Wishing all customers old and new a Very Happy and Safe Christmas

Surely more security is always better right? Surely you can’t have too much? Maybe not - find out more

There has been extensive coverage in both tech and mainstream media warning about the possibility of revenge cyber attacks by Iran following the targeted killing of Iranian General Qasem Soleimani by the United States last week.

Whilst there is a chance that Iran will attack the US and her allies, firms in the West need to consider their threat models and whether or not Iranian interests intersect with their business operations.

Unless a local Channel Islands firm is providing high profile services directly to the US, or otherwise would have operations significant enough to be directly targeted by Iran, it is unlikely there is much danger to Channel Islands firms specifically from the Iranians as a result of this assassination.

Nation State actors do pose an ongoing threat to businesses across the Channel Islands and good cyber hygiene should be followed to guard against by Nation States, and any other malicious actors wanting to cause you harm.

If you have any specific concerns or if you want to discuss your existing defensive capabilities please contact us.

Week in review 05 January 2020 - Round up of the most significant open source stories of the last week, December breaches, worst passwords, Travelex taken offline, IoT security stinks, Iran revenge attacks expected on US

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to our first blog post of 2020:

List of data breaches and cyber attacks in December 2019 – 627 million records breached

The new year – and new decade – is underway, but before saying goodbye to 2019, ITGovernance had one more monthly round-up to get to.

December saw 90 disclosed data breaches and cyber attacks, with 627,486,696 records being compromised. That’s about a third of the average monthly total, although the number of incidents has climbed steadily throughout the year.

Refer to the original article for the full list of December’s incidents: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-december-2019

These are officially the worst passwords of 2019

SplashData has released its annual list of the most commonly-used passwords across the world, uncovering that old security habits really do die hard.

The security firm investigated over five million leaked passwords over the past twelve months, and found that many of the most common logins would be easy to guess for even the most incompetent hackers.

In perhaps the most surprising news, "password" has for the first time been knocked out of the top two spots, being replaced by the painfully simple "123456" and "123456789".

SplashData estimates almost 10 percent of people have used at least one of the 25 worst passwords on this year’s list, with nearly three percent using "123456".

Here are the so-called "worst passwords of 2019"

• 123456

• 123456789

• qwerty

• password

• 1234567

• 12345678

• 12345

• iloveyou

• 111111

• 123123

Read the original article here: https://www.techradar.com/uk/news/these-are-officially-the-worst-passwords-of-2019

Hacks and Breaches of 2019: A Year in Review

SecurityBoulevard have a review of the biggest hacks and breaches from 2019, including Fortnite in January, WhatsApp from May, Facebook from April, Amazon Web Services from July and Zynga from September.

Read the full article here: https://securityboulevard.com/2020/01/hacks-and-breaches-of-2019-a-year-in-review/

US based Company shuts down because of ransomware, leaves 300 without jobs just before holidays

An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn't go according to plan following a ransomware incident that took place at the start of October 2019.

Employees of Sherwood-based telemarketing firm The Heritage Company were notified of the decision just days before Christmas, via a letter sent by the company's CEO.

Speaking with local media, employees said they had no idea the company had even suffered a ransomware attack, and the layoffs were unexpected, catching many off guard.

This shows how devastating ransomware attacks can be on businesses of all sizes.

Read the original article here: https://www.zdnet.com/article/company-shuts-down-because-of-ransomware-leaves-300-without-jobs-just-before-holidays/

Travelex site taken offline after cyber attack

The foreign-currency seller Travelex had to suspend some of its services to protect data since the firm suffered from a ‘software virus attack’ on New Year's Eve.

The company has resorted to carrying out transactions manually, providing foreign-exchange services over the counter in its branches.

A spokesman stated the firm is doing all it can to restore full services as soon as possible

More from the BBC here: https://www.bbc.com/news/business-50977582

After latest hack, experts say smart home security systems stink at securing data

Another day, another smart home camera system security hack, this one affecting the Seattle-based company Wyze. First reported by a Texas-based cybersecurity firm and confirmed by Wyze, the hack is estimated to have affected 2.4 million customers who had their email addresses, the emails of anyone they ever shared camera access with, a list of their cameras, the last time they were on, and much more information exposed. Some customers even had their health data leaked.

Wyze is a home camera system similar to Amazon’s Ring that’s more economical: Wyze’s products are about a third of Amazon’s Ring. Both companies have now experienced at least one kind of major breach — either a hack or a leak — that should raise the eyebrows of anyone considering purchasing this type of home security.

Read the full article here: https://www.digitaltrends.com/news/wyze-data-hack-protection/

Iran 'revenge' could come in the form of cyber-attacks, experts warn

The US assassination of Qassem Suleimani has increased the likelihood of protracted cyber-hostilities between the US and Iran could escalate into true cyberwarfare.

With tensions mounting and Iran threatening “severe revenge” over the killing, concerns have arisen that blowback could come in the form of hacking attacks on critical infrastructure sectors, which include the power grid, healthcare facilities, banks and communications networks.

Iran has invested heavily in its cyber-attack forces since the Stuxnet attack in 2010 – which saw the US and Israel degrade Iran’s nuclear capabilities by means of a computer virus. It has demonstrated its capabilities with attacks on US banks and a small dam, and the US has countered with attacks on an Iranian intelligence group and missile launchers.

There is a danger attacks by Iran against the US spread to other targets in the West and we will continue to monitor any developments.

Read the original article here: https://www.theguardian.com/world/2020/jan/03/iran-cyberattacks-experts-us-suleimani

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our new regular ‘Cyber Tip Tuesday’ video blog, here and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Welcome to the final Cyber Tip Tuesday of the year, on this the last day of 2019.

As we look back over the last twelve months, the most significant thing, at least as far as regulated financial services firms in the Bailiwick are concerned, is that the GFSC is putting a lot more focus on, and changing the ways it is assessing, cyber risk - both in terms of operational risk and governance risk.

The Commission will be putting new regulations out to public consultation in the new year, but firms need to think about getting on the front foot and consider whether they are doing all they should be doing in relation to cyber security.

We know what the Commission will be looking for as we were directly involved in the thematic review that led to these new regulations, and provided direction for the regulations themselves and the changes to the way firms will be assessed as part of ongoing supervision.

Talk to us to see how we can help you to ensure that you have appropriate protections and controls in place and to help you meet the new regulations when they come into force.

Have a happy, safe and secure 2020

Welcome to a special Christmas Eve 2019 Black Arrow Cyber Tip Tuesday.

Christmas is a time for giving so we thought it would be an ideal time to mention the services we give free of charge to help protect Guernsey and the local community.

1. Mentoring: if you are looking to start or progress your career in cyber security, you could be eligible for our mentoring program consisting of a rolling series of one to one meetings to see where our experience and guidance can help you.

2. Free 30 minute chats for Startups and Entrepreneurs: a free 30 minute consultation for new startups and entrepreneurs to help ensure they are getting the fundamentals of cyber security in place to protect their growing business.

3. Free pro bono advisory services for charities and non-profits: we are giving one day every month to support those that support our communities in Guernsey, to help them protect themselves, using where possible, or where appropriate, low or no cost solutions.

Black Arrow Cyber Consulting wishes everyone a Happy Christmas and a safe, secure and prosperous 2020

Black Arrow Cyber Consulting would like to wish everyone a very Happy Christmas! Whilst enjoying the festivities just bear in mind that the bag guys don’t stop and cyber attacks typically increase around this time of year.

Week in review 22 December 2019

Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Cyber Consulting would like to wish customers old and new a Very Happy Christmas and a happy, prosperous, and cyber safe, 2020

Christmas malware spreading fast: Protect yourself now

Holiday party invitations may infect your PC

It's time for ugly Christmas sweaters — and for ugly Christmas-themed malicious spam emails.

A new malspam campaign dumps an email in your inbox marked "Christmas Party," "Christmas Party next week," "Party menu," "Holiday schedule" or something similar. But the attached Word document delivers a lump of coal: the notorious Emotet Trojan malware.

"HAPPY HOLIDAYS," begins the email, as spotted by researchers. "I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know.

"Don't forget to get your donations in for the money tree," the email adds. "Also, wear your tackiest/ugliest Christmas sweater to the party." Sometimes it adds, "Details in the attachment."

More here: https://www.tomsguide.com/news/ugly-christmas-emails-give-the-gift-of-malware

Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.

The cyber criminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.

“Represented here companies dont wish to cooperate with us, and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!”

Researchers were able to verify that at least one of the companies listed on the site indeed recently suffered from a Maze ransomware infestation that has not yet been reported in the news media.

The information disclosed for each Maze victim includes the initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by Maze.

As shocking as this new development may be to some, it’s not like the bad guys haven’t warned us this was coming.

Read the full article here: https://securityboulevard.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/

Ransomware: The number of victims paying up is on the rise, and that's bad news

The number of organisations that are giving into the extortion demands of cyber criminals after falling victim to ransomware attacks has more than doubled this year.

A rise in the number of ransomware attacks in the past year has contributed to to the increased number of organisations opting to pay a ransom for the safe return of networks locked down by file-encrypting malware.

That's according to figures in the newly released 2019 CrowdStrike Global; Security Attitude Survey, which said the total number of organisations around the world that pay the ransom after falling victim to a supply-chain attack has more than doubled from 14% of victims to 39% of those affected.

In the UK specifically, the number of organisations that have experienced a ransomware attack and paid the demanded price for the decryption key stands at 28% – double the 14% figure of the previous year.

Read the full article here: https://www.zdnet.com/article/ransomware-the-number-of-victims-paying-up-is-on-the-rise-and-thats-bad-news/

Microsoft Office apps hit with more cyber attacks than ever

New reports have claimed Microsoft Office was the most commonly exploited application worldwide as of the the third quarter of this year.

Researchers found that Microsoft Office solutions and applications were the target of exactly 72.85 percent of cyber exploits this year according to the firm's research.

However, cyber criminals also targeted web browsers with 13.47 percent of the total number of exploits, Android (9.09 percent), Java (2.36 percent), and Adobe Flash (1.57 percent).

Read the full article here: https://www.techradar.com/uk/news/microsoft-office-apps-hit-with-more-cyberattacks-than-ever

Inconsistent password advice could increase risk of cyber attacks

New research suggests that ‘inconsistent and misleading’ password meters seen on various websites could increase the risk of cyber attacks.

The study, led by researchers at the University of Plymouth, investigated the effectiveness of 16 password meters that people are likely to use or encounter on a regular basis.

It tested 16 passwords against the various meters, with 10 of them being ranked among the world’s most commonly used passwords (including ‘password’ and ‘123456’).

Of the 10 explicitly weak passwords, only five of them were consistently scored as such by all the password meters, while ‘Password1!’ performed far better than it should do and was even rated strongly by three of the meters.

However, the team at Plymouth said one positive finding was that a browser-generated password was consistently rated strong, meaning users can seemingly trust these features to do a good job.

More here: https://eandt.theiet.org/content/articles/2019/12/inconsistent-password-advice-could-increase-risk-of-cyber-attacks/

Cyber security predictions for 2020: 45 industry experts have their say

Cyber security is a fast-moving industry, and with a new decade dawning, the next year promises new challenges for enterprises, security professionals and workers. But what predictions do experts have for cybersecurity in 2020?

Verdict.co.uk heard from 45 experts across the field of cybersecurity about their predictions for 2020, from new methods and targets to changing regulation and business practices.

Read the full list of predictions here: https://www.verdict.co.uk/cybersecurity-predictions-2020/

This ‘grab-bag’ hacking attack drops six different types of malware in one go

'Hornet's Nest' campaign delivers a variety of malware that could create a nightmare for organisations that fall victim to attacks, warn researchers.

A high-volume hacking campaign is targeting organisations around the world with attacks that deliver a 'grab-bag' of malware that includes information-stealing trojans, a remote backdoor, a cryptojacker and a cryptocurrency stealer.

Uncovered by researchers at Deep Instinct, the combination of the volume of attacks with the number of different malware families has led to the campaign being named 'Hornet's Nest'.

The attacks are suspected to be offered as part of a cybercrime-as-a-service operation with those behind the initial dropper, which researchers have dubbed Legion Loader, leasing out their services to other criminals.

Clues in the code point to the Legion Loader being written by a Russian-speaker – and researchers note that the malware is still being worked on and updated. Attacks using the loader appear to be focused on targets in the United States and Europe.

Read the full article here: https://www.zdnet.com/article/this-grab-bag-hacking-attack-drops-six-different-types-of-malware-in-one-go/

Tiny band of fraud police left to deal with third of all crime

Only one in 200 police officers is dedicated to investigating fraud despite it accounting for more than a third of all crimes, The Times revealed.

Most forces have less than half of 1 per cent of their officers allocated to fraud cases and some have none at all, according to figures disclosed under the Freedom of Information Act. In some areas the number of officers tackling fraud has fallen significantly.

Amid a surge in online and cold-calling scams, there were 3.8 million incidents of fraud last year, more than a third of all crimes in England and Wales. Victims are increasingly targeted online and can lose their life savings. However, as few as one in 50 fraud reports leads to a “judicial outcome” such as a suspect being charged.

Last night police bosses said the failure to investigate the cases was due to budget cuts and “poor government direction” and the situation had become a national emergency. Boris Johnson has pledged to “make the streets safer” by recruiting an extra 20,000 police officers but there are concerns that victims of fraud will continue to be failed.

Read the original article here: https://www.thetimes.co.uk/article/less-than-1-of-police-officers-target-fraud-kf6d37qfz

IT worker with a grudge jailed for cyber attack that shut down network for 12 hours

A contractor with a grudge over the handling of an incident in Benidrom has been jailed for carrying out a revenge cyber attack. Scott Burns, 27, was unhappy with the way a disciplinary matter against him by Jet2 was dealt with so decided to cause harm. The attack led to the company’s computer network being shut down for 12 hours and it was only thanks to a fast-thinking colleague that a ‘complete disaster’ was avoided. Burns’s attack cost the company £165,000 in lost business, Leeds Crown Court was told. Jailing Burns for 10 months, Judge Andrew Stubbs QC heard how the motive was revenge because Burns was unhappy about how Jet2 dealt with a disciplinary matter against him relating to an incident at a ‘roadshow in Benidorm’ in 2017. No further details of the incident were outlined in court.

Read more here: https://metro.co.uk/2019/12/20/worker-grudge-jailed-cyber-attack-shut-network-12-hours-11937687/

30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world

In December 1989 the world was introduced to the first ever ransomware - and 30 years later ransomware attacks are now at crisis levels.

Ransomware has been one of the most prolific cyber threats facing the world throughout 2019, and it's unlikely to stop being a menace any time soon.

Organisations from businesses and schools to entire city administrations have fallen victim to network-encrypting malware attacks that are now demanding hundreds of thousands of dollars in bitcoin or other cryptocurrency for the safe return of the files.

While law enforcement recommends that victims don't give into the demands of cyber criminals and pay the ransom, many opt to pay hundreds of thousands of dollars because they view it as the quickest and easiest means of restoring their network. That means some of the criminal groups operating ransomware campaigns in 2019 are making millions of dollars.

But what is now one of the major cyber scourges in the world today started with much more humble origins in December 1989 with a campaign by one man that would ultimately influence some of the biggest cyber attacks in the world thirty years later.

The first instance of what we now know as ransomware was called the AIDS Trojan because of who it was targeting – delegates who'd attended the World Health Organization AIDS conference in Stockholm in 1989.

Attendees were sent floppy discs containing malicious code that installed itself onto MS-DOS systems and counted the number of the times the machine was booted. When the machine was booted for the 90th time, the trojan hid all the directories and encrypted the names of all the files on the drive, making it unusable.

Victims saw instead a note claiming to be from 'PC Cyborg Corporation' which said their software lease had expired and that they needed to send $189 by post to an address in Panama in order to regain access to their system.

It was a ransom demand for payment in order for the victim to regain access to their computer.

Read the full article here: https://www.zdnet.com/article/30-years-of-ransomware-how-one-bizarre-attack-laid-the-foundations-for-the-malware-taking-over-the-world/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our new regular ‘Cyber Tip Tuesday’ video blog, here and on our YouTube channel

You can also follow us on Facebook, Twitter and LinkedIn.

Welcome to this week's Black Arrow Cyber Tip Tuesday.

This week we are talking about the ways that ransomware attacks are changing and getting even more nasty, and how  firms and individuals will need to strengthen their approach to protecting themselves.

Traditionally the main defence against ransomware was having backups of your data, such that you could revert to a good copy of your data if you got infected, now though criminals are going after your backup data too, especially if these backups are stored on your networks, so it is now even more critical to have offline copies of your data that cannot themselves be infected.

The other significant development seen recently is now not only are criminals holding your data to ransom they are also now threatening to release your confidential data to the public.

Many firms will not survive the damage caused to their reputation if customers and investors see their private and confidential data is available for the world to see.

The only way to defend against this is to avoid being a victim in the first place, and this includes the principle of defence in depth using multiple layers of protection and different controls.

Talk to us today to ensure you are doing all the things you should be doing to keen yourself safe from ransomware.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Ransomware: Cybercriminals are adding a new twist to their demands

Ransomware could be getting even nastier: a security firm is warning over a new trend among some ransomware attackers to not just encrypt data, but steal some of it and use it as leverage to ensure a target pays up.

In several recent cases it has been reported that the ransomware gang have not just encrypted data but also threatened to leak the data, too. These attacks elevate the ransomware threat "to crisis level" and organisations should work to immediately improve their security as resorting to backups, the usual best defence against ransomware, won’t protect firms.

https://www.zdnet.com/article/ransomware-cybercriminals-are-adding-a-new-twist-to-their-demands/

New ransomware attacks target your NAS devices, backup storage

Sticking with ransomware for a minute, the number of ransomware strains targeting NAS and backup storage devices is also growing, with users "unprepared" for the threat, researchers say.

Ransomware comes in many forms and guises. The malware variant is popular with cybercriminals and is used in attacks against the enterprise, critical services -- including hospitals and utilities -- and individuals.

Once deployed on a system, the malware will usually encrypt files or full drives, issue its victim with a ransom note, and demand payment in return for a way to decrypt and restore access to locked content.

If backup devices themselves are being specifically targeted in attacks then they cannot be relied upon to recover from. This emphasises the requirement to ensure firms have offline copies of backusp such that backup copies cannot themselves fall victim to ransomware.

If the only backups a firm has are connected to a network and backing up in real time is it increasingly unlikely firms will be able to depend on these backups to get their business back on its feet.

More here: https://www.zdnet.com/article/new-ransomware-attack-targets-your-nas-devices-backup-storage/

New Plundervolt attack impacts Intel CPUs

Academics from three universities across Europe have this week disclosed a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs.

The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor's voltage and frequency -- the same interface that allows gamers to overclock their CPUs.

Academics say they discovered that by tinkering with the amount of voltage and frequency a CPU receives, they can alter bits inside SGX to cause errors that can be exploited at a later point after the data has left the security of the SGX enclave.

They say Plundervolt can be used to recover encryption keys or introduce bugs in previously secure software.

Intel desktop, server, and mobile CPUs are impacted. Including:

• Intel® 6th, 7th, 8 th, 9th & 10th generation CoreTM processors

• Intel® Xeon® Processor E3 v5 & v6

• Intel® Xeon® Processor E-2100 & E-2200 families

Intel has released microcode (CPU firmware) and BIOS updates to address the Plundervolt attack.

More here: https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/

The phishing tricks that break through standard email filters

Some phishing emails are easy to spot: the spelling is bad, the spoofed email is clearly a fake, and the images are too warped to have possibly been sent by a reputable brand. If you receive one of these low-quality phishing emails, you’re lucky. Today’s phishing emails are extremely sophisticated, and if you’re not well trained to spot one, you probably won’t.

Email filters have long relied on fingerprint and reputation-based threat detection to block phishing emails. A fingerprint is essentially all the evidence a phisher leaves behind -- a signature that, once identified, will be recognized on future phishing attempts and the phishing email or webpage blocked. Examples of a fingerprint include the header, subject line, and HTML.

Reputation refers to phishing URLs and IPs or domains where phishing emails and webpages originate. An IP or domain that is identified as a sender or host for phishing emails and webpages is, like the fingerprint example above, identified and then blacklisted. The same goes for the phishing URL.

Once a tried and true method to stop phishing, hackers have developed new techniques to get around these outdated methods.

Read more here: https://betanews.com/2019/12/12/phishing-tricks/

Malware variety sees major growth in 2019

New research from security firm Kaspersky has revealed that malware variety grew by 13.7 percent in 2019 and the cybersecurity firm attributes this growth to a rise in web skimmers.

According to the Kaspersky Security Bulletin 2019, the number of unique malicious objects detected by the company's web antivirus solution increased by an eighth compared to last year to reach over 24m due a 187 percent increase in web skimmer files.

Kaspersky also found that other threats such as backdoors and banking Trojans grew while the presence of cryptocurrency miners dropped by more than half.

These trends demonstrate a shift in the type of threats employed by cybercriminals who are constantly searching for more effective ways to target users online.

Read the original article here: https://www.techradar.com/uk/news/malware-variety-sees-major-growth-in-2019

Adobe patches 17 critical code execution bugs in Photoshop, Reader, Brackets

Adobe's December security release includes fixes for 17 critical vulnerabilities in software that could be exploited to trigger arbitrary code execution.

As part of the software vendor's standard security schedule, vulnerabilities have been patched in Photoshop, Reader, Brackets, and ColdFusion.

Firms using any of these products should update them as soon as possible to mitigate these newly announced vulnerabilities.

More info: https://www.zdnet.com/article/adobe-patches-17-critical-code-execution-bugs-in-photoshop-reader-brackets/

The Vulnerability used in Equifax breach is the top network attack in Q3 of 2019

Network security and intelligence company WatchGuard Technologies has released its internet security report for the third quarter of 2019 showing the most popular network attacks.

Apache Struts vulnerabilities -- including one used in the devastating Equifax data breach which tops the list -- appeared for the first time on WatchGuard's list. The report also highlights a major rise in zero day malware detections, increasing use of Microsoft Office exploits and legitimate penetration testing tools, and more.

More details here: https://betanews.com/2019/12/11/equifax-vulnerability-top-network-attack/

Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis

There's been a lot of creepy and concerning news about how Amazon's Ring smart doorbells are bringing surveillance to suburbia and sparking data-sharing relationships between Amazon and law enforcement. News reports this week are raising a different issue: hackers are breaking into users' Ring accounts, which can also be connected to indoor Ring cameras, to take over the devices and get up to all sorts of invasive shenanigans.

More on Wired here: https://www.wired.com/story/ring-hacks-exemplify-iot-security-crisis/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our new regular ‘Cyber Tip Tuesday’ video blog, here and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

This week’s Tip Tuesday focuses on Charities and how cyber security affects them.

Charities can be an attractive target for cyber criminals who want to access charities' information or funds.

Unfortunately, charities often do not have the expertise to establish good cyber hygiene, but they still need to operate in the same connected world as commercial organisations with larger budgets.

If a charity experiences an attack, then ultimately it is the wider community that suffers.

That is why charities need to take appropriate steps to secure themselves against a cyber-attack.

Fortunately, many of the things that charities will benefit from doing can be achieved with little or no cost, and Black Arrow also provides pro bono advisory services to charities in Guernsey to show how this can be done.

Week in review 08 December 2019

Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

5,183 breaches in first nine months of 2019 exposed 7.9b data records

As many as 7.9 billion data records were leaked, stolen or exposed as a result of 5,183 data breaches that took place in the first nine months of 2019, making it the worst year ever for data breaches.

This alarming statistic was revealed by security firm Risk Based Security which observed that based on recent trends, the number of breached data records could touch 8.5 billion by the end of the year.

The firm also noted that the total number of data breaches worldwide rose by 33.3 percent compared to the mid-year of 2018 and the number of records breached also rose by 112 percent. As many as 3.1 million data records were breached as a result of six data breach incidents that took place between 1 July and 30 September.

The majority of data records were exposed or leaked as a result of accidental exposure of data on the internet by organisations. The fact that hackers are quite willing to take advantage of such data exposure has also led to a rise in the number of breached records.

https://www.teiss.co.uk/data-records-breached-2019/ 

44 million Microsoft customers found using compromised passwords

Microsoft's identity threat researchers have revealed that 44 million of its users are still using passwords that have previously been compromised in past data breaches.

The 44 million weak accounts comprised both Microsoft Services Accounts (regular users) and Azure AD accounts too, suggesting businesses are not adopting proper password hygiene.

A total of three billion user credentials were checked in a database populated from numerous sources including law enforcement and public databases.

Using the data set of three billion credentials, Microsoft was able to identify the number of users who were reusing credentials across multiple online services.

Microsoft forced a password reset for all of those users who were found to have leaked credentials during the scan which took place between January and March 2019.

https://www.itpro.co.uk/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using

Evil Corp: US charges Russians over hacking attacks

US authorities have filed charges against two Russian nationals alleged to be running a global cyber crime organisation named Evil Corp.

An indictment named Maksim Yakubets and Igor Turashev - who remain at large - as figures in a group which used malware to steal millions of dollars in more than 40 countries.

Those affected by the hacks include schools and religious organisations. It is also alleged that Mr Yakubets worked for Russian intelligence.

The attacks are said to be amongst the worst computer hacking and bank fraud schemes of the past decade. The $5m reward being offered for information leading to their arrest and prosecution is the largest yet for catching cyber criminals.

Thursday's indictment came after a multi-year investigation by the US and British law enforcement agencies.

Authorities allege that the group stole at least $100m (£76m) using Bugat malware - known as Dridex.

The malware was spread through so-called "phishing" campaigns, which encouraged victims to click on malicious links sent by email from supposedly trusted entities.

Once a computer was infected, the group stole personal banking information which was used to transfer funds.

A network of money launderers - targeted by the NCA and Britain's Metropolitan Police - were then utilised to funnel the criminal proceeds to members of Evil Corp. Eight members of this network have been sentenced to a total of over 40 years in prison.

https://www.bbc.co.uk/news/world-us-canada-50677512 

New ransomware attacks target your NAS devices, backup storage

New ransomware that targets Network Attached Storage devices and other backup devices has surged in recent months with many users unprepared for the increased level of threat.

As with all ransomware paying the ransom is no guarantee of getting data back and should only ever be an absolute last resort.

With networked and backup storage devices falling victim to ransomware infections that emphasises the need to ensure firms have offline copies of backups. Backups that are that are disconnected from systems cannot themselves be corrupted or fall victim to ransomware and would therefore be a firm’s best bet in being able to recover from such an attack.

https://www.zdnet.com/article/new-ransomware-attack-targets-your-nas-devices-backup-storage/ 

New vulnerability lets attackers sniff or hijack VPN connections

Academics have disclosed this week a security flaw impacting Linux, Android, macOS, and other Unix-based operating systems that allows an attacker to sniff, hijack, and tamper with VPN-tunneled connections. OpenVPN, WireGuard, and IKEv2/IPSec VPNs are all vulnerable to attacks.

The vulnerability -- tracked as CVE-2019-14899 -- resides in the networking stacks of multiple Unix-based operating systems, and more specifically, in how the operating systems reply to unexpected network packet probes.

According to the research team, attackers can use this vulnerability to probe devices and discover various details about the user's VPN connection status.

Whilst this vulnerability affects Linux, Android, Mac and other Unix-based operating systems this vulnerability is not currently believed to affect Windows based systems.

https://www.zdnet.com/article/new-vulnerability-lets-attackers-sniff-or-hijack-vpn-connections/  

Newly discovered Mac malware uses “fileless” technique to remain stealthy

Hackers believed to be working for the North Korean government have upped their game with a recently discovered Mac trojan that uses in-memory execution to remain stealthy.

In-memory execution, also known as fileless infection, never writes anything to a computer hard drive. Instead, it loads malicious code directly into memory and executes it from there. The technique is an effective way to evade antivirus protection because there’s no file to be analyzed or flagged as suspicious.

In-memory infections were once the sole province of state-sponsored attackers. By 2017, more advanced financially motivated hackers had adopted the technique. It has become increasingly common since then.

https://arstechnica.com/information-technology/2019/12/north-koreas-lazarus-hackers-up-their-game-with-fileless-mac-malware/ 

Europol seizes more than 30,000 counterfeit sites on Cyber Monday

Europol has taken down more than 30,000 different web domains which allowed cyber criminals to sell counterfeit and pirated items online.

The joint operation between 18 member states and the US National Intellectual Property Rights Coordination Centre, with help Eurojust and INTERPOL, included the seizure of articles such as fake medicines, pirated movies, music, software and counterfeit electronics.

In addition, officials identified and froze more than €150 000 (£128,000) in several bank accounts and online payment platforms.

As a result of the coordinated operation, codenamed IOS X (In Our Sites), three arrests have been made and 26,000 "luxury products" have been seized along with the swathe of illicit websites.

The IOS campaign launched in 2014, one that Europol has gained in strength year-on-year, and aims to "make the internet a safer place for consumers by recruiting more countries and private sector partners to participate in the operation and providing referrals".

You can contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our regular ‘Cyber Tip Tuesday’ video blog here and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Welcome to this week's Black Arrow cyber tip Tuesday, this week we are talking about lessons we can learn from the Titanic.

Cyber security is a lot like the titanic, people often ignore warnings until it's too late. The day the Titanic sank the crew received seven iceberg warnings, yet such was the competition to make the crossing in six days, orders were given to maintain the speed of the ship.

They thought they could ignore the warnings and steamed on ahead in the mistaken belief they would be unaffected.

Now, if they'd heeded the warnings and slowed down they would have stood a better chance of avoiding the icebergs, and in particular the iceberg that led to their sinking.

That's not to say good security means you need to slow down, not wishing to mix my metaphors but brakes were not added to cars to make them go slower, brakes were a necessity to be added to cars to allow them to go faster.

So don't slow down necessarily, just maybe don't avoid the warnings and don't believe that somehow you will remain safe as you steer your own ships through a see unfortunately filled with icebergs.