between cyber security investments and their organisation's risk reduction priorities.
Source: [InfoSecurity Magazine]
Many CISOs Tout SaaS (Cloud) Cyber Security Confidence, but 79% Admit to Incidents
Cyber security, IT, and business leaders alike recognise SaaS (cloud) cyber security as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cyber security as 85% answered that they are confident or very confident in their company's or customer's data security in sanctioned SaaS apps.
Despite the confidence, 79% of respondents confirmed that their organisation had identified SaaS cyber security incidents over the past 12 months. Many of those incidents occurred in environments with cyber security policies in place and enforced, as 66% of respondents claimed in their responses.
Source: [The Hacker News]
If You Ever Used Duolingo, Watch Out for Phishing Email
Users of Duolingo, past and present, should be wary of phishing emails as data on about 2.6 million accounts were scraped through an exposed application programming interface (API), and then offered on a hacking forum back in January. Login and real names, email addresses, phone numbers, and courses studied were part of the collection, which went for $1,500. Now that data has resurfaced on a different forum, and at a substantially lower cost of just a few dollars, users of the service can expect this data to be used in fresh phishing campaigns.
Source: [PCWorld]
91% of Security and IT Professionals: Criminals are Already Using AI in Email Attacks
Recent research found that 91% of security and IT professionals are noticing cyber criminals already using AI as part of email attack campaigns, with 74% indicating they have experienced an increase in the use of AI by cyber criminals in the past six months. This is worrying as 52% reported that email security is among one of their top three concerns.
Organisations need to make sure that their technologies, procedures and policies are updated to factor in AI-enabled email attacks to help reduce the risk they pose to the organisation. Such improvements should also include employees.
Source: [PR Newswire]
Governance, Risk and Compliance
Cyber security 'number one on the agenda in boardrooms,' Cramer says (cnbc.com)
Firms have mere hours to deflect cyber attacks, warns cyber security CEO (cointelegraph.com)
The End of “Groundhog Day” for the Security in the Boardroom Discussion? - SecurityWeek
How Cyber Security Leaders Can Help Lower Expenses While Reducing Risk (informationweek.com)
Cyber crime: A Multi-Billion-Dollar Industry (thecyberwire.com)
How the downmarket impacted enterprise cyber security budgets - Help Net Security
The Changing Landscape of Cyber Security Education (inforisktoday.com)
Protect Your Cyber Security Budget and Your Organisation | Dell USA
Rapid cyber attacks demand modernised security, says Palo Alto CEO (crypto.news)
Threats
Ransomware, Extortion and Destructive Attacks
Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy | Cybernews
Cuba ransomware gang looking for unpatched Veeam installations: Report | IT Business
Ransomware attacks broke records in July, mainly driven by this one group | ZDNET
Hosting firm says it lost all customer data after ransomware attack (bleepingcomputer.com)
Would You Infect Others to Rid Yourself of Ransomware? (makeuseof.com)
How Application Allowlisting Combats Ransomware Attacks (securityintelligence.com)
Akira ransomware gang spotted targeting Cisco VPN products to hack organisations-Security Affairs
Why Ransomware Gangs Opt for Encryption-Less Attacks (govinfosecurity.com)
MOVEit Health Data Breach Tally Keeps Growing (inforisktoday.com)
British intelligence is tipping off ransomware targets to disrupt attacks (therecord.media)
What the Hive Ransomware Case Says About RaaS and Cryptocurrency (darkreading.com)
Three trends to watch in the growing threat landscape (betanews.com)
Ransomware Victims
Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy | Cybernews
Hosting firm says it lost all customer data after ransomware attack (bleepingcomputer.com)
BlackCat ransomware group claims the hack of Seiko network -Security Affairs
Mysterious Cyber Attack Shuts Down Yet More Telescopes For Weeks | IFLScience
St Helens Council hit by suspected Ransomware cyber attack | St Helens Star
Phishing & Email Based Attacks
91% of security pros say cyber criminals are using AI in email attacks | Security Magazine
Cyber criminals turn to AI to bypass modern email security measures - Help Net Security
New Generation of Phishing Hides Behind Trusted Services (securityintelligence.com)
New phishing campaign recognised in Europe and South America | Security Magazine
If you ever used Duolingo, watch out for phishing emails | PCWorld
Open redirect flaws increasingly exploited by phishers - Help Net Security
How to spot phishing on a hacked WordPress website | Kaspersky official blog
New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia (thehackernews.com)
eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot (darkreading.com)
Phish in a Barrel: Real-World Cyber Attack Examples (govinfosecurity.com)
Email Security: Top 5 Threats and How to Protect Your Business - ReadWrite
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)
What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)
Artificial Intelligence
Cyber criminals turn to AI to bypass modern email security measures - Help Net Security
Tricks for making AI chatbots break rules are freely available online | New Scientist
What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)
Generative AI Is Scraping Your Data. So, Now What? (darkreading.com)
Fake versions of Google Bard are spreading malware | TechRadar
AI and the evolution of surveillance systems - Help Net Security
Thinking of Deploying Generative AI? You May Already Have (govinfosecurity.com)
Three trends to watch in the growing threat landscape (betanews.com)
Careful -- Hackers are targeting Google Bard ads for malware | Digital Trends
Malware
Serious WinRAR Flaw Can Be Exploited to Launch Malware (pcmag.com)
Hackers use VPN provider's code certificate to sign malware (bleepingcomputer.com)
HiatusRAT Malware Resurfaces: Taiwan Firms and US Military Under Attack (thehackernews.com) Ask the Mac Guy: macOS Security Myths (huntress.com)
New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App (thehackernews.com)
Researchers Uncover New Lazarus Group Malware Details | Decipher (duo.com)
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
TP-Link smart bulbs can let hackers steal your WiFi password (bleepingcomputer.com)
When Your Home Security System Turns the Camera on You | The Epoch Times
Anticipating the next wave of IoT cyber security challenges - Help Net Security
The Physical Impact of Cyber Attacks on Cities (darkreading.com)
Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick? - SecurityWeek
Data Breaches/Leaks
Tesla Data Breach Investigation Reveals Inside Job (darkreading.com)
Leak of 75k staff records was insiders' fault, Tesla claims • The Register
Guernsey CCTV investigation widened after more footage leaked | Bailiwick Express Jersey
Scraped data of 2.6 million Duolingo users released on hacking forum (bleepingcomputer.com)
Thousands of Charity Donors Have Details Leaked Onto Dark Web | The Epoch Times
How a Christie’s website revealed where people kept their art | The Seattle Times
Defence contractor Belcan leaks admin password with a list of flaws-Security Affairs
What lessons must be learned from the Electoral Register cyber attack? | theHRD (thehrdirector.com)
5 Early Warning Indicators That Are Key to Protecting National Secrets (darkreading.com)
University of Minnesota Confirms Data Breach, Says Ransomware Not Involved - SecurityWeek
Organised Crime & Criminal Actors
Check Point reveals 8% spike in global cyber attacks by mid-2023 (securitybrief.co.nz)
UK Court Convicts Lapsus$ Hacker for Breaching ISP BT and EE UPDATE - ISPreview UK
Cyber crime: A Multi-Billion-Dollar Industry (thecyberwire.com)
Hacking group KittenSec claims to 'pwn anything we see' to expose corruption | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)
What the Hive Ransomware Case Says About RaaS and Cryptocurrency (darkreading.com)
Insider Risk and Insider Threats
Leak of 75k staff records was insiders' fault, Tesla claims • The Register
Three trends to watch in the growing threat landscape (betanews.com)
Phish in a Barrel: Real-World Cyber Attack Examples (govinfosecurity.com)
Fraud, Scams & Financial Crime
Interpol arrest 14 who allegedly scammed $40m from victims • The Register
Germany Hunts for Cyber Criminals Amid Billion-Euro Scams - Bloomberg
Sneaky Amazon Google ad leads to Microsoft support scam (bleepingcomputer.com)
Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)
Surge in identity crime victims reporting suicidal thoughts - Help Net Security
Impersonation Attacks
Deepfakes
Insurance
Cyber security insurance is missing the risk - Help Net Security
Cyber Security Insurance Market Size & Share Analysis - (globenewswire.com)
Dark Web
Supply Chain and Third Parties
Cloud/SaaS
Cloud hosting firms hit by devastating ransomware attack - Help Net Security
Warning: Attackers Abusing Legitimate Internet Services (inforisktoday.com)
Maintaining consistent security in diverse cloud infrastructures - Help Net Security
How API authentication vulnerabilities are at the center of cloud security concerns | CSO Online
Lack of visibility into cloud access policies leaves enterprises flying blind - Help Net Security
Cloud services are creating more cyber-risks for telcos - Mobile Europe
Identity and Access Management
Ongoing Duo outage causes Azure Auth authentication errors (bleepingcomputer.com)
Cisco's Duo Security suffers major authentication outage • The Register
Encryption
API
Understanding how attackers exploit APIs is more important than ever - Help Net Security
How API authentication vulnerabilities are at the centre of cloud security concerns | CSO Online
Biometrics
ICO publishes guidance on use of biometric data in the UK - Tech Monitor
Is Facial Recognition Technology Becoming a Privacy Risk? (makeuseof.com)
Facial Recognition Technology (FRT) Statistics for 2023 (techreport.com)
Social Media
Malvertising
Sneaky Amazon Google ad leads to Microsoft support scam (bleepingcomputer.com)
Malware-infected advertising grows ever more sophisticated, and lethal - SiliconANGLE
Careful -- Hackers are targeting Google Bard ads for malware | Digital Trends
Training, Education and Awareness
2023 Cyber Security Awareness Month Appeal: Make Online Security Easier (govtech.com)
The Changing Landscape of Cyber Security Education (inforisktoday.com)
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Apple security updates could be banned by British government (9to5mac.com)
How EU lawmakers can make mandatory vulnerability disclosure responsible - Help Net Security
Morgan Stanley Fined for UK Energy Trading WhatsApp Breach (yahoo.com)
Controversial Cyber crime Law Passes in Jordan (darkreading.com)
Experian Pays $650,000 to Settle Spam Claims - Infosecurity Magazine (infosecurity-magazine.com)
Strengthening Cyber Security In Finance: A Look At EU DORA Regulations (forbes.com)
Backup and Recovery
Data Protection
ICO publishes guidance on use of biometric data in the UK - Tech Monitor
Experian Pays $650,000 to Settle Spam Claims - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
Unrealistic expectations exacerbate the cyber security talent shortage - Help Net Security
It's Time to Approach The Cyber Security Skills Gap Differently - IT Security Guru
How To Become Chief Information Security Officer - The Economic Times (indiatimes.com)
4 ways simulation training alleviates team burnout - Help Net Security
Tens of thousands of students receive free training to build cyber skills - The Business Magazine
5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast
The Importance of Accessible and Inclusive Cyber Security (securityintelligence.com)
Law Enforcement Action and Take Downs
Interpol arrest 14 who allegedly scammed $40m from victims • The Register
UK Court Convicts Lapsus$ Hacker for Breaching ISP BT and EE UPDATE - ISPreview UK
Germany Hunts for Cyber Criminals Amid Billion-Euro Scams - Bloomberg
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Incident response lessons learned from the Russian attack on Viasat | CSO Online
Ukrainian hackers claim to leak emails of Russian parliament deputy chief (therecord.media)
New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia (thehackernews.com)
China
Mounting Cyber Espionage and Hacking Threat from China - Modern Diplomacy
HiatusRAT Malware Resurfaces: Taiwan Firms and US Military Under Attack (thehackernews.com)
New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China | WIRED
Exposed: the Chinese spy using LinkedIn to hunt UK secrets (thetimes.co.uk)
FBI: Suspected Chinese actors continue Barracuda ESG attacks | TechTarget
Microsoft says Chinese hacking crew is targeting Taiwan | CyberScoop
US space companies face foreign spy threat, intelligence agencies say (usatoday.com)
North Korea
N. Korean Kimsuky APT targets S. Korea-US military exercises-Security Affairs
Researchers Uncover New Lazarus Group Malware Details | Decipher (duo.com)
Misc/Other/Unknown
Vulnerability Management
NCSC issues warning on cyber vulnerabilities (ukdefencejournal.org.uk)
How EU lawmakers can make mandatory vulnerability disclosure responsible - Help Net Security
Vulnerabilities
Juniper Networks fixes flaws leading to RCE in firewalls and switches - Help Net Security
Serious WinRAR Flaw Can Be Exploited to Launch Malware (pcmag.com)
Ivanti issues fix for third zero-day flaw exploited in the wild | TechTarget
Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability - SecurityWeek
FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective - SecurityWeek
Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog (thehackernews.com)
3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability - SecurityWeek
Western Digital patches potentially dangerous security flaw, so update now | TechRadar
Tools and Controls
How Cyber Security Leaders Can Help Lower Expenses While Reducing Risk (informationweek.com)
Security leaders report misalignment of investments and risk reduction | Security Magazine
Cyber security insurance is missing the risk - Help Net Security
Bolstering Cyber Security: Why Browser Security Is Crucial (inforisktoday.com)
How Application Allowlisting Combats Ransomware Attacks (securityintelligence.com)
The Vanishing Data Loss Prevention (DLP) Category - IT Security Guru
Unveiling the Hidden Risks of Routing Protocols (darkreading.com)
Hackers use VPN provider's code certificate to sign malware (bleepingcomputer.com)
Network detection and response in the modern era - Help Net Security
What’s Beyond SASE? The Next Steps (informationsecuritybuzz.com)
Prevention First: Don’t Neglect Endpoint Security | CSO Online
More Than Half of Browser Extensions Pose Security Risks (darkreading.com)
Protect Your Cyber Security Budget and Your Organisation | Dell USA
How the downmarket impacted enterprise cyber security budgets - Help Net Security
SEC Cyber Security Rules: Considerations for Incident Response Planning
Maintaining consistent security in diverse cloud infrastructures - Help Net Security
How API authentication vulnerabilities are at the centre of cloud security concerns | CSO Online
The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)
2023 Cyber Security Awareness Month Appeal: Make Online Security Easier (govtech.com)
The MOVEit hack and what it taught us about application security (bleepingcomputer.com)
The Changing Landscape of Cyber Security Education (inforisktoday.com)
Akamai Survey Finds Third-Party Defences Help Reduce Risk from Online Threats (prnewswire.com)
5 Best Practices for Implementing Risk-First Cyber Security (darkreading.com)
What's Going on With LastPass, and is it Safe to Use? (securityintelligence.com)
Malicious web application transactions skyrocket 500% (securitybrief.co.nz)
Other News
Our health care system may soon receive a much-needed cyber security boost | Ars Technica
Swan Retail cyber attack: 300 retailers crippled by breach (techmonitor.ai)
Cyber Attack on Energy One affects corporate systems in Australia and the UK | CSO Online
Vendors criticize Microsoft for repeated security failings | TechTarget
Microsoft's become a cyber security titan. That could be a problem - Tech Monitor
Global Naval Communication Market Research Report (globenewswire.com)
IT's rising role in physical security technology - Help Net Security
Hackers knocked out San Francisco's main real estate database | Fortune
Microsoft's 6 Biggest Hacks: Is Better Security Needed? (makeuseof.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23rd June 2023
Black Arrow Cyber Threat Briefing 23 June 2023:
-How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools
-Attackers Discovering Exposed Cloud Assets Within Minutes
-Majority of Users Neglect Best Password Practices
-One in Three Workers Susceptible to Phishing
-Ransomware Misconceptions Abound, to the Benefit of Attackers
-Threat Actors Scale and Commoditise Uncommon Tools and Techniques
-Goodbyes are Difficult, IT Offboarding Processes Make Them Harder
-Security Budget Hikes are Missing the Mark, CISOs Say
-Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security
-Emerging Ransomware Group 8Base Releasing Data on SMBs Globally
-Cyber Security Industry Still Fighting to Recruit and Retain Talent
-Financial Firms to Build Resilience in Face of Growing Cyber-Threats
-Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Security Industry Still Fighting to Recruit and Retain Talent
Cyber security teams are struggling to find the right talent, with the right skills, and to retain experienced employees. The situation is only likely to worsen, as inflation and a tight labour market push up wages. Universities produce graduates with a strong focus on technical knowledge, but not always the broader skills they need to operate in a business environment. This includes the lack of communications skills, understanding of how businesses operate and even emotional intelligence. One solution is to outsource to a corporate cyber security provider or outsource to infill shortages whilst trying to recruit permanent staff.
https://www.infosecurity-magazine.com/news/cybersecurity-industry-recruit/
How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools
The world of managed file transfer (MFT) software has become a lucrative target for ransom-seeking hackers, with significant breaches including those of Accellion Inc's File Transfer Appliance in 2021 and Fortra's GoAnywhere MFT earlier this year. These MFT programs, corporate versions of popular file sharing programs like Dropbox or WeTransfer, are highly desirable to hackers for the sensitive data they often transfer between organisations and partners. The recent mass compromise tied to Progress Software Corp's MOVEit transfer product has prompted governments and companies worldwide to scramble in response.
Hackers are shifting their tactics, with an increasing focus on MFT programs which typically face the open internet, making them more vulnerable to breaches. Once inside these file transfer points, hackers have direct access to a wealth of data. In addition, there's a noticeable shift from ransomware groups encrypting a company's network and demanding payment to unscramble it, to a simpler tactic of pure extortion by threatening to leak the data.
Attackers Discovering Exposed Cloud Assets within Minutes
The shift to cloud services, increased remote work, and reliance on third-parties has led to widespread use of Software-as-a-Service (SaaS) applications. This has also opened avenues for attackers to exploit weak security configurations and identities. Over the past year, attackers have intercepted authorisation tokens, bypassed multifactor authentication, and exploited misconfigured systems, targeting critical applications like GitHub, Microsoft 365, Google Workspace, Slack, and Okta. A study revealed alarmingly fast rates of breach discovery and compromise of exposed cloud assets, with assets being discovered within as little as two minutes for some and others within an hour.
https://www.darkreading.com/dr-tech/growing-saas-usage-means-larger-attack-surface
Majority of Users Neglect Best Password Practices
The latest Password Management Report by Keeper Security has shed light on the concerning state of password security practices. The survey found that only 25% of respondents used solid and unique passwords. In comparison, 34% admitted to using repeat variations of passwords, and 30% still relied on simple and easily guessable passwords. The survey also found that 44% of individuals who claimed to have well-managed passwords still admitted to using repeated variations, while 20% acknowledged having had at least one password involved in a data breach or available on the dark web. The document also revealed that 35% of respondents feel overwhelmed when it comes to improving their cyber security. Furthermore, 10% admitted to neglecting password management altogether. More generally, Keeper Security said the survey’s findings highlight a significant gap between perception and reality regarding password security.
https://www.infosecurity-magazine.com/news/users-neglect-best-password/
One in Three Workers Susceptible to Phishing
More than one in three workers in the UK and Ireland are susceptible to falling for phishing attacks, according to the new 2023 Phishing by Industry Benchmarking Report by KnowBe4. The study found that 35% of users who had received no security training were prone to clicking on suspicious links or engaging in fraudulent actions. Regular training and continual reinforcement can get this figure down but even with training very few organisations ever get click rates down to zero, and you only need one person to click to cause potentially devastating consequences.
Globally, ransomware was responsible for 24% of all data breaches in 2023, with human error accounting for 74% of these incidents. Phishing attacks can often lead to significant reputational damage, financial loss and disruption to business operations.
https://www.infosecurity-magazine.com/news/one-in-three-phishing/
Ransomware Misconceptions Abound, to the Benefit of Attackers
There is a common ransomware misperception that there's no capability to fight this all too common hostage taking of business data. This is not true. Proactive organisations are increasingly making more strategic use of threat intelligence to prevent or disrupt attacks.
Ransomware has evolved into a massive, often state-sponsored, industry where operators buy, develop, and resell ransomware code, infiltrate networks, and collect ransoms. The perception that a speedy response is critical to prevent data encryption and loss is outdated; attackers now focus on data exfiltration, using ransomware as a distraction. They often target smaller organisations that are linked to larger ones through supply chains, using them as stepping stones. It is important to use in-depth defence measures, including email security to prevent phishing and efficient detection and response systems to identify and recover from changes.
Threat Actors Scale and Commoditise Uncommon Tools and Techniques
Proofpoint’s 2023 Human Factor report highlights significant developments in the cyber attack landscape in 2022. Following two years of pandemic-induced disruption, cyber criminals returned to their usual operations, honing their social engineering skills and commoditising once sophisticated attack techniques. There was a noticeable increase in brute-force and targeted attacks on cloud tenants, conversational smishing attacks, and multifactor authentication (MFA) bypasses. Microsoft 365 formed a large part of organisations' attack surfaces and faced broad abuse, from Office macros to OneNote documents.
Despite some advances in security controls, threat actors continue to innovate and scale their bypasses. Techniques like MFA bypass and telephone-oriented attack delivery are now commonplace. Attackers consistently exploit people, who remain the most critical variable in the attack chain.
Goodbyes are Difficult, IT Offboarding Processes Make Them Harder
A recent survey found that 68% of organisations recognise the offboarding process as a major cyber security risk, but only 36% have adequate controls in place to secure data access when employees depart. The study revealed that 60% of organisations have discovered former employees still had access to corporate applications after leaving, and 52% have had security incidents linked to former employees. Interestingly, IT professionals are not always alerted when employees leave, leading to access not being revoked and IT assets being mishandled 34% of the time.
https://www.helpnetsecurity.com/2023/06/19/it-offboarding-processes/
Security Budget Hikes are Missing the Mark, CISOs Say
Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. A recent report found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defences. This lack of understanding shows that a lot of work needs to be done to ensure that information security receives the attention it deserves, especially in the boardroom.
The report found that just 9% of CISOs said information security is always in the top three priorities on the boardroom’s meeting agenda, and less than a quarter (22%) of CISOs are actively participating in business strategy and decision-making processes. Talking to the board about cyber security in a way that is productive can be a significant challenge for CISOs, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organisation.
https://www.csoonline.com/article/3700073/security-budget-hikes-are-missing-the-mark-cisos-say.html
https://www.helpnetsecurity.com/2023/06/22/average-cybersecurity-budget-increase/
Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security
In today’s interconnected world, the threat of cyber attacks is a constant concern for organisations of all sizes and across all industries. Cyber resilience entails not only making it difficult for attackers to infiltrate your systems but also ensuring that your organisation can bounce back quickly and continue operations successfully.
Cyber resilience offers a holistic approach to cyber security, emphasising the ability to withstand and recover from cyber attacks. By adopting the right mindset, leveraging advanced technology, addressing cyber hygiene, and measuring key metrics, organisations can enhance their cyber resilience. Additionally, collaboration within industries and proactive board engagement are crucial for effective risk management. As cyber threats continue to evolve, organisations must prioritise cyber resilience as an ongoing journey, continuously adapting and refining their strategies to stay ahead of malicious actors.
Emerging Ransomware Group 8Base Releasing Confidential Data from SMBs Globally
A ransomware group that operated under the radar for over a year has come to light in recent weeks, thanks to a series of business data leaks on the Dark Web. Since at least April 2022, 8base has been conducting double-extortion attacks against small and midsized businesses (SMBs). It all came to a head in May, when the group dumped data belonging to 67 organisations on the cyber underground.
Not much is known yet about the group's tactics, techniques, and procedures (TTPs), likely due to the low profile of their victims. The victims span science and technology, manufacturing, retail, construction, healthcare, and more, with victims from as far afield as India, Peru, Madagascar and Brazil, amongst others.
https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally
Financial Firms to Build Resilience in Face of Growing Cyber-Threats
Cyber resilience is now a key component of operational resilience for the UK’s financial markets, according to a Bank of England official. Cyber attacks have increased by 38% in 2022, and the range of firms and organisations being impacted seems to grow broader and broader.
Regulators want to see how financial firms will cope with an attack, and its impact on the wider financial services ecosystem. Similar work is being done at an international level by the G7, which has its own cyber expert group. In the UK, the main tools for improving resilience are threat intelligence sharing, better coordination between firms, regulators, the Bank and the Treasury, and penetration testing including CBEST. Financial services firms should have scenario specific playbooks, to set out how to contain intruders and stop them spreading to clients and counterparties. In the past, simulation exercises have been used to model terrorist incidents and pandemics and they are now being used to model cyber attacks.
https://www.infosecurity-magazine.com/news/financial-firms-to-build-resilience/
Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level
The US Securities and Exchange Commission (SEC) is expected to introduce a rule requiring demonstration of cyber security expertise at the board level for public companies. A recent study found that currently up to 90% of companies in the Russell 3000 lack even a single director with the necessary cyber expertise. The simplest and speediest solution would be to promote the existing CISO, provided they have the appropriate qualities and experience, to the board but that would require transplanting a focused operational executive into a strategic business advisory role. A credible alternative is to bring in a cyber focused Non-Executive Director with the appropriate skills and experience.
Governance, Risk and Compliance
Why assessing third parties for security risk is still an unsolved problem | CSO Online
Navigating the Complex World of Cyber security Compliance - MSSP Alert
Security budget hikes are missing the mark, CISOs say | CSO Online
How to Weather the Coming Cyber security Storm - Infosecurity Magazine (infosecurity-magazine.com)
Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)
Increased spending doesn't translate to improved cyber security posture - Help Net Security
Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)
CISOs’ New Stressors Brought on by Digitalization: Report - SecurityWeek
Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek
From details to big picture: how to improve security effectiveness | CIO
IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters
Ransomware Misconceptions Abound, to the Benefit of Attackers (darkreading.com)
US Offers $10m Reward For MOVEit Attackers - Infosecurity Magazine (infosecurity-magazine.com)
Data leak at Australian law firm spooks government, business • The Register
Fresh Ransomware Gangs Emerge As Market Leaders Decline (darkreading.com)
Emerging Ransomware Group 8Base Doxxes SMBs Globally (darkreading.com)
A Russian national charged for committing LockBit Ransomware attacks - Security Affairs
Rorschach Ransomware: What You Need to Know (darkreading.com)
Ransomware is only getting faster: Six steps to a stronger defence (bleepingcomputer.com)
Ransomware gang preys on cancer centers, triggers alert | SC Media (scmagazine.com)
Ransomware attacks pose communications dilemmas for local governments | CSO Online
LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems (darkreading.com)
Ransomware Victims
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek
Hackers threaten to release photos of Beverly Hills plastic surgery patients (bitdefender.com)
Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack - SecurityWeek
BlackCat gang threatens to leak plastic surgery photos • The Register
Reddit confirms BlackCat ransomware gang stole its data • The Register
Adur and Worthing Councils investigating after contractor data breach | The Argus
Iowa’s largest school district confirms ransomware attack, data theft (bleepingcomputer.com)
Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)
USDA is investigating a 'possible data breach' related to global Russian cyber criminal hack | CNN
Avast, Norton Parent Latest Victim of MOVEit Ransomware Attacks (darkreading.com)
MOVEit Vulnerability Breaches Targeted Fed Agencies (trendmicro.com)
Phishing & Email Based Attacks
Cyber crime: what does psychology have to do with phishing? – podcast | Science | The Guardian
Hackers Will Be Quick to Bypass Gmail's Blue Check Verification System (darkreading.com)
UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)
Insurance companies neglect basic email security - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
How generative AI is creating new classes of security threats | VentureBeat
Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces (thehackernews.com)
‘With hackers adopting AI, it’s a cat-and-mouse game’ | Mint (livemint.com)
ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security
Google Tells Employees to Stay Away from Its Bard Chatbot (gizmodo.com)
Malware
Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)
Hackers use fake OnlyFans pics to drop info-stealing malware (bleepingcomputer.com)
Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems (thehackernews.com)
Mysterious Mystic Stealer Spreads Like Wildfire in Mere Months (darkreading.com)
Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)
To kill BlackLotus malware, patching is a good start, but... • The Register
Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)
APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)
USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)
NSA shares tips on blocking BlackLotus UEFI malware attacks (bleepingcomputer.com)
Chinese malware accidentally infects networked storage • The Register
ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)
Mobile
SMS delivery reports can be used to infer recipient's location (bleepingcomputer.com)
Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)
Android spyware camouflaged as VPN, chat apps on Google Play (bleepingcomputer.com)
Botnets
Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online
New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)
Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)
New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)
Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)
Internet of Things – IoT
Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online
Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)
Security for embedded devices is ignored by too many companies, expert says | Fierce Electronics
Our cities are becoming increasingly automated—and we’re not ready (fastcompany.com)
US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)
Data Breaches/Leaks
Data leak at Australian law firm spooks government, business • The Register
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek
Mondelez says crooks stole staff data in security breach • The Register
UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)
Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)
Australia Inc roiled by raft of cyber attacks since late 2022 - The Economic Times (indiatimes.com)
SSD missing from SAP datacenter turns up on eBay • The Register
Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)
Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)
Organised Crime & Criminal Actors
Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)
Cyber attackers Got More Creative Post-Pandemic, Proofpoint Study Finds - MSSP Alert
The Great Exodus to Telegram: A Tour of the New Cyber crime Underground (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)
Blockchain security: Everything you should know for safe use | TechTarget
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Influencers in firing line as France tackles scams - BBC News
Keep Job Scams From Hurting Your Organisation (darkreading.com)
Impersonation Attacks
AML/CFT/Sanctions
Dark Web
Supply Chain and Third Parties
Capita faces first legal Letter of Claim over mega breach • The Register
Why assessing third parties for security risk is still an unsolved problem | CSO Online
Mondelez says crooks stole staff data in security breach • The Register
Untangling the web of supply chain security with Tony Turner - Help Net Security
Software Supply Chain
Cloud/SaaS
Growing SaaS Usage Means Larger Attack Surface (darkreading.com)
Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters
A new threat to financial stability lurks in the cloud | Financial Times (ft.com)
Cloud CISO Perspectives: Early June 2023 | Google Cloud Blog
Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek
Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)
Attackers discovering exposed cloud assets within minutes | TechTarget
Cloud-native security hinges on open source - Help Net Security
Hybrid Microsoft network/cloud legacy settings may impact your future security posture | CSO Online
US cyber ambassador says China can win on AI, cloud • The Register
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
Quantum hacking alert: Critical vulnerabilities found in quantum key distribution (techxplore.com)
The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica
Physics - Long-Range Quantum Cryptography Gets Simpler (aps.org)
API
Open Source
Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)
Cloud-native security hinges on open source - Help Net Security
ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
The future of passwords and authentication - Help Net Security
These are the most hacked passwords. Is yours on the list? | ZDNET
Social Media
Influencers in firing line as France tackles scams - BBC News
Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)
Training, Education and Awareness
Digital Transformation
Regulations, Fines and Legislation
ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security
Bill allowing CISA to assist foreign governments passes Senate committee | SC Media (scmagazine.com)
Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek
Models, Frameworks and Standards
The significance of CIS Control mapping in the 2023 Verizon DBIR - Help Net Security
What is PCI Compliance? 12 Requirements and More Explained | Definition from TechTarget
Secure Disposal
Data Protection
ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security
Consumer Data: The Risk and Reward for Manufacturing Companies (darkreading.com)
IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)
Careers, Working in Cyber and Information Security
8 notable entry-level cyber security career and skills initiatives in 2023 | CSO Online
UK military is struggling to recruit tech experts, says report | Financial Times (ft.com)
Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)
Google announces $20 million investment for cyber clinics | CyberScoop
Law Enforcement Action and Take Downs
Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)
Megaupload duo will go to prison at last, but Kim Dotcom fights on… – Naked Security (sophos.com)
A Russian national charged for committing LockBit Ransomware attacks - Security Affairs
Privacy, Surveillance and Mass Monitoring
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Killnet Threatens Imminent SWIFT, World Banking Attacks (darkreading.com)
A Newly Named Group of GRU Hackers is Wreaking Havoc in Ukraine | WIRED
Russia sent its reserve team to wipe Ukrainian hard drives • The Register
Russian APT Group Caught Hacking Roundcube Email Servers - SecurityWeek
Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)
Russian APT28 hackers breach Ukrainian govt email servers (bleepingcomputer.com)
Strategies for staying ahead of modern cyber warfare - CyberTalk
German intelligence services point to increased hybrid security threats – EURACTIV.com
Nation State Actors
Microsoft Pins Early June DDoS Attacks on Russian-linked Cyber Crew - MSSP Alert
US DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors - SecurityWeek
US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek
USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)
CISA orders govt agencies to patch bugs exploited by Russian hackers (bleepingcomputer.com)
US Cyber Ambassador says China can win on AI, cloud • The Register
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
The Israeli weapons and spyware falling into the hands of despots | Financial Times (ft.com)
The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica
Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times
A Russian national charged for committing LockBit Ransomware attacks - Security Affairs
Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)
APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)
20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks (darkreading.com)
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)
North Korean APT targets defectors, activists with infostealer malware | SC Media (scmagazine.com)
China-sponsored APT group targets government ministries in the Americas | CSO Online
Chinese malware accidentally infects networked storage • The Register
Trellix Detects Leading Threat Actor Countries Behind Nation-State Activity - MSSP Alert
Vulnerability Management
Guess what happened to this US agency that didn't patch? • The Register
EU Council mulls pan-European platform to handle cyber vulnerabilities – EURACTIV.com
Vulnerabilities
VMware warns of critical vRealize flaw exploited in attacks (bleepingcomputer.com)
Microsoft Teams Vulnerability: The GIFShell Attack (latesthackingnews.com)
Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild (darkreading.com)
Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices - Security Affairs
Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)
Chrome and Its Vulnerabilities - Is the Web Browser Safe to Use? - SecurityWeek
Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites - SecurityWeek
SMB Edge Devices Walloped With Asus, Zyxel Patch Warnings (darkreading.com)
VMware fixes vCenter Server bugs allowing code execution, auth bypass (bleepingcomputer.com)
Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands (darkreading.com)
Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek
Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks | TechTarget
ASUS warns router customers: Patch now, or block all inbound requests – Naked Security (sophos.com)
Firmware Backdoor Discovered in Gigabyte Motherboards, Hundreds of Models Affected - CPO Magazine
Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)
A (cautionary) tale of two patched bugs, both under exploit • The Register
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say (bleepingcomputer.com)
Windows 11 KB5027231 also breaks Chrome for Cisco, WatchGuard EDR users (bleepingcomputer.com)
Gaps in Azure Service Fabric’s Security Call for User Vigilance (trendmicro.com)
Tools and Controls
Getting Over the DNS Security Awareness Gap (darkreading.com)
Zscaler CEO: Firewalls Are Going The Way Of The Mainframe | CRN
The future of passwords and authentication - Help Net Security
Increased spending doesn't translate to improved cyber security posture - Help Net Security
Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)
Security investments that help companies navigate the macroeconomic climate - Help Net Security
Reports Published in the Last Week
Other News
Boris Johnson’s notebooks cause national security alarm (thetimes.co.uk)
Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation - SecurityWeek
Cyber attacks on OT, ICS Lay Groundwork for Kinetic Warfare (darkreading.com)
Why CISOs should be concerned about space-based attacks | CSO Online
Legal firms urged to strengthen cyber defences with latest... - NCSC.GOV.UK
GCHQ’s top hacker James Babbage quits to join NCA in blow to UK cyber force (telegraph.co.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 May 2023
Black Arrow Cyber Threat Briefing 12 May 2023:
-79% of Cyber Pros Make Decisions Without Threat Intelligence
-61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success
-Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’
-Small and Medium-Sized Businesses: Don’t Give up on Cyber Security
-AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence
-Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows
-Majority of US, UK CISOs Unable to Protect Company 'Secrets'
-Company Executives Can’t Afford to Ignore Cyber Security Anymore
-BEC Campaign via Israel Spotted Targeting Multinational Companies
-CISOs Worried About Personal Liability for Breaches
-UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries
-Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
79% of Cyber Pros Make Decisions Without Threat Intelligence
In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on?
Threat intelligence helps organisations stay informed about the latest cyber threats and vulnerabilities. By gathering and analysing information about potential attacks, threat intelligence can provide organisations with valuable insights into the tactics, techniques and procedures (TTPs) used by cyber criminals.
Given the deep value provided by threat intelligence, why aren’t more cyber pros taking advantage of it?
61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success
A recent report found only 39% of respondents think their company's leadership has a sound understanding of cyber security's role as a business enabler. Cyber security can be a huge business enabler; executive leaders need to think of cyber security in terms of the value it can deliver at a more strategic level.
Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’
The Federation of European Risk Management Associations (FERMA), an umbrella body representing 22 trade associations, said the cyber insurance market is “evolving in isolation from the industries it serves”.
It highlighted a move by Lloyd’s of London, the specialist insurance market and hub for cyber insurance, demanding that standard cyber policies have an exemption for big state-backed attacks.
“Without a more collaborative approach to cyber balancing the risk appetite of the insurance market with the coverage requirements of the corporate buyers, there is a risk that cyber insurance becomes an unviable product for many organisations,” FERMA said in a statement shared with the Financial Times.
The intervention is the strongest yet by the business lobby over the controversial exemption and wider concerns about cyber insurance.
https://www.ft.com/content/401629cc-e68a-41a4-8d50-e7c0d3e27835
Small and Medium-Sized Businesses: Don’t Give up on Cyber Security
In today’s increasingly hostile environment, every enterprise, big or small, should be concerned about cyber security and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world.
Yet time and again, small and medium-sized businesses (SMBs) are left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt. Thus, cyber security becomes an “afterthought” or “add when we can” kind of service that leaves SMBs far more vulnerable than the corporate giants — just reading the news every day shows even they aren’t immune to ransomware, intrusions, and data theft. If you haven’t already, start thinking about security now.
AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence
Hackers using ChatGPT are faster and more sophisticated than before, and cyber security analysts who don’t have access to similar tools can very quickly find themselves outgunned and outsmarted by these AI-assisted attackers. However, corporations are stumbling to figure out governance around AI, and while they do so, their employees are clearly defying rules and possibly jeopardising company operations. According to a study of 1.6 million workers, 3.1% input confidential company information into ChatGPT. Although the number seems small, 11% of users' questions include private information. This is a fatal flaw for corporate use considering how hackers can manipulate the system into giving them previously hidden information. In another study, it was found that 80% of security professionals used AI, with 46% of these giving specialised capabilities as a reason.
Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows
In three out of four cyber attacks, the hijackers succeeded in encrypting victims’ data, cyber security provider Sophos said in its newly released State of Ransomware 2023 report.
The rate of data encryption amounted to the highest from ransomware since Sophos first issued the report in 2020. Overall, roughly two-thirds of the 3,000 cyber security/IT leaders’ organisations were infected by a ransomware attack in the first quarter of 2023, or the same percentage as last year.
Much advice has been doled out by cyber security providers and law enforcement urging organisations to not pay a ransom. According to Sophos’ survey, the data shows that when organisations paid a ransom to decrypt their data, they ended up doubling their recovery costs. On average, those organisations paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organisations that used backups to recover their data.
Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.
Majority of US, UK CISOs Unable to Protect Company 'Secrets'
A recent study found 75% of organisations have experienced a data leak involving company secrets, including API keys, usernames, passwords, and encryption keys, in the past. It was found that about 52% of chief information and security officers (CISOs) in the US and UK organisations are unable to fully secure their company secrets. The study showed that a huge chunk of the IT sector realises the danger of exposed secrets. Seventy-five percent said that a secret leak has happened in their organisation in the past, with 60% acknowledging it caused serious issues for the company, employees, or both. The report has pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.
Company Executives Can’t Afford to Ignore Cyber Security Anymore
In a recent survey, when asked about the Board and C-Suite‘s understanding of cyber security across the organisation, only 36% of respondents believe that it is considered important only in terms of compliance and regulatory demands, while 17% said it is not seen as a business priority. The disconnect between business and security goals appears to have caused at least one negative consequence to 89% of respondents’ organisations, with 26% also reporting it resulted in an increased number of successful cyber attacks at their company. On the misalignment of cyber security goals, respondents believed it contributed to delays in investments (35%), delays in strategic decision making (34%), and unnecessary increases in spending (27%).
https://www.helpnetsecurity.com/2023/05/10/cybersecurity-business-goals-alignment/
BEC Campaign via Israel Spotted Targeting Multinational Companies
An Israel-based threat group was discovered carrying out a business email compromise (BEC) campaign primarily targeting large and multinational enterprises. The group has conducted 350 BEC campaigns since February 2021, with email attacks targeting employees from 61 countries across six continents. The group operate through two personas — a CEO and an external attorney and spoofed email addresses using real domains.
CISOs Worried About Personal Liability for Breaches
Over three-fifths (62%) of global CISOs are concerned about being held personally liable for successful cyber attacks that occur on their watch, and a similar share would not join an organisation that fails to offer insurance to protect them, according to Proofpoint annual ‘Voice of the CISO’ survey for 2023. The security vendor polled 1600 CISOs from organisations of 200 employees or more across different industries in 16 countries to compile the report.
It revealed that CISOs in sectors with high volumes of sensitive data and/or heavy regulation such as retail (69%), financial services (65%) and manufacturing (65%) are most likely to demand insurance coverage.
Such concerns only add to the mental load on corporate IT security bosses. A combination of high-stress working environments, shrinking budgets and personal liability could be harming CISOs’ quality of life. Some 60% told Proofpoint they’ve experienced burnout in the past 12 months.
CISOs are most likely to experience burnout in the retail (72%) and IT, technology and telecoms (66%) industries.
https://www.infosecurity-magazine.com/news/cisos-worried-personal-liability/
UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries
The UK NCSC along with the US National Security Agency (NSA) and various international partner agencies have discovered infrastructure connected with the sophisticated Russian cyber-espionage tool Snake in over 50 countries worldwide. Snake operations have been attributed to a specific unit within Russia’s Federal Security Service (FSB), Center 16.
Cyber criminals reportedly used Snake to retrieve and remove confidential documents related to international relations and diplomatic communications.
According to an advisory published by the agencies on Tuesday, the FSB targeted various industries, including education, small businesses, media, local government, finance, manufacturing and telecommunications. The Snake malware is installed on external infrastructure nodes for further exploitation.
According to the NSA Russian government actors have used this tool for years for intelligence collection and it is hoped that the technical details shared in the advisory will help many organisations find and shut down the malware globally.
https://www.infosecurity-magazine.com/news/nsa-uncovers-russian-snake-malware/
Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns
A new phishing-as-a-service tool called "Greatness" is being used in attacks targeting manufacturing, healthcare, technology, and other sectors.
Researchers at Cisco Talos detailed their findings on "Greatness," a one-stop-shop for all of a cyber criminal's phishing needs. With Greatness, anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.
The tool has been in circulation since at least mid-2022 and has been used in attacks against enterprises in manufacturing, healthcare, and technology, among other sectors. Half of the targets thus far have been concentrated in the US, with further attacks occurring around Western Europe, Australia, Brazil, Canada, and South Africa.
https://www.darkreading.com/cloud/plug-and-play-microsoft-365-phishing-tool-democratizes-attacks
Threats
Ransomware, Extortion and Destructive Attacks
Make them pay: Hackers devise new tactics to ensure ransomware payment | CSO Online
Ransomware gangs display ruthless extortion tactics in April | TechTarget
Our appetite for data increases the risk of being held to ransom (thetimes.co.uk)
Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows - MSSP Alert
Refined methodologies of ransomware attacks - Help Net Security
Ranking ransomware: The gangs, the malware and the ever-present risks | CyberScoop
Ransomware Encryption Rates Reach New Heights - Infosecurity Magazine (infosecurity-magazine.com)
UK ‘increasingly concerned’ ransomware victims are keeping incidents secret (therecord.media)
Royal ransomware gang quickly expands reign | SC Media (scmagazine.com)
Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)
Ransomware attack confirmed at Rochester Public Schools, FBI alerted - Bring Me The News
Constellation Struck By Ransomware Attack, ALPHV Lays Claim (informationsecuritybuzz.com)
New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks (thehackernews.com)
New Akira Ransomware Operation Hits Corporate Networks | Black Hat Ethical Hacking
Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers (bleepingcomputer.com)
$1.1M Paid to Resolve Ransomware Attack on California County - SecurityWeek
Western Digital store offline due to March breach - Help Net Security
Western Digital Confirms Ransomware Group Stole Customer Information - SecurityWeek
Former Conti members are behind latest Royal ransomware hacking spree, report finds (axios.com)
Hackers Contacted Dragos CEO’s Son, Wife in Extortion Attempt - Bloomberg
Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs (darkreading.com)
Australian software giant won’t say if customers affected by hack | TechCrunch
Multinational tech firm ABB hit by Black Basta ransomware attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Gmail gets blue verification checks to protect against spoofing and phishing | ZDNET
Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)
BEC – Business Email Compromise
2FA/MFA
Malware
Chrome users, stay alert: Malware may be just one click away - gHacks Tech News
Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)
56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security
Millions of mobile phones come pre-infected with malware • The Register
Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)
Fake system update drops Aurora stealer via Invalid Printer loader (malwarebytes.com)
Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)
Mobile
Millions of mobile phones come pre-infected with malware • The Register
Mobile hacking and spyware – understanding the risks - TechHQ
Google Announces New Privacy, Safety, and Security Features Across Its Services (thehackernews.com)
Google Improves Android Security With New APIs - SecurityWeek
New Android FluHorse malware steals your passwords, 2FA codes (bleepingcomputer.com)
New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)
Botnets
Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs
RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)
Denial of Service/DoS/DDOS
FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)
Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)
Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs
RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)
Internet of Things – IoT
Data Breaches/Leaks
Security researcher finds trove of Capita data exposed online | TechCrunch
In a new hacking crime wave, more personal data is being held hostage (cnbc.com)
Western Digital says hackers stole customer data in March cyber attack (bleepingcomputer.com)
Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica
Boot Guard Keys From MSI Hack Posted, Many PCs Vulnerable | Tom's Hardware(tomshardware.com)
1 Million Impacted by Data Breach at NextGen Healthcare - SecurityWeek
Twitter admits 'security incident' broke Circle privacy • The Register
Food distribution giant Sysco warns of data breach after cyber attack (bleepingcomputer.com)
North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)
Brightly warns of SchoolDude data breach exposing credentials (bleepingcomputer.com)
Simplify data hack cost the firm almost £7m - Property Industry Eye
Organised Crime & Criminal Actors
In a new hacking crime wave, more personal data is being held hostage (cnbc.com)
The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED
Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)
Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison - SecurityWeek
UK cops score another legal win in EncroChat spying case • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)
Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur
Fraud, Scams & Financial Crime
UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)
Your voice could be your biggest vulnerability - Help Net Security
QR codes used in fake parking tickets, surveys to steal your money (bleepingcomputer.com)
Deepfakes
Insurance
Dark Web
Supply Chain and Third Parties
Security researcher finds trove of Capita data exposed online | TechCrunch
Cyber hack to cost UK outsourcer Capita up to $25 mln | Reuters
Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica
Software Supply Chain
Cloud/SaaS
56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security
How to reduce risk with cloud attack surface management | TechTarget
ENISA leans into EU clouds with draft cyber security label • The Register
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Top 3 trends shaping the future of cyber security and IAM - Help Net Security
Review your on-prem ADCS infrastructure before attackers do it for you | CSO Online
Why the FTX Collapse Was an Identity Problem (darkreading.com)
Asset Management
CISOs confront mounting obstacles in tracking cyber assets - Help Net Security
How Attack Surface Management Supports Continuous Threat Exposure Management (thehackernews.com)
Encryption
API
Open Source
India bans open source messaging apps on security grounds • The Register
Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
83% of Americans’ Passwords Can Be Hacked in Less Than a Second, Study Shows (thedailybeast.com)
Top 5 Password Cracking Techniques Used by Hackers (bleepingcomputer.com)
Social Media
Twitter admits 'security incident' broke Circle privacy • The Register
TikTok tracked UK journalist via her cat's account - BBC News
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)
EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian
India bans open source messaging apps on security grounds • The Register
PEGA committee calls for EU level regulation of spyware • The Register
ENISA leans into EU clouds with draft cyber security label • The Register
Europe’s Moral Crusader Lays Down the Law on Encryption | WIRED
Scanning Plans On Europe's CSAM May Violate International Law (informationsecuritybuzz.com)
Governance, Risk and Compliance
Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)
79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)
Company executives can't afford to ignore cyber security anymore - Help Net Security
Majority of US, UK CISOs unable to protect company 'secrets': Report | CSO Online
Small- and medium-sized businesses: don’t give up on cyber security | CSO Online
(ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert
Organisations Reliant on Social Media For Threat Intelligence - TechRound
Recognizing Cyberthreat Trends For Effective Defence (forbes.com)
Digital trust can make or break an organisation - Help Net Security
Why more transparency around cyber attacks is good for everyone - NCSC
CISOs face mounting pressures, expectations post-pandemic | TechTarget
CISOs' confidence in post-pandemic security landscape fades - Help Net Security
Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur
NCSC and ICO Dispel Incident Reporting Myths - Infosecurity Magazine (infosecurity-magazine.com)
Models, Frameworks and Standards
(ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert
ENISA leans into EU clouds with draft cyber security label • The Register
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)
Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)
UK cops score another legal win in EncroChat spying case • The Register
Privacy, Surveillance and Mass Monitoring
The (Security) Cost of Too Much Data Privacy (darkreading.com)
Twitter admits 'security incident' broke Circle privacy • The Register
TikTok tracked UK journalist via her cat's account - BBC News
Artificial Intelligence
Top US cyber official warns AI may be the 'most powerful weapon of our time' | CyberScoop
Amazon Is Being Flooded With Books Entirely Written by AI (futurism.com)
Your voice could be your biggest vulnerability - Help Net Security
The security and privacy risks of large language models - Help Net Security
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian
China targets foreign consulting companies in anti-spying raids | China | The Guardian
Mobile hacking and spyware – understanding the risks - TechHQ
New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)
PEGA committee calls for EU level regulation of spyware • The Register
FBI-led Operation Medusa kills Russian FSB malware network • The Register
How one of Vladimir Putin’s most prized hacking units got pwned by the FBI | Ars Technica
Nation State Actors
Microsoft warns Iran increasing its cyber-enabled influence operations | SC Media (scmagazine.com)
China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)
LinkedIn shuts service in China, lays off employees | Fortune
Microsoft: Iranian hacking groups join Papercut attack spree (bleepingcomputer.com)
FBI-led Operation Medusa kills Russian FSB malware network • The Register
China targets foreign consulting companies in anti-spying raids | China | The Guardian
Beijing raids consultancy firm Capvision, promises more • The Register
SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack (darkreading.com)
North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA
Vulnerability Management
Vulnerabilities
Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug (thehackernews.com)
Microsoft warns of two bugs under active exploit • The Register
Light May Patch Tuesday will weigh heavily on Windows admins | TechTarget
Fortinet fixed two severe issues in FortiADC and FortiOS-Security Affairs
New PaperCut RCE exploit created that bypasses existing detections (bleepingcomputer.com)
Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)
Adobe Patches 14 Vulnerabilities in Substance 3D Painter - SecurityWeek
Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)
CyberGhost VPN patches command injection vulnerability | SC Media (scmagazine.com)
A Linux NetFilter kernel flaw allows escalating privileges to 'root'-Security Affairs
SAP Patches Critical Vulnerabilities With May 2023 Security Updates - SecurityWeek
Fortinet warns of a spike of the activity linked to AndoryuBot botnet-Security Affairs
Tools and Controls
Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)
79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)
Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)
Identifying Compromised Data Can Be a Logistical Nightmare (darkreading.com)
Organisations Reliant on Social Media For Threat Intelligence - TechRound
Recognizing Cyberthreat Trends For Effective Defence (forbes.com)
Digital trust can make or break an organisation - Help Net Security
Prevent attackers from using legitimate tools against you - Help Net Security
How to implement principle of least privilege in Azure AD | TechTarget
What is Digital Forensics? Tools, Types, Phases & History (cybersecuritynews.com)
Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)
AI Will Take Many Cyber security Jobs, But It's Not a Complete Disaster | PCMag
Google Broadens Dark Web Monitoring To Track All Gmail Users (informationsecuritybuzz.com)
5 SBOM tools to start securing the software supply chain | TechTarget
The Industrywide Consequences of Making Security Products Inaccessible (darkreading.com)
Top 3 trends shaping the future of cyber security and IAM - Help Net Security
Other News
The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED
Why Should You Take IT Security Seriously? - IT Security Guru
To enable ethical hackers, a law reform is needed - Help Net Security
How datacentre operators can fend off cyber attacks | Computer Weekly
'Windows for Gamers' Rolls Dice With Your Security (vice.com)
Risk of cyber attack is main Eurovision worry, says BBC executive | Eurovision 2023 | The Guardian
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 05 May 2023
Black Arrow Cyber Threat Briefing 05 May 2023:
- Boards Need Better Conversations About Cyber Security
- Uber’s Ex-Security Chief Sentenced for Security Breach
- Global Cyber Attacks Rise by 7% in Q1 2023
- Three-Quarters of Firms Predict Breach in Coming Year
- The Costly Threat That Many Businesses Fail to Address
- European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes
- Understanding Cyber Threat Intelligence for Business Security
- Hackers Are Finding Ways to Evade Latest Cyber Security Tools
- Study Shows a 27% Spike in Publicly Known Ransomware Victims
- Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves
- Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers
- 4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Boards Need Better Conversations About Cyber Security
In a survey by Harvard Business Review, 65% of directors believed their organisations were at risk of a cyber attack within the next 12 months, and almost half believed they were unprepared to cope with such an attack. Boards that struggle with their role in providing oversight for cyber security create a security problem for their organisations. By not focusing on resilience, boards fail their companies and their stakeholders.
Regarding board interactions with CISOs, just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This is worrying, as this leaves little time for leaders to have a meaningful dialogue about cyber security.
As a result, boards need to discuss their organisations’ cyber security-induced risks and evaluate plans to manage those risks frequently; the CISO should be involved in this. With the right conversations about keeping the organisation resilient, they can take the next step to provide adequate cyber security oversight. To bring more cyber security into the board room, board members may need to gain expertise, whether through frequent training or development programmes.
https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity
Uber’s Ex-Security Chief Sentenced for Security Breach
Earlier this week, Uber’s former head of cyber security, Joseph Sullivan, faced several years of prison time for covering up a massive security breach at the ride-hailing company seven years ago. When it actually came to sentencing he managed to avoid jail but received three years of probation and 200 hours of community service, despite pleas from the prosecution to throw him in jail.
The case highlights the seriousness of covering up a security breach, as at one point the ex-security chief was looking at 24-30 months of jail time. With increasing regulations and focus on cyber security, it is unlikely that this is a one-off incident.
https://gizmodo.com/uber-security-joe-sullivan-sentenced-prison-data-breach-1850403347
Global Cyber Attacks Rise by 7% in Q1 2023
Weekly cyber attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1,248 attacks per week according to Check Point’s latest research. The report highlights a number of sophisticated campaigns including using ChatGPT for code generation to help less-skilled threat actors effortlessly launch cyber attacks.
The Check Point report also shows that 1 in 31 organisations worldwide experienced a ransomware attack weekly over the first quarter of 2023. To defend against such threats, the security researchers recommended a series of cyber safety tips, such as keeping computers and servers up-to-date, conducting regular cyber awareness training and utilising better threat prevention tools, among others.
https://www.infosecurity-magazine.com/news/global-cyber-attacks-rise-7-q1-2023/
Three-Quarters of Firms Predict a Breach in the Coming Year
Most global organisations anticipate suffering a data breach or cyber attack in the next 12 months. Trend Micro’s six-monthly Cyber Risk Index (CRI) was compiled from interviews with 3,729 global organisations.
While results of the index score move in a positive direction showing organisations are taking steps to improve cyber preparedness, most responding organisations are pessimistic about the year ahead.
Respondents pointed to both negligent insiders and mobile users, and a lack of trained staff, as a key cause of concern going forward. Alongside cloud infrastructure and virtual computing environments, these comprised the top five infrastructure risks.
https://www.infosecurity-magazine.com/news/threequarters-firms-predict-breach/
The Costly Threat That Many Businesses Fail to Address
Insider attacks such as fraud, sabotage, and data theft plague 71% of businesses, according to a recent report. The report found companies that allow excessive data access are much more likely to suffer insider attacks. However, only 57% of companies limit data appropriately while 31% allow employees access to more data than necessary and 12% allow employees access to all company data.
Alarmingly, of the companies that have experienced insider attacks, one in three (34%) report that the attack involved an employee with privileged access. Data theft was the most common type of insider attack, reported by 38% of businesses.
Insider attacks can damage businesses’ reputations, finances, and competitiveness, and therefore companies should take a proactive approach in preventing these incidents.
https://www.helpnetsecurity.com/2023/05/02/insider-attacks-damage/
European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes
Recent research revealed that European IT and security leaders may be dangerously over-confident in their ability to avoid cyber attacks and mitigate the risk of serious data compromise. The findings reveal that most organisations have suffered a serious cyber attack in the last two years, with over half of respondents saying their company suffered an attack 1 to 3 times in this time period. Worryingly, 20% of respondents claim to have been attacked 4 to 6 times. Only 18% managed to avoid an attack altogether.
Worryingly, three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. Although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.
Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%). Alarmingly, health-related data is classified as a special category data by GDPR, meaning it requires more protection.
Understanding Cyber Threat Intelligence for Business Security
Cyber threat intelligence is not a solution itself, but a crucial component of any mature security programme, enabling organisations to gain insights into the motives, targets and behaviours of threat actors. As such, it is crucial for businesses looking to protect themselves from the ever-evolving cyber threat landscape.
Some of the benefits of effective cyber threat intelligence to a business include early threat detection, improved response, regulation compliance, competitive advantage and cost savings. It is important to highlight that an organisation does not need to come up with their own cyber threat intelligence initiative, it can instead be purchased as a service.
Hackers Are Finding Ways to Evade Latest Cyber Security Tools
As hacking has gotten more destructive and pervasive, new defensive tools continue to be developed. One such tool is called endpoint detection and response (EDR) software, it’s designed to spot early signs of malicious activity on laptops, servers and other devices known as “endpoints” on a computer network — and block them before intruders can steal data or lock the machines.
Experts however, claim hackers have developed workarounds for some forms of the technology, allowing them to slip past products that have become the gold standard for protecting critical systems. Security software is not enough on its own, it is just one of the layers of defence that organisations should employ as part of their cyber resilience; there is no silver bullet.
https://finance.yahoo.com/news/hackers-finding-ways-evade-latest-131600565.html
Study Shows a 27% Spike in Publicly Known Ransomware Victims
A report released this week highlights a 27% increase in publicly known ransomware victims in the first quarter of the year. Some of the report’s key findings include the fact that manufacturing, technology, education, banking, finance, and healthcare organisations are the largest to be exposed to ransomware.
The report identified an increase in the use of “double extortion” as an attack model. This method is where ransomware groups not only encrypt files but also exfiltrate data. The top five most active ransomware threat actors are LockBit, Clop, AlphV, Royal and BianLian.
Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves
A recent report found while the number of ransomware incidents that firms responded to dipped in early 2022, it came roaring back toward the end of the year and into early 2023. With this came higher ransom demands and, eventually, payments. The largest ransom demand last year was more than $90 million, with the largest payment exceeding $8 million. Both were larger than in 2021 (more than $60 million and $5.5 million respectively).
Ransomware groups are upping their attacks all the time and you don’t want to be an easy target.
https://www.theregister.com/2023/05/02/data_breach_costs_rise/
Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers
In a significant ruling this week a court in the US found that pharmaceutical company Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection from 2017. The ruling will also undoubtedly affect the language used in underwriting policies, especially when it comes to risks such as ransomware and cyber warfare.
https://www.theregister.com/2023/05/03/merck_14bn_insurance_payout_upheld/
4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus
The technology industry has long been building walls around structured data and communications—with little consideration of how employees use that information. Outlined below are four 4 ways leaders can better protect raw data.
Recognise that priorities have evolved.
Understand that security burdens have changed.
Understand why, despite best efforts, criminals are still successful.
Evaluate the ways in which you are protecting your most vulnerable data.
Threats
Ransomware, Extortion and Destructive Attacks
Data loss costs go up, and not just from ransom shakedowns • The Register
To Fight Ransomware, Move Beyond Detection to Real-Time Response, Fortinet Study Says - MSSP Alert
Using Threat Intelligence to Get Smarter About Ransomware – Security Week
Merck's $1.4B NotPetya insurance payout upheld by court • The Register
GuidePoint Study Shows a 27% Spike in Public Ransomware Victims - MSSP Alert
Rapture, a Ransomware Family With Similarities to Paradise (trendmicro.com)
The Tragic Fallout From a School District’s Ransomware Breach | WIRED
Hackers leak images to taunt Western Digital's cyber attack response (bleepingcomputer.com)
‘Big game hunting’ hackers ALPHV claim major breach of law firm HWL Ebsworth (afr.com)
FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)
Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week
BlackCat group releases screenshots of stolen Western Digital data | CSO Online
Ransomware Attack Affects Dallas Police, Court Websites – Security Week
Studies show ransomware has already caused patient deaths | TechTarget
Cold storage giant Americold outage caused by network breach (bleepingcomputer.com)
Payment software giant AvidXchange suffers its second ransomware attack of 2023 | TechCrunch
City of Dallas hit by Royal ransomware attack impacting IT services (bleepingcomputer.com)
Ransomware gang hijacks university alert system to issue threats (bleepingcomputer.com)
Cyber attack cost conveyancing giant £7m - but the insurers paid up | News | Law Gazette
Teiss - News - Lockbit 3.0 targets Fullerton India, demands a £2.3 million ransom
Phishing & Email Based Attacks
Malicious HTML Attachment Volumes Surge - Infosecurity Magazine (infosecurity-magazine.com)
A Comprehensive Look At Email-Based Threats In 2023 (informationsecuritybuzz.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)
Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)
Security experts are using malware's own code to protect potential victims | TechSpot
New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks (thehackernews.com)
How to Detect and Remove a Keylogger From Your Computer (howtogeek.com)
Hackers start using double DLL sideloading to evade detection (bleepingcomputer.com)
Mobile
Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register
Google fought a mountain of malware in 2022 | Android Central
Google Bans Thousands of Play Store Developer Accounts to Block Malware (darkreading.com)
Digital Intruders – Top Ways Hackers Can Breach Your Smartphone’s Security (freecodecamp.org)
Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)
Botnets
Cyber criminals use proxies to legitimise fraudulent requests - Help Net Security
Bot Attacks Are Easy to Launch, Human Security Reports - MSSP Alert
Denial of Service/DoS/DDOS
Internet of Things – IoT
Hackers exploit 5-year-old unpatched flaw in TBK DVR devices (bleepingcomputer.com)
CISA warns of Mirai botnet exploiting TP-Link routers • The Register
Drone goggles maker claims firmware sabotaged to ‘brick’ devices (bleepingcomputer.com)
Data Breaches/Leaks
Kodi Forum Data Breach - Lessons Learned, Actions Taken | News | Kodi
T-Mobile suffered the second data breach in 2023 - Security Affairs
Sensitive data is being leaked from servers running Salesforce software | Ars Technica
ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)
Millions of patients’ data confirmed stolen after Fortra mass-hack | TechCrunch
TikTok security breach allowed attackers to leak personal information (ynetnews.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crooks broke into AT&T email accounts to empty their crypto wallets - Security Affairs
Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)
Hackers stole $93M from crypto projects in April (cryptoslate.com)
Insider Risk and Insider Threats
The costly threat that many businesses fail to address - Help Net Security
The hidden security risks in tech layoffs and how to mitigate them | CSO Online
Fraud, Scams & Financial Crime
Hackers swap stealth for realistic checkout forms to steal credit cards (bleepingcomputer.com)
Advanced Fee Fraud Surges by Over 600% - Infosecurity Magazine (infosecurity-magazine.com)
Cyber criminals use proxies to legitimize fraudulent requests - Help Net Security
UK to ban all cold calls selling financial products - BBC News
Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)
UK intelligence agencies to step up anti-fraud efforts | Financial Times (ft.com)
National Crime Agency urged to crush rogue US candy stores (thetimes.co.uk)
Clampdown on cold calls and mass texting technology announced in UK | Scams | The Guardian
AML/CFT/Sanctions
Dark Web
FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week
Supply Chain and Third Parties
How to keep calm and carry on in a supply chain attack • The Register
SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED
DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED
Aviva says it thinks customer data secure after Capita cyber attack (proactiveinvestors.co.uk)
Cloud/SaaS
Using just-in-time access to reduce cloud security risk - Help Net Security
Cloud security threats are growing faster than ever | TechRadar
Hybrid/Remote Working
Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)
White House seeks information on tools used for automated employee surveillance | Computerworld
Attack Surface Management
Encryption
API
Report shows 92% of orgs experienced an API security incident last year | VentureBeat
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)
5 API security best practices you must implement - Help Net Security
Top API vulnerabilities organisations can't afford to ignore - Help Net Security
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)
Your passwords could be cracked using thermal cameras powered by AI | TechRadar
Your Google Account is getting rid of its password (androidpolice.com)
PSA. Don’t share your password in your app’s release notes • Graham Cluley
Social Media
TikTok security breach allowed attackers to leak personal information (ynetnews.com)
Twitter outage logs you out and won’t let you back in (bleepingcomputer.com)
Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register
Strike 3: FTC says Meta still failing to protect privacy • The Register
Malvertising
Regulations, Fines and Legislation
European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru
White House unveils AI rules to address safety and privacy | Computerworld
Governance, Risk and Compliance
Hackers Are Finding Ways to Evade Latest Cyber security Tools (yahoo.com)
Global Cyber Attacks Rise by 7% in Q1 2023 - Infosecurity Magazine (infosecurity-magazine.com)
European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru
Data loss costs go up, and not just from ransom shakedowns • The Register
Boards Are Having the Wrong Conversations About Cyber security (hbr.org)
Uber Ex-Security Chief Joe Sullivan to Be Sentenced for Breach (gizmodo.com)
Trends and Insights from the New Global Threat Intelligence Report - MSSP Alert
Why Your Detection-First Security Approach Isn't Working (thehackernews.com)
How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)
Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)
What the Cyber security Industry Can Learn From the SVB Crisis (darkreading.com)
4 Ways Leaders Should Reevaluate Their Cyber security's Focus (forbes.com)
Optimising Cyber Security Costs In A Recession (informationsecuritybuzz.com)
Malicious content lurks all over the web - Help Net Security
Microsoft Digital Defence Report: Key Cyber crime Trends (darkreading.com)
Closing up holes: Infoseccers on being less reactive • The Register
Organisations brace for cyber attacks despite improved preparedness - Help Net Security
Global Cyber Risk Lowers to Moderate Level in 2H' 2022 (trendmicro.com)
Japan’s ‘myth of security’ raises cyber attack risk | Financial Times (ft.com)
Secure Disposal
Careers, Working in Cyber and Information Security
UK Cyber Security Council launches certification mapping tool - Help Net Security
DHS’ cyber talent management system slowly gaining traction | Federal News Network
The warning signs for security analyst burnout and ways to prevent - Help Net Security
Google Launches Cyber security Career Certificate Program (darkreading.com)
Law Enforcement Action and Take Downs
FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Open Banking: A Perfect Storm for Security and Privacy? - SecurityWeek
Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)
Apple and Google Team Up to Stop Unwanted Tracking by AirTags, Other Devices - CNET
White House seeks information on tools used for automated employee surveillance | Computerworld
Strike 3: FTC says Meta still failing to protect privacy • The Register
Artificial Intelligence
5 ways threat actors can use ChatGPT to enhance attacks | CSO Online
Workers are secretly using ChatGPT, AI, with big risks for companies (cnbc.com)
AI will do 'real damage', warns Microsoft chief (telegraph.co.uk)
Microsoft’s chief economist says A.I. can be dangerous | Fortune
It's time to harden AI and ML for cyber security | TechTarget
Stop using generative-AI tools, Samsung orders staff | Digital Trends
ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)
How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)
PrivateGPT Tackles Sensitive Info in ChatGPT Prompts (darkreading.com)
Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register
How AI is reshaping the cyber security landscape - Help Net Security
White House unveils AI rules to address safety and privacy | Computerworld
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (bleepingcomputer.com)
Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services - SecurityWeek
Russian APT Nomadic Octopus hacked Tajikistani carrier - Security Affairs
Russia’s APT28 targets Ukraine with bogus Windows updates • The Register
Russian spy network smuggles sensitive EU tech despite sanctions | Financial Times (ft.com)
Finnish newspaper hides Ukraine news reports for Russians in online game | Censorship | The Guardian
Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)
Nation State Actors
China’s Hackers Vastly Outnumber US. Cyber Agents by 50 to 1, FBI Director Testifies - MSSP Alert
Chinese APT Uses New 'Stack Rumbling' Technique to Disable Security Software - SecurityWeek
China 'Innovated' Its Cyber attack Tradecraft, Mandia Says (darkreading.com)
'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware (darkreading.com)
APT41 Subgroup Plows Through Asia-Pacific, Utilizing Layered Stealth Tactics (darkreading.com)
APT41’s PowerShell Backdoor Download Files From Windows (cyber securitynews.com)
US Chamber of Commerce warns of major increase in risks for businesses in China | CNN Business
China’s ‘men in black’ step up scrutiny of foreign corporate sleuths | Financial Times (ft.com)
Microsoft says Iranian hackers combine influence ops with hacking for maximum impact | CyberScoop
Attack on Security Titans: Earth Longzhi Returns With New Tricks (trendmicro.com)
North Korean APT Gets Around Macro-Blocking With LNK Switch-Up (darkreading.com)
Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)
China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register
Kimsuky hackers use new recon tool to find security gaps (bleepingcomputer.com)
Vulnerability Management
Vulnerabilities
WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin (searchenginejournal.com)
Cisco discloses a bug in Prime Collaboration Deployment solution - Security Affairs
Cisco Warns of Critical Vulnerability in EoL Phone Adapters - SecurityWeek
Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register
Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now (thehackernews.com)
Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software (thehackernews.com)
AMD TPM Exploit: faulTPM Attack Defeats BitLocker and TPM-Based Security (Updated) (msn.com)
Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation - SecurityWeek
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)
Apple Releases First-Ever Security Updates for Beats, AirPods Headphones - SecurityWeek
Some of the top AMD chips are suffering a serious security flaw | TechRadar
Tools and Controls
How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)
86 percent of developers knowingly deploy vulnerable code (betanews.com)
The hidden security risks in tech layoffs and how to mitigate them | CSO Online
Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)
ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)
It's time to harden AI and ML for cyber security | TechTarget
Using just-in-time access to reduce cloud security risk - Help Net Security
Using multiple solutions adds complexity to your zero trust strategy - Help Net Security
Your decommissioned routers could be a security disaster | Network World
Wanted Dead or Alive: Real-Time Protection Against Lateral Movement (thehackernews.com)
5 API security best practices you must implement - Help Net Security
3 questions CISOs expect you to answer during a security pitch | TechCrunch
Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)
4 Principles for Creating a New Blueprint for Secure Software Development (darkreading.com)
How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)
AppSec Making Progress or Spinning Its Wheels? (darkreading.com)
Windows admins can now sign up for ‘known issue’ email alerts (bleepingcomputer.com)
Top API vulnerabilities organisations can't afford to ignore - Help Net Security
How AI is reshaping the cyber security landscape - Help Net Security
Getting cyber-resilience right in a zero-trust world starts at the endpoint | VentureBeat
Practical Protection: Limiting the Damage from Local Admin Accounts (practical365.com)
To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)
Using Threat Intelligence to Get Smarter About Ransomware – Security Week
New Generative AI Tools Aim to Improve Security (darkreading.com)
Other News
Firmware Looms as the Next Frontier for Cyber security (darkreading.com)
Open Banking: A Perfect Storm for Security and Privacy? – Security Week
Malicious content lurks all over the web - Help Net Security
How Public-Private Information Sharing Can Level the Cyber security Playing Field (darkreading.com)
Eric Idle tells RSAC to look in the bright side of life • The Register
Your decommissioned routers could be a security disaster | Network World
FBI Focuses on Cyber security With $90M Budget Request (darkreading.com)
Google will remove secure website indicators in Chrome 117 (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 April 2023
Black Arrow Cyber Threat Briefing 21 April 2023:
-March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month
-Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces
-One in Three Businesses Faced Cyber Attacks Last Year
-Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged
-Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security
-Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes
-83% of Organizations Paid Up in Ransomware Attacks
-Security is a Revenue Booster, Not a Cost Centre
-EX-CEO Gets Prison Sentence for Bad Security
-Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers
-KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend
-Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber-Attack
-Outdated Cyber Security Practices Leave Door Open for Criminals
-Quantifying cyber risk vital for business survival
-Recycled Network Devices Exposing Corporate Secrets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month
March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.
Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.
The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.
Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces
Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.
The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:
Keeping up with threat intelligence (70%)
Allocating cyber security resources and budget (47%)
Visibility into all assets connected to the network (44%)
Compliance and regulation (39%)
Convergence of IT and OT (32%)
The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.
One in Three Businesses Faced Cyber Attacks Last Year
Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.
Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.
https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html
Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged
Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.
The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.
Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security
With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.
Cobalt’s recent report found:
Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.
Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.
Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.
https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/
Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes
Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.
Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.
https://www.hivesystems.io/blog/are-your-passwords-in-the-green
83% of Organisations Paid Up in Ransomware Attacks
A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.
Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.
https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/
Security is a Revenue Booster, Not a Cost Centre
Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.
For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.
In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.
https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center
Ex-CEO Gets Prison Sentence for Bad Security
A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.
Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.
The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.
Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers
There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.
https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/
KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend
KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.
The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.
71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.
Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.
Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack
Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.
While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.
Outdated Cyber Security Practices Leave Door Open for Criminals
A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.
https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/
Quantifying Cyber Risk Vital for Business Survival
Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.
https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/
Recycled Network Devices Exposing Corporate Secrets
Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.
Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.
In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.
The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.
https://www.infosecurity-magazine.com/news/recycled-network-exposing/
Threats
Ransomware, Extortion and Destructive Attacks
83% of organisations paid up in ransomware attacks | VentureBeat
March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)
Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)
Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)
RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)
Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)
NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs
Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek
LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)
Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch
Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs
Black Basta claims it's selling off stolen Capita data • The Register
Ransomware reinfection and its impact on businesses - Help Net Security
Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)
Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)
Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)
Medusa ransomware crew boasts of Microsoft code leak • The Register
New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)
Phishing & Email Based Attacks
New Qbot campaign delivers malware by hijacking business emails | CSO Online
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET
UK government employees receive average of 2,246 malicious emails per year - IT Security Guru
BEC – Business Email Compromise
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
US charges three men with six million dollar business email compromise plot | Tripwire
2FA/MFA
Malware
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)
US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)
New QBot campaign delivered hijacking business correspondenceSecurity Affairs
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)
Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)
'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)
What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)
Mobile
Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)
Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)
Botnets
Internet of Things – IoT
Military helicopter crash blamed on missing software patch • The Register
Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)
Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News
The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)
Five Eye nations release new guidance on smart city cyber security | CSO Online
Data Breaches/Leaks
Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)
Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters
Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News
Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek
Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek
Organised Crime & Criminal Actors
Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)
Standardized data collection methods can help fight cyber crime | TechTarget
Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
On the hunt for the businessmen behind a billion-dollar scam - BBC News
Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)
Insider Risk and Insider Threats
Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert
HR Magazine - UK government plans to make businesses liable for employee fraud
Top risks and best practices for securely offboarding employees | CSO Online
How to Strengthen your Insider Threat Security - IT Security Guru
Fraud, Scams & Financial Crime
Pre-pandemic techniques are fueling record fraud rates - Help Net Security
HR Magazine - UK government plans to make businesses liable for employee fraud
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)
US extradites Nigerian charged in $6m email fraud scam • The Register
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
Three charged over banking fraud for hire website | Computer Weekly
On the hunt for the businessmen behind a billion-dollar scam - BBC News
Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)
Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur
FTC orders payments firm to pay $650k over tech support scam • The Register
Scammers using social media to dupe people into becoming money mules - Help Net Security
AML/CFT/Sanctions
Insurance
Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)
Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek
Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online
Dark Web
Supply Chain and Third Parties
Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)
Lazarus APT group employed Linux Malware in recent attacks-Security Affairs
Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)
Software Supply Chain
Cloud/SaaS
Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)
Linux kernel logic allowed Spectre attack on major cloud • The Register
Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)
Is there really a march from the public cloud back on-prem? | TechCrunch
Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)
Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)
Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)
Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs
Attack Surface Management
Shadow IT
Identity and Access Management
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)
The biggest data security blind spot: Authorization - Help Net Security
Encryption
API
Open Source
Linux kernel logic allowed Spectre attack on major cloud • The Register
Security beyond software: The open source hardware security evolution - Help Net Security
Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian
Scammers using social media to dupe people into becoming money mules - Help Net Security
Regulations, Fines and Legislation
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
EU privacy regulators to create task force to investigate ChatGPT | Computerworld
What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)
Brit cops rapped over app that recorded 200k phone calls • The Register
Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)
US imposes $300m penalty over hard disk drive exports to Huawei - BBC News
Governance, Risk and Compliance
Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)
Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security
'One in three firms faced cyber attacks last year' (aol.co.uk)
Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com
Quantifying cyber risk vital for business survival - Help Net Security
Wargaming an effective data breach playbook - Help Net Security
Outdated cyber security practices leave door open for criminals - Help Net Security
CISOs struggling to protect sensitive data records - Help Net Security
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)
Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)
Ex-CIO must pay £81k over Total Shambles Bank migration • The Register
Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security
Top risks and best practices for securely offboarding employees | CSO Online
How companies are struggling to build and run effective cyber security programs - Help Net Security
Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)
Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)
Secure Disposal
Backup and Recovery
Data Protection
Government reprimanded for serious breaches of data protection law - Jersey Evening Post
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
Brit cops rapped over app that recorded 200k phone calls • The Register
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)
US extradites Nigerian charged in $6m email fraud scam • The Register
Three charged over banking fraud for hire website | Computer Weekly
US citizens charged with pushing pro-Kremlin disinformation • The Register
Privacy, Surveillance and Mass Monitoring
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
What the Recent Collapse of SVB Means for Privacy (darkreading.com)
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)
Artificial Intelligence
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online
Pen testing amid the rise of AI-powered threat actors | TechTarget
EU privacy regulators to create task force to investigate ChatGPT | Computerworld
Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register
AI-created malware sends shockwaves through cybersecurity world | Fox News
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)
ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russian hackers targeting UK more frequently (thetimes.co.uk)
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News
Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)
Meet the hacker armies on Ukraine's cyber front line - BBC News
Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)
Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews
NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)
UK, US sound the alarm on Russians exploiting Cisco flaws • The Register
Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)
US citizens charged with pushing pro-Kremlin disinformation • The Register
Heightened threat of state-aligned groups against western... - NCSC.GOV.UK
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
How cyber support to Ukraine can build its democratic future | CyberScoop
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)
Britain sounds alarm on spyware, mercenary hacking market | Reuters
Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)
The UK will need more than words in this cyber war | Financial Times (ft.com)
Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)
Nation State Actors
BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)
3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)
UK security chief’s alert over threat from China (thetimes.co.uk)
Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)
US charges 44 members of alleged Chinese troll army • The Register
Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)
Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)
Heightened threat of state-aligned groups against western... - NCSC.GOV.UK
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)
Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)
US imposes $300m penalty over hard disk drive exports to Huawei - BBC News
Vulnerability Management
Military helicopter crash blamed on missing software patch • The Register
Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)
Vulnerabilities
UK, US sound the alarm on Russians exploiting Cisco flaws • The Register
Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)
Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)
Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)
Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs
VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek
Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)
Tools and Controls
Pen testing amid the rise of AI-powered threat actors | TechTarget
7 countries unite to push for secure-by-design development | CSO Online
Wargaming an effective data breach playbook - Help Net Security
Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)
DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)
Microsoft opens up Defender with file hash, URL search • The Register
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)
Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek
CISOs struggling to protect sensitive data records - Help Net Security
AI defenders ready to foil AI-armed attackers • The Register
Newer Authentication Tech a Priority for 2023 (darkreading.com)
Other News
Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop
Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)
How to defend against TCP port 445 and other SMB exploits | TechTarget
Criminal Records Service still disrupted 4 weeks after hack - BBC News
Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)
EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 March 2022
Black Arrow Cyber Threat Briefing 25 March 2022:
-Morgan Stanley Client Accounts Breached in Social Engineering Attacks
-Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More
-Phishing Kits Constantly Evolve to Evade Security Software
-Ransomware Payments, Demands Rose Dramatically in 2021
-7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in UK
-Here's How Fast Ransomware Encrypts Files
-HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For
-The Cyber Warfare Predicted In Ukraine May Be Yet To Come
-The Three Russian Cyber Attacks The West Most Fears
-Do These 8 Things Now To Boost Your Security Ahead Of Potential Russian Cyber Attacks
-Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone
-Expanding Threat Landscape: Cyber Criminals Attacking from All Sides
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Morgan Stanley Client Accounts Breached in Social Engineering Attacks
Morgan Stanley Wealth Management says some of its customers had their accounts compromised in social engineering attacks.
The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a voice call to convince their targets into revealing sensitive information such as banking or login credentials.
The company said in a notice sent to affected clients that, "on or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.
After successfully breaching their accounts, the attacker also electronically transferred money to their own bank account by initiating payments using the Zelle payment service.
Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More
Business email compromise (BEC) remains the biggest source of financial losses, which totalled $2.4 billion in 2021, up from an estimated $1.8 billion in 2020, according to the Federal Bureau of Investigation's (FBI) Internet Crime Center (IC3).
The FBI says in its 2021 annual report that Americans last year lost $6.9 billion to scammers and cyber criminals through ransomware, BEC, and cryptocurrency theft related to financial and romance scams. In 2020, that figure stood at $4.2 billion.
Last year, FBI's Internet Crime Complaint Center (IC3) received 847,376 complaints about cybercrime losses, up 7% from 791,790 complaints in 2020.
BEC has been the largest source of fraud for several years despite ransomware attacks grabbing most headlines.
Phishing Kits Constantly Evolve to Evade Security Software
Modern phishing kits sold on cybercrime forums as off-the-shelf packages feature multiple, sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won’t mark them as a threat.
Fake websites that mimic well-known brands are abundant on the internet to lure victims and steal their payment details or account credentials.
Most of these websites are built using phishing kits that feature brand logos, realistic login pages, and in cases of advanced offerings, dynamic webpages assembled from a set of basic elements.
Ransomware Payment Demands Rose Dramatically in 2021
Ransomware attackers demanded dramatically higher ransom fees last year, and the average ransom payment rose by 78% to $541,010, according to data from incident response (IR) cases investigated by Palo Alto Networks Unit 42.
IR cases by Unit 42 also saw a whopping 144% increase in ransom demands, to $2.2 million. According to the report, the most victimised sectors were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.
Cyber extortion spiked, with 85% of ransomware victims — some 2, 556 organisations — having their data dumped and exposed on leak sites, according to the "2022 Unit 42 Ransomware Threat Report."
Conti led the ransomware attack volume, representing some one in five cases Unit 42 investigated, followed by REvil, Hello Kitty, and Phobos.
https://www.darkreading.com/attacks-breaches/ransomware-payments-demands-rose-dramatically-in-2021
7 Suspected Members of LAPSUS$ Hacker Gang, aged 16 to 21, Arrested in UK
The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.
"The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector, Michael O'Sullivan, said in a statement shared with The Hacker News. "Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."
The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based teenager is the mastermind of the group. It's not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is alleged to have accumulated about $14 million in Bitcoin from hacking.
https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html
Here's How Fast Ransomware Encrypts Files
Forty-two minutes and 54 seconds: that's how quickly the median ransomware variant can encrypt and lock out a victim from 100,000 of their files.
The data point came from Splunk's SURGe team, which analysed in its lab how quickly the 10 biggest ransomware strains — Lockbit, REvil, Blackmatter, Conti, Ryuk, Avaddon, Babuk, Darkside, Maize, and Mespinoza — could encrypt 100,000 files consisting of some 53.93 gigabytes of data. Lockbit won the race, with speeds of 86% faster than the median. One Lockbit sample was clocked at encrypting 25,000 files per minute.
Splunk's team found that ransomware variants are all over the map speed-wise, and the underlying hardware can dictate their encryption speeds.
https://www.darkreading.com/application-security/here-s-how-fast-ransomware-encrypts-files
HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For
Web malware (47%) and ransomware (42%) now top the list of security threats that organisations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.
This is according to research published by Menlo Security, exploring what steps organisations are taking to secure themselves in the wake of a new class of cyber threats – known as Highly Evasive Adaptive Threats (HEAT).
As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.
https://www.helpnetsecurity.com/2022/03/22/web-security-threats/
The Cyber Warfare Predicted in Ukraine May Be Yet to Come
In the build-up to Russia’s invasion of Ukraine, the national security community braced for a campaign combining military combat, disinformation, electronic warfare and cyber attacks. Vladimir Putin would deploy devastating cyber operations, the thinking went, to disable government and critical infrastructure, blind Ukrainian surveillance capabilities and limit lines of communications to help invading forces. But that’s not how it has played out. At least, not yet.
The danger is that as political and economic conditions deteriorate, the red lines and escalation judgments that kept Moscow’s most potent cyber capabilities in check may adjust. Western sanctions and lethal aid support to Ukraine may prompt Russian hackers to lash out against the west. Russian ransomware actors may also take advantage of the situation, possibly resorting to cyber crime as one of the few means of revenue generation.
https://www.ft.com/content/2938a3cd-1825-4013-8219-4ee6342e20ca
The Three Russian Cyber Attacks the West Most Fears
The UK's cyber authorities are supporting the White House's calls for "increased cyber-security precautions", though neither has given any evidence that Russia is planning a cyber-attack.
Russia has previously stated that such accusations are "Russophobic".
However, Russia is a cyber-superpower with a serious arsenal of cyber-tools, and hackers capable of disruptive and potentially destructive cyber-attacks.
Ukraine has remained relatively untroubled by Russian cyber-offensives but experts now fear that Russia may go on a cyber-offensive against Ukraine's allies.
"Biden's warnings seem plausible, particularly as the West introduced more sanctions, hacktivists continue to join the fray, and the kinetic aspects of the invasion seemingly don't go to plan," says Jen Ellis, from cyber-security firm Rapid7.
This article from the BCC outlines the hacks that experts most fear, and they are repeats of things we have already seen coming out of Russia, only potentially a lot more destructive this time around.
https://www.bbc.co.uk/news/technology-60841924
Do These 8 Things Now to Boost Your Security Ahead of Potential Russian Cyber Attacks
The message comes as the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) ramp up warnings about Russian hacking of everything from online accounts to satellite broadband networks. CISA's current campaign is called Shields Up, which urges all organisations to patch immediately and secure network boundaries. This messaging is being echoed by UK and other Western Cyber authorities:
The use of Multi-Factor Authentication (MFA) is being very strongly advocated. The White House and other agencies both sides of the Atlantic also urged companies to take seven other steps:
Deploy modern security tools on your computers and devices to continuously look for and mitigate threats
Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors
Back up your data and ensure you have offline backups beyond the reach of malicious actors
Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack
Encrypt your data so it cannot be used if it is stolen
Educate your employees to common tactics that attackers will use over email or through websites
Work with specialists to establish relationships in advance of any cyber incidents.
Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone
The FBI's Internet Crime Complaint Center (IC3) reported a record-breaking year for 2021 in the number of complaints it received, among which business email compromise (BEC) attacks made up the majority of incidents.
IC3 handled 847,376 complaint reports last year — an increase of 7% over 2020 — which mainly revolved around phishing attacks, nonpayment/nondelivery scams, and personal data breaches. Overall, losses amounted to more than $6.9 billion.
BEC and email account compromises ranked as the No. 1 attack, accounting for 19,954 complaints and losses of around $2.4 billion.
"In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them," Paul Abbate, deputy director of the FBI wrote in the IC3's newly published annual report.
Expanding Threat Landscape: Cyber Criminals Attacking from All Sides
Research from Trend Micro warns of spiralling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organisations and individuals.
“Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks,” said Jon Clay, VP of threat intelligence at Trend Micro.
“Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted.”
Ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit. Ransomware-as-a-service offerings have opened the market to attackers with limited technical knowledge – but also given rise to more specialisation, such as initial access brokers who are now an essential part of the cybercrime supply chain.
Threat actors are also getting better at exploiting human error to compromise cloud infrastructure and remote workers. Trend Micro detected and prevented 25.7 million email threats in 2021 compared to 16.7 million in 2020, with the volume of blocked phishing attempts nearly doubling over the period. Research shows home workers are often prone to take more risks than those in the office, which makes phishing a particular risk.
https://www.helpnetsecurity.com/2022/03/22/threat-actors-increase-attack/
Threats
Ransomware
Ransomware Infections Follow Precursor Malware – Lumu • The Register
Ransomware, Malware-as-a-Service Dominate Threat Landscape | SecurityWeek.Com
AvosLocker Ransomware - What You Need To Know | The State of Security (tripwire.com)
What the Conti Ransomware Group Data Leak Tells Us (darkreading.com)
Ransomware Demands And Payments Increase With Use Of Leak Sites (computerweekly.com)
Ten Notorious Ransomware Strains Put to The Encryption Speed Test (bleepingcomputer.com)
Lockbit Wins Ransomware Speed Test, Encrypts 25k Files/Min • The Register
Talos warns of BlackMatter-linked BlackCat Ransomware • The Register
Report: 89% of Organizations Say Kubernetes Ransomware Is A Problem Today | VentureBeat
Top Russian Meat Producer Hit with Windows BitLocker Encryption Attack (bleepingcomputer.com)
Greece's Public Postal Service Offline Due To Ransomware Attack (bleepingcomputer.com)
Lawsuit Claims Kronos Breach Exposed Data For 'Millions' (techtarget.com)
Estonian Man Sentenced To Prison For Role In Cyber Intrusions, Ransomware Attacks - CyberScoop
Phishing & Email
New Phishing Toolkit Lets Anyone Create Fake Chrome Browser Windows (bleepingcomputer.com)
Browser-in-the-Browser Attack Makes Phishing Nearly Invisible | Threatpost
'Unique Attack Chain' Drops Backdoor in New Phishing Campaign (darkreading.com)
Other Social Engineering
Malware
Malicious Microsoft Excel Add-Ins Used to Deliver RAT Malware (bleepingcomputer.com)
BitRAT Malware Now Spreading As A Windows 10 License Activator (bleepingcomputer.com)
Mobile
URL Rendering Trick Enabled WhatsApp, Signal, iMessage Phishing (bleepingcomputer.com)
Downloaders Currently the Most Prevalent Android Malware (darkreading.com)
Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users (thehackernews.com)
Android Password-Stealing Malware Infects 100,000 Google Play Users (bleepingcomputer.com)
IoT
Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns (thehackernews.com)
Honda Civics Vulnerable To Remote Unlock, Start Hack • The Register
Data Breaches/Leaks
UK MoD's Capita-Run Recruitment Portal Support Offline • The Register
Background Check Company Sued Over Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Organised Crime & Criminal Actors
Who is LAPSUS$, the Gang Hacking Microsoft, Samsung, and Okta? (gizmodo.com)
Hackers Are Targeting European Refugee Charities -Ukrainian Official | Reuters
Hackers Steal From Hackers By Pushing Fake Malware On Forums (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking
An Investigation of Cryptocurrency Scams and Schemes (trendmicro.com)
Global Regulators Monitor Crypto Use in Ukraine War | Reuters
Cryptocurrency Companies Impacted by HubSpot Breach (techtarget.com)
Insider Risk and Insider Threats
6 Types Of Insider Threats And How To Prevent Them (techtarget.com)
HP Staffer Blew $5m On Personal Expenses With Company Card • The Register
Fraud, Scams & Financial Crime
Internet Crime in 2021: Investment Fraud Losses Soar - Help Net Security
NFT Fraud in the UK Soars 400% in 2021 - Infosecurity Magazine (infosecurity-magazine.com)
DeFiance Capital Founder Loses $1.7M in NFTs To Phishing Scam - Decrypt
Insurance
Dark Web
Supply Chain
Cloud
Passwords & Credential Stuffing
Spyware, Espionage & Cyber Warfare
Nation State Actors
Nation State Actors – Russia
Internet Sanctions Against Russia Pose Risks, Challenges For Businesses | CSO Online
Is It Safe To Use Russian-Based Kaspersky Antivirus? No, And Here's Why (komando.com)
Anonymous Leaked 28gb of Data Stolen from The Central Bank of Russia - Security Affairs
President Biden Says Russia Exploring Revenge Cyber Attacks • The Register
Analysis: Putin's next escalation could be a direct cyberattack on the West - CNNPolitics
Russia-backed Hackers Bypassed MFA, Exploited Print Vulnerability - MSSP Alert
Hackers Around The World Deluge Russia's Internet With Simple, Effective Cyber Attacks (nbcnews.com)
Anonymous Targets Western Companies Still Active in Russia - Security Affairs
Ukrainian Enterprises Hit with the DoubleZero Wiper - Security Affairs
NATO, G-7 Leaders Promise Bulwark Against Retaliatory Russian Cyber Attacks (cyberscoop.com)
Russia Hacked Ukrainian Satellite Communications, Officials Believe - BBC News
Russia-linked InvisiMole APT Targets State Organizations Of Ukraine - Security Affairs
Corrupted Open-Source Software Enters the Russian Battlefield | ZDNet
Nestlé Says 'Anonymous' Data Leak Actually A Self-Own • The Register
Nation State Actors – China
Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion (thehackernews.com)
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection | Threatpost
Mustang Panda Hacking Group Takes Advantage Of Ukraine Crisis In New Attacks | ZDNet
Nation State Actors – North Korea
Vulnerabilities
CISA Adds 66 Vulnerabilities To List Of Bugs Exploited In Attacks (bleepingcomputer.com)
Three Critical RCE Flaws Affect Hundreds of HP Printer Models - Security Affairs
Critical Sophos Firewall vulnerability allows remote code execution (bleepingcomputer.com)
VMware Fixes Carbon Black Command Injection, Upload Bugs • The Register
Western Digital Fixes Critical Bug Giving Root On My Cloud NAS Devices (bleepingcomputer.com)
Sector Specific
Health/Medical/Pharma Sector
Scottish Mental Health Charity SAMH Targeted In Cyber Attack - BBC News
Over 1 Million Impacted in Data Breach at Texas Dental Services Provider | SecurityWeek.Com
Retail/eCommerce
Transport and Aviation
Energy & Utilities
Education and Academia
Reports Published in the Last Week
Other News
A Better Grasp of Cyber Attack Tactics Can Stop Criminals Faster (bleepingcomputer.com)
The Chaos (and Cost) of the Lapsus$ Hacking Carnage | SecurityWeek.Com
Soldiers told to use Signal instead of WhatsApp for security | The Times
Cyber Security Compliance: Start With Proven Best Practices - Help Net Security
Only 27% of Orgs Have Advanced Threat Protection on Endpoints | VentureBeat
Okta Breach Leads To Questions On Disclosure, Reliance On Third-Party Vendors - CyberScoop
The Challenges Audit Leaders Need To Look Out For This Year - Help Net Security
South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau (thehackernews.com)
ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed - Infosecurity Magazine
Security Teams are Responsible for Over 165k Assets - Infosecurity Magazine
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 December 2021
Black Arrow Cyber Threat Briefing 24 December 2021
-Cyber Criminals Shifting Focus: IT Sector Most Targeted In 2021
-Log4j Flaw: Attackers Are 'Actively Scanning Networks' Warns New Guidance, Joint Advisory from Cyber Agencies in US, Australia, Canada, New Zealand and the United Kingdom
-New Ransomware Variants Flourish Amid Law Enforcement Actions
-93% of Tested Networks Vulnerable to Breach, Pen Testers Find
-Dridex Malware Trolls Employees With Fake Job Termination Emails
-More Than 35,000 Java Packages Impacted By Log4j Flaw, Google Warns
-Conti Ransomware Gang Has Full Log4Shell Attack Chain
-Second Ransomware Family Exploiting Log4j Spotted In US, Europe
-Threat actors steal $80 million per month with fake giveaways, surveys
-Microsoft Teams might have a few serious security issues
-The Future of Work Has Changed, and Your Security Mindset Needs to Follow
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Criminals Shifting Focus: IT Sector Most Targeted In 2021
Darktrace reported that the IT and communications sector was globally the most targeted industry by cybercriminals in 2021.
Darktrace’s data is developed by ‘early indicator analysis’ that looks at the breadcrumbs of potential cyber-attacks at several stages before they are attributed to any particular actor and before they escalate into a full-blown crisis. Findings show that its artificial intelligence autonomously interrupted an average of 150,000 threats per week against the sector in 2021.
The IT and communications sector includes telecommunications providers, software developers, and managed security service providers, amongst others. There was also a growing trend of hackers targeting backup servers in an attempt to deliberately disable or corrupt backup files by deleting a single index file that would render all backups inaccessible. Attackers could then launch ransomware attacks against the clients of the backup vendor, preventing recovery and forcing payment.
In 2020, the most attacked industry was the financial and insurance sector, showing that cyber-criminals have shifted their focus over the last 12 months.
Over the last 12 months, it is clear that attackers are relentlessly trying to access the networks of trusted suppliers in the IT and communications sector. Quite simply, it is a better return on investment than, for example, going after one company in the financial services sector. SolarWinds and Kaseya are just two well-known and recent examples of this. Sadly, there is likely to be more in the near term.
The findings of this research mark one year since the compromise of US software company SolarWinds rattled the security industry. This landmark supply-chain attack made thousands of organisations vulnerable to infiltration by inserting malicious code into the Orion system. Over the last 12 months, there has been a continued spate of attacks against the IT and communications sector, including the high-profile attacks on Kaseya and Gitlab.
https://www.helpnetsecurity.com/2021/12/22/cybercriminals-it-sector/
New Ransomware Variants Flourish Amid Law Enforcement Actions
Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cyber crime gangs to prevent them from victimizing additional companies.
"Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] groups dominating the ecosystem at this point in time are completely different than just a few months ago," Intel 471 researchers said in a report published this month. "Yet, even with the shift in the variants, ransomware incidents as a whole are still on the rise."
Sweeping law enforcement operations undertaken by government agencies in recent months have brought about rapid shifts in the RaaS landscape and turned the tables on ransomware syndicates like Avaddon, BlackMatter, Cl0p, DarkSide, Egregor, and REvil, forcing the actors to slow down or shut down their businesses altogether.
https://thehackernews.com/2021/12/new-ransomware-variants-flourish-amid.html
93% of Tested Networks Vulnerable to Breach, Pen Testers Find
Data from dozens of penetration tests and security assessments suggest nearly every organisation can be infiltrated by cyber attackers.
The vast majority of businesses can be compromised within a month by a motivated attacker using common techniques, such as compromising credential, exploiting known vulnerabilities in software and Web applications, or taking advantage of configuration flaws, according to an analysis of security assessments by Positive Technologies.
In 93% of cases, an external attacker could breach a target company's network and gain access to local devices and systems, the company's security service professionals found. In 71% of cases, the attacker could affect the businesses in a way deemed "unacceptable." For example, every bank tested by the security firm could be attacked in a way that disrupted business processes and reduced the quality of their service.
Dridex Malware Trolls Employees With Fake Job Termination Emails
A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message.
Dridex is a banking malware spread through malicious emails that was initially developed to steal online banking credentials. Over time, the developers evolved the malware to use different modules that provide additional malicious behaviour, such as installing other malware payloads, providing remote access to threat actors, or spreading to other devices on the network.
This malware was created by a hacking group known as Evil Corp, which is behind various ransomware operations, such as BitPaymer, DoppelPaymer, WastedLocker variants, and Grief. Due to this, Dridex infections are known to lead to ransomware attacks on compromised networks.
More Than 35,000 Java Packages Impacted By Log4j Flaw, Google Warns
The Google Open Source Team scanned the Maven Central Java package repository and found that 35,863 packages (8% of the total) were using versions of the Apache Log4j library vulnerable to Log4Shell exploit and to the CVE-2021-45046 RCE.
“More than 35,000 Java packages, amounting to over 8% of the Maven Central repository (the most significant Java package repository), have been impacted by the recently disclosed log4j vulnerabilities (1, 2), with widespread fallout across the software industry.” reads the report published by Google. “As far as ecosystem impact goes, 8% is enormous.”
The Google experts used the Open Source Insights, a project used to determine open source dependencies, to assess all versions of all artifacts in the Maven Central Repository.
The experts pointed out that the direct dependencies account for around 7,000 of the affected packages. Most of the affected artifacts are related to indirect dependencies.
Since the vulnerability was disclosed, 13% of all vulnerable packages have been fixed (4,620).
https://securityaffairs.co/wordpress/125845/security/log4j-java-packages-flaws.html
Log4j Flaw: Attackers Are 'Actively Scanning Networks' Warns New Guidance, Joint Advisory from Cyber Agencies in US, Australia, Canada, New Zealand and the United Kingdom
A new informational Log4J advisory has been issued by cybersecurity leaders from the US, Australia, Canada, New Zealand and the United Kingdom. The guide includes technical details, mitigations and resources to address known vulnerabilities in the Apache Log4j software library.
The project is a joint effort by the US' Cybersecurity and Infrastructure Security Agency (CISA), FBI and NSA, as well as the Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Computer Emergency Response Team New Zealand (CERT NZ), New Zealand National Cyber Secure Centre (NZ NCSC), and the United Kingdom's National Cyber Security Centre (NCSC-UK).
The organisations said they issued the advisory in response to "active, worldwide exploitation by numerous threat actors, including malicious cyber threat actors." Numerous groups from North Korea, Iran, Turkey and China have been seen exploiting the vulnerability alongside a slate of ransomware groups and cybercriminal organisations.
Conti Ransomware Gang Has Full Log4Shell Attack Chain
The Conti gang was the first professional-grade, sophisticated ransomware group to weaponise Log4j2, now with a full attack chain.
The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain.
The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of dozens of ransomware groups currently known to be active – was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago, security firm Advanced Intelligence (AdvIntel) said in a report shared with Threatpost on Thursday.
As of Monday the attack chain has taken the following form, AdvIntel’s Yelisey Boguslavskiy told Threatpost: Emotet -> Cobalt Strike -> Human Exploitation -> (no ADMIN$ share) -> Kerberoast -> vCenter ESXi with log4shell scan for vCenter.
https://threatpost.com/conti-ransomware-gang-has-full-log4shell-attack-chain/177173/
Second Ransomware Family Exploiting Log4j Spotted In US, Europe
This was quickly followed by a second ransomware group when researchers found a second family of ransomware has been growing in usage for attack attempts that exploit the critical vulnerability in Apache Log4j, including in the US and Europe.
A number of researchers, including at cybersecurity giant Sophos, have now said they’ve observed the attempted deployment of a ransomware family known as TellYouThePass. Researchers have described TellYouThePass as an older and largely inactive ransomware family — which has been revived following the discovery of the vulnerability in the widely used Log4j logging software.
https://venturebeat.com/2021/12/21/second-ransomware-family-exploiting-log4j-spotted-in-u-s-europe/
Threat actors steal $80 million per month with fake giveaways, surveys
Scammers are estimated to have made $80 million per month by impersonating popular brands asking people to participate in fake surveys or giveaways.
Researchers warn of this new trend in global fraud schemes involving targeted links to make investigation and take-down increasingly challenging.
According to current estimates, these massive campaigns resulted in an estimated $80,000,000 per month, stolen from 10 million people in 91 countries.
The scam themes are the typical and "trustworthy" fake surveys and giveaways from popular brands with the holiday season making targets more susceptible to fraudulent gift offerings.
According to a report by Group-IB, there are currently 60 known scam networks that use targeted links in their campaigns, impersonating 121 brands in false giveaways.
Each network uses an average of 70 different Internet domain names as part of their campaigns, but some find great success with fewer domains, which indicates that quality beats quantity when it comes to scams.
Microsoft Teams might have a few serious security issues
Security researchers have discovered four separate vulnerabilities in Microsoft Teams that could be exploited by an attacker to spoof link previews, leak IP addresses and even access the software giant's internal services.
These discoveries were made by researchers at Positive Security who “stumbled upon” them while looking for a way to bypass the Same-Origin Policy (SOP) in Teams and Electron according to a new blog post. For those unfamiliar, SOP is a security mechanism found in browsers that helps stop websites from attacking one another.
During their investigation into the matter, the researchers found that they could bypass the SOP in Teams by abusing the link preview feature in Microsoft's video conferencing software by allowing the client to generate a link preview for the target page and then using either summary text or optical character recognition (OCR) on the preview image to extract information.
https://www.techradar.com/news/microsoft-teams-might-have-a-few-serious-security-issues
The Future of Work Has Changed, and Your Security Mindset Needs to Follow
VPNs have become a vulnerability that puts organisations at risk of cyber attacks.
When businesses first sent employees to work from home in March 2020 — thinking it'd only be for two weeks — they turned to quick fixes that would enable remote work for large numbers of people as quickly as possible. While these solutions solved the short-term challenge of allowing distributed workforces to connect to a company's network from anywhere, they're now becoming a security vulnerability that is putting organisations at risk of growing cyberattacks.
Now that almost two years have passed and work has fundamentally shifted, with fully or hybrid remote environments here to stay, business and security leaders need solutions that better fit their unique and increasingly complex needs. In fact, a new survey from Menlo Security has found that 75% of organisations are re-evaluating their security strategies for remote employees, exemplifying that accommodating remote work is a top priority for the majority of business leaders.
To successfully manage the risks that distributed workforces entail, leaders must shift their mindset away from the hub-and-spoke approach of providing connectivity to the entire network, instead segmenting access by each individual private application, wherever it is deployed, as threats of cyberattacks loom across all industries. As organisations grapple with the added security challenges that remote and hybrid work environments bring, adopting a zero-trust approach will be critical for end-to-end network and endpoint protection.
Threats
Ransomware
Ransomware Threat Just as Urgent as Terrorism, Say Two-Thirds of IT Pros - Infosecurity Magazine
PYSA Emerges as Top Ransomware Actor in November | Threatpost
AvosLocker Ransomware Reboots In Safe Mode To Bypass Security Tools (bleepingcomputer.com)
Rook Ransomware Is Yet Another Spawn Of The Leaked Babuk Code (bleepingcomputer.com)
PYSA Ransomware Behind Most Double Extortion Attacks In November (bleepingcomputer.com)
This Ransomware Strain Just Started Targeting Lots More Businesses | ZDNet
Phishing
How Likely Are Employees To Fall Prey To A Phishing Attack? - Help Net Security
Dridex Omicron Phishing Taunts With Funeral Helpline Number (bleepingcomputer.com)
New Phishing Campaign Claims $80m Per Month - IT Security Guru
Malware
Log4j Vulnerability Now Used To Install Dridex Banking Malware (bleepingcomputer.com)
New BLISTER Malware Using Code Signing Certificates to Evade Detection (thehackernews.com)
IoT
Cryptocurrency/Cryptomining/Cryptojacking
Example Of How Attackers Are Trying To Push Crypto Miners Via Log4Shell - SANS Internet Storm Center
Insider Risk and Insider Threats
Scams, Fraud & Financial Crime
Insurance
Dark Web
OT, ICS, IIoT and SCADA
Lights Out: Cyber Attacks Shut Down Building Automation Systems (darkreading.com)
Walk-Through Metal Detectors Can Be Hacked, New Research Finds (gizmodo.com)
Nation State Actors
Passwords
Parental Controls and Child Safety
Vulnerabilities
Microsoft Teams Bug Allowing Phishing Unpatched Since March (bleepingcomputer.com)
FBI: Another Zoho ManageEngine Zero-Day Under Active Attack | Threatpost
Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers (thehackernews.com)
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers | Threatpost
Researchers Disclose Unpatched Vulnerabilities in Microsoft Teams Software (thehackernews.com)
Microsoft Admits To Azure App Service Source Code Leak Bug • The Register
Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security (thehackernews.com)
New Dell BIOS Updates Cause Laptops And Desktops Not To Boot (bleepingcomputer.com)
Western Digital Warns Customers To Update Their My Cloud Devices (Bleepingcomputer.Com)
New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G (thehackernews.com)
Sector Specific
Health/Medical/Pharma Sector
Retail
Transport and Aviation
Other News
How Confident Can Organisations Be In Their Managed Services Security? - Help Net Security
Experts Discover Backdoor Deployed on the US Federal Agency's Network (thehackernews.com)
Half-Billion Compromised Credentials Lurking on Open Cloud Server | Threatpost
New Log4J Flaw Caps Year of Relentless Cyber Security Crises - WSJ
Log4Shell Is A Dumpster Fire That Should Have Been Avoided - Help Net Security
7 of the Most Impactful Cyber Security Incidents of 2021 (darkreading.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 July 2021
Black Arrow Cyber Threat Briefing 02 July 2021: Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit; 71% Of Orgs Experienced BEC Attacks Over The Past Year; Cyber Insurance Making Ransomware Crisis Worse; Breach Exposes 92% Of LinkedIn Users; Users Clueless About Cyber Security Risks; Paying Ransoms Make You A Bigger Target; Cyber Crime Never Sleeps; Classified MOD Docs Found At Bus Stop; Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit
Hackers began a ransomware attack on Friday, hitting at least 200 companies, according to cyber security researchers.
In what appears to be one of the largest supply chain attacks to date, hackers compromised Kaseya, an IT management software supplier, in order to spread ransomware to the managed service providers that use its technology, as well as to their clients in turn.
The attacks have been attributed t=to REvil, the notorious Russia-linked ransomware cartel that the FBI claimed was behind recent crippling attack on beef supplier JBS.
The attack is the latest example of hackers weaponising the IT supply chain in order to attack victims at scale, by breaching just one provider. Last year, it emerged that Russian state-backed hackers had hijacked the SolarWinds IT software group in order to penetrate the email networks of US federal agencies and corporations, for example.
Late on Friday, Kaseya urged those using the compromised “VSA server” tool, which provides remote monitoring and patching capabilities, to shut it down immediately.
https://www.ft.com/content/a8e7c9a2-5819-424f-b087-c6f2e8f0c7a1
71% Of Organisations Experienced BEC Attacks Over The Past Year
Business email compromise (BEC) attacks are one of the most financially damaging cyber crimes and have been on the rise over the past year. This is according to a new report which revealed that spoofed email accounts or websites accounted for the highest number of BEC attack as 71% of organisations acknowledged they had seen one over the past year. This is followed by spear phishing (69%) and malware (24%). Data from 270 IT and cyber security professionals were collected to identify the latest enterprise adoption trends, gaps and solution preferences related to phishing attacks.
https://www.helpnetsecurity.com/2021/06/25/bec-attacks-past-year/
Cyber Insurance Isn't Helping With Cyber Security, And It Might Be Making The Ransomware Crisis Worse, Say Researchers
Cyber insurance is designed to protect organisations against the fallout of cyber attacks, including covering the financial costs of dealing with incidents. However, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it's the customer that makes any decision to pay the ransom, not the insurer.
LinkedIn Breach Reportedly Exposes Data Of 92% Of Users, Including Inferred Salaries
A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up to date. No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. https://9to5mac.com/2021/06/29/linkedin-breach/
Users Clueless About Cyber Security Risks
Organisations are facing yet another unprecedented threat to their cyber security now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new survey shows the mountains of work ahead for security teams in not just locking down their organisations’ systems but also in keeping users from getting duped into handing over the keys to the kingdom. 2,000 end users were surveyed in the U.S. and found the dangers to critical infrastructure, utilities and food supplies are not sinking in with the public, despite the deluge of headlines.
https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/
Ransomware: Paying Up Won't Stop You From Getting Hit Again, Says Cyber Security Chief
Ireland's Health Service Executive (HSE) has been praised for its response after falling victim to a major ransomware attack and for not giving into cyber criminals and paying a ransom. HSE was hit with Conti ransomware in May, significantly impacting frontline health services. The attackers initially demanded a ransom of $20 million in bitcoin for the decryption key to restore the network. While the gang eventually handed over a decryption key without receiving a ransom, they still published stolen patient data – a common technique by ransomware attackers, designed to pressure victims into paying.
Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk
Phishing attacks, insider threats, denial of service disruptions, malware and ransomware — cyber security incidents like these happen on a daily basis. For most of these incidents, the onsite IT team will remediate based on a pre-developed plan and process. And for many of these incidents, that’s a solid approach. But those incident response plans and strategies are IT oriented and geared toward short-term fixes and single incident responses. Meaning, if an incident accelerates beyond a handful of infected laptops or a compromised server and begins to affect operations of all or even part of the organisation, business itself can be disrupted — or even shut down entirely.
https://securityintelligence.com/posts/incident-response-vs-cyber-crisis-management-plan/
Cyber Crime Never Sleeps
When the Colonial Pipeline fell victim to a ransomware attack, people across the United States were shocked to find that a single episode of cyber crime could lead to widespread delays, gas shortages and soaring prices at the pump. But disruptive ransomware attacks like these are far from rare; in fact, they are becoming more and more frequent. Cyber crime is on the rise, and our cyber security infrastructure desperately needs to keep up. A quick look at the data from the last year confirms that cyber crime is a growing threat. Identity theft doubled in 2020 over 2019.
https://www.newsweek.com/cybercrime-never-sleeps-opinion-1603901
IT, Healthcare And Manufacturing Facing Most Phishing Attacks
Researchers examined more than 905 million emails for the H1 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. Researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked.
https://www.zdnet.com/article/it-healthcare-and-manufacturing-facing-most-phishing-attacks-report/
Classified Ministry Of Defence Documents Found At Bus Stop
Classified Ministry of Defence documents containing details about HMS Defender and the British military have been found at a bus stop in Kent. One set of documents discusses the likely Russian reaction to the ship's passage through Ukrainian waters off the Crimea coast on Wednesday. Another details plans for a possible UK military presence in Afghanistan after the US-led NATO operation there ends. The government said an investigation had been launched.
Cabinet Office Increases Cyber Security Training Budget By Almost 500%
The UK’s Cabinet Office increased its cyber security training budget to £274,142.85 in the fiscal year 2021 – a 483% increase from the £47,018 spent in the previous year. In its FOI response, the Cabinet Office detailed the cyber security courses attended by its staff, revealing that the number of booked courses grew from 35 in 2019-20 to 428 in the current fiscal year.
Threats
Ransomware
Increase In Ransomware Attacks ‘Absolutely Aligns’ With Rise Of Crypto, FireEye CEO Says
Ransomware Gangs Now Creating Websites To Recruit Affiliates
New Ransomware Highlights Widespread Adoption Of Golang Language By Cyber Attackers
This Major Ransomware Attack Was Foiled At The Last Minute. Here's How They Spotted It
Using VMs To Hide Ransomware Attacks Is Becoming More Popular
Phishing
Malware
Microsoft Admits To Signing Rootkit Malware In Supply-Chain Fiasco
The 'ChaChi' Trojan Is Helping A Ransomware Gang Target Schools
Mobile
IoT
Data Breaches
Organised Crime & Criminal Actors
Cryptocurrency/Cryptojacking
OT, ICS, IIoT and SCADA
Nation State Actors
Russian Hackers Had Months-Long Access To Denmark's Central Bank
Russian Hackers Are Trying To Brute-Force Hundreds Of Networks
US And UK Agencies Accuse Russia Of Political Cyber Campaign
Cloud
Privacy
Vulnerabilities
Microsoft Finds Netgear Router Bugs Enabling Corporate Breaches
Exploitable Critical RCE Vulnerability Allows Regular Users To Fully Compromise Active Directory
Critical VMware Carbon Black Bug Allows Authentication Bypass
My Book Live Users Wake Up To Wiped Devices, Active RCE Attacks
Flaws In FortiWeb WAF Expose Fortinet Devices To Remote Hack
Hackers Exploited 0-Day, Not 2018 Bug, To Mass-Wipe My Book Live Devices
A Second Exploit Has Emerged In The Sad WD My Book Live Data Deletion Saga
Microsoft Adds Second CVE For PrintNightmare Remote Code Execution
Zyxel Says A Threat Actor Is Targeting Its Enterprise Firewall And VPN Devices
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.