Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 14 January 2022
Black Arrow Cyber Threat Briefing 14 January 2022
-Businesses Suffered 50% More Cyber Attack Attempts per Week in 2021
-Cyber Attacks Against MSPs Jump 67%
-SMEs Still An Easy Target For Cyber Criminals
-World Economic Forum: Cyber Security Failures an Increasing Global Threat
-Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
-Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks
-North Korea Hackers Stole $400m Of Cryptocurrency In 2021, Report Says
-No Lights, No Heat, No Money - That's Life In Ukraine During Cyber Warfare
-Ukrainian Police Arrest Five Members Of Ransomware Affiliate
-Fingers Point To Lazarus, Cobalt, Fin7 As Key Hacking Groups Attacking Finance Industry
-Ransomware, Supply Chain, And Deepfakes: The Top Threats The Finance Industry Needs To Prepare For
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Businesses Suffered 50% More Cyber Attack Attempts per Week in 2021
Cyberattack attempts reached an all-time high in the fourth quarter of 2021, jumping to 925 a week per organisation, partly due to attempts stemming from the Log4j vulnerability, according to new data.
Check Point Research on Monday reported that it found 50% more attack attempts per week on corporate networks globally in calendar year 2021 compared with 2020.
The researchers define a cyberattack attempt as a single isolated cyber occurrence that could be at any point in the attack chain — scanning/exploiting vulnerabilities, sending phishing emails, malicious website access, malicious file downloads (from Web/email), second-stage downloads, and command-and-control communications.
Cyber Attacks Against MSPs Jump 67%
Cyber attacks spiked by 50 percent in 2021 as compared to 2020, aided by millions of attacks in December by hackers attempting to exploit the Log4J vulnerability, according to a Check Point Software Technologies research report.
In terming 2021 a “record breaking year,” the security provider pointed to a worldwide peak of 925 cyber attacks per organisation weekly and an October 2021 measure that showed a 40 percent increase in cyberattacks, with one out of every 61 entities hit by ransomware each week. The number of cyberattacks on managed service providers (MSPs) and internet service providers (ISPs) rose by nearly 70 percent year over year.
https://www.msspalert.com/cybersecurity-news/cyberattacks-vs-msps-skyrocket/
SMEs Still An Easy Target For Cyber Criminals
Cyber crime continues to be a major concern, with 51% of SMEs experiencing a cyber security breach, a Markel Direct survey reveals.
In this survey that polled 1000 respondents, Markel Direct explored the issue of cybercrime and its impact on the self-employed and SMEs. The survey found the most common cybersecurity attacks were malware/virus related (24%) followed by a data breach (16%) and phishing attack (15%), with 68% reporting the cost of their breach was up to £5,000.
This comes after the latest Quarterly Fraud and Cyber Crime Report revealed that Britons lost over £1 billion in the first six months of 2021, due to the considerable increase in fraudulent activity.
https://www.helpnetsecurity.com/2022/01/12/smes-cybersecurity-breach/
World Economic Forum: Cyber Security Failures an Increasing Global Threat
Cybersecurity was once again identified as a major short and medium-term threat to the world in this year’s World Economic Forum’s (WEF’s) The Global Risk Report. The analysis was based on insights from nearly 1000 global experts and leaders who responded to the WEF’s Global Risks Perception Survey (GRPS).
Perhaps unsurprisingly, environmental issues like climate action failure and extreme weather ranked highest on the risks facing the world over the short (0-2 years), medium (2-5 years) and long-term (5-10 years). In addition, a number of challenges exacerbated by the pandemic, such as livelihood crises, infectious diseases and mental health deterioration, also scored highly. Overall, this added up to a pessimistic assessment, with 84.2% of respondents stating they were either “worried” or “concerned” about the global outlook.
Digital challenges, such as “cyber security failures,” were also viewed as a significant and growing problem to the world. Nearly one in five (19.5%) respondents believe cybersecurity failures will be a critical threat to the world in just the next 0-2 years, and 14.6% said it would be in 2-5 years
https://www.infosecurity-magazine.com/news/world-economic-forum-cybersecurity/
Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
Microsoft started 2022 with a large January Patch Tuesday update covering nine critical CVEs, including a self-propagator with a 9.8 CVSS score.
Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days.
The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP).
https://threatpost.com/microsoft-wormable-critical-rce-bug-zero-day/177564/
Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks
In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations.
The surprise takedown, which it said was carried out at the request of the US authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organised cyber crime syndicate.
"In order to implement the criminal plan, these persons developed malicious software, organised the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet," the FSB said in a statement.
In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means.
https://thehackernews.com/2022/01/russia-arrests-revil-ransomware-gang.html
North Korea Hackers Stole $400m Of Cryptocurrency In 2021, Report Says
North Korean hackers stole almost $400m (£291m) worth of digital assets in at least seven attacks on cryptocurrency platforms last year, a report claims.
Blockchain analysis company Chainalysis said it was one of most successful years on record for cyber-criminals in the closed east Asian state.
The attacks mainly targeted investment firms and centralised exchanges.
North Korea has routinely denied being involved in hack attacks attributed to them.
"From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," Chainalysis said in a report.
https://www.bbc.co.uk/news/business-59990477
No Lights, No Heat, No Money - That's Life In Ukraine During Cyber Warfare
Hackers who defaced and interrupted access to numerous Ukrainian government websites on Friday could be setting the stage for more serious cyberattacks that would disrupt the lives of ordinary Ukrainians, experts said.
"As tensions grow, we can expect more aggressive cyber activity in Ukraine and potentially elsewhere," said John Hultquist, an intelligence analyst at US cyber security company Mandiant, possibly including "destructive attacks that target critical infrastructure."
"Organisations need to begin preparing," Hultquist added.
Intrusions by hackers on hospitals, power utility companies, and the financial system were until recently rare. But organised cyber criminals, many of them living in Russia, have gone after institutions aggressively in the past two years with ransomware, freezing data and computerized equipment needed to care for hospital patients.
In some cases, those extortion attacks have led to patient deaths, according to litigation, media reports and medical professionals.
Ukrainian Police Arrest Five Members Of Ransomware Affiliate
Ukrainian police announced the arrest of five members of a ransomware affiliate on Thursday, noting that the group was behind attacks on more than 50 companies across Europe and the US.
In a statement, both the Ukrainian Security Service and Ukrainian Cyber Police said the group made at least $1 million through their attacks on the companies.
US and UK law enforcement officials worked with Ukrainian officials on the operation.
Officials said the leader of the group was a 36-year-old who worked with his wife and three other people out of Kyiv. The five are facing a variety of charges in Ukraine related to money laundering, hacking, and selling malware.
One of the people charged is wanted by law enforcement agencies in UK after "using a virus to obtain bank card details of the customers of British banks," according to the police statement.
The bank card details were used to buy things online that were then resold.
https://www.zdnet.com/article/ukrainian-police-arrest-members-of-ransomware-affiliate/
Fingers Point To Lazarus, Cobalt, Fin7 As Key Hacking Groups Attacking Finance Industry
The Lazarus, Cobalt, and FIN7 hacking groups have been labeled as the most prevalent threat actors striking financial organisations today.
According to "Follow the Money," a new report (.PDF) published on the financial sector by Outpost24's Blueliv on Thursday, members of these groups are the major culprits of theft and fraud in the industry today.
The financial sector has always been, and possibly always will be, a key target for cybercriminal groups. Organisations in this area are often custodians of sensitive personally identifiable information (PII) belonging to customers and clients, financial accounts, and cash.
They also often underpin the economy: if a payment processor or bank's systems go down due to malware, this can cause irreparable harm not only to the victim company in question, but this can also have severe financial and operational consequences for customers.
Ransomware, Supply Chain, And Deepfakes: The Top Threats The Finance Industry Needs To Prepare For
The finance industry is constantly targeted by numerous threat actors, and they are always innovating and trying new techniques (such as deepfakes) to outsmart security teams and breach an organisation’s network.
In addition to that, there is currently a huge demand for data and new tools on the dark web. In fact, users are selling access to point-of-sale (PoS) terminals and login details to the websites of financial services organisations all the time.
How can financial organisations protect themselves from existing threats and combat new ones at the same time?
https://www.helpnetsecurity.com/2022/01/12/finance-industry-threats/
Threats
Ransomware
Night Sky Ransomware Is Attacking Corporate Networks For 800k Ransom - The Cybersecurity Times
One Of The REvil Members Arrested Was Behind Colonial Pipeline Attack - Security Affairs
Ransomware Is Being Rewritten In Go For Joint Attacks On Windows, Linux Users | IT PRO
Watch Out, That Microsoft Edge Update Is Actually Ransomware | TechRadar
Qlocker Ransomware Returns To Target QNAP NAS Devices Worldwide (bleepingcomputer.com)
Trends That Shaped Ransomware – And Why It’s Not Slowing Down - CyberScoop
Phishing
Check Your SPF Records: Wide IP Ranges Undo Email Security And Make For Tasty Phishes | ZDNet
Phishers Are Targeting Office 365 Users By Exploiting Adobe Cloud - Help Net Security
Real Big Phish: Mobile Phishing & Managing User Fallibility | Threatpost
Malware
Microsoft Defender Weakness Lets Hackers Bypass Malware Detection (bleepingcomputer.com)
New RedLine Malware Version Spread As Fake Omicron Stat Counter (bleepingcomputer.com)
‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS | Threatpost
FluBot Malware Continues To Evolve. What's New In Ver 5.0 And Beyond? Security Affairs
Oops: Cyberspies Infect Themselves With Their Own Malware (bleepingcomputer.com)
Mobile
Android Users Can Now Disable 2G to Block Stingray Attacks (bleepingcomputer.com)
EFF Praises Android’s New 2G Kill Switch, Wants Apple To Follow Suit | Ars Technica
How To Protect Yourself Against Sim-Swapping Scams With Mobile Phone Fraud On The Rise (inews.co.uk)
IoT
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Abcbot Botnet Is Linked To Xanthe Cryptojacking Group | ZDNet
North Korean Hackers Impersonate Major Crypto Investment Firm to Scam Startups (vice.com)
Insider Risk and Insider Threats
Data Security In The Age Of Insider Threats: A Primer - Help Net Security
Former DHS Official Charged With Stealing Govt Employees' PII (bleepingcomputer.com)
Forensics Expert Kept Murder Snaps on PC - Infosecurity Magazine
Fraud, Scams & Financial Crime
DoS/DDoS
Extortion DDoS Attacks Grow Stronger And More Common (Bleepingcomputer.Com)
DDoS Attacks That Come Combined With Extortion Demands Are On The Rise | ZDNet
CNI, OT, ICS, IIoT and SCADA
Manufacturers Are Starting To Realize The Importance Of OT Security - Help Net Security
FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure (thehackernews.com)
Critical Infrastructure Falls Short on Ransomware Readiness, Mitigation, Recovery - MSSP Alert
Nation State Actors
Ukraine Hacks Add to Worries of Cyber Conflict With Russia | SecurityWeek.Com
Destructive Malware Targeting Ukrainian Organisations - Microsoft Security Blog
US Olympic Athletes Urged to Leave Phones Behind (gizmodo.com)
Russian Submarines Threatening Undersea Cables, UK Defence Chief Warns - Security Affairs
Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor (thehackernews.com)
US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence (thehackernews.com)
Cloud
Passwords & Credential Stuffing
Parental Controls and Child Safety
Vulnerabilities
Threat Actors Can Bypass Malware Detection Due To Microsoft Defender Weakness - Security Affairs
noPac Exploit: Microsoft AD Flaw May Lead to Total Domain Compromise | CrowdStrike
Adobe Fixes 4 Critical Reader Bugs That Were Demonstrated At Tianfu Cup - Security Affairs
WordPress 5.8.3 Security Update Fixes SQL Injection, XSS Flaws (bleepingcomputer.com)
WordPress Bugs Exploded in 2021, Most Exploitable | Threatpost
Sonicwall SMA 100 VPN Box Security Hole Exploit Info Shared • The Register
Cisco Patches Critical Vulnerability in Contact Center Products | SecurityWeek.Com
Millions of Routers Exposed to RCE by USB Kernel Bug | Threatpost
Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws | SecurityWeek.Com
Sector Specific
Financial Services Sector
SMBs – Small and Medium Businesses
Reports Published in the Last Week
Other News
Hackers Penetrate 93% of Local Company Networks, Cyber Simulation Finds - MSSP Alert
URL Parsing: A Ticking Time Bomb Of Security Exploits - TechRepublic
Europol Told to Delete Vast Trove of Personal Information - Infosecurity Magazine
The Race Towards Renewable Energy Is Creating New Cyber Security Risks | ZDNet
What Is Clipboard Hijacking? How to Avoid Becoming a Victim (makeuseof.com)
White House Reminds Tech Giants Open Source Is A National Security Issue (bleepingcomputer.com)
Want To Improve Corporate Security? Prioritize Personal Security | ZDNet
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23 July 2021
Black Arrow Cyber Threat Briefing 23 July 2021: 40% Fell Victim To A Phishing Attack In The Past Month; Traditional Ransomware Defences Are Failing Businesses; The Number Of Employees Going Around IT Security May Surprise You; 740 Ransomware Victims Named On Data Leak Sites In Q2 2021; A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats; Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack; UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack; Even after Emotet takedown, Office docs deliver 43% of all malware downloads now; Gun owners' fears after firearms dealer data breach
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
40% Fell Victim To A Phishing Attack In The Past Month
The global shift to remote work has exacerbated the onslaught, sophistication, and impact of phishing attacks, according to Ivanti. Nearly three-quarters (74%) of respondents said their organisations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month.
Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85% said those attempts are getting more sophisticated. In fact, 73% of respondents said that their IT staff had been targeted by phishing attempts, and 47% of those attempts were successful.
Smishing and vishing scams are the latest variants to gain traction and target mobile users. According to recent research by Aberdeen, attackers have a higher success rate on mobile endpoints than on servers – a pattern that is trending dramatically worse. Meanwhile, the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M.
https://www.helpnetsecurity.com/2021/07/23/risk-phishing-attacks/
Traditional Ransomware Defences Are Failing Businesses
Traditional cyber security strategies are failing to protect organisations from ransomware attacks, new research suggests. Based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defences set up at the time of the attack. However, attack methods have grown too sophisticated for traditional security measures to keep up. Many attacks (24 percent) still start with a successful phishing attempt, while almost a third (31 percent) see attacker enter the network through public cloud.
https://www.itproportal.com/news/traditional-ransomware-defenses-are-failing-businesses/
Cyber Security Risk: The Number Of Employees Going Around IT Security May Surprise You
Last month, a report was published highlighting challenges associated with enabling IT freedoms while ensuring tight security procedures. The findings detail a complex balancing act between IT teams and network users. Calibrating this equilibrium is particularly challenging in the age of remote work as employees log on and virtually collaborate via a host of digital solutions. Overall, the survey found that virtually all employees (93%) "are working around IT restrictions," and a mere 7% said they were "satisfied with their corporate IT restrictions." Interestingly, this information about IT workarounds does not match security leaders' and IT expectations.
740 ransomware victims named on data leak sites in Q2 2021: report
More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cyber security firm Digital Shadows.
Out of the almost 2,600 victims listed on ransomware data leak sites, 740 of them were named in Q2 2021, representing a 47% increase compared to Q1.
https://www.zdnet.com/article/740-ransomware-victims-named-on-data-leak-sites-in-q2-2021-report/
A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats
For decades, the cyber security industry has followed a defense-in-depth strategy, which allowed organisations to designate the battlefield against bad actors at their edge firewall. Nowadays, cyber criminals have become as creative as ever. New cyber threats are emerging every day, and with the constantly increasing rate of Ransomware, Phishing, etc. We’re forced to take a more dynamic approach when tackling these cyber threats on a day to day basis. Recent statistics demonstrate the scale of the cyber security issues faced by companies. In 2020, malware attacks increased by 358% and ransomware increased by 435%, and the average cost of recovering from a ransomware attack has doubled in the last 12 months, reaching almost $2 million in 2021.
https://www.helpnetsecurity.com/2021/07/13/dynamic-approach-cybersecurity-threats/
Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack
Campbell Conroy & O'Neil, P.C., a law firm handling hundreds of cases for the world's leading companies, has announced a large data breach that resulted from a ransomware attack in February. In a statement, the law firm said it noticed unusual activity on its network on February 27. The firm later realized it was being hit with a ransomware attack and contacted the FBI as well as cyber security companies for help.
UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack
The Government was hinting yet again at covertly using Britain’s own offensive cyber capabilities – hitting back at cyber attacks with cyber attacks of our own. This approach goes all the way back to 2013, when then defence secretary told the Conservative Party conference that the UK would “build a dedicated capability to counter-attack in cyber space and, if necessary, to strike in cyber space”.
Even after Emotet takedown, Office docs deliver 43% of all malware downloads now
Malware delivered over the cloud increased by 68% in Q2, according to data from cyber security firm Netskope.
The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter.
The report noted that cloud storage apps account for more than 66% of cloud malware delivery.
"In Q2 2021, 43% of all malware downloads were malicious Office docs, compared to just 20% at the beginning of 2020. This increase comes even after the Emotet takedown, indicating that other groups observed the success of the Emotet crew and have adopted similar techniques," the report said.
Gun Owners' Fears After Firearms Dealer Data Breach
Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a "security breach".
Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner's Office.
Police, including the National Crime Agency, are investigating.
One affected gun owner said he was afraid the breach could lead to his family being targeted by criminals.
Gun ownership is tightly controlled in the UK, making guns difficult to acquire, and potentially valuable on the black market.
The individual, who did not wish to be named, told the BBC the breach "seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger".
Threats
Ransomware
BEC
Phishing
Malware
Leaked NSO Group Data Hints At Widespread Pegasus Spyware Infections
This New Malware Hides Itself Among Windows Defender Exclusions To Evade Detection
MacBook Users Beware! Hackers Are Buying $49 Malware To Wreak Havoc On MacOS
New MosaicLoader Malware Targets Software Pirates Via Online Ads
CISA Warns Of Stealthy Malware Found On Hacked Pulse Secure Devices
This Password-Stealing Windows Malware Is Distributed Via Ads In Search Results
Mobile
Vulnerabilities
Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability
16-Year-Old Security Bug Affects Millions Of HP, Samsung, Xerox Printers
Fortinet Fixes Bug Letting Unauthenticated Hackers Run Code As Root
Windows 10 Vulnerability Lets Anyone Get Administrator Privileges
Researchers Discover Security Flaws In Telegram Encryption Protocol
Microsoft Shares Workaround For Windows 10 SeriousSAM Vulnerability
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
Data Breaches
Organised Crime & Criminal Actors
Supply Chain
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
UK And Allies Hold Chinese State Responsible For Pervasive Pattern Of Hacking
Chinese Hacking Group APT31 Uses Mesh Of Home Routers To Disguise Attacks
France Warns Of APT31 Cyber Spies Targeting French Organisations
APT Hackers Distributed Android Trojan Via Syrian E-Government Portal
Cloud
Privacy
Other News
Application Security Tools Ineffective Against New And Growing Threats
Pegasus: What Is The Israeli Spyware And How Can You Tell If It’s On Your Phone?
DHS Releases New Mandatory Cyber Security Rules For Pipelines After Colonial Ransomware Attack
1 in 5 companies fail PCI compliance assessments of their infrastructure
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.