Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week 

Ransomware Attacks Soar 288% in First Half of 2021

The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew, according to the latest data.

Nearly a quarter (22%) of data leaks in the second quarter came from the Conti ransomware group, who typically gain initial network access to victim organisations via phishing emails.

It’s an unfortunate fact that no organisation in any sector is safe from ransomware today.

Targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model. https://www.infosecurity-magazine.com/news/ransomware-attacks-soar-half-2021/  

Ransomware Costs Expected To Reach $265 Billion By 2031

Think ransomware is expensive now? It’s not predicted to get any cheaper over the next decade. Ransoms could cost victims a collective total of $265 billion by 2031. The estimate is based on the prediction that the price tag will increase 30% every year over the next 10 years. https://securityintelligence.com/news/ransomware-costs-expected-265-billion-2031/ 

Brute Force Email Attacks and Account Takeover Attempts Rise 671%, Reaching Unprecedented Levels, Causing Financial And Reputational Damage

A new Email Threat Report for Q3 2021 examines the escalating adverse impact of socially-engineered and never-seen-before email attacks, and other advanced email threats—both financial and reputational—to organisations worldwide. The report surveyed advanced email attacks across eight major industry sectors, including retail and consumer goods, manufacturing, technology, energy and infrastructure services, medical, media and television, finance, and hospitality.

The report also finds 61% of organisations experienced a vendor email compromise/supply chain attack in Q2 2021.

Key report findings include:

• 32.5% of all companies were targeted by brute force attacks in early June 2021

• 137 account takeovers occurred per 100,000 mailboxes for members of the C-suite

• 61% of organisations experienced a vendor email compromise attack this quarter

• 22% more business email compromise attacks since Q4 2020

• 60% chance of a successful account takeover each week for organisations with 50,000+ employees

• 73% of all advanced threats were credential phishing attacks

• 80% probability of attack every week for retail and consumer goods, technology, and media and television companies

https://finance.yahoo.com/news/brute-force-email-attacks-account-120100299.html  

Investigation Into Hacked "Map" Of UK Gun Owners

Gun-selling site Guntrader announced a data breach affecting more than 100,000 customers in July. This week, reports emerged that an animal rights activist blog had published the information. The group had formatted the data so it could be easily imported into mapping software to show individual homes. The National Crime Agency, which has been investigating the data breach and its fallout, said it "is aware that information has been published online as a result of a recent data breach which impacted Guntrader". https://www.bbc.co.uk/news/technology-58413847 

Eight US Financial Services Firms Given Six-Figure Fines Over BEC Data Breaches

The US Securities and Exchange Commission (SEC) has sanctioned multiple financial services firms for cyber security failures that led to the compromise of corporate email accounts and the personal data of thousands of individuals. The case was brought after the unauthorised takeover of cloud-based email accounts at Seattle-based KMS Financial Services, and subsidiaries of California-headquartered Cetera Financial Group and Iowa-based Cambridge Investment Group. https://portswigger.net/daily-swig/eight-us-financial-services-firms-given-six-figure-fines-over-bec-data-breaches

Ransomware Has Been A ‘Game Changer’ For Cyber Insurance

Ransomware attacks accounted for nearly one quarter of all cyber incidents globally last year, according to a software company. The researchers “think of December 2019 as the tipping point for when we started to see ransomware take hold”. The U.S. was hit by a barrage of ransomware attacks in 2019 that impacted at least 966 government agencies, educational establishments, and healthcare providers at a potential cost in excess of $7.5 billion. All of this has a massive knock-on affect for the Insurance firms. https://www.insurancejournal.com/news/national/2021/08/30/628672.htm 

Getting Ahead Of A Major Blind Spot For CISOs: Third-Party Risk

For many CISOs and security leaders, it was not long ago that their remit focused on the networks and digital ecosystems for their organisation alone. In today’s digital world, those days are a thing of the past with a growing number of businesses relying on third-party vendors to scale, save time and outsource expertise to stay ahead. With this change, new security risks affiliated with third-party vendors are more prevalent than ever before. https://www.helpnetsecurity.com/2021/09/01/getting-ahead-of-a-major-blind-spot-for-cisos-third-party-risk/ 

WhatsApp Hit With $267 Million GDPR Fine For Bungling User Privacy Disclosure

Ireland’s Data Protection Commission fined Facebook-owned messenger WhatsApp for $225 million for failing to provide users enough information about the data it shared with other Facebook companies.

The fine is the largest penalty that the Irish regulator has waged since the European Union data protection law, the General Data Protection Regulation, or GDPR, went into effect in 2018. https://www.cyberscoop.com/whatsapp-hit-with-267-million-gdpr-fine-for-bungling-user-privacy-disclosure/  

Microsoft Warns About Open Redirect Phishing Campaign

Microsoft’s Security Intelligence team is warning over phishing campaigns using open redirector links, links crafted to subvert normal inspection efforts. Smart users know to hover over links to see where they're going to lead, but these links are prepared for that type of user and display a safe destination designed to lure targets into a false sense of security. Click the link and you'll be redirected to a domain that appears legit (such as a Microsoft 365 login page, for example) and sets the stage for you to voluntarily hand over credentials to bad actors without even realising it until it's too late. https://www.windowscentral.com/microsoft-warns-about-open-redirect-phishing-campaign

Previous Employees With Access To Corporate Data Remain A Threat To Businesses

Offboarding employees securely is a key problem for business leaders, with 40% concerned that employees who leave a company retain knowledge of passwords that grant access to corporate data. This is according to a report, which found few organisations are implementing access management solutions that work with all applications, meaning most lack the ability to revoke access to all corporate data as soon as an employee leaves. https://www.helpnetsecurity.com/2021/09/02/previous-employees-access-data/

BEC Scammers Seek Native English Speakers On Underground

Looking for work? Speak fluent English? Capable of convincingly portraying a professional – as in, somebody a highly ranked corporate leader would talk to? If you lack scruples and disregard those pesky things called “laws,” it could be your lucky day: Cyber Crooks are putting up help-wanted ads, looking for native English speakers to carry out the social-engineering elements of business email compromise (BEC) attacks. https://threatpost.com/bec-scammers-native-english-speakers/169092/

Half Of Businesses Can't Spot These Signs Of Insider Cyber Security Threats

Most businesses are struggling to identify and detect early indicators that could suggest an insider is plotting to steal data or carry out other cyber attacks. Research suggests that over half of companies find it impossible or very difficult to prevent insider attacks. These businesses are missing indicators that something might be wrong. Those include unusual amounts of files being opened, attempts to use USB devices, staff purposefully circumventing security controls, masking their online activities, or moving and saving files to unusual locations. All these and more might suggest that a user is planning malicious activity, including the theft of company data. https://www.zdnet.com/article/half-of-businesses-cant-spot-these-signs-of-insider-cybersecurity-threats/

Threats

Ransomware

• Conti Ransomware Now Hacking Exchange Servers With ProxyShell Exploits

• First Ransomware to Use Intermittent Encryption Revealed

• Ransomware: It's Only A Matter Of Time Before A Smart City Falls Victim, And We Need To Take Action Now

• LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

• FBI, CISA: Ransomware Attack Risk Increases On Holidays, Weekends

• How Ransomware Runs The Underground Economy

• LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files

Phishing

• This Phishing Attack Is Using A Sneaky Trick To Steal Your Passwords, Warns Microsoft

• Report Analysis On Phishing Campaign Utilizing Vzwpix

Malware

• Cyber Attackers Are Now Quietly Selling Off Their Victim's Internet Bandwidth

• Cyber Criminal Sells Tool To Hide Malware In AMD, NVIDIA GPUS

• Cyber Criminals Abusing Internet-Sharing Services To Monetise Malware Campaigns

Mobile

• Snowden Slams Apple CSAM: Warns iPad, iPhone, Mac Users Worldwide

• Kaspersky Lab Has Reported About Android Viruses Designed To Steal Money Automatically

• Dangerous Android Malware Is Spreading — Beware Of Text Message Scam

Vulnerabilities

• ProxyToken: Another Nail-Biter From Microsoft Exchange

• New BrakTooth Flaws Leave Millions Of Bluetooth-Enabled Devices Vulnerable

• Atlassian Confluence Flaw Under Active Attack

• Meltdown-Like Vulnerability Disclosed For AMD Zen+ And Zen 2 Processors

• NPM Package With 3 Million Weekly Downloads Had A Severe Vulnerability

• Cisco Patches Critical Authentication Bug With Public Exploit

• QNAP Working On Patches For OpenSSL Flaws Affecting Its NAS Devices

• This Top TP-Link Router Ships With Some Serious Security Flaws

Data Breaches/Leaks

Organised Crime & Criminal Actors

• The Consumerisation Of The Cyber Crime-As-A-Service Market

• Chinese Authorities Arrest Hackers Behind Mozi IOT Botnet Attacks

Dark Web

• Data From Fujitsu Is Being Sold On The Dark Web

DoS/DDoS

• Cloudflare Says It Stopped The Largest DDoS Attack Ever Reported

• UK VoIP Telco Receives 'Colossal Ransom Demand', Reveals REvil Cyber Crooks Suspected Of 'Organised' DDoS Attacks On UK VoIP Companies

OT, ICS, IIoT and SCADA

• Nine Cyber Attacks On UK's Transport Sector Missed By Mandatory Reporting Laws

Cloud

• “Worst Cloud Vulnerability You Can Imagine” Discovered In Microsoft Azure

Other News

• Why Zero-Trust Models Should Replace Legacy VPNs

• T-Mobile CEO Calls Latest Data Breach ‘Humbling,’ Claims It’s Committed To Security

• China Restricts Kids’ Online Gaming To Three Hours A Week

• Unpatched Exchange Servers An Overlooked Risk

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Crime Losses Triple To £1.3bn In H1 2021

Individuals and organisations lost three times more money to cyber crime and fraud in the first half of the year compared to the same period in 2020, as incidents soared, according to new figures. The report revealed that between January 1 and July 31 2020, victims lost £414.7m to cyber crime and fraud. However, the figure surged to £1.3bn for the same period in 2021. This can be partly explained by the huge increase in cases from last year to this. In the first half of 2020, there were just 39,160 reported to Action Fraud, versus 289,437 in the first six months of 2021. https://www.infosecurity-magazine.com/news/cybercrime-losses-triple-to-13bn/

Ransomware On A Rampage; A New Wake-Up Call

The ransomware rampage is continuing at pace and continues to create significant cyber security challenges. The use of ransomware by hackers to leverage exploits and extract financial benefits is not new. Ransomware has been around for over 2 decades, (early use of basic ransomware malware was used in the late 1980s) but as of late, it has become a trending and more dangerous cybersecurity threat. The inter-connectivity of digital commerce and expanding attack surfaces have enhanced the utility of ransomware as cyber weapon of choice for bad actors. Like bank robbers, cyber criminals go where the money is accessible. And it is now easier for them to reap benefits from extortion. Hackers can now demand cryptocurrencies payments or pre-paid cards that can be anonymously transacted. Those means of digital payments are difficult to trace by law enforcement. https://www.forbes.com/sites/chuckbrooks/2021/08/21/ransomware-on-a-rampage-a-new-wake-up-call/?sh=64a622362e81

22% Of Cyber Security Incidents In H1 2021 Were Ransomware Attacks

A report uncovered the number and nature of UK cyber security breaches reported to the UK Information Commissioner’s Office (ICO) in 2020 and 2021. So far in 2021 phishing was to blame for most incidents, accounting for 40% of all cyber security cases reported to the ICO, slightly down from 44% the year before. However, ransomware is surging, up from 11% of all reported incidents in the first half of 2020 to 22% in 2021. https://www.helpnetsecurity.com/2021/08/25/cybersecurity-incidents-h1-2021/

Ransomware: These Four Rising Gangs Could Be Your Next Major Cyber Security Threat

In recent months some significant ransomware operators have seemingly disappeared. But that doesn't mean that ransomware is any less of a problem, quite the opposite – new groups are emerging to fill the gaps and are often worse than the gangs that went before them. Cyber security researchers have detailed four upcoming families of ransomware discovered during investigations – and under the right circumstances, any of them could become the next big ransomware threat. One of these is LockBit 2.0, a ransomware-as-a-service operation that has existed since September 2019 but has gained major traction over the course of this summer. Those behind it revamped their dark web operations in June – when they launched the 2.0 version of LockBit – and aggressive advertising has drawn attention from cyber criminals. https://www.zdnet.com/article/ransomware-these-four-rising-threats-could-be-the-next-major-cybersecurity-risk-facing-your-business/

Key Email Threats And The High Cost Of Business Email Compromise

Researchers published the results of a study analysing over 31 million threats across multiple organisations and industries, with new findings and warnings issued by technical experts that every organisation should be aware of. A key aspect to preventing attacks is having a deep understanding of cyber actor patterns and continuously monitoring and deconstructing campaigns to anticipate future ones. Phishing can be a profitable business model, and most breaches begin with a phishing email. What appears to be an innocent email from a trusted vendor or internal department can lead to firm-wide shutdowns, loss of crucial data, and millions in financial costs. As detailed in the report, threats ranging from ransomware, credential harvesters to difficult-to-discover but costly Business Email Compromise (BEC) targeted inboxes, could have resulted in over $354 million in direct losses had they been successful. https://www.helpnetsecurity.com/2021/08/23/key-email-threats/

Microsoft Warns Thousands Of Cloud Customers Of Exposed Databases

Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security a company discovered it was able to access keys that control access to databases held by thousands of companies. https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/

58% Of IT Leaders Worried Their Business Could Become A Target Of Rising Nation State Attacks

Researchers released the findings of a global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation state attacks. 72% of respondents said they worry that nation state tools, techniques, and procedures (TTPs) could filter through to the dark net and be used to attack their business. https://www.helpnetsecurity.com/2021/08/23/rising-nation-state-attacks/

Cyber Insurance Market Encounters ‘Crisis Moment’ As Ransomware Costs Pile Up

It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. Ransomware now accounts for 75% of all cyber insurance claims, up from 55% in 2016, according to the credit ratings agency. The percentage increase in claims is outpacing that of premiums, said a June report which concluded that “the prospects for the cyber insurance market are grim.” Fitch Ratings in April found that the ratio of losses to premiums earned was at 73% last year, jeopardizing the profitability of the industry. https://www.cyberscoop.com/cyber-insurance-ransomware-crisis/

Security Teams Report Rise In Cyber Risk

Do you feel like you are gaining in your ability to protect your data and your network? If you are like 80% of respondents to the a recent report, you expect to experience a data breach that compromises customer data in the next 12 months. The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets. https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cyber security and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. The vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. While the former two were addressed by Microsoft on April 13, a patch for CVE-2021-31207 was shipped as part of the Windows maker's May Patch Tuesday updates. https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html

Threats

Ransomware

• 70% of Cyber Pros Believe Cyber Insurance is Exacerbating Ransomware

• Nigerian Threat Actors Solicit Employees To Deploy Ransomware for Cut Of Profits

• FBI Shares Technical Details For Hive Ransomware

• New Ransomware Called LockFile Targets Microsoft Exchange Servers

• Researchers Find New Evidence Linking Diavol Ransomware To TrickBot Gang

• FBI Sends Its First-Ever Alert About A ‘Ransomware Affiliate’

Phishing

• That Email Asking For Proof Of Vaccination Might Be A Phishing Scam

• Phishing Could Have Cost Businesses $354m In Potential Direct Losses

Other Social Engineering

• Scammers Impersonate Europol Chief In An Effort To Defraud Belgians

• Man Admits Impersonating Apple Support Staff To Steal 620,000 Photos From iCloud Accounts

Malware

• 13 Million Malware Attacks On Linux Seen In Wild

• New SideWalk Backdoor Targets U.S.-Based Computer Retail Business

• Mozi Botnet Gains The Ability To Tamper With Its Victims’ Traffic

• Shadowpad Malware Is Becoming A Favourite Choice Of Chinese Espionage Groups

Mobile

• Dreadful Joker Virus That Can Empty Bank Accounts Returns: Remove These Apps On Your Device ASAP

• Pegasus iPhone Hacks Used As Lure In Extortion Scheme

IOT

• Mirai-Style Iot Botnet Is Now Scanning For Router-Pwning Critical Vuln In Realtek Kit

• IoT Market To Reach $1.5 Trillion By 2027, Security Top Priority

• Hackers Could Increase Medication Doses Through Infusion Pump Flaws

Vulnerabilities

• F5 Bug Could Lead To Complete System Takeover

• Multiple Products Impacted By OpenSSL RCE vulnerability

• Microsoft Breaks Silence On Barrage of ProxyShell Attacks

• Atlassian Warns Of Critical Confluence Flaw

• VMware Issues Patches To Fix New Flaws Affecting Multiple Products

• Critical Flaw Discovered In Cisco APIC for Switches — Patch Released

• New Ryzen Chipset Driver Patches Security Vulnerabilities

• CISA Warns Admins To Urgently Patch Exchange ProxyShell Bugs

• Attackers Actively Exploiting Realtek SDK Flaws

• Google Issues Warning For 2 Billion Chrome Users

Data Breaches/Leaks

• Guernsey Data Authority Imposed Sanctions On 11 Firms For Breaches Last Year

• Data Leak Exposed 38 Million Records, Including COVID-19 Vaccination Statuses

• Nokia Subsidiary Discloses Data Breach After Conti Ransomware Attack

• T-Mobile Breach Hits 53 Million Customers As Probe Finds Wider Impact

Organised Crime & Criminal Actors

• Infamous Hacker Group Claims To Be Selling Data From Over 70 Million AT&T Customers, According To A Privacy Group 

Cryptocurrency/Cryptojacking

• Man Sues Parents Of Teens Who Hijacked Nearly $1M In Bitcoin

• Coinbase Accounts Hacked As Bitcoin Hovers Near $50k

Insider Threats

• Employees Participating In Unethical Behaviours To Help An Organisation Actually Harm Themselves

DoS/DDoS

• Cloudflare says it stopped the largest DDoS attack ever reported

• Botnet Generates One Of The Largest DDoS Attacks On Record

OT, ICS, IIoT and SCADA

• ICS Vulnerabilities Disclosed In H1 2021 Rose By 41%

Nation State Actors

• Spies for Hire: China’s New Breed Of Hackers Blends Espionage And Entrepreneurship

• InkySquid State Actor Exploiting Known IE Bugs

• US Media, Retailers Targeted By New SparklingGoblin APT

Cloud

• 40% of SaaS (Cloud) Assets Are Unmanaged, Putting Companies At Risk For Data Leaks

Privacy

• Phones Of Nine Bahraini Activists Found To Have Been Hacked With NSO Spyware

Other News

• Razer bug lets you become a Windows 10 admin by plugging in a mouse

• Cyber Security Market Soaring As Threats Target Commercial And Govt Organisations

• UK to overhaul privacy rules in post-Brexit departure from GDPR

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Workers Ignore Security Risks To Maximize Productivity

A large proportion of employees often take shortcuts to optimize productivity at work, despite understanding the security risks, new data suggests. According to a survey which polled 8,000 workers worldwide, almost four in five (79%) have engaged in one or more “risky activity” in the past twelve months. In a third of cases (35%), this involved saving passwords to their browser. A similar percentage admitted to using a single password across multiple online accounts, while 23% connected personal devices to corporate networks.

https://www.itproportal.com/news/many-workers-ignore-security-risks-to-maximize-productivity/

Financial Services Accounting For Nearly 40% Of All Phishing URLs

A report was released for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected for June alone. For this 6-month window researchers identified Crédit Agricole as the most impersonated brand, with 17,555 unique phishing URLs, followed by Facebook, with 17,338, and Microsoft, with 12,777.

https://www.helpnetsecurity.com/2021/07/22/financial-services-phishing/

Half Of Organisations Are Ineffective At Countering Phishing And Ransomware Threats

Half of organisations are not effective at countering phishing and ransomware threats. The findings come from a study compiled from interviews with 130 cyber security professionals in mid-sized and large organisations. “Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,”. “Organisations need multi-layered defences in place to mitigate these risks.”

https://www.helpnetsecurity.com/2021/07/19/countering-phishing-and-ransomware/

36% Of Organisations Suffered A Serious Cloud Security Data Leak Or A Breach In The Past Year

As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks—and the costs of addressing them—are increasing. The findings are part of the State of Cloud Security 2021 survey. The survey of 300 cloud pros (including cloud engineers; security engineers; DevOps; architects) found that 36% of organisations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they’re vulnerable to a major data breach related to cloud misconfiguration. 64% say the problem will get worse or remain unchanged over the next year.

https://www.helpnetsecurity.com/2021/07/27/cloud-security-data-leak/

HP Finds 75% Of Threats Were Delivered By Email In First Six Months Of 2021

According to the latest HP Report, email is still the most popular way for malware and other threats to be delivered, with more than 75% of threats being sent through email messages.  The report -- covering the first half of 2021 -- is compiled based on customers who opt to share their threat alerts with the company. HP's researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools can solve CAPTCHA challenges using computer vision techniques.

https://www.zdnet.com/article/hp-finds-75-of-threats-were-delivered-by-email-in-first-six-months-of-2021/

Data Breach Costs Hit Record High Due To Pandemic

Data breaches have always proved costly for victimized organisations. But the coronavirus pandemic made a bad situation even worse. A report released Wednesday looks at how and why the average cost of dealing with a data breach has jumped to a new high. The average cost of a data breach among companies surveyed reached $4.24 million per incident, the highest in 17 years.

https://www.techrepublic.com/article/data-breach-costs-hit-record-high-due-to-pandemic/

Top 30 Critical Security Vulnerabilities Most Exploited By Hackers

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors can swiftly weaponize publicly disclosed flaws to their advantage. The top 30 vulnerabilities span a wide range of software, including remote work, virtual private networks (VPNs), and cloud-based technologies, that cover a broad spectrum of products from Microsoft, VMware, Pulse Secure, Fortinet, Accellion, Citrix, F5 Big IP, Atlassian, and Drupal.

https://thehackernews.com/2021/07/top-30-critical-security.html

Average Time To Fix High Severity Vulnerabilities Grows From 197 Days To 246 Days In 6 Months: Report

A recent report has found that the remediation rate for severe vulnerabilities is on the decline, while the average time to fix is on the rise. The report, which is compiled monthly, covers window of exposure, vulnerability by class and time to fix. The latest report found that the window of exposure for applications has increased over the last six months while the top-5 vulnerability classes by prevalence remain constant, which the researchers behind the report said was a "systematic failure to address these well-known vulnerabilities." According to researchers, the time to fix vulnerabilities has dropped 3 days, from 205 days to 202 days. The average time to fix is 202 days, the report found, representing an increase from 197 days at the beginning of the year. The average time to fix for high vulnerabilities grew from 194 days at the beginning of the year to 246 days at the end of June.

https://www.zdnet.com/article/average-time-to-fix-high-vulnerabilities-grows-from-197-days-to-246-days-in-6-months-report/

Why Remote Working Leaves Us Vulnerable To Cyber Attacks

An industry survey found 56% of senior IT technicians believe their employees have picked up bad cyber security habits while working from home. For Example. A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack - US Independence Day, 4 July. They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers. Many firms were forced into a costly downtime period as a result. Among those targeted during the incident was a well-known software provider, Kaseya. REvil used Kaseya as a conduit to spread its ransomware - a malware that can scramble and steal an organisation's computer data - through other corporate and cloud-based networks that use the software.

https://www.bbc.co.uk/news/business-57847652

Stop Mitigating Cyber Security Threats And Start Preventing Them

The impacts of a successful cyber attack can be devastating. Through multiple forms of extortion, criminals can use stolen data and other business-critical assets, including sensitive financial and customer data to hold companies hostage with just one campaign. The average cost of a phishing attack last year was $832,500, with zero-day attacks costing around $1,238,000. Spending this amount of money to recover from a cyber attack could bring a company to its knees. Today’s cyber attacks present very real existential threats to businesses and C-level executives are beginning to fully realize the gravity of these threats. It is critical that organizations invest in solutions that are going to help stop these attackers before they enter their environments.

https://www.itproportal.com/features/stop-mitigating-cybersecurity-threats-and-start-preventing-them/

Threats

Ransomware

• Babuk Ransomware Decryptor Causes Encryption 'Beyond Repair'

• Ransomware Can Penetrate Quickly, Significantly Damaging An Organisation

• BlackMatter Ransomware Targets Companies With Revenue Of $100 Million And More

• LockBit Ransomware Now Encrypts Windows Domains Using Group Policies

• FBI Tracking More Than 100 Active Ransomware Groups

• The World's Top Ransomware Gangs Have created A cyber Crime "Cartel"

Social Engineering

• Average Organisation Targeted By Over 700 Social Engineering Attacks Each Year: Report

• These Hackers Built An Elaborate Online Profile To Fool Their Targets Into Downloading Malware

• FIN7’s Liquor Lure Compromises Law Firm With Backdoor

Malware

• Cisco Researchers Spotlight Solarmarker Malware

• Hackers Exploit Microsoft Browser Bug To Deploy VBA Malware On Targeted PCs

• Some Windows 11 Installers Infect Your PC With Malware

• Microsoft Warns Of LemonDuck Malware Targeting Windows and Linux Systems

• Discord CDN And API Abuses Drive Wave Of Malware Detections

• Japanese Computers Hit By A Wiper Malware Ahead Of 2021 Tokyo Olympics

Mobile

• New Android Malware Uses VNC To Spy And Steal Passwords From Victims

• UBEL Is The New Oscorp — Android Credential Stealing Malware Active In The Wild

Vulnerabilities

• Microsoft Warns Of Credential Stealing NTLM Relay Attacks Against Windows Domain Controllers

• VPN Servers Seized By Ukrainian Authorities Weren’t Encrypted

• Web Applications Have Become A Security Liability

• Hackers Have Found Yet Another Way To Attack Kubernetes Clusters

• Windows 10 Printer Problems Persist Following Latest Security Update

• Microsoft Rushes Fix For ‘PetitPotam’ Attack PoC

• Apple Releases Urgent 0-Day Bug Patch For Mac, iPhone And iPad Devices

• Researchers Warn Of Unpatched Kaseya Unitrends Backup Vulnerabilities

• New Linux Kernel Bug Lets You Get Root On Most Modern Distros

• Dozens Of Web Apps Vulnerable To DNS Cache Poisoning Via ‘Forgot Password’ Feature

• Nasty MacOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Data Breaches

• Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable In Massive Data Breach

• Gun Owners' Fears After Firearms Dealer Data Breach

Organised Crime & Criminal Actors

• Threat Actor Offers Clubhouse Secret Database Containing 3.8b Phone Numbers

• Number Of Hacking Tools Increasing As Cyber Criminals Become More Organised

Dark Web

• How The Dark Web Enables Access To Corporate Networks

Supply Chain

• Kaseya Denies Paying Ransom For Decryptor, Refuses Comment On NDA

DoS/DDoS

• DSoS Attacks Are Up, With Ever-Greater Network Impact

Nation State Actors

• Chinese Hackers Implant PlugX Variant On Compromised MS Exchange Servers

• APT Group Hits IIS Web Servers With Deserialization Flaws And Memory-Resident Malware

Privacy

• Behind The Mercenary Spyware Industry

Reports Published in the Last Week

• DDoS Attack Trends For 2021 Q2

• Spear Phishing: Top Threats And Trends Volume 6

Other News

• PunkSpider—The Search Engine For Web Exploits—Rises From the Dead

• Biden Warns A ‘Real Shooting War’ Could Come From Cyber Breach

• Hackers Turning To 'Exotic' Programming Languages For Malware Development

• Discord Is Now An Essential Tool For Hackers

• Research Roadblock? Security Pros Weigh In On China’s New Vulnerability Disclosure Law

• For Hackers, Space Is The Final Frontier

• A DNS Outage Just Took Down A Large Chunk Of The Internet

• Ireland Sees Biggest Rise In Cyber Security Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World’s Biggest Meat Producer JBS Pays $11m Cyber Crime Ransom

JBS, the world’s biggest meat processor, has paid an $11m (£7.8m) ransom after a cyber attack shut down operations, including abattoirs in the US, Australia and Canada. While most of its operations have been restored, the Brazilian-headquartered company said it hoped the payment would head off any further complications including data theft. JBS, which supplies more than a fifth of all beef in the US, reportedly made the payment in bitcoin.

https://www.theguardian.com/business/2021/jun/10/worlds-biggest-meat-producer-jbs-pays-11m-cybercrime-ransom

Jackware: A New Type Of Ransomware Could Be 10 Times As Dangerous

Between the attacks on Colonial Pipeline and JBS, which disrupted nearly half of the East Coast’s gasoline supply for a week and threatened 20% of the U.S. meat market, respectively, consumers are finally experiencing the first physical impacts to their daily lives from cyber attacks. As bad as these attacks are, they could get a lot worse. Cyber criminals are constantly evolving, and what is keeping many security professionals up at night is the growing risk of “jackware” — a new type of ransomware that could be 10 times more dangerous because instead of encrypting Windows computers and servers. Jackware hijacks the actual physical devices and machines that make modern life possible. It’s only a matter of when we will see these attacks happen

https://finance.yahoo.com/news/ransomware-jackware-115229732.html?soc_src=social-sh&soc_trk=tw&tsrc=twtr

Lewd Phishing Lures Aimed At Business Explode

Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The Threat Intelligence team with GreatHorn made the discovery and explained it’s not simply libido driving users to click on these suggestive scams. Instead, these emails popping up on people’s screens at work are intended to shock the user, opening the door for them to make a reckless decision to click. It’s a tactic GreatHorn called “dynamite phishing.”

https://threatpost.com/lewd-phishing-lures-business-explode/166734/

UK Schools Forced To Shut Following Critical Ransomware Attack

Two schools in the south of England have been forced to temporarily close their doors after a ransomware attack that encrypted and stole sensitive data. The Skinners' Kent Academy and Skinners' Kent Primary School were attacked on June 2, according to a statement on the trust’s website which said it is currently working with third-party security experts, the police, and the National Cyber Security Centre (NCSC). It revealed that on-premises servers were targeted at the Tunbridge Well-based schools. As student and staff emergency contact details, medical records, timetables, and registers were encrypted by the attackers, the decision was taken to close on Monday.

https://www.infosecurity-magazine.com/news/schools-shut-ransomware-attacl/

Emerging Ransomware Targets Dozens Of Businesses Worldwide

An emerging ransomware strain in the threat landscape claims to have breached 30 organisations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organisations in the Middle East and North Africa last year. The affected entities are believed to be government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the U.S., U.K., and a dozen more countries in Asia, Europe, the Middle East, and South America.

https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html

COVID-19 Has Transformed Work, But Cyber Security Is Not Keeping Pace, Report Finds

An international survey of tech professionals from the Thales Group finds some bleak news for the current state of data security: the COVID-19 pandemic has upended cyber security norms, and security teams are struggling to keep up. The problems appear to be snowballing; lack of preparation has led to a scramble resulting in poor data protection practices, outdated security infrastructure not receiving needed overhauls, a jumble of new systems that only make matters worse and priority misalignment between security teams and leadership.

https://www.techrepublic.com/article/covid-19-has-transformed-work-but-cybersecurity-isnt-keeping-pace-report-finds/

Colonial Pipeline Ransomware Attack Was The Result Of An Old VPN Password

It took only one dusty, no-longer-used password for the DarkSide cyber criminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cyber security experts. Attackers used the password to a VPN account that was no longer in use but still allowed them to remotely access Colonial Pipeline’s network, Charles Carmakal, senior vice president at FireEye’s cyber security consulting firm Mandiant, told Bloomberg in an interview, according to a published report on the news outlet’s website.

https://threatpost.com/darkside-pwned-colonial-with-old-vpn-password/166743/

Evil Corp Rebrands Ransomware To Escape Sanctions

Threat actors behind a notorious Russian cyber crime group appear to have rebranded their ransomware once again in a bid to escape US sanctions prohibiting victims from paying them. Experts took to Twitter to point out that a leak site previously run by the Babuk group, which famously attacked Washington DC’s Metropolitan Police Department (MPD), had rebranded to “PayloadBin.” The Babuk group claimed that it was shutting down its affiliate model for encrypting victims and moving to a new model back in April. A ‘new’ ransomware variant with the same name has also been doing the rounds of late, but according to CTO of Emsisoft, Fabian Wosar, it’s nothing more than a copycat effort by Evil Corp.

https://www.infosecurity-magazine.com/news/evil-corp-rebrands-ransomware/

Billions Of Passwords Leaked Online From Past Data Breaches

A list of leaked passwords discovered on a hacker forum may be one of the largest such collections of all time. A 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords, likely gathered from past data breaches.

https://www.techrepublic.com/article/billions-of-passwords-leaked-online-from-past-data-breaches/

Threats

Ransomware

• Emerging 'Prometheus' Ransomware Claims 30 Victims In A Dozen Countries, Palo Alto Networks Says

• Ransomware Gangs Are Increasingly Going After SonicWall Devices

• A Deep Dive Into Nefilim, A Ransomware Group With An Eye For $1BN+ Revenue Companies

• Fujifilm Refuses To Pay Ransomware Demand, Restores Network From Backups

Phishing

• New Sophisticated Email-Based Attack From Nobelium

• Phishing Emails Remain In User Inboxes Over 3 Days Before They're Removed

• This Phishing Email Is Pushing Password-Stealing Malware To Windows PCs

Other Social Engineering

• Dangerous Connections: Sextortion Scams Soar During Lockdown, ITV News Investigation Finds

• WhatsApp Hijack Scam Continues To Spread

Malware

• Pirated Games Helped A Malware Campaign Compromise 3.2 Million PCs

• Steam Gaming Platform Hosting Malware

• Mystery Malware Steals 26M Passwords From Millions Of PCs. Are You Affected?

• Unit 42 Discovers First Known Malware Targeting Windows Containers

• Freakout Malware Worms Its Way Into Vulnerable VMware Servers

Mobile

• Android Banking Malware Sharply Increased In The First Chunk Of 2021, Reckons ESET

Vulnerabilities

• Microsoft June 2021 Patch Tuesday: 50 Vulnerabilities Patched, Six Zero-Days Exploited In The Wild

• Adobe Issues Security Updates For 41 Vulnerabilities In 10 Products

• Update Google Chrome Right Now To Avoid A Zero-Day Vulnerability

• Puzzlemaker Attacks Exploit Windows Zero-Day, Chrome Vulnerabilities

• Another Brick In The Wall: eCrime Groups Leverage SonicWall VPN Vulnerability

• Google Patches Critical Android RCE Bug

• Intel Plugs 29 Holes In CPUs, Bluetooth, Security

• Critical Zero-Day Vulnerabilities Found In ‘Unsupported’ Fedena School Management Software

• Microsoft Office MSGraph Vulnerability Could Lead To Code Execution

• WordPress Force Installs Jetpack Security Update On 5 Million Sites

Data Breaches

• EA Got Hit By A Data Breach, And Hackers Are Selling Source Code

• Dutch Pizza Chain Discloses Breach After Hacker Tries To Extort Company

Organised Crime & Criminal Actors

• ANOM: Hundreds Arrested In Massive Global Crime Sting Using Messaging App

Cryptocurrency

• Bitcoin Falls After US Seizes Most Of Colonial Ransom

• Crypto Currency Dealers Face Closure For Failing Uk Money Laundering Test

Nation State Actors

• Gelsemium: When Threat Actors Go Gardening

• Security Researcher Says Attacks On Russian Government Have Chinese Fingerprints – And Typos, Too

• Novel ‘Victory’ Backdoor Spotted In Chinese APT Campaign

• Chinese Hackers Using Previously Unknown Backdoor

Denial of Service

• ‘Fancy Lazarus’ Cyber Attackers Ramp Up Ransom DDoS Efforts

• DDoS Attacks Increase 341% Amid Pandemic

Charities

• Hackers Stole $650,000 From Nonprofit And Got Away

Other News

• US Investigates Leak Of Records Showing Billionaires Pay Little Tax

• Most Mobile Finance Apps Vulnerable To Data Breaches

• Many Executives Still Don't Understand Basic Tech

• The Rise Of Cyber Security Debt

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise

In early May, global insurer AXA made a landmark policy decision: The company would stop reimbursing French companies for ransomware payments to cyber criminals. The decision, which reportedly came after French authorities questioned whether the practice had fuelled the current epidemic in ransomware attacks, may be just the beginning of a general retreat that will force companies to reconsider their attempts to outsource cyber-risk to insurance firms. Already, the massive damages from one damaging crypto worm, NotPetya, caused multiple lawsuits when insurers refused to pay out on cyber insurance claims.

https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109

Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack

The cyber attack on IT systems in the health service will cost it at least €100 million, according to chief executive Paul Reid. This is at the lower end of estimates of the total cost, he indicated, and includes the cost of restoring the network, upgrading systems to Microsoft 365 and the disruption caused to patients. Appointments for about 7,000 patients a day are being cancelled, almost two weeks after a criminal gang hacked the HSE systems. Mr Reid said the HSE was keen to see an independent and objective assessment of the cyber attack.

https://www.irishtimes.com/news/health/cyberattack-hse-faces-final-bill-of-at-least-100m-1.4577076

Ransomware: Dramatic Increase In Attacks Is Causing Harm On A Significant Scale

A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK's National Crime Agency (NCA) has warned. The NCA's annual National Strategic Assessment (NSA) of Serious and Organised Crime details how the overall threat from cyber crime has increased during the past year, with more severe and high-profile attacks against victims. Ransomware attacks have grown in frequency and impact over the course of the last year, to such an extent that they rank alongside other major crimes "causing harm to our citizens and communities on a significant scale," warns the report.

https://www.zdnet.com/article/ransomware-dramatic-increase-in-attacks-is-causing-harm-on-a-significant-scale/

Deepfakes Could Be The Next Big Security Threat To Businesses

An overwhelming majority of businesses say that manipulated online content and media such as deepfakes are a serious security risk to their organisation. Deepfakes have already been shown to pose a threat to people portrayed in the manipulated videos, and could have serious repercussions when the individual holds a position of importance, be it as a leader of a country, or a leader of an enterprise. Earlier in 2021, the FBI’s cyber division warned that deepfakes are a critical emerging threat that can be used in all manners of social engineering attacks including ones aimed at businesses.

https://www.techradar.com/news/deepfakes-could-be-the-next-big-security-threat-to-businesses

Ransomware: Two-Thirds Of Organisations Say They'll Take Action To Boost Their Defences

The severe disruption caused by the Colonial Pipeline ransomware attack has alerted organisations to the need to bolster their defences against cyber attacks – and two-thirds are set to take actions required to prevent them becoming another ransomware victim following the incident. The ransomware attack against Colonial Pipeline – one of the largest pipeline operators in the United States, providing almost half of the East Coast's fuel – caused disruption to operations and led to gas shortages, demonstrating how cyber attacks can have physical consequences.

https://www.zdnet.com/article/ransomware-two-thirds-of-organisations-say-theyll-take-action-to-boost-their-defences/

The 10 Most Dangerous Cyber Threat Actors

When hacking began many decades ago, it was mostly the work of enthusiasts fuelled by their passion for learning everything they could about computers and networks. Today, nation-state actors are developing increasingly sophisticated cyber espionage tools, while cyber criminals are cashing in millions of dollars targeting everything from Fortune 500 companies to hospitals. Cyber attacks have never been more complex, more profitable, and perhaps even more baffling. At times, drawing clear lines between different kinds of activities is a challenging task. Nation-states sometimes partner with each other for a common goal, and sometimes they even appear to be working in tandem with cyber criminal gangs.

https://www.csoonline.com/article/3619011/the-10-most-dangerous-cyber-threat-actors.html

Cyber Security Leaders Lacking Basic Cyber Hygiene

Constella Intelligence released the results of a survey that unlocks the behaviours and tendencies that characterize how vigilant organisations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge. The findings from the survey, which polled over 100 global cyber security leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications, revealed that 57% have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%).

https://www.helpnetsecurity.com/2021/05/26/cybersecurity-leaders-cyber-hygiene/

Watch Out: Crypto Jacking Is On The Rise Again

During the last year, though, malicious crypto mining has seen a resurgence, with NTT’s 2021 Global Threat Intelligence Report, published this month, revealing that crypto miners have now overtaken spyware as the world’s most common malware. Crypto miners, says NTT, made up 41% of all detected malware in 2020, and were most widely found in Europe, the Middle East, Africa, and the Americas. The most common coinminer variant was XMRig, which infects a user’s computer to mine Monero, accounting for 82% of all mining activity. Others included Crypto miner and XMR-Stack.

https://cybernews.com/security/watch-out-cryptojacking-is-on-the-rise-again/

Threats

Ransomware

• Ransomware Attacks Are Becoming More Common – How Do We Stop Them?

• Ryuk Ransomware Operators Shift Tactics To Target Victims

• Bose Confirms Ransomware Attack That Exposed Employee Data

• Russian To Be Deported After Failed Tesla Ransomware Plot

• Ransomware Attack Halts Child Protection Court Cases

• FBI Warns Of Conti Ransomware Attacks Against Healthcare Organisations

• HSE Cyber Attack Has Had ‘Devastating Impact’, Cancer Services Director Says

Phishing

• Financial Spear-Phishing Campaigns Pushing RATs

• This Massive Phishing Campaign Delivers Password-Stealing Malware Disguised As Ransomware

Other Social Engineering

• NatWest Launches 'Urgent' Crypto Currency Scam Alert

• Eight Men Arrested Over Royal Mail Delivery Scam Texts

• Fake Amazon Order Emails Lead To Vishing

Malware

• This Fake Streaming Service Will Spread Malware

• This Ransomware-Spreading Malware Botnet Just Will Not Go Away

Mobile

• New Malware Plunders Dutch Android Users’ Bank Accounts

IOT

• Hackers Can Use Smart Plugs To Break Into Your Home Network

Vulnerabilities

• VMware Sounds Ransomware Alarm Over Critical Severity Bug

• Trend Micro Bugs Threaten Home Network Security

• Digging Into A Ubiquiti Firmware Update Bug

• “Unpatchable” Vuln In Apple’s New MAC Chip – What You Need To Know

• PDF Feature ‘Certified’ Widely Vulnerable To Attack

• SonicWall urges customers to 'immediately' patch NSM On-Prem bug

• FBI Issues Warning About Fortinet Vulnerabilities After Apt Group Hacks Local Gov’t Office

• Restaurant Reservation System Patches Easy-To-Exploit XSS Bug

• Bluetooth Flaws Allow Attackers To Impersonate Legitimate Devices

Data Breaches

• UK Police Suffered Thousands Of Data Breaches In 2020

• Air India Cyber Attack: Personal Data Of Over 4.5 Million Passengers Leaked

Organised Crime & Criminal Actors

• ‘Privateer’ Threat Actors Emerge From Cyber Crime Swamp

Cryptocurrency

• Crypto Currency Crackdown Will not Stop Ransomware, CISA Official Says

• Watch Out: Crypto Jacking Is On The Rise Again

• Bitcoin Mine Found Stealing Electricity

Dark Web

• French Authorities Seize Their Third Dark Web Marketplace

OT, ICS, IIoT and SCADA

• Cyber Attacks On Operational Technology Are On The Rise

• UK Prepares For Ransomware Attacks On Pipelines

Nation State Actors

• Threat Actor ‘Agrius’ Emerges To Launch Wiper Attacks Against Israeli Targets

• Russian Group Behind SolarWinds Spy Campaign Conduct New Cyber Attacks

• Belgium Uproots Cyber Espionage Campaign With Suspected Ties To China

Privacy

• Employers Are Watching Remote Workers And They Are Monitoring These Activities

• GCHQ’s Mass Data Interception Violated Right To Privacy, Court Rules

• Amazon Devices Will Soon Automatically Share Your Internet With Neighbours

Reports Published in the Last Week

• Report: Cloud Security Breaches Surpass On-Prem Ones For The First Time

Other News

• Enemy Hackers Target NATO With Constant Cyber Attacks

• Security Is An Architectural Issue: Why The Principles Of Zero Trust And Least Privilege Matter So Much Right Now

• GDPR Is Being Used As A Bureaucratic Dodge To Avoid Public Scrutiny

• UK Universities To Be Offered Advice On National Security Threats

• How Hacking Became A Professional Service In Russia

• A Chinese Hacking Competition May Have Given Beijing New Ways To Spy On The Uyghurs

• 'Did Weak WiFi Password Lead The Police To Our Door?'

• How Much Economic Damage Would Be Done If A Cyber Attack Took Out The Internet?

• German Cyber Security Chief Fears Hackers Could Target Hospitals

• How The Post-Pandemic World Will Challenge CISOs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Demands Up By 43% So Far In 2021

The average demand for a digital extortion payment shot up in the first quarter of this year to $220,298, up 43% from the previous quarter. The median payment, too, jumped up 58% from $49,450 to $78,398. The majority of ransomware attacks in the first quarter also involved theft of corporate data, a continuation of a trend of ransomware actors increasingly relying on exfiltration and extortion demands. Seventy-seven percent of ransomware attacks included the threat to publish stolen data in the first quarter of this year, which is up 10%.

https://www.cyberscoop.com/ransomware-extortion-demands-increasing-coveware/

US Tech Pushes For Ransomware To Be Designated A National Security Threat

Big US tech companies and officials are urging governments to designate ransomware as a national security threat in a push to combat a hacking epidemic that has cost businesses tens of millions of dollars. Tech groups including Microsoft, Cisco and Amazon, cyber security companies such as FireEye and officials from the FBI and US Department of Justice have published a report calling for several measures to tackle the lucrative criminal enterprise.

https://www.ft.com/content/6e69efc8-66e2-4a1c-95d4-0a84d80091c7

Flubot Spyware Spreading Through Android Devices

Android mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot”. The malware is delivered to targets through SMS texts and prompts them to install a “missed package delivery” app. Instead, it takes victims to a scam website where they download the “app” — which is just the spyware. Once installed, it then sets about gaining permissions, stealing banking information and credentials, lifting passwords stored on the device and squirreling away various pieces of personal information. It also sends out additional text messages to the infected device’s contact list, which allows it to “go viral” — like the flu.

https://threatpost.com/flubot-spyware-android-devices/165607/

Ransomware: Do Not Expect A Full Recovery, However Much You Pay

When it comes to all the various types of malware out there, none has ever dominated the headlines quite as much as ransomware. Sure, several individual malware outbreaks have turned into truly global stories over the years. The LoveBug mass-mailing virus of 2000 springs to mind, which blasted itself into hundreds of millions of mailboxes within a few days; so, does CodeRed in 2001, the truly fileless network worm that squeezed itself into a single network packet and spread worldwide literally within minutes.

https://nakedsecurity.sophos.com/2021/04/27/ransomware-dont-expect-a-full-recovery/

61% Of Organisations Impacted By Ransomware In 2020

A full 79% of respondents indicated their companies had experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber preparedness. Respondents identified ransomware as the chief culprit behind these disruptions. Other insights include: 61% indicated they had been impacted by ransomware in 2020, a 20% increase over the number of companies reporting such disruption in last year’s report. Companies impacted by ransomware lost an average of six working days to system downtime, with 37% saying downtime lasted one week or more. 52% of ransomware victims paid threat actor ransom demands, but only 66% of those were able to recover their data. The remaining 34% never saw their data again, despite paying the ransom.

https://www.helpnetsecurity.com/2021/04/26/ransomware-2020/

SolarWinds Campaign Even Wider Than First Thought

A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed. The catastrophic SolarWinds security incident involved the compromise of the IT software vendor's network and later the deployment of malicious SolarWinds Orion updates to clients that contained a backdoor called Sunburst. Now researchers have now uncovered eighteen additional command-and-control servers used in the SolarWinds hacking campaign, indicating that the operation was broader in scope than previously known.  The researchers found that this infrastructure was registered under varying names and at different times over several years to avoid establishing a traceable pattern.

https://www.cybersecurityintelligence.com/blog/solarwinds-campaign-even-wider-than-first-thought-5602.html

Buying Cyber Insurance In 2021? Expect Greater Scrutiny, Higher Premiums

Organisations will face significant challenges in purchasing, renewing, and benefitting from cyber insurance policies this year as various factors drive the sector towards a stricter, more specialized position, global specialists in law, risk, and cyber security predict. These include the continued evolution and impact of cyber threats throughout 2020 and the early months of 2021, chiefly in the form of ransomware attacks and wide-ranging supply chain security issues.

https://www.csoonline.com/article/3616595/buying-cyber-insurance-in-2021-expect-greater-scrutiny-higher-premiums-thanks-to-ransomware-supply.html

Ransomware Is Growing At An Alarming Rate, Warns GCHQ Chief

The scale and severity of ransomware is growing at an alarming rate as cyber criminals look to exploit poor cyber security to maximise profit, the director of GCHQ has warned. Organisations and their employees have been forced to adapt to different ways of working over the past year, with many now even more reliant on remote services and online collaboration platforms. But cyber-criminal gangs also represent a major threat and Fleming warned that ransomware represents a cyber security danger for organisations of all kinds.

https://www.zdnet.com/article/ransomware-is-growing-at-an-alarming-rate-warns-gchq-chief/

Threats

Ransomware

• A Ransomware Attack On Apple Shows The Future Of Cyber Crime

• Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

• Ransomware Gang Threatens To Expose Police Informants If Ransom Is Not Paid

• A Ransomware Gang Made $260,000 In 5 Days Using The 7zip Utility

• Ransomware Task Force Calls For Aggressive Bitcoin Transaction Tracing Measures

• Ransomware Task Force Releases Long-Awaited Recommendations

• New Ransomware Group Uses SonicWall Zero-Day To Breach Networks

Phishing

• Scammers Imitate Windows Logo With Html Tables To Slip Through Email Gateways

• Phishing Attacks Target Chase Bank Customers

• Phishing Impersonates Global Recruitment Firm To Push Malware

Malware

• Rotajakiro: A Linux Backdoor That Has Flown Under The Radar For Years

• Security Firm Kaspersky Believes It Found New CIA Malware

• Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Vulnerabilities

• Linux Kernel Vulnerability Exposes Stack Memory, Causes Data Leaks

• F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability

• Linux Kernel Bug Opens Door to Wider Cyber Attacks

• Nvidia GPU Owners Warned About Serious Driver Bugs — Update Now

• Apple Patches ‘Worst MacOS Bug In Recent Memory’ After It Was Used In The Wild

Data Breaches

• MangaDex Discloses Data Breach After Stolen Database Shared Online

Organised Crime & Criminal Actors

• Spotlight on Cyber Criminal Supply Chains

Supply Chain

• CISA Issues Guidance On Defending Against Software Supply Chain Attacks

Nation State Actors

• Cyber Spies Target Military Organisations With New Nebulae Backdoor

• FBI: Russian Hackers Are Still Trying To Break Into Networks, Here's How To Protect Yours From Attack

• APT Actors Increasingly Turn To Exploits To Launch Attacks

• Report: Russia 'Likely' Kept Access To US Networks After SolarWinds Hack

 Reports Published in the Last Week

• Q1 2021 Ransomware Trends: Most Attacks Involved Threat To Leak Stolen Data

• APT Trends Report Q1 2021

Other News

• What IT Leaders Are Prioritising In Network Security Investments?

• Cyber Security Is Not Just For Your Company – It Applies To Your Ecosystem Too

• Machine Learning Security Vulnerabilities Are A Growing Threat To The Web, Report Highlights

• Organisations Can No Longer Afford To Overlook Encrypted Traffic

• FBI Shares 4 Million Email Addresses Used By Emotet With Have I Been Pwned

• Smishing: Why Text-Based Phishing Should Be on Every CISO’s Radar 

• A Facebook Vulnerability Can Allow Hackers To Scrape Users' Email Addresses

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Attacks On The Rise For Businesses, Pushing Many To The Brink

The proportion of businesses targeted by cyber criminals in the past year increased from 38% to 43%, with over a quarter of those targeted (28%) experiencing five attacks or more. Those attacks are pushing many firms to the brink, with one in six businesses attacked (17%) saying the financial impact materially threatened the company’s future. On a more positive note, the report shows firms are responding to the cyber challenge: mean spending per business on cyber security has more than doubled in the last two years.

https://www.insurancejournal.com/news/international/2021/04/19/610514.htm

MI5 Warns Of Spies Using Linkedin To Trick Staff Into Spilling Secrets

At least 10,000 UK nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years, according to MI5. It warned users who had accepted such connection requests might have then been lured into sharing secrets. A campaign has been launched to educate government workers about the threat. The 10,000-plus figure includes staff in virtually every government departments as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information.

https://www.bbc.co.uk/news/technology-56812746

SonicWall Warns Customers To Patch 3 Zero-Days Exploited In The Wild

Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. "In at least one known case, these vulnerabilities have been observed to be exploited 'in the wild,'" SonicWall said in a security advisory published earlier today. The company said it is "imperative" that organisations using its Email Security hardware appliances, virtual appliances, or software installations on Microsoft Windows Server machines immediately upgrade to a patched version.

https://www.bleepingcomputer.com/news/security/sonicwall-warns-customers-to-patch-3-zero-days-exploited-in-the-wild/

The FBI Removed Hacker Backdoors From Vulnerable Microsoft Exchange Servers. Not Everyone Likes The Idea

The FBI had worked to remove malicious web shells from hundreds of computers in the United States that were running vulnerable versions of Microsoft Exchange Server. While the move will have helped keep many organisations secure, it has also raised questions about the direction of cyber security. Earlier this year, four zero-day vulnerabilities in Microsoft Exchange Server, which were being actively exploited by a nation-state-backed hacking operation, were uncovered. Microsoft released a critical security update to protect Exchange Server customers from cyber attacks exploiting the vulnerabilities in March, but a significant number of organisations have yet to apply the security patch.

https://www.zdnet.com/article/the-fbi-removed-hacker-backdoors-from-vulnerable-microsoft-exchange-servers-not-everyone-likes-the-idea/

Pulse Secure VPN Zero-Day Used To Hack Defense Firms, Govt Organisations

A zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against worldwide organisations and focused on US Defence Industrial base networks. As a workaround, the vulnerability can be mitigated on some gateways by disabling Windows File Share Browser and Pulse Secure Collaboration features using instructions available in the security advisory published earlier today.

https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/

SolarWinds Hack Could Cost Cyber Insurance Firms $90 Million

Cyber insurance vendors are expected to spend $90 million on incident response and forensic services for clients who were compromised by the SolarWinds hackers. “Although the SolarWinds attack is a cyber catastrophe from a national security perspective, insurers may have narrowly avoided a catastrophic financial incident to their businesses,” The Russian hackers behind the SolarWinds attack appear to have avoided large scale exploitation of victims, instead opting to maintain access and collect sensitive data. But if the SolarWinds hackers had been focused on interrupting business and destroying networks, the campaign could have been catastrophic for insurers.

https://www.crn.com/news/security/solarwinds-hack-could-cost-cyber-insurance-firms-90-million

Mount Locker Ransomware Aggressively Changes Up Tactics

The Mount Locker ransomware has shaken things up in recent campaigns with more sophisticated scripting and anti-prevention features, according to researchers. And, the change in tactics appears to coincide with a rebranding for the malware into “AstroLocker.” According to researchers, Mount Locker has been a swiftly moving threat. Having just hit the ransomware-as-a-service scene in the second half of 2020, the group released a major update in November that broadened its targeting capabilities (including searching for file extensions utilized by TurboTax tax-return software to encrypt). It also added improved detection evasion. Attacks have continued to escalate, and now, another major update signals “an aggressive shift in Mount Locker’s tactics,”.

https://threatpost.com/mount-locker-ransomware-changes-tactics/165559/

QR Codes Offer Easy Cyber Attack Avenues as Usage Spikes

The use of mobile quick-response (QR) codes in daily life, for both work and personal use, continues to rise – and yet, most people are not aware that these handy mobile shortcuts can open them up to savvy cyber attacks. A survey of 4,157 consumers across China, France, Germany, Japan, the U.K. and the U.S. It found that 57 percent of respondents have increased their QR code usage since mid-March 2020, mainly because of the need for touchless transactions in the wake of COVID-19. In all, three-quarters of respondents (77 percent) said they have scanned a QR code before, with 43 percent having scanned a QR code in the past week.

https://threatpost.com/qr-codes-cyberattack-usage-spikes/165526/

Google Alerts Continues To Be A Hotbed Of Scams And Malware

Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites. While Google Alerts has been abused for a long time, a significant increase in activity over the past couple of weeks. People use Google Alerts to monitor for various terms related to cyber attacks, security incidents, malware, etc. In one Google Alert, almost every new article shared with people today by the service led to a scam or malicious website.

https://www.bleepingcomputer.com/news/security/google-alerts-continues-to-be-a-hotbed-of-scams-and-malware/

Threats

Ransomware

• Campus Still Closed as Portsmouth University Reels from Suspected Ransomware

• Ransomware Gang Tries To Extort Apple Hours Ahead Of Spring Loaded Event

• Discord Nitro gift codes now demanded as ransomware payments

• Top 5 Ransomware Groups

Phishing

• Phishing Tricks With Microsoft Office

Malware

• Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs

IOT

• Remote Code Execution Vulnerabilities Uncovered In Smart Air Fryer

Vulnerabilities

• Google Issues Chrome Update Patching Seven Security Vulnerabilities

• QNAP Fixes Critical RCE Vulnerabilities In NAS Devices

• Zero-Day Vulnerabilities In Sonicwall Email Security Are Being Actively Exploited

• Cisco Router Flaws Left Small Business Networks Open To Abuse

• Firefox 88 Patches Bugs And Kills Off A Sneaky Javascript Tracking Trick

Data Breaches

• Codecov Breach Impacted ‘Hundreds Of Customer Networks

• Yet Another Dating Site Has Suffered A Serious Data Breach

Organised Crime & Criminal Actors

• 'High-Level' Organiser Of FIN7 Hacking Group Sentenced To 10 Years In Prison

Cryptocurrency

• Natwest Will Refuse To Serve Business Customers Who Accept Cryptocurrencies

Supply Chain

• Growing Reliance On Third-Party Suppliers Signals Increasing Security Risks

Nation State Actors

• Japan Accuses Chinese Military Hacker Over Cyber Attacks

• Chinese threat actors extract big data and sell it on the dark web

• 5 Security Bugs Under Active Nation-State Cyber attack

• Huawei Denies Spying Accusation In The Netherlands

Denial of Service

• DDoS Attack Trends For 2021

• Telecoms Industry Facing Increased DDoS Attack

Other News

• Pupil Hacked Into School's System To Change Their Grades As Gchq Roll Out Cyber Security Training For Teachers

• Most Common Cyber Attack Techniques On Windows Networks For 2020

• When Cryptography Attacks – How TLS Helps Malware Hide In Plain Sight

• TikTok Sued For Billions Over Use Of Children's Data

• Multi-Factor Authentication: Use It For All The People That Access Your Network, All The Time

• 4 Innovative Ways Cyber Attackers Hunt For Security Bugs

• Uk’s Proposed IoT Cyber Security Law Gathers Momentum

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

61 Percent Of Employees Fail Basic Cyber Security Quiz

Nearly 70% of employees polled in a new survey said they recently received cyber security training from their employers, yet 61% nevertheless failed when asked to take a basic quiz on the topic. This was one of the leading findings of a research study that sought to understand the cyber security habits of some 1,200 workers, as well as their knowledge of best practices and ability to recognize security threats.

https://www.scmagazine.com/home/security-news/61-percent-of-employees-fail-basic-cybersecurity-quiz/

More Than 1,900 Distinct Hacking Groups Are Active Today

There are currently more than 1,900 distinct hacking groups that are active today, a number that grew from 1,800 groups recorded at the end of 2019. In its yearly cyber crime report, the company said it discovered 650 new threat actors during 2020, but new evidence also allowed it to remove 500 groups from its threat actor tracker due to overlaps in activity and hacking infrastructure with previously known clusters.

https://therecord.media/fireeye-more-than-1900-distinct-hacking-groups-are-active-today/

Ransomware: The Internet's Biggest Security Crisis Is Getting Worse

Organisations continue to fall victim to ransomware, and yet progress on tackling these attacks, which now constitute one of the biggest security problems on the internet, remains slow. From small companies to councils, government agencies and big business, the number and range of organisations hit by ransomware is rising. One recent example; schools with 36,000 students have been hit, leaving pupils without access to email as attempts were made to get systems back online. That is at least four chains of schools attacked in the last month.

https://www.zdnet.com/article/ransomware-the-internets-biggest-security-crisis-is-getting-worse-we-need-a-way-out/?&web_view=true

Enterprise Security Attackers Are One Password Away From Your Worst Day

If the definition of insanity is doing the same thing over and over and expecting a different outcome, then one might say the cyber security industry is insane.

Criminals continue to innovate with highly sophisticated attack methods, but many security organisations still use the same technological approaches they did 10 years ago. The world has changed, but cyber security hasn’t kept pace.

Distributed systems, with people and data everywhere, mean the perimeter has disappeared. And the hackers couldn’t be more excited. The same technology approaches, like correlation rules, manual processes and reviewing alerts in isolation, do little more than remedy symptoms while hardly addressing the underlying problem.

Credentials are supposed to be the front gates of the castle, but as the SOC is failing to change, it is failing to detect. The cyber security industry must rethink its strategy to analyse how credentials are used and stop breaches before they become bigger problems.

https://techcrunch.com/2021/04/16/enterprise-security-attackers-are-one-password-away-from-your-worst-day/

Microsoft’s April Update Patches 114 Bugs—Half Of Which Allow Remote Code Execution

The fourth Patch Tuesday of 2021 is another big one. Today, Microsoft revealed 114 vulnerabilities fixed in the monthly security, over half of which could potentially be exploited for remote code execution by attackers. Of the 55 remote execution bugs, over half were tied to Windows’ Remote Procedure Call (RPC) interface. Four more were Microsoft Exchange bugs (all urgent fixes) reported to Microsoft by the National Security Agency. In addition, six Chrome vulnerabilities that were previously addressed by Google are included in the roll-up.

https://news.sophos.com/en-us/2021/04/13/microsofts-april-update-patches-114-bugs-more-than-half-of-which-allow-remote-code-execution/

Nation-State Cyber Attacks Targeting Businesses Are On The Rise

Businesses are increasingly coming under fire from nation state-backed hackers as governments around the world engage in attacks to steal secrets or lay the foundations for future attacks. Nation States, Cyberconflict and the Web of Profit, a study by cyber security researchers at HP and criminologists at the University of Surrey, warns that the number of key nation-state attacks has risen significantly over the past three years – and that enterprises and businesses are increasingly being targeted. An analysis of nation-state cyber attacks between 2017 and 2020 reveals that just over a third of organisations targeted were businesses: cyber defence, media, government, and critical infrastructure are all also common targets in these attacks, but enterprise has risen to the top of the list.

https://www.zdnet.com/article/nation-state-cyber-attacks-targeting-businesses-are-on-the-rise/

Cyber Criminals Are Installing Cryptojacking Malware On Unpatched Microsoft Exchange Servers

Cyber criminals are targeting vulnerable Microsoft Exchange servers with cryptocurrency mining malware in a campaign designed to secretly use the processing power of compromised systems to make money. Zero-day vulnerabilities in Microsoft Exchange Server were detailed last month when Microsoft released critical security updates to prevent the exploitation of vulnerable systems. Cyber attackers ranging from nation-state-linked hacking groups to ransomware gangs have rushed to take advantage of unpatched Exchange servers -- but they are not the only ones.

https://www.zdnet.com/article/free-money-cyber-criminals-are-installing-cryptojacking-malware-on-unpatched-microsoft-exchange-servers/

NAME:WRECK DNS Vulnerabilities Affect Over 100 Million Devices

Security researchers have disclosed nine vulnerabilities affecting network communication stacks running on at least 100 million devices. Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them. The vulnerabilities were found in a wide range of products, from high-performance servers and networking equipment to operational technology (OT) systems that monitor and control industrial equipment. According to researchers threat actors could exploit NAME:WRECK vulnerabilities to deal significant damage to government or enterprise servers, healthcare facilities, retailers, or companies in the manufacturing business by stealing sensitive data, modifying or taking equipment offline for sabotage purposes.

https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/

Brits Still Confused By Multi-Factor Authentication

The British public are still woefully underinformed and unaware of the security benefits of multi-factor authentication (MFA). The industry association, founded in 2012 to promote authentication standards and reduce global reliance on passwords, recently polled over 4000 consumers in the UK, France, Germany, and the US. It revealed that half (49%) UK consumers have had their social media accounts compromised or know a friend or family member who has. However, despite a continued number of high-profile account takeovers, 43% said this does not make them enhance security on their accounts, even though they “feel like” they should. Part of the problem seems to be a general lack of understanding about the benefits of MFA in protecting account holders from phishing, as well as credential stuffing and other brute force attack types. Although such features are offered by all social media companies today, over a quarter (26%) of respondents said they were not using or didn’t know about them.

https://www.infosecurity-magazine.com/news/brits-still-confused-by/

623K Payment Cards Stolen From Cyber Crime Forum

The Swarmshop cyber underground “card shop” has been hit by hackers, who lifted the site’s database of stolen payment-card data and leaked it online. That is according to researchers, who said that the database was posted on a rival underground forum. Card shops, are online cyber criminal forums where stolen payment-card data is bought and sold. Researchers said the database in question contains 623,036 payment-card records from card-issuers in Brazil, Canada, China, France, Mexico, Saudi Arabia, Singapore, the U.K., and the U.S.

https://threatpost.com/623m-payment-cards-stolen-from-cybercrime-forum/165336/

Threats

Ransomware

• How The Kremlin Provides A Safe Harbour For Ransomware

• Dutch Supermarkets Run Out Of Cheese After Ransomware Attack

• This Nasty Ransomware Hacks Your VPN To Break Into Your Device

Phishing

• New Invoice Payment Phishing Attack

• Tax Phish Swims Past Google Workspace Email Security

Other Social Engineering

• 7 New Social Engineering Tactics Threat Actors Are Using Now

• Cloud-Native Watering Hole Attack: Simple And Potentially Devastating

Malware

• Hackers Using Website's Contact Forms to Deliver IcedID Malware

Mobile

• Joker Malware Infected 538,000 Huawei Android Devices

Vulnerabilities

• Chrome And Edge Hacked By New Zero-Day Flaw — What To Do

• Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop

• Microsoft Security Update Fixes Zero-Day Vulnerabilities In Windows And Other Software

• Critical Security Alert: If You Haven't Patched This Old Vpn Vulnerability, Assume Your Network Is Compromised

• WhatsApp Addressed Two Security Vulnerabilities In Its App For Android That Could Have Been Exploited To Remotely Hack The Victim’s Device.

• Security Bug Allows Attackers to Brick Kubernetes Clusters

• 84% Of Codebases Contain An Open Source Vulnerability

Data Breaches

• Clubhouse Data Breach: 1.3 Million Users Have Info Leaked Online

• Covid Results Emails May Breach GDPR

Organised Crime & Criminal Actors

• Coronavirus Triggers Epidemic Of Cyber Fraud

Nation State Actors

• Iran Vows Revenge For 'Israeli' Attack On Natanz Nuclear Site

• US Poised To Impose Sanctions On Russia For Cyber-Attacks

• NSA: Top 5 Vulnerabilities Actively Abused By Russian Govt Hackers

Privacy

• 24% Of Workers Spied On By Bosses

Reports Published in the Last Week

• SMB Cyber Security Trust & Confidence Report 2021

• Most Imitated Brands In Phishing Emails In First Quarter Of 2021: Report

Other News

• A Casino Gets Hacked Through a Fish-Tank Thermometer

• SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

• Detecting the "Next" SolarWinds-Style Cyber Attack

• The FBI Is Remotely Hacking Hundreds Of Computers To Protect Them From Hafnium

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Ryuk gang estimated to have made more than $150 million from ransomware attacks

In a joint report published today, threat intel company Advanced Intelligence and cyber security firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed and linked to Ryuk ransomware attacks. "Ryuk receives a significant amount of their ransom payments from a well-known broker that makes payments on behalf of the ransomware victims," the two companies said. "These payments sometimes amount to millions of dollars and typically run in the hundreds of thousands range."

https://www.zdnet.com/article/ryuk-gang-estimated-to-have-made-more-than-150-million-from-ransomware-attacks/

China's APT hackers move to ransomware attacks

Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. Although the attacks lack the sophistication normally seen with advanced threat actors, there is strong evidence linking them to APT27, a group normally involved in cyber espionage campaigns, also known as TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse.

https://www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/

SolarWinds hack: Amid hardened security, attackers seek softer targets

Reported theories by SolarWinds hack investigators that federal agencies and private companies were too busy focusing on election security to recognize vulnerabilities tied to the software supply chain are unfair and misleading. And yet, those same experts acknowledge that such accusations offer an important cyber security lesson for businesses: organizations must ensure that their entire attack surface receives attention.

https://www.scmagazine.com/home/solarwinds-hack/solarwinds-hack-amid-hardened-security-attackers-seek-softer-targets/

Hackney Council files including alleged passport documents leaked online after cyber attack

The council in East London was hit by what it described as a "serious cyber attack" in October. It reported itself to the data watchdog due to the risk criminals accessed staff and residents' data. The council said it was working with the UK's National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.

https://news.sky.com/story/hackney-council-files-including-alleged-passport-documents-leaked-online-after-cyber-attack-12181017

PayPal users targeted in new SMS phishing campaign

Now, at first glance the message may not seem all that suspicious since PayPal may, in fact, impose limits on sending and withdrawing money. The payment provider usually does so when it suspects that an account has been accessed by a third party without authorization, when it has detected high-risk activities on an account, or when a user has violated its Acceptable Use Policy. However, in this case it really is a case of SMS-borne phishing, also known as Smishing. If you click on the link, you will be redirected to a login phishing page that will request your access credentials. Should you proceed to “log in”, your credentials will be sent to the scammers behind the ruse and the fraudulent webpage will attempt to gather further information, including the full name, date of birth address, and bank details.

https://www.welivesecurity.com/2021/01/04/paypal-users-targeted-new-sms-phishing-campaign/

SolarWinds, top executives hit with class action lawsuit over Orion software breach

SolarWinds and some of its top executives have been hit with a class action lawsuit by stockholders, who allege the company lied and materially misled them about security practices leading up to a massive breach of its Orion management software that has reverberated throughout the public and private sector.

https://www.scmagazine.com/home/solarwinds-hack/solarwinds-top-executives-hit-with-class-action-lawsuit-over-orion-software-breach/

The rise of cyber-mercenaries poses a growing threat for both governments and companies

These days, 21st century mercenaries are as likely to be seated behind a computer screen, wreaking havoc for their paymasters’ enemies as slugging it out on a real-world battlefield. But the rapid rise of cyber-mercenaries - or Private Sector Offensive Actors (PSOAs) - is vexing some of the biggest names in the global technology industry, and for good reason. Globally, the cyber security industry is already vast, raking in an estimated $156bn in revenues in 2019. It is set to nearly double in size by 2027.

https://www.telegraph.co.uk/business/2021/01/07/privatisation-cyber-security-growing-threat-governments-companies/

Declutter Your Devices to Reduce Security Risks

Everyone should set aside time to review what they’ve installed on their various devices—typically apps, but that can also include games and addons. In fact, this should be an annual cleaning, at minimum.

You’re not just doing this because you want your device to look good. That’s one benefit you get from cleaning up your digital life, but it’s not the most important one. You’re also doing this to bolster your digital security. Yes, security.

https://lifehacker.com/declutter-your-devices-to-reduce-security-risks-1845991606

Threats

Ransomware

New Year, New Ransomware: Babuk Locker Targets Large Corporations

Phishing

This new phishing attack uses an odd lure to deliver Windows trojan malware

Facebook ads used to steal 615000+ credentials in a phishing campaign

Malware

North Korean hackers launch RokRat Trojan in campaigns against the South

Thousands infected by trojan that targets cryptocurrency users on Windows, Mac and Linux

A hacker’s predictions on enterprise malware risk

Vulnerabilities

Google Warns of Critical Android Remote Code Execution Bug

Hackers are actively exploiting this leading VPN, so patch now

Data Breaches

Hacker posts data of 10,000 American Express accounts for free

Vodafone's ho. Mobile admits data breach, 2.5m users impacted

The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on online.

T-Mobile data breach: ‘Malicious, unauthorized’ hack exposes customer call information
Exclusive Networks hit by cyberattack on New Year's Eve

Up to half a million victims of BA data breach could be eligible for compensation

Nation State Actors

Even Small Nations Have Jumped into the Cyber Espionage Game

Denial of Service

Ransom DDoS attacks target a Fortune Global 500 company

Privacy

Telegram feature exposes your precise address to hackers

Whatsapp Competitor Signal Stops Working Properly As Users Rush To Leave Over Privacy Update

Google Chrome browser privacy plan investigated in UK

Singapore police can access COVID-19 contact tracing data for criminal investigations

Other News

Feds Issue Recommendations for Maritime Cybersecurity

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

SolarWinds hack may be much worse than originally feared

The Russia-linked SolarWinds hack which targeted US government agencies and private corporations may be even worse than officials first realized, with some 250 federal agencies and business now believed affected.

Microsoft has said the hackers compromised SolarWinds’ Orion monitoring and management software, allowing them to “impersonate any of the organisation’s existing users and accounts, including highly privileged accounts.” The Times reports that Russia exploited layers of the supply chain to access the agencies’ systems.

https://www.theverge.com/2021/1/2/22210667/solarwinds-hack-worse-government-microsoft-cybersecurity

Threat actor is selling 368.8 million records from 26 data breaches

Security experts reported that a threat actor is selling user records allegedly stolen from twenty-six companies on a hacker forum.

The total volume of data available for sale is composed of 368.8 million stolen user records.

For some of these companies, the data breaches have not been previously disclosed, including Teespring.com, MyON.com, Chqbook.com, Anyvan.com, Eventials.com, Wahoofitness.com, Sitepoint.com, and ClickIndia.com.

https://securityaffairs.co/wordpress/112842/data-breach/data-breaches-records-sale.html

The Worst Hacks of 2020, a Surreal Pandemic Year

WHAT A WAY to kick off a new decade. 2020 showcased all of the digital risks and cybersecurity woes you've come to expect in the modern era, but this year was unique in the ways Covid-19 radically and tragically transformed life around the world. The pandemic also created unprecedented conditions in cyberspace, reshaping networks by pushing people to work from home en masse, creating a scramble to access vaccine research by any means, generating new fodder for criminals to launch extortion attempts and scams, and producing novel opportunities for nation-state espionage.

https://www.wired.com/story/worst-hacks-2020-surreal-pandemic-year/

A Nasty Strain of malware is back and hits 100K recipients per day

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information, resumes, financial documents, or scanned documents.

https://securityaffairs.co/wordpress/112650/malware/december-emotet-redacted.html

Ransomware in 2020: A Banner Year for Extortion

From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020. Remote learning platforms shut down. Hospital chemotherapy appointments cancelled. Ransomware attacks in 2020 dominated as a top threat vector this past year. Couple that with the COVID-19 pandemic, putting strains on the healthcare sector, and we witnessed ransomware exact a particularly cruel human toll as well. Attacks had an impact on nearly all sectors of the global economy – costing business $20 billion collectively and creating major cybersecurity headaches for others.

https://threatpost.com/ransomware-2020-extortion/162319/

Ransomware Is Headed Down a Dire Path

AT THE END of September, an emergency room technician in the United States gave WIRED a real-time account of what it was like inside their hospital as a ransomware attack raged. With their digital systems locked down by hackers, health care workers were forced onto backup paper systems. They were already straining to manage patients during the pandemic; the last thing they needed was more chaos. "It is a life-or-death situation," the technician said at the time.

The same scenario was repeated around the country this year, as waves of ransomware attacks crashed down on hospitals and health care provider networks, peaking in September and October. School districts, meanwhile, were walloped by attacks that crippled their systems just as students were attempting to come back to class, either in person or remotely. Corporations and local and state governments faced similar attacks at equally alarming rates.

https://www.wired.com/story/ransomware-2020-headed-down-dire-path/

Russia’s global hacking efforts are going to unwind in 2021

Russia has become adept at using cyberattacks and digital-media manipulation to influence events in other countries. We know there was Russian digital interference in the 2016 US general election and the 2017 presidential election in France: both involved fake social-media accounts and “hack-and-leak” operations to steal emails. The UK government has not investigated whether, as must be probable, Russia had also been using its tools of covert subversion during the Scottish independence and Brexit referenda, but it has said that it is almost certain that Russian actors sought to interfere in the 2019 general election through the online dissemination of illicitly acquired government documents, thought to relate to US/UK trade negotiations.

https://www.wired.co.uk/article/uk-us-russia-hacking

Threats

IOT

FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’

Malware

New Golang worm turns Windows and Linux servers into monero miners

Emotet malware hits Lithuania's National Public Health Centre

GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic

Vulnerabilities

Cross-layer attacks: New hacking technique raises DNS cache poisoning, user tracking risk

Windows Zero-Day Still Circulating After Faulty Fix

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

Data Breaches

T-Mobile warns customers of second data breach in less than a year

Kawasaki discloses security breach, potential data leak

Finland says hackers accessed MPs' emails accounts

Organised Crime

21 arrests in nationwide cyber crackdown

Nation State Actors

India: A Growing Cyber Security Threat

Denial of Service

Citrix devices are being abused as DDoS attack vectors

Privacy

Mapped: The Top Surveillance Cities Worldwide

Cryptocurrency

Voyager cryptocurrency broker halted trading due to cyber attack

Other News

Brexit deal mentions Netscape browser and Mozilla Mail

6 Questions Attackers Ask Before Choosing an Asset to Exploit

Deepfake queen to deliver Channel 4 Christmas message

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

The great hack attack: SolarWinds breach exposes big gaps in cyber security

Until this week, SolarWinds was a little known IT software group from Texas. Its deserted lobby has a framed magazine article from a few years ago when it was on a list of America’s “Best Small Companies”.

Now the Austin-based company is at the heart of one of the biggest and most startling cyber hacks in recent history, with ramifications that extend into the fields of geopolitics, espionage and national security.

For nine months, sophisticated state-backed hackers have exploited a ubiquitous SolarWinds software product in order to spy on government and business networks around the world, including in the US, UK, Israel and Canada. Wielding innovative tools and tradecraft, the cyber spies lurked in email services, and posed as legitimate staffers to tap confidential information stored in the cloud.

The bombshell revelations have sent 18,000 exposed SolarWinds customers scrambling to assess whether outsiders did indeed enter their systems, what the damage was and how to fix it.

https://www.ft.com/content/c13dbb51-907b-4db7-8347-30921ef931c2

A wake-up for the world on cyber security

Imagine intruders break into your home and loiter undetected for months, spying on you and deciding which contents to steal. This in essence is the kind of access that hackers, assumed to be Russian, achieved in recent months at US government institutions including the Treasury and departments of commerce and homeland security, and potentially many US companies. If the fear in the Cold War was of occasional “moles” gaining access to secrets, this is akin to a small army of moles burrowing through computer systems. The impact is still being assessed, but it marks one of the biggest security breaches of the digital era.

https://www.ft.com/content/d3fc0b14-4a82-4671-b023-078516ea714e

US government, thousands of businesses now thought to have been affected by SolarWinds security attack

Thousands of businesses and several branches of the US government are now thought to have been affected by the attack on software firm SolarWinds.

The Austin-based company has fallen victim to a massive supply chain attack believed to be the work of state-sponsored hackers.

Along with the US treasury and commerce departments, the Department of Homeland Security is now thought to have been affected by the attack. In a statement to the SEC today, SolarWinds said it had notified 33,000 customers of its recent hack, but that only 18,000 of these used the affected version of its Orion platform.

https://www.techradar.com/uk/news/solarwinds-suffers-massive-supply-chain-attack

White House activates cyber emergency response under Obama-era directive

In the wake of the SolarWinds breach, the National Security Council has activated an emergency cyber security process that is intended to help the government plan its response and recovery efforts, according to White House officials and other sources.

The move is a sign of just how seriously the Trump administration is taking the foreign espionage operation, former NSC officials told CyberScoop.

The action is rooted in a presidential directive issued during the Obama administration known as PPD-41, which establishes a Cyber Unified Coordination Group (UCG) that is intended to help the U.S. government coordinate multiple agencies’ responses to the significant hacking incident.

The UCG is generally led by the Department of Justice — through the FBI and the National Cyber Investigative Joint Task Force — as well as the Office of the Director of National Intelligence and the Department of Homeland Security.

https://www.cyberscoop.com/solarwinds-white-house-national-security-council-emergency-meetings/

Hackers targeted US nuclear weapons agency in massive cyber security breach, reports say

The National Nuclear Security Administration and Energy Department, which safeguard the US stockpile of nuclear weapons, have had their networks hacked as part of the widespread cyber espionage attack on a number of federal agencies.

Politico reports that officials have begun coordinating notifications about the security breach to the relevant congressional oversight bodies.

Suspicious activity was identified in the networks of the Federal Energy Regulatory Commission (FERC), Los Alamos and Sandia national laboratories in New Mexico and Washington, the Office of Secure Transportation, and the Richland Field Office of the Department of Energy.

Officials with direct knowledge of the matter said hackers have been able to do more damage to the network at FERC, according to the report.

https://www.independent.co.uk/news/world/americas/us-politics/hackers-nuclear-weapons-cybersecurity-b1775864.html

Microsoft warns UK companies were targeted by SolarWinds hackers

Microsoft has warned that some of its UK customers have been exposed to the malware used in the Russia-linked SolarWinds hack that targeted US states and government agencies.

More than 40 of the tech giant's customers are thought to have used breached SolarWinds software, including clients in Britain, the US, Canada, Mexico, Belgium, Spain, Israel, and the UAE.

The company would not name the victims, but said they include government agencies, think tanks, non-governmental organisations and IT firms. Microsoft said four in five were in the US, with nearly half of them tech companies.

“This is not ‘espionage as usual,’ even in the digital age,” said Brad Smith, Microsoft's president. “Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world.”

The attackers, believed to be working for the Russian government, got into computer networks by installing a vulnerability in Orion software from SolarWinds.

https://www.telegraph.co.uk/technology/2020/12/18/microsoft-warns-uk-companies-targeted-solarwinds-hackers/

Society at Increasingly High Risk of Cyber Attacks

Cyber attacks are becoming easier to conduct while conversely security is getting increasingly difficult, according to Kevin Curran, senior IEEE member and professor of cyber security, Ulster University, during a virtual media roundtable.

“Any company you can think of has had a data breach,” he commented. “Whenever a data breach happens it weakens our credentials because our passwords are often reused on different websites.”

He observed that the art of hacking doesn’t necessarily require a significant amount of technical expertise anymore, and bad actors can receive substantial help from numerous and readily accessible tools online. “You don’t have to spend seven years in college to learn how to hack, you just have to know about these sites and what terms to use,” noted Curran.

A number of legitimate online mechanisms that can help damaging attacks to be launched by hackers were highlighted by Curran in his presentation. These include Google Dorks, which are “search strings which point to website vulnerabilities.” This means vulnerable accounts can be identified simply via Google searches.

https://www.infosecurity-magazine.com/news/society-increasingly-risk-cyber/

Three million users installed 28 malicious Chrome or Edge extensions

More than three million internet users are believed to have installed 15 Chrome, and 13 Edge extensions that contain malicious code, security firm Avast said today.

The 28 extensions contained code that could perform several malicious operations, including:

-redirect user traffic to ads

-redirect user traffic to phishing sites

-collect personal data, such as birth dates, email addresses, and active devices

-collect browsing history

-download further malware onto a user's device

But despite the presence of code to power all the above malicious features, Avast researchers said they believe the primary objective of this campaign was to hijack user traffic for monetary gains.

https://www.zdnet.com/article/three-million-users-installed-28-malicious-chrome-or-edge-extensions/

Vaccines for sale on dark web as criminals target pandemic profits

Black market vendors were offering coronavirus vaccines for sale on hidden parts of the internet days after the first Covid-19 shot was approved this month, as criminals seek to profit from global demand for inoculations.

One such offer on the so-called dark web, traced by cyber security company Check Point Software, was priced at $250 with the seller promising “stealth” delivery in double-wrapped packaging. Shipping from the US via post or a leading courier company would cost $20, with an extra $5 securing overnight delivery.

https://www.ft.com/content/8bfc674e-efe6-4ee0-b860-7fcb5716bed6

Threats

Ransomware

• FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay

• House purchases in Hackney fall through following cyber attack against council

• Ransomware masterminds claim to have nabbed 53GB of data from Intel's Habana LabsRansomware masterminds claim to have nabbed 53GB of data from Intel's Habana Labs

• Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers

• PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers

• Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor

Phishing

• Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam

• Microsoft Office 365 Credentials Under Attack By Fax ‘Alert’ Emails

IoT

• Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure

Malware

• New iOS and Android spyware responsible for multi-layered sextortion campaign

• Google Chrome, Firefox, Edge hijacked by massive malware attack: What you need to know

• New Windows malware may soon target Linux, macOS devices

• This nasty malware is infecting every web browser — what to do now

• Tor malware is becoming a worryingly popular ransomware tool

Vulnerabilities

• Total Published CVEs Hits Record High for Fourth Year

• Israeli Phone-hacking Firm Claims It Can Now Break Into Encrypted Signal App

• F5 warns over ‘critical’ XSS flaw in BIG-IP

• PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

• Zero-day in WordPress SMTP plugin abused to reset admin account passwords

• Sophos fixes SQL injection vulnerability in their Cyberoam OS

• Wormable code-execution flaw in Cisco Jabber has a severity rating of 9.9 out of 10

• HPE discloses critical zero-day in Systems Insight Manager

Data Breaches

• Twitter hit with €450,000 GDPR fine nearly two years after disclosing data breach

• Data Leak Exposes Details of Two Million Chinese Communist Party Members

• Spotify Changes Passwords After Another Data Breach

• Massive Instagram 'click farm' found following data breach

• Tech unicorn UiPath discloses data breach

• People's Energy data breach affects all 270,000 customers

Organised Crime

• Lithuania Suffers "Most Complex" Cyber-attack in Years

Nation State Actors

• Enough is enough. Here’s what we should do to defend against the next Russian cyber attacks.

• Facebook Shutters Accounts Used in APT32 Cyber attacks

Privacy

• UK police unlawfully processing over a million people’s data on Microsoft 365

• Sci-fi surveillance: Europe's secretive push into biometric technology

Other News

• Analysis of 5G Network Security Reveals Attack Possibilities

Reports Published in the Last Week

• ENISA Threat Landscape for 5G Networks Report

• ENISA AI Threat Landscape Report Unveils Major Cyber Security Challenges

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Covid vaccine supply chain targeted by hackers, say security experts

Cyber attackers have targeted the cold supply chain needed to deliver Covid-19 vaccines, according to a report detailing a sophisticated operation likely backed by a nation state. 

The hackers appeared to be trying to disrupt or steal information about the vital processes to keep vaccines cold as they travel from factories to hospitals and doctors’ offices.

https://www.ft.com/content/9c303207-8f4a-42b7-b0e4-cf421f036b2f

Criminals to Favour Ransomware and BEC Over Breaches in 2021

The era of the mega-breach may be coming to an end as cyber-criminals eschew consumers’ personal data and focus on phishing and ransomware.

Cyber-criminals are relying less on stolen personal information and more on “poor consumer behaviors” such as password reuse to monetize attacks.

https://www.infosecurity-magazine.com/news/criminals-favor-ransomware-bec/

Bank Employee Sells Personal Data of 200,000 Clients

South Africa–based financial services group Absa has stated that one of its employees sold the personal information of 200,000 clients to third parties.

The group confirmed on Wednesday that the illegal activity had occurred and that 2% of Absa's retail customer base had been impacted.

The employee allegedly responsible for it was a credit analyst who had access to the group's risk-modeling processes.

Data exposed as a result of the security incident included clients' ID numbers, addresses, contact details, and descriptions of vehicles that they had purchased on finance.

https://www.infosecurity-magazine.com/news/bank-employee-sells-personal-data/

LastPass review: Still the leading password manager, despite security history

"'Don't put all your eggs in one basket' is all wrong. I tell you 'put all your eggs in one basket, and then watch that basket,'" said industrialist Andrew Carnegie in 1885. When it comes to privacy tools, he's usually dead wrong. In the case of password managers, however, Carnegie is usually more dead than wrong. To wit, I have been using LastPass so long I don't know when I started using LastPass and, for now, I've got no reason to change that. 

https://www.cnet.com/news/lastpass-review-still-the-leading-password-manager-despite-security-history/

The most significant security innovations of 2020

Who gets access? That is the question that drives every security measure and innovation that’s landed on PopSci’s annual compendium since we launched the category in 2008. Every year, that question gets bigger and bigger. In 2020, the world quaked under a global pandemic that took 1.4 million lives, the US saw a rebirth in its civil rights movement, and a spate of record-breaking wildfires forced entire regions to evacuate. And those are just the new scares. A buildup of angst against ad trackers and app snooping led to major changes in hardware and software alike. It was a year full of lessons, nuances, and mini revolutions, and we strive to match that with our choices.

https://www.popsci.com/story/technology/most-important-security-innovations-2020/

2020 security priorities: Pandemic changing short- and long-term approaches to risk

Security planning and budgeting is always an adventure. You can assess current risk and project the most likely threats, but the only real constant in cybersecurity risk is its unpredictability. Layer a global pandemic on top of that and CISOs suddenly have the nearly impossible task of deciding where to request and allocate resources in 2021.

Show how the COVID pandemic has changed what security focuses on now and what will drive security priorities and spending in 2021. Based on a survey of 522 security professionals from the US, Asia/Pacific and Europe, the study reveals how the pandemic has changed the way organizations assess risk and respond to threats—permanently.

https://www.csoonline.com/article/3598393/new-study-shows-pandemic-changing-short-and-long-term-approaches-to-risk.html

Cyber risks take the fun out of connected toys

As Christmas approaches, internet-enabled smart toys are likely to feature heavily under festive trees. While some dolls of decades past were only capable of speaking pre-recorded phrases, modern equivalents boast speech recognition and can search for answers online in real time.

Other connected gadgets include drones or cars such as Nintendo’s Mario Kart Live Home Circuit, where players race each other in a virtual world modelled after their home surroundings.

But for all the fun that such items can bring, there is a risk — poorly-secured Internet of Things toys can be turned into convenient tools for hackers.

https://www.ft.com/content/c653e977-435f-4553-8401-9fa9b0faf632

Remote Workers Admit Lack of Security Training

A third of remote working employees have not received security training in the last six months.

400 remote workers in the UK across multiple industries, while 83% have had access to security best practice training and 88% are familiar with IT security policies, 32% have received no security training in the last six months.

Also, 50% spend two or more hours a week on IT issues, and 42% felt they had to go around the security policies of their organization to do their job.

https://www.infosecurity-magazine.com/news/remote-workers-training/ 

Threats

Ransomware

Delaware County Pays $500,000 Ransom After Outages

A US county is in the process of paying half-a-million dollars to ransomware extorters who locked its local government network, according to reports.

Pennsylvania’s Delaware County revealed the attack last week, claiming in a notice that it had disrupted “portions of its computer network.

“We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems,” it said.

https://www.infosecurity-magazine.com/news/delaware-county-pays-500k-ransom/

MasterChef Producer Hit by Double Extortion Ransomware

A multibillion-dollar TV production company has become the latest big corporate name caught out by ransomware, it emerged late last week.

The firm owns over 120 production firms around the world, delivering TV shows ranging from MasterChef and Big Brother to Black Mirror and The Island with Bear Grylls.

In a short update last Thursday, it claimed to be managing a “cyber-incident” affecting the networks of Endemol Shine Group and Endemol Shine International, Dutch firms it acquired in a $2.2bn deal in July.

Although ransomware isn’t named in the notice, previous reports suggest the firm is being extorted.

https://www.infosecurity-magazine.com/news/masterchef-producer-double/

Sopra Steria to take multi-million euro hit on ransomware attack

The company revealed in October that it had been hit by hackers using a new version of Ryuk ransomware.

It now says that the fallout, with various systems out of action, is likely to have a gross negative impact on operating margin of between €40 million and €50 million.

The group's insurance coverage for cyber risks is EUR30 million, meaning that negative organic revenue growth for the year is now expected to be between 4.5% and five per cent (previously between two per cent and four per cent). Free cash flow is now expected to be between €50 million and €100 million (previously between €80 million and €120 million).

https://www.finextra.com/newsarticle/37020/sopra-steria-to-take-multi-million-euro-hit-on-ransomware-attack

BEC

FBI: BEC Scams Are Using Email Auto-Forwarding

The agency notes in an alert made public this week that since the COVID-19 pandemic began, leading to an increasingly remote workforce, BEC scammers have been taking advantage of the auto-forwarding feature within compromised email inboxes to trick employees to send them money under the guise of legitimate payments to third parties.

This tactic works because most organizations do not sync their web-based email client forwarding features with their desktop client counterparts. This limits the ability of system administrators to detect any suspicious activities and enables the fraudsters to send malicious emails from the compromised accounts without being detected, the alert, sent to organizations in November and made public this week, notes.

https://www.bankinfosecurity.com/fbi-bec-scams-are-using-email-auto-forwarding-a-15498

Phishing

Phishing lures employees with fake 'back to work' internal memos

Scammers are trying to steal email credentials from employees by impersonating their organization's human resources (HR) department in phishing emails camouflaged as internal 'back to work' company memos.

These phishing messages have managed to land in thousands of targeted individuals' mailboxes after bypassing G Suite email defences according to stats provided by researchers at email security company Abnormal Security who spotted this phishing campaign.

There is a high probability that some of the targets will fall for the scammers' tricks given that during this year's COVID-19 pandemic most companies have regularly emailed their employees with updates regarding remote working policy changes.

https://www.bleepingcomputer.com/news/security/phishing-lures-employees-with-fake-back-to-work-internal-memos/

Warning: Massive Zoom phishing targets Thanksgiving meetings

Everyone should be on the lookout for a massive ongoing phishing attack today, pretending to be an invite for a Zoom meeting. Hosted on numerous landing pages, BleepingComputer has learned that thousands of users' credentials have already been stolen by the attack.

With many in the USA hosting virtual Thanksgiving dinners and people in other countries conducting Zoom business meetings, as usual, today is a prime opportunity to perform a phishing attack using Zoom invite lures.

https://www.bleepingcomputer.com/news/security/warning-massive-zoom-phishing-targets-thanksgiving-meetings/

Malware

All-new Windows 10 malware is excellent at evading detection

Security researchers at Kaspersky have discovered a new malware strain developed by the hacker-for-hire group DeathStalker that has been designed to avoid detection on Windows PCs.

While the threat actor has been active since at least 2012, DeathStalker first drew Kaspersky's attention back in 2018 because of its distinctive attack characteristics which didn't resemble those employed by cybercriminals or state-sponsored hackers.

https://www.techradar.com/news/all-new-windows-10-malware-is-excellent-at-evading-detection

New TrickBot version can tamper with UEFI/BIOS firmware

The operators of the TrickBot malware botnet have added a new capability that can allow them to interact with an infected computer's BIOS or UEFI firmware.

The new capability was spotted inside part of a new TrickBot module, first seen in the wild at the end of October, security firms Advanced Intelligence and Eclypsium said in a joint report published today.

The new module has security researchers worried as its features would allow the TrickBot malware to establish more persistent footholds on infected systems, footholds that could allow the malware to survive OS reinstalls.

https://www.zdnet.com/article/new-trickbot-version-can-tamper-with-uefibios-firmware/

Russia-linked APT Turla used a new malware toolset named Crutch

Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country.

The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

https://securityaffairs.co/wordpress/111813/apt/turla-crutch-malware-platform.html

MacBooks under attack by dangerous malware: What to do

a recent spate of malware attacks targeting macOS of late that installs backdoors to steal sensitive personal information. The security firm discovered that a new malware variant is being used online and backed by a rogue nation-state hacking group known as OceanLotus, which also operates under the name AKTP2 and is based in Vietnam. 

The new malware was created by OceanLotus due to the “similarities in dynamic behavior and code” from previous malware connected to the Vietnamese-based hacking group. 

https://www.laptopmag.com/news/macbooks-under-attack-by-dangerous-malware-what-to-do

Hackers Using Monero Mining Malware as Decoy, Warns Microsoft

The company’s intelligence team said a group called BISMUTH hit government targets in France and Vietnam with relatively conspicuous monero mining trojans this summer. Mining the crypto generated side cash for the group, but it also distracted victims from BISMUTH’s true campaign: credential theft.

Crypto-jacking “allowed BISMUTH to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re ‘commodity’ malware,” Microsoft concluded. It said the conspicuousness of monero mining fits BISMUTH’s “hide in plain sight” MO.

Microsoft recommended organizations stay vigilant against crypto-jacking as a possible decoy tactic.

https://www.coindesk.com/hackers-using-monero-mining-malware-as-decoy-warns-microsoft

Vulnerabilities

Zerologon is now detected by Microsoft Defender for Identity

There has been a huge focus on the recently patched CVE-2020-1472 Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While Microsoft strongly recommends that you deploy the latest security updates to your servers and devices, we also want to provide you with the best detection coverage possible for your domain controllers. Microsoft Defender for Identity along with other Microsoft 365 Defender solutions detect adversaries as they try to exploit this vulnerability against your domain controllers.

https://www.microsoft.com/security/blog/2020/11/30/zerologon-is-now-detected-by-microsoft-defender-for-identity/

Privacy

'We've heard the feedback...' Microsoft 365 axes per-user productivity monitoring after privacy backlash

If you heard a strange noise coming from Redmond today, it was the sound of some rapid back-pedalling regarding the Productivity Score feature in its Microsoft 365 cloud platform.

Following outcry from subscribers and privacy campaigners, the Windows giant has now vowed to wind back the functionality so that it no longer produces scores for individual users, and instead just summarizes the output of a whole organization. It was feared the dashboard could have been used by bad bosses to measure the productivity of specific employees using daft metrics like the volume of emails or chat messages sent through Microsoft 365.

https://www.theregister.com/2020/12/01/productivity_score/

Other News

Think-Tanks Under Attack by Foreign APTs, CISA Warns

AI needed to vet 100 billion cyber threat items per day

Cloud native security: A maturing and expanding arena

MOD Corsham seeks new recruits to combat cyber warfare

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

386 million user records stolen in data breaches — and they're being given away for free

A notorious hacker or group of hackers is giving away copies of databases said to contain 386 million user records, after posting links to the databases on a marketplace used by cyber criminals.

The threat actor, who goes by the name ShinyHunters, claims to have data stolen from 18 different websites in the past seven months. According to reports, ShinyHungers last week began uploading the databases to a forum where anyone can download them free of charge.

ShinyHunters is believed to have played a role in high-profile data breaches at HomeChef, Promo.com, Mathway, Chatbooks, Dave.com, Wattpad and even Microsoft's GitHub account. Many of these records were previously offered for sale online.

Why this matters:

Any details stolen from one site or service will be used against other sites and services, this is why it is critical that passwords are not reused across different sites and that all passwords are unique. Using multi factor authentication is also very effective at safeguarding against these types of attacks.

Read more here: https://www.tomsguide.com/news/shinyhunters-breach-giveaway

Twitter says spear-phishing attack on employees led to breach

Twitter said a large hack two weeks ago targeted a small number of employees through a phone “spear-phishing” attack.

The social media platform said the hackers targeted about 130 accounts, tweeted from 45, accessed the inboxes of 36, and were able to download Twitter data from seven.

Attackers also targeted specific employees who had access to account support tools, Twitter said. The company added it has since restricted access to its internal tools and systems.

Twitter suffered a major security breach on 15 July that saw hackers take control of the accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos and Apple.

The hack unfolded over the course of several hours, and in the course of halting it, Twitter stopped all verified accounts from tweeting – an unprecedented measure.

Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency.

Why this matters?

It is nearly always a lot easier for attackers to attack your users than it is to attack your systems. IT controls alone cannot protect against social engineering attacks so making sure your staff are trained so they don’t fall for social engineering attacks is a critical part of your defence.

Read more here: https://www.theguardian.com/technology/2020/jul/30/twitter-breach-hackers-spear-phishing-attack

Cyber-Criminals Continue to Exploit #COVID19 During Q2

Cyber-criminals’ exploitation of the COVID-19 pandemic to target individuals and businesses has continued unabated during the second quarter of 2020, according to one Cyber Security firm’s Q2 2020 Threat Report published today. The findings highlight how the crisis is defining the cybersecurity landscape in Q2 in a similar way as it did in Q1 after the pandemic first struck.

The firm observed a continuous focus on phishing using COVID-19 lures in this period. This included criminals taking advantage of the rise in online shopping that has occurred during the pandemic, with a 10-fold increase in phishing emails impersonating one of the world’s leading package delivery services found in comparison to Q1.

The shift to remote working as a result of the pandemic has also led to increased targeting of Remote Desktop Protocol’s in recent months.

Ransomware tactics were found to be “rapidly developing” in this period, with operators moving away from doxing and random data leaking towards auctioning the stolen data on dedicated underground sites.

Why does this matter?

The Coronavirus crisis gave criminals an efficient lure to bait phishing emails with and for as long as it is working they will continue to exploit this crisis. It’s like we always say “cyber criminals will never let a good crisis or tragedy go to waste”

Read more here: https://www.infosecurity-magazine.com/news/cyber-criminals-exploit-covid/

FBI Releases Flash Alert on Netwalker Ransomware

The US Federal Bureau of Investigations (FBI) released a flash alert in which it warned organisations about the dangers of Netwalker ransomware.

The FBI said that it had received notifications of attacks involving Netwalker against U.S. and foreign government organisations along with entities operating in the healthcare and education sectors.

In its alert, the FBI noted that those responsible for Netwalker had used COVID-19 phishing emails and unpatched vulnerabilities affecting VPN apps to gain entry into an organisation. The malicious actors had then used their crypto-malware to harvest administrator credentials and steal data from their victims. Ultimately, the attackers uploaded that stolen information to a file-sharing service.

Once they had come into possession of a victim’s data, the nefarious individuals activated the ransomware’s encryption routine. This step led the threat to encrypt all connected Windows-based devices and information before dropping a ransom note on the infected machine.

Why does this matter?

Ransomware remains one of the biggest risks for all firms, organisations and individuals, and the majority of the time the ransomware infection will stem from a phishing email that a user within an organisation clicked on. As with all social engineering attacks IT controls alone are of limited effectiveness and defending against these attacks comes down to educating your users and instilling in them the importance of the role they play in defending an organisation.

Read more here: https://www.tripwire.com/state-of-security/security-data-protection/fbi-releases-flash-alert-on-netwalker-ransomware/

Garmin may have paid hackers ransom, reports suggest

Fitness wearable and Navtech supplier Garmin may have given in to the demands of cyber criminals who encrypted its systems with ransomware, according to news reports that suggest the firm has obtained a decryption key to recover its files, strongly suggesting it has either paid up, or brokered some kind of deal.

In a statement issued four days after its services first went offline, Garmin finally confirmed it had been the victim of a cyber attack, having previously limited its response to saying it was experiencing an outage. It has not yet confirmed it was the victim of a ransomware incident, although this is now all but certain.

A spokesperson said: “Garmin today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer-facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation,” said the firm.

“We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

Why does this matter?

Ransomware can affect firms of any size, from the smallest to the largest, no firm or organisation is immune and even firms that are spending millions or tens of millions on advanced protections and controls can still fall victim. These types of attacks go after the people working for an organisation, not the organisations technical infrastructure and technical controls are of limited use in defending against these types of attacks. An organisation needs to ensure their users are efficient at spotting phishing emails, it only takes one user clicking on one malicious email to take down a multinational corporation.

Read more here: https://www.computerweekly.com/news/252486775/Garmin-may-have-paid-hackers-ransom-reports-suggest

Cyber-security agencies from the UK and the US say 62,000 QNAP NAS devices have been infected with the QSnatch malware

The UK NCSC and US CISA published a joint security alert this week about QSnatch, a strain of malware that has been infecting network-attached storage (NAS) devices from Taiwanese device maker QNAP.

In alerts  by the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC), the two agencies say that attacks with the QSnatch malware have been traced back to 2014, but attacks intensified over the last year when the number of reported infections grew from 7,000 devices in October 2019 to more than 62,000 in mid-June 2020.

Of these, CISA and the NSCS say that approximately 7,600 of the infected devices are located in the US, and around 3,900 in the UK.

Why this matters?

Vulnerable devices can be used to steal credentials (usernames and passwords) and exfiltrate information from devices on the network. It is important to keep devices up to date with the latest security patches to close any vulnerabilities before they can be exploited.

Read more here: https://www.zdnet.com/article/cisa-says-62000-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/

Hackers actively exploit high-severity networking vulnerabilities

Hackers are actively exploiting two unrelated high-severity vulnerabilities that allow unauthenticated access or even a complete takeover of networks run by FTSE100/Fortune 500 companies and government organisations.

The most serious exploits are targeting a critical vulnerability in F5’s Big-IP advanced delivery controller, a device that’s typically placed between a perimeter firewall and a Web application to handle load balancing and other tasks. The vulnerability, which F5 patched three weeks ago, allows unauthenticated attackers to remotely run commands or code of their choice. Attackers can then use their control of the device to hijack the internal network it’s connected to.

Why this matters?

Vulnerable devices such as this can be used to gain access to internal networks. It is important to keep devices up to date with the latest security patches to close any vulnerabilities before they can be exploited. When a vendor releases updates they should be installed as soon as possible, ideally having been tested before updates are applied in your live environment.

Read more here: https://arstechnica.com/information-technology/2020/07/hackers-actively-exploit-high-severity-networking-vulnerabilities/

27% of consumers hit with pandemic-themed phishing scams

Phishing is the top digital fraud scheme worldwide related to the COVID-19 pandemic, according to new research.

Among consumers reporting being targeted with digital COVID-19 schemes globally, 27% said they were hit with pandemic-themed phishing scams.

Identity fraud is a primary way fraudsters leverage stolen consumer data from phishing and other social engineering schemes. It can have long-term impacts for consumers such as the compromise of multiple online accounts and bringing down credit scores, which we anticipate will increase during pandemic reconstruction.

To better understand the impacts of COVID-19 on consumers, 7,384 adults in Canada, Colombia, Hong Kong, South Africa, the U.K., and the U.S. have been surveyed between June 30 and July 6, 2020.

It asked the consumers if they had been targeted by digital COVID-19 fraud and if so, which digital fraud scheme(s) related to COVID-19 were they targeted with. Globally, 32% said they had been targeted by digital fraud related to COVID-19 with the below being the top types of COVID-19 fraud they faced:

Top global online COVID-19 scams targeting consumers:

Why this matters?

Whatever works for criminals they will continue doing. Until consumers, as well as businesses, get better at detecting these scams and get better at spotting phishing emails criminals will carry on using the latest crisis or tragedy to get users to click on malicious emails and open their networks to attackers.

Read more here: https://www.helpnetsecurity.com/2020/07/24/pandemic-themed-phishing-scams/

New Netflix phishing scam uncovered - here’s how to stay safe

Security analysts have uncovered a dangerous and highly convincing new Netflix phishing scam, capable of evading traditional email security software.

The phishing email masquerades as a billing error alert, pressing the victim to update their payment details within 24 hours or have their Netflix subscription voided.

The link provided in the email redirects to a functioning CAPTCHA form, used in legitimate scenarios to distinguish between humans and AI. Although this step adds a layer of friction to the process, it serves to enhance the sense of legitimacy the attacker is attempting to cultivate.

After handing over account credentials, billing address and payment card information, the victim is then redirected to the genuine Netflix home page, unaware their data has been compromised.

Why does this matter?

Phishing campaigns like this cast a wide net and only need a small number of victims to fall for it to turn a profit, and that means these types of scams are not going to go away any time soon. If no one fell for them they would stop. Always question any email that urges you to take action quickly under the guise of some threat.

Read more here: https://www.techradar.com/news/dangerous-new-netflix-phishing-scam-hits-the-scene-heres-what-you-need-to-know

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.