Join us at our next 'Coffee, Croissants and Cyber' free breakfast event for executives - this month's topic 'Social Media - and the threats it presents to you, your loved ones and your organisation'

8:00am Thursday 21 October 2021 in the Black Arrow Cyber Training and Conference Suite, 31-33 Le Pollet. Doors open 7:45am

Our breakfast events are free of charge to attend. We offer tea and coffee, pastries, a short 10-15 minute presentation followed by networking and the opportunity to talk to members of our team of world-class cyber security experts from British Intelligence, Law Enforcement, Global Financial Services, FTSE100, Big-4 Advisory & The GFSC

Call us on 711 988, email events@blackarrowcyber.com or https://www.eventbrite.co.uk/.../coffee-croissants-and... to book your free place

The classic heist movie. No matter your age, there’s one for every generation. Perhaps it’s Heat, an iconic film that still influences the genre today. Maybe something more modern like Baby Driver suits your style. Maybe your nostalgia flows even further back, and you still remember watching the Italian Job – the original, of course - for the first time. These films, separated by decades, still have something in common however – a group of armed men and women show up at the door.

We might like to think that’s how it would happen if we ourselves were the victim. We lock our doors, we install alarms, and we sleep safe knowing the Police are a phone call away. The reality has changed. Long gone are the days of an open and transparent criminality. The vastness of the internet offers a convenient, anonymous and quite frankly easy route to the dark side.

I’m sure you’ve heard about – or were a victim of – some of the more recent scams, vulnerabilities or attacks. LinkedIn, Yahoo, Facebook, Ashley Madison; it seems to be an almost daily occurrence. Maybe it was a strange link in an email, a threat of exposure, ransomware. These avenues provide a bountiful return on investment for the modern threat actor, and the investment isn’t even very big to begin with.

In much the same way we as cyber security professionals collaborate, so too do the threat actors. Off-the-shelf phishing email solutions, ready-made attack tools and databases, intelligence on soft targets; it takes a minimal amount of effort to set up shop. Weak cyber security and poor incident response planning are the digital equivalent of leaving that door unlocked. As that old saying goes, “fail to prepare, prepare to fail”.

Incident response preparedness can cover a range of areas, from the mundane – appointing response team members, devising communications plans, building your playbook – to the truly heart pounding – there’s just been a breach and they’re asking you what to do. Having an incident response plan helps to alleviate that blunt trauma, and puts you in the best possible position to act, and act decisively. Preparedness doesn’t just mean knowing what to do when the worst happens, it also includes ensuring you already have your protective controls in place to limit the damage an attacker could do. For example, when an incident occurs, you will be thankful you had been properly managing which people and devices can access your network and what actions/transactions each of them can do (your access controls) because the attacker may well hijack those permissions to do their worst. Thinking ahead is the key.

In this new landscape, it’s more important than ever. Data is the new dollar, a digital currency that encompasses every aspect of our lives – just ask Facebook. In much the same way you would feel violated if they lost your data, your clients, customers and staff feel the same about you. Bad things can and do happen, but you don’t have to go it alone.

I really do mean what I say – you aren’t alone. The threat actors collaborate, so should we. Having been to these incidents and seen the devastation first-hand, knowing your team has both the expertise and the will to back you up goes a long way. Implementing a plan needn’t be a daunting task either, have fun with it; role-play some attack scenarios, test your security and involve your staff, feel confident you’ve got things covered.  

It’s the importance of that preparedness that can’t be overstated. There’s no time like the present, and when you’re facing down an unknown enemy, from who knows where, with who knows what, you’ll be thankful you were. 

Written for the Channel Islands Information Security Forum by Black Arrow's Incident Response & Forensics Lead Riley Paisley

https://www.linkedin.com/pulse/importance-incident-response-ir-preparedness-/

Black Arrow Threat Alert - GriftHorse Malware Saddles 10 Million Android Users with Sophisticated Billing Malware

Over 10 million Android users have been infected by a particularly lucrative form of malware. Distributed through Google Play, more than 200 apps have been found to contain GriftHorse, a sophisticated trojan used to secretly bill for premium “services”.

Victims have been recorded in 70 countries, with GriftHorse netting its implementers hundreds of millions of euros since it came on scene. The malware was first detected by Zimperium, a mobile security researcher, who stated that GriftHorse was “one of the most widespread campaigns” they’d seen in 2021.

So, how does it work? With names like “Handy Translator Pro” and “Call Recorder Pro”, users are enticed to download the apps, before being bombarded with pop-ups. These pop-ups appear and re-appear with alarming frequency, until the user finally relents.

In a complex move, users are then directed to a custom page based on their location, both for believability and to adapt and outmaneuver anti-virus. Once successful, the device is signed up for a premium text message service, adding a hefty chunk to the victim’s phone bill every month.

A full list of compromised apps and associated URLs can be found here https://pastebin.com/cqRVtsSp

You might have the best technology controls in the world, but criminals are attacking your business through your employees. Cyber is one of your top risks. One employee clicking on one email can quickly bring your company to its knees and many firms do not survive a cyber incident. Firms like yours are being hit every day, despite thinking it only happens to someone else, and there is no technology that can completely protect your employees from creating a cyber security incident.

Convert your employees from your weakest link into part of your defences, by training your staff on cyber security practices for their day-to-day work including operational controls that you cannot get from your IT provider. Contact us now about our popular interactive employee education and awareness training from our world class instructors and globally experienced cyber experts sharing insights from British Intelligence, UK National Security, Law Enforcement, GFSC and FTSE100 & Global Financial Services.

Our dedicated cyber security training facility, right in the heart of St Peter Port, offers a full programme of cyber security training events to match your business and budget, ranging from our public drop-in courses to our exclusive customised training tailored specifically to your organisation’s policies and controls. All open sessions will include a free place for micro-businesses (under 5 staff), charities and/or non-profits. Our training bundles and unlimited 'all you can eat' subscription packages offer great value and cost control, and can be reinforced by our other solutions tailored specifically to your organisation’s policies and controls.

Contact us now to enrol for our cyber security training events this autumn:

• Bite Sized Cyber: Cyber Security for Seniors Executives to comply with the GFSC Cyber Rules. Our lunchtime 45-minute sessions on practical cyber security, from protecting your business to being ready to handle a cyber incident including media training.

• Cyber Security Requirements for NEDs: don’t be the source of the cyber incident in your Board.

• Cyber Security Workshop for Charities: free upskilling for individuals working in charities and non-profits

• How Can I Get into Cyber Security as a Career?: free event for school children

• Start-up Secure: Cyber Workshop for Start-ups and Entrepreneurs

• Cyber Surgeries: free informal drop-in sessions for senior executives to ask any questions to our experts in Cyber Security, Governance, HR, Finance, IT, and Strategy

Speak to us to better defend your organisation today and tomorrow.

Call us on 711988 or email training@blackarrowcyber.com

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Office Workers Unwilling To Change Their Behaviour, Despite Being Aware Of The Cyber Security Challenges

Despite office workers being aware of the cyber security challenges faced by their employer – especially when it comes to hybrid working – many admit to high-risk behaviour including sharing passwords, downloading non-work-related files, and even losing work-owned devices, a security survey reveals. https://www.helpnetsecurity.com/2021/09/21/office-workers-cybersecurity/

77% Of Execs Concerned About Security Tools Gaps In Their Company

500 people in managerial and executive roles were surveyed to find out their opinions on the security of their companies and industry. The results found that 89% are concerned about external security threats to their company, and nearly the same amount, 86%, are concerned about threats from inside. https://www.helpnetsecurity.com/2021/09/21/security-tools-gaps/

Ransomware Attack Levels Soaring, Now Accounting For 69% Of All Attacks Involving Malware

Ransomware attacks have reached ‘stratospheric’ levels in Q2 2021, now accounting for 69% of all attacks involving malware. That is among the most disturbing finding in the latest report from a recent survey conducted by researchers. The research also reveals that the volume of attacks on governmental institutions, soared from 12% in Q1 2021 to 20% in Q2. https://www.helpnetsecurity.com/2021/09/23/ransomware-attack-levels/

DDoS Attacks Increased 11% In 1h 2021, Fuelling A Global Security Crisis

A survey shows in the first half of 2021, cyber criminals launched approximately 5.4 million Distributed Denial of Services (DDoS) attacks, increasing 11% over 1H 2020 figures. Additionally, data projections point to 2021 as another record-setting year on track to surpass 11 million global DDoS attacks. This long tail of attacker innovation is expected to last, fuelling a growing cyber security crisis that will continue to impact public and private organisations. https://www.helpnetsecurity.com/2021/09/23/1h-2021-ddos-attacks/

Half Of Web Owners Don't Know If Their Site Has Been Attacked

Security researchers discovered that nearly half of US website owners have so little insight into third-party code that they can’t say definitively if their site has suffered a cyber breach. These stats will play a big part surrounding Third-party vendors and what’s more, almost 80% of respondents said that these third-party scripts and open-source libraries account for 50-70% of the capability in their website. https://www.infosecurity-magazine.com/news/half-web-dont-know-site-attacked/

VMware Warns Of Ransomware-Friendly Bug In vCenter Server

VMware has released a security update that includes patches for 19 CVE-numbered vulnerabilities that affect the company’s vCenter Server virtualization management platform and its hybrid Cloud Foundation platform for managing VMs and orchestrating containers.

They’re all serious, but one vulnerability sticks out from the rest - A critical arbitrary file upload vulnerability in the Analytics service that’s been assigned the maximum CVSSv3 base score of 9.8/10, which should be patched immediately. https://threatpost.com/vmware-ransomware-bug-vcenter-server/174901/

Malicious Email Surge Predicted For Q4

Corporate end-users should be on high alert for phishing attacks in the final quarter of the year as this is when most malicious emails are likely to land, according to new recent research. The survey that was conducted found that 45% more malicious emails sent in October, November, and December 2020 than in the previous quarter. That’s perhaps not surprising given the number of opportunities for threat actors at the end of the year to capitalise on upcoming events such as Halloween, Firework nights, and Christmas. https://www.infosecurity-magazine.com/news/malicious-email-surge-q4/

2 Million Malicious Emails Bypassed Secure Email Gateways In 12 Months

Two million malicious emails bypassed traditional email defences, like secure email gateways, between July 2020-July 2021, according to recent data collected by researchers. It shows that the retail industry was targeted most, with the average employee in this sector receiving 49 malicious emails a year. This is significantly higher than the overall average of 14 emails per user, per year. Employees in the manufacturing industry were also identified as major targets, with the average worker receiving 31 malicious emails a year. https://www.helpnetsecurity.com/2021/09/22/malicious-emails-bypassed-gateways/

A Zero-Day Flaw Allows To Run Arbitrary Commands On MacOS Systems

Independent security researchers disclosed a zero-day vulnerability in Apple’s MacOS Finder that can be exploited by attackers to run arbitrary commands on Mac systems running any MacOS version. The flaw is due to the way MacOS handles inetloc files that causes it to run commands embedded inside. According to the SSD Secure Disclosure advisory, the commands it runs can be local to the MacOS allowing the execution of arbitrary commands by the user without any prompts. https://securityaffairs.co/wordpress/122447/hacking/zero-day-macos.html

46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?

Is there a day that goes by where you don’t read a news headline about a mega-breach impacting millions of people? It’s an unlikely scenario, particularly at a time when the volume of data breaches are rising by an astonishing 30 percent annually. Researchers estimate that another 40 billion records will be compromised by the end of 2021. That’s billions of pieces of data, much of it sensitive or identifiable, that will be available for cyber criminals to exploit in the future. https://threatpost.com/46-on-prem-databases-globally-contain-vulnerabilities/174815/

Threats

Ransomware

• Researchers Compile List Of Vulnerabilities Abused By Ransomware Gangs

• REvil Ransomware Devs Added A Backdoor To Cheat Affiliates

• Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

• Ransomware still a primary threat as cyber criminals evolve tactics

• City Of Yonkers Refuses To Pay Ransom After Attackers Demand $10 Million

• A Look At The Triple Extortion Ransomware

• FBI Had Ransomware Decryption Key For Weeks Before Giving It To Victims

Phishing

• Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?

• Microsoft Warns Of A Wide-Scale Phishing-As-A-Service Operation

• Banks Confront New Type Of Phishing: 'Salami' Attacks

Other Social Engineering

• “Back To Basics” As Courier Scammers Skip Fake Fees And Missed Deliveries

• Scammers Use 'IT Support-Themed Email' To Target Organisations

• Hackers Impersonate Bank Customers And Make $500k In Fraudulent Credit Card Payments

• Hackers Hacked The Accounts Of Employees Of Government Agencies In Russia And More Than Ten Other Neighbouring Countries

Malware

• Hacked Sites Push TeamViewer Using Fake Expired Certificate Alert

• New Mac Malware Masquerades As Iterm2, Remote Desktop And Other Apps

• New Capoae Malware Infiltrates WordPress Sites And Installs Backdoored Plugin

• New Mac Malware Spreads Via Search Results — What You Need To Know

• Experts Warn That Mirai Botnet Starts Exploiting OMIGOD Flaw

• New Malware Variant Employs Windows Subsystem For Linux For Attacks

IOT

• Protecting IoT Devices Requires A DNS-Based Solution

Vulnerabilities

• A New Bug In Microsoft Windows Could Let Hackers Easily Install A Rootkit

• Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software

• Lithuania Says Built-In Cyber Security Risks Found In Chinese-Made Xiaomi And Huawei Phones

• Flaw In Netgear SOHO Routers Could Allow Remote Code Execution

• Flaws In Nagios Network Management Systems Pose Risk To Companies

• Apple Tried To Patch This Security Hole In MacOS Finder But Didn't Consider Upper And Lowercase Characters

• Unpatched Apple Zero-Day In MacOS Finder Allows Code Execution

• New PrintNightmare Patch Can Be Bypassed, Say Researchers

• VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

• Payment API Vulnerabilities Exposed "Millions" Of Users

• Hackers Attack Russian Organisations Through A New Microsoft Office Vulnerability

• CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug

Data Breaches/Leaks

• A Second Data Breach At The Ministry of Defence Has Been Discovered

• Microsoft Exchange Service Exposes Nearly 100,000 Names And Logins

• UK MoD Data Breach Shows Cyber Security Must Protect

• Four Months On From A Sophisticated Cyber Attack, Alaska's Health Department Is Still Recovering

• After Ransomware Attack, Company Finds 650+ Breached Credentials From New Cooperative Employees

• Data Of 106 Million Visitors To Thailand Leaked Online

• Epik Data Breach Impacts 15 Million Users, Including Non-Customers

• 'Potentially Damaging' Council And Civil Service Data For Sale On Dark Web

Organised Crime & Criminal Actors

• How The Mafia Is Pivoting To Cyber Crime

• He Escaped the Dark Web's Biggest Bust. Now He's Back 

Cryptocurrency/Cryptojacking

• China Says All Cryptocurrency-Related Transactions Are Illegal And Must Be Banned

DoS/DDoS

• Russian Security Firm Sinkholes Part Of The Dangerous Meris DDoS Botnet

• Canadian VoIP Provider Held For Ransom By DDoS Attack

• Admin Of DDoS Service Behind 200,000 Attacks Faces 35yrs In Prison

Nation State Actors

• A New APT Is Targeting Hotels Across The World

• How APTs Become Long-Term Lurkers: Tools And Techniques Of A Targeted Attack

• Nations, Not Criminals, Are Main Threat To Core Internet

• Experts Say China’s Low-Level Cyber War Is Becoming Severe Threat

• Turla Hacking Group Launches New Backdoor In Attacks Against US, Afghanistan

• APT Actors Exploit Flaw In ManageEngine Single Sign-On Solution

Privacy

• Spyware ‘Found On Phones Of Five French Cabinet Members’

Reports Published in the Last Week

• State Of IoT 2021: Number Of Connected IoT Devices Growing 9% To 12.3 Billion Globally, Cellular IoT Now Surpassing 2 Billion

Other News

• The 8 Most Notorious Malware Attacks of All Time

• Extremists Using Video-Game Chats To Spread Hate

• Future Of Work: Cyber Security And Hybrid Working As Top Two Enterprise Priorities

• Users Increasingly Willing To Abandon Digital Platforms That Demand Personal Info, Stringent Passwords, And Time-Consuming Forms

• Organisations Prioritise Strategic Security Programs, But Lack Fundamentals

• You Need To Protect Yourself From Zero-Click Attacks

• Kamikaze Satellites And Shuttles Adrift: Why Cyber Attacks Are A Major Threat To Humanity's Ambitions In Space

• Internet Users Stressed Out By Cyber Attack News

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Feedback from our most recent training course for a client:

-"I thought the training was great. I liked how they used real life examples and there were regular breaks in the presentation for case studies. It was very engaging and I came away with some good tips."

-"I thought it was really interesting. It was good that they used lots of examples to keep it engaging"

-"I thought they were really good, I liked the fact that they had good examples and it was interactive"

-"I found it very informative and they gave good examples. They were able to explain things in a way that made sense and often avoided using the usual IT gibberish that you find some companies use."

-"I think it was well run, interesting and informative, and I didn’t yawn once!"

Training for your staff is critically important, you can have the best technical controls in the world but attackers bypass these by going after your people.

In our work with clients we have seen the value of ensuring your employees understand not only the people and operational controls you have in place to protect your company, but also why those controls are in place, in order that they will uphold them for you to keep your business safe.

Black Arrow Cyber Threat Alert - Thursday 23 September 2021 - Nagios Management Software Vulnerabilities and VMWare vCenter Bug Allows for Remote Code Execution

1. Nagios Management Software Vulnerabilities Disclosed, Could be Chained to Perform Remote Code Execution

1.1 Executive Board Summary

What is Nagios?

Nagios is a market leading IT monitoring software, used by such prominent businesses as Air BnB and Paypal. Nagios provides a centralised platform to allow both businesses and IT support providers to keep tabs on systems and services remotely.

What’s the risk to my business?

Given the attractive nature of Nagios to an attacker – a central resource with connections to potentially everything in the network – it could be severe. If you or your managed IT provider use Nagios, attackers may be able to remotely conduct attacks without requiring authentication – effectively bypassing your security.

What can I do?

Contact your IT department or provider to determine whether your systems are monitored by Nagios. A patch has been issued that your technical teams can implement straight away. See our technical summary for more details.

1.2 Technical Summary for Network Defenders

11 new security vulnerabilities have been disclosed for the Nagios network management platform. Of note is the potential to “chain” these attacks together to perform Remote Code Execution (RCE), theoretically allowing for pre-authenticated access and privilege escalation at the highest level.

Who is affected?

Anyone using Nagios XI, Nagios XI Switch Wizard, Nagios XI Docker Wizard or Nagios XI Watchguard.

What can I do?

These issues have been designated and fixed in Nagios XI 5.8.5 and above, Nagios XI Switch Wizard 2.5.7 or above, Nagios XI Docker Wizard 1.13 or above, and Nagios XI Watchguard 1.4.8 or above.

IT teams are advised to perform the necessary patches as soon as is practicable.

What’s the risk?

Consumers may be aware of the harm caused during the Solarwinds and Kaseya round of vulnerabilities, with the latter causing major disruption as a potential supply chain attack.

Solutions such as Nagios and Kaseya, while they undoubtedly provide IT teams with an efficient and broad toolset to support their network stack, offer attackers near unprecedented access if successfully breached. Given the wide scope network integration these toolkits the risk remains high for vulnerabilities in this software sector.

2. Black Arrow Threat Alert: Critical VMWare vCenter Bug Allows for Remote Code Execution by Anyone on the Network

VMWare – a server hosting platform widely used in the Island by businesses and IT providers alike – have disclosed a bug in their vCenter management service dubbed as requiring attention “right now”.

2.2 Executive Board Summary

What is VMWare vCenter?

vCenter is a major component of the VMWare virtualisation ecosystem, used in managing virtual machines and servers. Nearly all businesses of reasonable size will utilise virtualisation to some extent – the act of running multiple servers on a single physical box. If you use a computer on a business network, you’ve probably got VMWare.

What’s the risk to my business?

If you are one of the many local firms using VMWare, high. VMWare have designated this bug as critical, as it allows for malicious files to be uploaded remotely – the most dangerous type of vulnerability. Attackers could craft these files to gain access to sensitive data, or as a springboard for another type of attack like ransomware.

What can I do?

Contact your IT department or IT provider to determine whether your systems are vulnerable. A patch has already been issued, so all up-to-date services will be protected. See our technical summary for more details.

2.3 Technical Summary For Network Defenders

A new vulnerability has been discovered in vCenter server. The bug allows for anyone with network access to vCenter via port 443 – locally or via remote connection – to arbitrarily abuse the file upload service to insert malicious content. The bug falls under the “Remote Code Execution” category for vulnerabilities and is deemed highly critical as such.

What versions are affected?

VMWare advise that the bug impacts all current releases of vCenter Server – 6.5, 6.7 and 7.0.

What can I do?

Perform an initial check to determine if you are running on an affected version of vCenter Server. VMWare notes that organisations that have recently updated to version 7.0 Update 2c may not be impacted – though it is still recommended to run patches.

VMWare recommend immediate patching on any affected systems, where at all possible. A workaround has also been released, involving modification to a text file on the affected server and restarting services, though it should be noted this is only a temporary fix.

What’s the risk?

Industry resources report that threat actors have already begun scanning for this vulnerability since its release. In equal measure, the vulnerability allows for anyone with local network access to the affected server – i.e. staff member or third party contractor – to carry out the attack.

Given the severity and potential benefit to attackers, activity is expected to increase over the following weeks.

The next open Cyber User Education and Awareness Training session with any availability left is on Wednesday 06 October 2021 from 10am-12pm.

We currently have 4 spaces remaining and the cost per delegate is £150.

Firms can send between 1-14 staff to these open training courses meaning less disruption to business operations and new starters, for example, don't need to wait until the next time the whole firm gets cyber training.

These open courses are run at least once per week so we can offer a lot of flexibility.

Remember only with Black Arrow do you get access to world-class cyber security experts from British Intelligence, Defence, Law Enforcement, Big-4 Advisory, FTSE100, Global Financial Services and the GFSC.

Call us on 711 988 or email training@blackarrowcyber.com to book places for your staff members.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Preparedness Is Low Despite Executives’ Concerns

86.7% of C-suite and other executives say they expect the number of cyber attacks targeting their organisations to increase over the next 12 months, according to a recent poll conducted by researchers. While 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organisations over the next 12 months, only 33.3% say that their organisations have simulated ransomware attacks to prepare for such an incident. https://www.helpnetsecurity.com/2021/09/15/ransomware-preparedness/

MSPs That Cannot Modernize Will Find Themselves And Their Clients Falling Behind

Researchers sought feedback from IT professionals to explore the performance of modern (and not-so-modern) managed service providers (MSPs). The survey found that even satisfactory MSPs are falling short in certain key areas: cloud strategy, security, and IT spending. https://www.helpnetsecurity.com/2021/09/16/msps-falling-behind/

Two-Thirds Of Cloud Attacks Could Be Stopped By Checking Configurations, Research Finds

On Wednesday, researchers published its latest Cloud Security Threat Landscape report, spanning Q2 2020 through Q2 2021. According to the research, two out of three breached cloud environments observed by the tech giant "would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems." https://www.zdnet.com/article/two-thirds-of-cloud-attacks-could-be-stopped-by-checking-configurations-research-finds/

Open Source Software Cyber Attacks Increasing By 650%, Popular Projects More Vulnerable

Researchers released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. https://www.helpnetsecurity.com/2021/09/17/open-source-cyberattacks/

Third-Party Cloud Providers: Expanding The Attack Surface

In the era of digital transformation, which is essentially an organisation’s way of stating they are increasing their reliance on cloud-based services—enterprises’, digital landscapes are more interconnected than ever before. This means that the company you buy a technology function from may have downstream third-party providers that enable plumbing, infrastructure and development technology that drive their business. With modern computing environments moving further away from the enterprise, the safety assumption paradigm is shifting. This has impacted the threat landscape because as organisations increase migration to the cloud (a third party), they must now consider that these newly onboarded third parties may have serious security issues that could present adversaries with opportunities to infiltrate your network. https://www.helpnetsecurity.com/2021/09/13/third-party-cloud-providers/

Ransomware Encrypts South Africa's Entire Dept Of Justice Network

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online. https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/

2021’s Most Dangerous Software Weaknesses

Researchers recently updated a list of the top 25 most dangerous software bugs, and it’s little surprise that a number of them have been on that list for years. The Common Weakness Enumeration (CWE) list represents vulnerabilities that have been widely known for years, yet are still being coded into software and being bypassed by testing. Both developers and testers presumably know better by now, but keep making the same mistakes in building applications. https://threatpost.com/2021-angerous-software-weaknesses/169458/

46% Of All On-Prem Databases Are Vulnerable To Attack, Breaches Expected To Grow

A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ severity, aligned with guidelines from the National Institute of Standards and Technology (NIST). This indicates that many organisations are not prioritizing the security of their data and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years. https://www.helpnetsecurity.com/2021/09/15/on-prem-databases-vulnerable/

Most Fortune 500 Companies’ External IT Infrastructure Considered At Risk

Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organisation, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, as research reveal. https://www.helpnetsecurity.com/2021/09/15/external-it-infrastructure-risk/

Thousands Of Internet-Connected Databases Contain High Or Critical Vulnerabilities

After spending five years poring over port scan results, researchers reckon there's about 12,000 vulnerability-containing databases accessible through the internet. The study also found that of the 46 per cent of 27,000 databases scanned, just over half that number contained "high" or "critical" vulns as defined by their CVE score. https://www.theregister.com/2021/09/14/imperva_12k_database_vuln_report/

Only 30% Of Enterprises Use Cloud Services With End to End Encryption For External File Sharing

A recent study of enterprise IT security decision makers conducted by researchers shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. https://www.helpnetsecurity.com/2021/09/13/external-file-sharing/

Threats

Ransomware

• The State Of Ransomware: National Emergencies And Million-Dollar Blackmail

• Ransomware Attackers Targeted App Developers With Malicious Office Docs, Says Microsoft

• Microsoft: Windows MSHTML Bug Now Exploited By Ransomware Gangs

• Ransomware Gang Threatens To Wipe Decryption Key If Negotiator Hired

• US General In Charge Of Cyber Security Pledges ‘Surge’ To Address Ransomware Attacks

• Technology Giant Olympus Hit By BlackMatter Ransomware

• Ransomware: A Market Problem Deserves A Market Solution

• REvil Ransomware Is Back In Full Attack Mode And Leaking Data

• Ransomware-Hit Law Firm Secures High Court Judgment Against Unknown Criminals

• Ransomware Encrypts South Africa's Entire Dept Of Justice Network

BEC

• Romance, BEC Scams Lands Soldier In Jail For 46 Months

Phishing

• The Top Keywords Used In Phishing Email Subject Lines

• Banks Confront New Type Of Phishing: 'Salami' Attacks

• Malware Attack On Aviation Sector Uncovered After Going Unnoticed For 2 Years

• Phishers Impersonate US DOT To Target Contractors After Senate Passed $1 Trillion Infrastructure Bill

Other Social Engineering

• Brits Open Doors For Tech-Enabled Fraudsters Because They 'Don't Want To Seem Rude'

• Scammers In Russia Offer Free Bitcoin On A Hacked Government Website

• FBI: $113 Million Lost To Online Romance Scams This Year

Malware

• Attackers Use Crypto Mining Malware to Target Organisations

• New Zloader attacks disable Windows Defender to evade detection

Mobile

• Cyber Security Expert: Israeli Spyware Company NSO Group Poses ‘A Serious Threat To Phone Users’

• This US Company Sold iPhone Hacking Tools To UAE Spies

• After The T-Mobile Breach, Companies Are Preventing Customers From Securing Their Accounts

IOT

• IOT Device Attacks Double In The First Half Of 2021, And Remote Work May Shoulder Some Of The Blame

• Smart TVs Are Everywhere But Many Remain Unprotected

Vulnerabilities

• Microsoft September 2021 Patch Tuesday Fixes 2 Zero-Days, 60 Flaws

• Pair of Google Chrome Zero-Day Bugs Actively Exploited

• HP Omen Hub Exposes Millions of Gamers To Cyber Attack

• Third Critical Bug Affects Netgear Smart Switches — Details And PoC Released

• Patch Now! PrintNightmare Over, MSHTML Fixed, A New Horror Appears … OMIGOD

• No Patch For High-Severity Bug In Legacy IBM System X Servers

• Experts Warn About Vulnerabilities of U.S. GPS System To Cyber Terrorists

• Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

• Apple Patches An NSO Zero-Day Flaw Affecting All Devices

• AMD CPU Driver Bug Can Break KASLR, Expose Passwords

Data Breaches/Leaks

• Over 60 Million Wearable, Fitness Tracking Records Exposed Via Unsecured Database

• Hackers Leak Passwords For 500,000 Fortinet VPN Accounts

• Stolen Credentials Led To Data Theft At United Nations

Organised Crime & Criminal Actors

• Telegram Emerges As New Dark Web For Cyber Criminals

• Russia Is Fully Capable Of Shutting Down Cyber Crime

• Criminal Hacking Is on the Rise. Microsoft’s President Says This Is How to Fight It

Cryptocurrency/Cryptojacking

• US Will Reportedly Impose Crypto Sanctions Amid Ransomware Attacks

DoS/DDoS

• Powerful Botnet Found To Be Launching Some Of The Biggest DDoS Attacks Ever

Nation State Actors

• Years-Long Attack By Chinese-Linked APT Groups Discovered By McAfee

• UK, US And Australia Launch Pact To Counter China

Cloud

• Misconfigured APIs Account for Two-Thirds of Cloud Breaches

• Zero Trust Requires Cloud Data Security With Integrated Continuous Endpoint Risk Assessment

Other News

• Facebook Says It Will Step Up Efforts To Stop Coordinated Campaigns That Cause Harm

• Healthcare Cyber Security: How To Prevent The Compromise Of Patient Records?

• Security Experts Predict A Global AI-Related Cyber Attack Before Year-End

• Japan Is Belatedly Recognising The Risks Of Cyber War

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations

A new survey suggests that most IT staff have felt pressured to ignore security concerns in favour of business operations. On Thursday, a new study report was released, which combines data from an online YouGov survey targeting office workers that adopted WFH and global research conducted with IT decision-makers. In total, 91% of those surveyed said that they have felt "pressured" to compromise security due to the need for business continuity during the COVID-19 pandemic. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a "ticking time bomb" for corporate security incidents. https://www.zdnet.com/article/91-of-it-teams-have-felt-forced-to-trade-security-for-business-operations/

Ransomware Attacks Increased Exponentially In 2021

The growing threat of ransomware has been highlighted by NCC Group's Research Intelligence and Fusion Team (RIFT) analysis. Between January-March 2021 and April-June 2021, the number of ransomware assaults studied by the team climbed by 288%, indicating that enterprises are still facing waves of digital extortion in the form of targeted ransomware. https://www.ehackingnews.com/2021/09/ransomware-attacks-increased.html

Phishing Attacks: One In Three Suspect Emails Reported By Employees Really Are Malicious

All the time spent ticking boxes in cyber security training sessions seems to be paying off after all: according to a new report, about a third of emails reported by employees really are malicious or highly suspect, demonstrating the effectiveness of the well-established maxim "Think before you click".  Researchers analysed over 200,000 emails that were flagged by employees from organisations across the globe in the first half of 2021 and found that 33% of the reports could be classified as phishing. https://www.zdnet.com/article/phishing-attacks-one-in-three-suspect-emails-reported-by-employees-really-are-malicious/

Hackers Shift From Malware To Credential Hijacking

Adversaries are relying less on malware to conduct attacks that are consequently more difficult to detect, according to an annual report conducted by researchers. “According to data from our customer base indexed by Threat Graph, 68% of detections from the last three months were not malware-based,” reads the report released Wednesday. “Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint, using legitimate credentials and built-in tools (living off the land)—which are deliberate efforts to evade detection by traditional antivirus products.” https://www.nextgov.com/cybersecurity/2021/09/report-hackers-shift-malware-credential-hacking/185209/

Attacker Breakout Time Now Less Than 30 Minutes

The average time it takes threat actors to move from initial access to lateral movement has fallen by 67% over the past year, putting extra pressure on security operations (SecOps) teams, according to researchers. The findings come from researchers own investigations with customers across around 248,000 unique global endpoints. For incidents where this “breakout time” could be derived over the past year, it averaged just 1 hour 32 minutes. However, in over a third (36%) of intrusions, adversaries managed to move laterally to additional hosts in under 30 minutes. https://www.infosecurity-magazine.com/news/attacker-breakout-time-now-less/

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday. https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html

53% Find It Difficult To Prevent An Insider Attack During Data Aggregation

Recent data from researchers found that 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack. The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception. To fully understand any insider incident, visibility into the entire kill chain of an attack is imperative to preventing the exfiltration of critical data. https://venturebeat.com/2021/09/02/53-find-it-difficult-to-prevent-an-insider-attack-during-data-aggregation/

The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge

Not only have ransomware attacks spiked, the amount of ransom demanded has grown exponentially—to somewhere between $50 and $70 million dollars. Cyber Insurers can’t cover “whatever amount the hacker demands”—so major policies lost money. Insurers have responded by raising premiums, restricting coverage, or even getting out of the cyber-insurance game altogether in vulnerable markets. https://www.helpnetsecurity.com/2021/09/10/cyber-insurance-ransomware/

Hackers Exploit Camera Vulnerabilities To Spy On Parents

Various zero day vulnerabilities in home baby monitor could be compromised that lets threat actors hack into camera feed and put malicious codes like malware. The security issues were found in the IoT gadgets, made by China based developer Victure, that were found by researchers. In a security report, researchers revealed about the stack-based buffer flaw present in ONVIF server Victure PC420 component camera that allows hackers to plant remote codes on the victim device. When compromised, hacker can discover cameras (not owned by them) and command devices to broadcast camera feeds to third party and exploit the camera firmware. https://www.ehackingnews.com/2021/09/hackers-exploit-camera-vulnerabilities.html

39% Of All Internet Traffic Is From Bad Bots

Automated traffic takes up 64% of internet traffic – and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals.

These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots. These advanced bots try their best to evade standard defences and attempt to perform their malicious activities under the radar. The report revealed that the most common of these persistent bots were ones that went after e-commerce applications and login portals. https://www.helpnetsecurity.com/2021/09/07/bad-bots-internet-traffic/

Threats

Ransomware

• REvil Ransomware Group Returns Following Kaseya Attack

• Ragnar Locker Gang Warns Victims Not To Call The FBI

• This Is The Perfect Ransomware Victim, According To Cyber Criminals

• 5 Surefire Things That’ll Get You Targeted By Ransomware

• Hive Is Dangerous New Ransomware Threat, FBI Says

• Why Ransomware Hackers Love A Holiday Weekend

BEC

Phishing

• Microsoft Outlook Shows Real Person’s Contact Info For IDN Phishing Emails

Other Social Engineering

• 'Bitcoin Fraud Cost Me £500,000'

Malware

• Traffic Exchange Networks Distributing Malware Disguised As Cracked Software

• New Malware Uses Novel Fileless Technique To Evade Detection

Mobile

• Dangerous New Cable Can Hack iPhones From One Mile Away

• This Android Security Flaw Could Let Hackers Follow All Your Movements

IOT

• IoT Attacks Skyrocket, Doubling In 6 Months

Vulnerabilities

• Zoho ManageEngine Password Manager Zero-Day Gets A Fix, Amid Attacks

• New CPU Side-Channel Attack Takes Aim At Chrome’s Site Isolation Feature

• Microsoft, CISA Urge Mitigations For Zero-Day RCE Flaw In Windows

• Atlassian CISO Defends Company's Confluence Vulnerability Response, Urges Patching

• PoC Released For GhostScript Vulnerability That Exposed Airbnb, Dropbox

• Netgear Smart Switches Open To Complete Takeover

• New 0-Day Attack Targeting Windows Users With Microsoft Office Documents

• Cisco Patches Critical Authentication Bug With Public Exploit

Data Breaches/Leaks

• Guntrader Breach Perp: I Don't Think It's A Crime To Dump 111k People's Details Online In Google Earth Format

Organised Crime & Criminal Actors

• TrickBot Gang Developer Arrested At The Seoul International Airport

• The Secret Vulnerability Of Cyber Criminals: Burnout

Cryptocurrency/Cryptojacking

• Financial Cyber Crime: Why Crypto Currency Is The Perfect ‘Getaway Car’

Insider Threats

• Enterprises Are Missing The Warning Signs Of Insider Threats

DoS/DDoS

• Yandex Is Battling The largest DDoS In Russian Internet history

Nation State Actors

• Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack

Cloud

• Organisations Struggling To Develop Cloud Applications That Meet Security Requirements

Privacy

• WhatsApp “End-To-End Encrypted” Messages Aren’t That Private After All

• ProtonMail Logs Activist's IP Address With Authorities After Swiss Court Order

Other News

• OWASP Shakes Up Web App Threat Categories With Release Of Draft Top 10

• SIEM Market Size To Reach $6436.2 Million By 2027

• A Zero-Trust Future: Why Cyber Security Should Be Prioritized For The Hybrid Working World

• Microsoft Has A $20 Billion Hacking Plan, But Cyber Security Has A Big Spending Problem

• Misbehaving Microsoft Teams Ad Brings Down The Entire Windows 11 Desktop

• This Seemingly Normal Lightning Cable Will Leak Everything You Type

• HSE Cyber Attack: Irish Health Service Still Recovering Months After Hack

• Brute-Force Attacks Target Inboxes For Gift Card Data

• Glasgow Firm Fined £150k After Half A Million Nuisance Calls, Spoofing Phone Number, Using False Trading Names

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Time’s up. Are you ready to evidence compliance with the new GFSC Cyber Rules now in effect?

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week 

Ransomware Attacks Soar 288% in First Half of 2021

The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew, according to the latest data.

Nearly a quarter (22%) of data leaks in the second quarter came from the Conti ransomware group, who typically gain initial network access to victim organisations via phishing emails.

It’s an unfortunate fact that no organisation in any sector is safe from ransomware today.

Targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model. https://www.infosecurity-magazine.com/news/ransomware-attacks-soar-half-2021/  

Ransomware Costs Expected To Reach $265 Billion By 2031

Think ransomware is expensive now? It’s not predicted to get any cheaper over the next decade. Ransoms could cost victims a collective total of $265 billion by 2031. The estimate is based on the prediction that the price tag will increase 30% every year over the next 10 years. https://securityintelligence.com/news/ransomware-costs-expected-265-billion-2031/ 

Brute Force Email Attacks and Account Takeover Attempts Rise 671%, Reaching Unprecedented Levels, Causing Financial And Reputational Damage

A new Email Threat Report for Q3 2021 examines the escalating adverse impact of socially-engineered and never-seen-before email attacks, and other advanced email threats—both financial and reputational—to organisations worldwide. The report surveyed advanced email attacks across eight major industry sectors, including retail and consumer goods, manufacturing, technology, energy and infrastructure services, medical, media and television, finance, and hospitality.

The report also finds 61% of organisations experienced a vendor email compromise/supply chain attack in Q2 2021.

Key report findings include:

• 32.5% of all companies were targeted by brute force attacks in early June 2021

• 137 account takeovers occurred per 100,000 mailboxes for members of the C-suite

• 61% of organisations experienced a vendor email compromise attack this quarter

• 22% more business email compromise attacks since Q4 2020

• 60% chance of a successful account takeover each week for organisations with 50,000+ employees

• 73% of all advanced threats were credential phishing attacks

• 80% probability of attack every week for retail and consumer goods, technology, and media and television companies

https://finance.yahoo.com/news/brute-force-email-attacks-account-120100299.html  

Investigation Into Hacked "Map" Of UK Gun Owners

Gun-selling site Guntrader announced a data breach affecting more than 100,000 customers in July. This week, reports emerged that an animal rights activist blog had published the information. The group had formatted the data so it could be easily imported into mapping software to show individual homes. The National Crime Agency, which has been investigating the data breach and its fallout, said it "is aware that information has been published online as a result of a recent data breach which impacted Guntrader". https://www.bbc.co.uk/news/technology-58413847 

Eight US Financial Services Firms Given Six-Figure Fines Over BEC Data Breaches

The US Securities and Exchange Commission (SEC) has sanctioned multiple financial services firms for cyber security failures that led to the compromise of corporate email accounts and the personal data of thousands of individuals. The case was brought after the unauthorised takeover of cloud-based email accounts at Seattle-based KMS Financial Services, and subsidiaries of California-headquartered Cetera Financial Group and Iowa-based Cambridge Investment Group. https://portswigger.net/daily-swig/eight-us-financial-services-firms-given-six-figure-fines-over-bec-data-breaches

Ransomware Has Been A ‘Game Changer’ For Cyber Insurance

Ransomware attacks accounted for nearly one quarter of all cyber incidents globally last year, according to a software company. The researchers “think of December 2019 as the tipping point for when we started to see ransomware take hold”. The U.S. was hit by a barrage of ransomware attacks in 2019 that impacted at least 966 government agencies, educational establishments, and healthcare providers at a potential cost in excess of $7.5 billion. All of this has a massive knock-on affect for the Insurance firms. https://www.insurancejournal.com/news/national/2021/08/30/628672.htm 

Getting Ahead Of A Major Blind Spot For CISOs: Third-Party Risk

For many CISOs and security leaders, it was not long ago that their remit focused on the networks and digital ecosystems for their organisation alone. In today’s digital world, those days are a thing of the past with a growing number of businesses relying on third-party vendors to scale, save time and outsource expertise to stay ahead. With this change, new security risks affiliated with third-party vendors are more prevalent than ever before. https://www.helpnetsecurity.com/2021/09/01/getting-ahead-of-a-major-blind-spot-for-cisos-third-party-risk/ 

WhatsApp Hit With $267 Million GDPR Fine For Bungling User Privacy Disclosure

Ireland’s Data Protection Commission fined Facebook-owned messenger WhatsApp for $225 million for failing to provide users enough information about the data it shared with other Facebook companies.

The fine is the largest penalty that the Irish regulator has waged since the European Union data protection law, the General Data Protection Regulation, or GDPR, went into effect in 2018. https://www.cyberscoop.com/whatsapp-hit-with-267-million-gdpr-fine-for-bungling-user-privacy-disclosure/  

Microsoft Warns About Open Redirect Phishing Campaign

Microsoft’s Security Intelligence team is warning over phishing campaigns using open redirector links, links crafted to subvert normal inspection efforts. Smart users know to hover over links to see where they're going to lead, but these links are prepared for that type of user and display a safe destination designed to lure targets into a false sense of security. Click the link and you'll be redirected to a domain that appears legit (such as a Microsoft 365 login page, for example) and sets the stage for you to voluntarily hand over credentials to bad actors without even realising it until it's too late. https://www.windowscentral.com/microsoft-warns-about-open-redirect-phishing-campaign

Previous Employees With Access To Corporate Data Remain A Threat To Businesses

Offboarding employees securely is a key problem for business leaders, with 40% concerned that employees who leave a company retain knowledge of passwords that grant access to corporate data. This is according to a report, which found few organisations are implementing access management solutions that work with all applications, meaning most lack the ability to revoke access to all corporate data as soon as an employee leaves. https://www.helpnetsecurity.com/2021/09/02/previous-employees-access-data/

BEC Scammers Seek Native English Speakers On Underground

Looking for work? Speak fluent English? Capable of convincingly portraying a professional – as in, somebody a highly ranked corporate leader would talk to? If you lack scruples and disregard those pesky things called “laws,” it could be your lucky day: Cyber Crooks are putting up help-wanted ads, looking for native English speakers to carry out the social-engineering elements of business email compromise (BEC) attacks. https://threatpost.com/bec-scammers-native-english-speakers/169092/

Half Of Businesses Can't Spot These Signs Of Insider Cyber Security Threats

Most businesses are struggling to identify and detect early indicators that could suggest an insider is plotting to steal data or carry out other cyber attacks. Research suggests that over half of companies find it impossible or very difficult to prevent insider attacks. These businesses are missing indicators that something might be wrong. Those include unusual amounts of files being opened, attempts to use USB devices, staff purposefully circumventing security controls, masking their online activities, or moving and saving files to unusual locations. All these and more might suggest that a user is planning malicious activity, including the theft of company data. https://www.zdnet.com/article/half-of-businesses-cant-spot-these-signs-of-insider-cybersecurity-threats/

Threats

Ransomware

• Conti Ransomware Now Hacking Exchange Servers With ProxyShell Exploits

• First Ransomware to Use Intermittent Encryption Revealed

• Ransomware: It's Only A Matter Of Time Before A Smart City Falls Victim, And We Need To Take Action Now

• LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

• FBI, CISA: Ransomware Attack Risk Increases On Holidays, Weekends

• How Ransomware Runs The Underground Economy

• LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files

Phishing

• This Phishing Attack Is Using A Sneaky Trick To Steal Your Passwords, Warns Microsoft

• Report Analysis On Phishing Campaign Utilizing Vzwpix

Malware

• Cyber Attackers Are Now Quietly Selling Off Their Victim's Internet Bandwidth

• Cyber Criminal Sells Tool To Hide Malware In AMD, NVIDIA GPUS

• Cyber Criminals Abusing Internet-Sharing Services To Monetise Malware Campaigns

Mobile

• Snowden Slams Apple CSAM: Warns iPad, iPhone, Mac Users Worldwide

• Kaspersky Lab Has Reported About Android Viruses Designed To Steal Money Automatically

• Dangerous Android Malware Is Spreading — Beware Of Text Message Scam

Vulnerabilities

• ProxyToken: Another Nail-Biter From Microsoft Exchange

• New BrakTooth Flaws Leave Millions Of Bluetooth-Enabled Devices Vulnerable

• Atlassian Confluence Flaw Under Active Attack

• Meltdown-Like Vulnerability Disclosed For AMD Zen+ And Zen 2 Processors

• NPM Package With 3 Million Weekly Downloads Had A Severe Vulnerability

• Cisco Patches Critical Authentication Bug With Public Exploit

• QNAP Working On Patches For OpenSSL Flaws Affecting Its NAS Devices

• This Top TP-Link Router Ships With Some Serious Security Flaws

Data Breaches/Leaks

Organised Crime & Criminal Actors

• The Consumerisation Of The Cyber Crime-As-A-Service Market

• Chinese Authorities Arrest Hackers Behind Mozi IOT Botnet Attacks

Dark Web

• Data From Fujitsu Is Being Sold On The Dark Web

DoS/DDoS

• Cloudflare Says It Stopped The Largest DDoS Attack Ever Reported

• UK VoIP Telco Receives 'Colossal Ransom Demand', Reveals REvil Cyber Crooks Suspected Of 'Organised' DDoS Attacks On UK VoIP Companies

OT, ICS, IIoT and SCADA

• Nine Cyber Attacks On UK's Transport Sector Missed By Mandatory Reporting Laws

Cloud

• “Worst Cloud Vulnerability You Can Imagine” Discovered In Microsoft Azure

Other News

• Why Zero-Trust Models Should Replace Legacy VPNs

• T-Mobile CEO Calls Latest Data Breach ‘Humbling,’ Claims It’s Committed To Security

• China Restricts Kids’ Online Gaming To Three Hours A Week

• Unpatched Exchange Servers An Overlooked Risk

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

We offer open courses, where firms can send anywhere from 1 to 16 members of staff along for User Education and Awareness Training, or we run closed courses for firms tailored specifically to your needs.

Our flexible training suite, comprising two separate training rooms can accommodate:

-Training Room 1:

max 24 auditorium style or 16 cabaret style

-Training Room 2:

max 12 auditorium style or 8 cabaret style

Contact us today for discuss your training requirements for cost effective and flexible training to suit your needs, conveniently located right in the heart of town.

Contact us on 01481 711988 or email training@blackarrowcyber.com to book or discuss your needs

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Crime Losses Triple To £1.3bn In H1 2021

Individuals and organisations lost three times more money to cyber crime and fraud in the first half of the year compared to the same period in 2020, as incidents soared, according to new figures. The report revealed that between January 1 and July 31 2020, victims lost £414.7m to cyber crime and fraud. However, the figure surged to £1.3bn for the same period in 2021. This can be partly explained by the huge increase in cases from last year to this. In the first half of 2020, there were just 39,160 reported to Action Fraud, versus 289,437 in the first six months of 2021. https://www.infosecurity-magazine.com/news/cybercrime-losses-triple-to-13bn/

Ransomware On A Rampage; A New Wake-Up Call

The ransomware rampage is continuing at pace and continues to create significant cyber security challenges. The use of ransomware by hackers to leverage exploits and extract financial benefits is not new. Ransomware has been around for over 2 decades, (early use of basic ransomware malware was used in the late 1980s) but as of late, it has become a trending and more dangerous cybersecurity threat. The inter-connectivity of digital commerce and expanding attack surfaces have enhanced the utility of ransomware as cyber weapon of choice for bad actors. Like bank robbers, cyber criminals go where the money is accessible. And it is now easier for them to reap benefits from extortion. Hackers can now demand cryptocurrencies payments or pre-paid cards that can be anonymously transacted. Those means of digital payments are difficult to trace by law enforcement. https://www.forbes.com/sites/chuckbrooks/2021/08/21/ransomware-on-a-rampage-a-new-wake-up-call/?sh=64a622362e81

22% Of Cyber Security Incidents In H1 2021 Were Ransomware Attacks

A report uncovered the number and nature of UK cyber security breaches reported to the UK Information Commissioner’s Office (ICO) in 2020 and 2021. So far in 2021 phishing was to blame for most incidents, accounting for 40% of all cyber security cases reported to the ICO, slightly down from 44% the year before. However, ransomware is surging, up from 11% of all reported incidents in the first half of 2020 to 22% in 2021. https://www.helpnetsecurity.com/2021/08/25/cybersecurity-incidents-h1-2021/

Ransomware: These Four Rising Gangs Could Be Your Next Major Cyber Security Threat

In recent months some significant ransomware operators have seemingly disappeared. But that doesn't mean that ransomware is any less of a problem, quite the opposite – new groups are emerging to fill the gaps and are often worse than the gangs that went before them. Cyber security researchers have detailed four upcoming families of ransomware discovered during investigations – and under the right circumstances, any of them could become the next big ransomware threat. One of these is LockBit 2.0, a ransomware-as-a-service operation that has existed since September 2019 but has gained major traction over the course of this summer. Those behind it revamped their dark web operations in June – when they launched the 2.0 version of LockBit – and aggressive advertising has drawn attention from cyber criminals. https://www.zdnet.com/article/ransomware-these-four-rising-threats-could-be-the-next-major-cybersecurity-risk-facing-your-business/

Key Email Threats And The High Cost Of Business Email Compromise

Researchers published the results of a study analysing over 31 million threats across multiple organisations and industries, with new findings and warnings issued by technical experts that every organisation should be aware of. A key aspect to preventing attacks is having a deep understanding of cyber actor patterns and continuously monitoring and deconstructing campaigns to anticipate future ones. Phishing can be a profitable business model, and most breaches begin with a phishing email. What appears to be an innocent email from a trusted vendor or internal department can lead to firm-wide shutdowns, loss of crucial data, and millions in financial costs. As detailed in the report, threats ranging from ransomware, credential harvesters to difficult-to-discover but costly Business Email Compromise (BEC) targeted inboxes, could have resulted in over $354 million in direct losses had they been successful. https://www.helpnetsecurity.com/2021/08/23/key-email-threats/

Microsoft Warns Thousands Of Cloud Customers Of Exposed Databases

Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security a company discovered it was able to access keys that control access to databases held by thousands of companies. https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/

58% Of IT Leaders Worried Their Business Could Become A Target Of Rising Nation State Attacks

Researchers released the findings of a global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation state attacks. 72% of respondents said they worry that nation state tools, techniques, and procedures (TTPs) could filter through to the dark net and be used to attack their business. https://www.helpnetsecurity.com/2021/08/23/rising-nation-state-attacks/

Cyber Insurance Market Encounters ‘Crisis Moment’ As Ransomware Costs Pile Up

It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. Ransomware now accounts for 75% of all cyber insurance claims, up from 55% in 2016, according to the credit ratings agency. The percentage increase in claims is outpacing that of premiums, said a June report which concluded that “the prospects for the cyber insurance market are grim.” Fitch Ratings in April found that the ratio of losses to premiums earned was at 73% last year, jeopardizing the profitability of the industry. https://www.cyberscoop.com/cyber-insurance-ransomware-crisis/

Security Teams Report Rise In Cyber Risk

Do you feel like you are gaining in your ability to protect your data and your network? If you are like 80% of respondents to the a recent report, you expect to experience a data breach that compromises customer data in the next 12 months. The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets. https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cyber security and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. The vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. While the former two were addressed by Microsoft on April 13, a patch for CVE-2021-31207 was shipped as part of the Windows maker's May Patch Tuesday updates. https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html

Threats

Ransomware

• 70% of Cyber Pros Believe Cyber Insurance is Exacerbating Ransomware

• Nigerian Threat Actors Solicit Employees To Deploy Ransomware for Cut Of Profits

• FBI Shares Technical Details For Hive Ransomware

• New Ransomware Called LockFile Targets Microsoft Exchange Servers

• Researchers Find New Evidence Linking Diavol Ransomware To TrickBot Gang

• FBI Sends Its First-Ever Alert About A ‘Ransomware Affiliate’

Phishing

• That Email Asking For Proof Of Vaccination Might Be A Phishing Scam

• Phishing Could Have Cost Businesses $354m In Potential Direct Losses

Other Social Engineering

• Scammers Impersonate Europol Chief In An Effort To Defraud Belgians

• Man Admits Impersonating Apple Support Staff To Steal 620,000 Photos From iCloud Accounts

Malware

• 13 Million Malware Attacks On Linux Seen In Wild

• New SideWalk Backdoor Targets U.S.-Based Computer Retail Business

• Mozi Botnet Gains The Ability To Tamper With Its Victims’ Traffic

• Shadowpad Malware Is Becoming A Favourite Choice Of Chinese Espionage Groups

Mobile

• Dreadful Joker Virus That Can Empty Bank Accounts Returns: Remove These Apps On Your Device ASAP

• Pegasus iPhone Hacks Used As Lure In Extortion Scheme

IOT

• Mirai-Style Iot Botnet Is Now Scanning For Router-Pwning Critical Vuln In Realtek Kit

• IoT Market To Reach $1.5 Trillion By 2027, Security Top Priority

• Hackers Could Increase Medication Doses Through Infusion Pump Flaws

Vulnerabilities

• F5 Bug Could Lead To Complete System Takeover

• Multiple Products Impacted By OpenSSL RCE vulnerability

• Microsoft Breaks Silence On Barrage of ProxyShell Attacks

• Atlassian Warns Of Critical Confluence Flaw

• VMware Issues Patches To Fix New Flaws Affecting Multiple Products

• Critical Flaw Discovered In Cisco APIC for Switches — Patch Released

• New Ryzen Chipset Driver Patches Security Vulnerabilities

• CISA Warns Admins To Urgently Patch Exchange ProxyShell Bugs

• Attackers Actively Exploiting Realtek SDK Flaws

• Google Issues Warning For 2 Billion Chrome Users

Data Breaches/Leaks

• Guernsey Data Authority Imposed Sanctions On 11 Firms For Breaches Last Year

• Data Leak Exposed 38 Million Records, Including COVID-19 Vaccination Statuses

• Nokia Subsidiary Discloses Data Breach After Conti Ransomware Attack

• T-Mobile Breach Hits 53 Million Customers As Probe Finds Wider Impact

Organised Crime & Criminal Actors

• Infamous Hacker Group Claims To Be Selling Data From Over 70 Million AT&T Customers, According To A Privacy Group 

Cryptocurrency/Cryptojacking

• Man Sues Parents Of Teens Who Hijacked Nearly $1M In Bitcoin

• Coinbase Accounts Hacked As Bitcoin Hovers Near $50k

Insider Threats

• Employees Participating In Unethical Behaviours To Help An Organisation Actually Harm Themselves

DoS/DDoS

• Cloudflare says it stopped the largest DDoS attack ever reported

• Botnet Generates One Of The Largest DDoS Attacks On Record

OT, ICS, IIoT and SCADA

• ICS Vulnerabilities Disclosed In H1 2021 Rose By 41%

Nation State Actors

• Spies for Hire: China’s New Breed Of Hackers Blends Espionage And Entrepreneurship

• InkySquid State Actor Exploiting Known IE Bugs

• US Media, Retailers Targeted By New SparklingGoblin APT

Cloud

• 40% of SaaS (Cloud) Assets Are Unmanaged, Putting Companies At Risk For Data Leaks

Privacy

• Phones Of Nine Bahraini Activists Found To Have Been Hacked With NSO Spyware

Other News

• Razer bug lets you become a Windows 10 admin by plugging in a mouse

• Cyber Security Market Soaring As Threats Target Commercial And Govt Organisations

• UK to overhaul privacy rules in post-Brexit departure from GDPR

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

A Third of Global Companies Have Experienced Ransomware Attack, Survey Finds

Roughly a third of large international companies have faced a ransomware attack or other data breach in the last 12 months, according to a new survey.

Analysts surveyed almost 800 companies and found 37% of international companies experienced ransomware attacks this past year. The survey focused on companies with more than 500 employees.

https://www.vice.com/en/article/jg84q3/a-third-of-global-companies-have-experienced-ransomware-attack-survey-finds

Company Size Is A Nonissue With Automated Cyber Attack Tools

Even with plenty of old problems to contend with, firms need to get ready for new and more powerful automated ransomware tools.

Cyber criminals are constantly looking for the best return on their investment and solutions that lower the chance of being caught. Sadly, that appears to mean small businesses are their current target of opportunity.

Tech media and cyber pundits have been sounding the alarm and offering small businesses specific cybersecurity solutions for a few years now, but it seems to no avail.

https://www.techrepublic.com/article/company-size-is-a-nonissue-with-automated-cyberattack-tools/

Over 60% Of Employees Reuse Passwords Across Business And Personal Accounts

Nearly two thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue. Surprisingly, 97% of employees know what constitutes a strong password, yet over half (53%) admit to not always using one.

http://hrnews.co.uk/over-60-of-employees-reuse-passwords-across-business-and-personal/

LockBit 2.0 Ransomware Proliferates Globally 

Fresh attacks target companies’ employees, promising millions of dollars in exchange for valid account credentials for initial access.

The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.

https://threatpost.com/lockbit-ransomware-proliferates-globally/168746/

Secret Terrorist Watchlist With 2 Million Records Exposed Online

A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.

The list was left accessible on an Elasticsearch cluster that had no password on it.

https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/

Phishing Costs Nearly Quadrupled Over 6 Years

Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not pay-outs to crooks.

Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large US companies are now losing, on average, $14.8 million annually, or $1,500 per employee.

That’s up sharply from 2015’s figure of $3.8 million, according to a new study from Ponemon Institute that was sponsored by Proofpoint.

According to the study, released Tuesday, phishing leads to some of the costliest cyber attacks.

https://threatpost.com/phishing-costs-quadrupled/168716/

Security Teams Report Rise In Cyber Risk

A recent report shows declining confidence in many organisations’ security function to address today’s threats.

80% of respondents to the Trend Micro’s biannual Cyber Risk Index (CRI) report said they expect to experience a data breach that compromises customer data in the next 12 months.

The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets.

Organisations are overwhelmed as they pivot from traditional to distributed networks. Pandemic-driven work-from-home growth is potentially how businesses will be run going forward. That distributed network means that it’s harder for IT staff to know what assets are under their control and what security controls should be in place. With the line blurring between corporate and personal assets, organizations are overwhelmed with the pace of change.

https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html

Organisations Aware Of The Importance Of Zero Trust, Yet Still Relying On Passwords

Organisations have become more security conscious over the course of the pandemic, leading them to invest heavily in zero trust, according to a new study.

The report surveyed over 600 global security leaders about their initiatives and found that remote work has led to a change in how organizations view the importance of zero trust, with financial services, healthcare organisations and the software industry seeing the most significant progress.

78% of companies globally say that zero trust has increased in priority and nearly 90% are currently working on a zero trust initiative, up from just 41% a year ago.

https://www.helpnetsecurity.com/2021/08/11/importance-of-zero-trust/

Reliance On Third Party Workers Making Companies More Vulnerable To Cyber Attacks

A new survey revealed 83% of respondents agree that because organisations increasingly rely on contractors, freelancers, and other third party workers, their data systems have become more vulnerable to cyber attacks.

Further, 88% of people say organisations and government entities must have better data security systems in place to protect them from the increase in third party remote attacks.

Recent high-profile breaches, including SolarWinds, Colonial Pipeline, and JBS Foods, have exposed how vulnerable organisations are to cyber crime and in particular ransomware attacks. Of note with recent attacks is how data breaches can quickly affect aspects of everyday life, such as the ability to fill a car with petrol or buy meat at the supermarket.

https://www.helpnetsecurity.com/2021/08/16/reliance-on-third-party-workers/

The Cyber Security Skills Gap Persists For The Fifth Year Running

Most organisations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.

https://www.techrepublic.com/article/the-cybersecurity-skills-gap-persists-for-the-fifth-year-running/

T-Mobile Hack Is A Return To The Roots Of Cyber Crime

In the world of cyber crime, ransomware attacks might be the sophisticated bank heists. The hack of T-Mobile is more akin to smashing a window, grabbing merchandise, and running.

The attack that exposed the personal information of millions of T-Mobile customers spotlights a common type of cyber threat that can inflict significant damage to consumers, much like the recent rash of ransomware attacks hitting companies.

The breach exposed the data of more than 40 million people, T-Mobile confirmed Wednesday, including customer’s full names and driver’s license information. A hacker posted about the stolen information on a cyber crime forum late last week, offering to sell the information to buyers for the price of six bitcoin, or about $270,000.

This type of attack, in which hackers worm their way into companies’ systems, steal data and try to sell it online, has been a common tactic for years, cyber security experts say. Unlike the high-profile ransomware attacks that have disrupted fuel supplies, hospital systems and food production in recent months, these data exfiltration hacks do not lock down computer systems.

https://www.washingtonpost.com/technology/2021/08/19/tmobile-breach-data-hacks/

Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks

The first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, a new report reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May.

Bad actors continue to utilise phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on.

https://www.helpnetsecurity.com/2021/08/19/phishing-attacks-h1-2021/

Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily

A new report has shined a light on the state of connected devices. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020). These devices include medical and manufacturing devices that are critical to business operations along with network devices, IP phones, video surveillance cameras and facility devices (such as badge readers) that are not designed with security in mind, cannot be patched, and cannot support endpoint security agents.

With almost half of devices in the network that are either agentless or un-agentable, organisations need to complement their endpoint security strategy with a network-based security approach to discover and secure these devices.

https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/

Threats

Ransomware

• John Oliver On Ransomware Attacks: ‘It’s In Everyone’s Interest To Tet This Under Control’

• Hospitals Hamstrung By Ransomware Are Turning Away Patients

• Half Of US Hospitals Shut Down Networks Due To Ransomware

• Device Complexity Leaving Schools At Heightened Risk Of Ransomware Attacks

• This Ransomware Has Returned With New Techniques To Make Attacks More Effective

• Diavol Ransomware Sample Shows Stronger Connection To TrickBot Gang

• Ransomware Criminals' Demands Rise As Aggressive Tactics Pay Off

BEC

• 23 Charged Over Covid-19 Business Email Compromise Fraud

Phishing

• "Jigsaw Puzzle" Phishing Attacks Use Morse Code To Hide

• Cyber Attackers Embrace CAPTCHAs To Hide Phishing, Malware

• WordPress Sites Abused In Aggah Spear-Phishing Campaign

• This Microsoft 365 Spear-Phishing Campaign Has Been Running Riot For Over A Year

Other Social Engineering

• Delivery Scams Most Prominent Form Of Smishing

Malware

• Malware Campaign Uses Clever 'Captcha' To Bypass Browser Warning

• Malware Dev Infects Own PC And Data Ends Up On Intel Platform

• Researchers Discover New AdLoad Malware Campaigns Targeting Macs And Apple Products

Mobile

• How Hackers Can Use Message Mirroring Apps To See All Your SMS Texts — And Bypass 2FA Security

IOT

• Amazon Sidewalk Highlights Network Security Visibility Risks Consumer Services Pose

Vulnerabilities

• Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly A Million IoT Devices

• Unpatched Remote Hacking Flaw Disclosed In Fortinet's FortiWeb WAF

• Linux Glibc Security Fix Created A Nastier Linux Bug

• 65 Vendors Affected By Severe Vulnerabilities In Realtek Chips

• Eight-Year-Old Bug In Microsoft's 64-Bit VBA Prompts Complaints Of Neglect

• Cisco Won’t Fix Zero-Day RCE Vulnerability In End-Of-Life VPN Routers

• Adobe Addresses Two Critical Vulnerabilities In Photoshop

Data Breaches/Leaks

• Chase Bank Accidentally Leaked Customer Info To Other Customers

• Colonial Pipeline Reports Data Breach After May Ransomware Attack

• Ford Bug Exposed Customer And Employee Records From Internal Systems

Dark Web

• Dark Web Blockchain Analysis Tool Suspended After Flurry Of Media Coverage

• Dark Web Drug Dealer Indicted For Laundering $137 Million In Bitcoin From Prison

• Dark Web Criminals Have Built A Tool That Checks For Dirty Bitcoin

Supply Chain

DoS/DDoS

• Attackers Can Weaponize Firewalls And Middleboxes For Amplified DDoS Attacks

• Botnet Generates One of the Largest DDoS Attacks on Record

OT, ICS, IIoT and SCADA

• Mysterious Hacker Group Suspected In July Cyber Attack On Iranian Trains

Nation State Actors

• Chinese Espionage Tool Exploits Vulnerabilities In 58 Widely Used Websites

• North Korea Hackers Spreading Malware Via Browser Exploits

Cloud

• The Overlooked Security Risks Of The Cloud

Other News

• Blackbaud – Firm That Paid Off Crooks After 2020 Ransomware Attack – Fails To Get California Privacy Law Claim Dropped

• Threat Actors Hacked US Census Bureau In 2020 By Exploiting A Citrix Flaw

• Cyber Security Is Top Priority For Enterprises As They Shift To Digital-First Operating Models

• SMEs Awareness Of GDPR Is High, But Few Adhere To Its Legal Requirements

• Hacker Finds A Way To Steal Windows 365 User Names And Passwords

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

SMBs Increasingly Vulnerable To Ransomware, Despite The Perception They Are Too Small To Target

A new report this week warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year. The report revealed that during the first half of 2021, 4 out of 5 organisations experienced a cyber security breach originating from a vulnerability in their third-party vendor ecosystem. That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than $100,000.

https://www.helpnetsecurity.com/2021/08/10/smbs-ransomware/

May 2021 Saw A 440% Increase In Phishing, The Single Largest Phishing Spike On Record

In May 2021, a report revealed a 440% increase in phishing, holding the record for the single largest phishing spike in a single month. It also showed that industries such as oil, gas and mining saw a 47% increase in the same six-month period, with manufacturing and wholesale traders seeing a 32% increase. The report extends its yearly threat intelligence report, with updated metrics between January 1 and June 30 2021. It also investigates the latest trends in malware, phishing and crypto exchanges.

https://www.infosecurity-magazine.com/news/may-phishing-increase-webroot/

Users Can Be Just As Dangerous As Hackers

Most organisations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad. Most organisations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding. However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce. All these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of protecting against outside attackers. However, e2ee also resists internal governance and compliance programs.

https://thehackernews.com/2021/08/users-can-be-just-as-dangerous-as.html?m=1

With Crime-As-A-Service, Anyone Can Be An Attacker

Crime-as-a-Service (CaaS) is the practice of experienced cybercriminals selling access to the tools and knowledge needed to execute cyber crime – in particular, it’s often used to create phishing attacks. For hackers, phishing is one of the easiest ways to steal your organisation’s data. Traditionally, executing a successful phishing campaign required a seasoned cyber criminal with technical expertise and knowledge of social engineering. However, with the emergence of CaaS, just about anyone can become a master of phishing for a small fee.

https://www.helpnetsecurity.com/2021/08/03/crime-as-a-service/

The Rise Of Cloud Is Creating Security Blindspots

Businesses are growing increasingly reliant on cloud services, but with all the good, businesses must also face the bad, according to a new report which says that the rise of cloud means greater complexity and more security blind spots.

Increased expansion into the cloud has led to new risks. All of the respondents in the report had suffered at least one incident in their public cloud environment in the last year, with 30 percent saying they had no formal sign-off before pushing to production.

https://www.itproportal.com/news/the-rise-of-cloud-is-creating-security-blindspots/

Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily

A report has been released on the state of connected devices. The 2021 study addresses pandemic-related cyber security challenges, including the growth of connected devices and related increase of security risks from these devices as threat actors took advantage of chaos to launch attacks. The study incorporates security risk and trend analysis of anonymized data for the past 12 months (June 2020 through June 2021) across the company’s 500+ deployments in healthcare, life sciences, retail, and manufacturing verticals. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020).

https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/

The Value Of PII And How It Still Fuels Malign Activities In The Digital Ecosystem

The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums, an Intelligence report reveals. The research analysed the value of personally identifiable information (PII), drawing links between the breach economy, PII, and a range of emerging digital threats to executives and brands.

https://www.helpnetsecurity.com/2021/08/10/pii-value-digital-ecosystem/

Ransomware Payments Explode Amid ‘Quadruple Extortion’

Two reports slap hard figures on what’s already crystal clear: Ransomware attacks have skyrocketed, and ransomware payments are the comet trails that have followed them skyward. The average ransomware payment spiked 82 percent year over year: It’s now over half a million dollars, according to the first-half 2021 update report. As far as the sheer multitude of attacks goes, researchers on Thursday reported that they’ve identified and analysed 121 ransomware incidents so far in 2021, a 64 percent increase in attacks, year-over-year.

https://threatpost.com/ransomware-payments-quadruple-extortion/168622/

Hackers Netting Average Of Nearly $10,000 For Stolen Network Access

A new report from a cyber security company has spotlighted the thriving market on the dark web for network access that nets cyber criminals thousands of dollars. Researchers have examined network access sales on underground Russian and English-language forums before compiling a study on why criminals sell their network access and how criminals transfer their network access to buyers. More than 37% of all victims in a sample of the data were based in North America while there was an average price of $9,640 and a median price of $3,000.

https://www.zdnet.com/article/hackers-netting-average-of-nearly-10000-for-stolen-network-access/

1M Stolen Credit Cards Hit Dark Web For Free

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cyber criminal site dedicated to…selling payment-card credentials. Researchers noticed the leak of the payment-card data during a “routine monitoring of cyber crime and Dark Web marketplaces,” researchers said in a post published over the weekend. The cards were published on an underground card-selling market, AllWorld.Cards, and stolen between 2018 and 2019, according to info posted on the forum.

https://threatpost.com/1m-stolen-credit-cards-dark-web/168514/

Ransomware Group Demanding $50M In Accenture Security Breach

The hacker group behind a ransomware attack on global solution provider giant Accenture has made a ransom demand for $50 million, according to a cyber security firm that reports seeing the demand. The threat actor is demanding the $50 million in exchange for more than 6 TB of data, according to a tweet.

https://www.crn.com/news/security/ransomware-group-demanding-50m-in-accenture-security-breach-cyber-firm

Threats

Ransomware

• Top 5 Ransomware Operators By Income

• Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities

• Hackers Reportedly Threaten To Leak Data From Gigabyte Ransomware Attack

• Bitcoin Ransomware Hackers Hit Accenture

• Why Ransomware Is Such A Threat To Critical Infrastructure

• Ransomware Demands And Payments Hit New Records

• Synology Warns Of Malware Infecting NAS Devices With Ransomware

Phishing

• AI Wrote Better Phishing Emails Than Humans In A Recent Test

Other Social Engineering

• Cyber Fraud Shifts To Gaming, Travel And Leisure, Report Finds

Malware

• Discord Malware Is A Persistent And Growing Threat Warns Sophos

• Microsoft Warning: This Unusual Malware Attack Has Just Added Some New Tricks

• Experts Shed Light On New Russian Malware-As-A-Service Written In Rust

• IISpy: A Complex Server‑Side Backdoor With Anti‑Forensic Features

• Anatomy Of Native IIS Malware

Mobile

• A 5G Shortcut Leaves Phones Exposed to Stingray Surveillance

• Beware! New Android Malware Hacks Thousands of Facebook Accounts

IOT

• A Critical Random Number Generator Flaw Affects Billions Of IoT Devices

Vulnerabilities

• Microsoft's August 2021 Patch Tuesday: 44 Flaws Fixed, Seven Critical Including Print Spooler Vulnerability

• Microsoft Confirms There's Yet Another New Windows Print Spooler Security Bug

• Microsoft Exchange Server: Threat Actors Actively Scanning For Proxyshell Vulnerability, Researchers Warn

• Magento Update Released To Fix Critical Flaws Affecting E-Commerce Sites

• Vulnerability Found In Kindle E-Reader

• Got A Cheap Cisco Router In Your Home Office? If It's One Of These, There's An Exposed RCE Hole You Need To Plug

Organised Crime & Criminal Actors

• Attackers Started Exploiting a Router Vulnerability Just 2 Days After Its Disclosure

• Hackers Steal $600 Million In Crypto From DeFi Site Poly Network

Dark Web

• 1M Stolen Credit Cards Hit Dark Web For Free

Supply Chain

• MSSPs Particularly Vulnerable To Cisco FDM Flaw

DoS/DDoS

• Attackers Increasingly Turning to DDoS As A Ransom Vector

Nation State Actors

• Briton Suspected Of Spying For Russia Arrested In Germany

• Putin Is Crushing Biden’s Room To Negotiate On Ransomware

Cloud

• Data Of Three Million Elderly Citizens Exposed In Cloud Security Oversight

• AWS S3 Can Be A Security Risk For Your Business

Privacy

• UN Human Rights Experts Call For Spyware Crackdown

• Apple Says ‘Screeching Minority” Who Object Against Their Photos Being Scanned For The Police ‘Have Misunderstanding’

• Is Your Router Giving Away Your Location?

Other News

• The Challenges Healthcare CISOs Face In An Evolving Threat Landscape

• Hacker Shares The Scariest Things He's Seen On The Dark Web

• Researchers Develop RISC-V Chip for Quantum-Resistant Encryption

• Quantum Computers Could Threaten Blockchain Security. These New Defenses Might Be The Answer

• Saving Money By Holding Onto Old Tech Is Costing Us All Billions

• Unwanted Bot Traffic Costs Businesses $250 Million A Year

• Attacks Against Industrial Networks Will Become A Bigger Problem. We Need To Fix Security Now

• Kaseya's Universal Revil Decryption Key Leaked On A Hacking Forum

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Guernsey Regulated Financial Services Firms, the deadline for compliance with the GFSC Cyber Rules is today!

Will you be ready to explain your strategy and governance when the GFSC turn up for a regulatory visit?

The Cyber Rules compel Boards to take accountability for Cyber risks where previously it may have belonged to IT. Technology is only one piece of the puzzle, and often it is your people that present your weakest link.

We support our clients with an independent and proportionate gap analysis report that assesses risks and controls across people, operations and technology. This informs the strategy and governance that shows the GFSC what they want to see, reinforced by objective education and awareness for Boards and users.

We help our clients get the best performance from their IT Provider, to see and remediate the risks that cannot be revealed in a self-assessment either by the provider or the client.

Talk to the professionals today, with the experience and qualifications you can count on.

Contact us on contact@blackarrowcyber.com or call us on 711988

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Volumes Hit Record Highs As 2021 Wears On

Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020.

https://threatpost.com/ransomware-volumes-record-highs-2021/168327/

Ransomware Gangs Recruiting Insiders To Breach Corporate Networks

The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims' networks and encrypt devices. Any ransom payments that victims make are then split between the core group and the affiliate, with the affiliate usually receiving 70-80% of the total amount. However, in many cases, the affiliates purchase access to networks from other third-party pentesters rather than breaching the company themselves. With LockBit 2.0, the ransomware gang is trying to remove the middleman and instead recruit insiders to provide them access to a corporate network.

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/

More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021

Two new reports were released, covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the number of vulnerabilities disclosed.  The company's data breach report found that there were 1,767 publicly reported breaches in the first six months of 2021, a 24% decline compared to the same period last year. The number of reported breaches grew in the US by 1.5% while 18.8 billion records were exposed year to date, a 32% decline compared to the 27.8 billion records leaked in the first half of 2020.

https://www.zdnet.com/article/more-than-12500-vulnerabilities-disclosed-in-first-half-of-2021-risk-based-security/

New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies

Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.

DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organisations that do not want to manage and secure yet another network asset on their own.

These DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration.

https://www.bleepingcomputer.com/news/security/new-dns-vulnerability-allows-nation-state-level-spying-on-companies/

Constant Review Of Third Party Security Critical As Ransomware Threat Climbs

Enterprises typically would give their third-party suppliers "the keys to their castle" after carrying out the usual checks on the vendor's track history and systems, according to a New York-based Forrester analyst who focuses on security and risk. They believed they had done their due diligence before establishing a relationship with the supplier, but they failed to understand that they should be conducting reviews on a regular basis, especially with their critical systems suppliers. Third-party suppliers should have the ability to deal with irregular activities in their systems and the appropriate security architecture in place to prevent any downstream effects, he added.

https://www.zdnet.com/article/constant-review-of-third-party-security-critical-as-ransomware-threat-climbs/

Kaseya Ransomware Attack Sets Off Race To Hack Service Providers

A ransomware attack in July that paralyzed as many as 1,500 organisations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said. An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said. Now that criminals see how powerful MSP attacks can be, "they are already busy, they have already moved on and we don’t know where," said head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.

https://www.reuters.com/technology/kaseya-ransomware-attack-sets-off-race-hack-service-providers-researchers-2021-08-03/

‘It’s Quite Feasible To Start A War’: Just How Dangerous Are Ransomware Hackers?

Secretive gangs are hacking the computers of governments, firms, even hospitals, and demanding huge sums. But if we pay these ransoms, are we creating a ticking time bomb? They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.

https://www.theguardian.com/technology/2021/aug/01/crypto-criminals-hack-the-computer-systems-of-governments-firms-even-hospitals

Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects

A joint advisory from law enforcement agencies in the US, UK, and Australia this week tallied the 30 most-frequently exploited vulnerabilities. Perhaps not surprisingly, the list includes a preponderance of flaws that were disclosed years ago; everything on the list has a patch available for whoever wants to install it. But as we've written about time and again, many companies are slow to push updates through for all kinds of reasons, whether it's a matter of resources, know-how, or an unwillingness to accommodate the downtime often necessary for a software refresh. Given how many of these vulnerabilities can cause remote code execution—you don't want this—hopefully they'll start to make patching more of a priority.

https://www.wired.com/story/top-vulnerabilities-russia-nso-group-iran-security-news/

Average Total Cost Of A Data Breach Increased By Nearly 10% Year Over Year

Based on in-depth analysis of real-world data breaches experienced by over 500 organisations, the global study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year. Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic. The new findings suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.

https://www.helpnetsecurity.com/2021/07/29/total-cost-data-breach/

65% Of All DDoS Attacks Target US And UK

Distributed denial of service (DDoS) attacks are common for cyber criminals who want to disrupt online-dependent businesses. According to the data analysed by a VPN team, 65% of all distributed denial of service (DDoS) attacks are directed at the US or UK. Computers and the internet industry are the favourite among cyber criminals. The United States was a target for 35% of all DDoS attacks in June 2021. Cyber criminals launched DDoS attacks against Amazon Web Services, Google, and other prominent US-based companies in the past. The United Kingdom comes second as it fell victim to 29% of all DDoS attacks. As the UK has many huge businesses, they often are targeted by hackers for valuable data or even a ransom. China was threatened by 18% of all DDoS attacks in June 2021. Assaults from and to China happen primarily due to political reasons, to interrupt some government agency.

https://www.pcr-online.biz/2021/08/05/65-of-all-ddos-attacks-target-us-and-uk/

Threats

Ransomware

• Ransomware Attempt Volume Sets Record, Reaches More Than 300 Million For First Half Of 2021: SonicWall

• Ransomware Attacks Rise Despite US Call For Clampdown On Cyber Criminals

• Isle Of Wight Schools Hit By Ransomware Attack

• BlackMatter Ransomware Gang Rises From The Ashes Of DarkSide, Revil

• Criminals Are Using Call Centres To Spread Ransomware In A Crafty Scheme

Phishing

• Phishing Campaign Dangles SharePoint File-Shares

• Microsoft Warns Office 365 Users Over This Sneaky Phishing Campaign

• Spear Phishing Now Targets Employees Outside The Finance And Executive Teams, Report Says

Other Social Engineering

• Bazarcaller – The Malware Gang That Talks You Into Infecting Yourself

Malware

• A Wide Range Of Cyber Attacks Leveraging Prometheus TDS Malware Service

• Several Malware Families Targeting IIS Web Servers With Malicious Modules

• Cyber Criminals Spoof Brave Browser Website To Push Malware

• Microsoft: This Windows And Linux Malware Does Everything It Can To Stay On Your Network

• Discord Once Again Found To Be Hosting Malware Payloads

Mobile

• An Explosive Spyware Report Shows Limits Of IOS, Android Security

• This Android Malware Steals Your Data In The Most Devious Way

• The Latest Android Bank-Fraud Malware Uses A Clever Tactic To Steal Credentials

Vulnerabilities

• Code Execution Flaw Found In Cisco Firepower Device Manager On-Box Software

• Cisco Issues Critical Security Patches To Fix Small Business VPN Router Bugs

• Decade-Long Vulnerability In Multiple Routers Could Allow Network Compromise

• Security Researchers Warn Of TCP/IP Stack Flaws In Operational Technology Devices

• PwnedPiper PTS Security Flaws Threaten 80% of Hospitals In The U.S.

• Researchers Highlight Windows Laptop TPM Vulnerabilities

Data Breaches

• Threat Actors Leaked Data Stolen From EA, Including FIFA Code

• Hackers Breach San Diego Hospital, Gaining Access To Patients'... Well, Uh, Everything

• Amazon Fined $886M For Alleged Data Breach

OT, ICS, IIoT and SCADA

• Novel Meteor Wiper Used In Attack That Crippled Iranian Train System

Organised Crime & Criminal Actors

• Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown

Cryptocurrency/Cryptojacking

• Raccoon Stealer-As-A-Service Will Now Try To Grab Your Crypto Currency

Supply Chain

• Supply Chain Attacks Are Getting Worse, And You Are Not Ready For Them

Nation State Actors

• Here's 30 Servers Russian Intelligence Uses To Fling Malware At The West, Beams RiskIQ

• Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus

• New Chinese Spyware Being Used In Widespread Cyber Espionage Attacks

• Suspected Chinese Hackers Took Advantage Of Microsoft Exchange Vulnerability To Steal Call Records

• Iranian APT Lures Defense Contractor In Catfishing-Malware Scam

• Chinese Hackers Target Major Southeast Asian Telecom Companies

Cloud

• The Rise Of Cloud Is Creating Security Blind Spots

Reports Published in the Last Week

• APT Trends Report Q2 2021

• Spam and Phishing in Q2 2021

Other News

• It's Time To Improve Linux's Security

• Leaked Document Says Google Fired Dozens Of Employees For Data Misuse

• Hybrid Work Is Here To Stay – But What Does That Mean For Cyber Security?

• Huawei To America: You're Not Taking Cyber Security Seriously Until You Let China Vouch For Us

• Windows 11's Strict Hardware Requirements Cannot Be Bypassed, Microsoft Admits, "We Know It Sucks... We Will Still Block You"

• Trusted Platform Module Security Defeated In 30 Minutes, No Soldering Required

• NSA Warns Public Networks Are Hacker Hotbeds

• Credit-Card-Stealing, Backdoored Packages Found In Python's PyPi Library Hub

• Apple Plans To Scan US IPhones For Child Abuse Imagery

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Workers Ignore Security Risks To Maximize Productivity

A large proportion of employees often take shortcuts to optimize productivity at work, despite understanding the security risks, new data suggests. According to a survey which polled 8,000 workers worldwide, almost four in five (79%) have engaged in one or more “risky activity” in the past twelve months. In a third of cases (35%), this involved saving passwords to their browser. A similar percentage admitted to using a single password across multiple online accounts, while 23% connected personal devices to corporate networks.

https://www.itproportal.com/news/many-workers-ignore-security-risks-to-maximize-productivity/

Financial Services Accounting For Nearly 40% Of All Phishing URLs

A report was released for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected for June alone. For this 6-month window researchers identified Crédit Agricole as the most impersonated brand, with 17,555 unique phishing URLs, followed by Facebook, with 17,338, and Microsoft, with 12,777.

https://www.helpnetsecurity.com/2021/07/22/financial-services-phishing/

Half Of Organisations Are Ineffective At Countering Phishing And Ransomware Threats

Half of organisations are not effective at countering phishing and ransomware threats. The findings come from a study compiled from interviews with 130 cyber security professionals in mid-sized and large organisations. “Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,”. “Organisations need multi-layered defences in place to mitigate these risks.”

https://www.helpnetsecurity.com/2021/07/19/countering-phishing-and-ransomware/

36% Of Organisations Suffered A Serious Cloud Security Data Leak Or A Breach In The Past Year

As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks—and the costs of addressing them—are increasing. The findings are part of the State of Cloud Security 2021 survey. The survey of 300 cloud pros (including cloud engineers; security engineers; DevOps; architects) found that 36% of organisations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they’re vulnerable to a major data breach related to cloud misconfiguration. 64% say the problem will get worse or remain unchanged over the next year.

https://www.helpnetsecurity.com/2021/07/27/cloud-security-data-leak/

HP Finds 75% Of Threats Were Delivered By Email In First Six Months Of 2021

According to the latest HP Report, email is still the most popular way for malware and other threats to be delivered, with more than 75% of threats being sent through email messages.  The report -- covering the first half of 2021 -- is compiled based on customers who opt to share their threat alerts with the company. HP's researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools can solve CAPTCHA challenges using computer vision techniques.

https://www.zdnet.com/article/hp-finds-75-of-threats-were-delivered-by-email-in-first-six-months-of-2021/

Data Breach Costs Hit Record High Due To Pandemic

Data breaches have always proved costly for victimized organisations. But the coronavirus pandemic made a bad situation even worse. A report released Wednesday looks at how and why the average cost of dealing with a data breach has jumped to a new high. The average cost of a data breach among companies surveyed reached $4.24 million per incident, the highest in 17 years.

https://www.techrepublic.com/article/data-breach-costs-hit-record-high-due-to-pandemic/

Top 30 Critical Security Vulnerabilities Most Exploited By Hackers

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors can swiftly weaponize publicly disclosed flaws to their advantage. The top 30 vulnerabilities span a wide range of software, including remote work, virtual private networks (VPNs), and cloud-based technologies, that cover a broad spectrum of products from Microsoft, VMware, Pulse Secure, Fortinet, Accellion, Citrix, F5 Big IP, Atlassian, and Drupal.

https://thehackernews.com/2021/07/top-30-critical-security.html

Average Time To Fix High Severity Vulnerabilities Grows From 197 Days To 246 Days In 6 Months: Report

A recent report has found that the remediation rate for severe vulnerabilities is on the decline, while the average time to fix is on the rise. The report, which is compiled monthly, covers window of exposure, vulnerability by class and time to fix. The latest report found that the window of exposure for applications has increased over the last six months while the top-5 vulnerability classes by prevalence remain constant, which the researchers behind the report said was a "systematic failure to address these well-known vulnerabilities." According to researchers, the time to fix vulnerabilities has dropped 3 days, from 205 days to 202 days. The average time to fix is 202 days, the report found, representing an increase from 197 days at the beginning of the year. The average time to fix for high vulnerabilities grew from 194 days at the beginning of the year to 246 days at the end of June.

https://www.zdnet.com/article/average-time-to-fix-high-vulnerabilities-grows-from-197-days-to-246-days-in-6-months-report/

Why Remote Working Leaves Us Vulnerable To Cyber Attacks

An industry survey found 56% of senior IT technicians believe their employees have picked up bad cyber security habits while working from home. For Example. A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack - US Independence Day, 4 July. They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers. Many firms were forced into a costly downtime period as a result. Among those targeted during the incident was a well-known software provider, Kaseya. REvil used Kaseya as a conduit to spread its ransomware - a malware that can scramble and steal an organisation's computer data - through other corporate and cloud-based networks that use the software.

https://www.bbc.co.uk/news/business-57847652

Stop Mitigating Cyber Security Threats And Start Preventing Them

The impacts of a successful cyber attack can be devastating. Through multiple forms of extortion, criminals can use stolen data and other business-critical assets, including sensitive financial and customer data to hold companies hostage with just one campaign. The average cost of a phishing attack last year was $832,500, with zero-day attacks costing around $1,238,000. Spending this amount of money to recover from a cyber attack could bring a company to its knees. Today’s cyber attacks present very real existential threats to businesses and C-level executives are beginning to fully realize the gravity of these threats. It is critical that organizations invest in solutions that are going to help stop these attackers before they enter their environments.

https://www.itproportal.com/features/stop-mitigating-cybersecurity-threats-and-start-preventing-them/

Threats

Ransomware

• Babuk Ransomware Decryptor Causes Encryption 'Beyond Repair'

• Ransomware Can Penetrate Quickly, Significantly Damaging An Organisation

• BlackMatter Ransomware Targets Companies With Revenue Of $100 Million And More

• LockBit Ransomware Now Encrypts Windows Domains Using Group Policies

• FBI Tracking More Than 100 Active Ransomware Groups

• The World's Top Ransomware Gangs Have created A cyber Crime "Cartel"

Social Engineering

• Average Organisation Targeted By Over 700 Social Engineering Attacks Each Year: Report

• These Hackers Built An Elaborate Online Profile To Fool Their Targets Into Downloading Malware

• FIN7’s Liquor Lure Compromises Law Firm With Backdoor

Malware

• Cisco Researchers Spotlight Solarmarker Malware

• Hackers Exploit Microsoft Browser Bug To Deploy VBA Malware On Targeted PCs

• Some Windows 11 Installers Infect Your PC With Malware

• Microsoft Warns Of LemonDuck Malware Targeting Windows and Linux Systems

• Discord CDN And API Abuses Drive Wave Of Malware Detections

• Japanese Computers Hit By A Wiper Malware Ahead Of 2021 Tokyo Olympics

Mobile

• New Android Malware Uses VNC To Spy And Steal Passwords From Victims

• UBEL Is The New Oscorp — Android Credential Stealing Malware Active In The Wild

Vulnerabilities

• Microsoft Warns Of Credential Stealing NTLM Relay Attacks Against Windows Domain Controllers

• VPN Servers Seized By Ukrainian Authorities Weren’t Encrypted

• Web Applications Have Become A Security Liability

• Hackers Have Found Yet Another Way To Attack Kubernetes Clusters

• Windows 10 Printer Problems Persist Following Latest Security Update

• Microsoft Rushes Fix For ‘PetitPotam’ Attack PoC

• Apple Releases Urgent 0-Day Bug Patch For Mac, iPhone And iPad Devices

• Researchers Warn Of Unpatched Kaseya Unitrends Backup Vulnerabilities

• New Linux Kernel Bug Lets You Get Root On Most Modern Distros

• Dozens Of Web Apps Vulnerable To DNS Cache Poisoning Via ‘Forgot Password’ Feature

• Nasty MacOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Data Breaches

• Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable In Massive Data Breach

• Gun Owners' Fears After Firearms Dealer Data Breach

Organised Crime & Criminal Actors

• Threat Actor Offers Clubhouse Secret Database Containing 3.8b Phone Numbers

• Number Of Hacking Tools Increasing As Cyber Criminals Become More Organised

Dark Web

• How The Dark Web Enables Access To Corporate Networks

Supply Chain

• Kaseya Denies Paying Ransom For Decryptor, Refuses Comment On NDA

DoS/DDoS

• DSoS Attacks Are Up, With Ever-Greater Network Impact

Nation State Actors

• Chinese Hackers Implant PlugX Variant On Compromised MS Exchange Servers

• APT Group Hits IIS Web Servers With Deserialization Flaws And Memory-Resident Malware

Privacy

• Behind The Mercenary Spyware Industry

Reports Published in the Last Week

• DDoS Attack Trends For 2021 Q2

• Spear Phishing: Top Threats And Trends Volume 6

Other News

• PunkSpider—The Search Engine For Web Exploits—Rises From the Dead

• Biden Warns A ‘Real Shooting War’ Could Come From Cyber Breach

• Hackers Turning To 'Exotic' Programming Languages For Malware Development

• Discord Is Now An Essential Tool For Hackers

• Research Roadblock? Security Pros Weigh In On China’s New Vulnerability Disclosure Law

• For Hackers, Space Is The Final Frontier

• A DNS Outage Just Took Down A Large Chunk Of The Internet

• Ireland Sees Biggest Rise In Cyber Security Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

40% Fell Victim To A Phishing Attack In The Past Month

The global shift to remote work has exacerbated the onslaught, sophistication, and impact of phishing attacks, according to Ivanti. Nearly three-quarters (74%) of respondents said their organisations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month.

Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85% said those attempts are getting more sophisticated. In fact, 73% of respondents said that their IT staff had been targeted by phishing attempts, and 47% of those attempts were successful.

Smishing and vishing scams are the latest variants to gain traction and target mobile users. According to recent research by Aberdeen, attackers have a higher success rate on mobile endpoints than on servers – a pattern that is trending dramatically worse. Meanwhile, the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M.

https://www.helpnetsecurity.com/2021/07/23/risk-phishing-attacks/

Traditional Ransomware Defences Are Failing Businesses

Traditional cyber security strategies are failing to protect organisations from ransomware attacks, new research suggests. Based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defences set up at the time of the attack. However, attack methods have grown too sophisticated for traditional security measures to keep up. Many attacks (24 percent) still start with a successful phishing attempt, while almost a third (31 percent) see attacker enter the network through public cloud.

https://www.itproportal.com/news/traditional-ransomware-defenses-are-failing-businesses/

Cyber Security Risk: The Number Of Employees Going Around IT Security May Surprise You

Last month, a report was published highlighting challenges associated with enabling IT freedoms while ensuring tight security procedures. The findings detail a complex balancing act between IT teams and network users. Calibrating this equilibrium is particularly challenging in the age of remote work as employees log on and virtually collaborate via a host of digital solutions. Overall, the survey found that virtually all employees (93%) "are working around IT restrictions," and a mere 7% said they were "satisfied with their corporate IT restrictions." Interestingly, this information about IT workarounds does not match security leaders' and IT expectations.

https://www.techrepublic.com/article/cybersecurity-risk-the-number-of-employees-going-around-it-security-may-surprise-you/

740 ransomware victims named on data leak sites in Q2 2021: report

More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cyber security firm Digital Shadows.

Out of the almost 2,600 victims listed on ransomware data leak sites, 740 of them were named in Q2 2021, representing a 47% increase compared to Q1.

https://www.zdnet.com/article/740-ransomware-victims-named-on-data-leak-sites-in-q2-2021-report/

A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats

For decades, the cyber security industry has followed a defense-in-depth strategy, which allowed organisations to designate the battlefield against bad actors at their edge firewall. Nowadays, cyber criminals have become as creative as ever. New cyber threats are emerging every day, and with the constantly increasing rate of Ransomware, Phishing, etc. We’re forced to take a more dynamic approach when tackling these cyber threats on a day to day basis. Recent statistics demonstrate the scale of the cyber security issues faced by companies. In 2020, malware attacks increased by 358% and ransomware increased by 435%, and the average cost of recovering from a ransomware attack has doubled in the last 12 months, reaching almost $2 million in 2021.

https://www.helpnetsecurity.com/2021/07/13/dynamic-approach-cybersecurity-threats/

Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack

Campbell Conroy & O'Neil, P.C., a law firm handling hundreds of cases for the world's leading companies, has announced a large data breach that resulted from a ransomware attack in February.  In a statement, the law firm said it noticed unusual activity on its network on February 27. The firm later realized it was being hit with a ransomware attack and contacted the FBI as well as cyber security companies for help.

https://www.zdnet.com/article/law-firm-for-ford-boeing-exxon-marriott-walgreens-and-more-hacked-in-ransomware-attack/

UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack

The Government was hinting yet again at covertly using Britain’s own offensive cyber capabilities – hitting back at cyber attacks with cyber attacks of our own. This approach goes all the way back to 2013, when then defence secretary told the Conservative Party conference that the UK would “build a dedicated capability to counter-attack in cyber space and, if necessary, to strike in cyber space”.

https://www.telegraph.co.uk/world-news/2021/07/19/uk-allies-accuse-china-reckless-cyber-extortion-microsoft-hack/

Even after Emotet takedown, Office docs deliver 43% of all malware downloads now

Malware delivered over the cloud increased by 68% in Q2, according to data from cyber security firm Netskope.

The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter.

The report noted that cloud storage apps account for more than 66% of cloud malware delivery.

"In Q2 2021, 43% of all malware downloads were malicious Office docs, compared to just 20% at the beginning of 2020. This increase comes even after the Emotet takedown, indicating that other groups observed the success of the Emotet crew and have adopted similar techniques," the report said.

https://www.zdnet.com/article/even-after-emotet-takedown-office-docs-deliver-43-of-all-malware-downloads-now/

Gun Owners' Fears After Firearms Dealer Data Breach

Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a "security breach".

Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner's Office.

Police, including the National Crime Agency, are investigating.

One affected gun owner said he was afraid the breach could lead to his family being targeted by criminals.

Gun ownership is tightly controlled in the UK, making guns difficult to acquire, and potentially valuable on the black market.

The individual, who did not wish to be named, told the BBC the breach "seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger".

https://www.bbc.co.uk/news/technology-57932823  

Threats

Ransomware

• SpearTip Finds New Diavol Ransomware Does Steal Data

• The Ransomware Point Of Attack Is Sharper

• Ransomware Incident At Major Cloud Provider Disrupts Real Estate, Title Industry

• In The Fight Against Ransomware, Microsoft Must Do More

• Tracking Malware And Ransomware Domains In 2021

BEC

Phishing

• Google Chrome Now Comes With Up To 50x Faster Phishing Detection

Malware

• Leaked NSO Group Data Hints At Widespread Pegasus Spyware Infections

• This New Malware Hides Itself Among Windows Defender Exclusions To Evade Detection

• MacBook Users Beware! Hackers Are Buying $49 Malware To Wreak Havoc On MacOS

• New MosaicLoader Malware Targets Software Pirates Via Online Ads

• CISA Warns Of Stealthy Malware Found On Hacked Pulse Secure Devices

• This Password-Stealing Windows Malware Is Distributed Via Ads In Search Results

• Pirate Gamers, Beware: This Malware Targets You

Mobile

• Joker Malware Returns To Target Millions More Android Devices

Vulnerabilities

• You'll Want To Shut Down The Windows Print Spooler Service (Yes, Again): Another Privilege Escalation Bug Found

• Google Patches Chrome Zero-Day, Eighth One In 2021

• Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

• 16-Year-Old Security Bug Affects Millions Of HP, Samsung, Xerox Printers

• Fortinet Fixes Bug Letting Unauthenticated Hackers Run Code As Root

• Windows 10 Vulnerability Lets Anyone Get Administrator Privileges

• Researchers Discover Security Flaws In Telegram Encryption Protocol

• New Sequoia Bug Gives You Root Access On Most Linux Systems

• Microsoft Shares Workaround For Windows 10 SeriousSAM Vulnerability

• Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

Data Breaches

• Aruba Waited Months To Notify Customers Regarding A Recent Data Breach

• Data Breach Claimants Lose Bid For Anonymity In Court

• Oil Giant Saudi Aramco Hit By 1TB Data Breach

Organised Crime & Criminal Actors

• Botnet Operator Who Proxied Traffic For Other Cybercrime Groups Pleads Guilty

Supply Chain

• NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

DoS/DDoS

• DDoS: Google Has A New Tool To Defend Against Attacks Launched By Botnets

OT, ICS, IIoT and SCADA

• Industrial Networks Exposed Through Cloud-Based Operational Tech

Nation State Actors

• Iranian State Sponsored Hacking Attempts

• UK And Allies Hold Chinese State Responsible For Pervasive Pattern Of Hacking

• China Accused Of Cyber-Attack On Microsoft Exchange Servers

• Chinese Hacking Group APT31 Uses Mesh Of Home Routers To Disguise Attacks

• France Warns Of APT31 Cyber Spies Targeting French Organisations

• APT Hackers Distributed Android Trojan Via Syrian E-Government Portal

Cloud

• Why The Bank Of England Has Its Head In The Cloud Over Data Security

Privacy

• FT Editor Among 180 Journalists Identified By Clients Of Spyware Firm

• Revealed: leak uncovers global abuse of cyber surveillance weapon

Other News

• Is Open-Source Software Secure?

• Application Security Tools Ineffective Against New And Growing Threats

• Pegasus: What Is The Israeli Spyware And How Can You Tell If It’s On Your Phone?

• UK.Gov's Huawei Watchdog Says Firm Made 'No Overall Improvement' On Firmware Security But Won't Say Why

• DHS Releases New Mandatory Cyber Security Rules For Pipelines After Colonial Ransomware Attack

• 1 in 5 companies fail PCI compliance assessments of their infrastructure

• Biden Puts a $10M Bounty on Foreign Hackers

• MITRE updates list of top 25 most dangerous software bugs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.