Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Boards Still Aren't Taking Cyber Security Seriously, That Means Everyone Is At Risk

Cyber security still is not taken as seriously as it should be by boardroom executives – and that's leaving organisations open to cyber attacks, data breaches and ransomware, the new boss of the National Cyber Security Centre (NCSC) has warned. In her first speech since taking the helm of the UK cyber security agency, CEO Lindy Cameron said cyber security should be viewed with the same importance to CEOs as finance, legal or any other vital day-to-day part of the enterprise.

https://www.zdnet.com/article/boardrooms-still-arent-taking-cybersecurity-seriously-and-thats-putting-everyone-at-risk-from-attacks-warns-new-ncsc-boss/

Nearly 40% Of New Ransomware Families Use Both Data Encryption And Data Theft In Attacks

2020 saw an explosion of ransomware that also steals data, giving the attackers more leverage over their victims. If organisations first refuse to pay a ransom to decrypt their data, attackers threaten to leak the stolen information, increasing pressure on victims to pay. This evolution, referred to as Ransomware 2.0 in the report, was a significant development in 2020. Only one ransomware group was observed using this type of extortion in 2019. By the end of 2020, 15 different ransomware families had adopted this approach. Furthermore, nearly 40% of ransomware families discovered in 2020, as well as several older families, were known to also steal data from victims by the end of last year.

https://www.helpnetsecurity.com/2021/03/31/ransomware-families-data-encryption/

Ransomware: Why We Are Now Facing A Perfect Storm

Ransomware is becoming more successful than ever before because of a combination of factors that allow cyber criminals to easily gain access to corporate networks – and they are finding success because a significant number of organisations that fall victim to attacks are willing to pay the ransom. A report warns that the 'perfect storm' of conditions have come together and allowed ransomware attacks to run rampant against organisations around the world.

https://www.zdnet.com/article/ransomware-why-were-now-facing-a-perfect-storm/

Ransomware: Nearly A Fifth Of Victims Who Pay Off Extortionists Fail To Get Their Data Back

The poll found that close to half (46%) of UK ransomware victims paid the ransom to restore access to their data last year, yet an unfortunate 11% of victims who shelled out did not have their stolen data returned. Whether they paid or not, only 18% of 1,006 UK victims surveyed were able to restore all their encrypted or blocked files following an attack. Internationally the picture is still worse with more than half (56%) paying off extortionists and nearly one in five of whom (17%) failing to get their data back even after paying out.

https://portswigger.net/daily-swig/ransomware-nearly-a-fifth-of-victims-who-pay-off-extortionists-fail-to-get-their-data-back

Billions Of Records Have Been Hacked Already. Make Cyber Security A Priority Or Risk Disaster

More data records have been compromised in 2020 alone than in the past 15 years combined, in what is described as a mounting "data breach crisis" in the latest study from analysis. Over the past 12 months, 31 billion data records have been compromised. This is up 171% from the previous year and constitutes well over half of the 55 billion data records that have been compromised in total since 2005.

https://www.zdnet.com/article/billions-of-records-have-been-hacked-already-make-cybersecurity-a-priority-of-risk-disaster-warns-analyst/

Ransomware Gang Urges Victims’ Customers To Demand A Ransom Payment

A ransomware operation known as 'Clop' is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy. A common tactic used by ransomware operations is to steal unencrypted data before encrypting a victim's network. This data is then used in a double-extortion tactic where they threaten to release the data if a ransom is not paid.

https://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/

Employee Lockdown Stress May Spark Cyber Security Risk

Stressed-out employees in a remote-working world could be a major contributor to poor cybersecurity postures for companies, according to a survey. Among other findings, the survey found that younger employees as well as people caring for children or other family members reported more stress in their lives, as well riskier IT behaviours when compared to other demographics. For instance, 67 percent of employees under 30 said they use shadow IT (unsanctioned apps, services, and equipment) to help them to perform certain tasks more easily, compared to 27 percent of older workers.

https://threatpost.com/employee-lockdown-stress-cybersecurity-risk/165050/

Shadow IT Is Your Organisation's Next Remote-Working Nightmare

Shadow IT refers to the use of devices, systems and software outside of those permitted by an organisational IT department. According to new research by software company Forcepoint, more than a third (37%) of UK employees are now relying on shadow IT at home, increasing companies' exposure to cyber security risks.

The use of personal devices appears to be one of the biggest culprits: 48% of respondents admitted to using their own devices to access work documents and corporate networks while working from home. Meanwhile, 34% of employees reported using private email or file-sharing cloud services for work purposes – again against the advice of employers.

https://www.techrepublic.com/article/shadow-it-is-your-organizations-next-remote-working-nightmare/

Threats

Ransomware

• Ransomware attack on UK charity affects 37,000 students

• Hades Ransomware Linked to Hafnium and Exchange Attacks

• Retailer FatFace pays $2m ransom to Conti cyber criminals

Malware

• Fake jQuery files infect WordPress sites with malware

• Fileless Malware Detections Soar 900% in 2020

Mobile

• This Android update is really nasty spyware

Vulnerabilities

• 5G network slicing flaws pose denial-of-service, data theft risk

• OpenSSL fixes two high-severity crypto bugs

• Apple fixes an iOS zero-day vulnerability actively used in attacks

• SolarWinds patches critical code execution bug in Orion Platform

• Facebook for WordPress Plugin Vulnerability Targets +500,000 Sites

Data Breaches

• Whistleblower claims Ubiquiti Networks data breach was ‘catastrophic’

• Ubiquiti breach puts countless cloud-based devices at risk of takeover

Dark Web

• Booming dark web gig economy is a rising threat

Nation State Actors

• Russia suspected of stealing thousands of State Department emails

• APT Charming Kitten Pounces on Medical Researchers

• UK 'must be clear-eyed about Chinese ambition', warns new National Cyber Security Centre chief

Privacy

• These browsers are far less private than they claim to be

• Call centre staff to be monitored via webcam for home-working ‘infractions’

Other News

• CISA gives federal agencies 5 days to find hacked Exchange servers

• Phone companies 'must do more' to stop fraud calls

• Malicious Docker Cryptomining Images Rack Up 20M Downloads

• Turns Out This Sophisticated Hacking Campaign Was Actually the Work of 'Western Government Operatives'

• Smart Contract Vulnerabilities Are A Ticking Time Bomb Holding Billions of Unsuspecting $$$ Hostage

• Popular remote lesson monitoring program could be exploited to attack student PCs
  

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Warfare Will Grind Britain’s Economy To A Halt

The UK Integrated Security, Defence, Development and Foreign Policy Review was published this week, reflecting on current concerns and previously announced initiatives. The policy made it clear that emerging networks and technologies, such as electric vehicle charging points, provide an opportunity for adversaries to unbalance, paralyse or even defeat us, and a large scale attack on the UK could grind Britain’s economy to a halt.

https://www.telegraph.co.uk/technology/2021/03/22/cyber-warfare-will-grind-britains-economy-halt/

Almost $2 Billion Lost To BEC Scams In 2020

Losses emanating from Business Email Compromise (BEC) and Email Account Compromise (EAC) scams surpassed US$1.86 billion last year, which is more than the combined losses stemming from the next six costliest types of cyber crime. 19,000 reports of BEC/EAC scams last year, a decrease compared to the almost 24,000 incidents reported in 2019. The associated losses, however, increased by over US$90 million and accounted for 45 percent of the total losses (US$4.2 billion).

https://www.welivesecurity.com/2021/03/23/almost-2billion-lost-bec-scams-2020/

Ransomware Gang Says It Targets Firms Who Have Cyber Insurance

What I found particularly fascinating was a claim made by “Unknown” that the REvil gang specifically targets firms who have taken out insurance against ransomware attacks – presumably in the understandable belief that those corporate victims are more likely to pay up.

https://grahamcluley.com/ransomware-gang-says-it-targets-firms-with-cyber-insurance/

Three Billion Phishing Emails Are Sent Every Day

Cyber criminals are sending over three billion emails a day as part of phishing attacks designed to look like they come from trusted senders. By spoofing the sender identity used in the 'from' field in messages, cyber criminals attempt to lure potential victims into opening emails from names they trust. This could be the name of a trusted brand like a retailer or delivery company, or even, in more sophisticated attacks, the name of their CEO or a colleague.

https://www.zdnet.com/article/three-billion-phishing-emails-are-sent-every-day-but-one-change-could-make-life-much-harder-for-scammers/

Ransomware Gang Demands $50 Million From Computer Maker Acer

Acer has suffered a ransomware attack over the past weekend at the hands of the REvil ransomware gang, which is now demanding a whopping $50 million ransom payment to decrypt the company’s computers and not leak its data on the dark web. The attack has not disrupted production systems but only hit the company’s back-office network. The security breach was not deemed disruptive enough to prevent or delay the computer maker from announcing its Q4 2020 financial results on Wednesday.

https://therecord.media/ransomware-gang-demands-50-million-from-computer-maker-acer/

Office 365 Phishing Attack Targets Financial Execs

A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise (BEC) attacks. These new, sophisticated attacks are aimed at C-suite executives, their assistants, and financial departments, and can work around email security and Office 365 defences.

https://threatpost.com/office-365-phishing-attack-financial-execs/164925/

Microsoft Exchange Hacking: Thousands Of Email Servers Still Compromised – Ransomware Operators Still Piling In On Already Hacked Servers

Thousands of Microsoft Exchange servers are still compromised by hackers even after applying fixes. Owners of email servers that were compromised before Microsoft Corp. issued a patch nearly three weeks ago must take additional measures to remove the hackers from their networks. Microsoft has previously warned that patching will not evict a hacker who has already compromised a server.

https://www.livemint.com/technology/tech-news/microsoft-exchange-hacking-thousands-of-email-servers-still-compromised-11616462322125.html

Average Ransom Payment Surged 171% in 2020

The average ransomware payment soared by 171% year-on-year in 2020 as cyber crime gangs queued up to exploit the pandemic. The security vendor’s Unit 42 division compiled its Ransomware Threat Report 2021 from analysis of over 19,000 network sessions, 252 ransomware leak sites and 337 victim organizations.

https://www.infosecurity-magazine.com/news/average-ransom-payment-surged-171/

Phishers’ Perfect Targets: Employees Getting Back To The Office

Phishers have been exploiting people’s fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start and will continue to do it for as long it affects out private and working lives. Cyber criminals continually exploit public interest in COVID-19 relief, vaccines, and variant news, spoofing the Centers for Disease Control (CDC), U.S. Internal Revenue Service (IRS), U.S. Department of Health and Human Services (HHS), World Health Organization (WHO), and other agencies and businesses.

https://www.helpnetsecurity.com/2021/03/22/phishers-employees/

Nasty Malware Stealing Amazon, Facebook And Google Passwords

A new piece of malware called CopperStealer is lurking in “cracked” software downloads available on pirated-content sites, and the malware can compromise your login info for Amazon, Apple, Facebook and Google, among other services. Notably, CopperStealer runs on the same basic principles as SilentFade, a pernicious piece of malware that ravaged Facebook accounts back in 2019.

https://www.tomsguide.com/news/cracked-software-copperstealer-malware

Threats

Ransomware

• Ransomware Attack Foils IoT Giant Sierra Wireless

• Ransomware Gangs Have Found Another Set Of New Targets: Schools And Universities

• Ransomwared Bank Tells Customers It Lost Their SSNs

Phishing

• 9,000 Employees Targeted In Phishing Attack Against California Agency

• Brazil Leads In Phishing Attacks

• The Human Impact Of A Royal Mail Phishing Scam

• Microsoft Warns Of Phishing Attacks Bypassing Email Gateways

• Office 365 Phishing Attack Targets Financial Execs

Malware

• A Newly-Wormable Windows Botnet Is Ballooning In Size

• Fraudsters Jump On Clubhouse Hype To Push Malicious Android App

• Purple Fox Malware Evolves To Propagate Across Windows Machines

• Nasty malware stealing Amazon, Facebook and Google passwords

IOT

• The US Government Finally Gets Serious About IoT Security

Vulnerabilities

• Critical F5 BIG-IP Flaw Now Under Active Attack

• 5G Network Slicing Vulnerability Leaves Enterprises Exposed To Cyber Attacks

• Hackers Are Exploiting A Server Vulnerability With A Severity Of 9.8 Out Of 10

• WordPress Elementor Vulnerability Affects +7 Million

• Openssl Fixes Severe Dos, Certificate Validation Vulnerabilities

Data Breaches

• FatFace Tells Customers To Keep Its Data Breach ‘Strictly Private’

• Energy giant Shell discloses data breach after Accellion hack

Organised Crime & Criminal Actors

• Russian Pleads Guilty To Conspiracy To Introduce Malware Into Tesla's Computer Network

OT, ICS, IIoT and SCADA

• UK Cyber Security Law Forcing Energy Companies To Report Hacks Has Led To No Reports, Despite Numerous Hacks

Nation State Actors

• The Peculiar Ransomware Piggybacking Off of China’s Big Hack

• Working From Home? Watch for a Chinese Cyber Attack

Privacy

• Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports

Other News

• Oauth Apps Are Being Exploited To Launch Cyberattacks

• API Security Becomes A ‘Top’ Priority For Enterprise Players

• Remote Work Makes Cyber Security A Top Worry For CEOs

• Microsoft Exchange Server attacks: 'They're being hacked faster than we can count', says security company

• Office 365 Cyber Attack Lands Disgruntled IT Contractor in Jail

• Energy Giant Shell Is Latest Victim of Accellion Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Tens Of Thousands Of Microsoft Exchange Customers Are Under Assault From Hackers, Experts Warning Of Unprecedented Damage, Exploits Being Targeted By "At Least 10 Hacker Groups"

Four exploits in Microsoft Exchange Server hit the news last week, when we heard that a Chinese hacking group had targeted the email servers of some 30,000 U.S. government and commercial organisations. The exploits had been patched by Microsoft, but the hacking group known as “Hafnium” had doubled-up on efforts targeting unpatched servers. Security researchers found that at least 10 APT groups are taking advantage of the exploits in an attempt to compromise servers around the world. Winniti Group, Calypso, Tick, and more are among the groups identified.

https://www.techspot.com/news/88913-microsoft-exchange-server-exploits-targeted-least-10-hacker.html

Over $4.2 Billion Officially Lost To Cyber Crime In 2020

Cyber crime affecting victims in the U.S., noting a record number of complaints and financial losses in 2020 compared to the previous year. The Internet Crime Complaint Center (IC3) received last year 791,790 complaints - up by 69% from 2019 - of suspected internet crime causing more than $4 billion in losses. While most complaints were for phishing, non-payment/non-delivery scams, and extortion, about half of the losses are accounted by business email compromise (BEC), romance and confidence scams, and investment fraud.

https://www.bleepingcomputer.com/news/security/fbi-over-42-billion-officially-lost-to-cybercrime-in-2020/

Cyber Attacks Multiply On Wealthy Investors

An email nearly cost a wealthy British art collector £6m, after hackers monitored email correspondence between the client and an art dealer the client had been negotiating with for a year, with hackers impersonating the genuine art dealer, learning to impersonate the tone and language used — even gleaning private family news and the names of partners and children.

Just when the collector and the art dealer finally reached a conclusion on price, the client received an email to say something along the lines of, I hope the children are recovering from their colds — we have just amended our bank details for security and here they are. As it matched the tone of previous emails the art-loving client didn't think anything was amiss.

Fortunately, his family office phoned the real dealer to check the transaction before approving a transfer and the scam was discovered in time, but many people are not so lucky.

https://www.ft.com/content/cdfe8d97-6431-48e2-a8a7-7d760c6e9ed6

Cyber Strength Now Key To National Security, Says UK

In what has been billed as the largest security and foreign policy strategy revamp since the Cold War, the UK government has outlined new defence priorities – with at their heart, the imperative to boost the use of new technologies to safeguard the country. Prime minister Boris Johnson unveiled the integrated review this week, which has been in the making for over a year and will be used as a guide for spending decisions in the future. Focusing on foreign policy, defense and security, the review sets goals for the UK to 2025; and underpinning many of the targets is the objective of modernizing the country's armed forces.

https://www.zdnet.com/article/cyber-strength-now-key-to-national-security-says-uk/

Largest Ransomware Demand Now Stands At $30 Million As Crooks Get Bolder

Ransomware shows no sign of slowing down as the average ransom paid to cyber criminals by organisations that fall victim to these attacks has nearly tripled over the past year. Cyber security researchers analysed ransomware attacks targeting organisations across North America and Europe and found that the average ransom paid in exchange for a decryption key to unlock encrypted networks rose from $115,123 in 2019 to $312,493 in 2020.

https://www.zdnet.com/article/largest-ransomware-demand-now-stands-at-30-million-as-crooks-get-bolder/

Mimecast: SolarWinds Attackers Stole Source Code

Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company. The email security firm initially reported that a certificate compromise in January was part of the sprawling SolarWinds supply-chain attack that also hit Microsoft, FireEye and several U.S. government agencies.

https://threatpost.com/mimecast-solarwinds-attackers-stole-source-code/164847/

71 Percent Of Office 365 Users Suffer Malicious Account Takeovers

88 percent of companies have accelerated their cloud and digital transformation projects due to COVID-19. But it also finds that 71 percent of Microsoft Office 365 deployments have suffered an account takeover of a legitimate user's account, not just once, but on average seven times in the last year.

https://betanews.com/2021/03/17/office-365-malicious-account-takeovers/

More Than 16 Million Covid-Themed Cyber Attacks Launched In 2020

COVID-19 dominated everyone's lives throughout 2020 but a new report from a cyber security company found that the pandemic was also the main theme of nearly 16.5 million threats and attacks launched against its customers. Researchers wrote that they dealt with 16,393,564 threats that had a COVID-19-related tint to them, with 88% of the threats coming in spam emails and another 11% coming in the form of URLs. Malware accounted for 0.2%, or nearly 33,000, of the threats

https://www.techrepublic.com/article/more-than-16-million-covid-themed-cyberattacks-launched-in-2020/#ftag=RSS56d97e7

“Expert” Hackers Used 11 0-Days To Infect Windows, iOS, And Android Users

Using novel exploitation and obfuscation techniques, a mastery of a wide range of vulnerability types, and a complex delivery infrastructure, the group exploited four zero-days in February 2020. The hackers’ ability to chain together multiple exploits that compromised fully patched Windows and Android devices led members of Google’s Project Zero and Threat Analysis Group to call the group “highly sophisticated.”

https://arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users/

Cyber Attacks: Is The ‘Big One’ Coming Soon?

2020 was the year that the COVID-19 crisis also brought a cyber pandemic. Late last year, the security industry’s top experts from global cyber security company leadership predicted even worse cyber security outcomes for 2021 compared to what we saw in 2020. In December, we learned about how SolarWinds’ Orion vulnerability was compromised, causing one of the worst data breaches in history that is still evolving for about 18,000 organisations.

https://www.govtech.com/blogs/lohrmann-on-cybersecurity/cyber-attacks-is-the-big-one-coming-soon.html

Threats

Ransomware

• Rise in PYSA ransomware operators targeting US, UK schools

• Birmingham college falls victim to 'major ransomware attack'

Phishing

• Ongoing Office 365-themed phishing campaign targets executives, assistants, financial departments

• Phishing sites now detect virtual machines to bypass detection

Malware

• New botnet targets network security devices with critical exploits

• New ZHtrap botnet malware deploys honeypots to find more targets

• Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices

IOT

• Critical Security Hole Can Knock Smart Meters Offline

• Your insecure Internet of Things devices are putting everyone at risk of attack

Vulnerabilities

• DuckDuckGo browser extension vulnerability leaves Edge users open to potential cyber-snooping

• “Expert” hackers used 11 zerodays to infect Windows, iOS, and Android users

• Google fixes the third actively exploited Chrome 0-Day since January

• Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

• Microsoft Exchange Server: These quarterly updates include fixes for security flaws

Data Breaches

• Journalists’ personal and bank details made public after publisher data breach

• 10,000+ WeLeakInfo customer records leaked

• This years-old Microsoft Office vulnerability is still popular with hackers, so patch now

Organised Crime & Criminal Actors

• 18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter 'Bitcoin Scam' Hack

• Criminal data breach site WeLeakInfo just leaked customer payment details

• Hacker-on-hacker crime is reaching new heights

OT, ICS, IIoT and SCADA

• Security Think Tank: Take a realistic perspective on CNI cyber attacks

Nation-State Actors

• Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies

Denial of Service

• 4,300 publicly reachable servers are posing a new DDoS hazard to the Internet

Privacy

• The UK Is Secretly Testing a Controversial Web Snooping Tool

• 52% Of Apps Share Your Data

• Google will face lawsuit over Incognito mode tracking

• The UK Is Secretly Testing a Controversial Web Snooping Tool

Other News

• Sextortion attacks are on the rise in the UK

• Defence review: UK could use Trident to counter cyber-attack

• Nurseries sent first official cyber-attack warning

• Welcome to the era of the mega-hack

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Priority action for all regulated firms in Guernsey: Microsoft announced that email servers are being attacked, and the GFSC rules require you to record how you have reviewed your cyber security controls to address this.

In an alarming announcement earlier this month, Microsoft alerted all customers across the world that their Exchange email servers may have been compromised by “state-sponsored [attackers] operating out of China”. Microsoft then announced that it continues to see the attacks growing by “multiple actors taking advantage of unpatched systems”.

The new GFSC Cyber Security Rules, which all regulated firms must comply with immediately, foresaw that sinister events such as these will increasingly occur. The Rules require Boards to review their controls if there is a “trigger event” which is defined as a “significant occurrence which would indicate that the licensee may be susceptible to a cyber security event” including “a vulnerability announcement issued by a software or hardware provider” and “international warnings of cyber security threats, vulnerabilities or incidents”.

Here, we share Black Arrow’s observations on how this ‘trigger event’ occurred, and how firms in Guernsey can demonstrate compliance with the GFSC Cyber Security Rules.

An attack on Microsoft Exchange email servers across the world

On 3rd March 2021 Microsoft released a statement indicating that their on-premises email server, Microsoft Exchange, was subject to several zero-day exploits of  “critical” vulnerabilities. A zero-day exploit is where an attacker uses a previously unknown weakness in computer systems for which there is no known mitigation such as a software security patch from the vendor. Microsoft stated that it wanted to “emphasize the critical nature of these vulnerabilities” which was evidenced in the way it gave comprehensive advice on what their customers should do.

Attackers will make the best use of the zero-day vulnerability until the software vendor, in this case Microsoft, creates and releases a fix. Although Microsoft has now released a corrective software patch, the troubling feature of this incident is that Microsoft says that just applying the patch “will not evict an adversary who has already compromised a server”. This means that cyber security teams in Guernsey need to investigate and implement controls that will identify and address activity by someone who is already in the firm’s network.

What the GFSC Rules require you to do

Microsoft strongly urged customers to “update on-premises systems immediately”, which include those of local IT providers, but it highlighted that “Exchange Online is not affected”. It also advised thoroughly investigating specific Indicators of Compromise that it listed, to identify whether the environment had been compromised through these vulnerabilities.

In addition, the GFSC Rules require regulated firms to review, and importantly to record, whether their approach to cyber security is still appropriate in the light of a ‘trigger event’ such as this. This goes to the heart of the Rules, which highlights that cyber security is never a one-time project but that firms must periodically review their controls across people, operations and technology, especially after the major alert this month.

To be effective, the review should be objective and impartial, and it should cover people, operations and technology. Cyber security is owned by the Board, and can never be handed to IT as a one-stop-shop to achieve compliance.

At Black Arrow, we work with clients to perform documented assurance for events like this as well as undertaking a gap analysis that identifies the priority areas of focus for organisations to achieve and demonstrate compliance with the GFSC Rules. The GFSC Rules were established following the thematic review conducted by one of our founding directors. Contact us to gain a better understanding of how the recent attacks affect your business, and what you can do to improve your protection in line with GFSC requirements.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

‘Really Messy’: Why The Hack of Microsoft’s Email System Is Getting Worse, With Attacks Doubling Every Two Hours

The cyber security community sprang into action after Microsoft first announced a series of vulnerabilities that let hackers break into the company's Exchange email and calendar programs. China has used it to spy on a wide range of industries in the United States ranging from medical research to law firms to defence contractors, the company said. China has denied responsibility. In the past 24 hours, the team has observed "exploitation attempts on organizations doubling every two to three hours." The countries feeling the brunt of attack attempts are Turkey, the United States, and Italy, accounting for 19%, 18%, and 10% of all tracked exploit attempts, respectively.

https://www.nbcnews.com/tech/security/really-messy-hack-microsofts-email-system-getting-worse-rcna377

https://www.zdnet.com/article/microsoft-exchange-server-hacks-doubling-every-two-hours/

Trickbot Malware Is Now Your Biggest Security Headache

Trickbot malware has risen to fill the gap left by the takedown of the Emotet botnet, with a higher number of criminals shifting towards it to distribute malware attacks. Emotet was the world's most prolific and dangerous malware botnet before it was disrupted by an international law enforcement operation in January this year.

https://www.zdnet.com/article/this-trojan-malware-is-now-your-biggest-security-headache/

Cyber Criminals Are Increasingly Targeting Browser Zero Days

As more and more of our work is done within our browsers, cyber criminals have begun to leverage web browser exploits to compromise endpoint systems, according to new research from Menlo Security. At the same time, enterprises around the world were forced to make an almost overnight transition to remote work last year and this surge in employees working from home along with the shift to cloud computing have resulted in a greatly increased attack surface.

https://www.techradar.com/news/cybercriminals-are-increasingly-targeting-browser-zero-days

More Than 1m Small Businesses ‘At Risk Of Collapse’ Due To Cyber Threats

The research, commissioned by Vodafone, also showed that 16 per cent of firms would likely be forced to lay off staff in the event of a hack. As a result, the report called on ministers to beef up the country’s corporate cyber defences, warning that a failure to do so could hamper the post-pandemic economic recovery. It urged the government to expand a dedicated business cyber security within the National Cyber Security Centre (NCSC), which is part of GCHQ, and introduce a five per cent VAT cut on cybersecurity products for small companies.

Number Of Ransomware Attacks Grew By More Than 150%

By the end of 2020, the ransomware market, fueled by the pandemic turbulence, had turned into the biggest cyber crime money artery. Based on the analysis of more than 500 attacks observed during Group-IB’s own incident response engagements and cyber threat intelligence activity, researchers estimate that the number of ransomware attacks grew by more than 150% in 2020.

https://www.helpnetsecurity.com/2021/03/08/ransomware-attacks-grew-2020/

Hackers Are Using Home Office Selfies To Steal Your Personal Data

The pandemic has been the source of plenty of memes and new internet trends, not least the remote working selfie, which involves people taking photos of their home office setup or video conferencing sessions. However, a new blog suggests cyber criminals are capitalizing on this new genre of selfie to steal a range of personal data that could be used to execute identity or financial fraud.

https://www.techradar.com/uk/news/hackers-are-using-home-office-selfies-to-steal-your-personal-data

Massive Supply-Chain Cyber Attack Breaches Several Airlines

A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.” The affected servers are in Atlanta, and belong to the SITA Passenger Service System (SITA PSS).

https://threatpost.com/supply-chain-cyberattack-airlines/164549/

Millions Of Windows Devices Are Still Infested With Malware

Over 100 million Windows consumer and business devices across the world were infected with malware last year, new analysis has found. While examining the recent Malwarebytes "State of Malware" report, Atlas VPN noted that whilst the number of infected Windows machines seems high, this landmark figure was actually 12% drop when compared to 2019.

https://www.techradar.com/uk/news/millions-of-windows-devices-are-still-infested-with-malware

Did You Know Browser Extensions Are Looking at Your Bank Account?

Browser extensions have full access to all the web pages you visit. It can see which web pages you are browsing, read their contents, and watch everything you type. It could even modify the web pages—for example, by inserting extra advertisements. If the extension is malicious, it could gather all that private data of yours—from web browsing activity and the emails you type to your passwords and financial information—and send it to a remote server on the internet.

https://www.howtogeek.com/716771/did-you-know-browser-extensions-are-looking-at-your-bank-account/

Threats

Ransomware

• Capcom reportedly forced employees to work in the office following ransomware attack

• Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection

• New ransomware only decrypts victims who join their Discord server

Phishing

• Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords

Malware

• Nim-Based Malware Loader Spreads Via Spear-Phishing Emails

• Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

Mobile

• Malicious apps on Google Play dropped banking Trojans on user devices

Vulnerabilities

• Microsoft's March Patch Tuesday: Critical remote code execution flaws, IE zero-day fixed

• F5 issues BIG-IP patches to tackle unauthenticated remote code execution, critical flaws

• Hackers Exploit QNAP Vulnerabilities to Turn NAS Devices Into Crypto Miners

• Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

• Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect

• Critical 0-day that targeted security researchers gets a patch

• Intel CPU interconnects can be exploited by malware to leak encryption keys and other info

• Now it is F5’s turn to reveal critical security bugs – and the Feds were quick to sound the alarm on these BIG-IP flaws

Organised Crime

• Police raids across Europe after encrypted phone network shut down

Dark Web

• Dark Web Markets for Stolen Data See Banner Sales

OT, ICS, IIoT and SCADA

• Hack of '150,000 cameras' investigated by camera firm

Nation-State Actors

• Researchers Unveil New Linux Malware Linked to Chinese Hackers

• United States considering cyber war on Russia in retaliation for SolarWinds hack

Privacy

• The UK is secretly testing a controversial web snooping tool

Other News

• This Unassuming Little Device Can Hack Your Smart Home

• Did You Know Browser Extensions Are Looking at Your Bank Account?

• White hat bounty hackers become millionaires

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Strain Of Ransomware Implements Self-Spreading Capabilities

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks.

This new version has a new attribute that allows it to self replicate over the local network allowing the malware to propagate itself – machine to machine – within the Windows domain. Once launched, it will spread itself to every Windows machine it can reach.

https://securityaffairs.co/wordpress/115064/reports/ryuk-ransomware-self-spreading-capabilities.html

One In Four People Use Work Passwords For Consumer Websites

The report found that one in four consumers admit to using their work email or passwords to log in to consumer websites and applications such as food delivery apps, online shopping sites and even dating apps. The report found that consumers are neglecting to implement fundamental security safeguards across smart IoT devices at home, which could have serious security ramifications on both the individual and the enterprise amid increased and ongoing remote work spurred by the COVID-19 pandemic.

https://www.helpnetsecurity.com/2021/02/26/use-work-passwords-for-consumer-websites/

Massive Rise In Threats Across Expanding Attack Surfaces

New malware samples nearly doubled: New ransomware samples increased 106% year-over-year. Trojans increased 128%, with threat actors using trojans to exploit lower-severity vulnerabilities. Sophisticated, multi-staged attacks and malware-as-a-service have become the norm. Vulnerabilities hit a new high: 18,341 new vulnerabilities in 2020 have been reported. To stay ahead of attacks, security and risk leaders need sophisticated insights into which vulnerabilities are high-risk and remediation options for all assets, including non-patching options.

https://www.helpnetsecurity.com/2021/02/26/expanding-attack-surfaces/

Half of Organisations Concerned Remote Working Puts Them at Greater Risk of Cyber Attacks

Half of organizations are concerned that the shift to remote work is putting them a greater risk of Cyber Attacks, according to a new study with IDG. A survey of UK CIOs, CTOs and IT decision makers revealed that insecure practices are regularly taking place among remote workers, providing more opportunities for Cyber Criminals to strike.

https://www.infosecurity-magazine.com/news/half-orgs-remote-working-risk/

Microsoft Patches Four Zero-Day Exchange Server Bugs

Microsoft has been forced to release out-of-band patches to fix multiple zero-day vulnerabilities being exploited by Chinese state-backed threat actors. The unusual step was taken to protect customers running on-premises versions of Microsoft Exchange Server.

https://www.infosecurity-magazine.com/news/microsoft-patch-four-zeroday/

A Booming Trade In Bugs Is Undermining Cyber Security

If you discover that a favourite vending-machine dispenses free chocolate when its buttons are pressed just so, what should you do? The virtuous option is to tell the manufacturer, so it can fix it. The temptation is to gorge.

https://www.economist.com/books-and-arts/2021/03/06/a-booming-trade-in-bugs-is-undermining-cyber-security

Is Your Browser Extension A Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.

https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/

Cyber Attack Shuts Down Online Learning At 15 UK Schools

A threat actor was able to access the trust's central network infrastructure and while an investigation took place, all existing phone, email, and website communication had to be pulled. Students are still learning remotely in England. Schools are set to reopen on March 8, but in the meantime, only a small subset of children are attending school physically, such as the children of key workers.

https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/

First Fully Weaponized Spectre Exploit Discovered Online

A fully weaponized exploit for the Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal last month, marking the first time a working exploit capable of doing actual damage has entered the public domain. The exploit was discovered and targets Spectre, a major vulnerability that was disclosed in January 2018. According to its website, the Spectre bug is a hardware design flaw in the architectures of Intel, AMD, and ARM processors that allows code running inside bad apps to break the isolation between different applications at the CPU level and then steal sensitive data from other apps running on the same system.

https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/

Solarwinds Security Fiasco May Have Started With Simple Password Blunders

We still do not know just how bad the SolarWinds security breach is. We do know over a hundred US government agencies and companies were cracked. "The largest and most sophisticated attack the world has ever seen," with more than a thousand hackers behind it. It may have all started when an intern first set an important password to "'solarwinds123." Then, adding insult to injury, the intern shared the password on GitHub.

https://www.zdnet.com/article/solarwinds-security-fiasco-may-have-started-with-simple-password-blunders/

Threats

Ransomware

• Data analytics agency Polecat held to ransom after server exposed 30TB of records

• Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance

• Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

• Search crimes – how the Gootkit gang poisons Google searches

• Qualys hit with ransomware: customer invoices leaked on extortionists' tor blog

Phishing

• COVID19 Vaccine Phishing Scams Surge 26% in Three Months

Malware

• Compromised Website Images Camouflage ObliqueRAT Malware

• Malicious NPM packages target Amazon, Slack with new dependency attacks

Mobile

• This new jailbreak threat could put nearly all iPhones at risk

Vulnerabilities

• These Microsoft Exchange Server zero-day flaws are being used by hackers, so update now

• High severity Linux network security holes found, fixed

• Working Windows and Linux Spectre exploits found on VirusTotal

• Google shares PoC exploit for critical Windows 10 Graphics RCE bug

• Another Chrome zero-day exploit – so get that update done!

• If you own a MacBook, download and install macOS Big Sur 11.2.2 ASAP

Data Breaches

• Data is the world’s most valuable (and vulnerable) resource

• Far-Right Platform Gab Has Been Hacked—Including Private Data

• Singapore Airlines frequent flyer members hit in third-party data security breach

Organised Crime

• Three Top Russian Cyber Crime Forums Hacked

• Hackers share methods to bypass 3D Secure for payment cards

• Cyber Crime 'Help Wanted': Job Hunting on the Dark Web

Dark Web

• The 20 Most Common Passwords Found On The Dark Web

Supply Chain

• Why supply chains are today's fastest growing cyber security threat

• Bombardier is latest victim of Accellion supply chain attack

Nation-State Actors

• Indian cyber espionage activity rising amid growing rivalry with China, Pakistan

• Microsoft accuses China over email cyber-attacks

• New nation-state cyber attacks

• Lazarus Targets Defense Companies with ThreatNeedle Malware

• Security News This Week: The SolarWinds Body Count Now Includes NASA and the FAA

Privacy

• How To Reclaim Your Privacy from Windows 10

• Home-security cameras have become a fruitful resource for law enforcement — and a fatal risk

Reports Published in the Last Week

• Report: Quality, not quantity, is the hallmark of the latest waves of phishing attacks

Other News

• Next Cyber War will hit regular People online

• Prime-factor mathematical foundations of RSA cryptography ‘broken’, claims cryptographer

• Criminals 'Posing As Cyber Security Experts' As Number Of Firms Rises

• NSA, Microsoft promote a Zero Trust approach to cyber security

• Inside the race to keep secrets safe from the quantum computing revolution

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Crime Could Cost The World $10.5 Trillion Annually By 2025

In a world that is becoming increasingly reliant on technology, cyber security is an extremely important priority for entrepreneurs and small and medium-sized businesses. And it's become even more essential in the wake of the pandemic. In June 2020, a report revealed that small and medium-sized businesses were at an especially high risk of data breaches and cyber attacks during the pandemic.

https://www.entrepreneur.com/article/364015

119,000 Threats Per Minute Detected In 2020

The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion. Averaging out at 119,000 cyber-threats per minute, the huge figure was included in the company's annual roundup, Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target.

https://www.infosecurity-magazine.com/news/119k-threats-per-minute-detected/

78% Of Top Security Leaders Say Their Organisations Are Unprepared For A Cyber Attack

Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyber attacks. The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cyber security budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in 2020.

https://www.scmagazine.com/home/security-news/network-security/78-percent-of-top-security-leaders-say-their-organizations-are-unprepared-for-a-cyberattack/

UK Faced Millions Of Cyber Attacks Last Year

The UK faced millions of Covid-19-related cyber security threats last year, but generally managed to mitigate attacks effectively. A total of 16.4 million Covid-19-related threats were recorded last year, with four percent (563,571) identified in the UK. The US suffered the highest volume of attacks by a significant margin: more than 6.5 million. Germany was second with 2.3 million, and France rounded out the top three with just over one million attacks.

https://www.itproportal.com/news/uk-faced-millions-of-cyberattacks-last-year/

New Malformed URL Phishing Technique Can Make Attacks Harder To Spot

Warning of a new form of phishing attack that makes malicious messages more likely to get through filters and harder for the average person to detect by sight. By hiding phishing information in the prefixes of URLs, attackers can send what looks like a link to a legitimate website, free of misspellings and all, with a malicious address hidden in the prefix of the link.

https://www.techrepublic.com/article/new-malformed-url-phishing-technique-can-make-attacks-harder-to-spot/

Hackers Share Details Of Canadian Military Spy Plane On Dark Web

Hackers have shared details of a Canadian military spy plane after its manufacturers seemingly refused to pay a cyber ransom. Aerospace firm Bombardier, whose Global 6000 plane is used for Saab’s GlobalEye spy system, says it was the victim of a “limited cyber security breach.” That saw detailed plans of the airborne early warning system developed by the Swedish defence company Saab being dumped on the dark web site CLOP^_-LEAKS.

https://www.independent.co.uk/news/world/americas/hackers-spy-plane-bombardier-saab-b1807037.html

Cisco Points To New Tier Of APT Actors That Behave More Like Cyber Criminals

Cisco Talos suggests that maybe it is time to start thinking of hacker groups as more than either advanced persistent threat or criminal attackers. It is already well established that some APTs operate as criminals. Several international governments, including the United States, have identified North Korean state-sponsored hackers as stealing on behalf of the government, and other groups have been identified by vendors as state-sponsored groups with actors who occasionally freelance as criminals.

https://www.scmagazine.com/home/security-news/apts-cyberespionage/cisco-points-to-new-tier-of-apt-actors-that-behave-more-like-cybercriminals/

These Hackers Sell Network Logins To The Highest Bidder. And Ransomware Gangs Are Buying

A growing class of cyber criminals are playing an important role on underground marketplaces by breaching corporate networks and selling access to the highest bidder to exploit however they please. The buying and selling of stolen login credentials and other forms of remote access to networks has long been a part of the dark web ecosystem, but according to analysis by cyber security researchers, there has been a notable increase in listings by 'Initial Access Brokers' over the course of the past year.

https://www.zdnet.com/article/these-hackers-sell-network-logins-to-the-highest-bidder-and-ransomware-gangs-are-buying/

U.S. Calls North Korean Hackers ‘World’s Leading Bank Robbers’

North Korea was accused of being behind the 2014 hack of an internal computer network of Sony Pictures Entertainment Inc., an audacious attack that exposed Hollywood secrets and destroyed company data.

https://www.bloomberg.com/news/articles/2021-02-17/u-s-charges-3-north-koreans-linked-to-sony-hack-in-new-scheme

Sequoia Capital, One Of Silicon Valley's Most Notable VC Firms, Told Investors It Was Hacked

One of Silicon Valley's oldest and most venerable VC firms was hacked. Sequoia Capital told its investors on Friday that some personal and financial information may have been accessed by a third party after one of its employees fell victim to a successful. Phishing attack, according to a report in Axios Friday. Sequoia told investors that it has not yet seen any indication that compromised information is being traded or otherwise exploited on the dark web, Axios reported.

https://www.businessinsider.com/vc-firm-sequoia-capital-told-investors-it-was-hacked-2021-2?utmSource=twitter&utmContent=referral&utmTerm=topbar&referrer=twitter

Poor Hardware Disposal Practices Posing A Risk To Data Security

Many business leaders are not paying much attention to the way they dispose of old and obsolete hardware, opening their organizations up to possible data breaches. Of the 1,029 people polled for the report, a fifth said their employer disposed of various IT hardware over the last 12 months. However, less than half (40 percent) thought this hardware did not contain confidential data when it was disposed of.

https://www.itproportal.com/news/poor-hardware-disposal-pratice-posing-a-risk-to-data-security/

Threats

Ransomware

• Babuk- Latest new Ransomware

• Underwriters Laboratories (UL) certification giant hit by ransomware

• Ransomware Gang Says It's Selling Data from Cyber attack That California DMV Warned About

Phishing

• 10K Microsoft Email Users Hit in FedEx Phishing Attack

• Malformed URL Prefix Phishing Attacks Spike 6,000%

• NIST hints at upgrades to its system for scoring a phish’s deceptiveness

Malware

• Hackers are using Google Alerts to help spread malware

• New macOS malware discovered, but threat remains unknown

• Masslogger malware employs 'fileless' attack to steal Discord and other passwords

Mobile

• Apple's iOS 14.5 adds new security against nasty hackers

Vulnerabilities

• Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

• Code-execution flaw in VMware has a severity rating of 9.8 out of 10

• Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

• Recently fixed Windows zero-day actively exploited since mid-2020

• Cisco Warns of Critical Auth-Bypass Security Flaw

• Exploitation of Accellion File Transfer Appliance

• Clubhouse Chats Are Breached, Raising Concerns Over Security

Organised Crime

• This chart shows the connections between cyber crime groups

• The bitcoin blockchain is helping keep a botnet from being taken down

• New Hack Lets Attackers Bypass Mastercard Pin by Using Them As Visa Card

Dark Web

• Brave browser’s Tor mode exposed users’ dark web activity

OT, ICS, IIoT and SCADA

• 84% of CNI Orgs Experienced Cyber-Attacks in the Last Year

• Hackers Tied to Russia's GRU Targeted the US Grid for Years, Researchers Warn

• The U.S. Has Released the Most Comprehensive Catalog of North Korean Cyber Crimes Ever Made Public

Nation-State Actors

• Chinese Hackers Reportedly Wielded a Stolen NSA Cyber Weapon for Years

• US considers sanctions against Russia over SolarWinds hack

Denial of Service

• TDoS Attacks Take Aim at Emergency First-Responder Services

Privacy

• TikTok Agrees to Pay $92 Million to Settle Class-Action Lawsuit Alleging Privacy Violations

• ‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security

• Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Reports Published in the Last Week

• 2021 Crowdstrike Global Threat Report

Other News

• Oxford lab studying the coronavirus was victim of a cyberattack

• Top 10 web hacking techniques of 2020

• SonicWall Was Hacked. Was It Also Extorted?

• The Internet Is Splintering

• The Anatomy of the SolarWinds Attack Chain

• Why non-human workers can increase security issues in your business

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

Cyber Criminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and Turkey starting in mid-January. When the Masslogger variant launched its infection chain, it disguised its malicious RAR files as Compiled HTML (CHM) files. This is a new move for Masslogger, and helps the malware sidestep potential defensive programs, which would otherwise block the email attachment based on its RAR file extension, said researchers on Wednesday.

https://threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/

Phishers tricking users via fake LinkedIn Private Shared Document

The phishing message is delivered via LinkedIn’s internal messaging system and looks like it has been sent by one of the victim’s contacts. The message urges the recipient to follow a third-party link to view a document. If they fail to find this suspicious, they’ll be redirected to a convincingly spoofed LinkedIn login page, and if they enter their login credentials, their account will probably soon be sending out phishing messages to their contacts.

https://www.helpnetsecurity.com/2021/02/18/linkedin-private-shared-document/

Solarwinds Attack Hit 100 Companies And Took Months Of Planning’; ‘Largest And Most Sophisticated Attack’ Ever Seen According To Microsoft; Hackers Downloaded Some Azure, Exchange, And Intune Source Code

A hacking campaign that used a tech company as a springboard to compromise a raft of US government agencies has been called “the largest and most sophisticated attack the world has ever seen”, according to Microsoft. Nine US governmental agencies were breached along with 100 different private sector companies , many of which were technology companies, including products that could be used to launch additional intrusions. Microsoft said it has formally completed its investigation into the SolarWinds-related breach and found no evidence that hackers abused its internal systems or official products to pivot and attack end-users and business customers, though it did state that it had discovered that hackers used the access they gained through the SolarWinds Orion app to pivot to Microsoft's internal network, where they accessed the source code of several internal projects.

https://www.zdnet.com/article/solarwinds-attack-hit-100-companies-and-took-months-of-planning-says-white-house/ https://www.independent.co.uk/news/world/americas/solarwinds-us-russia-hacking-b1802299.html https://www.zdnet.com/article/microsoft-says-solarwinds-hackers-downloaded-some-azure-exchange-and-intune-source-code/

Ransomware gangs are running riot – paying them off doesn’t help

In the past five years, ransomware attacks have evolved from rare misfortunes into common and disruptive threats. Hijacking the IT systems of organisations and forcing them to pay a ransom in order to reclaim them, cyber criminals are freely extorting millions of pounds from companies – and they’re enjoying a remarkably low risk of arrest as they do it.

https://theconversation.com/ransomware-gangs-are-running-riot-paying-them-off-doesnt-help-155254

Most security bugs in the wild are years old

Most vulnerabilities exploited in the wild are years old and some could be remedied easily with a readily available patch. This is one of the findings of a new report, which states that two thirds (65 percent) of CVEs found in 2020 were more than three years old, while a third of those (32 percent) were originally identified in 2015 or earlier.

https://www.itproportal.com/news/most-security-bugs-in-the-wild-are-multiple-years-old/

Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day

A hacker claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web. Jones Day has many prominent clients, including former President Donald Trump and major corporations. Jones Day, in a statement, disputed that its network has been breached. The statement said that a file-sharing company that it has used was recently compromised and had information taken. Jones Day said it continues to investigate the breach and will continue to be in discussion with affected clients and appropriate authorities.

https://www.wsj.com/articles/hacker-claims-to-have-stolen-files-belonging-to-prominent-law-firm-jones-day-11613514532?reflink=desktopwebshare_twitter

Former Spy Chief Calls For Military Cyber Attacks On Ransomware Hackers

The state should launch military cyber attacks to shut down ransomware gangs that have extorted millions of pounds from British businesses, a former spy chief has said.

Ciaran Martin, who previously led the UK’s National Cyber Security Centre, said the problem of criminal gangs locking and stealing files has become so serious that Government should now seek to disrupt the operations of prolific criminals.

The plans would mark a major change of tack for the UK authorities, who have long downplayed the idea they could routinely use offensive hacking as well as cyber defence.

https://www.telegraph.co.uk/technology/2021/02/15/former-spy-chief-calls-military-cyber-attacks-ransomware-hackers/

Think your backups will protect you from ransomware? What do you think the malware attacked first?

If you think your backup strategy means you’re protected from the worst that cyber criminals can throw at you, we’ve got some bad news. Ransomware creators know all about backups, too. So, if you are unlucky enough to get a “pay up or else” notice, there’s a very good chance that the attacker in question has already been stealthily working their way through your systems for some time, ensuring your recovery data has already been comprehensively trashed.

https://www.theregister.com/2021/02/17/protect_yourself_from_ransomware_webcast/

100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020

More than 100 financial services firms across multiple countries were targeted in a wave of ransom distributed denial-of-service (DDoS) attacks conducted by the same threat actor in 2020. The attacks moved in methodical fashion across Europe, North America, Latin America, and Asia, hitting dozens of organizations in the financial sector in each region, the Financial Services Information Sharing and Analysis Center (FS-ISAC) disclosed this week. Among those targeted were banks, exchanges, payments companies, card issuers, payroll companies, insurance firms, and money transfer services.

https://www.darkreading.com/attacks-breaches/100+-financial-services-firms-targeted-in-ransom-ddos-attacks-in-2020/d/d-id/1340165

14 million alleged Amazon and eBay account details sold online

An unknown user was offering the data of 14 million Amazon and eBay customers’ accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries. The database was being sold for $800 and the accounts are divided into their respective countries. The leaked data includes the customer’s full name, postal code, delivery address, and shop name, as well 1.6 million phone records.

https://cybernews.com/security/14-million-amazon-and-ebay-accounts-sold-online-in-new-leak/

Threats

Ransomware

• Kia Reportedly Under Ransomware Attack With $20M Demand

• Conti ransomware: Evasive by nature

• Egregor ransomware affiliates arrested by Ukrainian, French police

BEC

• This cyber security threat costs business millions. And it's the one they often forget about

Phishing

• This phishing email promises you a bonus - but actually delivers this Windows trojan malware

• How Hackers use Phishing to Hijack Sites through Hosting Provider

• Hackers abusing the Ngrok platform phishing attacks

Malware

• Windows and Linux servers targeted by new WatchDog botnet for almost two years

• Malware Is Now Targeting Apple’s New M1 Processor

• TrickBot's BazarBackdoor malware is now coded in Nim to evade antivirus

Mobile

• Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam

IOT

Vulnerabilities

• The OpenSSL Project addressed three vulnerabilities

• WordPress plugin exploit puts more than one million sites at risk

• Bug in shared SDK can let attackers join calls undetected across multiple apps

• Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

• Apple patches severe macOS Big Sur data loss bug

• Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches

• Telegram privacy feature failed to delete self-destructing video files

Data Breaches

• Scottish Borders Council apologises for data breach

Organised Crime

• Duo Charged with Multimillion-Dollar Dark Web Drugs Scheme

• Cybercrime Joker Retires With A Reported $2.1 Billion In Bitcoin

Insider Threats

• Yandex Data Breach Exposes 4K+ Email Accounts

Supply Chain

• Supply chain attacks are on the rise: Check your software build pipeline security

OT, ICS, IIoT and SCADA

• The Cyber Risks of Transportation’s Connected OT/IoT Systems

Nation-State Actors

• France Ties Russia's Sandworm to a Multiyear Hacking Spree

• Russian state hackers targeted Centreon servers in years-long campaign

• Feds Indict North Korean Hackers for Years of Heists and Scams

• MPs sign up to Clubhouse app despite Chinese security concerns

Privacy

• More bosses are using software to monitor remote workers. Not everyone is happy about it

• 'Spy pixels in emails have become endemic'

Reports Published in the Last Week

• State Of Malware 2021 Report

Other News

• Attacks targeting IT firms stir concern, controversy

• Record year for UK’s £8.9bn cyber security sector

• Most businesses plan to move away from VPNs, adopt a zero-trust access model

• 20 Common Tools & Techniques Used by macOS Threat Actors & Malware

• The biggest cyber attacks in gaming history

• Discord is fast becoming a favourite tool among cyber criminals

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

https://guernseypress.com/news/2021/02/19/the-new-gfsc-cyber-security-rules-what-the-gfsc-demands-of-you-and-why-you-cannot-simply-pass-it-to-it/

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

2020 Sees Ransomware Increase By Over 400 Percent

A new study from Cyber Security company, finds that last year malware increased by 358 percent overall and ransomware increased by 435 percent as compared with 2019. The report which analyzes millions of attacks taking place across the year finds distribution of the Emotet malware skyrocketed by 4,000 percent, while malware threats attacking Android phones increased by 263 percent. July saw the largest increase in malicious activity, up by 653 percent compared with the previous year. Microsoft Office documents are the most manipulated document attack vector and these attacks were up by 112 percent.

https://betanews.com/2021/02/10/ransomware-increase-400-percent/

Remote Desktop Protocol Attacks Surge By 768%

Remote desktop protocol (RDP) attacks increase by 768% between Q1 and Q4 last year, fuelled by the shift to remote working. However, a slower rate of growth was observed in the final quarter of the year, indicating that organizations have enhanced their security for remote users.

https://www.infosecurity-magazine.com/news/remote-desktop-protocol-attacks/

Even Minor Phishing Operations Can Distribute Millions Of Malicious Emails Per Week

Even small-scale phishing campaigns are capable of distributing millions and millions of malicious emails to victims around the world, according to a new report. Describing the most popular styles of phishing attack, criminal today rely on fast-churning campaigns. They create a single phishing email template (usually in English) and send it out to anywhere between 100 and 1,000 targets.

https://www.itproportal.com/news/even-small-phishing-operations-can-distribute-millions-of-malicious-emails-per-week/

With One Update, This Malicious Android App Hijacked Millions Of Devices

With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices. Lavabird Ltd.'s Barcode Scanner was an Android app that had been available on Google's official app repository for years. The app, accounting for over 10 million installs, offered a QR code reader and a barcode generator -- a useful utility for mobile devices.

https://www.zdnet.com/article/with-one-update-this-malicious-android-app-hijacked-10-million-devices/

Cd Projekt Hit By Ransomware Attack, Refused To Pay Ransom, Data Reportedly Sold Off By Hackers

Polish video game maker CD Projekt, which makes Cyberpunk 2077 and The Witcher, has confirmed it was hit by a ransomware attack. In a statement posted to its Twitter account, the company said it will “not give in nor negotiate” with the hackers, saying it has backups in place. “We have already secured our IT infrastructure and begun restoring data,” the company said.

https://techcrunch.com/2021/02/09/cd-projekt-red-hit-by-ransomware-attack-refuses-to-pay-ransom/

Hacked Florida Water Plant Used Shared Passwords And Windows 7 PCs

The Oldsmar, Florida water plant hacked earlier this week used outdated Windows 7 PCs and shared passwords, the Associated Press has reported. A government advisory also revealed that the relatively unsophisticated attack used the remote-access program TeamViewer. However, officials also said that the hacker’s attempt to boost chemicals to dangerous levels was stopped almost immediately after it started.

https://www.engadget.com/hacked-water-plant-computer-had-shared-passwords-andofdate-windows-os-082552973.html

Top Web Hosting Provider Shuts Down Following Cyber Attack

Cybercriminals often attack websites in order to extort a ransom from their victims but a recent cyberattack against the web hosting company No Support Linux Hosting took quite a different turn. After a hacker managed to breach the company's internal systems and compromise its entire operation, No Support Linux Hosting has announced that it is shutting down. The company alerted its customers to the situation before shutting down its website in a message.

https://www.techradar.com/news/top-web-hosting-provider-shuts-down-following-cyberattack

High Demand For Hacker Services On Dark Web Forums

Nine in 10 (90%) users of dark web forums are searching for a hacker who can provide them with a particular resource or who can download a user database. This is according to new research by Positive Technologies, which analyzed activity on the 10 most prominent forums on the dark web, which offer services such as website hacking and the buying/selling of databases. The study highlights the growing demand for hackers’ services and stolen data, exacerbated by the increased internet usage by both organizations and individuals since the start of COVID-19.

https://www.infosecurity-magazine.com/news/demand-hacker-services-dark-web/

Facebook Phishing Campaign Tricked Nearly 500,000 Users In Two Weeks

A recent investigation uncovered a large scale phishing operation on Facebook. The Facebook phishing campaign is dangerous and targets user personal information. The phishing scam “Is that you” currently on Facebook has been around in multiple forms for years. The whole trouble starts with a “friend” sending you a message claiming to have found a video or image with you in it. The message is usually a video and after clicking, it takes you through a series of websites. These websites have malicious scripts that get your location, device type, and operating system.

https://www.gizchina.com/2021/02/09/facebook-phishing-campaign-tricked-nearly-500000-users-in-two-weeks/

Hackers Are Tweaking Their Approach To Phishing Attacks In 2021

Cyber criminals are a creative bunch, constantly coming up with new ways to avoid detection and advance their sinister goals. A new report from cyber security experts at BitDam describes a few fresh techniques used in the wild so far in 2021. According to the report, email protection solutions tend to trust newly created email domains that are yet to be flagged as dangerous. Criminals are now increasingly exploiting this fact to increase the chances that phishing, and malware emails make it into victims' inboxes.

https://www.itproportal.com/news/hackers-are-tweaking-their-approach-to-phishing-attacks-in-2021/

Threats

 Ransomware

• Researchers identify 223 vulnerabilities used in recent ransomware attacks (Potential headline)

• CD Projekt hit by ransomware attack, refuses to pay ransom

• This old form of ransomware has returned with new tricks and new targets

Phishing

• This phishing attack uses some very retro technology to hide its payload

Malware

• Malicious Code Injected via Google Chrome Extension Highlights App Risks

Mobile

• Android devices caught in Matryosh botnet

• Military, Nuclear Entities Under Target By Novel Android Malware

IOT

• This old security vulnerability left millions of Internet of Things devices vulnerable to attacks

Vulnerabilities

• Zero-Day and Six Publicly Disclosed CVEs Fixed

• Swarm of Palo Alto PAN-OS vulnerabilities

• Actively Exploited Windows Kernel EoP Bug Allows Takeover

• Apple fixes serious sudo vulnerability in macOS

• Attackers Exploit Critical Adobe Flaw to Target Windows Users

• Microsoft issues emergency fix for Wi-Fi foul-up delivered hot and fresh on Patch Tuesday

Data Breaches

• The Accellion Data Breach Seems to Be Getting Bigger

• Billions of Passwords Offered for $2 in Cyber-Underground

• Experian to investigate possible data leak

Organised Crime

• Europol takes down hackers who allegedly stole over $100 million in crypto from celebs

Supply Chain

• Supply-chain Hack Breaches 35 Companies, Including Paypal, Microsoft, Apple 

Nation-State Actors

• Android spyware strains linked to state-sponsored Confucius threat group

• 'BendyBear' APT malware linked to Chinese government hackers

• Microsoft to alert Office 365 users of nation-state hacking activity

• Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies

• Big Russian hack used a technique experts had warned about for years. Why wasn’t the U.S. government ready?

Privacy

• Browser ‘Favicons’ Can Be Used as Undeletable ‘Supercookies’ to Track You Online

Reports Published in the Last Week

• The Global Risks Report Highlights The Onslaught Of Cyberattacks And A Failure Of Governments To Stop Them. 

• ESET Threat Report Q4 2020

Other News

• Google launches Open Source Vulnerabilities (OSV) database

• Quantum computing could make encryption algorithms obsolete

• UK’s enemies trying to ‘tear society apart’ via social media

• 91% of enterprise pros experienced an API security incident in 2020

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Gangs Made At Least $350 Million In 2020

Ransomware gangs made at least $350 million in ransom payments last year, in 2020, blockchain analysis. The figure was compiled by tracking transactions to blockchain addresses linked to ransomware attacks. Although Chainalysis possesses one of the most complete sets of data on cryptocurrency-related cybercrime, the company said its estimate was only a lower bound of the true total due.

https://www.zdnet.com/article/ransomware-gangs-made-at-least-350-million-in-2020/

Home Working Increases Cyber Security Fears

"We see tens of different hacking attacks every single week. It is never ending."A senior computer network manager says they are bombarded from all directions. "We see everything," he says. "Staff get emails sent to them pretending to be from the service desk, asking them to reset their log-in passwords. "We see workers being tricked into downloading viruses from hackers demanding ransoms, and we have even had employees sent WhatsApp messages pretending to be from the CEO, asking for money transfers.

https://www.bbc.co.uk/news/business-55824139

3.2 Billion Emails And Passwords Exposed Online

A whopping 3.2 billion password-username pairs are up for grabs in an unnamed online hacking forum. But don't panic — the data is nothing new. It's a compilation of stolen credentials from dozens of old data breaches, some going back ten years. That doesn't mean you shouldn't be aware that your old passwords are floating out there. Yes, your passwords, and ours too. Pretty much anyone who's ever created more than three online accounts has had a password compromised by now.

https://www.tomsguide.com/news/3-2-billion-passwords-leaked

Account Takeover Attacks Spiked In 2020

Occurring whenever a bad actor can steal login credentials and seize control of an online account, takeover attacks rose from 34% of fraud detected in 2019 to 54% by the end of December 2020. Other methods of fraud were blips on the radar compared to account takeovers: The next most popular method, at just 16% of detected fraud, was money laundering/mule transactions, followed by new account fraud (14%), and a mere 12% of instances used remote access or hacking tools to accomplish their goals.

https://www.techrepublic.com/article/account-takeover-attacks-spiked-in-2020-kaspersky-says/

30% Of “Solarwinds Hack” Victims Didn’t Actually Use Solarwinds

When security last week that it had been targeted by the same attacker that compromised SolarWinds' Orion software, it noted that the attack did not use SolarWinds itself. According to Malwarebytes, the attacker had used "another intrusion vector" to gain access to a limited subset of nearly a third of the organizations attacked had no direct connection to SolarWinds.

https://arstechnica.com/information-technology/2021/01/30-of-solarwinds-hack-victims-didnt-actually-use-solarwinds/

Data Leakage Attacks Saw Huge Rise In 2020

The number of data leakage incidents grew by an “unprecedented” rate in 2020, a new report from Imperva argues. Through online means alone, not counting leaks caused by lost hardware or word of mouth, Imperva researchers tracked a 93 percent rise. By the end of the year, Imperva had identified a total of 1.7 million leaks, with the the number growing even faster in the second half of the year. Between Q3 and Q4, there was a 47 percent increase.

https://www.itproportal.com/news/data-leakage-attacks-saw-huge-rise-in-2020/

Automated Tools Increasingly Used to Launch Cyber Attacks

Cyber-criminals are increasingly making use of automation and bots to launch attacks, according to a new analysis. revealed that over half (54%) of all cyber-attacks it blocked in November and December were web application attacks which involved the use of automated tools. The most prevalent form was fuzzing attacks, making up around one in five (19.5%). This uses automation to detect and exploit the points at which applications break. This was followed by injection attacks (12%), in which cyber-criminals make use of automation tools such as sqlmap to gain access to applications.

https://www.infosecurity-magazine.com/news/automated-tools-launch-cyber/

A Second SolarWinds Hack Deepens Third-Party Software Fears

It’s been more than two months since revelations that alleged Russia-backed hackers broke into the IT management firm SolarWinds and used that access to launch a massive software supply chain attack. It now appears that Russia was not alone; Reuters reports that suspected Chinese hackers independently exploited a different flaw in SolarWinds products last year at around the same time, apparently hitting the US Department of Agriculture's National Finance Center.

https://www.wired.com/story/solarwinds-hack-china-usda/

93% Of Workers Overshare Online, Causing Security Risks

Reveals just how much, and how often, people divulge about their lives online and how attackers take advantage of it. With insights from both professionals and hackers, the report explores how cybercriminals use an abundant and seemingly cheap resource — the personal information people share on social media and in out-of-office alerts — to craft social engineering attacks.

https://www.helpnetsecurity.com/2021/02/03/workers-overshare-online/

Is There A Widening Gulf Between You And Your Remote Workers? Yes – And It’s Security Shaped

It’s been almost a year since large parts of the workforce beat a hasty retreat from their offices, and began a mass experiment in working from home, often courtesy of Microsoft 365. And after 12 or so months, it’s safe to say that the case for productive remote working has been proved, and that many workers will continue to do so even when the all clear sounds. But is there a question as to whether remote working is as secure as the traditional, office bound, hard perimeter setup? Well, yes, and it’s fair to say the jury is still very much out.

https://www.theregister.com/2021/02/04/mind_the_security_gap_regcast/

Threats

Ransomware

• US Shipping Giant Loses $7.5m in Ransomware Attack

• Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again

• Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains

• 2021's First Big Ransomware Gang Launches Sleek and Bigoted 'Leak' Site

• UK Research and Innovation suffers ransomware attack

• Serco cyber attack: Belgian military and European Space Agency told 'no data compromised' despite hack

• Ransomware gangs now have industrial targets in their sights. That raises the stakes for everyone

Other Social Engineering

• Many of us are sharing too much information on social media

Malware

• Crypto malware targets Kubernetes clusters, say researchers

• This malware abuses Tor and Telegram infrastructure to evade detection

• Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET

• Experts discovered a new Trickbot module used for lateral movement

• Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection

Mobile

• Android Devices Prone to Botnet’s DDoS Onslaught

Vulnerabilities

• Google patches an actively exploited Chrome zero-day

• Five Critical Android Bugs Patched, Part of Feb. Security Bulletin

• Recent root-giving Sudo bug also impacts macOS

• SonicWall zero-day exploited in the wild

Data Breaches

• Security firm Stormshield discloses data breach, theft of source code

• Female escort review site data breach affects 470,000 members

• Over Three Million US Drivers Exposed in Data Breach

• Foxtons customer data leaked onto the dark web

Nation-State Actors

• Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers

Other News

• Google says it’s too easy for hackers to find new security flaws

• U.K. Arrest in ‘SMS Bandits’ Phishing Service

• Microsoft tracked a system sending a million malware emails a month. Here's what it discovered

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Phishing Attacks Show High-Ranking Execs May Be ‘Most Valuable Asset,’ and ‘Greatest Vulnerability’

Cyber criminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders. The scheme highlights the role and responsibility upper management plays in ensuring the security of their own company’s assets.

https://www.scmagazine.com/home/security-news/phishing/phishing-scheme-shows-ceos-may-be-most-valuable-asset-and-greatest-vulnerability/

Insurers 'Funding Organised Crime' by Paying Ransomware Claims

Insurers are inadvertently funding organised crime by paying out claims from companies who have paid ransoms to regain access to data and systems after a hacking attack, Britain’s former top cybersecurity official has warned.

https://www.theguardian.com/technology/2021/jan/24/insurers-funding-organised-by-paying-ransomware-claims

Emotet: Police raids take down botnet that hacked 'millions of computers worldwide'

Emotet, one of the world's most dangerous cyber crime services, has been taken down following one of the largest ever internationally-coordinated actions against cyber criminals. Although it began as banking malware designed to steal financial credentials, Emotet had become an infrastructure tool leased out to cyber criminals to break into victim computer networks and install additional malicious software.

https://news.sky.com/story/emotet-police-raids-take-down-botnet-that-hacked-millions-of-computers-worldwide-12200460

After the SolarWinds Hack, We Have No Idea What Cyber Dangers We Face

Months before insurgents breached the Capitol and rampaged through the halls of Congress, a stealthier invader was muscling its way into the computers of government officials, stealing documents, monitoring e-mails, and setting traps for future incursions. Last March, a hacking team, believed to be affiliated with Russian intelligence, planted malware in a routine software upgrade from a Texas-based I.T. company called SolarWinds, which provides network-management systems to more than three hundred thousand clients.

https://www.newyorker.com/news/daily-comment/after-the-solarwinds-hack-we-have-no-idea-what-cyber-dangers-we-face

FSB warns Russian businesses of cyber attacks as retaliation for SolarWinds hack

Russian authorities are alerting Russian organizations of potential cyberattacks launched by the United States in response to SolarWinds attack. The Russian intelligence agency FSB has issued a security alert this week warning Russian organizations of potential cyberattacks launched by the United States in response to the SolarWinds supply chain attack.

https://securityaffairs.co/wordpress/113752/cyber-warfare-2/fsb-fears-retaliation-solarwinds-hack.html

Update your iPhone — Apple just disclosed hackers may have 'actively exploited' a vulnerability in its iOS

On Tuesday released a new iOS software update that includes fixes for three security weaknesses in the former version.  Its support website that it is aware of the three security bugs and that they "may have been actively exploited. “Also, it does not disclose details regarding security issues "until an investigation has occurred."

https://www.businessinsider.com/apple-ios-14-update-hackers-security-bugs-iphone-software-2021-1?utmSource=twitter&utmContent=referral&utmTerm=topbar&referrer=twitter

Top Cyber Attacks of 2020

"Zoombomb" became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images. Nation-state hacker groups mounted attacks against organisations involved in the coronavirus pandemic response, including the World Health Organization and Centres for Disease Control and Prevention, some in an attempt to politicize the pandemic.

https://thehackernews.com/2021/01/top-cyber-attacks-of-2020.html

Threats

Ransomware

• Nefilim Ransomware Gang Hits Jackpot with Ghost Account

• Cyber Criminals use deceased staff accounts to spread Nemty ransomware

• US and Bulgarian authorities disrupt NetWalker ransomware operation

• Former UK Cyber Security Chief Says Laws Are Needed to Stop Ransomware Payouts

BEC

• BEC attack techniques exploit Microsoft 365 messages

Phishing

• Targeted Phishing Attacks Strike High-Ranking Company Executives

Other Social Engineering

• Google warns of ‘novel social engineering method’ used to hack security researchers

Malware

• DreamBus botnet targets enterprise apps running on Linux servers

• These are the biggest threats facing WordPress sites today

• Trickbot is back again - with fresh phishing and malware attacks

Mobile

• A New Credential Stealing Android Malware

• Beware — A New Wormable Android Malware Spreading Through WhatsApp

Vulnerabilities

• Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges

• Vulnerability found in top messaging apps let hackers eavesdrop

• Cisco DNA Center Bug Opens Enterprises to Remote Attack

• Experts Detail A Recent Remotely Exploitable Windows Vulnerability

• Former LulzSec Hacker Releases VPN Exploit Used to Hack Hacking Team

• KindleDrip exploit – Hacking a Kindle device with a simple email

Data Breaches

• Australian securities regulator discloses security breach

• Hacker leaks data of 2.28 million dating site users

• Grindr fined £8.6m in Norway over sharing personal information

Charities

• A month after a high-level cyber attack, charity says many IT systems are still offline

Insider Threats

• Man arrested after UK school finds wiped hard drives on devices connected to network

Nation-State Actors

• More Security Vendors Admit to SolarWinds Attacks 

Denial of Service

• DDoS attacks: Big rise in threats to overload business networks

Privacy

• These malicious tracking apps have already been downloaded over a billion times

• Banks rush to spy on traders’ Signal chats amid WhatsApp exodus

Reports Published in the Last Week

• Cyber fraud a national security issue, says RUSI report

Other News

• Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

• TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Ransomware is now the biggest Cyber Security concern for CISOs

Ransomware is the biggest cyber security concern facing businesses, according to those responsible for keeping organisations safe from hacking and cyberattacks. A survey of chief information security officers (CISOs) and chief security officers (CISOs found that ransomware is now viewed as the main cyber security threat to their organisation over the course of the next year. Almost half – 46% – of CISOs and CISOs surveyed said that ransomware or other forms of extortion by outsiders represents the biggest cyber security threat.

https://www.zdnet.com/article/ransomware-is-now-the-biggest-cybersecurity-concern-for-cisos/

Crypto ransomware payments grew 311% in 2020

Crypto payments associated with ransomware grew at least 311% in 2020. “Ransomware” refers to a category of malicious computer programs that force users into paying ransoms. Just 0.34% of all cryptocurrency transactions last year were criminal, down from 2.1% in 2019. But that number is bound to go up, said the firm.

https://decrypt.co/54648/crypto-crime-ransomware-chainalysis-report-2020

The SolarWinds hackers used tactics other groups will copy

One of the most chilling aspects of Russia's recent hacking spree—which breached numerous United States government agencies among other targets—was the successful use of a “supply chain attack” to gain tens of thousands of potential targets from a single compromise at the IT services firm SolarWinds. But this was not the only striking feature of the assault. After that initial foothold, the attackers bored deeper into their victims' networks with simple and elegant strategies. Now researchers are bracing for a surge in those techniques from other attackers.

https://www.wired.com/story/solarwinds-hacker-methods-copycats/

Global Cyber Security spending to soar in 2021

The worldwide cyber security market is set to grow by up to 10% this year to top $60bn, as the global economy slowly recovers from the pandemic. Double-digit growth from $54.7bn in 2020 would be its best-case scenario. However, even in the worst case, cyber security spending would reach 6.6%. That would factor in a deeper-than-anticipated economic impact from lockdowns, although the security market has proven to be remarkably resilient thus far to the pandemic-induced global economic crisis. That said, SMB spending was hit hard last year, along with certain sectors like hospitality, retail and transport.

https://www.infosecurity-magazine.com/news/global-cybersecurity-spending-to/

Cyber criminals publish more than 4,000 stolen Sepa files

Sepa rejected a ransom demand for the attack, which has been claimed by the international Conti ransomware group. Contracts, strategy documents and databases are among the 4,000 files released. The data has been put on the dark web - a part of the internet associated with criminality and only accessible through specialised software.

https://www.bbc.co.uk/news/uk-scotland-55757884

Ransomware provides the perfect cover for other attacks

Look at any list of security challenges that CISOs are most concerned about and you’ll consistently find ransomware on them. It’s no wonder: ransomware attacks cripple organizations due to the costs of downtime, recovery, regulatory penalties, and lost revenue. Unfortunately, cybercriminals have added an extra sting to these attacks: they are using ransomware as a smokescreen to divert security teams from other clandestine activities behind the scenes

https://www.helpnetsecurity.com/2021/01/21/ransomware-cover/

Popular PDF reader has database of 77 million users hacked and leaked online

A threat actor has leaked a 14 GB database online containing over 77 million records relating to thousands of users of the Nitro PDF reader software, with users' email addresses, full names, hashed passwords, company names, IP addresses, and other system-related information.

https://www.techradar.com/au/news/popular-pdf-reader-has-database-of-77-miliion-users-hacked-and-leaked-online

Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data

Some organisations that fall victim to ransomware attacks are paying ransoms to cyber-criminal gangs despite being able to restore their own networks from backups, in order to prevent hackers publishing stolen data. Over the course of the past year, many of the most successful ransomware gangs have added an additional technique in an effort to coerce victims into paying ransoms after compromising their networks – publishing stolen data if a payment isn't received.

https://www.zdnet.com/article/ransomware-victims-that-have-backups-are-paying-ransoms-to-stop-hackers-leaking-their-stolen-data/

GDPR fines skyrocket as EU gets tough on data breaches

Europe’s new privacy protection regime has led to a surge in fines for bad actors, according to research published today. Law firm DLA Piper says that, since January 28th, 2020, the EU has issued around €158.5 million (around $192 million) in financial penalties. That’s a 39-percent increase on the previous 20-month period Piper examined in its report, published this time last year. And as well as the increased fines, the number of breach notifications has shot up by 19 percent across the same 12-month period.

https://www.engadget.com/gdpr-fines-dla-piper-report-144510440.html

Malware incidents on remote devices increase

Devices compromised by malware in 2020, 37% continued accessing corporate emails after being compromised and 11% continued accessing cloud storage, highlighting a need for organizations to better determine how to configure business tools to ensure fast and safe connectivity for all users in 2021.

https://www.helpnetsecurity.com/2021/01/18/malware-incidents-remote-devices/

Threats

Phishing

• Phishing scam had all the bells and whistles—except for one

• Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight

Malware

• Malware found on laptops given out by government

• Macs Do Get Malware And This Nasty Cryptomining Payload Has Been In Hiding For 5 Years

Vulnerabilities

• Signal and other video chat apps found to have some major security flaws

• Automated exploit of critical SAP SolMan vulnerability detected in the wild

• List of DNSpooq vulnerability advisories, patches, and update

• Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning

• Critical Cisco SD-WAN Bugs Allow RCE Attacks

• New FreakOut botnet targets Linux systems running unpatched software

Data Breaches

• Health Insurer Fined $5.1m Over Data Breach

• Ubiquiti breach, and other IoT security problems

Denial of Service

• Windows RDP servers are being abused to amplify DDoS attacks

Cloud

• Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years

Privacy

• Is your boss spying on you as you work from home? One in five firms admit using secret software

Other News

• Last-minute Trump order adds new security regulation to cloud providers

• FBI warns of voice phishing attacks targeting employees at large companies

• Microsoft Defender is boosting its response to malware attacks by changing a key setting

• Hacker posts 1.9 million Pixlr user records for free on forum

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Two-Thirds of Employees Don’t Consider Security Whilst Home Working

More than two-thirds (68%) of UK workers do not consider the cyber security impact of working from home, according to a new study. The survey of 2043 employees in the UK demonstrated a lack of awareness about how to stay secure whilst working remotely, which is putting businesses at risk of attacks. The shift to home working as a result of COVID-19 means that staff in many organizations are operating across insecure devices and networks, providing opportunities for cyber-criminals.

https://www.infosecurity-magazine.com/news/two-thirds-employees-security-home/

Ransomware Gangs Scavenge for Sensitive Data by Targeting Top Executives

In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm’s management team. And one of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom.

https://www.tripwire.com/state-of-security/featured/ransomware-gangs-scavenge-sensitive-data-targeting-executives/

Microsoft emits 83 security fixes – and miscreants are already exploiting one of the vulnerabilities in Windows Defender

83 vulnerabilities in its software, which does not include the 13 flaws fixed in its Edge browser last week. That's up from 58 repairs made in December, 2020, a relatively light month by recent standards. Affected applications include: Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, Visual Studio, SQL Server, Microsoft Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.

https://www.theregister.com/2021/01/12/patch_tuesday_fixes/

This Android malware claims to give hackers full control of your smartphone

The 'Rogue' remote administration tool (RAT) infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps in order to steal usernames and passwords, as well as financial data. The low cost of the malware reflects the increasing sophistication of the criminal ecosystem that is making it possible for wannabe crooks with limited technical skills to acquire the tools to stage attacks.

https://www.zdnet.com/article/this-android-malware-claims-to-give-hackers-full-control-of-your-smartphone/

Massive fraud campaign sees millions vanish from online bank accounts

Researchers have uncovered an extensive fraud campaign that saw millions of dollars drained from victims’ online bank accounts. The operation was discovered by experts at IBM Trusteer, the IT giant’s security division, who described the attack as unprecedented in scale. To gain access to online banking accounts, the fraudsters are said to have utilized a piece of software known as a mobile emulator, which creates a virtual clone of a smartphone.

https://www.techradar.com/uk/news/massive-fraud-campaign-sees-millions-vanish-from-online-bank-accounts

SolarWinds Hack Followed Years of Warnings of Weak Cyber Security

Congress and federal agencies have been slow or unwilling to address warnings about cyber security, shelving recommendations that are considered high priority while investing in programs that have fallen short. The massive cyber-attack by suspected Russian hackers, disclosed in December, came after years of warnings from a watchdog group and cyber security experts. For instance, the Cyberspace Solarium Commission, which was created by Congress to come up with strategies to thwart sizable cyber-attacks, presented a set of recommendations to Congress in March that included additional safeguards to ensure more trusted supply chains.

https://www.bloomberg.com/news/articles/2021-01-13/solarwinds-hack-followed-years-of-warnings-of-weak-cybersecurity

Threats

Ransomware

Hacker used ransomware to lock victims in their IoT chastity belt  

Ransomware Attack Costs Health Network $1.5m a Day

Dassault Falcon Jet reports data breach after ransomware attack

IOT

Cyber experts say advice from breached IoT device company Ubiquiti falls short

Phishing

Iranian cyber spies behind major Christmas SMS spear-phishing campaign

Malware

macOS malware used run-only AppleScripts to avoid detection for five years

Going Rogue – a Mastermind Behind Android Malware Returns with a New Remote Access Trojan (RAT)

Emotet Tops Malware Charts in December After Reboot

Vulnerabilities

Windows 10 bug corrupts your hard drive on seeing this file's icon

Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove

Adobe fixes critical code execution vulnerabilities in 2021's first major patch round

Data Breaches

Over 16,000 customers seeking compensation for British Airways data breach

New Zealand Central Bank Breach Hit Other Companies

Massive Parler data leak exposes millions of posts, messages and videos

Millions of Social Profiles Leaked by Chinese Data-Scrapers

Hackers leak stolen Pfizer COVID-19 vaccine data online

United Nations data breach exposed over 100k UNEP staff records

Organised Crime

Europol shuts down the world's largest dark web marketplace

Nation State Actors

Third malware strain discovered in SolarWinds supply chain attack

Privacy

Whatsapp Privacy Controversy Causes ‘Largest Digital Migration In Human History’, Telegram Boss Says As He Welcomes World Leaders

Reports Published in the Last Week

Microsoft Digital Defense Report

Other News

Nissan NA source code leaked due to default admin:admin credentials

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.