Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Advisory 15/06/2022 – Microsoft Patch Tuesday – ‘Follina’ vulnerability addressed with other security updates
Black Arrow Cyber Advisory 15/06/2022 – Microsoft Patch Tuesday – ‘Follina’ vulnerability addressed with other security updates.
Executive Summary
Microsoft’s June Patch Tuesday provides updates across all Windows platforms to address critical security issues. This includes updates that address a critical zero-day flaw which allows remote malicious access to the Microsoft Windows Support Diagnostic Tool (MSDT) through Microsoft Office, which has commonly been named ‘Follina’.
Internet Explorer is also set to officially retire today, meaning that going forward any legacy applications will need to be accessed using Microsoft Edge’s Internet Explorer Mode.
Security updates have also been released for other Microsoft products to tackle different issues.
What’s the risk to me or my business?
Security updates are available for all supported versions of Windows. As some of these updates address vulnerabilities that are known to be actively exploited, the updates should be applied as soon as possible.
What can I do?
Apply the available updates from Microsoft as soon as possible, while taking into consideration any potential downtime that these updates may cause.
If legacy applications are still present that require Internet Explorer, then access to these should be advised through Microsoft Edge’s Internet Explorer Mode. As these applications are very likely to be unsupported themselves, steps should be taken to either move away from the legacy applications, or to establish firm risk-based controls for protection and use of the applications.
Technical Summary
CVE-2022-30190 relate to the ‘Follina’ vulnerability. The timeline for the actual disclosure of this issue to Microsoft is not completely clear, there are reports that the issue was originally identified within a university dissertation back in August 2020, with multiple occasions after that where the issue had been reported to Microsoft without a formal CVE being raised. Microsoft has now raised a formal CVE: CVE-2022-30190 - Security Update Guide - Microsoft - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability and has supplied mitigation steps: Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response Center. As a high-level summary, the exploit works by having word download template information from an external source over the internet, which contains malicious code that can execute the MSDT software, which in itself can execute PowerShell commands.
Further details on specific updates within this months Patch Tuesday can be found here: Microsoft Windows Security Updates June 2022 overview - gHacks Tech News
Information on Microsoft Edge’s Internet Explorer Mode can be found here: What is Internet Explorer mode? | Microsoft Docs
Need help understanding your gaps, or just want some advice? Get in touch with us.
Black Arrow Cyber Threat Briefing 10 June 2022
Black Arrow Cyber Threat Briefing 10 June 2022
-Business Email Compromise (BEC) Attacks Have Risen 53% Year-Over-Year
-Ransomware Attacks Setting New Records
-Hackers Are Now Hiding Inside Networks for Longer. That's Not a Good Sign
-Paying Ransomware Paints Bigger Bullseye on Target’s Back
-Organisations Fix Only 1 in 10 Vulnerabilities Monthly
-Cyber Attack Surface "Spiralling Out of Control"
-Phishing Hits All-Time High in Q1 2022
-Ransomware's ROI Retreat Will Drive More BEC Attacks
-The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
-Why Smishing and Vishing Attempts Surged In 2021?
-Know Your Enemy! Learn How Cyber Crime Adversaries Get In…
-Small Businesses Struggle with an Increase in Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business Email Compromise (BEC) Attacks Have Risen 53% Year-Over-Year
Armorblox released a report which highlights the use of language-based attacks that bypass existing email security controls. The report uncovers how the continued increase in remote working has made critical business workflows even more vulnerable to new forms of email-based attacks, often resulting in financial fraud or credential theft.
Language-based attacks have become the new normal for business email compromise (BEC) with 74% of these attacks using language as the main attack vector.
Security teams spend a massive amount of time configuring rules and exceptions in their email security solutions to block impersonation emails – both for executives and other employees. Despite all of that manual work and rule writing, 70% of impersonation emails evaded email security controls.
https://www.helpnetsecurity.com/2022/06/06/language-based-attacks-email-video/
Ransomware Attacks Setting New Records
Zscaler released the findings of its annual ThreatLabz Ransomware Report, which revealed an 80 percent increase in ransomware attacks year-over-year.
In 2022, the most prevalent ransomware trends include double-extortion, supply chain attacks, ransomware-as-a-service, ransomware rebranding, and geo-political incited ransomware attacks. The report details which industries are being targeted the most by cyber criminals, explains the damage caused by double-extortion and supply chain attacks, and catalogues the most active ransomware groups operating today.
Modern ransomware attacks require a single successful asset compromise to gain initial entry, move laterally, and breach the entire environment, making legacy VPN and flat networks extremely vulnerable. Attackers are finding success exploiting weaknesses across businesses’ supply chains as well as critical vulnerabilities like Log4Shell, PrintNightmare, and others. And with ransomware-as-a-service available on the darkweb, more and more criminals are turning to ransomware, realising that the odds of receiving a big payday are high.
The tactics and scope of ransomware attacks have been steadily evolving, but the end goal continues to be a disruption of the target organisation and theft of sensitive information for the purposes of ransom. The size of the ransom often depends on the number of systems infected and the value of the data stolen: the higher the stakes, the higher the payment. In 2019, many ransomware groups updated their tactics to include data exfiltration, commonly referred to as a ‘double extortion’ ransomware.
https://www.helpnetsecurity.com/2022/06/07/ransomware-attacks-increase/
Hackers Are Now Hiding Inside Networks for Longer. That's Not a Good Sign
Cyber criminals are spending more time inside networks before they're discovered, and that's allowing them to do more damage.
The amount of time cyber criminal intruders are spending inside victims' networks is increasing, providing them with the ability to carry out higher complexity campaigns and more damaging cyber attacks.
According to analysis by cyber security researchers at Sophos, who examined incidents targeting organisations around the world and across a wide range of industry sectors, the median dwell time that cyber criminals spend inside compromised networks is now 15 days, up from 11 days the previous year.
Dwell time is the amount of time hackers are inside the network before they're discovered or before they leave – and being able to spend an increased amount of time inside a compromised network undetected means they're able to more carefully conduct malicious activity, such as monitoring users, stealing data or laying the foundations for a malware or ransomware attack.
Paying Ransomware Paints Bigger Bullseye on Target’s Back
Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.
Paying ransomware attackers doesn’t pay off and often paints a bigger target on a victim’s back. Eighty percent of ransomware victims that paid their attackers were hit a second time by the malware scourge.
New ransomware numbers come from a Cybereason’s April ransomware survey of 1,456 cyber security professionals. According to the gated report (registration required), victims that were successfully extorted were not only targeted a second time, but frequently data encrypted by criminals later became unusable during the decryption process because of corruption issues.
The fact that ransomware gangs strike so quickly a second and third time isn’t surprising, because they will try to profit in any possible way so why not hit the same company, demand a higher ransom, and get paid again?
https://threatpost.com/paying-ransomware-bullseye-back/179915/
Organisations Fix Only 1 in 10 Vulnerabilities Monthly
New research from SecurityScorecard features a couple of eye-popping “only” findings: Only 10 percent of vulnerabilities are remediated each month, and only 60 percent of companies have improved their security profile despite a 15-fold increase in the number of cyber incidents in the last three years.
That’s not good. The research, which sought to measure how long it took the 1.6 million organisations assessed to remediate vulnerabilities in the three-year period from 2019 to 2022, also found the following:
· 53% had at least one exposed vulnerability to the internet, while 22% of organisations amassed more than 1,000 vulnerabilities each, confirming more progress is required to protect organisations’ critical assets.
· The financial sector is among the slowest remediation rates (median to fix 50% = 426 days), while utilities ranked among the fastest (median = 270 days).
· Despite a 15-fold increase in exploitation activity for vulnerabilities with published exploit code, there was little evidence that organisations in the financial sector fixed exploited flaws faster.
· The IT sector (62.6%) and public sector (61.6%) had the highest prevalence of open vulnerabilities.
· The financial sector (48.6%) exhibited the lowest proportion of open vulnerabilities; however, there is less than a 10% difference between this and other sectors in terms of industries with the most open vulnerabilities.
· It typically takes organisations 12 months to remediate half of the vulnerabilities in their internet-facing infrastructure.
· When firms have fewer than 10 open vulnerabilities, it can take about a month to close just half of them, but when the list grows into the hundreds, it takes up to a year to reach the halfway point.
Cyber Attack Surface "Spiralling Out of Control"
Global organisations are still beset with cyber visibility and control challenges, with two-fifths (43%) admitting their digital attack surface is out of control as a result, according to new Trend Micro research.
The security vendor polled over 6200 IT and business decision-makers to compile its new study, ‘Mapping the digital attack surface: Why global organisations are struggling to manage cyber risk’.
It revealed that nearly three-quarters (73%) are concerned about the increasing size of their attack surface. Over a third (37%) said it is “constantly evolving and messy,” and just half (51%) thought they were able to fully define its extent.
These visibility challenges are greatest in cloud environments, although problems persist across the board. The report highlights complex supply chains, tool bloat and home working-driven shadow IT as additional contributory factors.
On average, respondents estimated having just 62% visibility of their attack surface.
https://www.infosecurity-magazine.com/news/cyberattack-surface-out-of-control/
Phishing Hits All-Time High in Q1 2022
The first quarter of 2022 saw phishing attacks hit a record high, topping one million for the first time, according to data from the Anti Phishing Working Group (APWG).
The industry, law enforcement and government coalition’s new Phishing Activity Trends Report also revealed that March was the worst month on record for phishing, with 384,291 attacks detected.
The financial sector was the worst hit, accounting for 24% of all detected attacks, although webmail and SaaS providers were also popular targets.
Attacks spoofing retailers dropped 17% from the previous quarter to 15% following the busy holiday shopping season, while those against social media services rose significantly, from nearly 9% percent of all attacks to 13% over the same period.
https://www.infosecurity-magazine.com/news/phishing-hits-all-time-high-q1/
Ransomware's ROI Retreat Will Drive More BEC Attacks
Law enforcement crackdowns, tighter cryptocurrency regulations, and ransomware-as-a-service (RaaS) operator shutdowns are driving down the return on investment for ransomware operations across the globe.
A presentation at the RSA Conference last week laid out analysis of the ransomware threat landscape, predicting that there will be a pivot from ransomware toward renewed interest in basic business email compromise (BEC) attacks in the next 6 to 12 months.
Ransomware attacks grab headlines and have been supercharged by a few prolific RaaS operators, but crackdowns on just one group can make an enormous dent.
Ransomware is a centralised ecosystem with small numbers of operators responsible for the majority of attacks.
The recent disappearance of Pysa, left just two groups, Conti and Lockbit, with more than 50% of the share of the total ransomware attacks in the first half of 2022. BEC groups, on the other hand, are diffuse and scattered, making them much harder to eradicate.
Although they're not as quick to make the headlines, BEC attacks have cost business more than $43 billion since 2016, according to the FBI, and make up $1 out of every $3 lost to cyber attacks, far outpacing ransomware losses.
Ransomware has had a moment over the past couple of years, in part because once threat actors were able to abandon arcane wire transfers to collect ransoms and rely on cryptocurrency, caps on transactions were lifted and it became simple to collect much larger amounts. But new crypto regulations are chilling the ability of these cyber criminals to rely on its infrastructure to do business, adding "friction" to the transactions.
BEC attacks, by comparison, rely on social engineering to corrupt a business's financial supply chain to get employees to willingly part with the cash, making them exponentially harder to track and stop.
The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber attacks not only can affect customers’ data, but they can impact service delivery.
Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).
Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.
For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.
Why Smishing and Vishing Attempts Surged In 2021
In The Human Factor Report 2022, security vendor Proofpoint found that SMS phishing (smishing) attacks more than doubled year-on-year in 2021. The report is based on their analysis of over 2.6 billion email messages, 49 billion URLs, 1.9 billion attachments, 28 million cloud accounts and 1.7 billion mobile messages.
The study details the most common attack surfaces and methods including categories of risk, vulnerabilities, attacks, Russian Aligned APT’s, and Privilege as a vector.
Key Findings:
Managers and executives make up only 10% of users, but almost 50% of the most severe attack risk
Attackers attempt to initiate more than 100,000 telephone-oriented attacks every day.
Malicious URLS are 3-4x more common than malicious attachments.
Smishing attempts more than doubled in the US over the year, while in the UK over 50% of lures are themed around delivery notification.
More than 20 million messages attempted to deliver malware linked to eventual ransomware attack
Data loss prevention alerts have stabilised as businesses adopt permanent hybrid work models.
80% of businesses are attacked by a compromised supplier account in any given month.
35% of cloud tenants that received a suspicious login also saw suspicious post-access activity.
Know Your Enemy! Learn How Cyber Crime Adversaries Get In…
Cyber security vendor Sophos dug into the incident reports of 144 real-life cyber attacks investigated by its Rapid Response team during 2021.
What they found might not surprise you, but it’s vital information nevertheless, because it’s what really happened, not merely what might have.
Notably:
Unpatched vulnerabilities were the entry point for close to 50% of the attackers.
Attackers stuck around for more than a month on average when ransomware wasn’t their primary goal.
Attackers were known to have stolen data in about 40% of incidents. (Not all data thefts can be proved, of course, given that there isn’t a gaping hole where your copy of the data used to be, so the true number could be much higher.)
RDP was abused to circumnavigate the network by more than 80% of attackers once they’d broken in.
Intriguingly, if perhaps unsurprisingly, the smaller the organisation, the longer the crooks had generally been in the network before anyone noticed and decided it was time to kick them out.
In businesses with 250 staff and below, the crooks stuck around (in the jargon, this is known by the quaintly archaic automotive metaphor of dwell time) for more than seven weeks on average.
This compared with an average dwell time of just under three weeks for organisations with more than 3000 employees.
As you can imagine, however, ransomware criminals typically stayed hidden for much shorter periods (just under two weeks, instead of just over a month), not least because ransomware attacks are inherently self-limiting.
After all, once ransomware crooks have scrambled all your data, they’re out of hiding and straight into their in-your-face blackmail phase.
https://nakedsecurity.sophos.com/2022/06/07/know-your-enemy-learn-how-cybercrime-adversaries-get-in/
Small Businesses Struggle with an Increase in Cyber Attacks
Part of the problem: They don’t believe they are targets, so they don’t make security a priority. Cyber attacks are becoming more common for small businesses, and many aren’t prepared to deal with an attack.
As small businesses have accelerated their adoption of new technologies for remote work, communication, production and sales during the pandemic, their expanded computer networks have created new vulnerabilities to phishing and ransomware attacks. But many small businesses still don’t expect to be targeted by hackers, so preparing for a cyber attack is well down their list of priorities.
https://www.wsj.com/articles/small-business-cyberattacks-increase-11654540786
Threats
Ransomware
Ransomware attacks have increased by 80% year-over-year - Help Net Security
How the Russia-Ukraine war makes ransomware payments harder | CSO Online
How Poor Communication Opens the Door to Ransomware and Extortion (darkreading.com)
Cuba ransomware returns to extorting victims with updated encryptor (bleepingcomputer.com)
Vice Society gang adds the Italian City of Palermo to its data leak site - Security Affairs
Qbot - known channel for ransomware - delivered via phishing and Follina exploit - Help Net Security
Black Basta Ransomware Targets ESXi Servers in Active Campaign (darkreading.com)
Mandiant: Cyber extortion schemes increasing pressure to pay (techtarget.com)
Roblox Game Pass store used to sell ransomware decryptor (bleepingcomputer.com)
Costa Rican government held up by ransomware … again • The Register
BEEF ALERT: Ransomware Group Very Mad at Being Associated with Lavish Russian Hackers (vice.com)
Ransomware Pressure Forcing UK CISOs to Consider Quitting - Infosecurity Magazine
BEC – Business Email Compromise
Phishing & Email Based Attacks
Evasive phishing mixes reverse tunnels and URL shortening services (bleepingcomputer.com)
Proofpoint: We Block Up to Two Million Extortion Emails Daily - Infosecurity Magazine
Massive Facebook Messenger phishing operation generates millions (bleepingcomputer.com)
Facebook phishing campaign nets millions in IDs and cash • The Register
Other Social Engineering
Malware
Symantec sees more malware operators exploiting Follina • The Register
Potent Emotet Variant Spreads Via Stolen Email Credentials | Threatpost
Symbiote Malware Poses Stealthy, Linux-Based Threat to Financial Industry (darkreading.com)
This advanced new malware strain leaves you practically defenceless | TechRadar
MacOS malware attacks slipping through the cracks (techtarget.com)
11 infamous malware attacks: The first and the worst | CSO Online
9 types of computer virus and how they do their dirty work | CSO Online
Mobile
IoT
New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing (thehackernews.com)
How to Compromise a Printer in Three Simple Steps | CrowdStrike
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users (thehackernews.com)
7 NFT Scams That Could Be Targeting Your Brand (darkreading.com)
Hackers stole +$250,000 in Ethereum from Bored Ape Yacht ClubSecurity Affairs
Fraud, Scams & Financial Crime
Pandemic-related identity fraud: How serious is it? - Help Net Security
Apple Release 2021 Fraud Prevention Analysis- IT Security Guru
AML/CFT/Sanctions
Insurance
Dark Web
Software Supply Chain
82% of CIOs believe their software supply chains are vulnerable - Help Net Security
Boards, CEOs demand software supply chain security improvements - Help Net Security
Denial of Service DoS/DDoS
Cloud/SaaS
Cloud Security Tops Ransomware As Primary RSA Conference Attendee Concern - MSSP Alert
Only 13.5% of IT pros have mastered security in the cloud native space - Help Net Security
OMIGOD: Cloud providers still using secret middleware • The Register
Attack Surface Management
Open Source
Privacy
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones (thehackernews.com)
New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing (thehackernews.com)
Parental Controls and Child Safety
Law Enforcement Action and Take Downs
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
“Cyber Spetsnaz” is Attacking Government Agencies - Security Affairs
Russian Ministry Website Reportedly Hacked- IT Security Guru
Ordinary Ukrainians wage war with digital tools and drones | Financial Times (ft.com)
Ukraine's secret cyber-defence: Excellent backups • The Register
Major DDoS attacks increasing after invasion of Ukraine (techtarget.com)
Nation State Actors
Nation State Actors – Russia
Russia escalates threats against West in response to cyber attacks - CyberScoop
Russia, China, oppose US cyber support of Ukraine • The Register
Nation State Actors – China
Russia, China, oppose US cyber support of Ukraine • The Register
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade (bleepingcomputer.com)
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA
US: Chinese govt hackers breached telcos to snoop on network traffic (bleepingcomputer.com)
Nation State Actors – Iran
Microsoft seized 41 domains used by Iran-linked Bohrium APT - Security Affairs
Iranian hackers target energy sector with new DNS backdoor (bleepingcomputer.com)
Nation State Actors – Misc APT
Vulnerability Management
Vulnerabilities
Windows zero-day exploited in US local govt phishing attacks (bleepingcomputer.com)
DogWalk zero-day Windows bug receives patch - but not from Microsoft (bitdefender.com)
Chrome 102 Update Patches High-Severity Vulnerabilities | SecurityWeek.Com
NSA, FBI warning: Hackers are using these flaws to target VPNs and network devices | ZDNet
Ubuntu Users Get a Massive Linux Kernel Update, 35 Security Vulnerabilities Patched - 9to5Linux
Critical U-Boot Vulnerability Allows Rooting of Embedded Systems | SecurityWeek.Com
Sector Specific
Financial Services Sector
Telecoms
US: Chinese govt hackers breached telcos to snoop on network traffic (bleepingcomputer.com)
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA
Health/Medical/Pharma Sector
Healthcare-specific cyber security problems and how to address them - Help Net Security
Data for 2 million patients stolen in largest healthcare breach so far of 2022 (scmagazine.com)
Retail/eCommerce
Energy & Utilities
Iranian hackers target energy sector with new DNS backdoor (bleepingcomputer.com)
US Water Utilities Prime Cyber Attack Target, Experts | Threatpost
Education and Academia
Reports Published in the Last Week
Other News
This hacking group quietly spied on their targets for 10 years | ZDNet
Identity-based Attacks and Living-of-the-land Tactics Represent Top Threats - MSSP Alert
Over Half of CISOs Struggling for Board Investment - Infosecurity Magazine
Cisco EVP: Cyber security poverty line is human-rights issue • The Register
Top three most critical areas of web security - Help Net Security
How the Colonial Pipeline attack has changed cyber security | CSO Online
Five Eyes alliance’s top cop: tech is the future of Policing • The Register
An Emerging Threat: Attacking 5G Via Network Slices (darkreading.com)
How AI Is Useful — and Not Useful — for Cyber security (darkreading.com)
Only 43% of security pros can respond to critical alerts in less than an hour - Help Net Security
Now Is the Time to Plan for Post-Quantum Cryptography (darkreading.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber are back in Jersey 26 & 27 May - contact us to arrange a meeting
Black Arrow are back in Jersey on 26 and 27 May, we have a few time slots available if anyone wanted to discuss their cyber security risk and governance requirements. Email contact@blackarrowcyber.com or call 01481 711 988 to set up a meeting.
Black Arrow move to dedicated offices in the Pollet, over three floors with Guernsey's only dedicated cyber training suite, in the centre of Town
Black Arrow are pleased to announce we are now in our new dedicated offices at 31-33 Le Pollet, St Peter Port, Guernsey, GY1 1WQ. Spread over three floors, and with Guernsey's only dedicated cyber training suite, right in the the centre of Town. Talk to us today to discuss your user education and awareness training needs or any of the other services we offer to see how we can help you:
-Cyber Security Strategy
-Cyber Risk Management
-Incident Response
-Threat Intelligence
-Cyber Security Gap Analysis
-Virtual Chief Information Security Office (vCISO)
-Cyber Readiness Exercises and Simulations
Black Arrow Cyber Threat Briefing 12 February 2021
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Stories of the Last Week
2020 Sees Ransomware Increase By Over 400 Percent
A new study from Cyber Security company, finds that last year malware increased by 358 percent overall and ransomware increased by 435 percent as compared with 2019. The report which analyzes millions of attacks taking place across the year finds distribution of the Emotet malware skyrocketed by 4,000 percent, while malware threats attacking Android phones increased by 263 percent. July saw the largest increase in malicious activity, up by 653 percent compared with the previous year. Microsoft Office documents are the most manipulated document attack vector and these attacks were up by 112 percent.
https://betanews.com/2021/02/10/ransomware-increase-400-percent/
Remote Desktop Protocol Attacks Surge By 768%
Remote desktop protocol (RDP) attacks increase by 768% between Q1 and Q4 last year, fuelled by the shift to remote working. However, a slower rate of growth was observed in the final quarter of the year, indicating that organizations have enhanced their security for remote users.
https://www.infosecurity-magazine.com/news/remote-desktop-protocol-attacks/
Even Minor Phishing Operations Can Distribute Millions Of Malicious Emails Per Week
Even small-scale phishing campaigns are capable of distributing millions and millions of malicious emails to victims around the world, according to a new report. Describing the most popular styles of phishing attack, criminal today rely on fast-churning campaigns. They create a single phishing email template (usually in English) and send it out to anywhere between 100 and 1,000 targets.
With One Update, This Malicious Android App Hijacked Millions Of Devices
With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices. Lavabird Ltd.'s Barcode Scanner was an Android app that had been available on Google's official app repository for years. The app, accounting for over 10 million installs, offered a QR code reader and a barcode generator -- a useful utility for mobile devices.
Cd Projekt Hit By Ransomware Attack, Refused To Pay Ransom, Data Reportedly Sold Off By Hackers
Polish video game maker CD Projekt, which makes Cyberpunk 2077 and The Witcher, has confirmed it was hit by a ransomware attack. In a statement posted to its Twitter account, the company said it will “not give in nor negotiate” with the hackers, saying it has backups in place. “We have already secured our IT infrastructure and begun restoring data,” the company said.
https://techcrunch.com/2021/02/09/cd-projekt-red-hit-by-ransomware-attack-refuses-to-pay-ransom/
Hacked Florida Water Plant Used Shared Passwords And Windows 7 PCs
The Oldsmar, Florida water plant hacked earlier this week used outdated Windows 7 PCs and shared passwords, the Associated Press has reported. A government advisory also revealed that the relatively unsophisticated attack used the remote-access program TeamViewer. However, officials also said that the hacker’s attempt to boost chemicals to dangerous levels was stopped almost immediately after it started.
Top Web Hosting Provider Shuts Down Following Cyber Attack
Cybercriminals often attack websites in order to extort a ransom from their victims but a recent cyberattack against the web hosting company No Support Linux Hosting took quite a different turn. After a hacker managed to breach the company's internal systems and compromise its entire operation, No Support Linux Hosting has announced that it is shutting down. The company alerted its customers to the situation before shutting down its website in a message.
https://www.techradar.com/news/top-web-hosting-provider-shuts-down-following-cyberattack
High Demand For Hacker Services On Dark Web Forums
Nine in 10 (90%) users of dark web forums are searching for a hacker who can provide them with a particular resource or who can download a user database. This is according to new research by Positive Technologies, which analyzed activity on the 10 most prominent forums on the dark web, which offer services such as website hacking and the buying/selling of databases. The study highlights the growing demand for hackers’ services and stolen data, exacerbated by the increased internet usage by both organizations and individuals since the start of COVID-19.
https://www.infosecurity-magazine.com/news/demand-hacker-services-dark-web/
Facebook Phishing Campaign Tricked Nearly 500,000 Users In Two Weeks
A recent investigation uncovered a large scale phishing operation on Facebook. The Facebook phishing campaign is dangerous and targets user personal information. The phishing scam “Is that you” currently on Facebook has been around in multiple forms for years. The whole trouble starts with a “friend” sending you a message claiming to have found a video or image with you in it. The message is usually a video and after clicking, it takes you through a series of websites. These websites have malicious scripts that get your location, device type, and operating system.
Hackers Are Tweaking Their Approach To Phishing Attacks In 2021
Cyber criminals are a creative bunch, constantly coming up with new ways to avoid detection and advance their sinister goals. A new report from cyber security experts at BitDam describes a few fresh techniques used in the wild so far in 2021. According to the report, email protection solutions tend to trust newly created email domains that are yet to be flagged as dangerous. Criminals are now increasingly exploiting this fact to increase the chances that phishing, and malware emails make it into victims' inboxes.
https://www.itproportal.com/news/hackers-are-tweaking-their-approach-to-phishing-attacks-in-2021/
Threats
Ransomware
Researchers identify 223 vulnerabilities used in recent ransomware attacks (Potential headline)
This old form of ransomware has returned with new tricks and new targets
Phishing
Malware
Mobile
IOT
Vulnerabilities
Attackers Exploit Critical Adobe Flaw to Target Windows Users
Microsoft issues emergency fix for Wi-Fi foul-up delivered hot and fresh on Patch Tuesday
Data Breaches
Organised Crime
Supply Chain
Nation-State Actors
Android spyware strains linked to state-sponsored Confucius threat group
'BendyBear' APT malware linked to Chinese government hackers
Microsoft to alert Office 365 users of nation-state hacking activity
Privacy
Reports Published in the Last Week
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Happy and Safe Christmas Wishes from the Team at Black Arrow Cyber
Wishing all customers old and new a Very Happy and Safe Christmas
Can you have too much security? Cyber Tip Tuesday for 18 August 2020
Surely more security is always better right? Surely you can’t have too much? Maybe not - find out more
Note to Channel Islands firms on media coverage on the increased risk of cyber attacks from Iran
There has been extensive coverage in both tech and mainstream media warning about the possibility of revenge cyber attacks by Iran following the targeted killing of Iranian General Qasem Soleimani by the United States last week.
Whilst there is a chance that Iran will attack the US and her allies, firms in the West need to consider their threat models and whether or not Iranian interests intersect with their business operations.
Unless a local Channel Islands firm is providing high profile services directly to the US, or otherwise would have operations significant enough to be directly targeted by Iran, it is unlikely there is much danger to Channel Islands firms specifically from the Iranians as a result of this assassination.
Nation State actors do pose an ongoing threat to businesses across the Channel Islands and good cyber hygiene should be followed to guard against by Nation States, and any other malicious actors wanting to cause you harm.
If you have any specific concerns or if you want to discuss your existing defensive capabilities please contact us.
Week in review 05 January 2020 - December breaches, worst passwords, Travelex taken offline, IoT security stinks, Iran revenge cyber attacks expected on US
Week in review 05 January 2020 - December breaches, worst passwords, Travelex taken offline, IoT security stinks, Iran revenge cyber attacks expected on US
Week in review 05 January 2020 - Round up of the most significant open source stories of the last week, December breaches, worst passwords, Travelex taken offline, IoT security stinks, Iran revenge attacks expected on US
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Welcome to our first blog post of 2020:
List of data breaches and cyber attacks in December 2019 – 627 million records breached
The new year – and new decade – is underway, but before saying goodbye to 2019, ITGovernance had one more monthly round-up to get to.
December saw 90 disclosed data breaches and cyber attacks, with 627,486,696 records being compromised. That’s about a third of the average monthly total, although the number of incidents has climbed steadily throughout the year.
Refer to the original article for the full list of December’s incidents: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-december-2019
These are officially the worst passwords of 2019
SplashData has released its annual list of the most commonly-used passwords across the world, uncovering that old security habits really do die hard.
The security firm investigated over five million leaked passwords over the past twelve months, and found that many of the most common logins would be easy to guess for even the most incompetent hackers.
In perhaps the most surprising news, "password" has for the first time been knocked out of the top two spots, being replaced by the painfully simple "123456" and "123456789".
SplashData estimates almost 10 percent of people have used at least one of the 25 worst passwords on this year’s list, with nearly three percent using "123456".
Here are the so-called "worst passwords of 2019"
123456
123456789
qwerty
password
1234567
12345678
12345
iloveyou
111111
123123
Read the original article here: https://www.techradar.com/uk/news/these-are-officially-the-worst-passwords-of-2019
Hacks and Breaches of 2019: A Year in Review
SecurityBoulevard have a review of the biggest hacks and breaches from 2019, including Fortnite in January, WhatsApp from May, Facebook from April, Amazon Web Services from July and Zynga from September.
Read the full article here: https://securityboulevard.com/2020/01/hacks-and-breaches-of-2019-a-year-in-review/
US based Company shuts down because of ransomware, leaves 300 without jobs just before holidays
An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn't go according to plan following a ransomware incident that took place at the start of October 2019.
Employees of Sherwood-based telemarketing firm The Heritage Company were notified of the decision just days before Christmas, via a letter sent by the company's CEO.
Speaking with local media, employees said they had no idea the company had even suffered a ransomware attack, and the layoffs were unexpected, catching many off guard.
This shows how devastating ransomware attacks can be on businesses of all sizes.
Read the original article here: https://www.zdnet.com/article/company-shuts-down-because-of-ransomware-leaves-300-without-jobs-just-before-holidays/
Travelex site taken offline after cyber attack
The foreign-currency seller Travelex had to suspend some of its services to protect data since the firm suffered from a ‘software virus attack’ on New Year's Eve.
The company has resorted to carrying out transactions manually, providing foreign-exchange services over the counter in its branches.
A spokesman stated the firm is doing all it can to restore full services as soon as possible
More from the BBC here: https://www.bbc.com/news/business-50977582
After latest hack, experts say smart home security systems stink at securing data
Another day, another smart home camera system security hack, this one affecting the Seattle-based company Wyze. First reported by a Texas-based cybersecurity firm and confirmed by Wyze, the hack is estimated to have affected 2.4 million customers who had their email addresses, the emails of anyone they ever shared camera access with, a list of their cameras, the last time they were on, and much more information exposed. Some customers even had their health data leaked.
Wyze is a home camera system similar to Amazon’s Ring that’s more economical: Wyze’s products are about a third of Amazon’s Ring. Both companies have now experienced at least one kind of major breach — either a hack or a leak — that should raise the eyebrows of anyone considering purchasing this type of home security.
Read the full article here: https://www.digitaltrends.com/news/wyze-data-hack-protection/
Iran 'revenge' could come in the form of cyber-attacks, experts warn
The US assassination of Qassem Suleimani has increased the likelihood of protracted cyber-hostilities between the US and Iran could escalate into true cyberwarfare.
With tensions mounting and Iran threatening “severe revenge” over the killing, concerns have arisen that blowback could come in the form of hacking attacks on critical infrastructure sectors, which include the power grid, healthcare facilities, banks and communications networks.
Iran has invested heavily in its cyber-attack forces since the Stuxnet attack in 2010 – which saw the US and Israel degrade Iran’s nuclear capabilities by means of a computer virus. It has demonstrated its capabilities with attacks on US banks and a small dam, and the US has countered with attacks on an Iranian intelligence group and missile launchers.
There is a danger attacks by Iran against the US spread to other targets in the West and we will continue to monitor any developments.
Read the original article here: https://www.theguardian.com/world/2020/jan/03/iran-cyberattacks-experts-us-suleimani
Black Arrow Cyber Tip Tuesday - Looking to 2020 and increased focus on cyber by the GFSC for all regulated financial service firms
Black Arrow Cyber Tip Tuesday - Looking to 2020 and increased focus on cyber by the GFSC for all regulated financial service firms in the Bailiwick
Welcome to the final Cyber Tip Tuesday of the year, on this the last day of 2019.
As we look back over the last twelve months, the most significant thing, at least as far as regulated financial services firms in the Bailiwick are concerned, is that the GFSC is putting a lot more focus on, and changing the ways it is assessing, cyber risk - both in terms of operational risk and governance risk.
The Commission will be putting new regulations out to public consultation in the new year, but firms need to think about getting on the front foot and consider whether they are doing all they should be doing in relation to cyber security.
We know what the Commission will be looking for as we were directly involved in the thematic review that led to these new regulations, and provided direction for the regulations themselves and the changes to the way firms will be assessed as part of ongoing supervision.
Talk to us to see how we can help you to ensure that you have appropriate protections and controls in place and to help you meet the new regulations when they come into force.
Have a happy, safe and secure 2020
Week in review 29 December 2019 Round up of the most significant open source stories of the last week
Black Arrow Cyber Security review of top open source news articles for week ending 29 December 2019: 10 biggest hacks of the decade, biggest malware threats, MI6 floorplans lost, Citrix vulnerabilities, popular chat app actually spying tool, jobs in infosec
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Consulting would like to wish everyone a happy, prosperous, and cyber safe, 2020
A bit of a quiet week as one would expect with Christmas festivities. As it’s the end of the year, and indeed the end of a decade, there are lots of round ups of the last year and the last decade, and a lot of predictions for what 2020 will hold (we suspect more bad stuff, more ransomware and more devious and nasty strains of ransomware at that, and more breaches) and in that vein on to our first story:
The 10 biggest data hacks of the decade
This article comes from CNBC in the US and whilst the content is US centric a lot of people on this side of the Atlantic would have been caught up in a lot of these breaches too.
Since 2010, data breaches have exposed over 38 billion records, and there have been at least 40,650 data hacks in this time. And while many were smaller data breaches, there were a few mega hacks that will likely remain records for years to come.
Amongst the biggest breaches are:
UnderArmour (MyFitnessPal), from March 2018 with 143.6 million records hacked
Equifax from September 2017 with 147 million records hacked
Marriott (Starwood) from November 2018 with 383 million records hacked
Veeam from September 2018 with 445 million records hacked
Yahoo! from September and December 2016 with up to 3 billion records hacked
There have been many other breaches affecting other companies, such as WhatsApp and Fortnite, who have reported security flaws in the past year that could have exposed millions of customers’ data, but the extent of the accessed data has not yet been fully ascertained.
Read the full article here: https://www.cnbc.com/2019/12/23/the-10-biggest-data-hacks-of-the-decade.html
Live visualisations of the World’s Biggest Data Breaches and Hacks can be found anytime by clicking here or on the image below: https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Biggest Malware Threats of 2019
2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.
One out of five computer users were subject to at least one malware-class web attack in 2019. This past year cities such as New Orleans were under ransomware siege by the likes of malware Ryuk. Zero-day vulnerabilities were also in no short supply with targets such as Google Chrome and Operation WizardOpium.
Threatpost have taken a look back over their coverage from the last 12 months.
Remote desktop protocol vulnerabilities BlueKeep, and then DejaBlue, allowed unauthenticated, remote attackers to exploit and take complete control of targeted endpoints. The fear of BlueKeep and its wormable potential to mimic the WannaCry forced Microsoft’s hand to patch systems as old as Windows XP and Windows 2000.
This past year had its fair share of zero-day vulnerabilities. One of the most prominent of the zero days was Urgent/11, impacting 11 remote code execution vulnerabilities in the real-time OS VxWorks. Because of VxWorks use in so many critical infrastructure devices, the U.S. Food and Drug Administration took the unusual step and released a warning, urging admins to patch.
We were warned last year when mitigating against Meltdown and Spectre that we would face more side-channel related CPU flaws in the future. And this year we did, with variants ranging from ZombieLoad to Bounds Check Bypass Store, Netspectre and NetCAT. For 2020? Expect even more variants, say experts.
2019 was the year ransomware criminals turned their attention away from consumers and started focusing on big targets such as hospitals, municipalities and schools. There was the Ryuk attack against New Orleans, Maze ransomware behind Pensacola attack and rash of attacks against hospitals that resulted in some care facilities turning patients away.
Botnets continued to be a key tool in cyberattacks in 2019. This past year saw the return of the notorious Emotet botnet. Crooks behind Trickbot partnered with bank trojan cybercriminals from IcedID and Ursif. Lastly, Echobot, an IoT botnet, casts a wider net in 2019 with raft of exploit additions.
Perhaps the highest-profile cryptominer attack occurred in May when researchers found 50,000 servers were infected for over four months as part of a high-profile cryptojacking campaign featuring the malware Nansh0u. The past year also saw a new XMRig-based cryptominer called Norman emerge, which stood apart because of its clever ability to go undetected.
Even though the target is smaller, mobile devices offer criminals top-tier data. Not only are APTs shifting focus on mobile, but so are garden-variety crooks. Take, for example, the Anubis mobile banking trojan that only goes into action after it senses the targeted device is in motion. Then there was the Instagram-initiated campaign using the Gustuff Android mobile banking trojan that rolled out in October.
Google’s Project Zero, in August, found 14 iOS vulnerabilities in the wild since September 2016. According to Google's Threat Analysis Group (TAG) the flaws could allow malware easily steal messages, photos and GPS coordinates. These flaws highlighted five exploit chains in a watering hole attack that has lasted years. Google said malware payload used in the attack is a custom job, built for monitoring.
In May, researchers uncovered a unique Linux-based malware dubbed HiddenWasp that targeted systems to remotely control them. The malware is believed to be used as part of a second-stage attack against already-compromised systems and is composed of a rootkit, trojan and deployment script.
Discussing malware without touching on business email compromise-based attacks would be like talking about the New England Patriots without mentioning Tom Brady. Fake Greta Thunberg emails used to lure victims to download Emotet malware. Of course the Swedish climate-change activist was just one of the lures that in 2018 contributed to 351,000 scams with losses exceeding $2.7 billion.
Read the original article here: https://threatpost.com/biggest-malware-threats-of-2019/151423/
7 types of virus – a short glossary of contemporary cyberbadness
Technically, this article is about malware in general, not about viruses in particular.
These days, however, the crooks don’t really need to program auto-spreading into their malware – thanks to always-on internet connectivity, the “spreading” part is easier than ever, so that’s one attention-grabbing step the crooks no longer need to use.
But the word virus has remained as a synonym for malware in general, and that’s how we’re using the word here.
So, for the record, here are seven categories of malware that give you a fair idea of the breadth and the depth of the risk that malware can pose to your organisation.
Read the full article here: https://nakedsecurity.sophos.com/2019/12/28/7-types-of-virus-a-short-glossary-of-contemporary-cyberbadness/
MI6 floor plans lost by building contractor
Floor plans of MI6's central London headquarters were lost by building contractors during a refurbishment.
The documents, most of which were recovered inside the building, held sensitive information on the layout, including entry and exit points.
Balfour Beatty, the company working on the refurbishment at the headquarters in Vauxhall, is reportedly no longer working on the project.
The Foreign Office said it did not comment on intelligence matters.
The documents, which went missing a few weeks ago, were produced and owned by Balfour Beatty and designed to be used for the refurbishment.
The contractor kept the plans on the site at Vauxhall Cross in a secure location.
BBC security correspondent Gordon Corera said the missing plans were not classified or intelligence documents, but the pages did hold sensitive details.
Most, but not all, of the documents were recovered inside the building after it was noticed they were missing, he said.
Balfour Beatty said it could not comment because of sensitivities.
The incident, first reported by the Sun newspaper, is reportedly a result of carelessness, rather than any hostile activity.
Read the original article here: https://www.bbc.co.uk/news/uk-50927854
Citrix vulnerability allowed criminals to hack 80,000 companies
Researchers have found a vulnerability in popular enterprise software offerings from Citrix which puts tens of thousands of companies at risk of cyber attack.
A security researcher uncovered a critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway), which allows direct access to a company network from the internet.
According to a report on the flaw, around 80,000 companies in 158 countries around the world could be at risk. Most companies are located in the US, with the UK, Germany, the Netherlands and Australia sharing a significant portion.
Read the full article here: http://www.itproportal.com/news/citrix-vulnerability-allows-criminals-to-hack-80000-companies
Popular chat app ToTok is actually a spying tool of UAE government – report
A chat app that quickly became popular in the United Arab Emirates for communicating with friends and family is actually a spying tool used by the government to track its users, according to a New York Times report.
The government uses ToTok to track conversations, locations, images and other data of those who install the app on their phones, the Times reported, citing US officials familiar with a classified intelligence assessment and the newspaper’s own investigation.
The Emirates has long blocked Apple’s FaceTime, Facebook’s WhatsApp and other calling apps. Emirati media has been playing up ToTok as an alternative for expatriates living in the country to call home to their loved ones for free.
The Times says ToTok is a few months old and has been downloaded millions of times, with most of its users in the Emirates, a US-allied federation of seven sheikhdoms on the Arabian peninsula. Government surveillance in the Emirates is prolific, and the Emirates long has been suspected of using so-called “zero day” exploits to target human rights activists and others. Zero days exploits can be expensive to obtain on the black market because they represent software vulnerabilities for which fixes have yet to be developed.
The Times described ToTok as a way to give the government free access to personal information, as millions of users are willingly downloading and installing the app on their phones and unknowingly giving permission to enable features.
As with many apps, ToTok requests location information, purportedly to provide accurate weather forecasts, according to the Times. It also requests access to a phone’s contacts, supposedly to help users connect with friends. The app also has access to microphones, cameras, calendar and other data.
Read the full article here: https://www.theguardian.com/world/2019/dec/23/totok-popular-chat-app-spying-tool-uae-government
Jobs in Information Security (InfoSec)
For anyone considering a career in cyber or information security (infosec) there is a useful article detailing different roles and different potential areas of work in this field.
We also run a free mentoring program for anyone either looking to move into cyber security or currently in a cyber security role wanting to progress their careers. Contact us for more information.
Read the article here: https://medium.com/bugbountywriteup/jobs-in-information-security-infosec-93a5efc12ca2
Black Arrow Cyber Tip Tuesday - Christmas Eve 2019 - Christmas Giving
Welcome to a special Christmas Eve 2019 Black Arrow Cyber Tip Tuesday. Christmas is a time for giving so we thought it would be an ideal time to mention the services we give free of charge to help protect Guernsey and the local community. 1. Mentoring - anyone looking to move into cyber or already in cyber wanting to progress their careers can join our mentoring program for a number of one to one meetings to see where our experience and guidance can help them get started or 2. Free 30 minute chats for Startups and Entrepreneurs - new startups and entrepreneurs can ask us for a free 30 minute consultation to help ensure they are getting the fundamentals of cyber security in place to protect their growing businesses. 3. Free pro bono advisory services for charities and non-profits - we provide one day a month to charities in Guernsey to help them take appropriate steps and implement the most cost effective measures, where possible utilising no or low cost solutions, to protect themselves. Black Arrow Cyber Consulting wishes everyone a Happy Christmas and a safe, secure and prosperous 2020
Welcome to a special Christmas Eve 2019 Black Arrow Cyber Tip Tuesday.
Christmas is a time for giving so we thought it would be an ideal time to mention the services we give free of charge to help protect Guernsey and the local community.
Mentoring: if you are looking to start or progress your career in cyber security, you could be eligible for our mentoring program consisting of a rolling series of one to one meetings to see where our experience and guidance can help you.
Free 30 minute chats for Startups and Entrepreneurs: a free 30 minute consultation for new startups and entrepreneurs to help ensure they are getting the fundamentals of cyber security in place to protect their growing business.
Free pro bono advisory services for charities and non-profits: we are giving one day every month to support those that support our communities in Guernsey, to help them protect themselves, using where possible, or where appropriate, low or no cost solutions.
Black Arrow Cyber Consulting wishes everyone a Happy Christmas and a safe, secure and prosperous 2020
Happy Christmas
Black Arrow Cyber Consulting would like to wish everyone a very Happy Christmas! Whilst enjoying the festivities just bear in mind that the bag guys don’t stop and cyber attacks typically increase around this time of year.
Week in review 22 December 2019 - ransomware changes, Christmas scams, Microsoft Office apps hit, predictions for 2020
Week in review 22 December 2019 - ransomware changes, Christmas scams, Microsoft Office apps hit, predictions for 2020
Week in review 22 December 2019
Round up of the most significant open source stories of the last week
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Consulting would like to wish customers old and new a Very Happy Christmas and a happy, prosperous, and cyber safe, 2020
Christmas malware spreading fast: Protect yourself now
Holiday party invitations may infect your PC
It's time for ugly Christmas sweaters — and for ugly Christmas-themed malicious spam emails.
A new malspam campaign dumps an email in your inbox marked "Christmas Party," "Christmas Party next week," "Party menu," "Holiday schedule" or something similar. But the attached Word document delivers a lump of coal: the notorious Emotet Trojan malware.
"HAPPY HOLIDAYS," begins the email, as spotted by researchers. "I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know.
"Don't forget to get your donations in for the money tree," the email adds. "Also, wear your tackiest/ugliest Christmas sweater to the party." Sometimes it adds, "Details in the attachment."
More here: https://www.tomsguide.com/news/ugly-christmas-emails-give-the-gift-of-malware
Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up
As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.
The cyber criminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.
“Represented here companies dont wish to cooperate with us, and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!”
Researchers were able to verify that at least one of the companies listed on the site indeed recently suffered from a Maze ransomware infestation that has not yet been reported in the news media.
The information disclosed for each Maze victim includes the initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by Maze.
As shocking as this new development may be to some, it’s not like the bad guys haven’t warned us this was coming.
Read the full article here: https://securityboulevard.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
Ransomware: The number of victims paying up is on the rise, and that's bad news
The number of organisations that are giving into the extortion demands of cyber criminals after falling victim to ransomware attacks has more than doubled this year.
A rise in the number of ransomware attacks in the past year has contributed to to the increased number of organisations opting to pay a ransom for the safe return of networks locked down by file-encrypting malware.
That's according to figures in the newly released 2019 CrowdStrike Global; Security Attitude Survey, which said the total number of organisations around the world that pay the ransom after falling victim to a supply-chain attack has more than doubled from 14% of victims to 39% of those affected.
In the UK specifically, the number of organisations that have experienced a ransomware attack and paid the demanded price for the decryption key stands at 28% – double the 14% figure of the previous year.
Read the full article here: https://www.zdnet.com/article/ransomware-the-number-of-victims-paying-up-is-on-the-rise-and-thats-bad-news/
Microsoft Office apps hit with more cyber attacks than ever
New reports have claimed Microsoft Office was the most commonly exploited application worldwide as of the the third quarter of this year.
Researchers found that Microsoft Office solutions and applications were the target of exactly 72.85 percent of cyber exploits this year according to the firm's research.
However, cyber criminals also targeted web browsers with 13.47 percent of the total number of exploits, Android (9.09 percent), Java (2.36 percent), and Adobe Flash (1.57 percent).
Read the full article here: https://www.techradar.com/uk/news/microsoft-office-apps-hit-with-more-cyberattacks-than-ever
Inconsistent password advice could increase risk of cyber attacks
New research suggests that ‘inconsistent and misleading’ password meters seen on various websites could increase the risk of cyber attacks.
The study, led by researchers at the University of Plymouth, investigated the effectiveness of 16 password meters that people are likely to use or encounter on a regular basis.
It tested 16 passwords against the various meters, with 10 of them being ranked among the world’s most commonly used passwords (including ‘password’ and ‘123456’).
Of the 10 explicitly weak passwords, only five of them were consistently scored as such by all the password meters, while ‘Password1!’ performed far better than it should do and was even rated strongly by three of the meters.
However, the team at Plymouth said one positive finding was that a browser-generated password was consistently rated strong, meaning users can seemingly trust these features to do a good job.
Cyber security predictions for 2020: 45 industry experts have their say
Cyber security is a fast-moving industry, and with a new decade dawning, the next year promises new challenges for enterprises, security professionals and workers. But what predictions do experts have for cybersecurity in 2020?
Verdict.co.uk heard from 45 experts across the field of cybersecurity about their predictions for 2020, from new methods and targets to changing regulation and business practices.
Read the full list of predictions here: https://www.verdict.co.uk/cybersecurity-predictions-2020/
This ‘grab-bag’ hacking attack drops six different types of malware in one go
'Hornet's Nest' campaign delivers a variety of malware that could create a nightmare for organisations that fall victim to attacks, warn researchers.
A high-volume hacking campaign is targeting organisations around the world with attacks that deliver a 'grab-bag' of malware that includes information-stealing trojans, a remote backdoor, a cryptojacker and a cryptocurrency stealer.
Uncovered by researchers at Deep Instinct, the combination of the volume of attacks with the number of different malware families has led to the campaign being named 'Hornet's Nest'.
The attacks are suspected to be offered as part of a cybercrime-as-a-service operation with those behind the initial dropper, which researchers have dubbed Legion Loader, leasing out their services to other criminals.
Clues in the code point to the Legion Loader being written by a Russian-speaker – and researchers note that the malware is still being worked on and updated. Attacks using the loader appear to be focused on targets in the United States and Europe.
Read the full article here: https://www.zdnet.com/article/this-grab-bag-hacking-attack-drops-six-different-types-of-malware-in-one-go/
Tiny band of fraud police left to deal with third of all crime
Only one in 200 police officers is dedicated to investigating fraud despite it accounting for more than a third of all crimes, The Times revealed.
Most forces have less than half of 1 per cent of their officers allocated to fraud cases and some have none at all, according to figures disclosed under the Freedom of Information Act. In some areas the number of officers tackling fraud has fallen significantly.
Amid a surge in online and cold-calling scams, there were 3.8 million incidents of fraud last year, more than a third of all crimes in England and Wales. Victims are increasingly targeted online and can lose their life savings. However, as few as one in 50 fraud reports leads to a “judicial outcome” such as a suspect being charged.
Last night police bosses said the failure to investigate the cases was due to budget cuts and “poor government direction” and the situation had become a national emergency. Boris Johnson has pledged to “make the streets safer” by recruiting an extra 20,000 police officers but there are concerns that victims of fraud will continue to be failed.
Read the original article here: https://www.thetimes.co.uk/article/less-than-1-of-police-officers-target-fraud-kf6d37qfz
IT worker with a grudge jailed for cyber attack that shut down network for 12 hours
A contractor with a grudge over the handling of an incident in Benidrom has been jailed for carrying out a revenge cyber attack. Scott Burns, 27, was unhappy with the way a disciplinary matter against him by Jet2 was dealt with so decided to cause harm. The attack led to the company’s computer network being shut down for 12 hours and it was only thanks to a fast-thinking colleague that a ‘complete disaster’ was avoided. Burns’s attack cost the company £165,000 in lost business, Leeds Crown Court was told. Jailing Burns for 10 months, Judge Andrew Stubbs QC heard how the motive was revenge because Burns was unhappy about how Jet2 dealt with a disciplinary matter against him relating to an incident at a ‘roadshow in Benidorm’ in 2017. No further details of the incident were outlined in court.
Read more here: https://metro.co.uk/2019/12/20/worker-grudge-jailed-cyber-attack-shut-network-12-hours-11937687/
30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world
In December 1989 the world was introduced to the first ever ransomware - and 30 years later ransomware attacks are now at crisis levels.
Ransomware has been one of the most prolific cyber threats facing the world throughout 2019, and it's unlikely to stop being a menace any time soon.
Organisations from businesses and schools to entire city administrations have fallen victim to network-encrypting malware attacks that are now demanding hundreds of thousands of dollars in bitcoin or other cryptocurrency for the safe return of the files.
While law enforcement recommends that victims don't give into the demands of cyber criminals and pay the ransom, many opt to pay hundreds of thousands of dollars because they view it as the quickest and easiest means of restoring their network. That means some of the criminal groups operating ransomware campaigns in 2019 are making millions of dollars.
But what is now one of the major cyber scourges in the world today started with much more humble origins in December 1989 with a campaign by one man that would ultimately influence some of the biggest cyber attacks in the world thirty years later.
The first instance of what we now know as ransomware was called the AIDS Trojan because of who it was targeting – delegates who'd attended the World Health Organization AIDS conference in Stockholm in 1989.
Attendees were sent floppy discs containing malicious code that installed itself onto MS-DOS systems and counted the number of the times the machine was booted. When the machine was booted for the 90th time, the trojan hid all the directories and encrypted the names of all the files on the drive, making it unusable.
Victims saw instead a note claiming to be from 'PC Cyborg Corporation' which said their software lease had expired and that they needed to send $189 by post to an address in Panama in order to regain access to their system.
It was a ransom demand for payment in order for the victim to regain access to their computer.
Read the full article here: https://www.zdnet.com/article/30-years-of-ransomware-how-one-bizarre-attack-laid-the-foundations-for-the-malware-taking-over-the-world/
Welcome to this week's Black Arrow Cyber Tip Tuesday. This week - how ransomware is evolving and how it is getting even more important for firms and individuals to take this threat seriously
Welcome to this week's Black Arrow Cyber Tip Tuesday.
This week we are talking about the ways that ransomware attacks are changing and getting even more nasty, and how firms and individuals will need to strengthen their approach to protecting themselves.
Traditionally the main defence against ransomware was having backups of your data, such that you could revert to a good copy of your data if you got infected, now though criminals are going after your backup data too, especially if these backups are stored on your networks, so it is now even more critical to have offline copies of your data that cannot themselves be infected.
The other significant development seen recently is now not only are criminals holding your data to ransom they are also now threatening to release your confidential data to the public.
Many firms will not survive the damage caused to their reputation if customers and investors see their private and confidential data is available for the world to see.
The only way to defend against this is to avoid being a victim in the first place, and this includes the principle of defence in depth using multiple layers of protection and different controls.
Talk to us today to ensure you are doing all the things you should be doing to keen yourself safe from ransomware.
Week in review 15 December 2019: New Nasty Ransomware Tactics, New Intel chip vulnerabilities, Malware sees Growth in 2019, Phishing Tricks
Week in review 15 December 2019: New Nasty Ransomware Tactics, New Intel chip vulnerabilities, Malware sees Growth in 2019, Phishing Tricks
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Ransomware: Cybercriminals are adding a new twist to their demands
Ransomware could be getting even nastier: a security firm is warning over a new trend among some ransomware attackers to not just encrypt data, but steal some of it and use it as leverage to ensure a target pays up.
In several recent cases it has been reported that the ransomware gang have not just encrypted data but also threatened to leak the data, too. These attacks elevate the ransomware threat "to crisis level" and organisations should work to immediately improve their security as resorting to backups, the usual best defence against ransomware, won’t protect firms.
https://www.zdnet.com/article/ransomware-cybercriminals-are-adding-a-new-twist-to-their-demands/
New ransomware attacks target your NAS devices, backup storage
Sticking with ransomware for a minute, the number of ransomware strains targeting NAS and backup storage devices is also growing, with users "unprepared" for the threat, researchers say.
Ransomware comes in many forms and guises. The malware variant is popular with cybercriminals and is used in attacks against the enterprise, critical services -- including hospitals and utilities -- and individuals.
Once deployed on a system, the malware will usually encrypt files or full drives, issue its victim with a ransom note, and demand payment in return for a way to decrypt and restore access to locked content.
If backup devices themselves are being specifically targeted in attacks then they cannot be relied upon to recover from. This emphasises the requirement to ensure firms have offline copies of backusp such that backup copies cannot themselves fall victim to ransomware.
If the only backups a firm has are connected to a network and backing up in real time is it increasingly unlikely firms will be able to depend on these backups to get their business back on its feet.
More here: https://www.zdnet.com/article/new-ransomware-attack-targets-your-nas-devices-backup-storage/
New Plundervolt attack impacts Intel CPUs
Academics from three universities across Europe have this week disclosed a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs.
The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor's voltage and frequency -- the same interface that allows gamers to overclock their CPUs.
Academics say they discovered that by tinkering with the amount of voltage and frequency a CPU receives, they can alter bits inside SGX to cause errors that can be exploited at a later point after the data has left the security of the SGX enclave.
They say Plundervolt can be used to recover encryption keys or introduce bugs in previously secure software.
Intel desktop, server, and mobile CPUs are impacted. Including:
Intel® 6th, 7th, 8 th, 9th & 10th generation CoreTM processors
Intel® Xeon® Processor E3 v5 & v6
Intel® Xeon® Processor E-2100 & E-2200 families
Intel has released microcode (CPU firmware) and BIOS updates to address the Plundervolt attack.
More here: https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/
The phishing tricks that break through standard email filters
Some phishing emails are easy to spot: the spelling is bad, the spoofed email is clearly a fake, and the images are too warped to have possibly been sent by a reputable brand. If you receive one of these low-quality phishing emails, you’re lucky. Today’s phishing emails are extremely sophisticated, and if you’re not well trained to spot one, you probably won’t.
Email filters have long relied on fingerprint and reputation-based threat detection to block phishing emails. A fingerprint is essentially all the evidence a phisher leaves behind -- a signature that, once identified, will be recognized on future phishing attempts and the phishing email or webpage blocked. Examples of a fingerprint include the header, subject line, and HTML.
Reputation refers to phishing URLs and IPs or domains where phishing emails and webpages originate. An IP or domain that is identified as a sender or host for phishing emails and webpages is, like the fingerprint example above, identified and then blacklisted. The same goes for the phishing URL.
Once a tried and true method to stop phishing, hackers have developed new techniques to get around these outdated methods.
Read more here: https://betanews.com/2019/12/12/phishing-tricks/
Malware variety sees major growth in 2019
New research from security firm Kaspersky has revealed that malware variety grew by 13.7 percent in 2019 and the cybersecurity firm attributes this growth to a rise in web skimmers.
According to the Kaspersky Security Bulletin 2019, the number of unique malicious objects detected by the company's web antivirus solution increased by an eighth compared to last year to reach over 24m due a 187 percent increase in web skimmer files.
Kaspersky also found that other threats such as backdoors and banking Trojans grew while the presence of cryptocurrency miners dropped by more than half.
These trends demonstrate a shift in the type of threats employed by cybercriminals who are constantly searching for more effective ways to target users online.
Read the original article here: https://www.techradar.com/uk/news/malware-variety-sees-major-growth-in-2019
Adobe patches 17 critical code execution bugs in Photoshop, Reader, Brackets
Adobe's December security release includes fixes for 17 critical vulnerabilities in software that could be exploited to trigger arbitrary code execution.
As part of the software vendor's standard security schedule, vulnerabilities have been patched in Photoshop, Reader, Brackets, and ColdFusion.
Firms using any of these products should update them as soon as possible to mitigate these newly announced vulnerabilities.
The Vulnerability used in Equifax breach is the top network attack in Q3 of 2019
Network security and intelligence company WatchGuard Technologies has released its internet security report for the third quarter of 2019 showing the most popular network attacks.
Apache Struts vulnerabilities -- including one used in the devastating Equifax data breach which tops the list -- appeared for the first time on WatchGuard's list. The report also highlights a major rise in zero day malware detections, increasing use of Microsoft Office exploits and legitimate penetration testing tools, and more.
More details here: https://betanews.com/2019/12/11/equifax-vulnerability-top-network-attack/
Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis
There's been a lot of creepy and concerning news about how Amazon's Ring smart doorbells are bringing surveillance to suburbia and sparking data-sharing relationships between Amazon and law enforcement. News reports this week are raising a different issue: hackers are breaking into users' Ring accounts, which can also be connected to indoor Ring cameras, to take over the devices and get up to all sorts of invasive shenanigans.
More on Wired here: https://www.wired.com/story/ring-hacks-exemplify-iot-security-crisis/
Cyber Tip Tuesday 10 December 2019 - Bruce talks about why charities need to think about cyber risk
Cyber Tip Tuesday 10 December 2019 - Bruce talks about why charities need to think about cyber risk
This week’s Tip Tuesday focuses on Charities and how cyber security affects them.
Charities can be an attractive target for cyber criminals who want to access charities' information or funds.
Unfortunately, charities often do not have the expertise to establish good cyber hygiene, but they still need to operate in the same connected world as commercial organisations with larger budgets.
If a charity experiences an attack, then ultimately it is the wider community that suffers.
That is why charities need to take appropriate steps to secure themselves against a cyber-attack.
Fortunately, many of the things that charities will benefit from doing can be achieved with little or no cost, and Black Arrow also provides pro bono advisory services to charities in Guernsey to show how this can be done.
Week in review 08 December 2019: 5,183 breaches in first nine months of 2019, 44 million Microsoft customers found using compromised passwords, US charges Russians over hacking attacks
Week in review 08 December 2019: 5,183 breaches in first nine months of 2019, 44 million Microsoft customers found using compromised passwords, US charges Russians over hacking attacks, VPN vulnerabilities, ransomware attacks on network storage devices, Europol take down counterfeit websites, reward offered for Russian hackers largest yet
Week in review 08 December 2019
Round up of the most significant open source stories of the last week
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
5,183 breaches in first nine months of 2019 exposed 7.9b data records
As many as 7.9 billion data records were leaked, stolen or exposed as a result of 5,183 data breaches that took place in the first nine months of 2019, making it the worst year ever for data breaches.
This alarming statistic was revealed by security firm Risk Based Security which observed that based on recent trends, the number of breached data records could touch 8.5 billion by the end of the year.
The firm also noted that the total number of data breaches worldwide rose by 33.3 percent compared to the mid-year of 2018 and the number of records breached also rose by 112 percent. As many as 3.1 million data records were breached as a result of six data breach incidents that took place between 1 July and 30 September.
The majority of data records were exposed or leaked as a result of accidental exposure of data on the internet by organisations. The fact that hackers are quite willing to take advantage of such data exposure has also led to a rise in the number of breached records.
44 million Microsoft customers found using compromised passwords
Microsoft's identity threat researchers have revealed that 44 million of its users are still using passwords that have previously been compromised in past data breaches.
The 44 million weak accounts comprised both Microsoft Services Accounts (regular users) and Azure AD accounts too, suggesting businesses are not adopting proper password hygiene.
A total of three billion user credentials were checked in a database populated from numerous sources including law enforcement and public databases.
Using the data set of three billion credentials, Microsoft was able to identify the number of users who were reusing credentials across multiple online services.
Microsoft forced a password reset for all of those users who were found to have leaked credentials during the scan which took place between January and March 2019.
Evil Corp: US charges Russians over hacking attacks
US authorities have filed charges against two Russian nationals alleged to be running a global cyber crime organisation named Evil Corp.
An indictment named Maksim Yakubets and Igor Turashev - who remain at large - as figures in a group which used malware to steal millions of dollars in more than 40 countries.
Those affected by the hacks include schools and religious organisations. It is also alleged that Mr Yakubets worked for Russian intelligence.
The attacks are said to be amongst the worst computer hacking and bank fraud schemes of the past decade. The $5m reward being offered for information leading to their arrest and prosecution is the largest yet for catching cyber criminals.
Thursday's indictment came after a multi-year investigation by the US and British law enforcement agencies.
Authorities allege that the group stole at least $100m (£76m) using Bugat malware - known as Dridex.
The malware was spread through so-called "phishing" campaigns, which encouraged victims to click on malicious links sent by email from supposedly trusted entities.
Once a computer was infected, the group stole personal banking information which was used to transfer funds.
A network of money launderers - targeted by the NCA and Britain's Metropolitan Police - were then utilised to funnel the criminal proceeds to members of Evil Corp. Eight members of this network have been sentenced to a total of over 40 years in prison.
New ransomware attacks target your NAS devices, backup storage
New ransomware that targets Network Attached Storage devices and other backup devices has surged in recent months with many users unprepared for the increased level of threat.
As with all ransomware paying the ransom is no guarantee of getting data back and should only ever be an absolute last resort.
With networked and backup storage devices falling victim to ransomware infections that emphasises the need to ensure firms have offline copies of backups. Backups that are that are disconnected from systems cannot themselves be corrupted or fall victim to ransomware and would therefore be a firm’s best bet in being able to recover from such an attack.
https://www.zdnet.com/article/new-ransomware-attack-targets-your-nas-devices-backup-storage/
New vulnerability lets attackers sniff or hijack VPN connections
Academics have disclosed this week a security flaw impacting Linux, Android, macOS, and other Unix-based operating systems that allows an attacker to sniff, hijack, and tamper with VPN-tunneled connections. OpenVPN, WireGuard, and IKEv2/IPSec VPNs are all vulnerable to attacks.
The vulnerability -- tracked as CVE-2019-14899 -- resides in the networking stacks of multiple Unix-based operating systems, and more specifically, in how the operating systems reply to unexpected network packet probes.
According to the research team, attackers can use this vulnerability to probe devices and discover various details about the user's VPN connection status.
Whilst this vulnerability affects Linux, Android, Mac and other Unix-based operating systems this vulnerability is not currently believed to affect Windows based systems.
https://www.zdnet.com/article/new-vulnerability-lets-attackers-sniff-or-hijack-vpn-connections/
Newly discovered Mac malware uses “fileless” technique to remain stealthy
Hackers believed to be working for the North Korean government have upped their game with a recently discovered Mac trojan that uses in-memory execution to remain stealthy.
In-memory execution, also known as fileless infection, never writes anything to a computer hard drive. Instead, it loads malicious code directly into memory and executes it from there. The technique is an effective way to evade antivirus protection because there’s no file to be analyzed or flagged as suspicious.
In-memory infections were once the sole province of state-sponsored attackers. By 2017, more advanced financially motivated hackers had adopted the technique. It has become increasingly common since then.
Europol seizes more than 30,000 counterfeit sites on Cyber Monday
Europol has taken down more than 30,000 different web domains which allowed cyber criminals to sell counterfeit and pirated items online.
The joint operation between 18 member states and the US National Intellectual Property Rights Coordination Centre, with help Eurojust and INTERPOL, included the seizure of articles such as fake medicines, pirated movies, music, software and counterfeit electronics.
In addition, officials identified and froze more than €150 000 (£128,000) in several bank accounts and online payment platforms.
As a result of the coordinated operation, codenamed IOS X (In Our Sites), three arrests have been made and 26,000 "luxury products" have been seized along with the swathe of illicit websites.
The IOS campaign launched in 2014, one that Europol has gained in strength year-on-year, and aims to "make the internet a safer place for consumers by recruiting more countries and private sector partners to participate in the operation and providing referrals".
Our latest Black Arrow Cyber Tip Tuesday video is now live, in this week's episode "Cyber lessons we can learn from the Titanic, and why brakes were needed to be added to cars"
Welcome to this week's Black Arrow cyber tip Tuesday, this week we are talking about lessons we can learn from the Titanic.
Cyber security is a lot like the titanic, people often ignore warnings until it's too late. The day the Titanic sank the crew received seven iceberg warnings, yet such was the competition to make the crossing in six days, orders were given to maintain the speed of the ship.
They thought they could ignore the warnings and steamed on ahead in the mistaken belief they would be unaffected.
Now, if they'd heeded the warnings and slowed down they would have stood a better chance of avoiding the icebergs, and in particular the iceberg that led to their sinking.
That's not to say good security means you need to slow down, not wishing to mix my metaphors but brakes were not added to cars to make them go slower, brakes were a necessity to be added to cars to allow them to go faster.
So don't slow down necessarily, just maybe don't avoid the warnings and don't believe that somehow you will remain safe as you steer your own ships through a see unfortunately filled with icebergs.
Welcome to this week's Black Arrow cyber tip Tuesday, this week we are talking about lessons we can learn from the Titanic.
Cyber security is a lot like the titanic, people often ignore warnings until it's too late. The day the Titanic sank the crew received seven iceberg warnings, yet such was the competition to make the crossing in six days, orders were given to maintain the speed of the ship.
They thought they could ignore the warnings and steamed on ahead in the mistaken belief they would be unaffected.
Now, if they'd heeded the warnings and slowed down they would have stood a better chance of avoiding the icebergs, and in particular the iceberg that led to their sinking.
That's not to say good security means you need to slow down, not wishing to mix my metaphors but brakes were not added to cars to make them go slower, brakes were a necessity to be added to cars to allow them to go faster.
So don't slow down necessarily, just maybe don't avoid the warnings and don't believe that somehow you will remain safe as you steer your own ships through a see unfortunately filled with icebergs.