Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 17 March 2023
Black Arrow Cyber Threat Briefing 17 March 2023:
-Almost Half of IT Leaders Consider Security as an Afterthought
-Over $10bn Lost To Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says
-Over 721 Million Passwords Were Leaked in 2022
-How Much of a Cyber Security Risk are Suppliers?
-90% of £5m+ Businesses Hit by Cyber Attacks
-Rushed Cloud Migrations Result in Escalating Technical Debt
-17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
-Microsoft Warns of Large-Scale Use of Phishing Kits
-BEC Volumes Double on Phishing Surge
-The Risk of Pasting Confidential Company Data in ChatGPT
-Ransomware Attacks have Entered a New Phase
-MI5 Launches New Agency to Tackle State-Backed Attacks
-Why Cyber Awareness Training is an Ongoing Process
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Almost Half of IT Leaders Consider Security as an Afterthought
A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.
Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says
According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.
Over 721 Million Passwords were Leaked in 2022
A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.
https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/
How Much of a Cyber Security Risk are Suppliers?
When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.
https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2
90% of £5m+ Businesses Hit by Cyber Attacks
A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.
https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/
Rushed Cloud Migrations Result in Escalating Technical Debt
A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.
https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.
Microsoft Warns of Large-Scale Use of Phishing Kits
Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.
https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html
BEC Volumes Double on Phishing Surge
The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.
https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/
The Risk of Pasting Confidential Company Data in ChatGPT
Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.
https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html
Ransomware Attacks have Entered a Heinous New Phase
With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.
https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/
MI5 Launches New Agency to Tackle State-Backed Attacks
British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.
https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/
Why Cyber Awareness Training is an Ongoing Process
A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.
Threats
Ransomware, Extortion and Destructive Attacks
BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)
Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru
FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)
Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)
Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)
Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)
CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)
Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs
Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register
Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)
5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert
Dish customers kept in the dark as ransomware fallout continues | TechCrunch
Cancer patient sues hospital over stolen naked photos • The Register
ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)
Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert
Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)
Universities and colleges cope silently with ransomware attacks | CSO Online
Phishing & Email Based Attacks
Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica
Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)
6 reasons why your anti-phishing strategy isn’t working | CSO Online
Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)
Botnet that knows your name and quotes your email is back with new tricks | Ars Technica
Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)
How two-step phishing attacks evade detection and what you can do about it - Help Net Security
BEC – Business Email Compromise
Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)
Organizations need to re-examine their approach to BEC protection - Help Net Security
BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)
2FA/MFA
Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)
Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica
Malware
Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)
Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)
Law enforcement seized the website selling the NetWire RAT- - Security Affairs
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)
Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)
Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)
Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)
New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)
Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)
Mobile
Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)
GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET
FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)
Botnets
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)
Botnet that knows your name and quotes your email is back with new tricks | Ars Technica
Denial of Service/DoS/DDOS
Internet of Things – IoT
Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)
Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)
Data Breaches/Leaks
Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert
Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)
BMW exposes data of clients in Italy, experts warn- - Security Affairs
Acronis states that only one customer's account was compromised- - Security Affairs
Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch
LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)
Organised Crime & Criminal Actors
Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek
Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru
CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)
Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto
UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)
CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs
Claim: FTX leaders helped themselves to $3.2B in cash • The Register
Feds charge exiled Chinese billionaire over crypto fraud • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek
Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru
ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET
Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)
The SVB demise is a fraudster's paradise, so take precautions - Help Net Security
Fighting financial fraud through fusion centers - Help Net Security
UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)
UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Claim: FTX leaders helped themselves to $3.2B in cash • The Register
Feds charge exiled Chinese billionaire over crypto fraud • The Register
Impersonation Attacks
Deepfakes
AML/CFT/Sanctions
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Dark Web
Supply Chain and Third Parties
Top 10 operational risks: focus on third-party risk - Risk.net
How much of a cyber security risk are my suppliers? (thetimes.co.uk)
Software Supply Chain
We can't wait for SBOMs to be demanded by regulation - Help Net Security
Best practices for securing the software application supply chain - Help Net Security
Cloud/SaaS
Rushed cloud migrations result in escalating technical debt - Help Net Security
CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat
How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)
Navigating the future of digital identity - Help Net Security
Encryption
Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
Passwords, Credential Stuffing & Brute Force Attacks
Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert
Study: Over 721 million passwords were leaked in 2022 - Neowin
Social Media
UK bans TikTok from government mobile phones | TikTok | The Guardian
Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt
The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop
Governance, Risk and Compliance
Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)
Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)
6 principles for building engaged security governance | TechTarget
Models, Frameworks and Standards
How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)
Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)
Data Protection
Law Enforcement Action and Take Downs
International authorities bring NetWire's malware infrastructure to a standstill | TechSpot
One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)
Privacy, Surveillance and Mass Monitoring
German states rethink reliance on Palantir technology | Financial Times (ft.com)
Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert
Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)
Artificial Intelligence
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)
ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek
How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)
UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News
Why red team exercises for AI should be on a CISO's radar | CSO Online
GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop
UK bans TikTok from government mobile phones | TikTok | The Guardian
Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek
Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)
Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert
YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)
China sought control of telecoms to spy on Micronesia • The Register
Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian
This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Polish intelligence dismantled a network of Russian spies- Security Affairs
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs
Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ
Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Nation State Actors
UK bans TikTok from government mobile phones | TikTok | The Guardian
North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop
A new Chinese era: security and control | Financial Times (ft.com)
Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)
Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online
Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)
China sought control of telecoms to spy on Micronesia • The Register
CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop
APT29 abuses EU information exchange systems in recent attacks- Security Affairs
Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)
Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian
This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED
Russia’s Cyber security Companies Shrug Off Sanctions - CEPA
Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs
Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ
Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Vulnerabilities
Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)
Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)
Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)
Microsoft and Fortinet fix bugs under active exploit • The Register
CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)
Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs
Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto
SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)
Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek
Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)
Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)
Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)
Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek
Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)
Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica
Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET
Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)
Here's how Chinese spies exploited a critical Fortinet bug • The Register
Tools and Controls
Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)
What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)
Set up PowerShell script block logging for added security | TechTarget
Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)
Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)
5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert
5 Steps to Effective Cloud Detection and Response - The New Stack
Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)
ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)
Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)
Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 July 2022
Black Arrow Cyber Threat Briefing 15 July 2022:
-10,000 Organisations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication
-Businesses Are Adding More Endpoints, But Can’t Manage Them All
-Ransomware Activity Resurges in Q2
-North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware
-One-Third of Users Without Security Awareness Training Click on Phishing URLs
-Ransomware Scourge Drives Price Hikes in Cyber Insurance
-Conventional Cyber Security Approaches Are Falling Short
-Virtual CISOs Are the Best Defence Against Accelerating Cyber Risks
-Firms Not Planning for Supply Chain Threats
-Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?
-Security Culture: Fear of Cyber Warfare Driving Initiatives
-Cryptocurrency 'Mixers' See Record Transactions from Sanctioned Actors
-Online Payment Fraud Expected to Cost $343B Over Next 5 Years
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
10,000 Organisations Targeted by Phishing Attack That Bypasses Multi-Factor Authentication
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.
The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into the genuine site.
According to Microsoft’s detailed report on the campaign, once hackers had broken into email inboxes via the use of stolen passwords and session cookies, they would exploit their access to launch Business Email Compromise (BEC) attacks on other targets.
By creating rules on victims’ email accounts, the attackers are able to then ensure that they maintain access to incoming email even if a victim later changes their password.
The global pandemic, and the resulting increase in staff working from home, has helped fuel a rise in the adoption of multi-factor authentication.
Cyber criminals, however, haven’t thrown in the towel when faced with MFA-protected accounts. Accounts with MFA are certainly less trivial to break into than accounts which haven’t hardened their security, but that doesn’t mean that it’s impossible.
Reverse-proxy phishing kits like Modlishka, for instance, impersonate a login page, and ask unsuspecting users to enter their login credentials and MFA code. That collected data is then passed to the genuine website – granting the cyber criminal access to the site.
As more and more people recognise the benefits of MFA, we can expect a rise in the number of cyber criminals investing effort into bypassing MFA.
Microsoft’s advice is that organisations should complement MFA with additional technology and best practices.
Businesses Are Adding More Endpoints, But Can’t Manage Them All
Most enterprises struggle to maintain visibility and control of their endpoint devices, leading to increased security breaches and impaired ability to ward off outside attacks, according to a survey conducted by Ponemon Institute.
Findings show that the average enterprise now manages approximately 135,000 endpoint devices. Despite $4,252,500 of annual budget spent on endpoint protection, an average of 48 percent of devices – or 64,800 per enterprise – are at risk because they are no longer detected by the organisation’s IT department or the endpoints’ operating systems have become outdated.
Additionally, 63 percent of respondents find that the lack of visibility into their endpoints is the most significant barrier to achieving a strong security posture.
IT organisations are facing unprecedented rates of distribution point sprawl, which has grown rapidly since the onset of the COVID-19 pandemic. 61 percent of respondents say distribution points have increased in the last two years, and the average endpoint has as many as 7 agents installed for remote management, further adding to management complexity.
https://www.helpnetsecurity.com/2022/07/14/businesses-are-adding-more-endpoints/
Ransomware Activity Resurges in Q2
Ransomware activity rose by a fifth in the last quarter, according to a report from security firm Digital Shadows.
The company, which monitors almost 90 data leak sites on the dark web, observed ransomware groups name 705 victims in Q2 2022, representing a 21% increase over last quarter’s 582. This was a resurgence in activity following a 25.3% decline quarter-on-quarter during Q1.
The LockBit ransomware group overtook Conti in victim numbers as Conti ceased operations following the leak of internal chat logs. Conti had reached almost 900 victims during its operations, but LockBit is now closing in on 1,000 after a 13% growth in activity during the quarter.
LockBit also continued to innovate, releasing version 3 of its ransomware with new features, including support for payments using the Zcash cryptocurrency. It also launched a reward program for any information on high-value targets, along with a data leak site that allows anyone to purchase victim data.
At around 230, Lockbit’s quarterly victim numbers far exceeded any other group in Q2. It was accountable for almost a third of all postings to leak sites in Q2. Conti, which had limped along for several weeks after its own data leak, managed just over 50. In third place was Alphv, which grew 118% during the quarter. Basta came in fourth.
Some other smaller groups are also growing rapidly, according to the report. Vice Society, in fifth place this quarter, doubled its activity.
https://www.infosecurity-magazine.com/news/ransomware-activity-resurges-q2/
One-Third of Users Without Security Awareness Training Click on Phishing URLs
Phishing attacks just won't die, and new data underscores their effectiveness among users who have not been provided security awareness training.
According to data pulled from security awareness training provider KnowBe4's clients, 32.4% of users will fall for a phish — clicking on a link or following a phony request — if those users have not had any official training. The disconnect is worse in some industry sectors, including consulting, energy and utilities, and healthcare and pharmaceuticals, where half of all untrained users fall for phishing attacks.
The data was pulled from 23.4 million simulated phishing tests conducted at more than 30,000 organisations, encompassing some 9.5 million users. According to KnowBe4, 90 days after monthly or more training, the number of phishing test fails dropped to around 17.6%, and to 5% after one year of regular awareness training.
https://www.darkreading.com/remote-workforce/one-third-of-users-click-on-phishing
Ransomware Scourge Drives Price Hikes in Cyber Insurance
Cyber security insurance costs are rising, and insurers are likely to demand more direct access to organisational metrics and measures to make more accurate risk assessments.
The rising cost of ransomware attacks is helping push significant premium increases in cyber insurance policies in the UK and US, new data shows.
With the average payouts across the past two years averaging more than $3.5 million in the US, a growing number of cyber security insurers want direct access to customer security metrics and measures. This would help prove the status of security controls, according to a Panaseer report on the state of the cyber insurance industry.
However, insurance firms are struggling to accurately understand a customer's security posture, which is in turn affecting price increases.
Panaseer notes that 82% of insurers surveyed said they expect the rise in premiums to continue. The increasing cost of ransomware is putting premiums up, and the increase in the number of attacks, as well as the number of successful attacks, means insurance is getting harder to get and is getting more expensive.
Meanwhile, 87% of insurers surveyed say they want a more consistent approach to analysing cyber-risk. Fundamentally, insurers need better information in order to price the risk — questionnaires aren't going to cut it. Having real live data coming from a customer about their security posture is what's going to be required for them to accurately price risk, in the same way that telematics did for car insurance.
Conventional Cyber Security Approaches Are Falling Short
Traditional security approaches that rely on reactive, detect-and-respond measures and tedious manual processes can’t keep pace with the volume, variety, and velocity of current threats, according to Skybox Security. As a result, 27% of all executives and 40% of CSOs say their organisations are not well prepared for today’s rapidly shifting threat landscape.
On average, organisations experienced 15% more cyber security incidents in 2021 than in 2020. In addition, “material breaches”— defined as “those generating a large loss, compromising many records, or having a significant impact on business operations” — jumped 24.5%.
The top four causes of the most significant breaches reported by the affected organisations were:
Human error
Misconfigurations
Poor maintenance/lack of cyber hygiene
Unknown assets.
https://www.helpnetsecurity.com/2022/07/14/conventional-cybersecurity-approaches/
Virtual CISOs Are the Best Defence Against Accelerating Cyber-Risks
The cyber security challenges that companies are facing today are vast, multidimensional, and rapidly changing. Exacerbating the issue is the relentless evolution of threat actors and their ability to outmanoeuvre security controls effortlessly.
As technology races forward, companies without a full-time CISO (Chief Information Security Officer) are struggling to keep pace. For many, finding, attracting, retaining, and affording the level of skills and experience needed is out of reach or simply unrealistic. Enter the virtual CISO (vCISO). These on-demand experts provide security insights to companies on an ongoing basis and help ensure that security teams have the resources they need to be successful.
Typically, an engagement with a vCISO is long lasting, but in a fractional delivery model. This is very different from a project-oriented approach that requires a massive investment and results in a stack of deliverables for the internal team to implement and maintain. A vCISO not only helps to form the approach, define the action plan, and set the road map but, importantly, stays engaged throughout the implementation and well into the ongoing management phases.
The best vCISO engagements are long-term contracts. Typically, there's an upfront effort where the vCISO is more engaged in the first few months to establish an understanding, develop a road map, and create a rhythm with the team. Then, their support drops into a regular pace which can range from two to three days per week or five to ten days per month.
Firms Not Planning for Supply Chain Threats
Enterprises are failing to plan properly for supply chain risks and cyber security threats from the wider digital ecosystem, a leading technology consultancy has warned.
According to Tata Consultancy Services (TCS), firms put the risks posed by ecosystem partners at the bottom of a list of 10 key threats. CISOs and chief risk officers believed that financial systems, customer databases and R&D were the systems most likely to be targeted. Supply chain and distribution was placed in ninth.
The report, based on a survey of larger firms with annual revenues of $1bn or more, found that only 16% of chief risk officers believed the digital ecosystem was a concern when it comes to cyber risks, and only 14% said those ecosystems were a priority for board level discussions.
The research also found that a small number of enterprises fail to focus on cyber risk, with one in six boards discussing it only “occasionally, as necessary or never.” TCS found, though, that organisations with above-average profit and revenue growth were more likely to put cyber security on the agenda at board meetings.
TCS also found that enterprises view the cloud as a more secure environment than conventional data centres and on-premises systems. Additionally, the research highlighted ongoing concerns about skills and the need to attract and retain talented security staff. Firms where senior leaders focus on cyber security are more likely to be able to close the skills gap, according to the study.
https://www.infosecurity-magazine.com/news/planning-supply-chain-threats/
Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?
IT service provider and consulting firm Capgemini is facing a lawsuit related to a June 2020 data breach. The plaintiff — gaming company Razer — is seeking $7 million in damages. A trial in Singapore’s High Court regarding the dispute is underway, according to Vulcan Post.
Razer claims it has suffered approximately $6.85 million in profit losses from its online website due to the data breach. Razer is pursuing damages for an unquantified sum for profit losses from the rejection of its digital bank license application.
The Razer data breach occurred due to an issue with an IT system. It may have exposed the personal information of about 100,000 Razer customers.
The Razer data breach may have occurred due to a misconfigured Elasticsearch cluster. It also was exposed to the public and indexed by public search engines and took more than three weeks to fix.
Experts from Razer and Capgemini agreed that the data breach was caused by a security misconfiguration. However, Razer now claims that a Capgemini employee recommended the IT system that led to the breach and is therefore responsible for the incident.
Security Culture: Fear of Cyber Warfare Driving Initiatives
KnowBe4, the provider of security awareness training and simulated phishing platform, has conducted a survey during Infosecurity Europe, which evaluated the opinions of nearly 200 security professionals towards security culture, or more specifically: the ideas, customs and social behaviours of an organisation that influence their security practices.
The research found the threat of cyber warfare (30%) or experiencing a data breach or cyber attack (30%) were the two biggest reasons why security professionals wanted to improve security culture at their organisations. Given the current invasion of Ukraine by Russia and the resulting cyber security warnings announced by many of the world’s leading governments, improving current cyber security efforts has continued to be a top priority for many.
The study also revealed just over two thirds (67%) answered that a strong security culture would very likely reduce the risk of security incidents, with the majority (85%) directing their efforts into both improving security awareness training and communicating values expected from employees regarding security.
However, there are many obstacles when attempting to create a strong security culture, with the main issue being a lack of budget (26%) which was followed security professionals facing indifference from fellow employees (24%) and a lack of senior management support (16%).
Interestingly, just under three quarters (73%) admitted to putting an increased effort into measuring employees understanding of security – this still leaves a considerable gap of 27% that do not, something many security professionals will want to consider closing. Thankfully, 38% agree this aspect of security culture would be an area they want to improve in their organisation. When witnessing a colleague display poor security practises, 67% of UK security experts would prefer to tell the individual discreetly, while just under a third (31%) would send the member of staff training material to review. Only 18% would report the individual to the security team.
Cryptocurrency 'Mixers' See Record Transactions from Sanctioned Actors
Use of so-called cryptocurrency “mixers,” which combine various types of assets to mask their origin, peaked at a 30-day average of nearly $52 million worth of digital currency in April, representing an unprecedented volume of funds moving through those services, researchers at cryptocurrency research firm Chainalysis found.
A near two-fold increase in funds sent from illicit addresses has accelerated the increase, indicating that the technology that can obfuscate the currency continues to be highly attractive to cyber criminals.
Cryptocurrency mixers work by taking an individual’s cryptocurrency and combining it with a larger pool before returning units equivalent to the original amount minus a service fee to the original account. As a result, it makes it harder for law enforcement and cryptocurrency analysts to trace the currency.
Mixers aren’t solely used by criminals, but they are extremely popular with them. 10% of all funds from illicit wallets are sent to mixers, while mixers received less than 0.5% of the share of other sources of funds tracked by the firm, including decentralised finance projects.
The bulk of illicit funds transferred to mixers came from sanctioned actors, primarily Russian dark net market Hydra and more recently the Lazarus Group, a group of North Korean state-backed hackers. International law enforcement took out Hydra, which had been responsible for 80% of dark web transactions involving cryptocurrency, in May. The US Treasury’s Office of Foreign Assets Control followed with sanctions on more than 100 of its cryptocurrency addresses.
The use of mixers by North Korea state-backed hackers, and a popular mixer they employed to launder funds, made up the rest of the transfers.
https://www.cyberscoop.com/cryptocurrency-mixers-see-record-transactions-from-sanctioned-actors/
Online Payment Fraud Expected to Cost $343B Over Next 5 Years
Despite ratcheted-up efforts to prevent account takeover, fraudsters are cashing in on a range of online payment fraud schemes, which researchers predict will cost retail organisations more than $343 billion over the next five years.
Physical good purchases are loss leaders, making up 49% of online payment fraud, driven in large part by developing markets with little address verification, according to a new Juniper Research report.
Fundamentally, no two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution. Payment fraud detection and prevention vendors must build a multitude of verification capabilities, and intelligently orchestrate different solutions depending on circumstances, in order to correctly protect both merchants and users.
Threats
Ransomware
Paying ransomware crooks won’t reduce your legal risk, warns regulator – Naked Security (sophos.com)
New Lilith ransomware emerges with extortion site, lists first victim (bleepingcomputer.com)
Experts warn of the new 0mega ransomware operation - Security Affairs
Organisations Warned of New Lilith, RedAlert, 0mega Ransomware | SecurityWeek.Com
Microsoft links H0ly Gh0st ransomware operation to North Korean hackers (bleepingcomputer.com)
Feds Issue Warning for North Korean-backed Ransomware Hijackers - MSSP Alert
Ransomware gang now lets you search their stolen data (bleepingcomputer.com)
Rise in ransomware drives IT leaders to implement data encryption - Help Net Security
Bandai Namco confirms hack after ALPHV ransomware data leak threat (bleepingcomputer.com)
1.9m patients' medical data exposed in PFC ransomware attack • The Register
Phishing & Email Based Attacks
Email scams are getting more personal – they even fool cyber security experts (theconversation.com)
Hackers impersonate cyber security firms in callback phishing attacks (bleepingcomputer.com)
$8 million stolen in large-scale Uniswap airdrop phishing attack (bleepingcomputer.com)
Almost a third of untrained users will click a phishing link - KnowBe4 research - IT Security Guru
PayPal phishing kit added to hacked WordPress sites for full ID theft (bleepingcomputer.com)
Other Social Engineering
Rise In Smishing Scams, Why And How To Protect? (informationsecuritybuzz.com)
How Hackers Create Fake Personas for Social Engineering (darkreading.com)
How attackers abuse Quickbooks to send phone scam emails - Help Net Security
Malware
Mobile
New Android malware on Google Play installed 3 million times (bleepingcomputer.com)
The weaponizing of smartphone location data on the battlefield - Help Net Security
Internet of Things – IoT
Honda Admits Hackers Could Unlock Car Doors, Start Engines | SecurityWeek.Com
Watch This $80,000 Tesla Model Y Get Hacked With $20 Hardware - autoevolution
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Scams Soar Despite Crash (informationsecuritybuzz.com)
Cryptocurrency flowing into “mixers” hits an all-time high. Wanna guess why? | Ars Technica
Hackers stole $620 million from Axie Infinity via fake job interviews (bleepingcomputer.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Insurance
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Identity and Access Management
Encryption
Social Media
Training, Education and Awareness
Privacy
New Cache Side Channel Attack Can De-Anonymize Targeted Online Users (thehackernews.com)
Amazon handed Ring video to police without warrant, consent • The Register
TikTok Chief Security Officer Steps Down Amid Concerns About Privacy (businessinsider.com)
Regulations, Fines and Legislation
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber espionage groups increasingly target journalists and media organisations | CSO Online
Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine (darkreading.com)
Lithuanian Energy Firm Disrupted by DDOS Attack - Infosecurity Magazine (infosecurity-magazine.com)
Security vendor splits to address Russia’s war in Ukraine • The Register
Apple previews Lockdown Mode, a new extreme security feature | ZDNet
Nation State Actors
Nation State Actors – North Korea
Nation State Actors – Misc APT
Vulnerabilities
DHS warns: Expect Log4j risks for 'a decade or longer' • The Register
Microsoft's Patch Tuesday fixes one bug under active exploit • The Register
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution (cisecurity.org)
CISA orders agencies to patch new Windows zero-day used in attacks (bleepingcomputer.com)
Flaw in Netwrix Auditor application allows arbitrary code execution - Security Affairs
Elastix VoIP systems hacked in massive campaign to install PHP web shells (bleepingcomputer.com)
Hackers Targeting VoIP Servers by Exploiting Digium Phone Software (thehackernews.com)
Anvil Mobile Hit By New Exploit - DNS Hijacking. (informationsecuritybuzz.com)
Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now (darkreading.com)
Buggy WordPress plugin allows complete site takeover • The Register
VMware patches vCenter Server flaw disclosed in November (bleepingcomputer.com)
AMD, Intel chips vulnerable to 'Retbleed' Spectre variant • The Register
Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs (bleepingcomputer.com)
Microsoft releases PoC exploit for macOS sandbox escape vulnerability (bleepingcomputer.com)
AWS squashes authentication bugs in Kubernetes service • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Other News
5 key considerations for your 2023 cyber security budget planning | CSO Online
What Are the Risks of Employees Going on a 'Hybrid Holiday'? (darkreading.com)
New ‘Luna Moth’ hackers breach orgs via fake subscription renewals (bleepingcomputer.com)
Experian accounts could still be at risk from hackers | TechRadar
Mergers and acquisitions are a strong zero-trust use case • The Register
Recruitment agency Morgan Hunt confirms 'cyber incident' • The Register
New Exploit Attacks UK Routers and Runs Up Mobile Data Bills - ISPreview UK
How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub (darkreading.com)
Data breaches explained: Types, examples, and impact | CSO Online
President of European Central Bank Christine Lagarde targeted by hackers - Security Affairs
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.