Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Morgan Stanley Client Accounts Breached in Social Engineering Attacks

Morgan Stanley Wealth Management says some of its customers had their accounts compromised in social engineering attacks.

The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a voice call to convince their targets into revealing sensitive information such as banking or login credentials.

The company said in a notice sent to affected clients that, "on or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.

After successfully breaching their accounts, the attacker also electronically transferred money to their own bank account by initiating payments using the Zelle payment service.

https://www.bleepingcomputer.com/news/security/morgan-stanley-client-accounts-breached-in-social-engineering-attacks/

• Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More

Business email compromise (BEC) remains the biggest source of financial losses, which totalled $2.4 billion in 2021, up from an estimated $1.8 billion in 2020, according to the Federal Bureau of Investigation's (FBI) Internet Crime Center (IC3).

The FBI says in its 2021 annual report that Americans last year lost $6.9 billion to scammers and cyber criminals through ransomware, BEC, and cryptocurrency theft related to financial and romance scams. In 2020, that figure stood at $4.2 billion.

Last year, FBI's Internet Crime Complaint Center (IC3) received 847,376 complaints about cybercrime losses, up 7% from 791,790 complaints in 2020.

BEC has been the largest source of fraud for several years despite ransomware attacks grabbing most headlines.

https://www.zdnet.com/article/ransomware-is-scary-but-another-scam-is-costing-victims-much-much-more-says-fbi/#ftag=RSSbaffb68

• Phishing Kits Constantly Evolve to Evade Security Software

Modern phishing kits sold on cybercrime forums as off-the-shelf packages feature multiple, sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won’t mark them as a threat.

Fake websites that mimic well-known brands are abundant on the internet to lure victims and steal their payment details or account credentials.

Most of these websites are built using phishing kits that feature brand logos, realistic login pages, and in cases of advanced offerings, dynamic webpages assembled from a set of basic elements.

https://www.bleepingcomputer.com/news/security/phishing-kits-constantly-evolve-to-evade-security-software/

• Ransomware Payment Demands Rose Dramatically in 2021

Ransomware attackers demanded dramatically higher ransom fees last year, and the average ransom payment rose by 78% to $541,010, according to data from incident response (IR) cases investigated by Palo Alto Networks Unit 42.

IR cases by Unit 42 also saw a whopping 144% increase in ransom demands, to $2.2 million. According to the report, the most victimised sectors were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.

Cyber extortion spiked, with 85% of ransomware victims — some 2, 556 organisations — having their data dumped and exposed on leak sites, according to the "2022 Unit 42 Ransomware Threat Report."

Conti led the ransomware attack volume, representing some one in five cases Unit 42 investigated, followed by REvil, Hello Kitty, and Phobos.

https://www.darkreading.com/attacks-breaches/ransomware-payments-demands-rose-dramatically-in-2021

• 7 Suspected Members of LAPSUS$ Hacker Gang, aged 16 to 21, Arrested in UK

The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.

"The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector, Michael O'Sullivan, said in a statement shared with The Hacker News. "Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."

The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based teenager is the mastermind of the group. It's not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is alleged to have accumulated about $14 million in Bitcoin from hacking.

https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html

• Here's How Fast Ransomware Encrypts Files

Forty-two minutes and 54 seconds: that's how quickly the median ransomware variant can encrypt and lock out a victim from 100,000 of their files.

The data point came from Splunk's SURGe team, which analysed in its lab how quickly the 10 biggest ransomware strains — Lockbit, REvil, Blackmatter, Conti, Ryuk, Avaddon, Babuk, Darkside, Maize, and Mespinoza — could encrypt 100,000 files consisting of some 53.93 gigabytes of data. Lockbit won the race, with speeds of 86% faster than the median. One Lockbit sample was clocked at encrypting 25,000 files per minute.

Splunk's team found that ransomware variants are all over the map speed-wise, and the underlying hardware can dictate their encryption speeds.

https://www.darkreading.com/application-security/here-s-how-fast-ransomware-encrypts-files

• HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For

Web malware (47%) and ransomware (42%) now top the list of security threats that organisations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.

This is according to research published by Menlo Security, exploring what steps organisations are taking to secure themselves in the wake of a new class of cyber threats – known as Highly Evasive Adaptive Threats (HEAT).

As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.

https://www.helpnetsecurity.com/2022/03/22/web-security-threats/

• The Cyber Warfare Predicted in Ukraine May Be Yet to Come

In the build-up to Russia’s invasion of Ukraine, the national security community braced for a campaign combining military combat, disinformation, electronic warfare and cyber attacks. Vladimir Putin would deploy devastating cyber operations, the thinking went, to disable government and critical infrastructure, blind Ukrainian surveillance capabilities and limit lines of communications to help invading forces. But that’s not how it has played out. At least, not yet.

The danger is that as political and economic conditions deteriorate, the red lines and escalation judgments that kept Moscow’s most potent cyber capabilities in check may adjust. Western sanctions and lethal aid support to Ukraine may prompt Russian hackers to lash out against the west. Russian ransomware actors may also take advantage of the situation, possibly resorting to cyber crime as one of the few means of revenue generation.

https://www.ft.com/content/2938a3cd-1825-4013-8219-4ee6342e20ca

• The Three Russian Cyber Attacks the West Most Fears

The UK's cyber authorities are supporting the White House's calls for "increased cyber-security precautions", though neither has given any evidence that Russia is planning a cyber-attack.

Russia has previously stated that such accusations are "Russophobic".

However, Russia is a cyber-superpower with a serious arsenal of cyber-tools, and hackers capable of disruptive and potentially destructive cyber-attacks.

Ukraine has remained relatively untroubled by Russian cyber-offensives but experts now fear that Russia may go on a cyber-offensive against Ukraine's allies.

"Biden's warnings seem plausible, particularly as the West introduced more sanctions, hacktivists continue to join the fray, and the kinetic aspects of the invasion seemingly don't go to plan," says Jen Ellis, from cyber-security firm Rapid7.

This article from the BCC outlines the hacks that experts most fear, and they are repeats of things we have already seen coming out of Russia, only potentially a lot more destructive this time around.

https://www.bbc.co.uk/news/technology-60841924

• Do These 8 Things Now to Boost Your Security Ahead of Potential Russian Cyber Attacks

The message comes as the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) ramp up warnings about Russian hacking of everything from online accounts to satellite broadband networks. CISA's current campaign is called Shields Up, which urges all organisations to patch immediately and secure network boundaries. This messaging is being echoed by UK and other Western Cyber authorities:

The use of Multi-Factor Authentication (MFA) is being very strongly advocated. The White House and other agencies both sides of the Atlantic also urged companies to take seven other steps:

• Deploy modern security tools on your computers and devices to continuously look for and mitigate threats

• Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors

• Back up your data and ensure you have offline backups beyond the reach of malicious actors

• Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack

• Encrypt your data so it cannot be used if it is stolen

• Educate your employees to common tactics that attackers will use over email or through websites

• Work with specialists to establish relationships in advance of any cyber incidents.

https://www.zdnet.com/article/white-house-warns-do-these-8-things-now-to-boost-your-security-ahead-of-potential-russian-cyberattacks/

• Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone

The FBI's Internet Crime Complaint Center (IC3) reported a record-breaking year for 2021 in the number of complaints it received, among which business email compromise (BEC) attacks made up the majority of incidents.

IC3 handled 847,376 complaint reports last year — an increase of 7% over 2020 — which mainly revolved around phishing attacks, nonpayment/nondelivery scams, and personal data breaches. Overall, losses amounted to more than $6.9 billion.

BEC and email account compromises ranked as the No. 1 attack, accounting for 19,954 complaints and losses of around $2.4 billion.

"In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them," Paul Abbate, deputy director of the FBI wrote in the IC3's newly published annual report.

https://www.darkreading.com/attacks-breaches/fbi-cybercrime-victims-suffered-losses-of-over-6-9b-in-2021

• Expanding Threat Landscape: Cyber Criminals Attacking from All Sides

Research from Trend Micro warns of spiralling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organisations and individuals.

“Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks,” said Jon Clay, VP of threat intelligence at Trend Micro.

“Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted.”

Ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit. Ransomware-as-a-service offerings have opened the market to attackers with limited technical knowledge – but also given rise to more specialisation, such as initial access brokers who are now an essential part of the cybercrime supply chain.

Threat actors are also getting better at exploiting human error to compromise cloud infrastructure and remote workers. Trend Micro detected and prevented 25.7 million email threats in 2021 compared to 16.7 million in 2020, with the volume of blocked phishing attempts nearly doubling over the period. Research shows home workers are often prone to take more risks than those in the office, which makes phishing a particular risk.

https://www.helpnetsecurity.com/2022/03/22/threat-actors-increase-attack/

Threats

Ransomware

• Ransomware Infections Follow Precursor Malware – Lumu • The Register

• Ransomware, Malware-as-a-Service Dominate Threat Landscape | SecurityWeek.Com

• Serious Security: DEADBOLT – The Ransomware That Goes Straight For Your Backups – Naked Security (sophos.com)

• AvosLocker Ransomware - What You Need To Know | The State of Security (tripwire.com)

• What the Conti Ransomware Group Data Leak Tells Us (darkreading.com)

• Ransomware Demands And Payments Increase With Use Of Leak Sites (computerweekly.com)

• Ten Notorious Ransomware Strains Put to The Encryption Speed Test (bleepingcomputer.com)

• Lockbit Wins Ransomware Speed Test, Encrypts 25k Files/Min • The Register

• Talos warns of BlackMatter-linked BlackCat Ransomware • The Register

• Report: 89% of Organizations Say Kubernetes Ransomware Is A Problem Today | VentureBeat

• Top Russian Meat Producer Hit with Windows BitLocker Encryption Attack (bleepingcomputer.com)

• Greece's Public Postal Service Offline Due To Ransomware Attack (bleepingcomputer.com)

• Hackers Demand $15 Million Ransom from TransUnion After Cracking "password" Password (bitdefender.com)

• Lawsuit Claims Kronos Breach Exposed Data For 'Millions' (techtarget.com)

• Estonian Man Sentenced To Prison For Role In Cyber Intrusions, Ransomware Attacks - CyberScoop

Phishing & Email

• New Phishing Toolkit Lets Anyone Create Fake Chrome Browser Windows (bleepingcomputer.com)

• Browser-in-the-Browser Attack Makes Phishing Nearly Invisible | Threatpost

• 'Unique Attack Chain' Drops Backdoor in New Phishing Campaign (darkreading.com)

Other Social Engineering

• Social Engineering Attacks To Dominate Web3, The Metaverse | ZDNet

Malware

• Malicious Microsoft Excel Add-Ins Used to Deliver RAT Malware (bleepingcomputer.com)

• BitRAT Malware Now Spreading As A Windows 10 License Activator (bleepingcomputer.com)

Mobile

• URL Rendering Trick Enabled WhatsApp, Signal, iMessage Phishing (bleepingcomputer.com)

• Downloaders Currently the Most Prevalent Android Malware (darkreading.com)

• Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users (thehackernews.com)

• Android Password-Stealing Malware Infects 100,000 Google Play Users (bleepingcomputer.com)

IoT

• Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns (thehackernews.com)

• Honda Civics Vulnerable To Remote Unlock, Start Hack • The Register

• How to Secure Your Home WiFi Router - The Washington Post

Data Breaches/Leaks

• UK MoD's Capita-Run Recruitment Portal Support Offline • The Register

• Background Check Company Sued Over Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Over 40,000 London Voters Have Data Leaked to Strangers - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Who is LAPSUS$, the Gang Hacking Microsoft, Samsung, and Okta? (gizmodo.com)

• Hackers Are Targeting European Refugee Charities -Ukrainian Official | Reuters

• Hackers Steal From Hackers By Pushing Fake Malware On Forums (bleepingcomputer.com)

• Oxford Teen Accused Of Making More Than £10m As A Leader Of International Cyber Gang (telegraph.co.uk)

Cryptocurrency/Cryptomining/Cryptojacking

• An Investigation of Cryptocurrency Scams and Schemes (trendmicro.com)

• Global Regulators Monitor Crypto Use in Ukraine War | Reuters

• Cryptocurrency Companies Impacted by HubSpot Breach (techtarget.com)

Insider Risk and Insider Threats

• 6 Types Of Insider Threats And How To Prevent Them (techtarget.com)

• HP Staffer Blew $5m On Personal Expenses With Company Card • The Register

Fraud, Scams & Financial Crime

• Internet Crime in 2021: Investment Fraud Losses Soar - Help Net Security

• NFT Fraud in the UK Soars 400% in 2021 - Infosecurity Magazine (infosecurity-magazine.com)

• DeFiance Capital Founder Loses $1.7M in NFTs To Phishing Scam - Decrypt

Insurance

• How The Increase in Ransomware Has Impacted The Cyber Insurance Market - Help Net Security

• Cyber Insurance and War Exclusions (darkreading.com)

Dark Web

• Dark Web Drug Peddler Gets Nine Years - Infosecurity Magazine

Supply Chain

• 'Secrets Sprawl' Haunts Software Supply Chain Security | SecurityWeek.Com

Cloud

• As Breaches Soar, Companies Must Turn to Cloud-Native Security Solutions For Protection - Help Net Security

Passwords & Credential Stuffing

• The Top 5 Things the 2022 Weak Password Report Means for IT Security (bleepingcomputer.com)

Spyware, Espionage & Cyber Warfare

• Russia Preparing To Conduct Cyber Attacks, White House warns - IT Security Guru

• New Mustang Panda Hacking Campaign Targets Diplomats, ISPs (bleepingcomputer.com)

• Vidar Spyware Is Now Hidden in Microsoft Help Files | ZDNet

• FCC Adds Kaspersky To Covered List Due To Unacceptable Risks To Security - Security Affairs

Nation State Actors

Nation State Actors – Russia

• Internet Sanctions Against Russia Pose Risks, Challenges For Businesses | CSO Online

• Is It Safe To Use Russian-Based Kaspersky Antivirus? No, And Here's Why (komando.com)

• Anonymous Leaked 28gb of Data Stolen from The Central Bank of Russia - Security Affairs

• President Biden Says Russia Exploring Revenge Cyber Attacks • The Register

• Analysis: Putin's next escalation could be a direct cyberattack on the West - CNNPolitics

• Russia-backed Hackers Bypassed MFA, Exploited Print Vulnerability - MSSP Alert

• Hackers Around The World Deluge Russia's Internet With Simple, Effective Cyber Attacks (nbcnews.com)

• Anonymous Targets Western Companies Still Active in Russia - Security Affairs

• Ukrainian Enterprises Hit with the DoubleZero Wiper - Security Affairs

• NATO, G-7 Leaders Promise Bulwark Against Retaliatory Russian Cyber Attacks (cyberscoop.com)

• Russia Hacked Ukrainian Satellite Communications, Officials Believe - BBC News

• Russia-linked InvisiMole APT Targets State Organizations Of Ukraine - Security Affairs

• Corrupted Open-Source Software Enters the Russian Battlefield | ZDNet

• Nestlé Says 'Anonymous' Data Leak Actually A Self-Own • The Register

Nation State Actors – China

• Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion (thehackernews.com)

• Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection | Threatpost

• Mustang Panda Hacking Group Takes Advantage Of Ukraine Crisis In New Attacks | ZDNet

Nation State Actors – North Korea

• Dual North Korean Hacking Efforts Found Attacking Google Chrome Vulnerability for 6 Weeks - CyberScoop

Vulnerabilities

• CISA Adds 66 Vulnerabilities To List Of Bugs Exploited In Attacks (bleepingcomputer.com)

• Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability (thehackernews.com)

• Three Critical RCE Flaws Affect Hundreds of HP Printer Models - Security Affairs

• Critical Sophos Firewall vulnerability allows remote code execution (bleepingcomputer.com)

• Vulnerabilities Found in 250 HP Printer Models | CSO Online

• VMware Fixes Carbon Black Command Injection, Upload Bugs • The Register

• Western Digital Fixes Critical Bug Giving Root On My Cloud NAS Devices (bleepingcomputer.com)

Sector Specific

Health/Medical/Pharma Sector

• Scottish Mental Health Charity SAMH Targeted In Cyber Attack - BBC News

• 12,000 Sensitive Patient Images Leaked - IT Security Guru

• Over 1 Million Impacted in Data Breach at Texas Dental Services Provider | SecurityWeek.Com

Retail/eCommerce

• For Magecart groups and other credit-card skimmers, old and new opportunities abound - CyberScoop

Transport and Aviation

• SATCOM Networks on High Alert After US Govt Warning • The Register

Energy & Utilities

• US Charges Four Russians Over Hacking Campaign on Energy Sector - BBC News

Education and Academia

• Heriot-Watt University in Second Week of Outage • The Register

Reports Published in the Last Week

• The 2022 State of Cyber Assets Report (jupiterone.com)

• 2022 Weak Password Report - Specops Software

Other News

• A Better Grasp of Cyber Attack Tactics Can Stop Criminals Faster (bleepingcomputer.com)

• The Chaos (and Cost) of the Lapsus$ Hacking Carnage | SecurityWeek.Com

• Soldiers told to use Signal instead of WhatsApp for security | The Times

• Cyber Security Compliance: Start With Proven Best Practices - Help Net Security

• Only 27% of Orgs Have Advanced Threat Protection on Endpoints | VentureBeat

• Okta Breach Leads To Questions On Disclosure, Reliance On Third-Party Vendors - CyberScoop

• The Challenges Audit Leaders Need To Look Out For This Year - Help Net Security

• South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau (thehackernews.com)

• ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed - Infosecurity Magazine

• Security Teams are Responsible for Over 165k Assets - Infosecurity Magazine

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Guernsey Cyber Security Warning for Islanders and Businesses

There has been a rise in cyber-attacks since the war in Ukraine began, according to the States of Guernsey and a cyber-security firm.

The States said: "We have seen a noticeable increase in the number of phishing emails since the war began."

The Channel Islands see more than 10 million cyber attacks every month, according to research by Guernsey firm Black Arrow Cyber Consulting.

It encouraged vigilance, as the islands are not immune to these attacks.

A States spokesman said: "The whole community needs to remain vigilant against such emails, which are designed to appear to be from reputable sources in order to dupe people into providing personal information or access to their device via the clicking of a link."

Bruce McDougall, from Black Arrow Cyber Consulting, said: "Criminals don't let a good opportunity go to waste. So they're conducting scams encouraging people to make false payments in the belief they're collecting for charities."

https://www.bbc.co.uk/news/world-europe-guernsey-60763398

CISOs Face 'Perfect Storm' Of Ransomware and State-Supported Cyber Crime

As some nations turn a blind eye, defence becomes life-or-death matter

With ransomware gangs raiding network after network, and nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.

"There's this marriage right now of financially motivated cyber crime that can have a critical infrastructure and economic impact," Curry said during a CISO roundtable hosted by his endpoint security shop. "And there are some nation states that do what we call state-ignored sanctioning," he continued, using Russia-based REvil and Conti ransomware groups as examples of criminal operations that benefit from their home governments looking the other way. 

"You get the umbrella of sovereignty, and you get the free license to be a privateer in essence," Curry said. "It's not just an economic threat. It's not just a geopolitical threat. It's a perfect storm."

It's probably not a huge surprise to anyone that destructive cyber attacks keep CISOs awake at night. But as chief information security officers across industries — in addition to Curry, the four others on the roundtable spanned retail, biopharmaceuticals, electronics manufacturing, and a cruise line — have watched threats evolve and criminal gangs mature, it becomes a battle to see who can innovate faster; the attackers or the defenders.

https://www.theregister.com/2022/03/18/ciso_security_storm/

Four Key Risks Exacerbated by Russia’s Invasion of Ukraine

Russia’s invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management (ERM) leaders to reassess previously established organisational risk profiles in at least four key areas, according to Gartner.

“Russia’s invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.

“As ERM leaders reassess their organisational risk models, they must also ensure a high frequency of communication with the C-Suite as to the critical changes that require attention now.”

There are four major areas of risk that ERM leaders should continually monitor and examine their mitigation strategies as part of a broader aligned assurance approach as the war continues: Talent Risk, Cyber Security Risk, Financial Risk and Supply Chain Risk

https://www.helpnetsecurity.com/2022/03/17/erm-leaders-risk/

These Four Types of Ransomware Make Up Nearly Three-Quarters of Reported Incidents

Any ransomware is a cyber security issue, but some strains are having more of an impact than others.

Ransomware causes problems no matter what brand it is, but some forms are noticeably more prolific than others, with four strains of the malware accounting for a combined total of almost 70% of all attacks.

According to analysis by cyber security company Intel 471, the most prevalent ransomware threat towards the end of 2021 was LockBit 2.0, which accounted for 29.7% of all reported incidents. Recent victims of LockBit have included Accenture and the French Ministry of Justice. 

Almost one in five reported incidents involved Conti ransomware, famous for several incidents over the past year, including an attack against the Irish Healthcare Executive. The group recently had chat logs leaked, providing insights into how a ransomware gang works. PYSA and Hive account for one in 10 reported ransomware attacks each.

"The most prevalent ransomware strain in the fourth quarter of 2021 was LockBit 2.0, which was responsible for 29.7% of all reported incidents, followed by Conti at 19%, PYSA at 10.5% and Hive at 10.1%," said the researchers.

https://www.zdnet.com/article/these-four-types-of-ransomware-make-up-nearly-three-quarters-of-reported-incidents/

Critical Infrastructure Threat as Ransomware Groups Target 'Enemies of Russia'

The cyber crime underground has fractured into pro-Ukraine and pro-Russia camps, with the latter increasingly focused on critical national infrastructure (CNI) targets in the West, according to a new report from Accenture.

The consulting giant’s Accenture Cyber Threat Intelligence (ACTI) arm warned that the ideological schism could spell mounting risk for Western organisations as pro-Kremlin criminal groups adopt quasi-hacktivist tactics to choose their next victims.

Organisations in the government, media, finance, insurance, utilities and resources sectors should be braced for more attacks, said ACTI.

https://www.infosecurity-magazine.com/news/critical-infrastructure-threat/

Cyber Insurance War Exclusions Loom Amid Ukraine Crisis

An expanding threat landscape is testing the limits of cyber insurance coverage.

The industry experienced a rapid maturation over the past three years as enterprises required a broader umbrella of insurance coverage to combat increasing cyber risks. While demands and premiums continue to rise, one recent area of contention involves war and hostile acts, an exclusion that's becoming harder to categorize.

A judgment in December, coupled with the Russian invasion last month that posed potential cyber retaliations to Ukraine allies, highlighted shortcomings in insurance policies when it comes to cyber conflicts.

https://www.techtarget.com/searchsecurity/news/252514592/Cyber-insurance-war-exclusions-loom-amid-Ukraine-crisis

Zelenskyy Deepfake Crude, But Still Might Be a Harbinger of Dangers Ahead

Several deepfake video experts called a doctored video of Ukrainian President Volodymyr Zelenskyy that went viral this week before social media platforms removed it a poorly executed example of the form, but nonetheless damaging.

Elements of the Zelenskyy deepfake — which purported to show him calling for surrender — made it easy to debunk, they said. But that won’t always be the case.

https://www.cyberscoop.com/zelenskyy-deepfake-troubles-experts/

Cyber Crooks’ Political In-Fighting Threatens the West

They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.

A rift has formed in the cyber crime underground: one that could strengthen, rather than cripple, the cyber-onslaught of ransomware.

According to a report, ever since the outbreak of war in Ukraine, “previously coexisting, financially motivated threat actors divided along ideological factions.”

“Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors, and are increasingly attempting to target Russian entities in support of Ukraine,” wrote researchers from Accenture’s Cyber Threat Intelligence (ACTI). “However, pro-Russian actors are increasingly aligning with hacktivist-like activity targeting ‘enemies of Russia,’ especially Western entities due to their claims of Western warmongering.”

What might otherwise seem like a good thing – bad guys fighting bad guys – may in fact pose an increased threat to the West.

https://threatpost.com/cybercrooks-political-in-fighting-threatens-the-west/178899/

Cloud-Based Email Threats Surge 50% in 2021

There was a 50% year-on-year surge in cloud-based email threats in 2021, but a drop in ransomware and business email compromise (BEC) detections as attacks became more targeted, according to Trend Micro.

The security vendor’s 2021 roundup report, Navigating New Frontiers, was compiled from data collected by customer-installed products and cloud-based threat intelligence.

It revealed that Trend Micro blocked 25.7 million email threats targeting Google Workspace and Microsoft 365 users last year, versus 16.7 million in 2020.

The number of phishing attempts almost doubled during the period, as threat actors continued to target home workers. Of these, 38% were focused on stealing credentials, the report claimed.

https://www.infosecurity-magazine.com/news/cloudbased-email-threats-surge-2021/

Millions of New Mobile Malware Strains Blitzed Enterprise in 2021

Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.

Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/millions-of-new-mobile-malware-strains-blitzed-enterprises-in-2021/

UK Criminal Defence Lawyer Hadn't Patched When Ransomware Hit

Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.

The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018.

The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.

https://www.theregister.com/2022/03/15/brit_solicitor_fined_for_failing/

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found.

The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.

Although the infection was contained at this stage, the researchers characterized the compromise as a case of a suspected ransomware attack.

The intrusion is said to have taken place in February 2022, with the attackers making use of post-exploitation tools such as ADFind, NetScan, SoftPerfect, and LaZagne. Also employed is an AccountRestore executable to brute-force administrator credentials and a forked version of a reverse tunneling tool called Ligolo.

https://thehackernews.com/2022/03/russian-ransomware-gang-retool-custom.html

The Massive Impact of Vulnerabilities in Critical Infrastructure

Recent cyber events have shown how extremely vulnerable critical infrastructure is. What are the biggest security concerns?

In any world conflict, one of the primary threats posed is cyber actors disabling or destroying the core infrastructure of the adversary. Based on the global reaction to the current world conflict, countries fear reprisals. The worry is that there will be collateral damage to the critical infrastructure of other countries not directly involved in the current conflict.

Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyber attacks. Though businesses are ramping up their security initiatives and investments to defend and protect, their efforts have largely been siloed, reactive, and lack business context. Lack of visibility of risk across the estate is a huge problem for this sector.

https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/

Threats

Ransomware

• Nearly 34 Ransomware Variants Observed in Hundreds of Cyber Attacks in Q4 2021 (thehackernews.com)

• Franchises, Partnerships Emerge in Ransomware-as-a-Service Operations | ZDNet

• Dozens of Ransomware Variants Used In 722 Attacks Over 3 Months (bleepingcomputer.com)

• Conti Leak: A Ransomware Gang's Chats Expose Its Crypto Plans | WIRED

• 6 Reasons Not to Pay Ransomware Attackers (darkreading.com)

• Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops | Threatpost

• SEC Filings Show Hidden Ransomware Costs And Losses | CSO Online

• Exotic Lily Sells Ransomware Groups Access To Targets • The Register

• New "Initial Access Broker" Working with Conti gang - IT Security Guru

• Google Exposes Tactics Of A Conti Ransomware Access Broker (bleepingcomputer.com)

• Avoslocker Ransomware Gang Targets US Critical Infrastructure - Security Affairs

• How Prepared Are Organisations To Face A Ransomware Attack On Kubernetes? - Help Net Security

• Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware (thehackernews.com)

• The Lapsus$ Hacking Group Is Off to a Chaotic Start | WIRED

• Bridgestone Cyber Attack Timeline and Ransomware Recovery Details - MSSP Alert

• Automotive Giant Denso Confirms Hack, Pandora Ransomware Group Takes Credit | ZDNet

Phishing & Email

• Massive Phishing Campaign Uses 500+ Domains To Steal Credentials (bleepingcomputer.com)

• How CAPTCHA Puzzles Cloak Phishing Page URLs In Emails • The Register

• Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks (darkreading.com)

• 76,000 Scams Taken Down Through Email Reporting - IT Security Guru

• Phony Instagram ‘Support Staff’ Emails Hit Insurance Company | Threatpost

• NCSC Catches 10 Million Phishes (computerweekly.com)

• This Browser-In-The-Browser Attack Is Perfect For Phishing • The Register

Malware

• New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw (thehackernews.com)

• Attacker Uses Websites' Contact Forms To Spread BazarLoader Malware | TechRepublic

• Gh0stCringe RAT Targeting Database Servers in Recent Attacks | SecurityWeek.Com

• Cyclops Blink Malware Sets Up Shop in ASUS Routers • The Register

• DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (thehackernews.com)

• Linux Botnet Exploits Log4j Flaw To Hijack Arm, x86 Systems • The Register

• New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel (360.com)

• Russian Cyclops Blink Botnet Launches Assault Against Asus Routers | ZDNet

• Uncovering Trickbot’s Use of IoT Devices In Command-And-Control Infrastructure - Microsoft Security Blog

• TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control (thehackernews.com)

Mobile

• Mobile Threats Skyrocket (darkreading.com)

• 2021 Mobile Security: Android More Vulnerabilities, iOS More Zero-Days (bleepingcomputer.com)

• Mobile Devices See 466% Annual Increase in Zero-Day Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• 'Escobar' Android malware steals your 2FA codes — and takes over your phone | Tom's Guide (tomsguide.com)

• Thousands of Secret Keys Found in Leaked Samsung Source Code | SecurityWeek.Com

• Scammers Have 2 Clever New Ways To Install Malicious Apps on iOS Devices | Ars Technica

• Threat Intel Report: Who Is Behind Staggering 190GB Samsung Galaxy Hack? (forbes.com)

• Android Trojan Persists On The Google Play Store Since January (bleepingcomputer.com)

• Mobile App Data Found Exposing API’s & Data In 1,000’s Of Cloud Databases - Information Security Buzz

IoT

• Smart Devices Spy On You – 2 Computer Scientists Explain How The Internet Of Things Can Violate Your Privacy (theconversation.com)

Organised Crime & Criminal Actors

• Who's Who In The Cyber Criminal Underground | CSO Online

• Financially Motivated Threat Actors Willing To Go After Russian Targets - Help Net Security

• A Third of Malicious Logins Originate in Nigeria - Infosecurity Magazine

• Phishers Exploit Ukraine Conflict To Solicit Crypto - IT Security Guru

Insider Risk and Insider Threats

• MITRE and Partners Build Insider Threat Knowledge Base | CSO Online

Fraud, Scams & Financial Crime

• UK Shoppers Face More Identity Checks When Buying Online | Consumer affairs | The Guardian

Supply Chain

• Container Vulnerability Opens Door For Supply Chain Attacks (techtarget.com)

DoS/DDoS

• Israeli Govt Sites Hit By Huge DDoS Attack • The Register

Cloud

• How Cloud Services Become Weapons In Russia-Ukraine Cyber Conflict | ZDNet

• The Next Big Cyber Security Threat Is Connected SaaS Platforms (thenextweb.com)

Privacy

• Smart Devices Are Spying on You Everywhere, And That's a Problem (sciencealert.com)

Passwords & Credential Stuffing

• NVIDIA Staff Shouldn’t Have Chosen Passwords Like These… • Graham Cluley

• Attackers Using Default Credentials To Target Businesses, Raspberry Pi And Linux Top Targets - Help Net Security

Regulations, Fines and Legislation

• CafePress Fined For Covering Up Customer Info Leak • The Register

• Meta Fined €17 Million by Irish Regulator for GDPR Violations | CSO Online

Spyware, Espionage & Cyber Warfare

• Would 'Cyber Geneva Conventions' Defuse Online Aggression? (darkreading.com)

Nation State Actors

Nation State Actors – Russia

• Conti Leaks Reveal the Ransomware Group’s Links to Russia | WIRED

• How The Cyber World Can Support Ukraine | World Economic Forum (weforum.org)

• Russia's Disinformation Uses Deepfake Video Of Zelenskyy Telling People To Lay Down Arms - Security Affairs

• FBI Warns of MFA Flaw Used By State Hackers For Lateral Movement (bleepingcomputer.com)

• Ukraine Secret Service Arrests Hacker Helping Russian Invaders (thehackernews.com)

• Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers (vice.com)

• German Government Advises Against Using Kaspersky Antivirus (bleepingcomputer.com)

• Russia Could Use Kaspersky Antivirus Software In Cyber Attacks In Europe, German Agency Warns | Euronews

• ‘It’s The Right Thing To Do’: The 300,000 Volunteer Hackers Coming Together To Fight Russia | Ukraine | The Guardian

• Ukraine's "IT Army" Hit With Info-Stealing Malware- IT Security Guru

• Viasat, Rosneft Hit By Cyber Attacks • The Register

• Mozilla Firefox Removes Russian Search Providers Over Misinformation Concerns (bleepingcomputer.com)

• Fake Antivirus Updates Used To Deploy Cobalt Strike in Ukraine (bleepingcomputer.com)

• Ukrainian Hacktivists Allegedly Dumps Kaspersky Product Source Code Online (Updated) - Lowyat.NET

• New CaddyWiper Data Wiping Malware Hits Ukrainian Networks (bleepingcomputer.com)

• Top Ukrainian Cyber Official Praises Volunteer Hacks On Russian Targets, Offers Updates - CyberScoop

• Anonymous Sent A Message To Russians: "Remove Putin" - Security Affairs

• Cyber Attacks Cripple Russian Websites After Ukraine Invasion (gizmodo.com)

• Russia Faces IT Crisis With Just Two Months Of Data Storage Left (bleepingcomputer.com)

• Russia Labels Meta 'Extremist Organisation, Bans Instagram • The Register

Nation State Actors – China

• China-Linked Threat Actors Are Targeting The Government Of Ukraine - Security Affairs

• China Claims It Captured NSA Spy Tool That Already Leaked • The Register

Nation State Actors – Iran

• Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers (thehackernews.com)

Vulnerabilities

• CISA Adds 15 Vulnerabilities To List Of Flaws Exploited In Attacks (bleepingcomputer.com)

• New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access (thehackernews.com)

• Apple Patch Day: Gaping Security Holes in iOS, macOS, iPadOS | SecurityWeek.Com

• OpenSSL Patches Denial-Of-Service Certificate Flaw • The Register

• OpenSSL Patches Infinite-Loop DoS Bug In Certificate Verification – Naked Security (sophos.com)

• Nasty Linux Netfilter Firewall Security Hole Found | ZDNet

• SolarWinds Warns Of Attacks Targeting Web Help Desk Instances (bleepingcomputer.com)

• High-Severity Vulnerabilities Patched in BIND Server | SecurityWeek.Com

• QNAP Warns Severe Linux Bug Affects Most Of Its NAS Devices (bleepingcomputer.com)

Sector Specific

Financial Services Sector

• Top Threats For The Financial Sector - Help Net Security

• Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines (thehackernews.com)

• Banks on Alert For Russian Reprisal Cyber Attacks on Swift | Ars Technica

• Fraudsters Use Intelligent Bots To Attack Financial Institutions (scmagazine.com)

• 70% of Financial Service Providers Are Implementing API Security - Help Net Security

• Report: Payment Fraud Attacks Against Fintech Companies Soar By 70% In 2021 - Information Security Buzz

Health/Medical/Pharma Sector

• Healthcare Cyber Security Trends: Organisations Not Quite Ready To Deal With Threats - Help Net Security

• Hospitals Warned Of 'Phone Calls And Emails From Hackers' As Russia-Ukraine War Rages - Manchester Evening News

• Nearly 300k Heart Patients’ Data Exposed - Infosecurity Magazine

Transport and Aviation

• Aircraft Disrupted by Satellite Jamming Following Russian Invasion - Infosecurity Magazine

• EU & US Agencies Warn That Russia Could Attack Satellite Communications - Security Affairs

Reports Published in the Last Week

• 2022 Global Mobile Threat Report: Key Insights on the State of Mobile Security - Zimperium Mobile Security Blog

Other News

• Does the Free World Need a Global Cyber Alliance? | SecurityWeek.Com

• Why EDR Is Not Sufficient To Protect Your Organisation - Help Net Security

• Public and Private Sector Security: Better Protection by Collaboration | SecurityWeek.Com

• The Importance Of Building In Security During Software Development - Help Net Security

• How Fast Can Organisations Respond To A Cyber Security Crisis? - Help Net Security

• Researcher Uses 379-Year-Old Algorithm To Crack Crypto Keys Found In The Wild | Ars Technica

• How Pen Testing Gains Critical Security Buy-in and Defence Insight (darkreading.com)

• DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data | Threatpost

• When IT Spending Plans Don't Reflect Security Priorities (darkreading.com)

• Half of People Accept All Cookies Despite The Security Risk | TechRadar

• Business Is At Last Collaborating On Cyber Security | Financial Times (ft.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Sharp Rise in SMB Cyber Attacks by Russia and China

SaaS Alerts, a cloud security company, unveiled the findings of its latest report which analysed approximately 136 million security events across 2,100 small and medium businesses (SMBs) globally and identified cyber trends negatively impacting businesses.

The findings of the report take into account security events occurring across more than 120,000 user accounts during the period of January 1st to December 31st, 2021 and shows that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are originating from Russia and China. The data set is statistically significant and enables solution providers managing a portfolio of SaaS applications with pertinent data and trends to support defensive IT security re-alignments as required.

https://www.helpnetsecurity.com/2022/03/09/saas-security-events-smbs/

We're Seeing An 800% Increase in Cyber Attacks, Says One Managed Service Provider

Revenge and inflation are believed to be key drivers behind an 800 percent increase in cyber attacks seen by a single managed services provider since the days before the onset of Russia's invasion of Ukraine last month.

The attacks are coming not only from groups inside of Russia but also from elsewhere within the region as well from Russia allies like North Korea and Iran, historically sources of global cyber-threats.

The MSP serves about 2,400 companies around the world, most of them small businesses and midsize enterprises and most in North America. The MSP said it has seen the spike in cyber attacks throughout its customer base.

The sharp rise has been attributed to pro-Russian cyber criminal groups linked to nation states lashing out at countries – first Ukraine and then Western countries – angry at the sanctions being levelled against Russia. At the same time, the sharp inflation that is spreading around the world is also hitting hackers, who need to make money to keep up with rising costs.

https://www.theregister.com/2022/03/11/russia-invasion-cyber-war-rages/

Internet Warfare: How the Russians Could Paralyse Britain

The collapse of critical national infrastructure is a science fiction staple. Fifty years ago, actively switching off a country’s water and power networks would have required huge physical damage to power stations and the sources of those services. Today, however, many of the tools we use every day are connected to the internet.

All of those things now have remote access — and therefore, all of them could be vulnerable.

Ukraine has been blitzed by cyber attacks since the annexation of Crimea in 2014 and they have increased in the lead-up to the invasion. As Russia marched into Ukraine, British officials were concerned about “spillover” from any cyber offensives targeted thousands of miles away.

In today’s interconnected digital world, the reality is that distance from the conflict zone makes no difference.

As the West fears a cyber-reprisal, what would a successful attack look like in Britain — and how likely is a complete “network failure”?

https://www.thetimes.co.uk/article/russia-cyberattack-uk-what-would-happen-l3dt98dmb

Just 3% Of Employees Cause 92% Of Malware Events

A small group of employees is typically responsible for most of the digital risk in an organisation, according to new research.

The report, from cybersecurity company Elevate Security and cyber security research organisation Cyentia, also found that those putting their companies at risk from phishing, malware, and insecure browsing are often repeat offenders.

The research found that 4% of employees clicked 80% of phishing links, and 3% were responsible for 92% of malware events.

Four in five employees have never clicked on a phishing email, according to the research. In fact, it asserts that half of them never see one, highlighting the need to focus anti-phishing efforts on at-risk workers.

The malware that phishing and other attack vectors deliver also affects a small group of employees. The research found that 96% of users have never suffered from a malware event. Most malware events revolve around the 3% of users who suffered from two malware events or more, reinforcing the notion that security awareness messages just aren't getting through to some.

https://www.itpro.co.uk/security/malware/366011/just-3-of-employees-cause-92-of-malware-events

70% Of Breached Passwords Are Still in Use

A new report examines trends related to exposed data. Researchers identified 1.7 billion exposed credentials, a 15% increase from 2020, and 13.8 billion recaptured Personally Identifiable Information (PII) records obtained from breaches in 2021.

Through its analysis of this data, it was found that despite increasingly sophisticated and targeted cyber attacks, consumers continue to engage in poor cyber practices regarding passwords, including the use of similar passwords for multiple accounts, weak or common passwords and passwords containing easy-to-guess words or phrases connected to pop culture.

https://www.helpnetsecurity.com/2022/03/08/exposed-data-trends/

Organisations Taking Nearly Two Months to Remediate Critical Risk Vulnerabilities

Edgescan announces the findings of a report which offers a comprehensive view of the state of vulnerability management globally. This year’s report takes a more granular look at the trends by industry, and provides details on which of the known, patchable vulnerabilities are currently being exploited by threat actors.

The report reveals that organisations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days.

High rates of “known” (i.e. patchable) vulnerabilities which have working exploits in the wild, used by known nation state and cybercriminal groups are not uncommon.

Crucially, 57% of all observed vulnerabilities are more than two years old, with as many as 17% being more than five years old. These are all vulnerabilities that have working exploits in the wild, used by known nation state and cybercriminal groups. Edgescan also observed a concerning 1.5% of known, unpatched vulnerabilities that are over 20 years old, dating back to 1999.

https://www.helpnetsecurity.com/2022/03/10/state-of-vulnerability-management/

Android Malware Escobar Steals Your Google Authenticator MFA Codes

The Aberebot Android banking trojan has returned under the name 'Escobar' with new features, including stealing Google Authenticator multi-factor authentication codes.

The new features in the latest Aberebot version also include taking control of the infected Android devices using VNC, recording audio, and taking photos, while also expanding the set of targeted apps for credential theft.

The main goal of the trojan is to steal enough information to allow the threat actors to take over victims' bank accounts, siphon available balances, and perform unauthorised transactions.

Like most banking trojans, Escobar displays overlay login forms to hijack user interactions with e-banking apps and websites and steal credentials from victims.

The malware also packs several other features that make it potent against any Android version, even if the overlay injections are blocked in some manner.

The authors have expanded the set of targeted banks and financial institutions to a whopping 190 entities from 18 countries in the latest version.

https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/

Smartphone Malware Is on The Rise - Here's How to Stay Safe

The volume of malware attacks targeting mobile devices has skyrocketed so far this year, cyber security researchers are saying.

A new report from security company Proofpoint claims that the number of detected mobile malware attacks has spiked 500% in the first few months of 2022, with peaks at the beginning and end of February.

Much of this malware aims to steal usernames and passwords from mobile banking applications, Proofpoint says. But some strains are even more sinister, recording audio and video from infected devices, tracking the victim's location, or exfiltrating and deleting data.

https://www.techradar.com/nz/news/smartphone-malware-is-coming-for-more-and-more-of-us

Russia May Use Ransomware Payouts to Avoid Sanctions’ Financial Harm

FinCEN warns financial institutions to be wary of unusual cryptocurrency payments or illegal transactions Russia may use to ease financial hurt from Ukraine-linked sanctions.

Russia may ramp up ransomware attacks against the United States as a way to ease the financial hurt it’s under due to sanctions, U.S. federal authorities are warning. Those sanctions have been levied against the nation and Vladimir Putin’s government due to its invasion of Ukraine.

The Financial Crimes Enforcement Network (FinCEN) issued a FinCEN Alert (PDF) on Wednesday advising all financial institutions to remain vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions related to the current conflict. One way this may be done is to move cryptocurrency funds through ransomware payments collected after Russian state-sponsored actors carry out cyberattacks.

“In the face of mounting economic pressure on Russia, it is vitally important for financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs,” said FinCEN Acting Director Him Das in a press statement.

https://threatpost.com/russia-ransomware-payouts-avoid-sanctions/178854/

How An 8-Character Password Could Be Cracked in Less Than an Hour

Security experts keep advising us to create strong and complex passwords to protect our online accounts and data from savvy cybercriminals. And “complex” typically means using lowercase and uppercase characters, numbers and even special symbols. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems.

As described in a recent report, Hive found that an 8-character complex password could be cracked in just 39 minutes if the attacker were to take advantage of the latest graphics processing technology. A seven-character complex password could be cracked in 31 seconds, while one with six or fewer characters could be cracked instantly. Shorter passwords with only one or two character types, such as only numbers or lowercase letters, or only numbers and letters, would take just minutes to crack.

https://www.techrepublic.com/article/how-an-8-character-password-could-be-cracked-in-less-than-an-hour/

Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance

Cyber insurance is a significant industry and growing fast — according to GlobalData, it was worth $7 billion in gross written premiums in 2020. The cyber-insurance market is expected to reach $20.6 billion by 2025. Over the past few years, the cyber-insurance market was competitive, so premiums were low and policies were comprehensive. Over the past year, that has changed — the volume of claims has gone up and led to more payouts, which affected the insurance companies' profitability.

The recent Log4j issue will affect how insurance and reinsurance companies write their policies in future. Already, we're seeing discussions about Log4j-related issues being excluded from reinsurance policies in 2022, as many policies came up for renewal on Dec. 31, 2021. This will affect the policies that insurance companies can offer to their customers.

What does this mean for IT security teams? For practitioners, it will make their work more important than before, as preventing possible issues would be more valuable to the business. Carrying out standard security practices like asset inventory and vulnerability management will be needed, while examining software bills of materials for those same issues will help on the software supply chain security side. These practices will also need to be highly automated, as business must be able to gain accurate insights within hours, not months, to deal with future threats while reducing the cost impact.

For those responsible for wider business risk, these developments around cyber insurance will present a more significant problem. Cyber-insurance policies will still be available — and necessary where needed — but the policies themselves will cover less ground. While the past few years had pretty wide-ranging policies that would pay out on a range of issues, future policies will deliver less coverage.

https://www.darkreading.com/risk/cyber-insurance-and-business-risk-how-the-relationship-is-changing-reinsurance-policy-guidance-

Security Teams Prep Too Slowly for Cyber Attacks

Attackers typically take days or weeks to exploit new vulnerabilities, but defenders are slow to learn about critical issues and take action, requiring 96 days on average to learn to identify and block current cyber threats, according to a new report analysing training and crisis scenarios.

The report, Cyber Workforce Benchmark 2022, found that cybersecurity professionals are much more likely to focus on vulnerabilities that have garnered media attention, such as Log4j, than more understated issues, and that different industries develop their security capabilities at widely different rates. Security professionals in some of the most crucial industries, such as transport and critical infrastructure, are twice as slow to learn skills compare to their colleagues in the leisure, entertainment, and retail sectors.

The amount of time it takes for security professionals to get up to speed on new threats matters. CISA says that patches should be applied within 15 days, sooner than that if the vulnerability is being exploited, says Kevin Breen, director of cyber threat research at Immersive Labs.

https://www.darkreading.com/risk/security-teams-prep-too-slowly-for-cyberattacks

Threats

Ransomware

• Inside Conti leaks: The Panama Papers of Ransomware - The Record by Recorded Future

• Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up... Sort Of - Check Point Research

• Oh, The Irony! Conti Ransomware Gang, Which Leaked Ransomware Victims’ Data, Has Its Own Data Leaked (grahamcluley.com)

• CISA Added 98 Domains To The Joint Alert Related To Conti Ransomware Gang - Security Affairs

• Ragnar Locker Ransomware - What You Need To Know (tripwire.com)

• Conti Ransomware Group Spent Millions In 2021 - IT Security Guru

• Ragnar Locker Ransomware Hits Critical Infrastructure • The Register

• Ukrainian Man Arrested for Alleged Role in Ransomware Attack on Kaseya, Others (darkreading.com)

• FBI: Ransomware Gang Breached 52 US Critical Infrastructure Orgs (bleepingcomputer.com)

• Alleged REvil Ransomware Hacker Extradited And Arraigned In Texas | CSO Online

• Bridgestone Americas Confirms Ransomware Attack, LockBit Leaks Data (bleepingcomputer.com)

Phishing & Email

• How Phishing Email Are Evading Email Security - MSSP Alert

• Watch Out For This Phishing Attack That Hijacks Your Email Chats To Spread Malware | ZDNet

• The Most Impersonated Brands In Phishing Attacks - Help Net Security

Malware

• Nvidia's Stolen Data Is Being Used To Disguise Malware As GPU Drivers | PC Gamer

• Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads | Threatpost

• Emotet Botnet Is Rapidly Growing, +130K Bots Spread Across 179 Countries - Security Affairs

• Raccoon Stealer Crawls Into Telegram | Threatpost

• All About the Bots: What Botnet Trends Portend for Security Pros | SecurityWeek.Com

Mobile

• Smartphone malware is on the rise, here's what to watch out for | ZDNet

• Samsung Confirms Hackers Stole Galaxy Devices Source Code (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Cyber Criminals Are Posing As Ukraine Fundraisers To Steal Cryptocurrency - CyberScoop

• Cyber Criminals Compromise Users With Malware Disguised As Pro-Ukraine Cyber Tools - Cisco Talos Intelligence Group

Cryptocurrency/Cryptomining/Cryptojacking

• Russians Liquidating Crypto In The UAE As They Seek Safe Havens | Reuters

Fraud, Scams & Financial Crime

• Consumers Worried About Digital Banking Security - Infosecurity Magazine (infosecurity-magazine.com)

• Shipping Fraud Quickly Emerging As One Of The Top Fraud Types - Help Net Security

Insurance

• The Cyber Insurance Market Needs More Money (hbr.org)

Supply Chain

• Major Tech Firms Launch Security First Initiative To Combat Third-Party Data Breaches - Help Net Security

DoS/DDoS

• Mitel VoIP Systems Used In Staggering DDoS Attacks • The Register

• In-The-Wild DDoS Attack Can Be Launched From A Single Packet To Create Terabytes Of Traffic | ZDNet

• Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers | Threatpost

• The Fight Against the Hydra: New DDoS Report from Link11 (darkreading.com)

• Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks (thehackernews.com)

Parental Controls and Child Safety

• Still Too Many Parents Don't Monitor Their Children's Online Activity - Help Net Security

Spyware, Espionage & Cyber Warfare

• ‘We are not ready’: a Cyber Expert on US Vulnerability to a Russian Attack | Cyberwar | The Guardian

• China-Aligned APT Renews Cyber Attack On European Diplomats, As War Rages | CSO Online

• European Lawmakers Launch Investigation Into Use Of Pegasus Spyware By EU States | TechCrunch

Nation State Actors

Nation State Actors - Russia

• Jump In Cyber Attacks Since Start Of Ukraine Invasion (rte.ie)

• Will Russian Oil Ban Spur Increased Cyber-Attacks (trendmicro.com)

• Russia to Create Its Own Security Certificate Authority, Alarming Experts - CyberScoop

• Russian APTs Furiously Phish Ukraine – Google | Threatpost

• Russia Mulls Legalizing Software Piracy As It’s Cut Off From Western Tech | Ars Technica

• Ukrainian IT Army Hijacked by Infostealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks (thehackernews.com)

• French Bank Denies Access to Russian Workforce - Infosecurity Magazine (infosecurity-magazine.com)

• New RURansom Wiper Targets Russia (trendmicro.com)

• Anonymous & its Affiliates Hacked 90% of Russian Misconfigured Databases (hackread.com)

• Anonymous Claims to Have Leaked Over 360,000 Files From Russian Federal Agency - Infosecurity Magazine

Nation State Actors - China

• Chinese Phishing Actors Consistently Targeting EU Diplomats (bleepingcomputer.com)

• Comment: Chinese Spies Hacked A Livestock App To Breach US State Networks - Information Security Buzz

• Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant (thehackernews.com)

Nation State Actors – North Korea

• Targeted APT Activity: BABYSHARK Is Out for Blood - MSSP Alert

Nation State Actors - Iran

• Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign (thehackernews.com)

Vulnerabilities

• Linux Has Been Bitten By Its Most High-Severity Vulnerability In Years | Ars Technica

• High Rates Of Known, Exploitable Vulnerabilities Still Found In The Wild, Report Reveals - IT Security Guru

• Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday | Threatpost

• New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs (thehackernews.com)

• Google Attempts to Explain Surge in Chrome Zero-Day Exploitation | SecurityWeek.Com

• “Dirty Pipe” Linux Kernel Bug Lets Anyone Write To Any File – Naked Security (sophos.com)

• Microsoft Azure Flaw Allowed Unauthorized Account Access • The Register

• Intel, AMD, Arm Warn Of New Speculative Execution CPU Bugs (bleepingcomputer.com)

• Adobe Patches 'Critical' Security Flaws in Illustrator, After Effects | SecurityWeek.Com

• Up to 30% of WordPress Plugin Bugs Don't Get Patched - IT Security Guru

• Within Hours of the Log4j Flaw Being Revealed, These Hackers Were Using It | ZDNet

• Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape | Threatpost

• Microsoft Warns of Spoofing Vulnerability in Defender for Endpoint | SecurityWeek.Com

• Microsoft Fixes Critical Azure Bug That Exposed Customer Data (bleepingcomputer.com)

• Researchers Disclose New Spectre V2 Vulnerabilities (techtarget.com)

• Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices (thehackernews.com)

• Over 40% of Log4j Downloads Are Vulnerable Versions of the Software (darkreading.com)

• HP Patches 16 UEFI Firmware Bugs Allowing Stealthy Malware Infections (bleepingcomputer.com)

• Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses (thehackernews.com)

Sector Specific

Health/Medical/Pharma Sector

• Medical and IoT Devices From More Than 100 Vendors Vulnerable to Attack (darkreading.com)

• Oklahoma Hospital Data Breach Impacts 92,000 People - Infosecurity Magazine

Transport and Aviation

• Finnish Govt Agency Warns Of Unusual Aircraft GPS Interference (bleepingcomputer.com)

Automotive

• Small Business Owners Worried About The Cyber Security Of Their Commercial Vehicles - Help Net Security

CNI, OT, ICS, IIoT and SCADA

• ICS Vulnerability Disclosures Surge 110% Over The Last Four Years - Help Net Security

• New Security Threats Target Industrial Control And OT Environments - CyberScoop

Reports Published in the Last Week

• 2022 Vulnerability Statistics Report - Edgescan

• Pinpoint the Origins of Workforce Risk - Elevate Security

Other News

• Why You Should Be Using CISA's Catalog of Exploited Vulns (darkreading.com)

• How Attackers Sidestep The Cyber Kill Chain | CSO Online

• How to Combat the No. 1 Cause of Security Breaches: Complexity (darkreading.com)

• Every Business Is A Cyber Security Business - Help Net Security

• Operationalising a “Think Like The Enemy” Strategy | CSO Online

• SpaceX Shifts Resources To Cyber Security To Address Starlink Jamming - SpaceNews

• Report: Cyber Security Teams Need Nearly 100 Days To Develop Threat Defenses | VentureBeat

• 6 Potential Enterprise Security Risks With NFC Technology (techtarget.com)

• BBC Targeted With 383,278 Spam, Phishing And Malware Attacks Every Day - Help Net Security

• Ubisoft Says It Experienced A ‘Cyber Security Incident’, And The Purported Nvidia Hackers Are Taking Credit - The Verge

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Criminals Exploit Invasion of Ukraine

Cyber criminals are exploiting Russia’s ongoing invasion of Ukraine to commit digital fraud.

In a blog, researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine.

Since March 1, researchers have been tracking two specific phishing campaigns designed to infect victims with Agent Tesla and Remcos remote access Trojans.

Agent Tesla is a malware-as-a-service (MaaS) Remote Access Trojan (RAT) and data stealer that can be used to exfiltrate sensitive information, including credentials, keystrokes and clipboard data from victims.

Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. Once inside, attackers can capture keystrokes, screenshots, credentials and other sensitive system data and exfiltrate it.

https://www.infosecurity-magazine.com/news/cyber-criminals-invasion-ukraine/

UK Data Watchdog Urges Vigilance Amid Heightened Cyber Threat

The UK’s Information Commissioner’s Office (ICO) reports a ‘steady and significant’ increase in cyber-attacks against UK firms over the past two years.

Employees should report any suspicious emails rather than delete them and firms must step up their vigilance against cyber-attacks in the face of a heightened threat from Russian hackers, the UK’s data watchdog has said.

John Edwards, the Information Commissioner, said a new era of security had begun where instead of blacking out windows, people needed to maintain vigilance over their inboxes.

Experts including the UK’s cyber security agency have said Russian hackers could target Britain, and the imposition of sanctions by London on Moscow has increased those fears.

Asked about the potential for a Russia-Ukraine cyber conflict spreading to the UK, Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.”

https://www.theguardian.com/technology/2022/mar/04/uk-data-watchdog-urges-vigilance-amid-heightened-cyber-threat

Phishing - Still a Problem, Despite All The Work

Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.

Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?

https://www.ncsc.gov.uk/blog-post/phishing-still-a-problem-despite-the-work

Phishing Attacks Hit All-Time High in December 2021

The Anti-Phishing Working Group international consortium (APWG) saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it began its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.

In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.

Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.

The solution provider Abnormal Security observed 4,200 companies, organisations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.

“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.

https://www.helpnetsecurity.com/2022/03/03/phishing-attacks-december-2021/

Ransomware Infections Top List of The Most Common Results of Phishing Attacks

A report from insider threat management software company Egress found some startling conclusions when it spoke to IT leadership: Despite the pervasive and very serious threat of ransomware, very few boards of directors consider it a top priority.

Eighty-four percent of organisations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren’t hit with a phishing attack, and you still end up at around 50% of all organisations having been hit with ransomware in 2021.

Egress said that its data shows there has been a 15% increase in successful phishing attacks over the past 12 months, with the bulk of the attacks utilising malicious links and attachments. Those methods aren’t new, but a 15% increase in successful attacks means that something isn’t working.

https://www.techrepublic.com/article/ransomware-infections-top-list-of-the-most-common-results-of-phishing-attacks/

Social Media Phishing Attacks Are at An All Time High

Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.

The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analysed phishing attack patterns that unfolded throughout 2021.

As part of their report, Vade analysed 184,977 phishing pages to create stats based on a billion corporate and consumer mailboxes that the cyber security firm protects.

Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures.

https://www.bleepingcomputer.com/news/security/social-media-phishing-attacks-are-at-an-all-time-high/

Insurance Giant AON Hit by a Cyber Attack

Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.

AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cyber security consulting, risk solutions, healthcare insurance, and wealth management products.

AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.

In a filing with the US SEC, AON has disclosed that they suffered a cyberattack on February 25th, 2022.

AON has not provided any details of the attack other than that it occurred and affected a limited number of systems.

The company stated that although in the early stages of assessing the incident, based on the information currently known, the company did not expect the incident to have a material impact on its business, operations or financial condition.

In addition to being an insurance broker, AON is also a leading reinsurance company, meaning that they insure the insurance companies.

https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/

How Prepared Are Organisations to Face Email-Based Ransomware Attacks?

Proofpoint released a report which provides an in-depth look at user phishing awareness, vulnerability, and resilience. The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organisations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks (BEC) (18% YoY increase of BEC attacks from 2020), reflecting cyber criminals’ continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities

This year’s report examines responses from commissioned surveys of 600 information and IT security professionals and 3,500 workers in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses data from nearly 100 million simulated phishing attacks sent by customers to their employees over a one-year period, along with more than 15 million emails reported via the user-activated PhishAlarm reporting button.

Attacks in 2021 also had a much wider impact than in 2020, with 83% of survey respondents revealing their organisation experienced at least one successful email-based phishing attack, up from 57% in 2020. In line with this, 68% of organisations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit. The year-over-year increase remains steady but representative of the challenges organisations faced as ransomware attacks surged in 2021.

https://www.helpnetsecurity.com/2022/02/28/email-based-ransomware-attacks/

The Most Impersonated Brands in Phishing Attacks

Vade announced its annual ranking of the top 20 most impersonated brands in phishing. Facebook, which was in the second spot in 2020, rose to the top spot for 2021, representing 14% of phishing pages, followed by Microsoft, with 13%.

The report analysed 184,977 phishing pages linked from unique phishing emails between January 1, 2021 and December 31, 2021.

Key findings:

·         Financial services is the most impersonated industry

·         Microsoft is the most impersonated cloud brand and the top corporate brand

·         Facebook dominates social media phishing

·         35% of all phishing pages impersonated financial services brands

·         Mondays and Tuesdays are the top days for phishing

·         78% of phishing attacks occur on weekdays

·         Monday and Thursday are the top days for Facebook phishing

·         Thursday and Friday are the top days for Microsoft phishing

https://www.helpnetsecurity.com/2022/03/04/most-impersonated-brands-phishing/

As War Escalates in Europe, It’s ‘Shields Up’ For The Cyber Security Industry

In unprecedented times, even government bureaucracy moves quickly. As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the US Cybersecurity and Infrastructure Security Agency (CISA) — part of the Department of Homeland Security — issued an unprecedented warning recommending that “all organisations — regardless of size — adopt a heightened posture when it comes to cyber security and protecting their most critical assets.”

The blanket warning is for all industries to take notice. Indeed, it’s a juxtaposition of sorts to think the cyber security industry is vulnerable to cyber attack, but for many nation state groups, this is their first port of call.

Inspired by the spike in attacks on cyber security agencies globally, a report from Reposify assessed the state of the cyber security industry’s external attack surface (EAS). It coincides with CISA’s warning, and highlights critical areas of concern for the sector and how they mirror trends amongst pharmaceutical and financial companies, providing vital insight into where organisations can focus their efforts, and reinforce the digital perimeter.

https://techcrunch.com/2022/03/02/as-war-escalates-in-europe-its-shields-up-for-the-cybersecurity-industry/

2022 May Be The Year Cyber Crime Returns Its Focus to Consumers

Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers.

This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.

ReasonLabs has compiled a detailed report on the status of consumer-level cyber security and what trends are most likely to emerge this year.

https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/

Kaspersky Neutral Stance in Doubt As It Shields Kremlin

Kaspersky Lab is protecting the resources of the Russian Ministry of Defence and other high-value domains that are instrumental to the Russian propaganda machine – Russia Today, TASS news agency, Gazprom bank.

The company insists that they ‘never provide any law enforcement or government organisation with access to user data or the company's infrastructure.”

Eugene Kaspersky's refusal to condemn the Kremlin for its invasion of Ukraine set the cyber security community on fire. His company has tried to shake ties to the Russian government for years but hasn't succeeded quite yet. And recent events, it seems, only made things worse.

"We welcome the start of negotiations to resolve the current situation in Ukraine and hope that they will lead to a cessation of hostilities and a compromise. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn't good for anyone," Eugene Kaspersky tweeted when Russian and Ukrainian delegations met for peace talks near Ukraine's border with Belarus.

https://cybernews.com/security/kaspersky-neutral-stance-in-doubt-as-it-shields-kremlin/

Threats

Ransomware

• Accelerated Ransomware Attacks Pressure Targeted Companies to Speed Response (darkreading.com)

• Toyota Japan Shutters 14 Plants After Probable Cyber Attack • The Register

• Bridgestone Still Struggling With Plant Closures Across North America After Cyber Attack | ZDNet

• Cyber Criminals Who Breached Nvidia Issue One Of The Most Unusual Demands Ever | Ars Technica

• Conti Ransomware's Internal Chats Leaked After Siding With Russia (bleepingcomputer.com)

• Conti Group Encrypts Karma Ransomware Extortion Notes - Infosecurity Magazine

Phishing & Email

• Unusual Sign-In Activity Mail Goes Phishing For Microsoft Account Holders | Malwarebytes Labs

Other Social Engineering

• 'Several Combinations Of Social Engineering' Used During Cyber Attack On Camera Maker Axis | ZDNet

• Instagram Scammers As Busy As Ever: Passwords And 2FA Codes At Risk – Naked Security (sophos.com)

Malware

• TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (thehackernews.com)

• Rebirth of Emotet: New Features of the Botnet and How to Detect it (thehackernews.com)

Mobile

• How Much Do Different Generations Trust Their Mobile Devices' Security? - Help Net Security

• TeaBot Android Banking Trojan Continues Its Global Conquest With New Upgrades | ZDNet

• This Nasty Android Malware Steals Your Passwords — What You Need To Know [Update] | Tom's Guide (tomsguide.com)

• SharkBot Malware Hides As Android Antivirus In Google Play (bleepingcomputer.com)

• A New Money-Stealing Malware Makes Rounds On Google Play Store Posing As An Innocent App With Over 50,000 Downloads - NotebookCheck.net News

Data Breaches/Leaks

• Hackers Leak 190GB Of Alleged Samsung Data, Source Code (bleepingcomputer.com)

• NVIDIA Data Breach Exposed Credentials Of Over 71,000 Employees (bleepingcomputer.com)

• 250,000-Plus Lawyer Disciplinary Records Leak • The Register

• Swiss Bank Requests Destruction of Documents - Infosecurity Magazine

Organised Crime & Criminal Actors

• Ukraine-Russia Cyber Warzone Splits Cyber Underground | Threatpost

Cryptocurrency/Cryptomining/Cryptojacking

• Hackers Threaten To Turn Every Nvidia GPU Into A Bitcoin Mining Machine | TechRadar

• Beware of Ongoing Crypto Cyber War Amidst the Ukraine Russian War in 2022 (analyticsinsight.net)

• Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Don’t Be Fooled Into Thinking You’re Too Smart To Be Scammed | News | The Sunday Times (thetimes.co.uk)

DoS/DDoS

• DDoSers Are Using A Potent New Method To Deliver Attacks Of Unthinkable Size | Ars Technica

• DDoS Attackers Have Found This New Trick To Knock Over Websites | ZDNet

• Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks (thehackernews.com)

• Log4shell Exploits Now Used Mostly For DDoS Botnets, Cryptominers (bleepingcomputer.com)

Nation State Actors

• Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation | Mandiant

• Charities, Aid Orgs In Ukraine Attacked With Malware (bleepingcomputer.com)

• Cyber Attacks In Ukraine Could Reach Other Countries - IT Security Guru

• Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (thehackernews.com)

• Ukraine Digital Army Brews Cyberattacks, Intel and Infowar | SecurityWeek.Com

• Ukraine Security Agencies Warn Of Ghostwriter Threat Activity, Phishing Campaigns | ZDNet

• Ukraine Asks ICANN To Revoke Russian Domains And Shut Down DNS Root Servers | Ars Technica

• IsaacWiper, The Third Wiper Spotted Since The Beginning Of Russian Invasion - Security Affairs

• Ukrainian Sites Saw A 10x Increase In Attacks When Invasion Started (bleepingcomputer.com)

• Cyber Attacks in Ukraine: New Worm-Spreading Data-Wiper With Ransomware Smokescreen | SecurityWeek.Com

• Chinese Malware Targeted Multiple Governments • The Register

• Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (thehackernews.com)

Passwords & Credential Stuffing

• Microsoft Accounts Targeted by Russian-Themed Credential Harvesting | Threatpost

Spyware, Espionage & Cyber Warfare

• Cyber Attack on NATO Could Trigger Collective Defence Clause - Official | Reuters

• Ukraine Conflict Spurs Questions Of How To Define Cyberwar - CyberScoop

• How China Built A One-Of-A-Kind Cyber-Espionage Behemoth To Last | MIT Technology Review

• Russia's Space Chief Says Hacking Satellites 'A Cause For War' - POLITICO

• Ukraine Is Building An 'It Army' Of Volunteers, Something That's Never Been Tried Before | ZDNet

• China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (thehackernews.com)

Vulnerabilities

• Get Patching Now: CISA Adds Another 95 Flaws To Its Known Exploited Vulnerabilities List | ZDNet

• Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products | SecurityWeek.Com

• Firefox Patches Two In-The-Wild Exploits – Update Now! – Naked Security (sophos.com)

• New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container (thehackernews.com)

• Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (thehackernews.com)

• New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances (thehackernews.com)

• Log4Shell Threat Far From Gone: Attackers Continue To Target Vulnerability - Information Security Buzz

Sector Specific

Financial Services Sector

• Banks Brace For Retaliatory Ransomware Attacks From Russia | Bitcoinist.com

Health/Medical/Pharma Sector

• Conti And Karma Actors Attack Healthcare Provider At Same Time Through ProxyShell exploits – Sophos News

• Over 100,000 Medical Infusion Pumps Vulnerable To Years Old Critical Bug (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Lack Of Visibility Plaguing ICS Environments - Help Net Security

Reports Published in the Last Week

• Vade Releases 2021 Phishers' Favourites Report (darkreading.com)

• Salt Security releases State of API Security Report - IT Security Guru

Other News

• Microsoft Teams Grows As Cyber Attack Vector - MSSP Alert

• Ukraine Conflict Puts Organisations’ Cyber-resilience To The Test - Information Security Buzz

• The Cyber Security Implications Of The Russia-Ukraine Conflict (forbes.com)

• Cyber Attackers Are Looking To Exploit People Who Want To Help Ukraine, Security Experts Warn | The Independent

• Multifactor Authentication Is Being Targeted by Hackers – The New Stack

• Attacks Abusing Programming APIs Grew Over 600% In 2021 (bleepingcomputer.com)

• Soaring Cyber Attacks On BBC – ‘No Industry Is Untouchable’ - Information Security Buzz

• Bad Actors Are Becoming More Successful At Evading AI/ML Technologies - Help Net Security

• Facebook, Twitter, Google Move To Intercept Russian Propaganda, Disinformation About Ukraine - CyberScoop

• Why the Shifting Nature of Endpoints Requires a New Approach to Security (darkreading.com)

• Open Source Security Fears Are Fading Away | ZDNet

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates

Britain warned of potential cyber attacks with "international consequences" this week after Russian President Vladimir Puitin ordered troops to two breakaway regions in eastern Ukraine.

Britain's National Cyber Security Centre (NCSC), a part of the GCHQ eavesdropping intelligence agency, called on British organisations to "bolster their online defences" following the developments.

"While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences," it said in a statement.

Last week, Ukranian banking and government websites were briefly knocked offline by a spate of distributed denial of service (DDoS) attacks which the United States and Britain said were carried out by Russian military hackers.

https://www.reuters.com/technology/britain-warns-cyberattacks-russia-ukraine-crisis-escalates-2022-02-22/

Ransomware Extortion Doesn't Stop After Paying The Ransom

A global survey that looked into the experience of ransomware victims highlights the lack of trustworthiness of ransomware actors, as in most cases of paying the ransom, the extortion simply continues.

This is not a surprising or new discovery, but when seeing it reflected in actual statistics, one can appreciate the scale of the problem in full.

The survey was conducted by cyber security specialist Venafi, and the most important findings that emerge from the respondents are the following:

• 18% of victims who paid the ransom still had their data exposed on the dark web.

• 8% refused to pay the ransom, and the attackers tried to extort their customers.

• 35% of victims paid the ransom but were still unable to retrieve their data.

As for the ransomware actor extortion tactics, these are summarized as follows:

• 83% of all successful ransomware attacks featured double and triple extortion.

• 38% of ransomware attacks threatened to use stolen data to extort customers.

• 35% of ransomware attacks threatened to expose stolen data on the dark web.

• 32% of attacks threatened to directly inform the victim's customers of the data breach incident.

https://www.bleepingcomputer.com/news/security/ransomware-extortion-doesnt-stop-after-paying-the-ransom/

Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces

The government of Ukraine is calling on the hacking community to volunteer its expertise and capabilities, following the invasion of the country by Russian forces.

Reuters reports that Yegor Aushev, the CEO of Kyiv-based Cyber Unit Technologies which has worked with Ukraine's government on the defence of critical infrastructure, claims to have been asked to post a digital call-to-arms after being asked by "a senior Defence Ministry official."

The message, which was posted on hacking forums by Aushev on Thursday, begins "Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country," and calls for cybersecurity experts and hackers to apply as a volunteer via a Google Docs link.  The page volunteers are directed to asks applicants to list their specialities, such as if they have developed malware, and professional references.

According to Aushev, volunteers will be divided into two groups - tasked with offensive and defensive cyber operations.

https://www.bitdefender.com/blog/hotforsecurity/ukraine-calls-for-volunteer-hackers-to-protect-its-critical-infrastructure-and-spy-on-russian-forces/

Study: UK Firms Most Likely To Pay Ransomware Hackers

Some 82% of British firms which have been victims of ransomware attacks paid the hackers in order to get back their data, a new report suggests.

The global average was 58%, making the UK the most likely country to pay cyber-criminals.

Security firm Proofpoint's research also found that more than three-quarters of UK businesses were affected by ransomware in 2021.

Phishing attacks remain the key way criminals access networks, it found.

Phishing happens when someone in a firm is lured into clicking on a link in an email that contains malware, which in turn can help cyber-criminals access company networks.

https://www.bbc.co.uk/news/business-60478725

Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks

An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”

The gang said that it would use “all possible resources to strike back at the critical infrastructures” of any entity that organises a cyberattack “or any war activities against Russia.” The message appeared Friday on the dark-web site used by ransomware group Conti to post threats and its victims’ data. Security researchers believe the gang to be Russia-based.

Conti ransomware was part of more than 400 attacks against mostly U.S. targets between spring 2020 and spring 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September.

https://www.cyberscoop.com/conti-ransomware-russia-ukraine-critical-infrastructure/

91% of UK Organisations Compromised by an Email Phishing Attack in 2021

More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report.

The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business email compromise (BEC) attacks, the latter an 18% year-on-year increase from 2020.

The survey of 600 information and IT security professionals and 3500 workers in the US, Australia, France, Germany, Japan, Spain and the UK also found that attacks in 2021 were more likely to be successful than in 2020. More than four in five (83%) respondents said their organization experienced at least one successful email-based phishing attack last year, up from 57% in 2020. In addition, 68% of organizations admitted they had to deal with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery or other exploit.

Worryingly, 60% of organizations infected with ransomware admitted to paying a ransom, with around a third (32%) paying additional sums to regain access to data and systems.

https://www.infosecurity-magazine.com/news/uk-organizations-email-phishing/

Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021

Researchers have found almost 100,000 new variants of mobile banking Trojans in just a year.

As our digital lives have begun to centre more on handsets rather than just desktop PCs, many malware developers have shifted part of their focus to the creation of mobile threats.

Many of the traditional infection routes are still workable -- including phishing and the download and execution of suspicious software -- but cyber attackers are also known to infiltrate official app stores, including Google Play, to lure handset owners into downloading software that appears to be trustworthy.

This technique is often associated with the distribution of Remote Access Trojans (RATs). While Google maintains security barriers to stop malicious apps from being hosted in its store, there are methods to circumvent these controls quietly.

https://www.zdnet.com/article/almost-100000-new-mobile-banking-trojans-detected-in-2021/

Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion

A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion of Ukraine its members have taken down the website of the Russian propaganda station RT News and news of the day is the attack against the servers of the Russian Defense Ministry.

“Anonymous, a group of hacktivists, successfully hacked and leaked the database of the website of the Ministry of Defense of Russia.” reported the Pravda agency.

The website of the Kremlin (Kremlin.ru) is also unreachable, but it is unclear if it is the result of the Anonymous attack or if the government has taken offline it to prevent disruptive attacks.

The Russian Government’s portal, and the websites of other ministries are running very slow.

The collective is also threatening the Russian Federation and private organizations of attacks, it is a retaliation against Putin’s tyranny.

Anonymous pointed out that it is not targeting Russian citizens, but only their government.

“We want the Russian people to understand that we know it’s hard for them to speak out against their dictator for fear of reprisals.”

https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html

Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds

If you don’t know what it is, if you can’t identify it and if you can’t make sure you don’t topple into its traps, then you can’t fight it, suggests a new report by security provider Proofpoint in its eighth annual State of the Phish report.

The “it” is email-based malware attacks, the kingpin of all hacking methods, that victims often fall for out of a lack of awareness, inadequate training or risky behaviours, such as using a company mobile device for home use.

Proofpoint’s report takes an in-depth look at user phishing awareness, vulnerability and resilience and comes away with some startling numbers: More than three-quarters of organizations associated with the 4,100 IT security professionals and staffers in the worldwide study were hit by email-based ransomware attacks in 2021 and an equal number were victimized by business email compromise attacks, an 18 percent spike from 2020.

What explains the year-over-year climb? Answer: Cyber criminals continue to focus on compromising people, not necessarily systems, Proofpoint said. Email remains cyber criminals’ go-to attack strategy, said Alan Lefort, Proofpoint security awareness training senior vice president and general manager. “Infosec and IT survey participants experienced an increase in targeted attacks in 2021 compared to 2020, yet our analysis showed the recognition of key security terminology such as phishing, malware, smishing (text-based ruse), and vishing (telephone trickery) dropped significantly,” said Lefort. “The awareness gaps and lax security behaviors demonstrated by workers creates substantial risk for organizations and their bottom line.”

https://www.msspalert.com/cybersecurity-news/email-remains-go-to-method-for-cyberattacks-phishing-research-report-finds/

The Future of Cyber Insurance

In 2016, just 26% of insurance clients had cyber coverage. That number rose to 47% in 2020, according to a US Government Accountability Office (GAO) report. But the demand for cyber coverage isn't the only thing soaring.

At the end of 2020, insurance prices jumped anywhere from 10% to 30%. In the third quarter of 2021, the average cost of cyber insurance premiums climbed a record 27.6%.

If the rates continue to rise, companies might decide it's not worth the cost. That is, if insurers continue to cover their industry.

https://www.darkreading.com/risk/the-future-of-cyber-insurance

Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices

Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, and a division of TechTarget, Inc., today announced new research into security hygiene and posture management – a foundational part of a strong security program. The study reveals that many aspects of cyber security are managed independently and with antiquated tools, leaving organisations with limited visibility and weak defenses against an ever-evolving threat landscape. Since strong cybersecurity starts with the basics, like knowing about all IT assets deployed, this situation makes organisations vulnerable to advanced threats among strategic, yet often hurried, cloud and digital transformation initiatives.

The new report, Security Hygiene and Posture Management, summarizes a survey of 398 IT and cyber security professionals responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management, including vulnerability management, asset management, attack surface management, and security testing tools. The data reveals that organisations must aim to further assess security posture management processes, examine vendor risk management requirements, and test security tool and processes more frequently.

https://www.darkreading.com/risk/businesses-are-at-significant-risk-of-cybersecurity-breaches-due-to-immature-security-hygiene-and-posture-management-practices

Microsoft Teams Is The New Frontier For Phishing Attacks

Even with email-based phishing attacks proving to be more successful than ever, cyberattackers are ramping up their efforts to target employees on additional platforms, such as Microsoft Teams and Slack.

One advantage is that in those applications, most employees still assume that they’re actually talking to their boss or coworker when they receive a message.

“The scary part is that we trust these programs implicitly — unlike our email inboxes, where we’ve learned to be suspicious of messages where we don’t recognize the sender’s address,” said anti-fraud technology firm Outseer.

Notably, traditional phishing has seen no slowdown: Proofpoint reported that 83% of organizations experienced a successful email-based phishing attack in 2021 — a massive jump from 57% in 2020. And outside of email, SMS attacks (smishing) and voice-based attacks (vishing) both grew in 2021, as well, according to the email security vendor.

However, it appears that attackers now view widely used collaboration platforms, such as Microsoft Teams and Slack, as another growing opportunity for targeting workers, security researchers and executives say. For some threat actors, it’s also a chance to leverage the additional capabilities of collaboration apps as part of the trickery.

https://venturebeat.com/2022/02/23/microsoft-teams-is-the-new-frontier-for-phishing-attacks/

Threats

Ransomware

• Russia-Based Ransomware Group Conti Issues Warning To Kremlin Foes | Reuters

• Conti Ransomware 'Acquires' TrickBot as It Thrives Amid Crackdowns | SecurityWeek.Com

• Ransomware Is Top Attack Vector On Critical Infrastructure | CSO Online

• TrickBot Malware Operation Shuts Down, Devs Move To Stealthier Malware (bleepingcomputer.com)

• Microsoft Exchange Servers Hacked To Deploy Cuba Ransomware (bleepingcomputer.com)

• Attackers Used Dridex To Deliver Entropy Ransomware, Code Resemblance Uncovered - Help Net Security

• Expeditors Shuts Down Global Operations After Likely Ransomware Attack (bleepingcomputer.com)

• Chipmaker Giant Nvidia Hit By A Ransomware Attack - Security Affairs

• Backups ‘No Longer Effective’ For Stopping Ransomware Attacks (computerweekly.com)

BEC – Business Email Compromise

• BEC-as-a-Service Campaigns Drive Surge in Email Fraud - Infosecurity Magazine

Phishing & Email

• Cyber Attackers Leverage DocuSign to Steal Microsoft Outlook Logins | Threatpost

• New Phishing Campaign Targets Monzo Online-Banking Customers (bleepingcomputer.com)

• Devious Phishing Method Bypasses MFA Using Remote Access Software (bleepingcomputer.com)

Other Social Engineering

• Social Media Attacks Surged In 2021, Financial Institutions Targeted The Most - Help Net Security

Malware

• Over 2.7 Million Cases Of Emotet Malware Detected Globally - Japan Today

• Jester Stealer Malware Adds More Capabilities To Entice Hackers (bleepingcomputer.com)

• Beware: New Kraken Botnet Easily Fools Windows Defender And Steals Crypto Wallet Data - Neowin

• Threat Actors Target Poorly Protected Microsoft SQL Servers - Security Affairs

• New Golang Botnet Empties Windows Users’ Cryptocurrency Wallets (bleepingcomputer.com)

• Revamped CryptBot Malware Spread By Pirated Software Sites (bleepingcomputer.com)

• Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (thehackernews.com)

Mobile

• New Xenomorph Android Malware Targets Customers Of 56 Banks (bleepingcomputer.com)

• Gaming, Banking Trojans Dominate Mobile Malware Scene | Threatpost

• Beware of ‘Zero-Click’ Hacks That Exploit Security Flaws in Phones’ Operating Systems (insurancejournal.com)

• Samsung Shipped '100m' Android Phones With Flawed Encryption • The Register

Data Breaches/Leaks

• Revealed: Credit Suisse Leak Unmasks Criminals, Fraudsters And Corrupt Politicians | Credit Suisse | The Guardian

Organised Crime & Criminal Actors

• Police Dismantled Gang That Used Phishing Sites To Steal Credit Cards - Security Affairs

• Nigerian Hacker Pleads Guilty To Stealing Payroll Deposits (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking

• North Korean Hackers Launder Crypto Using Sophisticated Techniques: Report (cryptopotato.com)

Insider Risk and Insider Threats

• Employees Are Often Using Devices In Seriously Risky Ways - Help Net Security

• Insider Threats Are More Than Just Malicious Employees (darkreading.com)

• 83% Of Employees Continue Accessing Old Employer's Accounts - Help Net Security

• Motorola Case Shows Importance Of Detecting Insider IP Theft Quickly | CSO Online

Fraud, Scams & Financial Crime

• Think You Couldn't Be Duped By a Con Artist? Think Again | Psychology Today

• Sextortion Rears Its Ugly Head Again | Threatpost

• French Speakers Blasted By Sextortion Scams With No Text Or Links – Naked Security (sophos.com)

• Digital Ad Fraud Set to Hit $68bn in 2022 - Infosecurity Magazine

Supply Chain

• Hackers Tried To Shatter The Spine Of Global Supply Chains In 2021 | ZDNet

Nation State Actors

• NCSC Advises Organisations to Act Following Russia’s Further Violation of Ukraine’s Territorial Integrity - NCSC.GOV.UK

• Russia-Backed Hackers Behind Powerful New Malware, UK and US Say | Russia | The Guardian

• Ransomware Used as Decoy in Destructive Cyber Attacks on Ukraine | SecurityWeek.Com

• Data Wiper Attacks On Ukraine Were Planned At Least In November - Security Affairs

• Russia’s Sandworm Hackers Have Built a Botnet of Firewalls | WIRED

• China-linked APT10 Target Taiwan's Financial Trading Industry - Security Affairs

• Iran's Hackers Are Using These Tools To Steal Passwords And Deliver Ransomware, say FBI and CISA | ZDNet

• US and UK Details a New Python Backdoor Used by MuddyWater APT - Security Affairs

Privacy

• What Is Browser Fingerprinting and How Does It Track You? | WIRED

Spyware, Espionage & Cyber Warfare

• CISOs, Beware Of Spyware Tools For Illicit Competitive Intelligence | CSO Online

Vulnerabilities

• Cisco Firewall Customers Warned Of Need For Rapid Updates • The Register

• New Flaws Discovered in Cisco's Network Operating System for Switches (thehackernews.com)

• CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform (thehackernews.com)

Sector Specific

Financial Services Sector

• CrowdStrike CEO: Bank Execs ‘Very Concerned’ About Russia Cyber Attacks (cnbc.com)

Defence

• New "SockDetour" Fileless, Socketless Backdoor Targets US Defense Contractors (thehackernews.com)

Health/Medical/Pharma Sector

• Massive Ransomware Attack Could Cost Irish Health Exec €100m - Infosecurity Magazine

Construction

• Construction Companies Receive Cyber Security Guidance - IT Security Guru

Reports Published in the Last Week

• 2022 State of the Phish Report - Stats, Trends & More | Proofpoint

Other News

• The Threat of Cyber War Has Finally Arrived - The Atlantic

• War in Ukraine Risks Scrambling the Logic of Cyber Security | Financial Times (ft.com)

• Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (thehackernews.com)

• 22 Very Bad Stats On The Growth Of Phishing, Ransomware | VentureBeat

• Data Leaks And Shadow Assets Greatly Exposing Organisations To Cyber Attacks - Help Net Security

• 50% of Websites Vulnerable to Hacking All Year in 2021, New Report Says - MSSP Alert

• ‘Betamax’ Police Forces Failing To Recognise The Digital ‘Crime Challenges Of Today’ (telegraph.co.uk)

• How Much Can You Trust Your Printer? - Help Net Security

• Is Multifactor Authentication Less Effective Than It Used To Be? (slate.com)

• How To Keep Pace With Rising Data Protection Demands - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Cyber Alert – Ukraine Crisis Impact , Escalating Russian Hostilities

Executive Summary

As the crisis in Ukraine continues to escalate, Black Arrow are advising all parties to remain vigilant to an increasingly likely flashpoint that will include cyber attacks. While the conflict may take place far away from the Channel Islands, UK and wider world, these borders are negligible, if they exist at all, in the digital space.

We recommend you provide your staff with additional awareness to the potential for attack and damage, which may present itself in several ways and not necessarily be targeted. These might be traditional email-based attacks, though they may also involve delivery mechanisms such as infected documents, malicious websites or direct attacks on infrastructure. In many cases, staff may be accustomed to receiving emails with links and documents from trusted third parties, however in the current climate these should be treated with caution in case the correspondence or the sender’s account has been compromised or spoofed.

Due to the involvement of national governments and the funding this provides, there is a strong likelihood of zero-day attacks being used that have been developed for wartime scenarios. Criminal enterprises are also likely to take advantage of any chaos, as they have during the Covid-19 Pandemic. These may include emails with an official appearance or warning, Smishing campaigns or other methods that leverage urgency and fear. Staff should be encouraged to report any suspicious activity, no matter how small.

We also recommend that you confirm, in detail, the monitoring that is in place through your internal IT function or outsourced IT provider, and how they would identify and alert you to an attempted or ongoing incident. This should be part of your incident response plan, which is rehearsed regularly.

Need help understanding your gaps, or just want some advice? Get in touch with us.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

As Ukraine Tensions Rise, UK Organisations Should Protect Themselves From Cyber Threats

In a world that is so dependent on digital assets, cyber resilience is more important than ever. At the National Cyber Security Centre – a part of GCHQ – the mission is to make the UK the safest place to live and work online, but they have said they cannot do it alone. 

Now, at a time of heightened cyber threats, the NCSC is urging all organisations to follow their advice on the steps they should take to improve their resilience.

The UK is closer to the crisis in Ukraine than you might think. While 2,000-odd miles separate us physically from their borders with Russia, that distance is much shorter in cyber space – and attacks targeting Ukraine’s digital infrastructure could be felt here in Britain.

Cyber attacks do not respect geographic boundaries. On a daily basis, businesses in the UK are targeted by ransomware attacks from criminals overseas.

And as tensions have risen in Ukraine in recent weeks, authorities have already seen a number of cyber attacks occurring. On Friday evening, the UK government judged that the Russian Main Intelligence Directorate (GRU) was involved in last week’s distributed denial of service attacks against the financial sector in Ukraine.

If the situation continues to escalate, we could see cyber attacks that have international consequences, intentional or not. Rising tensions in the region, with the risk of overspill, are why the National Cyber Security Centre (NCSC) has said that the UK’s cyber risk has heightened in the last month, although there is no evidence of the UK being specifically targeted.

https://www.telegraph.co.uk/news/2022/02/19/uk-organisations-should-protect-now-unintended-consequences/

Small Businesses Facing Upwards of 11 Cyber Threats Per Day Per Device

BlackBerry's 2022 Threat Report highlights growing threats to SMBs, calls on government to make cyber security top priority

BlackBerry Limited has released the 2022 BlackBerry Annual Threat Report, highlighting a cybercriminal underground which it says has been optimised to better target local small businesses. Small businesses will continue to be an epicentre for cybercriminal focus as SMBs facing upward of 11 cyber threats per device per day, which only stands to accelerate as cybercriminals increasingly adopt collaborative mindsets.

The report also uncovered cyber breadcrumbs from some of last year’s most notorious ransomware attacks, suggesting some of the biggest culprits may have simply been outsourced labour.  In multiple incidents BlackBerry identified threat actors leaving behind playbook text files containing IP addresses and more, suggesting the authors of this year’s sophisticated ransomware are not the ones carrying out attacks. This highlights the growing shared economy within the cyber underground.

https://www.itsecurityguru.org/2022/02/15/small-businesses-facing-upwards-of-11-cyberthreats-per-day-per-device/

Microsoft Teams Targeted With Takeover Trojans

Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found.

Researchers began tracking the campaign in January, which drops malicious executable files in Teams conversations that, when clicked on, eventually take over the user’s computer, according to a report published Thursday.

Using an executable file, or a file that contains instructions for the system to execute, hackers can install DLL files and allow the program to self-administer and take control over the computer. By attaching the file to a Teams attack, hackers have found a new way to easily target millions of users.

Cyber criminals long have targeted Microsoft’s ubiquitous document-creation and sharing suite – the legacy Office and its cloud-based version, Office 365 – with attacks against individual apps in the suite such as PowerPoint as well as business email compromise and other scams.

Now Microsoft Teams – a business communication and collaboration suite – is emerging as an increasingly popular attack surface for cybercriminals.

https://threatpost.com/microsoft-teams-targeted-takeover-trojans/178497/

The European Central Bank is Warning Banks of Possible Russia-Linked Cyber Attack Amid the Rising Crisis With Ukraine

The European Central Bank is warning banks of possible Russia-linked cyber attack amid the rising crisis with Ukraine and is inviting them to step up defences.

The news was reported by Reuters, citing two unnamed sources. The ECB pointed out that addressing cyber security is a top priority for the European agency.

“The European Central Bank is telling euro zone banks zone to step up their defences against cyber attacks, also in the context of geopolitical tensions such as the stand-off between Russia and Ukraine, the ECB’s top supervisor said on Thursday.” reported Reuters.

ECB warned that the rising risk from cyber attacks begun in 2020.

https://securityaffairs.co/wordpress/128004/breaking-news/european-central-bank-warns-russia-cyberattacks.html

Companies Face Soaring Prices For Cyber Insurance

The cost of cyber insurance has risen steeply over the past year. According to Marsh, the price of cover in the US grew by 130 per cent in the fourth quarter of 2021 alone, while in the UK it grew by 92 per cent. That has increased pressure on companies who are facing cost inflation in other parts of their business.

The steep hikes in the cost of cyber insurance come against a backdrop of rising prices more broadly. According to Marsh, commercial insurance prices rose 13 per cent in the final quarter of 2021.

The hardening market from reduced capacity allied with increasing cyber fraud are potent forces. Pricing becomes more challenging, reinsurance appetite reduced whilst costs increasing and fraudsters have as much access to the latest technologies as do enterprises, the government sector and the insurance industry.

There may be limits to what insurers can cover. Speaking to the Financial Times last week the chief executive of Zurich said: “A connected economy offers lots of opportunities for cyber attacks.” A major cyber risk, he added, “is something only governments can manage”.

Companies will have to do more themselves to fight cyber fraud with technology partners. Meanwhile brokers and insurers must review underwriting data and practices and government raise effectiveness at prosecuting criminals.

https://www.ft.com/content/60ddc050-a846-461a-aa10-5aaabf6b35a5

Even When Warned, Businesses Ignore Critical Vulnerabilities And Hope For The Best

A Bulletproof research found the extent to which businesses are leaving themselves open to cyber attack. When tested, 28% of businesses had critical vulnerabilities – vulnerabilities that could be immediately exploited by cyber attacks.

A quarter of businesses neglected to fix those critical vulnerabilities, even though penetration testing had highlighted them to the business after a retest was completed.

The research analyzed data from over 3,800 days’ worth of penetration testing services. These tests are a means of identifying vulnerabilities within an organisation’s security systems by simulating how malicious actors would seek to exploit such shortcomings.

https://www.helpnetsecurity.com/2022/02/18/businesses-critical-vulnerabilities/

Ransomware-Related Data Leaks Nearly Doubled in 2021: Report

There was a significant increase in ransomware-related data leaks and interactive intrusions in 2021, according to the 2022 Global Threat Report released on Tuesday by endpoint security firm CrowdStrike.

The number of ransomware attacks that led to data leaks increased from 1,474 in 2020 to 2,686 in 2021, which represents an 82% increase. The sectors most impacted by data leaks in 2021 were industrial and engineering, manufacturing, and technology.

The growth and impact of big game hunting in 2021 was a palpable force felt across all sectors and in nearly every region of the world. Although some adversaries and ransomware ceased operations in 2021, the overall number of operating ransomware families increased,” CrowdStrike said in its report.

https://www.securityweek.com/ransomware-related-data-leaks-nearly-doubled-2021-report

Online Fraud Skyrocketing: Gaming, Streaming, Social Media, Travel and Ecommerce Hit the Most

An Arkose Labs report is warning UK commerce that it faces its most challenging year ever. Experts analyzed over 150 billion transaction requests across 254 countries and territories in 2021 over 12 months to discover that there has been an 85% increase in login attacks and fake consumer account creation at businesses.

Alongside this, it identified that one in four new online accounts created were fake. A further 21% of all traffic was confirmed as a fraudulent cyber attack.

From the earliest days of online information to the rapid evolution of today’s metaverses, the internet has come a long way. However, this latest data shows that it is more under attack than ever before.

Your digital identity is a currency for fraudsters and wherever there is online commerce, cyber criminals are quick to identify vulnerabilities.

https://www.helpnetsecurity.com/2022/02/14/fake-consumer-account/

Poor Security Hygiene Organisations and Ransomware Attacks: Painful Math

Poor cyber security hygiene is widely considered to be a major influencing factor for exposure to a ransomware attack. But is that an accurate assessment?

In a new study, RiskRecon, a security best practices specialist, investigated 600+ cyber hijacks to determine if companies victimized by a “detonation” had poor cyber security hygiene at the time and which factors, such as web encryption, application security and email security, are key gaps in coverage.

The answer: Cyber security hygiene does in fact play a large role in an organisation’s vulnerability to a ransomware attack. RiskRecon analyzed the cyber security hygiene on the day of ransomware incident for 622 organisations spanning 633 ransomware events occurring between 2017 and 2021. Based on a comparison population of cyber security ratings and assessments of some 100,000 entities, companies that have very poor cyber security hygiene in their internet-facing systems (a ‘D’ or ‘F’ RiskRecon rating) have about a 40 times higher rate of destructive ransomware events as compared to those with clean cyber security hygiene. Only .03 percent of ‘A-rated’ companies were victims of a destructive ransomware attack, compared with 1.08 percent of ‘D-rated’ and 0.91 percent of ‘F-rated’ companies.

The cyber security conditions underlying the RiskRecon rating reveal just how poor the cyber security hygiene is of companies, on average, that fall victim to a material system-encrypting ransomware attack. For example, ransomware victims have an average of 11 material software vulnerabilities in their internet-facing systems, in comparison with only one issue in the general population. Looking at network services that criminals commonly exploit, ransomware victims expose 3.3 times more unsafe network services to the internet than the general population.

https://www.msspalert.com/cybersecurity-research/poor-security-hygiene-organisations-and-ransomware-attacks-painful-math/

Security Teams Expect Attackers to Go After End Users First

Phishing, malware, and ransomware have spurred organisations to increase their investments in endpoint security, according to Dark Reading’s Endpoint Security Survey.

The shift to a more distributed work environment and an increase in digital transformation initiatives have motivated organisations to bolster their endpoint security defences. However, end users continue to be a major source of worry for IT and security decision-makers, according to the latest Dark Reading survey.

Phishing, malware, and ransomware pose major threats to organisations, as do attacks involving credential theft. An overwhelming 93% of IT and security professionals in Dark Reading’s "2022 Endpoint Security Survey" cite the growing number of ransomware attacks as the reason behind increased investments in endpoint security. Similarly, 83% say the increase in attacks using end-user credentials spurred their endpoint investments.

End users pose one of the biggest threats to the organisation, as 87% expect that if attackers wanted to steal the organisation’s data, they would begin by targeting a single end user.

Concerns about the end user are not new. Verizon’s "2021 Data Breach Investigations Report" found that 85% of the breaches it investigated in 2020 involved end users in some way – such as stolen account credentials, incorrectly assigned privileges or elevated privileges, social engineering, and user error.

https://www.darkreading.com/edge-threat-monitor/end-users-remain-one-of-the-biggest-headaches-in-it-security

US Warns of Imminent Russian Invasion of Ukraine With Tanks, Jet Fighters, Cyber Attacks

President Biden said Friday he is convinced Russian President Vladimir Putin has decided to invade Ukraine and that he expects an attack in the coming days, with targets including the Ukrainian capital, Kyiv.

US officials said a Russian attack could involve a broad combination of jet fighters, tanks, ballistic missiles and cyberattacks, with the ultimate intention of rendering Ukraine’s leadership powerless.

The officials said Mr. Putin has laid the groundwork in recent days through a series of destabilizing activities and false-flag operations, long predicted by U.S. and allied officials and intended to make it look as if Ukraine has provoked Russia into a conflict, thus justifying the Russian invasion.

https://www.wsj.com/articles/ukraine-troops-told-to-exercise-restraint-to-avoid-provoking-russian-invasion-11645185631

TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features.

TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand.

In addition to being both prevalent and persistent, TrickBot has continually evolved its tactics to go past security and detection layers. To that end, the malware's "injectDll" web-injects module, which is responsible for stealing banking and credential data, leverages anti-deobfuscation techniques to crash the web page and thwart attempts to scrutinize the source code.

Also put in place are anti-analysis guardrails to prevent security researchers from sending automated requests to command-and-control (C2) servers to retrieve fresh web injects.

https://thehackernews.com/2022/02/trickbot-malware-targeted-customers-of.html

Threats

Ransomware

• Ransomware’s Savage Reign Continues As Attacks Increase 105% - Help Net Security

• SonicWall CEO on ransomware: Every good vendor was hit in past 2 years - The Register

• Are You Prepared for 2022's More Destructive Ransomware? | SecurityWeek.Com

• CISA Advisory Cautions MSPs: Beware More Ransomware Attacks - MSSP Alert

• Conti Ransomware Gang Takes Over Trickbot Malware Operation (bleepingcomputer.com)

• Ransomware Gangs Are Changing Their Tactics. That Could Prove Very Expensive For Some Victims | ZDNet

• FBI Eyes Ransomware Profits With New Cryptocurrency Crimes Unit | TechCrunch

• FBI Warns BlackByte Ransomware Is Targeting US Critical Infrastructure | TechCrunch

• Ransomware Is A Clear And Present Danger. So Why Rely On Legacy DR To Recover From It? • The Register

BEC – Business Email Compromise

• FBI Warns of BEC Scams Abusing Virtual Meeting Platforms | SecurityWeek.Com

Phishing & Email

• LinkedIn Phishing Attacks Up 232% | Phishing | Egress

• Half Of All Emails In 2021 Were Spam- IT Security Guru

• Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks (thehackernews.com)

Malware

• Emotet Now Spreading Through Malicious Excel Files | Threatpost

• A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies - Check Point Research

• PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans (thehackernews.com)

• Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators | Threatpost

• 25 Years On, Microsoft Makes Another Stab At Stopping Macro Malware • Graham Cluley

• Three-Fifths of Cyber-Attacks in 2021 Were Malware-Free - Infosecurity Magazine

Data Breaches/Leaks

• Millions of Internet Society Personal Files Exposed In Data Leak | Laptop Mag

Organised Crime & Criminal Actors

• 74% of Ransomware Revenue Goes to Russia-Linked Hackers - BBC News

• Interpol Must Change With Cyber Crime, Says Director • The Register

• Attackers Hone Their Playbooks, Become More Agile (darkreading.com)

• Cyber Criminals Have Changed Tactics (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking

• ‘Heist Of The Century’: US Bitcoin Case Tests Ability To Crack Down On Cyber Crime | Law (US) | The Guardian

• SIM-Swapping Attacks, Many Aimed at Crypto Accounts, Are on the Rise - WSJ

• FBI Says Crypto Payments Are a 'Huge Challenge' Amid Rise in Ransomware Attacks - Decrypt

Insider Risk and Insider Threats

• The Rise Of The Super Malicious Insider: Yes, We Need To Worry - Help Net Security

• Finance Officer Jailed After Stealing £200,000 from Charity - Infosecurity Magazine

• Ex IT Tech Jailed For Wiping School Network During Lockdown • The Register

Fraud, Scams & Financial Crime

• Barclays: Scams Surged in Final Quarter of 2021 - Infosecurity Magazine

• Fraud and Scam Activity Hits All-Time High - Help Net Security

• Soaring Losses Accelerate Investments In Anti-Fraud Tech - Help Net Security

• Threat Actors Still Love a Romance Scam - Infosecurity Magazine

• Singapore Introduces Strong Measures To Stop Online Scams • The Register

• 7 Tips for How To Spot a Scammer and Protect Yourself | Well+Good

DoS/DDoS

• Ukraine Defence and Bank Networks DDoS-ed - Infosecurity Magazine

• Carpet Bombing Attacks on the Rise - Infosecurity Magazine

Nation State Actors

• Russia’s Offensive Cyber Actions Should Be A Cause For Concern For CISOs | CSO Online

• Russia Stole US Defense Data From IT Systems, Says CISA • The Register

• Cyber Security: These Countries Are The New Hacking Threats To Fear As Offensive Campaigns Escalate | ZDNet

• Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA (thehackernews.com)

• Chinese MI6 Informant Gave Information To MPs About Huawei Threat | Huawei | The Guardian

• Red Cross Attributes Server Breach To Nation-State Actor - CyberScoop

• Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware (thehackernews.com)

Cloud

• Report: 63% of IT Pros Say Cyber Threats Are Top Obstacle To Cloud Adoption Strategy | VentureBeat

• EU Watchdog To Probe Public Sector's Love Affair With Cloud • The Register

Privacy

• Facebook Agrees to Pay $90 Million to Settle Decade-Old Privacy Violation Case (thehackernews.com)

Spyware, Espionage & Cyber Warfare

• How a Russia Cyber Attack On The UK Would Target Online Shopping, Card Payments And NHS Records (inews.co.uk)

• The Conflict In Ukraine Proves Cyber-Attacks Are Now Weapons Of War (thenextweb.com)

• Cyber, War and Ukraine: What Does Recent History Teach Us To Expect? | Science & Tech News | Sky News

• Cyber Warfare In Ukraine Poses A Threat To The Global System | Financial Times (ft.com)

• EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware (thehackernews.com)

• More Polish Opposition Figures Found To Have Been Targeted By Pegasus Spyware | Poland | The Guardian

• Using Mobile Networks For Cyber Attacks As Part Of A Warfare Strategy - Help Net Security

• Moses Staff Hackers Targeting Israeli Organisations for Cyber Espionage (thehackernews.com)

Vulnerabilities

• Squirrelwaffle, Microsoft Exchange Server Vulnerabilities Exploited For Financial Fraud | ZDNet

• Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails (thehackernews.com)

• New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP! (thehackernews.com)

• Multiple Vulnerabilities Put 40 Million Ubuntu Users At Risk | TechRadar

• Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites (thehackernews.com)

• High-Severity Vulnerability Found in Apache Database System Used by Major Firms | SecurityWeek.Com

• VMware Fixes Holes That Could Allow Virtual Machine Escapes – Naked Security (sophos.com)

• Another Critical RCE Discovered in Adobe Commerce and Magento Platforms (thehackernews.com)

• T2 Mac Security Vulnerability: Passwords Can Now Be Cracked - 9to5Mac

Sector Specific

Financial Services Sector

• Open Banking Innovation: A Race Between Developers And Cyber Criminals - Help Net Security

• Canada's Major Banks Go Offline In Mysterious Hours-Long Outage (bleepingcomputer.com)

Defence

• US Says Russian State Hackers Lurked In Defense Contractor Networks For Months | Ars Technica

Transport and Aviation

• Warning Over Mysterious Hackers That Have Been Targeting Aerospace And Defence Industries For Years | ZDNet

• Unskilled Hacker Linked To Years Of Attacks On Aviation, Transport Sectors (bleepingcomputer.com)

Energy & Utilities

• Energy, Oil And Utility Sector Most Likely To Pay Ransoms - Help Net Security

Reports Published in the Last Week

• 2022 Global Threat Report: A Year of Adaptability and Perseverance (crowdstrike.com)

• Threat Intelligence Report 2022: Cyber Security Priorities - Truesec

• The Year of Living Dangerously: Details from the BlackBerry 2022 Threat Report

Other News

• Over 28,000 Vulnerabilities Disclosed in 2021: Report | SecurityWeek.Com

• Web Application Firewalls (WAFs) Can't Give Organisations The Security They Need - Help Net Security

• How Challenging Is Corporate Data Protection? - Help Net Security

• Local Authority Sets Aside £380k for Cyber-Attack Recovery - Infosecurity Magazine

• Traditional MFA Is Creating A False Sense Of Security - Help Net Security

• Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry | Threatpost

• Be Flexible About Where People Work — But Not on Data Privacy (darkreading.com)

• Researchers Block “Largest Ever” Bot Attack - Infosecurity Magazine

• BadUSB: The Cyber Threat That Gets You To Plug It In – CloudSavvy IT

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

 UK, US, Australia Issue Joint Advisory: Ransomware on the Loose, Critical National Infrastructure Affected

Firms shelled out $5bn in Bitcoin in 6 months

Ransomware attacks are proliferating as criminals turn to gangs providing turnkey post-compromise services, Britain's National Cyber Security Centre (NCSC) has warned.

In a joint UK-US-Australia advisory issued this week, the three countries said they had "observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally."

The warning comes hot on the heels of several high-profile attacks against oil distribution companies and also businesses that operate ports in the West – though today's note insists there was a move by criminals away from "big game hunting" against US targets.

Among the main threats facing Western organisations were the use of "cybercriminal services-for-hire". These, as detailed in the advisory, include "independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals."

https://www.theregister.com/2022/02/09/uk_us_au_ransomware_warning/

Ransomware Groups and APT Actors Laser-Focused on Financial Services

Trellix released a report, examining cybercriminal behaviour and activity related to cyber threats in the third quarter (Q3) of 2021. Among its findings, the research reports that despite a community reckoning to ban ransomware activity from online forums, hacker groups used alternate personas to continue to proliferate the use of ransomware against an increasing spectrum of sectors – hitting the financial, utilities and retail sectors most often, accounting for nearly 60% of ransomware detections.

“While we ended 2021 focused on a resurgent pandemic and the revelations around the Log4j vulnerability, our third-quarter deep dive into cyber threat activity found notable new tools and tactics among ransomware groups and advanced global threat actors,” said Trellix.

https://www.helpnetsecurity.com/2022/02/07/cyber-threats-q3-2021/

Why the C-Suite Should Focus on Understanding Cyber Security and Investing Appropriately

Trend Micro has published a research revealing that persistently low IT/C-suite engagement may imperil investments and expose organisations to increased cyber risk. Over 90% of the IT and business decision makers surveyed expressed particular concern about ransomware attacks.

Despite widespread concern over spiralling threats, the study found that only 57% of responding IT teams discuss cyber risks with the C-suite at least weekly.

Vulnerabilities used to go months or even years before being exploited after their discovery.

“Now it can be hours, or even sooner. More executives than ever understand that they have a responsibility to be informed, but they often feel overwhelmed by how rapidly the cyber security landscape evolves. IT leaders need to communicate with their board in such a way that they can understand where the organisation’s risk is and how they can best manage it.”

https://www.helpnetsecurity.com/2022/02/10/c-suite-engagement/

Almost $1.3bn Paid to Ransomware Actors Since 2020

Cryptocurrency experts have identified $602m of ransomware payments made in 2021, but warned the real figure will likely surpass the $692m paid to cybercrime groups in 2020.

The findings come from the Ransomware Crypto Crime Report produced by blockchain investigations and analytics company Chainalysis. It reveals some fascinating insight into current industry trends.

Average payment size has soared over recent years, from $25,000 in 2019 to $88,000 a year later and $118,000 in 2021. That’s due in part to a surge in targeted attacks on major organisations, known as “big-game hunting,” which can net threat actors tens of millions in a single compromise.

“This big-game hunting strategy is enabled in part by ransomware attackers’ usage of tools provided by third-party providers to make their attacks more effective,” the report explained. “Usage of these services by ransomware operators spiked to its highest ever levels in 2021.”

https://www.infosecurity-magazine.com/news/almost-13bn-paid-to-ransomware/

Cyber Crooks Frame Targets by Planting Fabricated Digital Evidence

The ‘ModifiedElephant’ threat actors are technically unimpressive, but they’ve evaded detection for a decade, hacking human rights advocates’ systems with dusty old keyloggers and off-the-shelf RATs.

Threat actors are hijacking the devices of India’s human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn.

The actor, dubbed ModifiedElephant, has been at it for at least 10 years, and it’s still active. It’s been shafting targets since 2012, if not sooner, going after hundreds of groups and individuals – some repeatedly – according to SentinelLabs researchers.

The operators aren’t what you’d call technical prodigies, but that doesn’t matter. Threat researchers at SentinelOne, said that the advanced persistent threat (APT) group – which may be tied to the commercial surveillance industry – has been muddling along just fine using rudimentary hacking tools such as commercially available remote-access trojans (RATs)

https://threatpost.com/cybercrooks-frame-targets-plant-incriminating-evidence/178384/

Highly Evasive Adaptive Threats (HEAT) Bypassing Traditional Security Defences

Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defences.

HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, that in many cases leads to ransomware attacks.

In an analysis of almost 500,000 malicious domains, the research team discovered that 69% of these websites used HEAT tactics to deliver malware. These attacks allow bad actors to deliver malicious content to the endpoint by adapting to the targeted environment. Since July 2021, there was a 224% increase in HEAT attacks.

“With the abrupt move to remote working in 2020, every organisation had to pivot to a work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them,” said Menlo Security.

https://www.helpnetsecurity.com/2022/02/08/cyberthreats-bypass-security-defences/

LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong

However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.

Law enforcement, C-suite executives and the cyber security community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs, plus this weekend’s hit on the Swissport airport ground-logistics company, shows the scourge is far from over.

It’s more expensive and riskier than ever to launch ransomware attacks, and ransomware groups have responded by mounting fewer attacks with higher ransomware demands, Coveware has reported, finding that the average ransomware payment in the fourth quarter of last year climbed by 130 percent to reach $322,168. Likewise, Coveware found a 63 percent jump in the median ransom payment, up to $117,116.

“Average and median ransom payments increased dramatically during Q4, but we believe this change was driven by a subtle tactical shift by ransomware-as-a-service (RaaS) operations that reflected the increasing costs and risks previously described,” Coveware analysts said. “The tactical shift involves a deliberate attempt to extort companies that are large enough to pay a ‘big game’ ransom amount but small enough to keep attack operating costs and resulting media and law enforcement attention low.”

https://threatpost.com/lockbit-blackcat-swissport-ransomware-activity/178261/

2021 Was The Most Prolific Year On Record For Data Breaches

Spirion released a guide which provides a detailed look at sensitive data breaches in 2021 derived from analysis conducted against the Identity Theft Resource Center (ITRC) database of publicly reported data breaches in the United States.

The guide is based on the analysis of more than 1,500 data incidents that occurred in the United States during 2021 that specifically involved sensitive data, including personally identifiable information (PII). The report identifies the top sensitive data breaches by the number of individuals impacted, number of records compromised, threat actor, exposure vector, and types of sensitive data exposed by industry sector.

2021 was the most prolific year on record for data breaches, surpassing 2017’s all-time high. Last year a total of 1,862 data compromises were reported by US organisations—a 68 percent increase over 2020. ITRC data revealed that 83% of the year’s incidents exposed 889 million sensitive data records that impacted more than 150 million individuals.

https://www.helpnetsecurity.com/2022/02/09/2021-sensitive-data-breaches/

$1.3 Billion Lost to Romance Scams in the Past Five Years

Romance scams are reaching record-highs, regulators warn.

Netflix's new documentary, The Tinder Swindler, is a wild ride.

The show examines how an alleged fraudster impacted the lives of multiple women, matching with them on Tinder and treating them to expensive dates to gain their trust -- and eventually asking for huge sums of money.

While you may watch the show and wonder how someone -- no matter their gender -- could allow themselves to be swindled out of their savings, romance scams are common, breaking hearts and wiping bank balances around the world every day. 

We've moved on from the days of "lonely hearts" columns to dating apps, and they're popular channels to conduct fraud.

Fake profiles, stolen photos and videos, and sob stories from fraudsters (their car has broken down, they can't afford to meet a match, or, in The Tinder Swindler's case, their "enemies" are after them) are all weapons designed to secure interest and sympathy.

https://www.zdnet.com/article/1-3-billion-lost-to-romance-scams-in-the-past-five-years-ftc/

Cyber Security Compliance Still Not A Priority For Many

IBM survey suggests that cyber security still isn't a priority for many companies

The most consistent data point in the IBM i Marketplace Survey Results over recent years has been the ever-present cyber security threat. This year is no exception. The study shows that 62% of organisations consider cyber security a number one concern as they plan their IT infrastructure. 22% cite regulations and compliance in their top five. While companies that prioritise security seem to be implementing multiple solutions, it’s still alarming that nearly half of them do not plan to implement them.

The complexity of cyber security often leaves industry leaders confused and overwhelmed, unable to produce the sound, proactive stance that is so essential.

Cyber security standards can be confusing, but they are necessary. Tighter security can be encouraged with an understanding of cyber security guidelines

For many organisations, cyber security standards are just too complex to wrap their hands around, but that doesn’t mean it’s not necessary. Understanding how cyber security guidelines affect companies’ legal standing can help encourage tighter security.

https://www.itsecurityguru.org/2022/02/07/cybersecurity-compliance-still-not-a-priority-for-many/

The World is Falling Victim to the Growing Trickbot Attacks in 2022

The malware goons are back again. The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defence to slip past antimalware products.

TrickBot, which started out as a banking trojan, has evolved into a multi-purpose crimeware-as-a-service (CaaS) that’s employed by a variety of actors to deliver additional payloads such as ransomware. Over 100 variations of TrickBot have been identified to date, one of which is a “Trickboot” module that can modify the UEFI firmware of a compromised device. In the fall of 2020, Microsoft along with a handful of U.S. government agencies and private security companies teamed up to tackle the TrickBot botnet, taking down much of its infrastructure across the world in a bid to stymie its operations. But TrickBot has proven to be impervious to takedown attempts, what with the operators quickly adjusting their techniques to propagate multi-stage malware through phishing and malspam attacks, not to mention expanding their distribution channels by partnering with other affiliates like Shathak (aka TA551) to increase scale and drive profits.

Russian-based criminals behind the notorious malware known as Trickbot appear to be working overtime to upgrade the threat’s capabilities. Researchers announced last week the discovery of new malware components that enable monitoring and intelligence gathering on victims. The research findings include the detection of a VNC module that uses a custom communications protocol to obfuscate any data being transmitted between the command-and-control (C2) servers and the victims, making the attacks harder to find. The module is in active development and is being updated by criminals at a rapid pace.

https://www.analyticsinsight.net/the-world-is-falling-victim-to-the-growing-trickbot-attacks-in-2022/

“We Absolutely Do Not Care About You”: Sugar Ransomware Targets Individuals

Ransomware tends to target organisations. Corporations not only house a trove of valuable data they can’t function without, but they are also expected to cough up a considerable amount of ransom money in exchange for their encrypted files. And while corporations struggle to keep up with attacks, ransomware groups have left the average consumer relatively untouched—until now.

Sugar ransomware, a new strain recently discovered by the Walmart Security Team, is a ransomware-as-a-service (RaaS) that targets single computers and (likely) small businesses, too. Sugar, also known to many as Encoded01, has been in operation since November 2021.

https://blog.malwarebytes.com/ransomware/2022/02/we-absolutely-do-not-care-about-you-sugar-ransomware-targets-individuals/

Threats

Ransomware

• NCSC Joins US and Australian Partners to Reveal Latest Ransomware Trends - NCSC.GOV.UK

• Russian Ransomware Attacks Increased During 2021, Joint Review Finds | Cybercrime | The Guardian

• You've Still Not Patched It? Hackers Are Using These Old Software Flaws To Deliver Ransomware | ZDNet

• FBI: Watch Out For LockBit 2.0 Ransomware, Here's How To Reduce The Risk To Your Network | ZDNet

• Law Enforcement Action Push Ransomware Gangs To Surgical Attacks (bleepingcomputer.com)

• Europe's Biggest Car Dealer Hit With Ransomware Attack | ZDNet

• Swissport Ransomware Incident Delayed Flights - Infosecurity Magazine

• How a Texas Hack Changed the Ransomware Business Forever - The Record by Recorded Future

• Puma Hit By Data Breach After Kronos Ransomware Attack (bleepingcomputer.com)

• Vodafone Portugal Hit By A Massive Cyber Attack - Security Affairs

• Fortune 500 Service Provider Says Ransomware Attack Led To Leak Of More Than 500k SSNs | ZDNet

Phishing

• Hackers Using Fake Job Offers in Latest Catfishing Scheme - ClearanceJobs

• Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks (darkreading.com)

• ICO Hit by 2650% Rise in Email Attacks - Infosecurity Magazine

Other Social Engineering

• Roaming Mantis SMSishing Campaign Now Targets Europe - Security Affairs

• FBI: SIM Swapping Attacks Have Surged Five-Fold - Infosecurity Magazine

Malware

• Qbot Needs Only 30 Minutes To Steal Your Credentials, Emails (bleepingcomputer.com)

• Linux Malware Attacks Are On The Rise, And Businesses Aren't Ready For It | ZDNet

• This Password-Stealing Malware Posed As A Windows 11 Download | ZDNet

• Several Malware Families Using Pay-Per-Install Service to Expand Their Targets (thehackernews.com)

• Qbot, Lokibot Malware Switch Back To Windows Regsvr32 Delivery (bleepingcomputer.com)

• Data Highlights Growing Threat From Intelligent Bots Operated at Scale by Cybercriminals | SecurityWeek.Com

Mobile

• Medusa Malware Joins Flubot's Android Distribution Network | Threatpost

• Critical Android 12 Bug Fixed In February Security Patches • The Register

Data Breaches/Leaks

• Croatian Phone Carrier Data Breach Impacts 200,000 Clients (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Government Continues Crackdown On Cyber Criminals - CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking

• More Than $400 Million Drained From Hacked Blockchain Bridges In Little More Than A Week • Graham Cluley

• Wife of Couple Accused of $4.5 billion Bitcoin Swindle Gave Cyber Security Advice (theblockcrypto.com)

Insider Risk and Insider Threats

• Chinese Telecom Hytera Charged For Allegedly Recruiting Motorola Employees To Steal Trade Secrets | ZDNet

Fraud, Scams & Financial Crime

• Midlifers Bled Dry By Scam That Takes Two Months To Spot (telegraph.co.uk)

Supply Chain

• The Most Common Cyber Gaps Threatening Supply Chain Security - Help Net Security

DoS/DDoS

• DDoS Attacks Hit All-time High - Infosecurity Magazine

Nation State Actors

• Russian APT Steps Up Malicious Cyber Activity in Ukraine (darkreading.com)

• Iran Malware in HPE Server Stuns Cyber Security Experts - Bloomberg

• Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign (thehackernews.com)

Cloud

• Organisations And The Cloud: How They Use It And How They Secure It - Help Net Security

Privacy

• Meta Threatens to Shut Down Facebook and Instagram in Europe | The Independent

• Facebook Exposes 'God Mode' Token Miscreants Could Use • The Register

Spyware, Espionage & Cyber Warfare

• MoleRats APT Flaunts New Trojan in Latest Cyber Espionage Campaign | Threatpost

Vulnerabilities

• Microsoft, Oracle, Apache and Apple vulnerabilities added to CISA catalog | ZDNet

• CISA Says 'HiveNightmare' Windows Vulnerability Exploited in Attacks | SecurityWeek.Com

• Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans (bleepingcomputer.com)

• Microsoft and Other Major Software Firms Release February 2022 Patch Updates (thehackernews.com)

• Apple Patches New Zero-Day Exploited To Hack iPhones, iPads, Macs (bleepingcomputer.com)

• CISA Urges Orgs To Patch Actively Exploited Windows SeriousSAM Bug (bleepingcomputer.com)

• CISA Warns Admins To Patch Maximum Severity SAP Vulnerability (bleepingcomputer.com)

• Adobe Patches 13 Vulnerabilities in Illustrator | SecurityWeek.Com

• PHP Everywhere RCE Flaws Threaten Thousands of WordPress Sites (bleepingcomputer.com)

Sector Specific

Financial Services Sector

• Ransomware Groups and APT Actors Laser-Focused On Financial Services - Help Net Security

Defence

• Defence Contractors Need to Check Their Six (darkreading.com)

Health/Medical/Pharma Sector

• FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors (thehackernews.com)

Retail/eCommerce

• Wave of MageCart Attacks Target Hundreds Of Outdated Magento Sites (bleepingcomputer.com)

• Threat Actors Compromised +500 Magento-Based E-Stores With E-Skimmers - Security Affairs

Transport and Aviation

• Swissport Ransomware Incident Delayed Flights - Infosecurity Magazine

Education and Academia

• FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors (thehackernews.com)

Other News

• A "light" February 2022 Patch Tuesday That Should Not Be Ignored - Help Net Security

• Organisations Still Struggling To Use APIs Effectively - Help Net Security

• Threat Hunting: Your Best Defence Against Unknown Threats - MSSP Alert

• UK Foreign and Commonwealth Office Suffered Serious Cyber Attack Earlier This Year | Reuters

• European Police Flag 500+ Pieces of “Terrorist” Content - Infosecurity Magazine

• A Quarter of New Online Accounts Are Fake – Report - Infosecurity Magazine

• Microsoft To Make Enabling 'Untrusted' Office Macros Tougher In The Name Of Security | ZDNet

• Cyber Terrorism Is a Growing Threat & Governments Must Take Action (darkreading.com)

• Hackers Have Begun Adapting To Wider Use Of Multi-Factor Authentication | TechRepublic

• The Race To Save The Internet From Quantum Hackers (nature.com)

• Disaster Recovery Is Critical For Business Continuity - Help Net Security

• CISOs Are Burned Out And Falling Behind | CSO Online

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Spaces available on our next open Cyber Security User Education and Awareness Training

Wednesday 23 February 2022 9:00am - 12:00pm

£150 per person

Our interactive training events are always well received. Our training sessions are run by our cyber experts, who work with firms day in and day out to help businesses protect themselves against the latest threats.

We demystify cyber security and help your employees to understand the risks they face in their working lives and how to protect your company.

Places are now available for firms to send from one to twelve employees, joining employees from other local businesses.

Ideal for new starters and longer serving employees to help keep security in the forefront of their mind.

Feedback from our customers on our training

•The training was great. I liked how they used real life examples.

•They were able to explain in a way that made sense and avoided the usual IT gibberish that some companies use.

•It was well run, interesting and informative, and I didn’t yawn once!

Open sessions are £150 per person. Contact training@blackarrowcyber.com or call 711 988 to book places.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Change Outpaces Boardroom Engagement

We all know the story of the past two years. Mass digital investments in SaaS collaboration suites, cloud infrastructure and other tools helped to keep organisations operational when they needed it most. The money continues to flow today, as those same companies realize they must keep on pumping funds into digital to stay competitive amidst rising customer expectations. Gartner predicted public cloud spending growth would hit 23% year-on-year in 2021 and increase 20% this year to top $397bn.

From a cyber security perspective, these business decisions are loaded with risk if protections are not built into projects from the start. A recent global poll revealed that of 90% of business and IT decision makers are concerned about the impact of ransomware. It also found generally poor levels of cyber-awareness among board members. Less than half (46%) of respondents claimed concepts like “cyber risk” and “cyber risk management” were known extensively in their organisation.

The truth is that many board leaders do understand the need for greater investment in security as a strategic growth driver. But they find it hard to keep pace with a threat landscape that moves at the speed of light. Vulnerabilities used to go months or years before they were exploited, for example, but today threat actors are working on exploits for bugs like Log4Shell within hours of their discovery. That makes the fast-changing risk landscape difficult to grasp for even tech-savvy C-suite leaders. As a result, cyber risk continues to be managed reactively, which puts the organisation perpetually on the back foot.

https://www.trendmicro.com/en_us/research/22/b/why-cyber-change-outpaces-boardroom-engagement.html

NCSC Alerts UK Orgs to Brace for Destructive Russian Cyber Attacks

The UK’s National Cyber Security Centre (NCSC) is urging organisations to bolster security and prepare for a potential wave of destructive cyber attacks after recent breaches of Ukrainian entities.

The NCSC openly warns that Russian state-sponsored threat actors will likely conduct the attacks and reminds of the damage done in previous destructive cyber attacks, like NotPetya in 2017 and the GRU campaign against Georgia in 2019.

These warnings come after Ukrainian government agencies and corporate entities suffered cyber attacks where websites were defaced, and data-wiping malware was deployed to destroy data and make Windows devices inoperable.

The cause for the resurgence of attacks is the tensions between Russia and Ukraine, and attempts to negotiate a way out of the Ukraine crisis have failed so far.

Ukraine and Russia have engaged in cyber warfare for many years, but recent Russian military mobilization was accompanied by new waves of attacks, with European countries and the USA expected to be targeted next.

https://www.bleepingcomputer.com/news/security/ncsc-alerts-uk-orgs-to-brace-for-destructive-russian-cyberattacks/

Over Half of Ransomware Attacks are Targeting Financial Services, Utilities and Retail

Three sectors have been the most common target for ransomware attacks, but researchers warn "no business or industry is safe".

Over half of ransomware attacks are targeting one of three industries; banking, utilities and retail, according to analysis by cyber security researchers – but they've also warned that all industries are at risk from attacks.

The data has been gathered by Trellix – formerly McAfee Enterprise and FireEye – from detected attacks between July and September 2021, a period when some of the most high-profile ransomware attacks of the past year happened.

According to detections by Trellix, banking and finance was the most common target for ransomware during the reporting period, accounting for 22% of detected attacks. That's followed by 20% of attacks targeting the utilities sector and 16% of attacks targeting retailers. Attacks against the three sectors in combination accounted for 58% of all of those detected.

https://www.zdnet.com/article/ransomware-over-half-of-attacks-are-targeting-these-three-industries/

Third of Employees Admit to Exfiltrating Data When Leaving Their Job

Nearly one-third (29%) of employees admitted taking data with them when they leave their job, according to new research from Tessian.

The findings follow the ‘great resignation’ of 2021, when workers quit their jobs in huge waves following the COVID-19 pandemic. Unsurprisingly, close to three-quarters (71%) of IT leaders believe this trend has increased security risks in their organisations.

In addition, nearly half (45%) of IT leaders said they had seen incidents of data exfiltration increase in the past year due to staff taking data with them when they left.

The survey of 2000 UK workers also looked at employees' motives for taking such information. The most common reason was that the data would help them in their new job (58%). This was followed by the belief that the information belonged to them because they worked on the document (53%) and to share it with their new employer (44%).

The employees most likely to take data with them when leaving their job worked in marketing (63%), HR (37%) and IT (37%).

https://www.infosecurity-magazine.com/news/third-employees-exfiltrating-data/

Massive Social Engineering Waves Have Impacted Banks in Several Countries

A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, the UK, and France. According to Segurança Informática publication, the malicious waves have impacted banking organisations with the goal of stealing the users’ secrets, accessing the home banking portals, and also controlling all the operations on the fly via Command and Control (C2) servers geolocated in Brazil.

In short, criminal groups are targeting victims’ from different countries to collect their home banking secrets and payment cards. The campaigns are carried out by using social engineering schemas, namely smishing, and spear-phishing through fake emails.

Criminals obtain lists of valid and tested phone numbers and emails from other malicious groups, and the process is performed on underground forums, Telegram channels or Discord chats.

The spear-phishing campaigns try to lure victims with fake emails that impersonate the banking institutions. The emails are extremely similar to the originals, exception their content, mainly related to debts or lack of payments.

https://securityaffairs.co/wordpress/127516/cyber-crime/massive-social-engineering-banks.html

Ransomware is Terrifying – But Never Underestimate the Damage an Employee with Unmonitored Access Can Do

Is the biggest threat to your data a mysterious ransomware merchant or an advanced persistent threat cartel?

Or is it a security system that will show you that data has been exfiltrated from your organisation – but only after the fact, leaving open the possibility that your valuable IP could have already been shared with unauthorized parties?

It was the latter scenario that allegedly resulted in 12,000 internal documents being lifted from Pfizer’s systems by a soon-to-depart employee last year. Those documents reportedly included details of COVID-19 vaccine research and a new melanoma drug.

The incident shows how today’s cloud infrastructure can exacerbate security gaps and why simply detecting a potential data leak isn’t enough. Companies need to have deep insight into what their employees are doing, as well as technology that can actively enforce policy and prevent unencrypted data from ever leaving the enterprise.

https://www.theregister.com/2022/02/03/ransomware_terrifying/

People Working in IT Related Roles Equally Susceptible to Phishing Attempts as the General Population

Phishing emails that mimic HR announcements or ask for assistance with invoicing get the most clicks from recipients, according to a study from F-Secure.

The study, which included 82,402 participants, tested how employees from four different organisations responded to emails that simulated one of four commonly used phishing tactics.

22% of recipients that received an email simulating a human resources announcement about vacation time clicked, making emails that mimic those sent by HR the most frequent source of clicks in the study.

An email asking the recipient to help with an invoice (referred to as CEO Fraud in the report) was the second most frequently engaged with email type, receiving clicks from 16% of recipients.

https://www.helpnetsecurity.com/2022/02/03/phishing-emails-clicks/

FBI Says More Cyber Attacks Come from China than Everywhere Else Combined

US Federal Bureau of Investigation director Christopher Wray has named China as the source of more cyber-attacks on the USA than all other nations combined.

In a Monday speech titled Countering Threats Posed by the Chinese Government Inside the US, Wray said the FBI is probing over 2,000 investigations of incidents assessed as attempts by China's government "to steal our information and technology."

"The Chinese government steals staggering volumes of information and causes deep, job-destroying damage across a wide range of industries – so much so that, as you heard, we're constantly opening new cases to counter their intelligence operations, about every 12 hours or so."

Wray rated China's online offensive as "bigger than those of every other major nation combined," adding it has "a lot of funding and sophisticated tools, and often joining forces with cyber criminals – in effect, cyber mercenaries."

https://www.theregister.com/2022/02/03/fbi_china_threat_to_usa/

Managing Detections is Not the Same as Stopping Breaches

Enterprises interested in managed detection and response (MDR) services to monitor endpoints and workloads should make sure the providers have rock-solid expertise in detecting and responding to threats.

The fundamental challenge in cyber security is that adversaries move quickly. We know from observation that attackers go from initial intrusion to lateral movement in a matter of a couple hours or less.

If security teams are going to successfully stop a breach, they need to operate within the same timeframe, containing and remediating threats within minutes, 24 hours a day, 7 days a week. Such constant vigilance can be challenging for in-house staff. This is why many organisations engage a provider of managed detection and response (MDR) security services, which monitors endpoints, workloads, and other systems to detect and monitor threats.

Unfortunately, even most managed services have several fundamental flaws that prevent them from executing on the core mission of stopping breaches.

https://www.darkreading.com/crowdstrike/managing-detections-is-not-the-same-as-stopping-breaches

From War to Web Security, Protect Your Attack Surface from the Weakest Link

With the rapid proliferation of data, increasing number of domains and subdomains as well as rise in third-party providers, the number of entry points through which attackers can infiltrate a company’s web environment is endless. Attacks are increasingly causing consequences felt beyond the perimeter of an organisation, as demonstrated earlier this year with the Colonial Pipeline breach, which caused fuel prices along the US East Coast to soar, and the attack on software provider Kaseya that forced hundreds of grocery stores in the Nordics to shut down business for days.

Security breaches often happen through an avenue that no one saw coming — a server no one knew existed, an old landing page, weak passwords or an application that was missing a patch. It’s perhaps never been clearer than today that a company is only as strong as the weakest link in its growing attack surface.

https://thenewstack.io/from-war-to-web-security-protect-your-attack-surface-from-the-weakest-link/

Number of Data Compromises Reaching All-Time High

According to an Identity Theft Resource Center (ITRC) report, the overall number of data compromises (1,862) is up more than 68 percent compared to 2020.

The new record number of data compromises is 23 percent over the previous all-time high (1,506) set in 2017. The number of data events that involved sensitive information (Ex: Social Security numbers) increased slightly compared to 2020 (83 percent vs. 80 percent). However, it remained well below the previous high of 95 percent set in 2017.

The number of victims continues to decrease (down five (5) percent in 2021 compared to the previous year) as identity criminals focus more on specific data types rather than mass data acquisition. However, the number of consumers whose data was compromised multiple times per year remains alarmingly high.

https://www.helpnetsecurity.com/2022/01/31/data-compromises-up/

Threats

Ransomware

• Inside Trickbot, Russia’s Notorious Ransomware Gang | WIRED

• Aggressive BlackCat Ransomware on the Rise (darkreading.com)

• A Look At The New Sugar Ransomware Demanding Low Ransoms (bleepingcomputer.com)

• BlackCat Ransomware - What You Need To Know | The State of Security (tripwire.com)

• KP Snacks Giant Hit By Conti Ransomware, Deliveries Disrupted (bleepingcomputer.com)

• Hacker Group 'Moses Staff' Using New StrifeWater RAT in Ransomware Attacks (thehackernews.com)

• Financially Motivated Hackers Use Leaked Conti Ransomware Techniques in Attacks | SecurityWeek.Com

• FBI Shares Lockbit Ransomware Technical Details, Defense Tips (bleepingcomputer.com)

• BlackCat (ALPHV) Ransomware Linked To BlackMatter, DarkSide Gangs (bleepingcomputer.com)

• Over 500,000 People Impacted By A Ransomware Attack That Hit Morley - Security Affairs

• Scottish Agency Still Recovering from 2020 Ransomware Attack - Infosecurity Magazine

• Conti Ransomware Encrypted 80% of Ireland's HSE IT Systems (bleepingcomputer.com)

• Ransomware Wants You to Like and Subscribe, Or Else (vice.com)

• Ransomware Means Your Database IS The Front Line. How Are You Defending It? • The Register

Phishing

• Low-Detection Phishing Kits Increasingly Bypass MFA | Threatpost

• MFA Adoption Pushes Phishing Actors To Reverse-Proxy Solutions (bleepingcomputer.com)

• Intuit Warns Of Phishing Emails Threatening To Delete Accounts (bleepingcomputer.com)

• Strong Authentication Protects Against Phishing. So Why Aren't More People Using It? | ZDNet

• Microsoft Blocked Billions Of Brute-Force And Phishing Attacks Last Year (bleepingcomputer.com)

Other Social Engineering

• FBI Warning: Scammers Are Posting Fake Job Ads On Networking Sites To Steal Your Money And Identity | ZDNet

Malware

• Malicious CSV Text Files Used To Install BazarBackdoor Malware (bleepingcomputer.com)

• New Malware Used by SolarWinds Attackers Went Undetected for Years (thehackernews.com)

• Microsoft: This Mac Malware Is Getting Smarter And More Dangerous | ZDNet

Data Breaches/Leaks

• The 3 Most Common Causes of Data Breaches in 2021 (darkreading.com)

• British Council Exposed More Than 100,000 Files With Student Records (bleepingcomputer.com)

Insider Risk and Insider Threats

• How Costly Is An Insider Threat? - Help Net Security

Fraud, Scams & Financial Crime

• Americans Lost $770 Million From Social Media Fraud In 2021, FTC Reports - Security Affairs

Supply Chain

• Supply Chain Security Is Not a Problem…It’s a Predicament | Threatpost

DoS/DDoS

• Reasons Why Every Business is a Target of DDoS Attacks (thehackernews.com)

CNI, OT, ICS, IIoT and SCADA

• Ransomware Often Hits Industrial Systems, With Significant Impact: Survey | SecurityWeek.Com

Nation State Actors

• Russian 'Gamaredon' Hackers Use 8 New Malware Payloads In Attacks (bleepingcomputer.com)

• State Hackers' New Malware Helped Them Stay Undetected For 250 Days (bleepingcomputer.com)

• Charming Kitten Sharpens Its Claws with PowerShell Backdoor | Threatpost

• FBI's Warning About Iranian Firm Highlights Common Cyber Attack Tactics | CSO Online

• Iranian APT Group Uses Previously Undocumented Trojan For Destructive Access To Organisations | CSO Online

Cloud

• If My Organisation Is Mostly in the Cloud, Do I Need a Firewall? (darkreading.com)

Passwords & Credential Stuffing

• The Account Takeover Cat-and-Mouse Game | Threatpost

• Reducing The Blast Radius Of Credential Theft - Help Net Security

Spyware, Espionage & Cyber Warfare

• Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers (thehackernews.com)

• Gamaredon (Primitive Bear) Russian APT Group Actively Targeting Ukraine (paloaltonetworks.com)

• Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users (thehackernews.com)

• Cyber Spies Linked To Memento Ransomware Use New PowerShell Malware (bleepingcomputer.com)

• NSO Group's Pegasus Spyware and Phantom Encryption Cracker Trigger Fresh Concerns - MSSP Alert

Vulnerabilities

• Apple, SonicWall, Internet Explorer Vulnerabilities Added To CISA List | ZDNet

• Samba 'Fruit' Bug Allows RCE, Full Root User Access | Threatpost

• Tens of Thousands of Websites Vulnerable to RCE Flaw in WordPress Plug-in (darkreading.com)

• Cisco Fixes Critical Bugs In SMB Routers, Exploits Available (bleepingcomputer.com)

• UEFI Firmware Vulnerabilities Affect At Least 25 Computer Vendors (bleepingcomputer.com)

• Google Patches 27 Vulnerabilities With Release of Chrome 98 | SecurityWeek.Com

• Intel Patched 226 Vulnerabilities in 2021 | SecurityWeek.Com

• Public Exploit Released for Windows 10 Bug | Threatpost

• 600K WordPress Sites Impacted By Critical Plugin RCE Vulnerability (bleepingcomputer.com)

• Critical Log4j Vulnerabilities Are the Ultimate Gift for Cyber Criminals (darkreading.com)

• ESET Antivirus Bug Let Attackers Gain Windows SYSTEM Privileges (bleepingcomputer.com)

Sector Specific

Financial Services Sector

• Bank Executives Mostly Concerned About Cyber Crime - Help Net Security

Retail

• Why Buy Now, Pay Later Is The Next Big Fraud Risk For Retailers | CSO Online

Transport and Aviation

• Ransomware Spree Hitting European Oil, Transport Companies - CyberScoop
  

Reports Published in the Last Week

• Identity Theft Resource Center’s 2021 Annual Data Breach Report Sets New Record for Number of Compromises - ITRC (idtheftcenter.org)

Other News

• Hackers Went Wild in 2021 — Every Company Should Do These 5 Things in 2022 (darkreading.com)

• Rush To Remote Work Left Sysadmins Struggling To Keep Businesses Safe - Help Net Security

• Telco Fined €9 Million For Hiding Cyber Attack Impact From Customers (bleepingcomputer.com)

• Are There Holes In Your Cyber Security Map? | VentureBeat

• 90% of Security Leaders Warn of Skills Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• The Real-World Impact of the Global Cyber Security Workforce Gap on Cyber Defenders (darkreading.com)

• Hundreds Of Thousands Of Routers Exposed To Eternal Silence Campaign Via UPnP - Security Affairs

• Social Security Numbers Most Targeted Sensitive Data - Infosecurity Magazine

• NIST's New Cyber-Resiliency Guidance: 3 Steps For Getting Started | CSO Online

• Organisations Neglecting Microsoft 365 Cyber Security Features - Help Net Security

• Microsoft Says MFA Adoption Remains Low, Only 22% Among Enterprise Customers - The Record by Recorded Future

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive Summary

Trend Micro, a large player in the security product market, have disclosed a bug this month in the Samba (SMB) protocol that allows attackers to remotely execute code on affected systems. Samba operates in almost every environment, most often found on network storage devices like QNAP, Synology or Windows file shares. The bug received a 9.9 on the CVSS scale, primarily due to the remote root or administrator capabilities of an attacker if exploited.

What’s the risk to me or my business?

Samba is an extremely common protocol and is often the default solution when configuring a file share, meaning the likelihood it exists in your environment is high. While the bug is not noted to be widely exploited at this time, attackers will leverage anything they can when compromising a network, and it may only be a matter of time now the bug has been made public. The risk will primarily come from a failure to patch the flaw, which may be easy to overlook.

What can I do?

A patch has been released by Samba to address the issue. The bug affects all instances of Samba before version 4.13.17, and it is advised that network administrators patch as soon as possible.

Technical Summary

A new bug disclosed by Trend Micro allows attackers to remotely exploit Samba installations prior to version 4.13.17. The exploit can be conducted without authentication and leverages the parsing of EA metadata in the Samba server daemon, smbd. Using an out-of-bounds heap manipulation, an attacker can execute code in the context of root, thus granting low level access to the system.

Need help understanding your gaps, or just want some advice? Get in touch with us.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Warned To Bolster Defences Against Cyber Attacks As Russia Threatens Ukraine - BBC News

UK organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.

The National Cyber Security Centre (NCSC) has issued new guidance, saying it is vital companies stay ahead of a potential threat.

The centre said it was unaware of any specific threats to UK organisations.

It follows a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies.

In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours.

It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.

"It was a complex operation," says John Hultquist, an expert on Russian cyber operations at the US security firm Mandiant. "They even disrupted the telephone lines so that the engineers couldn't make calls."

Ukraine has been on the front line of a cyber conflict for years. But if Russia does invade the country soon, tanks and troops will still be at the forefront.

https://www.bbc.co.uk/news/uk-60158874

Cyber Attacks And Ransomware Hit A New Record In 2021, Says Report

Ransomware attacks have doubled for the past two years, says a new report—but a lot of people aren’t bothering to change their passwords.

Hackers made up for some lost time last year.

After seeing the number of data breaches decline in 2020, the Identity Theft Resource Center’s 16th Annual Data Breach Report says the number of security compromises was up more than 68% in 2021. That tops the all-time high by a shocking 23%.

All told, there were 1,862 breaches last year, says the ITRC, 356 more than in 2017, the previous busiest year on record.

“Many of the cyber attacks committed were highly sophisticated and complex, requiring aggressive defences to prevent them,” Eva Velasquez, ITRC president and CEO, said in a statement. “If those defences failed, too often we saw an inadequate level of transparency for consumers to protect themselves from identity fraud.”

https://www.fastcompany.com/90715622/cyberattacks-ransomware-data-breach-new-record-2021

Ransomware Families Becoming More Sophisticated With Newer Attack Methods

Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year.

The report also found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate crippling attacks. At the same time, they are broadening their attack spheres and finding newer ways to compromise organisational networks and fearlessly trigger high-impact assaults.

https://www.helpnetsecurity.com/2022/01/28/new-ransomware-families/

More Than 90% Of Enterprises Surveyed Have Been Hit By Successful Cyber Attacks

Cyber attacks can impact any organisation, big or small. But large enterprises are often more tempting targets due to the vast amount of lucrative data they hold. A new report from cyber security firm Anomali reveals an increase in successful cyber attacks and offers ideas on how organisations can better protect themselves.

Published on Thursday, the "2022 Anomali Cyber security Insights Report" is based on a survey of 800 cyber security decision makers commissioned by Anomali and conducted by Harris between September 9 and October 13 of 2021. The survey elicited responses from professionals in the US, UK, Canada and other countries who work full time in such industries as manufacturing, telecommunications and financial services.

Among the respondents, 87% said that their organisations were victims of successful cyber attacks sometime over the past three years. In this case, a successful attack is one that caused damage, disruption or a data breach. Since the pandemic started almost two years ago, 83% of those polled have experienced an increase in attempted cyber attacks, while 87% have been hit with a rise in phishing emails, many of them exploiting coronavirus-related themes.

https://www.techrepublic.com/article/more-than-90-of-enterprises-surveyed-have-been-hit-by-successful-cyberattacks/

Ransomware Gangs Increase Efforts To Enlist Insiders For Attacks

A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.

The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.

Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.

https://www.bleepingcomputer.com/news/security/ransomware-gangs-increase-efforts-to-enlist-insiders-for-attacks/

Shipment-Delivery Scams Become the Favoured Way to Spread Malware

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found.

Researchers from Avanan, a Check Point company, and Cofense have discovered recent phishing campaigns that include malicious links or attachments aimed at infecting devices with Trickbot and other dangerous malware, they reported separately on Thursday.

The campaigns separately relied on trust in widely used methods for shipping and employees’ comfort with receiving emailed documents related to shipments to try to elicit further action to compromise corporate systems, researchers said.

https://threatpost.com/shipment-delivery-scams-a-fav-way-to-spread-malware/178050/

Most Ransomware Infections Are Self-Installed

New research from managed detection and response (MDR) provider Expel found that most ransomware attacks in 2021 were self-installed.

The finding was included in the company’s inaugural annual report on cyber security trends and predictions, Great eXpeltations, published on Thursday.

Researchers found eight out of ten ransomware infections occurred after victims unwittingly opened a zipped file containing malicious code. Abuse of third-party access accounted for 3% of all ransomware incidents, and 4% were caused by exploiting a software vulnerability on the perimeter.

The report was based on the analysis of data aggregated from Expel’s security operations center (SOC) concerning incidents spanning January 1 2021 to December 31 2021.

Other key findings were that 50% of incidents were BEC (business email compromise) attempts, with SaaS apps a top target.

https://www.infosecurity-magazine.com/news/most-ransomware-infections-self/

Staff Negligence Is Now A Major Reason For Insider Security Incidents

Insider threats cost organisations approximately $15.4 million every year, with negligence a common reason for security incidents, new research suggests.

Enterprise players today are facing cyber security challenges from every angle. Weak endpoint security, unsecured cloud systems, vulnerabilities -- whether unpatched or zero-days -- the introduction of unregulated internet of things (IoT) devices to corporate networks and remote work systems can all become conduits for a cyber attack to take place.

When it comes to the human element of security, a lack of training or cyber security awareness, mistakes, or deliberate, malicious actions also needs to be acknowledged in managing threat detection and response.

https://www.zdnet.com/article/employee-contractor-negligence-is-now-a-major-reason-for-insider-security-incidents/

22 Cyber Security Myths Organisations Need To Stop Believing In 2022

Security teams trying to defend their organisations need to adapt quickly to new challenges. Yesterday’s buzzwords and best practices have become today’s myths.

The past few years have seen a dramatic shift in how organisations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.

This convoluted environment requires a new mindset to defend, and things that might have held true in the past might no longer be useful. Can digital certificates' expiration dates still be managed in a spreadsheet? Is encryption 'magic dust'? And are humans actually the weakest link?

Security experts weigh in the 22 cyber security myths that we finally need to retire in 2022.

https://www.csoonline.com/article/3648048/22-cybersecurity-myths-organisations-need-to-stop-believing-in-2022.html

Android Malware Can Factory-Reset Phones After Draining Bank Accounts

A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean.

Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. The malware spread primarily through Google Play but also through third-party marketplaces, push notifications on compromised websites, sponsored links on Google, and messages delivered by WhatsApp or SMS. At the time, Brata targeted people with accounts from Brazil-based banks.

https://arstechnica.com/information-technology/2022/01/android-malware-can-factory-reset-phones-after-draining-bank-accounts/

GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study

Fines issued for GDPR non-compliance increased sevenfold from 2020 to 2021, analysis shows

In its latest annual GDPR summary, international law firm DLA Piper focuses attention in two areas: fines imposed and the evolving effect of the Schrems II ruling of 2020. Fines are increasing and Schrems II issues are becoming more complex.

Fines issued for GDPR non-compliance increased significantly (sevenfold) in 2021, from €158.5 million (approximately $180 million) in 2020 to just under €1.1 billion (approximately $1.25 billion) in 2021. The largest fines came from Luxembourg against Amazon (€746 million / $846 million), and Ireland against WhatsApp (€225 million / $255 million). Both are currently being appealed.

The WhatsApp fine is interesting. The original fine proposed by the Irish Data Protection Commission (DPC) was for €30 million to €50 million. However, other European regulators objected, and the European Data Processing Board (EDPB) adjudicated – instructing Ireland to increase the fine by 350%.

https://www.securityweek.com/gdpr-fines-surged-sevenfold-125-billion-2021-study

Cyber Security In 2022 – A Fresh Look At Some Very Alarming Stats

Last year Forbes wrote a couple of articles  that highlighted some of the more significant cyber statistics associated with our expanding digital ecosystem.  In retrospect, 2021 was a very trying year for cyber security in so many areas. There were high profile breaches such as Solar Winds, Colonial Pipeline and dozens of others that had major economic and security related impact.  Ransomware came on with a vengeance targeting many small and medium businesses.  

Perhaps most worrisome was how critical infrastructure and supply chains security weaknesses were targeted and exploited by adversaries at higher rates than in the past.  Since it is only January, we are just starting to learn of some of the statistics that certainly will trend in 2022.  By reviewing the topics below, we can learn what we need to fortify and bolster in terms of cyber security throughout the coming year.

https://www.forbes.com/sites/chuckbrooks/2022/01/21/cybersecurity-in-2022--a-fresh-look-at-some-very-alarming-stats/

Buy now, pay later fraud, romance and cryptocurrency schemes top the list of threats this year

Experian released its annual forecast, which reveals five fraud threats for the new year. With consumers continuing to take a digital-first approach to everything from shopping, dating and investing, fraudsters are finding new and innovative ways to commit fraud.

The main areas they are predicting seeing rises in fraud are:

-Buy now, pay never

-Cryptocurrency scams

-Doubling ransomware attacks

-More increases in romance fraud

-Digital elder abuse will rise

https://www.helpnetsecurity.com/2022/01/26/fraud-threats-this-year/

Threats

Ransomware

• Ransomware: More Families, More Vulnerabilities, More Weaponry Dominate 2021 - MSSP Alert

• Linux Version Of LockBit Ransomware Targets VMware ESXi Servers (bleepingcomputer.com)

• BlackCat Ransomware Targeting US, European Retail, Construction And Transportation Orgs | ZDNet

• Conti Ransomware Hits Apple, Tesla Supplier - The Record by Recorded Future

Phishing

• There's Been A Big Rise In Phishing Attacks Using Microsoft Excel XLL Add-Ins | ZDNet

• Microsoft warns of multi-stage phishing campaign leveraging Azure AD (bleepingcomputer.com)

• Evolved phishing: Device Registration Trick Adds To Phishers’ Toolbox For Victims Without MFA - Microsoft Security Blog

Other Social Engineering

• Coronavirus SMS Scam Offers Home PCR Testing Devices – Don’t Fall For It! – Naked Security (sophos.com)

Malware

• Trickbot Injections Get Harder to Detect & Analyze (darkreading.com)

• Log4j: Mirai Botnet Found Targeting ZyXEL Networking Devices | ZDNet

• Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks (thehackernews.com)

• TrickBot Malware Using New Techniques to Evade Web Injection Attacks (thehackernews.com)

Mobile

• 105 Million Android Users Targeted By Subscription Fraud Campaign (bleepingcomputer.com)

• 2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan | Ars Technica

• New FluBot And TeaBot Campaigns Target Android Devices Worldwide (bleepingcomputer.com)

• Latest Version Of Android RAT BRATA Wipes Devices After Stealing Data - Security Affairs

• Is Google Tracking Your Location Even When You Think You’ve Turned It Off? US States Sue Over “Deception” • Graham Cluley

IoT

• As IoT Attacks Increase, Experts Fear More Serious Threats (darkreading.com)

• Mirai Splinter Botnets Dominate IoT Attack Scene | ZDNet

• Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHub (darkreading.com)

• 19-Year-Old Describes How He Remotely Hacked 25+ Teslas (businessinsider.com)

Data Breaches/Leaks

• 'We're Losing Control Of Our Data' As Breaches Reach An All-Time High | ZDNet

• Personal Identifying Information For 1.5 Billion Users Was Stolen In 2021, But From Where? - TechRepublic

Organised Crime & Criminal Actors

• Russia Makes More Arrests, But Cyber Crime-Harbouring Reputation Hard To Shake (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking

• People Are Still Getting Pwned a Week After a Crypto Hack Was ‘Contained’ (vice.com)

Supply Chain

• Aqua Security Reports Large Increase in Supply Chain Attacks (infoq.com)

DoS/DDoS

• Microsoft Mitigates Largest DDoS Attack 'Ever Reported In History' (bleepingcomputer.com)

• Nobel Foundation Site Hit By DDoS Attack On Award Day (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Over 20,000 Data Center Management Systems Exposed To Hackers (bleepingcomputer.com)

• Energy Sector Still Needs to Shut the Barn Door (darkreading.com)

Nation State Actors

• North Korean Hackers Using Windows Update Service to Infect PCs with Malware (thehackernews.com)

• Russian APT29 Hackers' Stealthy Malware Undetected For Years (bleepingcomputer.com)

• North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware (thehackernews.com)

• German Intel Warns Of APT27 Targeting Commercial Organisations - Security Affairs

• Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign (darkreading.com)

• APTs Quiet Ahead Of Beijing Games, But Financially Motivated Hackers Are Still Lurking, Research Says - CyberScoop

Cloud

• Top 5 Cloud Security Data Breaches in Recent Years (makeuseof.com)

• Molerats Group Uses Public Cloud Services As Attack Infrastructure - Security Affairs

Privacy

• UK’s Privacy Tsar Mounts Fierce Defence of End-to-End Encryption - Infosecurity Magazine

Passwords & Credential Stuffing

• 65% Of Organisations Continue To Rely On Shared Logins - Help Net Security

• Strong Security Starts With The Strengthening Of The Weakest Link: Passwords - Help Net Security

• Has That Password Been Compromised? - IT Security Guru

Spyware, Espionage & Cyber Warfare

• DazzleSpy: Pro-Democracy Org Hijacked To Become macOS Spyware Distributor | ZDNet

Vulnerabilities

• Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’ | Threatpost

• Outlook Security Feature Bypass Allowed Sending Malicious Links | SecurityWeek.Com

• Attackers Now Actively Targeting Critical SonicWall RCE Bug (bleepingcomputer.com)

• Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans? (thehackernews.com)

• Apple Fixes New Zero-Day Exploited To Hack macOS, iOS Devices (bleepingcomputer.com)

• F5 Fixes 25 Flaws In BIG-IP, BIG-IQ, and NGINX Products - Security Affairs

Sector Specific

Health/Medical/Pharma Sector

• Healthcare Industry Most Common Victim Of Third-Party Breaches Last Year - Help Net Security

Education and Academia

• Education Sector Hounded By Cyber Attacks In 2021 | CSO Online

• Reports Published in the Last Week

• Identity Theft Resource Center’s 2021 Annual Data Breach Report Sets New Record for Number of Compromises - ITRC (idtheftcenter.org)

• Experian plc - Experian’s Annual Future of Fraud Forecast Predicts Five Key Threats for Businesses and Consumers in 2022

• Aqua Security Reports Large Increase in Supply Chain Attacks (infoq.com)

Other News

• Cyber Security: 11 Steps To Take As Threat Levels Increase | ZDNet

• Right of Boom: Can Your MSP Really Survive A Cyber Attack? - MSSP Alert

• Are You Prepared to Defend Against a USB Attack? (darkreading.com)

• Prioritizing And Remediating Vulnerabilities In The Wake Of Log4J and Microsoft's Patch Tuesday Blunder | CSO Online

• VW Fired Senior Employee After They Raised Cyber Security Concerns | Financial Times

• Microsoft Outlook RCE Zero-Day Exploits Now Selling For $400,000 (bleepingcomputer.com)

• Hackers Are Taking Over CEO Accounts With Rogue OAuth Apps (bleepingcomputer.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Cyber Advisory – LockBit Ransomware Now Actively Targeting VMware ESXi Hosts

Executive Summary

LockBit, a ransomware gang that first came to prominence in 2021, has made improvements to its Ransomware-as-a-Service (RaaS), advertising that it will now actively target VMware ESXi virtual machines. VMware ESXi is a highly popular virtualisation platform and is found in most business environments globally and allows for the consolidation of software servers and services onto a single physical machine, saving both space and costs. The new LockBit features include the ability to find all running Virtual Machines (VMs) and manipulate their power states to ensure they are encrypted successfully.

What’s the risk to me or my business?

Due to the popularity of ESXi, there is an increased risk to those running the platform. The changes demonstrate that RaaS operators are keenly aware that businesses present lucrative targets, actively implementing features that have the greatest potential for harm in an enterprise environment.

What can I do?

Ensure that your systems and services across your network remain up-to-date and current. Attackers will often use a combination of bugs, vulnerabilities and misconfigurations to breach an environment before going on to exploit other devices. For ESXi specifically, consider disabling Secure Shell (SSH) if enabled, and ensure the use of TLS (HTTPS) on any exposed web interfaces.

Need help understanding your gaps, or just want some advice? Get in touch with us.

Black Arrow Cyber Advisory – “PwnKit” Bug Allows Low Level Access on the Ubiquitous Linux Operating System

Executive Summary

Security researchers have revealed a new toolkit bug in the Linux operating system, the software that drives most of the world. Linux is found everywhere, from firewalls and network switches to cars and huge industrial machines. The tool, ‘pkexec’, was found to be vulnerable to privilege escalation, allowing an attacker to gain root or administrator privileges with ease.

What’s the risk to me or my business?

As Linux runs in almost every environment in the world, an attacker with access to the system could exploit the vulnerability to take control. The attack can become particularly potent when used in combination with other exploits on an unpatched system. Security researchers note the attack is ‘trivially exploitable’, leading to a dangerous situation if a system is indeed susceptible.

What can I do?

A patch has been issued for the bug, which should be implemented as soon as possible on any device that may be running Linux. It is recommended that systems in general be patched as often as practicable to reduce overall risk.

Technical Summary

Security researchers have disclosed a buffer overflow attack in Polkit, a tool allowing programs without special privileges to run safely with services requiring root. The bug exploits environment variables, allowing an attacker to use NULL references to craft the overflow. As a result a malicious user could, even on an account with minimal privileges, use the misalignment to introduce dangerous environment variables to elevate their session.

Need help understanding your gaps, or just want some advice? Get in touch with us.

Black Arrow Cyber Advisory – 20,000 HP Servers Have Their Management Interface Exposed to the Internet

Executive Summary

Integrated Lights Out (iLO) is a low-level management interface on Hewlett-Packard (HP) servers, intended for out-of-band or outside-of-operating system access. The service is most used by IT staff managing the device for remote support operations, such as powering the system off, updating firmware or viewing the display via the network. Despite a recent and serious bug dubbed ‘iLOBleed’, approximately 24,000 iLO devices are still exposed to the internet and searchable with Google.

What’s the risk to me or my business?

HP servers are very common in business settings and remain the popular choice globally. Most of these servers come with iLO pre-installed, which makes them a lucrative target to attackers when vulnerable, particularly given their low-level access. In combination with vulnerabilities like ‘iLOBleed’, remotely exposing iLO to the web presents a low hanging fruit that may be too attractive to pass up.

What can I do?

Check with your IT team or MSP to ensure that you aren’t exposing anything to the web that shouldn’t be there, even beyond iLO. Misconfigurations or services such as Universal Plug and Play (UPNP) can expose devices without your knowledge, leaving you open to attack where the exposed systems are vulnerable.

Need help understanding your gaps, or just want some advice? Get in touch with us.

Now we can hold in person events again our next open cyber education and awareness session is on 14 February - Valentines Day!

Open sessions are £150 per person and firms can send 1-14 members of staff along. Ideal for new starters, someone who would benefit from refresher training or any other staff that would benefit.

Contact training@blackarrowcyber.com or call 711 988 to book places.

Over the past few weeks, the global media has been alerting us all to the prospect of aggressive action by Russia in Ukraine. The US has warned of imminent acts of provocation to create a pretext to invade Ukraine, and today the UK has started to withdraw embassy staff.

Conflict is no longer restricted to the physical world. We might think we are a safe distance away from the front line, but modern warfare does not care about international borders.

The last time Russia took aggressive action against Ukraine, companies across the world found themselves victim of an attack that got out of control. Russia was named by several intelligence agencies as having injected the NotPetya encrypting malware through a Ukrainian tax preparation software in 2017 to target Ukrainian assets. The situation eventually spiralled to infect thousands of businesses across the world, causing serious damage.

The situation could be more serious this time. The risk of damage to companies in the Channel Islands and UK from a Russian cyber attack increases further when sides are taken, with the US, UK and other allied nations likely to take up at least some degree of involvement. The British Government for example, plans to invest £5 billion in retaliatory cyber attacks, creating their very own “Cyber Force” to target hostile states.

We need to learn from this, and we advise you to ensure you have appropriate controls in place to help protect yourself and if necessary to be able to recover if you are affected by an attack. These controls must be across people, operations and technology; it is impossible for technology alone to give the necessary protection.

Contact us for help to understand your risks and your security gaps.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Risks Top Worldwide Business Concerns In 2022

Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the COVID-19 pandemic, all of which have heavily affected firms in the past year.

Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey’s history (44% of responses), Business interruption drops to a close second (42%) and Natural catastrophes ranks third (25%), up from sixth in 2021. Climate change climbs to its highest-ever ranking of sixth (17%, up from ninth), while Pandemic outbreak drops to fourth (22%).

The annual survey incorporates the views of 2,650 experts in 89 countries and territories, including CEOs, risk managers, brokers and insurance experts. View the full global and country risk rankings.

https://www.helpnetsecurity.com/2022/01/20/cyber-concern-2022/

Bosses Think That Security Is Taken Care Of: CISOs Aren't So Sure

The World Economic Forum warns about a significant gap in understanding between C-suites and information security staff - but it's possible to close the gap.

Organisations could find themselves at risk from cyberattacks because of a significant gap between the views of their own security experts and the boardroom.

The World Economic Forum's new report, The Global Cyber Security Outlook 2022, warns there are big discrepancies between bosses and information security personnel when it comes to the state of cyber resilience within organisations.

According to the paper, 92% of business executives surveyed agree that cyber resilience is integrated into enterprise risk management strategies – or in other words, protecting the organisation against falling victim to a cyberattack, or mitigating the incident so it doesn't result in significant disruption.

However, only 55% of security-focused executives believe that cyber resilience is integrated into risk management strategies – indicating a significant divide in attitudes to cyber security.

This gap can leave organisations vulnerable to cyberattacks, because boardrooms believe enough has been done in order to mitigate threats, while in reality there could be unconsidered vulnerabilities or extra measures put in place.

https://www.zdnet.com/article/managers-think-their-systems-are-unbreakable-cybersecurity-teams-arent-so-sure/

Fraud Is On the Rise, and It's Going to Get Worse

The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud.

As more daily activities — work, education, shopping, and entertainment — shift online, fraud is also on the rise. A trio of recent reports paint a bleak picture, highlighting concerns that companies are experiencing increasing losses from fraud and that the situation will get worse over the coming year.

In KPMG's survey of senior risk executives, 67% say their companies have experienced external fraud in the past 12 months, and 38% expect the risk of fraud committed by external perpetrators to somewhat increase in the next year. External fraud, which includes credit card fraud and identity theft, is specifically referring to incidents perpetuated by individuals outside the company. For most of these respondents, there was a financial impact: Forty-two percent say their organisations experienced 0.5% to 1% of loss as a result of fraud and cybercrime.

https://www.darkreading.com/edge-articles/fraud-is-on-the-rise-and-its-going-to-get-worse

Two-Fifths of Ransomware Victims Still Paying Up

Two-fifths (39%) of ransomware victims paid their extorters over the past three years, with the majority of these spending at least $100,000, according to new Anomali research.

The security vendor hired The Harris Poll to complete its Cyber Resiliency Survey – interviewing 800 security decision-makers in the US, Canada, the UK, Australia, Singapore, Hong Kong, India, New Zealand, the UAE, Mexico and Brazil.

Some 87% said their organisation had been the victim of a successful attack resulting in damage, disruption, or a breach since 2019. However, 83% said they’d experienced more attacks since the start of the pandemic.

Over half (52%) were ransomware victims, with 39% paying up. Of these, 58% gave their attackers between $100,000 and $1m, while 7% handed over more than $1m.

https://www.infosecurity-magazine.com/news/two-fifths-ransomware-victims/

Less Than a Fifth of Cyber Leaders Feel Confident Their Organisation is Cyber-Resilient

Less than one-fifth (17%) of cyber leaders feel confident that their organisations are cyber-resilient, according to the World Economic Forum (WEF)’s inaugural Global Cyber Security Outlook 2022 report.

The study, written in collaboration with Accenture, revealed there is a wide perception gap between business executives and security leaders on the issue of cyber security. For example, 92% of businesses believe cyber-resilience is integrated into their enterprise risk-management strategies, compared to just 55% of cyber leaders.

This difference in attitude appears to be having worrying consequences. The WEF said that many security leaders feel that they are not consulted in security decisions, and only 68% believe cyber-resilience forms a major part of their organisation’s overall corporate risk management.

In addition, over half (59%) of all cyber leaders admitted they would find it challenging to respond to a cyber security incident due to a shortage of skills within their team.

Supply chain security was another major concern among cyber leaders, with almost nine in 10 (88%) viewing SMEs as a key threat to supply chains.

Interestingly, 59% of cyber leaders said cyber-resilience and cyber security are synonymous, with the differences not well understood.

https://www.infosecurity-magazine.com/news/cyber-leaders-organisation/

Endpoint Malware And Ransomware Detections Hit All-Time High

Endpoint malware and ransomware detections surpassed the total volume seen in 2020 by the end of Q3 2021, according to researchers at the WatchGuard Threat Lab. In its latest report, WatchGuard also highlights that a significant percentage of malware continues to arrive over encrypted connections.

While zero-day malware increased by just 3% to 67.2% in Q3 2021, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. Data shows that many organisations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks.

https://www.helpnetsecurity.com/2022/01/20/endpoint-malware-ransomware-detections-q3-2021/

End Users Remain Organisations' Biggest Security Risk

With the rapid adoption of hybrid working environments and increased attacks, IT and security professionals worry that future data breaches will most likely be the result of end users who are negligent of or break security policy, according to a recent Dark Reading survey. The percentage of respondents in Dark Reading's 2021 Strategic Security Survey who perceive users breaking policy as the biggest risk fell slightly, however, from 51% in 2020 to 48% in 2021. Other potential issues involving end users showed improvements as well, with social engineering falling in concern from 20% to 15% and remote work worries halving from 26% to 13%.

While this trend is positive, it's unclear where the increased confidence comes from, since more people now report ineffective end-user security awareness training (11%, to 2020's 7%).

Respondents shared their heightened concern about well-funded attacks. In 2021, 25% predicted an attack targeted at their organisations (a rise from 2020, when 20% said the same), and fear of a nation-state-sponsored action rose to 16% from 9% the year before. Yet only 16% reported sophisticated, automated malware as a top concern, a 10% drop from 2020, and fear of a gap between security and IT advances only merited 9%. A tiny 3% worried that their security tools wouldn't work well together, dropping from the previous year's 10%.

https://www.darkreading.com/edge-threat-monitor/despite-rise-of-third-party-concerns-end-users-still-the-biggest-security-risk

Supply Chain Disruptions Rose In 2021

56% of businesses experienced more supply chain disruptions in 2021 than 2020, a Hubs report reveals.

Last year was marked by a number of challenges, including computer chip shortages, port congestion, the ongoing impacts of COVID-19, logistics impediments, and energy crises, though with every hurdle faced, solutions are being sought. It is increasingly clear that while certain risks are hard to anticipate and difficult to plan for, it is possible to mitigate the effects of supply chain disruptions by establishing a robust and agile supply chain.

Over 98% of global companies are now planning to boost the resilience of their manufacturing supply chains, however, 37% have yet to implement any measures. As businesses develop long term strategies, over 57% of companies say diversification of their supply chains is the most effective way of building resilience. This report explores last year’s most disruptive events, how disruptions have changed over time, industry trends and strategies for strengthening manufacturing supply chains.

https://www.helpnetsecurity.com/2022/01/19/supply-chain-disruptions-2021/

Red Cross Begs Attackers Not to Leak Stolen Data for 515K People

A cyber attack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. UPDATE: The ICRC says it’s open to confidentially communicating with the attacker.

The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ “highly vulnerable” people. The data was stolen from a program used to reunite family members split apart by war, disaster or migration.

“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Robert Mardini, the director general of the International Committee for the Red Cross (ICRC), said in a release on Wednesday. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

https://threatpost.com/red-cross-begs-attackers-not-to-leak-515k-peoples-stolen-data/177799/

DHL Dethrones Microsoft As Most Imitated Brand In Phishing Attacks

DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth.

This isn't surprising considering that the final quarter of every year includes the Black Friday, Cyber Monday, and Christmas shopping season, so phishing lures based on package deliveries naturally increase.

DHL is an international package delivery and express mail service, delivering over 1.6 billion parcels per year.

As such, phishing campaigns impersonating the brand have good chances of reaching people who are waiting for a DHL package to arrive during the holiday season.

The specific lures range from a package that is stuck at customs and requires action for clearance to supposed tracking numbers that hide inside document attachments or embedded links.

https://www.bleepingcomputer.com/news/security/dhl-dethrones-microsoft-as-most-imitated-brand-in-phishing-attacks/

Threats

Ransomware

• New White Rabbit Ransomware Linked To FIN8 Hacking Group (bleepingcomputer.com)

• Conti Ransomware Gang Started Leaking Files Stolen From Bank Indonesia - Security Affairs

• This New Ransomware Comes With A Small But Dangerous Payload | ZDNet

• FBI Warning: This New Ransomware Makes Demands Of Up To $500,000 | ZDNet

• Experts Warn Of Attacks Using A New Linux Variant Of SFile Ransomware - Security Affairs

• SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack | Threatpost

• FBI Warns Organisations of Diavol Ransomware Attacks | SecurityWeek.Com

• Marketing Giant RRD Confirms Data Theft In Conti Ransomware Attack (bleepingcomputer.com)

• After Ransomware Arrests, Some Dark Web Criminals Are Getting Worried | ZDNet

BEC – Business Email Compromise

• Nigerian Authorities Arrest 11 Members of Prolific BEC Fraud Group | SecurityWeek.Com

Phishing

• Phishing Impersonates Shipping Giant Maersk To Push STRRAT Malware (bleepingcomputer.com)

• #COVID19 Phishing Emails Surge 500% on Omicron Concerns - Infosecurity Magazine

• Financially Motivated Earth Lusca Threat Actors Targets Orgs Worldwide - Security Affairs

Malware

• Microsoft Details Recent Damaging Malware Attacks on Ukrainian Organisations (darkreading.com)

• Custom-Written Malware Discovered Across Windows, MacOS, And Linux Systems | TechSpot

• Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

• Ukraine: Wiper Malware Masquerading As Ransomware Hits Government Organisations - Help Net Security

• Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware (thehackernews.com)

• Linux Malware Is On The Rise. Here Are Three Top Threats Right Now | ZDNet

• Malware That Can Survive OS Reinstalls Strikes Again, Likely for Cyber Espionage | PCMag

• New MoonBounce UEFI Malware Used By Apt41 In Targeted Attacks (bleepingcomputer.com)

Data Breaches/Leaks

• Exposed Records Exceeded 40 Billion In 2021 - Help Net Security

• European Regulators Hand Out €1.1bn in GDPR Fines - Infosecurity Magazine

Organised Crime & Criminal Actors

• Financially Motivated Earth Lusca Threat Actors Targets Orgs Worldwide - Security Affairs

• A Hacker Is Negotiating With Victims on the Blockchain After $1.4M Heist (vice.com)

• FBI & European Police Take Down Computer Servers Used In Major Cyberattacks Worldwide - CNNPolitics

• Europol Shuts Down VPNLab, Cyber Criminals' Favourite VPN Service (thehackernews.com)

Cryptocurrency/Cryptomining/Cryptojacking

• 2FA Bypassed in $34.6M Crypto.com Heist | Threatpost

• Cyber Criminals Actively Target VMware vSphere with Cryptominers | Threatpost

• New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets (thehackernews.com)

• Cheap Malware Is Behind A Rise In Attacks On Cryptocurrency Wallets | ZDNet

Insider Risk and Insider Threats

• Research: Why Employees Violate Cyber Security Policies (hbr.org)

• What CISOs Can Learn About Insider Threats From Iran's Human Espionage Tactics | CSO Online

Fraud, Scams & Financial Crime

• How Buy Now, Pay Later Is Being Targeted By Fraudsters - Help Net Security

• Romance Scammer Who Targeted 670 Women Gets 28 Months In Jail – Naked Security (sophos.com)

Insurance

• Merck Awarded $1.4B Insurance Payout over NotPetya Attack | Threatpost

CNI, OT, ICS, IIoT and SCADA

• UK Mulls Making MSPs Subject To Mandatory Security Standards • The Register

• ‘Anomalous’ Spyware Stealing Credentials In Industrial Firms (bleepingcomputer.com)

• European Union Simulated A Cyber Attack On A Fictitious Finnish Power Company - Security Affairs

Nation State Actors

• Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure (thehackernews.com)

• Ukraine Cyber Attack Timeline: Microsoft, CISA, White House and Kyiv Statements - MSSP Alert

• Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks (thehackernews.com)

• Security Scanners Across Europe Tied To China Govt, Military | AP News

Cloud

• Attackers Use Public Cloud Providers To Spread RATs | CSO Online

Privacy

• UK.Gov's No Place To Hide campaign flops on launch • The Register

Passwords & Credential Stuffing

• Your Keyboard Walking Password Isn’t Complex Or Secure – Review Geek

• Box Flaw Allowed To Bypass MFA And Takeover Accounts - Security Affairs

Spyware, Espionage & Cyber Warfare

• Malware That Can Survive OS Reinstalls Strikes Again, Likely for Cyber Espionage | PCMag

Vulnerabilities

• CISA Adds 13 Exploited Vulnerabilities To List, 9 with Feb. 1 Remediation Date | ZDNet

• Microsoft RDP Vulnerability Makes It A Breeze For Attackers To Become Men-In-The-Middle - TechRepublic

• High-Severity Vulnerabilities Patched in McAfee Enterprise Product | SecurityWeek.Com

• Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM (thehackernews.com)

• A bug in McAfee Agent allows to run code with SYSTEM privileges - Security Affairs

• Zoho Fixes A Critical Vulnerability (CVE-2021-44757) in Desktop Central - Security Affairs

• Ubuntu Patch For Heap Buffer Overflow Vulnerability • The Register

• Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers (thehackernews.com)

• Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks (thehackernews.com)

• F5 Patches Two Dozen Vulnerabilities in BIG-IP | SecurityWeek.Com

• McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges | Threatpost

• Oracle Critical Patch Update for January 2022 will fix 483 new flaws - Security Affairs

• 20K WordPress Sites Exposed by Insecure Plugin REST-API | Threatpost

• Nasty Linux Kernel Bug Found And Fixed | ZDNet

• Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software (thehackernews.com)

• Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks (thehackernews.com)

• Critical SAP Vulnerability Allows Supply Chain Attacks | SecurityWeek.Com

• Zoho Plugs Another Critical Security Hole In Desktop Central (bleepingcomputer.com)

• Safari Exploit Can Leak Browser Histories And Google Account Info | Engadget

Sector Specific

Financial Services Sector

• Singapore Pushed To Introduce Security Measures Amidst Online Banking Scams | ZDNet

Health/Medical/Pharma Sector

• More Than Half Of Medical Devices Found To Have Critical Vulnerabilities | ZDNet

• Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack | SecurityWeek.Com

Retail

• PCI SSC Updates Card Security Standards To Secure The Card Production Process - Help Net Security

Education and Academia

• Kids Won’t Stop Launching DDoS Attacks Against Their Schools | TechRadar

Other News

• Biggest MSP Takeaways From The Apache Log4j Vulnerability - MSSP Alert

• The Emotional Stages Of A Data Breach: How To Deal With Panic, Anger, And Guilt | CSO Online

• The Log4j Vulnerability Puts Pressure on the Security World | Threatpost

• Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes (thehackernews.com)

• BadUSB explained: How rogue USBs threaten your organisation | CSO Online

• Millions of UK Wi-Fi Routers Vulnerable To Security Threats - IT Security Guru

• NATO, Ukraine Sign Deal to 'Deepen' Cyber Cooperation | SecurityWeek.Com

• UK Umbrella Company Parasol Group Confirms Cyber Attack • The Register

• MPs Criticise Cyber Agency For Not Aiding China Rights Group After It Was Hacked | China | The Guardian

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Businesses Suffered 50% More Cyber Attack Attempts per Week in 2021

Cyberattack attempts reached an all-time high in the fourth quarter of 2021, jumping to 925 a week per organisation, partly due to attempts stemming from the Log4j vulnerability, according to new data.

Check Point Research on Monday reported that it found 50% more attack attempts per week on corporate networks globally in calendar year 2021 compared with 2020.

The researchers define a cyberattack attempt as a single isolated cyber occurrence that could be at any point in the attack chain — scanning/exploiting vulnerabilities, sending phishing emails, malicious website access, malicious file downloads (from Web/email), second-stage downloads, and command-and-control communications.

https://www.darkreading.com/attacks-breaches/corporate-networks-saw-50-more-attacks-per-week-in-2021-

Cyber Attacks Against MSPs Jump 67%

Cyber attacks spiked by 50 percent in 2021 as compared to 2020, aided by millions of attacks in December by hackers attempting to exploit the Log4J vulnerability, according to a Check Point Software Technologies research report.

In terming 2021 a “record breaking year,” the security provider pointed to a worldwide peak of 925 cyber attacks per organisation weekly and an October 2021 measure that showed a 40 percent increase in cyberattacks, with one out of every 61 entities hit by ransomware each week. The number of cyberattacks on managed service providers (MSPs) and internet service providers (ISPs) rose by nearly 70 percent year over year.

https://www.msspalert.com/cybersecurity-news/cyberattacks-vs-msps-skyrocket/

SMEs Still An Easy Target For Cyber Criminals

Cyber crime continues to be a major concern, with 51% of SMEs experiencing a cyber security breach, a Markel Direct survey reveals.

In this survey that polled 1000 respondents, Markel Direct explored the issue of cybercrime and its impact on the self-employed and SMEs. The survey found the most common cybersecurity attacks were malware/virus related (24%) followed by a data breach (16%) and phishing attack (15%), with 68% reporting the cost of their breach was up to £5,000.

This comes after the latest Quarterly Fraud and Cyber Crime Report revealed that Britons lost over £1 billion in the first six months of 2021, due to the considerable increase in fraudulent activity.

https://www.helpnetsecurity.com/2022/01/12/smes-cybersecurity-breach/

World Economic Forum: Cyber Security Failures an Increasing Global Threat

Cybersecurity was once again identified as a major short and medium-term threat to the world in this year’s World Economic Forum’s (WEF’s) The Global Risk Report. The analysis was based on insights from nearly 1000 global experts and leaders who responded to the WEF’s Global Risks Perception Survey (GRPS).

Perhaps unsurprisingly, environmental issues like climate action failure and extreme weather ranked highest on the risks facing the world over the short (0-2 years), medium (2-5 years) and long-term (5-10 years). In addition, a number of challenges exacerbated by the pandemic, such as livelihood crises, infectious diseases and mental health deterioration, also scored highly. Overall, this added up to a pessimistic assessment, with 84.2% of respondents stating they were either “worried” or “concerned” about the global outlook.

Digital challenges, such as “cyber security failures,” were also viewed as a significant and growing problem to the world. Nearly one in five (19.5%) respondents believe cybersecurity failures will be a critical threat to the world in just the next 0-2 years, and 14.6% said it would be in 2-5 years

https://www.infosecurity-magazine.com/news/world-economic-forum-cybersecurity/

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Microsoft started 2022 with a large January Patch Tuesday update covering nine critical CVEs, including a self-propagator with a 9.8 CVSS score.

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days.

The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP).

https://threatpost.com/microsoft-wormable-critical-rce-bug-zero-day/177564/

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations.

The surprise takedown, which it said was carried out at the request of the US authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organised cyber crime syndicate.

"In order to implement the criminal plan, these persons developed malicious software, organised the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet," the FSB said in a statement.

In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means.

https://thehackernews.com/2022/01/russia-arrests-revil-ransomware-gang.html

North Korea Hackers Stole $400m Of Cryptocurrency In 2021, Report Says

North Korean hackers stole almost $400m (£291m) worth of digital assets in at least seven attacks on cryptocurrency platforms last year, a report claims.

Blockchain analysis company Chainalysis said it was one of most successful years on record for cyber-criminals in the closed east Asian state.

The attacks mainly targeted investment firms and centralised exchanges.

North Korea has routinely denied being involved in hack attacks attributed to them.

"From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," Chainalysis said in a report.

https://www.bbc.co.uk/news/business-59990477

No Lights, No Heat, No Money - That's Life In Ukraine During Cyber Warfare

Hackers who defaced and interrupted access to numerous Ukrainian government websites on Friday could be setting the stage for more serious cyberattacks that would disrupt the lives of ordinary Ukrainians, experts said.

"As tensions grow, we can expect more aggressive cyber activity in Ukraine and potentially elsewhere," said John Hultquist, an intelligence analyst at US cyber security company Mandiant, possibly including "destructive attacks that target critical infrastructure."

"Organisations need to begin preparing," Hultquist added.

Intrusions by hackers on hospitals, power utility companies, and the financial system were until recently rare. But organised cyber criminals, many of them living in Russia, have gone after institutions aggressively in the past two years with ransomware, freezing data and computerized equipment needed to care for hospital patients.

In some cases, those extortion attacks have led to patient deaths, according to litigation, media reports and medical professionals.

https://www.reuters.com/world/europe/no-lights-no-heat-no-money-thats-life-ukraine-during-cyber-warfare-2022-01-14/

Ukrainian Police Arrest Five Members Of Ransomware Affiliate

Ukrainian police announced the arrest of five members of a ransomware affiliate on Thursday, noting that the group was behind attacks on more than 50 companies across Europe and the US.

In a statement, both the Ukrainian Security Service and Ukrainian Cyber Police said the group made at least $1 million through their attacks on the companies.

US and UK law enforcement officials worked with Ukrainian officials on the operation.

Officials said the leader of the group was a 36-year-old who worked with his wife and three other people out of Kyiv. The five are facing a variety of charges in Ukraine related to money laundering, hacking, and selling malware.

One of the people charged is wanted by law enforcement agencies in UK after "using a virus to obtain bank card details of the customers of British banks," according to the police statement.

The bank card details were used to buy things online that were then resold.

https://www.zdnet.com/article/ukrainian-police-arrest-members-of-ransomware-affiliate/

Fingers Point To Lazarus, Cobalt, Fin7 As Key Hacking Groups Attacking Finance Industry

The Lazarus, Cobalt, and FIN7 hacking groups have been labeled as the most prevalent threat actors striking financial organisations today.

According to "Follow the Money," a new report (.PDF) published on the financial sector by Outpost24's Blueliv on Thursday, members of these groups are the major culprits of theft and fraud in the industry today.

The financial sector has always been, and possibly always will be, a key target for cybercriminal groups. Organisations in this area are often custodians of sensitive personally identifiable information (PII) belonging to customers and clients, financial accounts, and cash.

They also often underpin the economy: if a payment processor or bank's systems go down due to malware, this can cause irreparable harm not only to the victim company in question, but this can also have severe financial and operational consequences for customers.

https://www.zdnet.com/article/fingers-point-to-lazarus-cobalt-fin7-as-key-hacking-groups-focused-on-finance-industry/

Ransomware, Supply Chain, And Deepfakes: The Top Threats The Finance Industry Needs To Prepare For

The finance industry is constantly targeted by numerous threat actors, and they are always innovating and trying new techniques (such as deepfakes) to outsmart security teams and breach an organisation’s network.

In addition to that, there is currently a huge demand for data and new tools on the dark web. In fact, users are selling access to point-of-sale (PoS) terminals and login details to the websites of financial services organisations all the time.

How can financial organisations protect themselves from existing threats and combat new ones at the same time?

https://www.helpnetsecurity.com/2022/01/12/finance-industry-threats/

Threats

Ransomware

• Night Sky Ransomware Is Attacking Corporate Networks For 800k Ransom - The Cybersecurity Times

• One Of The REvil Members Arrested Was Behind Colonial Pipeline Attack - Security Affairs

• Ransomware Is Being Rewritten In Go For Joint Attacks On Windows, Linux Users | IT PRO

• Inside a Ransomware Hit at Nordic Choice Hotels - WSJ

• Watch Out, That Microsoft Edge Update Is Actually Ransomware | TechRadar

• Qlocker Ransomware Returns To Target QNAP NAS Devices Worldwide (bleepingcomputer.com)

• Trends That Shaped Ransomware – And Why It’s Not Slowing Down - CyberScoop

Phishing

• Check Your SPF Records: Wide IP Ranges Undo Email Security And Make For Tasty Phishes | ZDNet

• Phishers Are Targeting Office 365 Users By Exploiting Adobe Cloud - Help Net Security

• Hackers Exploiting Microsoft Exchange Server Vulnerabilities in Enterprise Phishing Campaigns - MSSP Alert

• Real Big Phish: Mobile Phishing & Managing User Fallibility | Threatpost

Malware

• Microsoft Defender Weakness Lets Hackers Bypass Malware Detection (bleepingcomputer.com)

• New RedLine Malware Version Spread As Fake Omicron Stat Counter (bleepingcomputer.com)

• ‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS | Threatpost

• FluBot Malware Continues To Evolve. What's New In Ver 5.0 And Beyond? Security Affairs

• Oops: Cyberspies Infect Themselves With Their Own Malware (bleepingcomputer.com)

Mobile

• Android Users Can Now Disable 2G to Block Stingray Attacks (bleepingcomputer.com)

• EFF Praises Android’s New 2G Kill Switch, Wants Apple To Follow Suit | Ars Technica

• How To Protect Yourself Against Sim-Swapping Scams With Mobile Phone Fraud On The Rise (inews.co.uk)

IoT

• How a Hacker Controlled Dozens of Teslas Using a Flaw in Third-Party App (vice.com)

• Better Smart Home Security In 5 Easy Steps - CNET

Organised Crime & Criminal Actors

• Cyber Attacks On Corporations Hit Record Breaking Highs - IT Security Guru

Cryptocurrency/Cryptomining/Cryptojacking

• Abcbot Botnet Is Linked To Xanthe Cryptojacking Group | ZDNet

• North Korean Hackers Impersonate Major Crypto Investment Firm to Scam Startups (vice.com)

Insider Risk and Insider Threats

• Insider Threat Does Not Have To Be Malicious, So How Do You Protect Your Organisation? - Help Net Security

• Data Security In The Age Of Insider Threats: A Primer - Help Net Security

• Former DHS Official Charged With Stealing Govt Employees' PII (bleepingcomputer.com)

• Forensics Expert Kept Murder Snaps on PC - Infosecurity Magazine

Fraud, Scams & Financial Crime

• £92m Lost To Romance Scammers In 2021 - IT Security Guru

• ‘It Felt Like Losing A Husband’: The Fraudsters Breaking Hearts – And Emptying Bank Accounts | Relationships | The Guardian

DoS/DDoS

• Extortion DDoS Attacks Grow Stronger And More Common (Bleepingcomputer.Com)

• DDoS Attacks That Come Combined With Extortion Demands Are On The Rise | ZDNet

CNI, OT, ICS, IIoT and SCADA

• Manufacturers Are Starting To Realize The Importance Of OT Security - Help Net Security

• FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure (thehackernews.com)

• Critical Infrastructure Falls Short on Ransomware Readiness, Mitigation, Recovery - MSSP Alert

Nation State Actors

• Ukraine Hacks Add to Worries of Cyber Conflict With Russia | SecurityWeek.Com

• Destructive Malware Targeting Ukrainian Organisations - Microsoft Security Blog

• US Olympic Athletes Urged to Leave Phones Behind (gizmodo.com)

• Suspected Chinese Hackers Use Log4j Flaw To Deploy Night Sky Ransomware, Microsoft Warns - CyberScoop

• Russian Submarines Threatening Undersea Cables, UK Defence Chief Warns - Security Affairs

• Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor (thehackernews.com)

• US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence (thehackernews.com)

Cloud

• The Rising Threat Of Cyber Criminals Targeting Cloud Infrastructure In 2022 - Help Net Security

• 5 Top Hybrid Cloud Security Challenges | CSO Online

Passwords & Credential Stuffing

• 4 Ways Cyber Criminals Hide Credential Stuffing Attacks | CSO Online

Parental Controls and Child Safety

• UK Hacker Jailed for Spying on Children and Downloading Indecent Images (thehackernews.com)

Vulnerabilities

• CISA Adds 15 Exploited Vulnerabilities From Google, IBM, Microsoft, Oracle And More To Catalog | ZDNet

• Threat Actors Can Bypass Malware Detection Due To Microsoft Defender Weakness - Security Affairs

• noPac Exploit: Microsoft AD Flaw May Lead to Total Domain Compromise | CrowdStrike

• Adobe Fixes 4 Critical Reader Bugs That Were Demonstrated At Tianfu Cup - Security Affairs

• WordPress 5.8.3 Security Update Fixes SQL Injection, XSS Flaws (bleepingcomputer.com)

• WordPress Bugs Exploded in 2021, Most Exploitable | Threatpost

• Sonicwall SMA 100 VPN Box Security Hole Exploit Info Shared • The Register

• Cisco Patches Critical Vulnerability in Contact Center Products | SecurityWeek.Com

• Millions of Routers Exposed to RCE by USB Kernel Bug | Threatpost

• MacOS Bug Could Let Creeps Snoop On You | Threatpost

• Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws | SecurityWeek.Com

Sector Specific

Financial Services Sector

• When It Comes To Banking Security, There's No Silver Bullet - Help Net Security

SMBs – Small and Medium Businesses

• Over Half of SMEs Have Experienced a Cyber Security Breach - Infosecurity Magazine

Reports Published in the Last Week

• Finance Whitepaper. Digital risk management for FSIs. (blueliv.com)

Other News

• Hackers Penetrate 93% of Local Company Networks, Cyber Simulation Finds - MSSP Alert

• URL Parsing: A Ticking Time Bomb Of Security Exploits - TechRepublic

• Europol Told to Delete Vast Trove of Personal Information - Infosecurity Magazine

• The Race Towards Renewable Energy Is Creating New Cyber Security Risks | ZDNet

• What Is Clipboard Hijacking? How to Avoid Becoming a Victim (makeuseof.com)

• White House Reminds Tech Giants Open Source Is A National Security Issue (bleepingcomputer.com)

• Want To Improve Corporate Security? Prioritize Personal Security | ZDNet

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.