Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 08 July 2022
Black Arrow Cyber Threat Briefing 08 July 2022:
-Businesses Urged Not To Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts
-People Are the Primary Attack Vector Around the World
-Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams
-54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)
-New Cyber Threat Emerges from the Inside, Research Report Finds
-Ransomware: Why it's still a big threat, and where the gangs are going next
-NCSC: Prepare for Protected Period of Heightened Cyber-Risk
-69% Of Employees Need to Deal With More Security Measures In A Hybrid Work Environment
-FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying
-As Cyber Criminals Recycle Ransomware, They're Getting Faster
-UK Military Investigates Hacks on Army Social Media Accounts
-APT Campaign Targeting SOHO Routers Highlights Risks to Remote Workers
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Businesses Urged Not to Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts
While there have been arguments made for criminalising the payment of ransoms, it poses a number of additional risks such as providing the criminals with an additional factor they could use to extort their victims.
Businesses are being urged not to pay cyber extortionists as authorities say they are seeing evidence of a rise in ransomware payments.
In a joint letter to the Law Society, the National Cyber Security Centre (NCSC) and the Information Commissioner's Office are warning solicitors who may have been advising their clients to pay.
It follows warnings earlier this year by cyber security experts from the UK, US, and Australia of a "growing wave of increasingly sophisticated ransomware attacks" which could have "devastating consequences".
The joint letter states that while ransomware payments are "not unusually unlawful" those who pay them "should be mindful of how relevant sanctions regimes (particularly those related to Russia)" when considering making the payment.
The US sanctioned in December 2019 any financial dealings with a Russian cyber crime group that was accused of working with Russian intelligence to steal classified government documents.
Despite the spillover from the Russian war in Ukraine - in one case knocking 5,800 wind turbines in Germany offline - the NCSC says it has not detected any increase in hostile activity targeting Britain during the conflict.
Businesses however had been warned that there is a heightened threat level when it comes to cyber attacks due to the conflict which is likely to be here "for the long-haul".
People Are the Primary Attack Vector Around the World
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber secure workforce and an engaged security culture.
People have become the primary attack vector for cyber-attackers around the world. Humans, rather than technology, represent the greatest risk to organisations and the professionals who oversee security awareness programs are the key to effectively managing that risk.
Awareness programs enable security teams to effectively manage their human risk by changing how people think about cyber security and help them exhibit secure behaviours, from the Board of Directors on down.
Effective and mature security awareness programs not only change their workforce’s behaviour and culture but also measure and demonstrate their value to leadership via a metrics framework. Organisations can no longer justify an annual training to tick the compliance box, and it remains critical for organisations to dedicate enough personnel, resources, and tools to manage their human risk effectively.
https://www.helpnetsecurity.com/2022/07/05/people-primary-attack-vector/
Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails.
Avoiding a costly social engineering attack often requires employees to spot suspicious emails before threat actors request sensitive information or access.
Cofense Intelligence published new research Thursday that showed most business email compromise (BEC) scams can be thwarted in their initial stages when the attackers are not asking for money or a transfer of funds. The cyber security vendor analysed hundreds of BEC emails sent to customers during March and April, and engaged with the threat actors in approximately half the cases.
The company found that only 36% of attackers looking to conduct fraud attacks opened with a cordial greeting and request for cash, gift cards or confidential payment information. Most BEC scams, Cofense found, attempt to slowly build up trust over the course of multiple email exchanges with the target and ingratiate them with common phrases like "sorry to bother you."
Once they realise they can get money out of you, they will do everything they can to drain you dry. For many of the scammers, this becomes a literal hustle, where they will quickly pivot to other cash-out methods. Just because something starts as a wire transfer doesn't mean they won't ask you to send cryptocurrency, gift cards, a cheque, or use your personal Venmo or PayPal to wire them money.
54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)
SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business Multi-Factor Authentication (MFA) Study released by the Cyber Readiness Institute (CRI).
Services that enforce MFA require users to present more than one piece of evidence whenever they log in to a business account (e.g., company email, payroll, human resources, etc.).
MFA has been in use for decades and is widely recommended by cyber security experts, yet 55% of SMBs surveyed are not “very aware” of MFA and its security benefits, and 54% do not use it for their business. Of the businesses that have not implemented MFA, 47% noted they either didn’t understand MFA or didn’t see its value. In addition, nearly 60% of small business and medium-sized owners have not discussed MFA with their employees.
Nearly all account compromise attacks can be stopped outright, just by using MFA. It’s a proven, effective way to thwart bad actors.
Of the companies that have implemented some form of MFA, many still seem to have done so haphazardly. Only 39% of those who offer MFA have a process for prioritising critical hardware, software, and data, with 49% merely “encouraging the use of MFA when it is available.”
https://www.helpnetsecurity.com/2022/07/08/smb-implement-mfa/
New Cyber Threat Emerges from the Inside, Research Report Finds
In its 2022 Insider Risk Intelligence & Research Report, DTEX Systems, a workforce cyber intelligence and security company, identifies a new cyber threat: the “Super Malicious Insider.”
Just what is a Super Malicious Insider and where does it come from? Well, it comes from inside your own organisation or someone who recently worked for you — a threat actor who may be truly of your own making.
“It was the year (2021) we all came to realise the Work-from-Anywhere (WFA) movement was here to stay,” DTEX reports. “For security and risk professionals, this hastened the end of corporate perimeter-centric security, and a requirement to protect hundreds of thousands of ‘remote offices’ outside of traditional corporate controls. To make matters worse, a measurable increase in employee attrition toward the end of 2021 created the perfect storm for insider threats.”
So, if your organisation didn’t observe a proportional increase in attempted or actual data loss, then you were likely not looking, DTEX asserts.
Critically your insiders know your vulnerabilities and can exploit them, for example, when an employee quits to join a competitor, it is often tempting to take proprietary information with them. This can include customer lists, product plans, financial data and other intellectual property.
The Super Malicious Insider is better able to hide their activities, obfuscate data and exfiltrate sensitive information without detection. Importantly, in numerous insider incidents reviewed in 2021, the Super Malicious Insider had made significant efforts to appear normal by not straying outside of their day-to-day routine, DTEX reports.
Here are some key statistics from the report:
Industrial espionage is at an all-time high. In 2021, 72% of respondents saw an increase in actionable insider threat incidents. IP or data theft led the list at 42% of incidents, followed by unauthorised or accidental disclosure (23%), sabotage (19%), fraud (%) and other (7%). In fact, 42% of all DTEX i3 investigations involved theft of IP or customer data.
The technology industry (38%), followed by pharma/life sciences (21%), accounted for the most IP theft incidents. In addition, technology (33%) had the most super malicious incidents, followed by critical infrastructure (24%) and government (11%).
Investigations that led to criminal prosecution occurred within someone’s home 75% of the time. More telling, 32% of malicious incident incidents included sophisticated insider techniques.
Ransomware: Why It's Still A Big Threat, And Where The Gangs Are Going Next
Ransomware attacks are still lucrative for cyber criminals because victims pay ransoms - and the threat is still evolving.
Ransomware has been a cyber security issue for a long time, but last year it went mainstream. Security threats like malware, ransomware and hacking gangs are always evolving.
Major ransomware attacks like those on Colonial Pipeline, the Irish Healthcare Executive and many others demonstrated how significant the problem had become as cyber attacks disrupted people's lives.
What was once a small cyber-criminal industry based around encrypting files on personal computers and demanding a ransom of a few hundred dollars for a decryption key had evolved into a massive ecosystem designed around holding critical services and infrastructure to ransom - and making extortion demands of millions of dollars.
No wonder Lindy Cameron, head of the UK's National Cyber Security Centre (NCSC), has described ransomware as "the biggest global cyber threat".
Ransomware is continually evolving, with new variants appearing, new ransomware groups emerging, and new techniques and tactics designed to make the most money from attacks.
And as the recent Conti ransomware leaks showed, the most successful ransomware gangs are organised as if they were any other group of software developers.
They are really acting like a business. Aside from the fact they're not legitimately registered, they really are. They're functioning like a real business and sometimes the number of people within these organisations is bigger than some startups. They have shown a lot of resilience and a lot of agility in adapting to what's new.
NCSC: Prepare for Protracted Period of Heightened Cyber Risk
The UK’s leading cyber security agency has urged organisations to follow best practices and take care of their infosecurity staff in order to weather an extended period of elevated cyber risk due to the ongoing war in Ukraine.
The National Cyber Security Centre (NCSC) guide, Maintaining A Sustainable Strengthened Cyber Security Posture, comes on the back of warnings that organisations must “prepare for the long haul” as the conflict enters its fifth month.
Alongside basic hygiene controls, the strengthening of cyber-resilience and revisiting of risk-based decisions made in the earlier acute phase of the war, organisations should pay special attention to their security staff, the NCSC said.
“Increased workloads for cyber security staff over an extended period can harm their wellbeing and lead to lower productivity, with a potential rise in unsafe behaviours or errors,” it said.
With this in mind, the guide highlighted several steps IT security managers should consider:
Empower staff to make decisions in order to improve agility and free-up leaders to focus on medium-term priorities
Spread workloads evenly across a wider pool of staff to reduce the risk of burnout and enable less experienced employees to benefit from development opportunities
Provide opportunities for staff to recharge through more frequent breaks and time away from the office, as well as work on less pressured tasks
Look after each other by watching for signs that colleagues are struggling and ensuring they always have the right resources to hand
Engage the entire workforce with the right internal communications processes, and support so that all staff are able to identify and report suspicious behaviour
https://www.infosecurity-magazine.com/news/ncsc-prepare-cyber-risk/
69% Of Employees Need to Deal with More Security Measures In A Hybrid Work Environment
Security firm Ivanti worked with global digital transformation experts and surveyed 10,000 office workers, IT professionals, and the C-Suite to evaluate the level of prioritisation and adoption of digital employee experience in organisations and how it shapes the daily working experiences for employees. The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe that the way they interact with technology directly impacts morale.
One of the biggest challenges facing IT leaders today is the need to enable a seamless end user experience while maintaining robust security. The challenge becomes more complex when there is pressure from the top to bypass security measures, with 49% of C-level executives reporting they have requested to bypass one or more security measures in the last year.
Maintaining a secure environment and focusing on the digital employee experience are two inseparable elements of any digital transformation. In the war for talent a key differentiator for organisations is providing an exceptional and secure digital experience. Ivanti, a cyber security software provider, says “We believe that organisations not prioritising how their employees experience technology is a contributing factor for the Great Resignation”.
https://www.helpnetsecurity.com/2022/07/04/security-measures-hybrid-work-environment/
FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying
The head of the FBI and the leader of Britain’s domestic intelligence agency have delivered an unprecedented joint address, raising fresh alarm about the Chinese government, warning business leaders that Beijing is determined to steal their technology for competitive gain.
In a speech at MI5’s London headquarters intended as a show of western solidarity, Christopher Wray, the FBI director, stood alongside the MI5 director general, Ken McCallum. Wray reaffirmed longstanding concerns about economic espionage and hacking operations by China, as well as the Chinese government’s efforts to stifle dissent abroad.
“We consistently see that it’s the Chinese government that poses the biggest long-term threat to our economic and national security, and by ‘our’, I mean both of our nations, along with our allies in Europe and elsewhere,” Wray said.
He told the audience the Chinese government was “set on stealing your technology, whatever it is that makes your industry tick, and using it to undercut your business and dominate your market”.
Ken McCallum said MI5 was running seven times as many investigations into China as it had been four years ago and planned to “grow as much again” to tackle the widespread attempts at inference which pervade “so many aspects of our national life”.
https://www.theguardian.com/world/2022/jul/06/fbi-mi5-china-spying-cyberattacks-business-economy
As Cyber Criminals Recycle Ransomware, They're Getting Faster
Like history, ransomware repeats itself. Researchers recently encountered a new variant of a ransomware campaign and observed that it has been improving itself by reusing code from publicly available sources.
Nokoyawa is a new ransomware for Windows that first appeared at the beginning of this year. The first samples found by researchers were gathered in February 2022 and contain significant coding similarities with other older ransomware strains, some going back to 2019.
These new variants had been improving themselves by reusing code from publicly available sources. The April 2022 samples include three new features that increase the number of files that Nokoyawa can encrypt. These features already existed in recent ransomware families, and their addition just indicates that Nokoyawa developers are trying to match pace with other operators in terms of technological capability.
https://www.securityweek.com/cybercriminals-recycle-ransomware-theyre-getting-faster
UK Military Investigates Hacks on Army Social Media Accounts
British military authorities are trying to find out who hacked the army’s social media accounts over the weekend, flooding them with cryptocurrency videos and posts related to collectible electronic art.
The investigation was launched after authorised content on the army’s YouTube account was replaced with a video feed promoting cryptocurrencies that included images of billionaire Elon Musk. The Army’s Twitter account retweeted a number of posts about non-fungible tokens, unique digital images that can be bought and sold but have no physical counterpart.
“Apologies for the temporary interruption to our feed,” the Army said in a tweet posted after the Twitter account was restored on Sunday. “We will conduct a full investigation and learn from this incident. Thanks for following us, and normal service will now resume.”
The Ministry of Defence said late Sunday that both breaches had been “resolved.”
While internet users were unable to access the Army’s YouTube site on Monday, a spokesperson said the site was down for standard maintenance. The Twitter feed was operating normally.
Although U.K. officials have previously raised concerns about state-sponsored Russian hacking, the military did not speculate on who was responsible for Sunday’s breaches.
“The Army takes information security extremely seriously, and until their investigation is complete it would be inappropriate to comment further,” the Ministry of Defence said.
https://www.securityweek.com/uk-military-investigates-hacks-army-social-media-accounts
Campaign Targeting SOHO Routers Highlights Risks to Remote Workers
A targeted attack campaign has been compromising small office/home office (SOHO) routers since late 2020, with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself.
"The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defence-in-depth protections by targeting the weakest points of the new network perimeter - devices that are routinely purchased by consumers but rarely monitored or patched - small office/home office (SOHO) routers," researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.
Threats
Ransomware
Lawyers Urged to Stop Advising Clients to Pay Ransomware Demands - Infosecurity Magazine
Ransomware in 2022: Evolving threats, slow progress (techtarget.com)
AstraLocker ransomware closes doors to pursue cryptojacking • The Register
Ransomware gangs are feeling the crypto winter's impact | TechSpot
LockBit explained: How it has become the most popular ransomware | CSO Online
Hive ransomware gang turns to Rust, more complex encryption • The Register
New RedAlert Ransomware targets Windows, Linux VMware ESXi servers (bleepingcomputer.com)
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)
North Korean ransomware dubbed Maui active since May 2021 • The Register
Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method (thehackernews.com)
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)
New 'HavanaCrypt' Ransomware Distributed as Fake Google Software Update | SecurityWeek.Com
As New Clues Emerges, Experts Wonder: Is REvil Back? (thehackernews.com)
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)
New 0mega ransomware targets businesses in double-extortion attacks (bleepingcomputer.com)
Evolution of the LockBit Ransomware operation relies on new techniques - Security Affairs
AstraLocker ransomware shuts down and releases decryptors (bleepingcomputer.com)
QNAP warns of new Checkmate ransomware targeting NAS devices (bleepingcomputer.com)
Quantum ransomware attack affects 657 healthcare orgs (bleepingcomputer.com)
How Conti ransomware group crippled Costa Rica — then fell apart | Financial Times (ft.com)
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)
EternalBlue 5 years after WannaCry and NotPetya - SANS Internet Storm Center
Phishing & Email Based Attacks
Malware
Hackers Exploiting Follina Bug to Deploy Rozena Backdoor (thehackernews.com)
Dangerous new malware dances past more than 50 antivirus services | TechRadar
Raspberry Robin campaign leverages compromised QNAP devicesSecurity Affairs
Malware knocks IT services vendor SHI offline • The Register
Near-undetectable malware linked to Russia's Cozy Bear • The Register
New stealthy OrBit malware steals data from Linux devices (bleepingcomputer.com)
Hackers are using YouTube videos to trick people into installing malware | TechRadar
Mobile
This WhatsApp scam promises big, but just sends you into a spiral | ZDNet
Android malware subscribes you to premium services without you knowing - GSMArena.com news
Free smartphone stalkerware detection tool gets dedicated hub (bleepingcomputer.com)
Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)
Internet of Things – IoT
Data Breaches/Leaks
Marriott Data Breach Exposes PII, Credit Cards (darkreading.com)
Aon Hack Exposed Sensitive Information of 146,000 Customers - Infosecurity Magazine
Hackers Claim to Have Stolen Police Data in China’s Largest Cyber Security Breach - Bloomberg
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ransomware gangs are feeling the crypto winter's impact | TechSpot
AstraLocker ransomware closes doors to pursue cryptojacking • The Register
Hackers are using YouTube videos to trick people into installing malware | TechRadar
PennyWise crypto-stealing malware spreads through YouTube (cointelegraph.com)
US urges Japan to step up pressure on crypto miners with links to Russia | Financial Times (ft.com)
Large-scale cryptomining campaign is targeting the NPM repositorySecurity Affairs
ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru
Insider Risk and Insider Threats
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost
HackerOne incident raises concerns for insider threats (techtarget.com)
Fraud, Scams & Financial Crime
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru
What Do All of Those Cloud Cyber Security Acronyms Mean? (darkreading.com)
Identity and Access Management
Asset Management
Encryption
Encryption is high up on corporate priority lists - Help Net Security
Quantum-resistant encryption recommended for standardization • The Register
The threat of quantum computing to sensitive data - Help Net Security
Inside NIST's 4 Crypto Algorithms for a Post-Quantum World (darkreading.com)
End-to-end encryption’s central role in modern self-defence | Ars Technica
API
Open Source
Social Media
Digital Transformation
Travel
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
ICO Set to Scale Back Public Sector Fines - Infosecurity Magazine
ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)
Wegmans hit with $400,000 data-breach penalty (democratandchronicle.com)
Models, Frameworks and Standards
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware (thehackernews.com)
Pro-Kremlin hackers Killnet hit Latvia with biggest cyber attack in its history | World | The Times
TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (thehackernews.com)
NATO Announce Plans to Develop Cyber Rapid Response Capabilities - IT Security Guru
FBI and MI5 bosses: China cheats and steals at massive scale • The Register
Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop
In Switch, Trickbot Group Now Attacking Ukrainian Targets (darkreading.com)
Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)
Nation State Actors
Nation State Actors – Russia
Russian Info Ops Ramp Up Effort to Divide West on Ukraine - Infosecurity Magazine
Near-undetectable malware linked to Russia's Cozy Bear • The Register
Nation State Actors – China
China Censors What Could Be Biggest Data Hack in History (gizmodo.com)
Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop
China’s Cabinet Stresses Cyber Security After Data Leak - Bloomberg
Security warning after sale of stolen Chinese data - BBC News
Five accused of trying to silence China critics in US • The Register
50 Chinese students leave UK in three years after spy chiefs’ warning | Espionage | The Guardian
More UK calls for ban of CCTV makers Hikvision, Dahua • The Register
Nation State Actors – North Korea
Russian information operations focus on dividing Western coalition supporting Ukraine - CyberScoop
North Korean ransomware dubbed Maui active since May 2021 • The Register
Nation State Actors – Iran
Vulnerabilities
Cisco and Fortinet Release Security Patches for Multiple Products (thehackernews.com)
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE - Security Affairs
Django fixes SQL Injection vulnerability in new releases (bleepingcomputer.com)
Google fixes the fourth Chrome zero-day in 2022 - Security Affairs - Security Affairs
Tens of Jenkins plugins are affected by zero-day vulnerabilities - Security Affairs
OpenSSL fixes two “one-liner” crypto bugs – what you need to know – Naked Security (sophos.com)
Fortinet addressed multiple vulnerabilities in several products - Security Affairs
There’s a Nasty Security Hole in the Apache Webserver – The New Stack
Sector Specific
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
We currently provide tailored threat intelligence based on the following sectors, additional sectors by arrangement:
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Other News
These are the cyber security threats of tomorrow that you should be thinking about today | ZDNet
Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk (darkreading.com)
Microsoft rolls back plan to block macros by default • Graham Cluley
Attacker groups adopt new penetration testing tool Brute Ratel | CSO Online
Security tester says he broke into datacenter via toilets • The Register
SQL injection, XSS vulnerabilities continue to plague organisations | CSO Online
Imagination is key to effective data loss prevention - Help Net Security
The Age of Collaborative Security: What Tens of Thousands of Machines Witness (thehackernews.com)
Maintaining a sustainable strengthened cyber security posture - NCSC.GOV.UK
Zero Trust Bolsters Our National Defence Against Rising Cyber Threats (darkreading.com)
Security advisory accidentally exposes vulnerable systems (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 07 January 2022
Black Arrow Cyber Threat Briefing 07 January 2022:
-Microsoft Sees Rampant Log4j Exploit Attempts, Testing
-Warning: Log4j Still Lurks Where Dependency Analysis Can’t Find It
-Hackers Sending Malware-Filled USB Sticks to Companies Disguised as Presents
-Patch Systems Vulnerable To Critical Log4j Flaws, UK And US Officials Warn
-‘Elephant Beetle’ Lurks For Months In Networks
-Sonicwall: Y2k22 Bug Hits Email Security, Firewall Products
-Hackers Use Video Player To Steal Credit Cards From Over 100 Sites
-Cyber World Is Starting 2022 In Crisis Mode With The Log4j Bug
-Everything You Need To Know About Ransomware Attacks and Gangs In 2022
-Why the Log4j Vulnerability Makes Endpoint Visibility and Zero Trust Security More Important Than Ever
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Microsoft Sees Rampant Log4j Exploit Attempts, Testing
Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.
No surprise here: The holidays bought no Log4Shell relief.
Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library.
“We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,” according to Microsoft.
https://threatpost.com/microsoft-rampant-log4j-exploits-testing/177358/
Warning: Log4j Still Lurks Where Dependency Analysis Can’t Find It
The best programming practice to include a third-party library in source code is to use the import command. It is the easiest way to do it, and it is also the way that most dependency analysis programs work to determine if a vulnerable library is in play. But any time code is included without calling it as an external package, traditional dependency analysis might not be enough to find it — including when Java coders use a common trick to resolve conflicting dependencies during the design process.
A new study by jFrog found that 400 packages on repository Maven Central used Log4j code without calling it as an external package. Around a third of that came from fat jars — jar files that include all external dependencies to make a more efficient product. The remainder came from directly inserting Log4j code into the source code, including shading, a work-around used when two or more dependencies call different versions of the same library in a way that might conflict.
While 400 may not seem like a lot for Maven Central, where Google found 17,000 packages implementing the vulnerable Log4j library, some of the 400 packages unearthed by JFrog are widely used.
Hackers Sending Malware-Filled USB Sticks to Companies Disguised as Presents
The "malicious USB stick" trick is old but apparently it's still wildly popular with the crooks.
Word to the wise: If a stranger ever offers you a random USB stick as a gift, best not to take it.
On Thursday, the FBI warned that a hacker group has been using the US mail to send malware-laden USB drives to companies in the defence, transportation and insurance industries. The criminals’ hope is that employees will be gullible enough to stick them into their computers, thus creating the opportunity for ransomware attacks or the deployment of other malicious software, The Record reports.
The hacker group behind this bad behaviour—a group called FIN7—has gone to great lengths to make their parcels appear innocuous. In some cases, packages were dressed up as if they were sent by the US Department of Health and Human Services, with notes explaining that the drives contained important information about COVID-19 guidelines. In other cases, they were delivered as if they had been sent via Amazon, along with a “decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB,” according to the FBI warning.
https://gizmodo.com/hackers-have-been-sending-malware-filled-usb-sticks-to-1848323578
Patch Systems Vulnerable To Critical Log4j Flaws, UK And US Officials Warn
One of the highest-severity vulnerabilities in years, Log4Shell remains under attack.
Criminals are actively exploiting the high-severity Log4Shell vulnerability on servers running VMware Horizon in an attempt to install malware that allows them to gain full control of affected systems, the UK’s publicly funded healthcare system is warning.
CVE-2021-44228 is one of the most severe vulnerabilities to come to light in the past few years. It resides in Log4J, a system-logging code library used in thousands if not millions of third-party applications and websites. That means there is a huge base of vulnerable systems. Additionally, the vulnerability is extremely easy to exploit and allows attackers to install Web shells, which provide a command window for executing highly privileged commands on hacked servers.
The remote-code execution flaw in Log4J came to light in December after exploit code was released before a patch was available. Malicious hackers quickly began actively exploiting CVE-2021-44228 to compromise sensitive systems.
‘Elephant Beetle’ Lurks For Months In Networks
The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.
Researchers have identified a threat group that’s been quietly siphoning off millions of dollars from financial- and commerce-sector companies, spending months patiently studying their targets’ financial systems and slipping in fraudulent transactions amongst regular activity.
The Sygnia Incident Response team has been tracking the group, which it named Elephant Beetle, aka TG2003, for two years.
In a Wednesday report, the researchers called Elephant Beetle’s attack relentless, as the group has hidden “in plain sight” without the need to develop exploits.
https://threatpost.com/elephant-beetle-months-networks-financial/177393/
Sonicwall: Y2k22 Bug Hits Email Security, Firewall Products
SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1st, 2022.
The company says that email users and administrators will no longer be able to access the junk box or un-junk newly received emails on affected systems.
They will also no longer be able to trace incoming/outgoing emails using the message logs because they're no longer updated.
On January 2nd, SonicWall deployed updates to North American and European instances of Hosted Email Security, the company's cloud email security service.
It also released fixes for its on-premises Email Security Appliance (ES 10.0.15) and customers using firewalls with the Anti-Spam Junk Store functionality toggled on (Junk Store 7.6.9).
Hackers Use Video Player To Steal Credit Cards From Over 100 Sites
Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms.
These scripts are known as skimmers or formjackers and are commonly injected into hacked websites to steal sensitive information entered into forms. Skimmers are commonly used on checkout pages for online stores to steal payment information.
In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player. When a website embeds that player, it embeds the malicious script, causing the site to become infected.
Cyber World Is Starting 2022 In Crisis Mode With The Log4j Bug
The cyber security world is starting off 2022 in crisis mode.
The newest culprit is the log4j software bug, which cyber security and Infrastructure Security Agency (CISA) Director Jen Easterly called “the most serious vulnerability I have seen in my decades-long career.” It forced many cyber security pros to work through the holidays to protect computer systems at Big Tech firms, large and small companies and government agencies.
But crises like log4j have become the norm rather than the exception during the past few years.
Last year kicked off with the SolarWinds hack — a Russian government operation that compromised reams of sensitive information from U.S. government agencies and corporations.
Digital threats of all sorts are growing far faster than the capability to defend against them. If past is prologue, 2022 is likely to be a year of big hacks, big threats and plenty more crises.
“We’re always in crisis is the long and short of it,” Jake Williams, a former National Security Agency (NSA) cyber operator and founder of the firm Rendition Infosec, told me. “Anyone looking for calm rather than the storm in cyber is in the wrong field.”
Everything You Need To Know About Ransomware Attacks and Gangs In 2022
Ransomware is a lucrative business for criminals. It is paying off, and it is working.
According to a recent Trend Micro report, a staggering 84% of US organisations experienced either a phishing or ransomware attack in the last year. The average ransomware payment was over $500,000.
Bad actors want to keep cashing in. So they’re going as far as creating ransomware kits as a service (Ransomware as a Service) to be sold on the dark web and even setting up fake companies to recruit potential employees.
Many ransomware gangs function like real companies — with marketing teams, websites, software development, user documentation, support forums and media relations.
If the “companies” run by ransomware gangs can operate with minimal expenses and mind-blowing revenues, what’s stopping them from growing in number and size?
https://securityintelligence.com/articles/ransomware-attacks-gangs-2022/
Why the Log4j Vulnerability Makes Endpoint Visibility and Zero Trust Security More Important Than Ever
The Apache Log4j vulnerability is one of the most serious vulnerabilities in recent years—putting millions of devices at risk.
IT organisations worldwide are still reeling from the discovery of a major security vulnerability in Apache Log4j, an open-source logging utility embedded in countless internal and commercial applications.
By submitting a carefully constructed variable string to log4j, attackers can take control of any application that includes log4j. Suddenly, cyber criminals around the world have a blueprint for launching attacks on everything from retail store kiosks to mission-critical applications in hospitals.
If security teams overlook even one instance of log4j in their software, they give attackers an opportunity to issue system commands at will. Attackers can use those commands to install ransomware, exfiltrate data, shut down operations — the list goes on.
How should enterprises respond to this pervasive threat?
Threats
Ransomware
Night Sky Is The Latest Ransomware Targeting Corporate Networks (bleepingcomputer.com)
Counties In New Mexico, Arkansas Begin 2022 With Ransomware Attacks | ZDNet
Ransomware Attack Affects The Websites Of 5,000 Schools - CNNPolitics
Phishing
Google Docs Comments Weaponized in New Phishing Campaign (darkreading.com)
US Arrests Suspect Who Stole Unpublished Books In Phishing Attacks (bleepingcomputer.com)
Malware
FluBot Malware Now Targets Europe Posing As Flash Player App (bleepingcomputer.com)
New Mac Malware Samples Underscore Growing Threat (darkreading.com)
Purple Fox Rootkit Now Bundled With Telegram Installer | Malwarebytes Labs
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification | Threatpost
Mobile
IoT
Data Breaches/Leaks
List Of Data Breaches And Cyber Attacks In December 2021 | 219M records (itgovernance.co.uk)
Have I Been Pwned Warns Of DatPiff Data Breach Impacting Millions (bleepingcomputer.com)
Morgan Stanley To Pay $60 Million To Resolve Data Security Lawsuit (Yahoo.Com)
Cryptocurrency/Cryptomining/Cryptojacking
Report: $2.2 Billion In Cryptocurrency Stolen From DeFi Platforms In 2021 | ZDNet
UK Police Seize £322m of Cryptocurrency in Past Five Years - Infosecurity Magazine
Fraud, Scams & Financial Crime
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
Should Businesses Be Concerned About APT-Style Attacks? - Help Net Security
MI6 Chief Thanks China For ‘Free Publicity’ After James Bond Spoof | China | The Guardian
Log4j Vulnerabilities: New Patches And Nation-State Exploitation. (thecyberwire.com)
North Korea-Linked Konni APT Targets Russian Diplomatic Bodies - Security Affairs
Privacy
Passwords & Credential Stuffing
Spyware and Espionage
Vulnerabilities
Emergency Windows Server Update Fixes Remote Desktop Issues (bleepingcomputer.com)
Microsoft Rolled Out Emergency Fix For Y2k22 Bug In Exchange Servers - Security Affairs
VMware Fixed CVE-2021-22045 Heap-Overflow In Workstation, Fusion and ESXi - Security Affairs
Latest WordPress Security Release Fixes XSS, SQL Injection Bugs | The Daily Swig (portswigger.net)
New Ubuntu Linux Kernel Security Updates Fix 9 Vulnerabilities, Patch Now - 9to5Linux
JFrog Researchers Find JNDI Vulnerability In H2 Database Consoles Similar To Log4Shell | ZDNet
Unpatched HomeKit Vulnerability Exposes iPhones, iPads to DoS Attacks | SecurityWeek.Com
Sector Specific
Defence
Health/Medical/Pharma Sector
Estate Agents
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 04 June 2021
Black Arrow Cyber Threat Briefing 04 June 2021: Cyber Insurers Recoil As Ransomware Attacks ‘Skyrocket’; US Puts Cyber Crime On Par With Terror After Ransomware Attacks; Cyber Attack Leaves 7,000 Out Of Work; Irish Health Service Patient Data Leaked Online; Enterprise Networks Vulnerable To 20-Year-Old Exploits; US Seize Domains Used By SolarWinds Intruders For Spear-Phishing; Hacker Group DarkSide Operates Like A Franchise; Interpol Intercepts $83M Fighting Financial Cyber Crime
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Insurers Recoil As Ransomware Attacks ‘Skyrocket’
The Great Fire of London helped forge the property insurance market, as residents feared a repeat of the savage destruction of 1666. In the absence of a state-backed fire service, some insurers even employed their own brigades, betting that limiting the damage to a property would be cheaper than rebuilding it. After a wave of high-profile cyber assaults, Graeme Newman, chief innovation officer at London-based insurance provider CFC, draws a parallel with today’s rapidly evolving market for cyber coverage. Insurance companies now provide emergency support services as well as financial compensation, so “the insurers own the digital fire trucks”, he said.
https://www.ft.com/content/4f91c4e7-973b-4c1a-91c2-7742c3aa9922
US Puts Cyber Crime On Par With Terror After Ransomware Attacks
The US government is raising the fight against cyber criminals to the same level as the battle against terrorists after a surge of ransomware attacks on large corporations. Internal guidance circulated by the Department of Justice instructs prosecutors to pool their information about hackers. The idea, said John Carlin, of the attorney-general’s office, is to “make the connections between actors and work your way up to disrupt the whole chain”.
https://www.thetimes.co.uk/article/us-cybercrime-terror-ransomware-attacks-joe-biden-pzrqbkfwt
Russia Under Fire As Cyber Attack Leaves 7,000 Out Of Work
An attack this week on JBS meatworks in North America and Australia brought the firm to a standstill, and now threatens to turn into a diplomatic row with Russia. JBS are reported to supply 20% of the world meat market and the ransomware attack has left 7,000 workers unable to do their jobs.
Irish Health Service Confirms Data Of Nearly 520 Patients Is Online After Cyber Attack
The Health Service Executive (HSE) has confirmed the data of nearly 520 patients is online after media reports of their publication. In a statement, the HSE said the data contains correspondence with patients, minutes of meetings and includes sensitive patient data. The HSE also confirmed corporate documents are among the HSE data illegally accessed. Confirmation of the authenticity of this data follows an analysis carried out by the agency and comments from the Minister for Communications, Eamon Ryan, that reports of patient data being shared online are "very credible".
https://www.irishexaminer.com/news/arid-40301054.html
Enterprise Networks Vulnerable To 20-Year-Old Exploits
While the industry focuses on exotic attacks – like the SolarWinds incident — the real risk to enterprises comes from older exploits, some as much as 20-years old. “While organisations always need to keep up with the latest security patches, it is also vital to ensure older system and well-known vulnerabilities from years past are monitored and patched as well,” says Etay Maor, senior director of security strategy at Cato Networks. “Threat actors are attempting to take advantage of overlooked, vulnerable systems.” Our research showed that attackers often scanned for end-of-life and unsupported systems. Common Vulnerability and Exposures (CVE) identified were exploits targeting software, namely vSphere, Oracle WebLogic, and Big-IP, as well as routers with remote administration vulnerabilities.
https://www.helpnetsecurity.com/2021/05/27/enterprise-networks-vulnerable/
US Authorities Seize Two Domains Used By SolarWinds Intruders For Malware Spear-Phishing Operation
Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development (USAID). The domain takeovers, which occurred on Friday, followed a court order issued in the wake of a Microsoft report warning about the spear-phishing campaign. The phishing effort relied on malware-laden messages sent via marketing service Constant Contact. "Cyber intrusions and spear-phishing email attacks can cause widespread damage throughout affected computer networks, and can result in significant harm to individual victims, government agencies, NGOs, and private businesses,” said Acting US Attorney Raj Parekh for the Eastern District of Virginia, in a statement. "As demonstrated by the court-authorized seizure of these malicious domains, we are committed to using all available tools to protect the public and our government from these worldwide hacking threats."
https://www.theregister.com/2021/06/02/feds_seize_nobelium/
Hacker Group DarkSide Operates In A Similar Way To A Franchise
DarkSide, the hacker group behind the recent Colonial Pipeline ransomware attack, has a business model that’s more familiar than people think, according to New York Times correspondent Andrew Kramer, “It operates something like a franchise, where individual hackers can come and receive the ransomware software and use it, as well as, use DarkSide’s reputation, as it were, to extract money from their targets, mostly in the United States,” Kramer said in an interview that aired Wednesday night.
Interpol Intercepts $83 Million Fighting Financial Cyber Crime
The Interpol (short for International Criminal Police Organisation) has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers. Over 40 law enforcement officers specialized in fighting cyber crime across the Asia Pacific region took part in the Interpol-coordinated Operation HAECHI-I spanning more than six months. Between September 2020 and March 2021, law enforcement focused on battling five types of online financial crimes: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.
Is It Really The Wild West In Cyber Crime? Why We Need To Re-Examine Our Approach To Ransomware
Once again, cyber security has become a headline topic within and well outside technology circles, along with the little-known operator of a significant fuel pipeline: Colonial Pipeline. A ransomware attack, and ensuing panic buying of gasoline, resulted in widespread fuel shortages on the east coast, thrusting the issue of cyber security into the lives of everyday Americans. Colonial Pipeline CEO Joseph Blount later acknowledged that his company ultimately paid the cybercriminals $4.4 million to unlock company systems, generating a great deal of controversy around the simple question (and associated complex potential answers), of whether companies should pay when their systems are held hostage by ransomware.
Threats
Ransomware
White House Contacts Russia After Hack Of World’s Largest Meatpacking Company
This New Ransomware Is Targeting Unpatched Microsoft Exchange Servers
Fujifilm Becomes Latest Ransomware Victim As White House Urges Business Leaders To Take Action
Cyber Crime Forum Advertises Alleged Database, Source Code From Russian Firm That Helped Parler
Phishing
Other Social Engineering
Malware
Mobile
IOT
Vulnerabilities
Huawei USB LTE Dongles Are Vulnerable To Privilege Escalation Attacks
Hackers Actively Exploiting 0-Day In WordPress Plugin Installed On Over 17,000 Sites
EPUB Vulnerabilities: Electronic Reading Systems Riddled With Browser-Like Flaws
SonicWall Urges Customers To 'Immediately' Patch NSM On-Prem Bug
Data Breaches
Supply Chain
Nation State Actors
Chinese Cyber Criminals Spent Three Years Creating A New Backdoor To Spy On Governments
Kimsuky APT Continues To Target South Korean Government Using Appleseed Backdoor
Russian Hacker Pavel Sitnikov Arrested For Sharing Malware Source Code
Privacy
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28 May 2021
Black Arrow Cyber Threat Briefing 28 May 2021: Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise; Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack; The 10 Most Dangerous Cyber Threat Actors; Dramatic Increase In Ransomware Attacks Is Causing Harm On A Significant Scale; Deepfakes Could Be The Next Big Security Threat To Businesses; Two-Thirds Of Organisations Say They'll Take Action To Boost Their Ransomware Defences
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise
In early May, global insurer AXA made a landmark policy decision: The company would stop reimbursing French companies for ransomware payments to cyber criminals. The decision, which reportedly came after French authorities questioned whether the practice had fuelled the current epidemic in ransomware attacks, may be just the beginning of a general retreat that will force companies to reconsider their attempts to outsource cyber-risk to insurance firms. Already, the massive damages from one damaging crypto worm, NotPetya, caused multiple lawsuits when insurers refused to pay out on cyber insurance claims.
Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack
The cyber attack on IT systems in the health service will cost it at least €100 million, according to chief executive Paul Reid. This is at the lower end of estimates of the total cost, he indicated, and includes the cost of restoring the network, upgrading systems to Microsoft 365 and the disruption caused to patients. Appointments for about 7,000 patients a day are being cancelled, almost two weeks after a criminal gang hacked the HSE systems. Mr Reid said the HSE was keen to see an independent and objective assessment of the cyber attack.
https://www.irishtimes.com/news/health/cyberattack-hse-faces-final-bill-of-at-least-100m-1.4577076
Ransomware: Dramatic Increase In Attacks Is Causing Harm On A Significant Scale
A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK's National Crime Agency (NCA) has warned. The NCA's annual National Strategic Assessment (NSA) of Serious and Organised Crime details how the overall threat from cyber crime has increased during the past year, with more severe and high-profile attacks against victims. Ransomware attacks have grown in frequency and impact over the course of the last year, to such an extent that they rank alongside other major crimes "causing harm to our citizens and communities on a significant scale," warns the report.
Deepfakes Could Be The Next Big Security Threat To Businesses
An overwhelming majority of businesses say that manipulated online content and media such as deepfakes are a serious security risk to their organisation. Deepfakes have already been shown to pose a threat to people portrayed in the manipulated videos, and could have serious repercussions when the individual holds a position of importance, be it as a leader of a country, or a leader of an enterprise. Earlier in 2021, the FBI’s cyber division warned that deepfakes are a critical emerging threat that can be used in all manners of social engineering attacks including ones aimed at businesses.
https://www.techradar.com/news/deepfakes-could-be-the-next-big-security-threat-to-businesses
Ransomware: Two-Thirds Of Organisations Say They'll Take Action To Boost Their Defences
The severe disruption caused by the Colonial Pipeline ransomware attack has alerted organisations to the need to bolster their defences against cyber attacks – and two-thirds are set to take actions required to prevent them becoming another ransomware victim following the incident. The ransomware attack against Colonial Pipeline – one of the largest pipeline operators in the United States, providing almost half of the East Coast's fuel – caused disruption to operations and led to gas shortages, demonstrating how cyber attacks can have physical consequences.
The 10 Most Dangerous Cyber Threat Actors
When hacking began many decades ago, it was mostly the work of enthusiasts fuelled by their passion for learning everything they could about computers and networks. Today, nation-state actors are developing increasingly sophisticated cyber espionage tools, while cyber criminals are cashing in millions of dollars targeting everything from Fortune 500 companies to hospitals. Cyber attacks have never been more complex, more profitable, and perhaps even more baffling. At times, drawing clear lines between different kinds of activities is a challenging task. Nation-states sometimes partner with each other for a common goal, and sometimes they even appear to be working in tandem with cyber criminal gangs.
https://www.csoonline.com/article/3619011/the-10-most-dangerous-cyber-threat-actors.html
Cyber Security Leaders Lacking Basic Cyber Hygiene
Constella Intelligence released the results of a survey that unlocks the behaviours and tendencies that characterize how vigilant organisations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge. The findings from the survey, which polled over 100 global cyber security leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications, revealed that 57% have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%).
https://www.helpnetsecurity.com/2021/05/26/cybersecurity-leaders-cyber-hygiene/
Watch Out: Crypto Jacking Is On The Rise Again
During the last year, though, malicious crypto mining has seen a resurgence, with NTT’s 2021 Global Threat Intelligence Report, published this month, revealing that crypto miners have now overtaken spyware as the world’s most common malware. Crypto miners, says NTT, made up 41% of all detected malware in 2020, and were most widely found in Europe, the Middle East, Africa, and the Americas. The most common coinminer variant was XMRig, which infects a user’s computer to mine Monero, accounting for 82% of all mining activity. Others included Crypto miner and XMR-Stack.
https://cybernews.com/security/watch-out-cryptojacking-is-on-the-rise-again/
Threats
Ransomware
Ransomware Attacks Are Becoming More Common – How Do We Stop Them?
FBI Warns Of Conti Ransomware Attacks Against Healthcare Organisations
HSE Cyber Attack Has Had ‘Devastating Impact’, Cancer Services Director Says
Phishing
Other Social Engineering
Malware
Mobile
IOT
Vulnerabilities
“Unpatchable” Vuln In Apple’s New MAC Chip – What You Need To Know
SonicWall urges customers to 'immediately' patch NSM On-Prem bug
FBI Issues Warning About Fortinet Vulnerabilities After Apt Group Hacks Local Gov’t Office
Restaurant Reservation System Patches Easy-To-Exploit XSS Bug
Bluetooth Flaws Allow Attackers To Impersonate Legitimate Devices
Data Breaches
Organised Crime & Criminal Actors
Cryptocurrency
Dark Web
OT, ICS, IIoT and SCADA
Nation State Actors
Threat Actor ‘Agrius’ Emerges To Launch Wiper Attacks Against Israeli Targets
Russian Group Behind SolarWinds Spy Campaign Conduct New Cyber Attacks
Belgium Uproots Cyber Espionage Campaign With Suspected Ties To China
Privacy
Reports Published in the Last Week
Other News
GDPR Is Being Used As A Bureaucratic Dodge To Avoid Public Scrutiny
UK Universities To Be Offered Advice On National Security Threats
A Chinese Hacking Competition May Have Given Beijing New Ways To Spy On The Uyghurs
How Much Economic Damage Would Be Done If A Cyber Attack Took Out The Internet?
German Cyber Security Chief Fears Hackers Could Target Hospitals
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.