Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

The global cost of cyber crime per minute to reach $11.4 million by 2021

Cyber crime costs organisations $24.7, YOY increase of more than $2 every minute, according to a new report. It will also have a per-minute global cost of $11.4 million by 2021, a 100% increase over 2015.

The report covers the top threats facing today’s organizations, which are proliferating at a clip of 375 per minute, and reflects the current surge in attacks leveraging the COVID-19 pandemic.

Other malicious activity

• 1.5 attacks on computers with an Internet connection per minute

• 375 new threats per minute

• 16,172 records compromised per minute

• 1 vulnerability disclosed every 24 minutes

• 5.5 vomain infringements detected per minute

• 1 Magecart attack every 16 minutes

• 1 COVID-19 blacklisted domain every 15 minutes

• 35 COVID-19 spam emails analysed per minute

Why this matters:

The sheer scale of today’s threat activity is driven by a variety of factors, including that cyber crime is easier than ever to participate in and better threat technology makes cyber criminals more effective and wealthier than in the past.

Read more: https://www.helpnetsecurity.com/2020/08/28/global-cost-of-cybercrime-per-minute/

Trend Micro Blocks 28 Billion Cyber-Threats in H1 2020

Trend Micro blocked nearly nine million COVID-related threats in the first half of 2020, the vast majority of which were email-borne, it revealed in a new mid-year roundup report.

The security giant said it detected 8.8 million cyber-threats leveraging the virus as a lure or theme for attacks, 92% of which were delivered by spam emails.

However, the figure represents less than 1% of the total of 27.8 billion threats the vendor blocked in the first six months of the year.

This chimes with data from Microsoft and others which suggests that cyber-criminals merely repurposed existing campaigns to take advantage of COVID-19. As such, the pandemic itself has not prompted a rise in overall cyber crime levels.

However, the data does show conclusively that email remains the number one threat vector: 93% of total blocked threats were heading for users’ inboxes.

As part of this trend, Business Email Compromise (BEC) detections increased by 19% from the second half of 2019. This is due in part to scammers trying to capitalize on distracted home workers who may be more exposed to social engineering, and less able to check with colleagues if a money transfer request is legitimate or not.

Why this matters:

Email remains the number one threat to all firms and by far the most likely way firms will end up being breached, and this depends on your users being aware and switched on and efficient at spotting email borne attacks as technology solutions alone are not good at blocking email based attacks. Criminals will always exploit current events and crises to improve their effectiveness of their attacks.

Read more: https://www.infosecurity-magazine.com/news/trend-micro-blocks-28-billion/

Malicious Attachments Remain a Cyber Criminal Threat Vector Favourite

Malicious attachments continue to be a top threat vector in the cybercriminal world, even as public awareness increases and tech companies amp up their defences.

While attachment threat vectors are one of the oldest malware-spreading tricks in the books, email users are still clicking on malicious attachments that hit their inbox, whether it’s a purported “job offer” or a pretend “critical invoice.”

The reason why threat actors are still relying on this age-old tactic, researchers say, is that the attack is still working. Even with widespread public awareness about malicious file attachments, attackers are upping their game with new tricks to avoid detection, bypass email protections and more. The attack vector is still widespread enough where tech giants are re-inventing new ways to try to stomp it out, with Microsoft just this week rolling out a feature for Office 365 that aims to protect users against malicious attachments sent via email, for instance.

Why this matters:

Email attachments, such as PDF or Office files, are an easy vector to deliver malicious content to end users. For enterprises, the risk is that malicious actors can use these attachments to establish a toe-hold at the outermost edges of the enterprise, and then wait and wind their way to the crown jewels in their data stores.

Read more here: https://threatpost.com/malicious-attachments-remain-a-cybercriminal-threat-vector-favorite/158631/

The State of Exploit Development: 80% of Exploits Publish Faster than CVEs

With the ever-increasing number of new vulnerabilities, vulnerability management becomes one of the most critical processes in ensuring continuous business operation. While it is clear that timely patching is essential, it’s also important to know quantitatively how a delay could increase risk. What are the chances that attackers breach an organisation using a CVE just disclosed or using an unknown (zero-day) vulnerability? To understand the state of vulnerability disclosure and exploit development, researchers analysed 45,450 the publicly available exploits in the Exploit Database at the time of this writing. The research correlated the exploit data with vulnerability and patch information to study exploit development in multiple facets.

The research reveals that:

Of the 45,450 public exploits in Exploit Database, there are 11,079 (~26%) exploits in Exploit Database that have mapped CVE numbers.

Among those 11,079 exploits:

14% are zero-day (published before the vendors release the patch), 23% are published within a week after the patch release and 50% are published within a month after the patch release. On average, an exploit is published 37 days after the patch is released. Patch as soon as possible – the risk of a vulnerability being exploited increases quickly after vendors release the patches.

80% of public exploits are published before the CVEs are published. On average, an exploit is published 23 days before the CVE is published. Software and hardware may also have vulnerabilities with public exploits that don’t have CVEs. Check security updates from vendors frequently and apply updates as soon as possible.

Analysis of the entire CVE list since 1999 found that, on average, a CVE is published 40 days after its CVE-ID is assigned. Of the 177,043 entries analysed more than 10,000 CVEs have been in “reserved” status for more than two years. It shows that there is a long delay between vulnerability discovery and CVE publication.

Why this matters:

Patches should always be applied as soon as possible, exploits either follow very soon after vulnerability disclosure but as this study shows sometimes vulnerabilities are being exploited before fixes are released. The longer between fixes being released and being applied the more vulnerable you are to attack.

Read more here: https://unit42.paloaltonetworks.com/state-of-exploit-development/

Forget your space-age IT security systems. It might just take a $1m bribe and a willing employee to be pwned

A Russian citizen is accused of flying to America in a bid to bribe a Tesla employee to infect their bosses' IT network with ransomware.

Egor Kriuchkov has been charged with one count of conspiracy to intentionally cause damage to a protected computer. He was nabbed by the Feds at Los Angeles airport and is behind bars awaiting trial.

It is claimed Kriuchkov, 27, was the point man of a plot to get data-stealing malware onto the network of an unspecified US company in Nevada and then use the lifted data to extort the corporation for millions of dollars: paid up, or the internal files get leaked and file systems scrambled.

To do this, Kriuchkov and his associates back in Russia had recruited a worker at the business, it is claimed, and promised to pay $500,000 for placing the malware onto its network. The bribe was later increased to $1m to persuade the employee, along with an $11,000 advance, yet instead he went to his bosses, and the FBI was brought in, we're told.

According special agent Michael Hughes, in late July Kriuchkov travelled from Russia to Reno, Nevada, where the employee worked, and over the early weeks of August tried to win over the employee to join the conspiracy. This included a night out for the worker and friends at a Lake Tahoe resort, followed by Kriuchkov pulling the worker aside and convincing them to play a key role in the operation, it is claimed.

Why this matters:

Again this shows that employees are more likely than your technical systems to be exploited by malicious actors, fortuitously for Tesla the employee didn’t take the bribe but many staff in different organisations would be tempted. Imagine if the employee that was approached was already feeling disgruntled against their employer.

Read more here: https://www.theregister.com/2020/08/26/russian_malware_plot/

Ex-Cisco staffer charged with deliberately deleting 400+ VMs

A disgruntled former Cisco employee has pleaded guilty to intentionally deleting hundreds of the networking firm's virtual machines (VMs), according to an IT News report.

Sudhish Kasaba Ramesh, an ex-Cisco engineer who left the company in April 2018, accessed the firm's AWS environment months later and deleted a total of 456 VMs, which the company used to run the WebEx Teams application.

In a statement, issued before a US federal court in San Jose by the US Department of Justice and the FBI, it was said that Ramesh “intentionally accessed a protected computer without authorization and recklessly caused damage”.

“During his unauthorized access, Ramesh admitted that he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco’s WebEx Teams application, which provided video meetings, video messaging, file sharing, and other collaboration tools,” the statement said.

Why this matters:

Insiders will always be amongst the biggest threats to every organisation and the damage a disgruntled employee or former employer could cause should never be underestimated. Any time a member of staff leaves an organisation it must be ensured that they no longer have access to any accounts accessed in the course of the performing their duties, and doubly so for accounts with privileged or elevated permissions, for the very reason they could do so much damage.

Read more: https://www.itproportal.com/news/ex-cisco-staffer-charged-with-deliberately-deleting-400-vms/

North Korean hackers ramp up bank heists: U.S. government cyber alert

North Korean hackers are tapping into banks around the globe to make fraudulent money transfers and cause ATMs to spit out cash, the U.S. government warned on Wednesday.

A technical cyber security alert jointly written by four different federal agencies, including the Treasury Department and FBI, said there had been a resurgence in financially motivated hacking efforts by the North Korean regime this year after a lull in activity.

“Since February 2020, North Korea has resumed targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cash outs,” the warning reads.

U.S. law enforcement titled the hacking campaign “Fast Cash” and blamed North Korea’s Reconnaissance General Bureau, a spy agency, for it. They described the operation as going on since at least 2016 but ramping up in sophistication and volume recently.

Why this matters:

Over the last several years, North Korea has been blamed by U.S. authorities and private sector cyber security companies for hacking numerous banks in Asia, South America and Africa.

North Korean cyber actors have demonstrated an imaginative knack for adjusting their tactics to exploit the financial sector as well as any other sector through illicit cyber operations.

Read more here: https://www.reuters.com/article/us-cyber-usa-north-korea-idUSKBN25M2FU

New Zealand stock exchange resumes trade after cyber attacks, government activates security systems

New Zealand’s stock exchange resumed trading on Friday, after facing disruptions for four consecutive days in the wake of cyber attacks this week, while the government said national security systems had been activated to support the bourse.

There is no clarity on who was behind these two “offshore” attacks, but the failure to stop them has raised questions about New Zealand’s security systems, experts said.

NZX Ltd had to halt trading until afternoon on Friday, after crashing earlier due to network connectivity issues, marking the fourth day that trading has been hit.

Why this matters:

Organisations of all sizes are vulnerable to attacks, larger firms are vulnerable because of the sheer number of users and the complexity of their systems, smaller firms because they often lack maturity and don’t have the most appropriate controls and protections in place. Firms also need to make sure they have plans in place to recover and return to operational effectiveness as quickly as possible.

Read more here: https://www.reuters.com/article/uk-nzx-cyber-idUSKBN25O03Q

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Travelex Forced into Administration After Ransomware Attack

Ransomware victim Travelex has been forced into administration, with the loss of over 1000 jobs.

PwC announced late last week that it had been appointed joint administrators of the currency exchange business.

The Sodinokibi (REvil) ransomware variant is believed to have struck the firm on New Year’s Eve last year, forcing its website offline and impacting its bricks-and-mortar stores and banking services. It took until January 17 for the firm to get its first customer-facing systems live again in the UK.

Why this matters:

Firms of any size can call victim to ransomware and many firms will not survive a significant cyber event such as this. Unconfirmed reports at the time suggested that a critical unpatched vulnerability in a VPN (Virtual Private Network) may have allowed attackers to remotely execute malicious code. A security researcher said he reached out to the firm in September 2019 to flag the issue but was ignored. This again shows the importance of ensuring all security updates are applied quickly. Has this software had the security updates applied those vulnerabilities would not have been able to be used in this attack.

Read more: https://www.infosecurity-magazine.com/news/travelex-forced-administration/

Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days

Microsoft’s August 2020 Patch Tuesday security updates fell this week and this month the company has patched 120 vulnerabilities across 13 different products, from Edge to Windows, and from SQL Server to the .NET Framework.

Among these 120 vulnerabilities, 17 bugs have received the highest severity rating of "Critical," and there are also two zero-days — vulnerabilities that have been exploited by hackers before Microsoft was able to provide a fix.

Why this matters:

All security updates should be applied as soon as possible to prevent vulnerabilities from being exploited in attacks. When vulnerabilities are announced criminals will waste no time in weaponizing them (creating exploits to use in attacks) so the quicker the vulnerabilities are closed the safer you will be.

Read more: https://www.zdnet.com/article/microsoft-august-2020-patch-tuesday-fixes-120-vulnerabilities-two-zero-days/

More ransomware victims are paying up, even when data recovery is possible

The proportion of ransomware attack victims actually paying ransoms increased in the last quarter, even in instances where ransomed data could be recovered, new figures have revealed.

According to a commercial ransomware recovery service, data exfiltration attacks are becoming more common and blending with traditional ransomware hacks. Data exfiltration extortion involves an attacker taking possession of stolen data and putting it up for sale on forums or marketplaces. Once monetised, the hacker asks the victim to pay a ransom to prevent the information’s release.

The recover firm added that tools currently on the market vary wildly when it comes to data recovery success following a ransomware attack. What’s more, the company has noted an uptick in the number of companies experiencing operating system and registry corruption even after ransomed data is restored.

Why this matters:

It used to be that backups were the best defence against ransomware attacks, but if your data is stolen a backup won’t help you avoid having to pay out to keep your sensitive or confidential data out of the public domain.

Read more: https://www.techradar.com/news/more-ransomware-victims-are-paying-up-even-when-data-recovery-is-possible

Intel, SAP, and Citrix release critical security updates

Intel released 18 advisories, including fixes for Denial of Service, Information Disclosure and Elevation of Privilege flaws affecting various products on Windows, Chrome OS and Linux OS.

SAP’s released 15 security notes and an update to a previously released one to address flaws in a variety of offerings, including SAP ERP, SAP Business Objects Business Intelligence Platform, SAP S/4 HANA and various SAP NetWeaver components.

Citrix’s has released patches for a set of vulnerabilities in certain on-premises instances of Citrix Endpoint Management (aka XenMobile Server).

Why this matters:

Security upgrades should always be applied as soon as possible. Whether announced vulnerabilities are already being exploited or not as they become known they likely will be exploited and patching them (applied the fixes made available) prevent them from being exploited.

Read more: https://www.helpnetsecurity.com/2020/08/12/intel-sap-citrix-security-updates-august-2020/

IT Pros Name Misconfiguration #1 Cloud Security Threat

Configuration errors are the number one threat to cloud security, according to a new poll of IT and security professionals.

A security vendor interviewed 653 industry professionals to compile its 2020 Cloud Security Report.

Three-quarters (75%) claimed to be “very” or “extremely” concerned about cloud security, with most (52%) believing that the risks are higher in the public cloud than on-premises.

The top four threats were cited as: misconfiguration (68%), unauthorized cloud access (58%), insecure interfaces (52%), and account hijacking (50%).

These security concerns have created multiple barriers to further adoption of cloud services. The top inhibitor of adoption was a lack of qualified staff (55%), up from fifth place last year.

This may go some way to explaining respondents’ concerns around configuration errors, especially as 68% of these organisations are using two or more public cloud providers — adding to the complexity.

Why this matters?

Organisations’ cloud migrations and deployments are racing ahead of their security teams’ abilities to defend them against attacks and breaches. Their existing security solutions only provide limited protections against cloud threats, and teams often lack the expertise needed to improve security and compliance processes

Read more: https://www.infosecurity-magazine.com/news/misconfiguration-error-cloud/

RedCurl cybercrime group has hacked companies for three years

Security researchers have uncovered a new Russian-speaking hacking group that they claim has been focusing on the past three years on corporate espionage, targeting companies across the world to steal documents that contain commercial secrets and employee personal data.

Named RedCurl, the activities of this new group have been detailed in a 57-page report released this week.

Researchers have been tracking the group since the summer of 2019 and have since identified 26 other RedCurl attacks, carried out against 14 organisations, going as far back as 2018.

Why this matters:

This Russian group have targeted victims across different countries and industry sectors, and included construction companies, retailers, travel agencies, insurance companies, banks, and law and consulting firms from countries like Russia, Ukraine, Canada, Germany, Norway, and the UK. Many firms could fall victim to cyber crime groups like this if their defences are not able to withstand such attackers.

Read more: https://www.zdnet.com/article/redcurl-cybercrime-group-has-hacked-companies-for-three-years/

Why You Must Beware What You Ask Amazon Alexa

The same cyber team that cracked open TikTok, WhatsApp, Microsoft’s cloud and even Philips lightbulbs has just turned its attention to Amazon’s Alexa. And, unsurprisingly, it hasn’t disappointed. After “speculating” that Amazon’s 200 million devices “could be a prime entry-point for hackers,” Check Point Research has just lifted the lid to unmask “serious security flaws in Alexa.” According to the team, “in just one click, a user could have given up their voice history, home address and control of their Amazon account.”

Why this matters:

Warnings about the dangers of smart speakers and their extended families of virtual assistants are not new. These are the same devices that causes such scandal last year, when it transpired humans were listening to conversations to better train the AI. The issue here is different, much more akin to the broader problem of IoT security. Every different gadget you connect to the internet becomes a potential vulnerability and the methods needed to crack Amazon’s devices were not particularly sophisticated.

Read more: https://www.forbes.com/sites/zakdoffman/2020/08/13/amazon-alexa-cyber-attack-check-point-report-smart-speaker-warning/#7d3d16a35008

Ex-Uber engineer sentenced to 18 months in prison for stealing driverless car secrets from Google

A star engineer who admitted stealing self-driving car secrets from Google has been sentenced to 18 months in prison.

Anthony Levandowski, who helped found Google's self-driving car project, now known as Waymo, pleaded guilty to downloading documents containing data about the company's work and accessing one of them after he had left to found his own trucking startup.

Sentencing him in a San Francisco court, the judge said he was imposing prison time as a deterrent.

An early star in the self-driving car scene, Mr Levandowski pushed for Google to develop the technology but later became disillusioned, leaving in early 2016 to start trucking company Otto, which was bought by Uber less than eight months later. 

Waymo sued Uber, a case which was settled in 2018, with Uber paying out $245m (£187m) in equity and agreeing not to use its technology.

Uber had signed an indemnification agreement with Mr Levandowski, forcing it to pay his legal fees, but has refused to pay a $179m debt he owes to the Google spin-out, a consequence of separate legal action relating to his departure. 

Why this matters:

Your staff present one of your biggest risks, and a disgruntled or disillusioned employee can be very dangerous. The theft of intellectual property for personal gain is a classic example of this kind of behaviour. Data Loss Prevention (DLP) systems can help to spot unusual behaviour in employees and detect sensitive data being extracted from corporate systems.

Read more: https://www.telegraph.co.uk/technology/2020/08/05/ex-uber-engineer-sentenced-18-months-prison-stealing-driverless/

Google and Amazon are now the most imitated brands for phishing

You may want to think twice about opening that email claiming to be from Google or Amazon, after new research found the tech giants were being used as lures for phishing scams.

Earlier this year, Check Point revealed that Apple was the most imitated brand for phishing, but over the course of the last few months, the iPhone maker has fallen to seventh place with Google and Amazon now taking the top spots.

Why this matters:

Phishing is estimated to be the starting point of over 90 percent of all cyberattacks and according to Verizon's 2019 Data Breach Investigations Report, nearly one third (32%) of all data breaches involved phishing activity. Additionally phishing was present in 78 percent of cyber espionage incidents and the installation and use of backdoors in company networks.

Read more: https://www.techradar.com/news/google-and-amazon-are-now-the-most-imitated-brands-for-phishing

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

If you’re pressed for time watch the 60 second quick fire video summary of the top Cyber and InfoSec stories from the last week:

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Businesses believe the pandemic will change the security landscape forever

After Covid-19, nothing will ever be the same again, at least in terms of how businesses approach cyber security. This is according to a new report based on a poll of 6,700 infosec professionals around the world.

The report states that 81 percent expect long-term changes to the way their business operates, mostly because of remote working.

With this in mind, examining how remote employees approach cyber security will become paramount if an organisation is to maintain a strong security posture.

A third of respondents said they worry employees may feel more relaxed about cyber security than when they are working out of the office. Employees may also be less likely to follow protocol at home, particularly when it comes to identifying and flagging suspicious activity.

Further, almost a third (31 percent) fear employees might unintentionally leak sensitive data or fall prey to a phishing scam and a quarter are afraid staff might fall victim to malware attacks.

Of the largest risks associated with remote working, respondents singled out “using untrusted networks” as the most significant. Other people accessing employees' company devices, the use of personal messaging services for work, and the unintentional sharing of company data are also high on the list of risks.

Read more: https://www.itproportal.com/news/businesses-believe-the-pandemic-will-change-the-security-landscape-forever/

Ransomware operators lurk on your network after their attack

When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won't get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control.

Instead, ransomware attacks are conducted over time, ranging from a day to even a month, starting with a ransomware operator breaching a network.

This breach is through exposed remote desktop services, vulnerabilities in VPN software, or via remote access given by malware such as TrickBot, Dridex, and QakBot.

Once they gain access, they use tools such as Mimikatz, PowerShell Empire, PSExec, and others to gather login credentials and spread laterally throughout the network.

As they gain access to computers on the network, they use these credentials to steal unencrypted files from backup devices and servers before deploying the ransomware attack.

Once the ransomware is deployed, many victims believe that while their network is still compromised, they think the ransomware operators are now gone from the system.

This belief is far from the truth, as illustrated by a recent attack by the Maze Ransomware operators.

Read the full article here: https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/

Prolific Hacker Made Millions Selling Network Access

A notorious Russian cyber-criminal made over $1.5m in just the past three years selling access to corporate networks around the world, according to a new report.

The study profiles the work of “Fxmsp” on underground forums where he published his first ad selling access to business networks in 2017.

Over the following years he would compromise banks, hotels, utilities, retailers, tech companies and organisations in many more verticals.

In just three years he claimed to have compromised over 130 targets in 44 countries, including four Fortune 500 firms. Some 9% of his victims were governments.

The report calculated the $1.5m figure purely from publicised sales, although 20% of those Fxmsp compromised were made through private sales, meaning the hacker’s trawl is likely to be even bigger.

Fxmsp even hired a sales manager in early 2018.

Read more here: https://www.infosecurity-magazine.com/news/infamous-hacker-millions-selling/

Rogue Postbank employees steal master encryption key; make off with $3.2 million

South Africa's Postbank has been forced to replace 12 million bank cards after a calamitous security breach that saw the bank's master encryption key printed off in plain, unencrypted language.

According to internal documents acquired by the Sunday Times of South Africa, the 36-digit code security key “allows anyone who has it to gain unfettered access to the bank’s systems, and allows them to read and rewrite account balances, and change information and data on any of the bank’s 12-million cards".

The master key was apparently printed out on plain paper in a data centre in Pretoria in 2018, enabling the fraudsters to make over 25,000 fraudulent transactions, mostly from cards used by people receiving social benefits from the government.

The crime, which is being pinned on a number of rogue bank employees, went unnoticed for months. More than $3.2 million was stolen in the raid.

The cost to the bank of replacing all the compromised cards is expected to reach $58 million.

Read more here: https://www.finextra.com/newsarticle/36059/rogue-postbank-employees-steal-master-encryption-key-make-off-with-32-million

Massive Distributed Denial of Service (DDoS) attack launched against European bank

This week, security firm Akamai mitigated what it claims to be the “largest ever packet per second (pps) DDoS attack”, launched against an unnamed European bank.

The attack reportedly generated 809 million packets per second (Mpps) - a new high for pps-focused attacks, and well over double the size of the previous record attack identified by the Akamai platform.

What also makes this DDoS attack unique is the “massive increase” in the quantity of source IP addresses observed. During the attack, Akamai identified more than 600 times average number of source IP addresses per minute, suggesting the attack was highly distributed in nature.

Further, most of the traffic came from previously unknown IP addresses (96.2 percent), which could indicate the assault was driven by an emerging botnet. Given that most of the source IP addresses could be identified within large ISPs via AS lookups, Akamai believes most of the devices used were compromised end user machines.

The speed at which the attack reached its peak was also remarkable. The company claims it grew from normal traffic levels to 418 Gbps in seconds, and took roughly two minutes to hit 809 Mpps. The attack lasted for a total of 10 minutes and was fully mitigated.

Read more here: https://www.itproportal.com/news/massive-ddos-attack-launched-against-european-bank/

'Unstoppable' Malware Uses Bitcoin To Retrieve Secret Messages - Report

Glupteba, a sneaky malware that can be controlled from afar includes a range of components to cover its tracks, and it updates itself using encrypted messages hidden in the Bitcoin blockchain.

The Glupteba bot is a malware campaign that creates backdoors with full access to contaminated devices, which are added to its growing botnet. The analysis describes it as a “highly self-defending malware” with “enhancing features that enable the malware to evade detection.”

The most interesting aspect of Glupteba is that it uses the Bitcoin blockchain as a communication channel for receiving updated configuration information, given that bitcoin transactions can also include a comment of up to 80 characters.

Glupteba uses this messaging space for encrypted messages. These messages contain secrets, such as command-and-control server names, thus cleverly hiding them in the public blockchain - in plane sight.

Read more: https://cryptonews.com/news/unstoppable-malware-uses-bitcoin-to-retrieve-secret-messages-6947.htm

Woman who deliberately deleted firm’s Dropbox is sentenced

58-year-old Danielle Bulley may not look like your typical cyber criminal, but the act of revenge she committed against a company had just as much impact as a conventional hacker breaking into a business’s servers and causing havoc.

Bulley has been successfully prosecuted under the UK’s Computer Misuse Act after deleting thousands of important files from a company that went on to collapse.

She was a director of a business called Property Press that produced a weekly property newspaper focused on south east Devon. Things turned sour, and Bulley resigned her position at the firm in 2018 before the company went into liquidation. However, fellow director Alan Marriott started a new business venture – without Bulley’s involvement – using the assets of the old firm.

Things clearly didn’t sit well with Bulley after her departure from the business, and several months after her resignation she managed to gain unauthorised access to the new company’s Dropbox account.

More than 5,000 documents were permanently erased, and the company claimed that the damage to business was so great that it could no longer operate, with people losing their jobs and a loss of almost £100,000.

The Police warned other companies of the threat which can be posed by former employees:

Ex-employees can pose a serious risk to a business because they are familiar with the company’s IT infrastructure and procedures. This can make it easier for them to carry out cyber crimes against their former organisation.

If someone is leaving your company, especially if they are quitting your firm under something of a cloud, you would be wise to check that they don’t know your business’s passwords or have retained access to sensitive information.

Passwords should be changed, and additional authentication methods should be in place to prevent unauthorised access. Dropbox, for instance, provides a two-step verification feature which all users would be wise to enable.

Read more: https://hotforsecurity.bitdefender.com/blog/woman-who-deliberately-deleted-firms-dropbox-is-sentenced-23552.html

EasyJet Lawsuit Over Data Breach Attracts 10,000 Passengers

EasyJet Plc faces a lawsuit over a data breach disclosed last month that potentially exposed private details of 9 million passengers.

More than 10,000 people have joined the suit since it was filed last month, according to the law firm handling the lawsuit. Victims are entitled to as much as £2,000 in compensation, meaning the case could be worth as much as £18 billion.

EasyJet said last month that the email addresses and travel data of about 9 million customers were taken by hackers in one of the biggest privacy breaches to hit the airline industry. The credit card details of roughly 2,200 people was also accessed.

“This is a monumental data breach and a terrible failure of responsibility that has a serious impact on EasyJet’s customers, who are coming forward in their thousands,” the law firm said in a statement. “This is personal information that we trust companies with, and customers should expect that every effort is made to protect their privacy.”

Read more here: https://www.bloomberg.com/news/articles/2020-06-24/easyjet-lawsuit-over-data-breach-attracts-10-000-passengers

Twitter apologises for business data breach

Twitter has emailed its business clients to tell them that personal information may have been compromised.

Unbeknownst to users, billing information of some clients was stored in the browser's cache, it said.

In an email to its clients, Twitter said it was "possible" others could have accessed personal information.

The personal data includes email addresses, phone numbers and the last four digits of clients' credit card numbers.

The tech company says that there is no evidence that clients' billing information was compromised.

Read more here: https://www.bbc.co.uk/news/technology-53150157

Huge Data Dump of Police Files Dubbed “Blue Leaks” Leaked Online

Nearly 270 gigabytes worth of sensitive files including FBI, “fusion center” and police department data from across the US dubbed “Blue Leaks” has been stolen and leaked online on June 19 by a collective called DDoSecrets.

Fusion centres are hubs for threat and intelligence sharing. The concept was created after September 11, in a bid by the Department of Homeland Security to improve cooperation between state, local, and territorial law enforcement

The National Fusion Centre Association (NFCA) says that the data was taken after a security breach at web development firm Netsential in Houston, Texas. It includes 490 documents pertaining to the UK. Computer Business Review was not immediately able to open these to assess the contents.

DDoSecrets stated that the Blue Leaks archive spans “ten years of data from over 200 police departments, fusion centres and other law enforcement training and support resources […] among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more”.

Read more here: https://www.cbronline.com/news/blue-leaks-data-dump

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Cyber-Attacks on UK Organisations Up 30% in Q1 2020

New research has revealed that the volume of cyber-attacks on UK businesses increased by almost a third in the first three months of 2020.

Analysts identified 394,000 unique IP addresses used to attack UK businesses in the first quarter of 2020, discovering that companies with internet connections experienced 157,000 attacks each, on average – the equivalent of more than one a minute.

This rate of attack was 30% higher than the same period in 2019 when UK businesses received 120,000 internet-borne attempts to breach their systems each.

IoT applications were cited as the most common targets for cyber-criminals in the first quarter, attracting almost 19,000 online attacks per company. Company databases and file-sharing systems were also targeted frequently, with companies experiencing approximately 5000 attacks for each application, on average.

Read more here: https://www.infosecurity-magazine.com/news/cyberattacks-uk-orgs-up-30-q1/

COVID-19 blamed for 238% surge in cyber attacks against banks

The coronavirus pandemic has been connected to a 238% surge in cyber attacks against banks, new research claims.

On Thursday, VMware Carbon Black released the third edition of the Modern Bank Heists report, which says that financial organizations experienced a massive uptick in cyber attack attempts between February and April this year -- the same months in which COVID-19 began to spread rapidly across the globe.  

The cyber security firm's research, which includes input from 25 CIOS at major financial institutions, adds that 80% of firms surveyed have experienced more cyber attacks over the past 12 months, an increase of 13% year-over-year.

VMware Carbon Black data already indicates that close to a third -- 27% -- of all cyber attacks target either banks or the healthcare sector.

An interesting point in the report is how there appears to have been an uptick in financially-motivated attacks around pinnacles in the news cycle, such as when the US confirmed its first case of COVID-19.

In total, 82% of chief information officers contributing to the report said that alongside a spike in attacks, techniques also appear to be improving -- including the use of social engineering and more advanced tactics to exploit not only the human factor but also weak links caused by processes and technologies in use by the supply chain.

Read more here: https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/

May 2020 Patch Tuesday: Microsoft fixes 111 vulnerabilities, 13 Critical

Microsoft's May 2020 Patch Tuesday fell this week, and Microsoft have released fixes for 111 vulnerabilities in Microsoft products. Of these vulnerabilities, 13 are classified as Critical, 91 as Important, 3 as Moderate, and 4 as Low.

This month there are no zero-day or unpatched vulnerabilities.

Users should install these security updates as soon as possible to protect Windows from known security risks.

Read more here: https://www.bleepingcomputer.com/news/microsoft/may-2020-patch-tuesday-microsoft-fixes-111-vulnerabilities-13-critical/

Adobe issues patches for 36 vulnerabilities in DNG, Reader, Acrobat

Adobe has released security patches to resolve 36 vulnerabilities present in DNG, Reader, and Acrobat software.

On Tuesday, the software giant issued two security advisories (1, 2) detailing the bugs, the worst of which can be exploited by attackers to trigger remote code execution attacks and information leaks.

The first set of patches relate to Adobe Acrobat and Reader for Windows and macOS, including  Acrobat / Acrobat Reader versions 2015 and 2017, as well as Acrobat and Acrobat Reader DC.

In total, 12 critical security flaws have been resolved. Six of the bugs, a single heap overflow problem, two out-of-bounds write errors, two buffer overflow issues, and two use-after-free vulnerabilities can all lead to arbitrary code execution in the context of the current user.

Read more here: https://www.zdnet.com/article/adobe-issues-patches-for-36-vulnerabilities-in-dng-reader-acrobat/

Thunderbolt flaw ‘Thunderspy’ allows access to a PC’s data in minutes

Vulnerabilities discovered in the Thunderbolt connection standard could allow hackers to access the contents of a locked laptop’s hard drive within minutes, a security researcher from the Eindhoven University of Technology has announced. Reports state that the vulnerabilities affect all Thunderbolt-enabled PCs manufactured before 2019.

Although hackers need physical access to a Windows or Linux computer to exploit the flaws, they could theoretically gain access to all data in about five minutes even if the laptop is locked, password protected, and has an encrypted hard drive. The entire process can reportedly be completed with a series of off-the-shelf components costing just a few hundred dollars. Perhaps most worryingly, the researcher says the flaws cannot be patched in software, and that a hardware redesign will be needed to completely fix the issues.

Read more here: https://www.theverge.com/2020/5/11/21254290/thunderbolt-security-vulnerability-thunderspy-encryption-access-intel-laptops

A hacker group is selling more than 73 million user records on the dark web

A hacker group going by the name of ShinyHunters claims to have breached ten companies and is currently selling their respective user databases on a dark web marketplace for illegal products.

The hackers are the same group who breached last week Tokopedia, Indonesia's largest online store. Hackers initially leaked 15 million user records online, for free, but later put the company's entire database of 91 million user records on sale for $5,000.

Encouraged and emboldened by the profits from the Tokopedia sale, the same group has, over the course of the current week, listed the databases of 10 more companies.

This includes user databases allegedly stolen from organizations such as:

·         Online dating app Zoosk (30 million user records)

·         Printing service Chatbooks (15 million user records)

·         South Korean fashion platform SocialShare (6 million user records)

·         Food delivery service Home Chef (8 million user records)

·         Online marketplace Minted (5 million user records)

·         Online newspaper Chronicle of Higher Education (3 million user records)

·         South Korean furniture magazine GGuMim (2 million user records)

·         Health magazine Mindful (2 million user records)

·         Indonesia online store Bhinneka (1.2 million user records)

·         US newspaper StarTribune (1 million user records)

The listed databases total for 73.2 million user records, which the hacker is selling for around $18,000, with each database sold separately.

Read more here: https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/

A cybercrime store is selling access to more than 43,000 hacked servers

MagBo, a shadowy online marketplace where hackers sell and buy hacked servers, is doing better than ever and has soared in popularity to become the largest criminal marketplace of its kind since its launch in the summer of 2018.

Two years later, the MagBo portal has grown more than 14 times in size and is currently selling access to more than 43,000 hacked websites, up from the 3,000 sites listed in September 2018.

Today, MagBo has become the de-facto go-to marketplace for many cybercrime operations. Some groups register on the MagBo platform to sell hacked servers, while others are there just to buy.

Those who buy, do it either in bulk (for black-hat SEO or for malware distribution) or selectively, for intrusions at high-value target (e-commerce stores for web skimming, intranets for ransomware).

All in all, the MagBo platform cannot be ignored anymore, as it appears to be here to stay, and is placing itself at the heart of many of today's cybercrime operations.

Read more: https://www.zdnet.com/article/a-cybercrime-store-is-selling-access-to-more-than-43000-hacked-servers/

Ransomware: Why paying the crooks can actually cost you more in the long run

Ransomware is so dangerous because in many cases the victim doesn't feel like they have any other option other than to pay up – especially if the alternative is the whole organisation being out of operation for weeks, or even months, as it attempts to rebuild the network from scratch.

But handing over a bitcoin ransom to cyber criminals can actually double the cost of recovery according to analysis by researchers at Sophos, published in the new State of Ransomware 2020 report, which has been released three years to the day from the start of the global WannaCry ransomware outbreak.

A survey of organisations affected by ransomware attacks found that the average total cost of a ransomware attack for organisations that paid the ransom is almost $1.4m, while for those who didn't give into ransom demands, the average cost is half of that, coming in at $732,000.

Often, this is because retrieving the encryption key from the attackers isn't a simple fix for the mess they created, meaning that not only does the organisation pay out a ransom, they also have additional costs around restoring the network when some portions of it are still locked down after the cyber criminals have taken their money.

According to the report, one in four organisations said they paid the ransom in order to get their files back. It's one of the key reasons why ransomware remains a successful tactic for crooks, because victims pay up – often sums of six-figures or more – and are therefore encouraging cyber criminals to continue with attacks that often can't be traced back to a culprit.

Read the full article here: https://www.zdnet.com/article/ransomware-why-paying-the-crooks-can-actually-cost-you-more-in-the-long-run/

This powerful Android malware stayed hidden for years, infecting tens of thousands of smartphones

A carefully managed hacking and espionage campaign is infecting smartphones with a potent form of Android malware, providing those behind it with total control of the device, while also remaining completely hidden from the user.

Mandrake spyware abuses legitimate Android functions to help gain access to everything on the compromised device in attacks that can gather almost any information about the user.

The attacker can browse and collect all data on the device, steal account credentials for accounts including banking applications. secretly take recordings of activity on the screen, track the GPS location of the user and more, all while continuously covering their tracks.

The full capabilities of Mandrake – which has been observed targeting users across Europe and the Americas – are detailed in a paper released by cybersecurity researchers this week. Mandrake has been active since 2016 and researchers previously detailed how the spyware operation was specifically targeting Australian users – but now it's targeting victims around the world.

Read more: https://www.zdnet.com/article/this-powerful-android-malware-stayed-hidden-years-infected-tens-of-thousands-of-smartphones/

Companies wrestle with growing cyber security threat: their own employees

Businesses deploy analytic tools to monitor staff as remote working increases data breach risk

As cyber criminals and hackers ramp up their attacks on businesses amid coronavirus-related disruption, companies are also facing another equally grave security threat: their own employees. 

Companies are increasingly turning to Big Brother-style surveillance tools to stop staff from leaking or stealing sensitive data, as millions work away from the watchful eyes of their bosses and waves of job cuts leave some workers disgruntled.

In particular, a brisk market has sprung up for cyber security groups that wield machine learning and analytics to crunch data on employees’ activity and proactively flag worrying behaviours.

Read more here: https://www.ft.com/content/cae7905e-ced7-4562-b093-1ab58a557ff4

Cognizant: Ransomware Costs Could Reach $70m

IT services giant Cognizant has admitted that a ransomware attack it suffered back in April may end up costing the company as much as $70m.

The firm announced revenue of $4.2bn for the first quarter of 2020, an increase of 2.8% year-on-year. In this context, the $50-70m hit it expects to take in Q2 from the ransomware attack will not make a huge impact on the company.

However, the big numbers involved are illustrative of the persistent financial threat posed by ransomware, not to mention the reputational impact on customers.

The firm claimed on an earnings call that the company responded immediately to the threat, proactively taking systems offline after some internal assets were compromised. However, the resulting downtime and suspension of some customer accounts took their toll financially.

“Some clients opted to suspend our access to their networks,” they explained. “Billing was therefore impacted for a period of time, yet the cost of staffing these projects remained on our books.”

Remote workers were also affected as the attack hit the firm’s system for supporting its distributed workforce during the current pandemic.

Read more: https://www.infosecurity-magazine.com/news/cognizant-ransomware-costs-could/

Package delivery giant Pitney Bowes confirms second ransomware attack in 7 months

Package and mail delivery giant Pitney Bowes has suffered a second ransomware attack in the past seven months, ZDNet has learned.

The incident came to light earlier in the week after a ransomware gang known as Maze published a blog post claiming to have breached and encrypted the company's network.

The Maze crew provided proof of access in the form of 11 screenshots portraying directory listings from inside the company's computer network.

Pitney Bowes confirmed the incident stating they had detected a security incident related to Maze ransomware.

The company said it worked with third-party security consultants to take steps to stop the attack before any of its data was encrypted.

This is the second ransomware incident for Pitney Bowes in seven months.

In October 2019, Pitney Bowes disclosed a first ransomware attack. At the time, the company said it had some critical systems infected and encrypted by the Ryuk ransomware gang. The incident caused limited downtime to some package tracking systems.

Both the Ryuk and Maze ransomware gangs are what experts call "human-operated" ransomware strains. These types of ransomware infections take place after hackers breach a company's network, and take manual control of the malware to expand access to as many internal systems as possible before executing the actual ransomware to encrypt data and demand a ransom.

Read more here: https://www.zdnet.com/article/package-delivery-giant-pitney-bowes-confirms-second-ransomware-attack-in-7-months/

Law Firm Representing Drake, Lady Gaga, Madonna And More Hit By Cyber Attack As Hackers Claim To Have Stolen Personal Information And Contracts

A law firm representing many of the world's most famous celebrities has been hacked.

The website of Grubman Shire Meiselas & Sacks has been taken offline, and hackers claim to have stolen some 756GB of data relating to its clients.

Singers, actors and other stars have worked with the law firm, according to old versions of its website, with more than 200 very high-profile celebrities and companies said to have used its services.

They include Madonna, Lady Gaga, Elton John and Drake.

The hackers behind the attack claim to have person information on celebrities including letters, as well as official contracts.

Hackers have already released a purported screenshot of a Madonna contract in an attempt to prove they have access to personal files.

It is not known what the hackers are demanding in return for the files, or whether negotiations are ongoing.

"We can confirm that we've been victimised by a cyber-attack," the firm said in a media statement. "We have notified our clients and our staff.

"We have hired the world's experts who specialise in this area, and we are working around the clock to address these matters."

The hack used a piece of software known as REvil or Sodinokibi. Similar software took foreign exchange company Travelex offline in January, as part of a major hack.

Traditionally, such ransomware has been used to lock down computers and demand money from their owners to unlock them again, and grant access to files.

Increasingly, hackers threaten to release those files to the public if their demands are not met.

Read the original article: https://www.independent.co.uk/life-style/gadgets-and-tech/news/celebrity-hack-law-firm-cyber-attack-drake-madonna-lady-gaga-a9511976.html

Lights stay on despite cyber-attack on UK's electricity system

Britain’s energy system has fallen victim to a cyber-attack targeting the IT infrastructure used to run the electricity market.

The electricity system’s administrator, Elexon, confirmed that it was affected by a cyber-attack on Thursday afternoon but that the key systems used to govern the electricity market were not affected.

National Grid is investigating whether the attack could affect the part of its business tasked with keeping the lights on.

A spokesman for the energy system operator said electricity supplies had not been affected, and there were “robust cybersecurity measures in place” to make sure the UK continues to receive reliable electricity.

“We’re aware of a cyber intrusion on Elexon’s internal IT systems. We’re investigating the matter and any potential impact on our own IT networks,” he said.

Elexon is a vital part of the UK electricity market because it carefully monitors the electricity generated by energy companies to match this with what National Grid expects to receive, and to make sure that generators are paid the correct amount for the energy they generate.

Read more: https://www.theguardian.com/business/2020/may/14/lights-stay-on-despite-cyber-attack-on-uks-electricity-system

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Week in review 22 December 2019

Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Cyber Consulting would like to wish customers old and new a Very Happy Christmas and a happy, prosperous, and cyber safe, 2020

Christmas malware spreading fast: Protect yourself now

Holiday party invitations may infect your PC

It's time for ugly Christmas sweaters — and for ugly Christmas-themed malicious spam emails.

A new malspam campaign dumps an email in your inbox marked "Christmas Party," "Christmas Party next week," "Party menu," "Holiday schedule" or something similar. But the attached Word document delivers a lump of coal: the notorious Emotet Trojan malware.

"HAPPY HOLIDAYS," begins the email, as spotted by researchers. "I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know.

"Don't forget to get your donations in for the money tree," the email adds. "Also, wear your tackiest/ugliest Christmas sweater to the party." Sometimes it adds, "Details in the attachment."

More here: https://www.tomsguide.com/news/ugly-christmas-emails-give-the-gift-of-malware

Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.

The cyber criminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.

“Represented here companies dont wish to cooperate with us, and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!”

Researchers were able to verify that at least one of the companies listed on the site indeed recently suffered from a Maze ransomware infestation that has not yet been reported in the news media.

The information disclosed for each Maze victim includes the initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by Maze.

As shocking as this new development may be to some, it’s not like the bad guys haven’t warned us this was coming.

Read the full article here: https://securityboulevard.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/

Ransomware: The number of victims paying up is on the rise, and that's bad news

The number of organisations that are giving into the extortion demands of cyber criminals after falling victim to ransomware attacks has more than doubled this year.

A rise in the number of ransomware attacks in the past year has contributed to to the increased number of organisations opting to pay a ransom for the safe return of networks locked down by file-encrypting malware.

That's according to figures in the newly released 2019 CrowdStrike Global; Security Attitude Survey, which said the total number of organisations around the world that pay the ransom after falling victim to a supply-chain attack has more than doubled from 14% of victims to 39% of those affected.

In the UK specifically, the number of organisations that have experienced a ransomware attack and paid the demanded price for the decryption key stands at 28% – double the 14% figure of the previous year.

Read the full article here: https://www.zdnet.com/article/ransomware-the-number-of-victims-paying-up-is-on-the-rise-and-thats-bad-news/

Microsoft Office apps hit with more cyber attacks than ever

New reports have claimed Microsoft Office was the most commonly exploited application worldwide as of the the third quarter of this year.

Researchers found that Microsoft Office solutions and applications were the target of exactly 72.85 percent of cyber exploits this year according to the firm's research.

However, cyber criminals also targeted web browsers with 13.47 percent of the total number of exploits, Android (9.09 percent), Java (2.36 percent), and Adobe Flash (1.57 percent).

Read the full article here: https://www.techradar.com/uk/news/microsoft-office-apps-hit-with-more-cyberattacks-than-ever

Inconsistent password advice could increase risk of cyber attacks

New research suggests that ‘inconsistent and misleading’ password meters seen on various websites could increase the risk of cyber attacks.

The study, led by researchers at the University of Plymouth, investigated the effectiveness of 16 password meters that people are likely to use or encounter on a regular basis.

It tested 16 passwords against the various meters, with 10 of them being ranked among the world’s most commonly used passwords (including ‘password’ and ‘123456’).

Of the 10 explicitly weak passwords, only five of them were consistently scored as such by all the password meters, while ‘Password1!’ performed far better than it should do and was even rated strongly by three of the meters.

However, the team at Plymouth said one positive finding was that a browser-generated password was consistently rated strong, meaning users can seemingly trust these features to do a good job.

More here: https://eandt.theiet.org/content/articles/2019/12/inconsistent-password-advice-could-increase-risk-of-cyber-attacks/

Cyber security predictions for 2020: 45 industry experts have their say

Cyber security is a fast-moving industry, and with a new decade dawning, the next year promises new challenges for enterprises, security professionals and workers. But what predictions do experts have for cybersecurity in 2020?

Verdict.co.uk heard from 45 experts across the field of cybersecurity about their predictions for 2020, from new methods and targets to changing regulation and business practices.

Read the full list of predictions here: https://www.verdict.co.uk/cybersecurity-predictions-2020/

This ‘grab-bag’ hacking attack drops six different types of malware in one go

'Hornet's Nest' campaign delivers a variety of malware that could create a nightmare for organisations that fall victim to attacks, warn researchers.

A high-volume hacking campaign is targeting organisations around the world with attacks that deliver a 'grab-bag' of malware that includes information-stealing trojans, a remote backdoor, a cryptojacker and a cryptocurrency stealer.

Uncovered by researchers at Deep Instinct, the combination of the volume of attacks with the number of different malware families has led to the campaign being named 'Hornet's Nest'.

The attacks are suspected to be offered as part of a cybercrime-as-a-service operation with those behind the initial dropper, which researchers have dubbed Legion Loader, leasing out their services to other criminals.

Clues in the code point to the Legion Loader being written by a Russian-speaker – and researchers note that the malware is still being worked on and updated. Attacks using the loader appear to be focused on targets in the United States and Europe.

Read the full article here: https://www.zdnet.com/article/this-grab-bag-hacking-attack-drops-six-different-types-of-malware-in-one-go/

Tiny band of fraud police left to deal with third of all crime

Only one in 200 police officers is dedicated to investigating fraud despite it accounting for more than a third of all crimes, The Times revealed.

Most forces have less than half of 1 per cent of their officers allocated to fraud cases and some have none at all, according to figures disclosed under the Freedom of Information Act. In some areas the number of officers tackling fraud has fallen significantly.

Amid a surge in online and cold-calling scams, there were 3.8 million incidents of fraud last year, more than a third of all crimes in England and Wales. Victims are increasingly targeted online and can lose their life savings. However, as few as one in 50 fraud reports leads to a “judicial outcome” such as a suspect being charged.

Last night police bosses said the failure to investigate the cases was due to budget cuts and “poor government direction” and the situation had become a national emergency. Boris Johnson has pledged to “make the streets safer” by recruiting an extra 20,000 police officers but there are concerns that victims of fraud will continue to be failed.

Read the original article here: https://www.thetimes.co.uk/article/less-than-1-of-police-officers-target-fraud-kf6d37qfz

IT worker with a grudge jailed for cyber attack that shut down network for 12 hours

A contractor with a grudge over the handling of an incident in Benidrom has been jailed for carrying out a revenge cyber attack. Scott Burns, 27, was unhappy with the way a disciplinary matter against him by Jet2 was dealt with so decided to cause harm. The attack led to the company’s computer network being shut down for 12 hours and it was only thanks to a fast-thinking colleague that a ‘complete disaster’ was avoided. Burns’s attack cost the company £165,000 in lost business, Leeds Crown Court was told. Jailing Burns for 10 months, Judge Andrew Stubbs QC heard how the motive was revenge because Burns was unhappy about how Jet2 dealt with a disciplinary matter against him relating to an incident at a ‘roadshow in Benidorm’ in 2017. No further details of the incident were outlined in court.

Read more here: https://metro.co.uk/2019/12/20/worker-grudge-jailed-cyber-attack-shut-network-12-hours-11937687/

30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world

In December 1989 the world was introduced to the first ever ransomware - and 30 years later ransomware attacks are now at crisis levels.

Ransomware has been one of the most prolific cyber threats facing the world throughout 2019, and it's unlikely to stop being a menace any time soon.

Organisations from businesses and schools to entire city administrations have fallen victim to network-encrypting malware attacks that are now demanding hundreds of thousands of dollars in bitcoin or other cryptocurrency for the safe return of the files.

While law enforcement recommends that victims don't give into the demands of cyber criminals and pay the ransom, many opt to pay hundreds of thousands of dollars because they view it as the quickest and easiest means of restoring their network. That means some of the criminal groups operating ransomware campaigns in 2019 are making millions of dollars.

But what is now one of the major cyber scourges in the world today started with much more humble origins in December 1989 with a campaign by one man that would ultimately influence some of the biggest cyber attacks in the world thirty years later.

The first instance of what we now know as ransomware was called the AIDS Trojan because of who it was targeting – delegates who'd attended the World Health Organization AIDS conference in Stockholm in 1989.

Attendees were sent floppy discs containing malicious code that installed itself onto MS-DOS systems and counted the number of the times the machine was booted. When the machine was booted for the 90th time, the trojan hid all the directories and encrypted the names of all the files on the drive, making it unusable.

Victims saw instead a note claiming to be from 'PC Cyborg Corporation' which said their software lease had expired and that they needed to send $189 by post to an address in Panama in order to regain access to their system.

It was a ransom demand for payment in order for the victim to regain access to their computer.

Read the full article here: https://www.zdnet.com/article/30-years-of-ransomware-how-one-bizarre-attack-laid-the-foundations-for-the-malware-taking-over-the-world/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our new regular ‘Cyber Tip Tuesday’ video blog, here and on our YouTube channel

You can also follow us on Facebook, Twitter and LinkedIn.