Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

The Human Element Is the Weakest Link

Within the last week, Facebook has become the subject of a whistleblowing campaign featuring thousands of documents alleging malpractice. Despite their size and expected security controls, these documents have been exfiltrated without detection, lending credence to the idea of the insider threat. https://www.darkreading.com/risk/the-human-element-is-the-weakest-link

Ransomware is the Biggest Cyber Threat to Business But Most Firms Still Aren't Ready for It

Ransomware is still the most significant cyber security threat facing organisations – ranging from critical national infrastructure providers and large enterprises to schools and local businesses – but it's a threat that can be countered. https://www.zdnet.com/article/ransomware-is-now-the-most-urgent-cyber-threat-to-business-but-most-firms-arent-ready-for-it/

Most Known Ransomware Targets Windows Devices

Recently conducted research shows that 95% of identified ransomware is targeting Windows machines. Furthermore, the stats show that Israel are submitting by far the most ransomware samples, followed by South Korea, Vietnam, and China, with the UK in 10th place. https://www.theregister.com/2021/10/14/googles_virustotal_malware/

67% of Organisations Have Been Hit by Ransomware at Least Once

A recent report found that two-thirds of surveyed organizations have suffered a ransomware attack, with about half having been hit multiple times, and 16% having been hit three or more times. https://threatpost.com/podcast-67-percent-orgs-ransomware/175339/

Russian Cyber Crime Gang Targets Finance Firms With Stealthy Macros

A new phishing campaign dubbed MirrorBlast is deploying weaponized Excel documents that are extremely difficult to detect to compromise financial service organizations. The most notable feature of MirrorBlast is the low detection rates of the campaign's malicious Excel documents by security software, putting firms that rely solely upon detection tools at high risk. https://www.bleepingcomputer.com/news/security/russian-cybercrime-gang-targets-finance-firms-with-stealthy-macros/  

70% of Businesses Can’t Ensure the Same Level of Protection for Every Endpoint

Recent research found that 86% of UK respondents believe it is not possible to fully prevent ransomware and malware attacks from compromising their organisations. It also found that the rise in the number of endpoints that businesses need to protect continues to be a key source of risk exposure. https://www.helpnetsecurity.com/2021/10/15/endpoint-protection-level/

Over 90% of Firms Suffered Supply Chain Breaches Last Year

A recent survey polled 1200 IT and procurement leaders responsible for supply chain and cyber risk management. Those polled came from global companies with 1,000+ employees and were used to compile its report: Managing Cyber Risk Across the Extended Vendor Ecosystem. The report revealed the average number of breaches experienced in the past 12 months grew from 2.7 in 2020 to 3.7 in 2021 – a 37% year-on-year increase. https://www.infosecurity-magazine.com/news/90-firms-supply-chain-breaches/

Cyber Security Shortcomings Exposed By The Pandemic

According to a survey by SecureAge, 48% of businesses have experienced a cyber breach during the COVID-19 pandemic and another 8% ‘were not sure’. In addition, 16% of employees said they personally had to deal with a cyber security incident during the same period. https://www.helpnetsecurity.com/2021/10/13/cybersecurity-shortcomings/

6 Things to Know About 'Killware,' Cyber Security's Next Big Threat

Threat actors are adopting a “killware” cyber model, which launches attacks on critical infrastructure with the intent to cause harm. Alejandro Mayorkas, secretary for Homeland Security, told USA Today he is worried about killware because it has the potential to kill. Hackers breached a water system in February this year, which was considered an unsuccessful attempt to distribute contaminated water to residents of Florida. "[The] attack was not for financial gain but rather purely to do harm,” he said. https://www.beckershospitalreview.com/cybersecurity/6-things-to-know-about-killware-cybersecurity-s-next-big-threat.html

2021 Nastiest Malware: Here to Stay and Ever Evolving

This year was yet another year with COVID-19 and malware running rampant in the headlines. Be it in person or online, the world is still struggling in the fight against viruses. This year took another turn for the worse when attacks on critical infrastructure and supply chains became a hot trend. https://www.helpnetsecurity.com/2021/10/12/nastiest-malware-2021/

Threats

Ransomware

• Since 2020, At Least 130 Different Ransomware Families Have Been Active

• AWS Ransomware Attacks: Not A Question Of If, But When

• This New Ransomware Encrypts Your Data And Makes Some Nasty Threats, Too

• UK Cyber Head Says Russia Responsible For 'Devastating' Ransomware Attacks

• What Makes AWS Buckets Vulnerable To Ransomware

• The Netherlands Declares War On Ransomware Operations

• Weir Group Suffers 'Sophisticated' Ransomware Attack

• US Ransomware Law Would Require Victims To Disclose Ransom Payments Within 48 Hours

• Ransomware: Cyber Criminals Are Still Exploiting These Old Vulnerabilities, So Patch Now

BEC

• Analyzing Email Services Abused For Business Email Compromise

Phishing

• Human Hacking Increased As Apps And Browsers Moved Completely To The Cloud

• DocuSign Phishing Campaign Targets Low-Ranking Employees

• Phishing Campaign Uses Math Symbols To Evade Detection

Malware

• FreakOut Botnet Now Attacks Vulnerable Video DVR Devices

• FontOnLake Malware Strikes Linux Systems In Targeted Attacks

• Hackers Use Stealthy ShellClient Malware On Aerospace, Telco Firms

Vulnerabilities

• NSA Warns Of Alpaca TLS Attack, Use Of Wildcard TLS Certificates[RP1] 

• October Patch Tuesday: 3 Critical Bulletins Among 71

• Update Your Windows PCs Immediately To Patch New 0-Day Under Active Attack

• Microsoft Fixes Zero-Day Flaw In WIN32 Driver

• Windows Zero-Day Actively Exploited In Widespread Espionage Campaign

• Chinese Hackers Use Windows Zero-Day To Attack Defense, IT Firms

• Apple Releases Urgent iPhone And iPad Updates To Patch New Zero-Day Vulnerability

• Sky.Com Servers Exposed Via Misconfiguration

• Apache Patch Proves Patchy – Now You Need To Patch The Patch

Data Breaches/Leaks

• Data Breach Sees Millions Of Acer Customers' Data Being Sold By Hackers

Organised Crime & Criminal Actors

• Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

Cryptocurrency/Cryptojacking

• CryptoRom Scam Rakes In $1.4m By Exploiting Apple Enterprise Features

• Hackers Are Hijacking Copy And Paste To Steal Millions Of Dollars In Crypto Currency

Dark Web

• Dark Web: Many Cyber Crime Services Sell For Less Than $500

• What It Costs To Hire A Hacker On The Dark Web

• Warning: 24M Webcam Video Records Up For Grabs On The Dark Web

Supply Chain

• Worldwide Supply Chains Vulnerable As Businesses Lack Visibility Into Suppliers

DoS/DDoS

• Microsoft Says Azure Fended Off What Might Just Be The World's Biggest-Ever DDoS Attack

• Ukrainian Police Arrest DDoS Operator Controlling 100,000 Bots

OT, ICS, IIoT and SCADA

• Critical Infrastructure Security Dubbed 'Abysmal' By Researchers

Nation State Actors

• Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

• Google Sent 50,000 Warnings Of State-Sponsored Attacks In 2021

• How Shape-Shifting Threat Actors Complicate Attack Attribution

• Google Warns Some Users That Fancybear’s Been Prowling Around

• Microsoft: Iran-Linked Hackers Breached Office 365 Customer Accounts

• We’re Not In Competition With China; We’re At War, Argues A Provocative New Book

Privacy

• Amazon's Ring Doorbell Can Violate Your Neighbour’s Privacy, A UK Judge Rules

• Amnesty International Links Cyber Security Firm To Spyware Operation

• Study Reveals Android Phones Constantly Snoop On Their Users

• How Apple Can Read Your Encrypted Messages

Other News

• This Is How Formula 1 Teams Fight Off Cyber Attacks

• Cyber Attack Shuts Down Ecuador's Largest Bank, Banco Pichincha[RP2] 

• 30 Mins Or Less: Rapid Attacks Extort Orgs Without Ransomware

• University Of Sunderland Is Latest To Be Hit By Cyber Attack

• Russia Excluded From 30-Country Meeting To Fight Ransomware And Cyber Crime

• Inside Apple: How MacOS Attacks Are Evolving

• Zero-Day Hunters Seek Laws To Prevent Vendors Suing Them For Helping Out And Doing Their Jobs

• Google To Give Security Keys To ‘High Risk’ Users Targeted By Government Hackers

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week 

Half of Regulated Firms See Pandemic Spike in Financial Crime

Around half of firms in the financial services, property and legal sectors have reported rising levels of financial crime over the past 12 months, according to new data from an anti-money laundering (AML) specialist which polled 500 regulated businesses in the UK to better understand the levels of risk facing players in each vertical.

Overall, 48% of respondents said they’d seen a rise in financial crime, and a quarter (26%) admitted they’d been a victim of attacks. Legal firms, including conveyancers, experienced the most significant number of compromises, with a third (33%) saying they had been a victim of financial crime.

The sector is an increasingly attractive target for both state-backed and financially motivated cyber-criminals, given the wealth of sensitive client information that legal practices typically hold. https://www.infosecurity-magazine.com/news/half-firms-pandemic-spike/  

Large Ransom Demands And Password-Guessing Attacks Escalate

ESET released a report that summarizes key statistics from its detection systems and highlights notable examples of its cyber security research.

The latest issue of the report highlights several concerning trends that were recorded by ESET telemetry, including increasingly aggressive ransomware tactics, intensifying brute-force attacks, and deceptive phishing campaigns targeting people working from home who have gotten used to performing many administrative tasks remotely.

Ransomware, showing three major detection spikes during T2, saw the largest ransom demands to date. The attack shutting down the operations of Colonial Pipeline – the largest pipeline company in the US – and the supply-chain attack leveraging a vulnerability in the Kaseya VSA IT management software, sent shockwaves that were felt far beyond the cybersecurity industry. https://www.helpnetsecurity.com/2021/10/05/large-ransom-demands/

Malicious Hackers Are Exploiting Known Vulnerabilities Because Organizations Aren’t Quick Enough To Patch – Report

Organizations are urged to be more proactive when it comes to protecting against vulnerabilities, after a report found that malicious attackers routinely exploit unpatched systems.

The 2021 Trustwave SpiderLabs Telemetry Report, released this week, found that a huge number of companies are falling foul to cyber-attacks despite having ready access to suitable fixes.

This is happening because malicious actors are using Shodan to scan for networks that are exposed to known vulnerabilities and exploit them before the victim can apply the patch. https://portswigger.net/daily-swig/malicious-hackers-are-exploiting-known-vulnerabilities-because-organizations-arent-quick-enough-to-patch-report  

Ransomware: Cyber Criminals Are Still Exploiting These Old Vulnerabilities, So Patch Now

Some of the cyber security vulnerabilities most commonly exploited by cybercriminals to help distribute ransomware are years old -- but attackers are still able to take advantage of them because security updates aren't being applied.

Cybersecurity researchers at Qualys examined the Common Vulnerabilities and Exposures (CVEs) most used in ransomware attacks in recent years. They found that some of these vulnerabilities have been known for almost a decade and had vendor patches available. But because many organizations still haven't applied the available security updates, they remain vulnerable to ransomware attacks. https://www.zdnet.com/article/ransomware-cyber-criminals-are-still-exploiting-years-old-vulnerabilities-to-launch-attacks/

How Insurers Play a Big Role in Spurring Cyber Crime

Ransomware extracted $18 billion in payments last year, and it’s expected there will be an attack every 11 seconds by this year’s end, a problem that some security experts and academic researchers say is exacerbated by the system meant to protect against cybercrime: the insurance industry.

Organizations with cyber insurance are more than twice as likely to pay ransoms as those without, according to a global survey commissioned by UK-based cyber security and software firm Sophos of 1,823 companies, governments, health systems, and other organizations that had been hit by ransomware. This is one of the first times such data have been gathered that show the extent of the relationship between cyber insurance and ransomware payments. Critics say that relationship helps fuel a ransomware economy that the federal government estimates causes $445 billion in damages to the global economy every year. https://www.barrons.com/articles/ransomware-attack-cyber-insurance-industry-51633075202

Why Today’s Cyber Security Threats Are More Dangerous

Over the past two years, the rise of big-ticket ransomware attacks and revelations of harmful software supply chain infections have elevated cyber security to the top of governments’ and corporate agendas.

The opportunities for threat actors are growing faster than firms are able to mitigate them.

Unlike 20 years ago, when even extensive IT systems were comparatively standalone and straightforward, the interdependencies of systems now make dealing with and defending against threats a much more difficult proposition. The core problems being complexity and interdependence and neither are going away because that is what is providing organisations with the flexibility, functionality and all these other critical functions that they need. https://www.csoonline.com/article/3635097/why-today-s-cybersecurity-threats-are-more-dangerous.html

How Fraudsters Can Use The Forgotten Details Of Your Online Life To Reel You In

You may think you’ve been careful, but a determined scammer can probably find enough to manipulate you. https://www.theguardian.com/money/2021/oct/03/how-fraudsters-can-use-the-forgotten-details-of-your-online-life-to-reel-you-in  

One In Three IT Security Managers Don’t Have A Formal Cybersecurity Incident Response Plan

Regardless of industry, information security incidents have become more of a targeted threat for businesses, increasing in amount and efficacy, according to a new report.

Of all the security incidents identified by over 900 surveyed employees at U.S. businesses, the three most threatening incidents were: increasingly severe ransomware attacks, more effective phishing schemes, and rampant reusing of passwords.

·         Respondents reported phishing emails have nearly tripled in effectiveness over the past two years. Phishing emails are rapidly becoming more difficult to spot and thus far more destructive.

·         Over the past year, ransomware attacks have increased by 25%. Ransom demands were significantly higher than average for businesses in specific industries, such as banking and financial services and construction, with higher payouts.

·         The report found that password reuse is strongly associated with higher incidences of security breaches. Reported account takeovers were three times as common among people who reuse passwords as those who don’t.

Alarmingly, 23% of the IT security managers surveyed say their company doesn’t have protocols in place to report a suspected cyberattack and 33% don’t have a formal cybersecurity incident response plan. https://www.helpnetsecurity.com/2021/10/06/response-plan-cybersecurity/  

Cyber Security Best Practices Lagging, Despite People Being Aware Of The Risks

The National Cybersecurity Alliance and CybSafe announced the release of a report which polled 2,000 individuals across the U.S. and UK. The report examined key cybersecurity trends, attitudes, and behaviours ahead of Cybersecurity Awareness Month this month.

The daily headlines of data breaches and ransomware attacks is a testament to the problem getting worse, yet most people aren’t aware of the simple steps they can take to be a part of the solution. It’s critical to have a deeper understanding of both the challenges we face and the prevailing attitudes and behaviors among the public.

Too often people are forgotten in cybersecurity conversations and this is borne out by cyber crime being more common among Millenials and Gen Z, and the public not embracing cyber security best practices.

The report also found that many users had limited access to cyber training, with  64% of respondents having no access to cybersecurity training, while 27% of those who do have access choose not to use it. https://www.helpnetsecurity.com/2021/10/07/cybersecurity-best-practices-lagging/

Threats

Ransomware

• Ransomware: Cyber Criminals Are Still Exploiting These Old Vulnerabilities, So Patch Now | ZDNet

• Ransomware: Police Arrest Two In Operation Against 'Prolific' Gang That Targeted Big Businesses | ZDNet

• Revil Alone Accounts For A Significant Portion Of Q2 2021 Ransomware Attacks | Techspot

• Behind the Crypto Broker Accused of Enabling Ransomware Hackers - Bloomberg

• Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack – Sophos News

• US Ransomware Law Would Require Victims To Disclose Ransom Payments Within 48 Hours | ZDNet

• Ransomware Group FIN12 Aggressively Going After Healthcare Targets (thehackernews.com)

Other Social Engineering

• Smishing On The Rise - Infosecurity Magazine (Infosecurity-Magazine.Com)

Malware

• Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012 (thehackernews.com)

• 91.5% Of Malware Arrived Over Encrypted Connections During Q2 2021 - Help Net Security

IOT

• IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft | Threatpost

BYOD

• NCSC: Revoke Admin Access for BYOD Users Immediately - Infosecurity Magazine (infosecurity-magazine.com)

• BYOD Security Warning: You Can't Do Everything Securely With Just Personal Devices | ZDNet

Vulnerabilities

• Patch Apache HTTP Servers Now to Avoid Zero Day Exploit - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• The Telegraph Exposed A 10tb Database With Subscriber Data - Security Affairs

Cryptocurrency/Cryptojacking

• Hackers Rob Thousands Of Coinbase Customers Using MFA Flaw (Bleepingcomputer.Com)

Insider Threats

• Fired IT Admin Revenge-Hacks School By Wiping Data, Changing Passwords (Bleepingcomputer.Com)

Dark Web

• Over A Billion Facebook Users Have Data Sold On The Dark Web | Techradar

Nation State Actors

• Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users (thehackernews.com)

• Microsoft: 58% of Nation-State Cyber Attacks Come From Russia (darkreading.com)

• Google Warns 14,000 Gmail Users Targeted By Russian Hackers (Bleepingcomputer.Com)

• Solarwinds Hack Saw Russia Steal Us Anti-Spy Probe Details • The Register

• A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries (thehackernews.com)

• New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers (thehackernews.com)

• Iranian APT Targets Aerospace And Telecom Firms With Stealthy ShellClient Trojan | CSO Online

Cloud

• How Should Banks Grapple With Regulation When Crafting Their Cloud Strategy? (finextra.com) 

Reports Published in the Last Week

• Russian Cyber Attacks Pose Greater Risk To Governments And Other Insights From Microsoft’s Annual Report - Microsoft On The Issues 

Other News

• Patch Management Complexity Increased By Remote Work Is Putting Organizations At Risk - Help Net Security

• The Cyber Security Issues Organizations Deal With Remain Complex And Numerous - Help Net Security

• Security Experts Aghast At The Scale Of Twitch Hack: 'This Is As Bad As It Could Possibly Be' | PC Gamer

• Botnet Abuses TP-Link Routers For Years In SMS Messaging-As-A-Service Scheme - The Record By Recorded Future

• Company That Routes SMS For All Major US Carriers Was Hacked For Five Years | Ars Technica

• New £5 Billion GCHQ Digital Warfare Centre Capable Of 'Cyber Attacks' Set For Lancashire - Lancslive

• Superhero Passwords Pose Serious Risk to Personal, Enterprise Accounts | SecurityWeek.Com

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Second Only To Climate Change As Biggest Global Risk

Cyber security has been ranked as the second largest threat to our way of life in a major new survey of 23,000 people, comprised of both experts and members of the public. Cyber came second only to climate change on the world stage, but was ranked as the number one risk in the Americas and second in Asia, Africa, and Europe. https://www.infosecurity-magazine.com/news/cyber-second-biggest-global-risk/

Businesses Unsure Which Tech Is Essential Against Ransomware

As ransomware attacks grow in number, a new report finds that many organisations are under the impression they have things in hand but most are unsure what protections they should have in place. The report, based on a survey of 455 business leaders and cyber security professionals, claims businesses are on top of employee training, risk assessments and cyber insurance. Where firms fall flat however is their “clear gap” in thinking, in what many respondents see as “essential tech” in the fight against ransomware – nearly half of respondents (49%) thought paying up was their best option. https://www.techradar.com/news/businesses-unsure-which-tech-is-essential-against-ransomware

Cyber Crime Awareness Heightened, Yet People Still Engage In Risky Online Behaviours

A survey of over 2,000 adults suggests that 76% of respondents recognise the severity of data breaches. This heightened awareness may be driven by constant news of major consumer, enterprise and infrastructural breaches over the last year alone. https://www.helpnetsecurity.com/2021/10/01/risky-online-behaviors/

Attacks Against Remote Desktop Protocol Endpoints Have Exploded This Year

A recent report warns of a huge increase in attacks on the Remote Desktop Protocol (RDP), an almost universal protocol used by nearly every business in operation today. The figures show attacks on RDP have jumped 103.9% since its T1 report in June and represents around 55 billion devices. The RDP protocol is leveraged by threat actors to deploy ransomware and has become a popular target due to both heavy use by IT service providers and common misconfigurations.  https://www.theregister.com/2021/09/30/eset_threat_report/

Ransomware Attacks Up 1,070% Year Over Year

The prevalence of ransomware is growing rapidly, according to the 2021 Ransomware Survey Report. The report shockingly found many of the ransom demands are paid, and comes as a result in the rise of “ransomware as-a-service”. The report found 94% of businesses are concerned about ransomware, with 49% stating they would simply pay the ransom outright. Respondents in Europe were more concerned than those in North America, and around 67% felt they had already been the target of ransomware.  https://www.msspalert.com/cybersecurity-research/fortinet-report-ransomware-attacks-up-1070-year-over-year/

Baby’s Death Alleged To Be Linked To Ransomware

A US hospital paralyzed by ransomware in 2019 will be defending itself in court this November over the death of a newborn. The baby was born amid the hospital’s eighth day of fending off the attack. Court filings show the hospital – Springhill Medical Center in Alabama – believes wireless tracking systems and heartbeat monitoring equipment were compromised by the ransomware, leading to the death.

https://threatpost.com/babys-death-linked-ransomware/175232/

Ransomware Shame: More Than Half Of Business Owners Conceal Cyber-Breach

Around a third (32%) of enterprises experienced a six-figure breach last year, but well over half (61%) admitted to concealing it. The findings come as a global survey of 1,400 decision makers in cyber is released. https://www.foxbusiness.com/technology/ransomware-cyber-breach-concealed

More Than 90% Of Q2 Malware Was Hidden In Encrypted Traffic

Around 91.5% of malware detections in Q1 2021 were concealed in HTTPS-encrypted connections. A ubiquitous protocol – used to secure traffic any time you open a web page – only 20% of organisations have mechanisms in place to scan the arriving HTTPS traffic. The terrifying result found that most firms are missing over nine-tenths of malware hitting their networks every day. https://www.darkreading.com/perimeter/more-than-90-of-q2-malware-was-hidden-in-encrypted-traffic

Cyber Attack Floors British Payroll Firm

A "sophisticated" cyber attack has forced a British payroll company to shut down its entire network, leaving some contractors without pay.  Giant Group confirmed on September 24 that it had taken its network, fully integrated IT infrastructure, phone, and email systems offline last Wednesday after detecting suspicious activity. https://www.infosecurity-magazine.com/news/cyberattack-floors-british-payroll/#.YVQiuXlCjOA.twitter

GriftHorse Malware Infected More Than 10 Million Android Phones From 70 Countries

A malicious trojan has been making its way through the Google Play Store since at least November of 2020. The app, purportedly harmless on the surface, hijacks payments on the victim device, resulting in a series of hidden charges and a nasty surprise at the end of the month. Researchers who discovered the malware estimate its impact to be over 10 million victims in 70 countries, and several hundreds of millions of Euros in losses. https://securityaffairs.co/wordpress/122730/malware/grifthorse-malware-campaign.html

50% Of Servers Have Weak Security Long After Patches Are Released

Over 50% of servers scanned still have weak security, a new study suggests, even after patches have been issued. Researchers found that servers were still vulnerable weeks and even months after critical updates, leaving many businesses wide open to attack. https://www.darkreading.com/vulnerabilities-threats/50-of-servers-have-weak-security-long-after-patches-are-released

Threats

Ransomware

• United Health Centres Reportedly Compromised By Ransomware Attack

• JVCKenwood Hit By Conti Ransomware Claiming Theft Of 1.5TB Data

• Ransomware Gangs Are Complaining That Other Crooks Are Stealing Their Ransoms

• Ransomware Gangs Are Starting More Drama On Cyber Crime Forums, Upending 'Honor Among Thieves' Conventions

• Conti Ransomware Expands Ability To Blow Up Backups

• United Health Centers Reportedly Compromised By Ransomware Attack

• REvil Customers Complain Ransomware Gang Uses Backdoors To Filch Ransoms

• The Biggest Problem With Ransomware Is Not Encryption, But Credentials

Phishing

• 75K Email Inboxes Hit in New Credential Phishing Campaign

• Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

• LinkedIn URLs are being hijacked For phishing

Other Social Engineering

• Scammers Capitalize on Release of New Bond Movie

Malware

• FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

• Thousands Of Online Gaming Accounts Hit In Major Cyber Attack

• Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers

• New Malware Steals Steam, Epic Games Store, And EA Origin Accounts

Vulnerabilities

• Google Emergency Update Fixes Two Chrome Zero Days

• Threat Actors Use Recently Discovered CVE-2021-26084 Atlassian Confluence

• Apple AirTag Zero-Day Weaponizes Trackers

• New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

• Thousands of University Wi-Fi Networks Expose Log-In Credentials

• Exploit Released For VMware Vulnerability After CISA Warning

• Apple Pay Users ‘Vulnerable To Security Hack’

• Outsourced Software Poses Greater Risks to Enterprise Application Security

• Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

• Apple Responds To Security Researcher Who Found Multiple iOS 15 Zero-Day Flaws

• Windows 10 Emergency Update Resolves KB5005565 App Freezes, Crashes

• Cyber Security Vulnerability Could Affect Millions Of Hikvision Cameras

Data Breaches/Leaks

• Mental Healthcare Providers Report Data Breaches

• Anonymous: We've Leaked Disk Images Stolen From Far-Right-Friendly Web Host Epik

• 3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale

• Emails, Chat Logs, More Leaked Online From Far-Right Militia Linked To US Capitol Riot

Cryptocurrency/Cryptojacking

• Ethereum Dev Admits Helping North Korea Mine Crypto-Bucks, Faces 20 Years Jail

• China Says All Crypto Currency-Related Transactions Are Illegal And Must Be Banned

Insider Threats

• 10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage

Dark Web

• Computer Scientist Jailed Over Dark Web Conspiracy

DoS/DDoS

• Bandwidth.com Is Latest Victim Of DDoS Attacks Against VoIP Providers

Nation State Actors

• APT Focus: ‘Noisy’ Russian Hacking Crews Are Among The World’s Most Sophisticated

• APT29 Targets Active Directory Federation Services With Stealthy Backdoor

• GhostEmperor Hackers Use New Windows 10 Rootkit In Attacks

• Nation-State Attacks Fears Grow, Execs Don’t Trust Governments To Protect Them From Cyber Threats

• APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated

Cloud

• Huawei Cloud Services: U.S. Lawmakers Express Security Concerns

• Cloud Security is the Weak Link

• Why CEOs Should Absolutely Concern Themselves With Cloud Security

• Cloud Security: Report Finds 68% of Malware Delivered From Cloud Apps

Privacy

• Which? Survey Finds People Would Actually Pay The Online Giants Not To Take Their Data

Reports Published in the Last Week

ESET Threat Report T2 2021

Other News

• Revealed: How To Steal Money From Victims' Contactless Apple Pay Wallets

• Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts

• Cyber Security Experts Have Discovered A New Hacker Group

• The Return Of The Hacktivists

• Report Highlights Cyber Security Dangers Of Elastic Stack Implementation Mistakes

• Russian Authorities Arrest Cyber Security Giant Group-IB’s CEO On Treason Charges

• US Deports Convicted Cyber Criminal to Russia

• OWASP Toasts 20th Anniversary With Revised Top 10 For 2021

• New Emergency Fraud Hotline Launched in UK

• Corporate Attack Surface Exploding As A Result Of Remote Work 

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Preparedness Is Low Despite Executives’ Concerns

86.7% of C-suite and other executives say they expect the number of cyber attacks targeting their organisations to increase over the next 12 months, according to a recent poll conducted by researchers. While 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organisations over the next 12 months, only 33.3% say that their organisations have simulated ransomware attacks to prepare for such an incident. https://www.helpnetsecurity.com/2021/09/15/ransomware-preparedness/

MSPs That Cannot Modernize Will Find Themselves And Their Clients Falling Behind

Researchers sought feedback from IT professionals to explore the performance of modern (and not-so-modern) managed service providers (MSPs). The survey found that even satisfactory MSPs are falling short in certain key areas: cloud strategy, security, and IT spending. https://www.helpnetsecurity.com/2021/09/16/msps-falling-behind/

Two-Thirds Of Cloud Attacks Could Be Stopped By Checking Configurations, Research Finds

On Wednesday, researchers published its latest Cloud Security Threat Landscape report, spanning Q2 2020 through Q2 2021. According to the research, two out of three breached cloud environments observed by the tech giant "would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems." https://www.zdnet.com/article/two-thirds-of-cloud-attacks-could-be-stopped-by-checking-configurations-research-finds/

Open Source Software Cyber Attacks Increasing By 650%, Popular Projects More Vulnerable

Researchers released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. https://www.helpnetsecurity.com/2021/09/17/open-source-cyberattacks/

Third-Party Cloud Providers: Expanding The Attack Surface

In the era of digital transformation, which is essentially an organisation’s way of stating they are increasing their reliance on cloud-based services—enterprises’, digital landscapes are more interconnected than ever before. This means that the company you buy a technology function from may have downstream third-party providers that enable plumbing, infrastructure and development technology that drive their business. With modern computing environments moving further away from the enterprise, the safety assumption paradigm is shifting. This has impacted the threat landscape because as organisations increase migration to the cloud (a third party), they must now consider that these newly onboarded third parties may have serious security issues that could present adversaries with opportunities to infiltrate your network. https://www.helpnetsecurity.com/2021/09/13/third-party-cloud-providers/

Ransomware Encrypts South Africa's Entire Dept Of Justice Network

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online. https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/

2021’s Most Dangerous Software Weaknesses

Researchers recently updated a list of the top 25 most dangerous software bugs, and it’s little surprise that a number of them have been on that list for years. The Common Weakness Enumeration (CWE) list represents vulnerabilities that have been widely known for years, yet are still being coded into software and being bypassed by testing. Both developers and testers presumably know better by now, but keep making the same mistakes in building applications. https://threatpost.com/2021-angerous-software-weaknesses/169458/

46% Of All On-Prem Databases Are Vulnerable To Attack, Breaches Expected To Grow

A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ severity, aligned with guidelines from the National Institute of Standards and Technology (NIST). This indicates that many organisations are not prioritizing the security of their data and neglecting routine patching exercises. Based on Imperva scans, some CVEs have gone unaddressed for three or more years. https://www.helpnetsecurity.com/2021/09/15/on-prem-databases-vulnerable/

Most Fortune 500 Companies’ External IT Infrastructure Considered At Risk

Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organisation, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, as research reveal. https://www.helpnetsecurity.com/2021/09/15/external-it-infrastructure-risk/

Thousands Of Internet-Connected Databases Contain High Or Critical Vulnerabilities

After spending five years poring over port scan results, researchers reckon there's about 12,000 vulnerability-containing databases accessible through the internet. The study also found that of the 46 per cent of 27,000 databases scanned, just over half that number contained "high" or "critical" vulns as defined by their CVE score. https://www.theregister.com/2021/09/14/imperva_12k_database_vuln_report/

Only 30% Of Enterprises Use Cloud Services With End to End Encryption For External File Sharing

A recent study of enterprise IT security decision makers conducted by researchers shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. https://www.helpnetsecurity.com/2021/09/13/external-file-sharing/

Threats

Ransomware

• The State Of Ransomware: National Emergencies And Million-Dollar Blackmail

• Ransomware Attackers Targeted App Developers With Malicious Office Docs, Says Microsoft

• Microsoft: Windows MSHTML Bug Now Exploited By Ransomware Gangs

• Ransomware Gang Threatens To Wipe Decryption Key If Negotiator Hired

• US General In Charge Of Cyber Security Pledges ‘Surge’ To Address Ransomware Attacks

• Technology Giant Olympus Hit By BlackMatter Ransomware

• Ransomware: A Market Problem Deserves A Market Solution

• REvil Ransomware Is Back In Full Attack Mode And Leaking Data

• Ransomware-Hit Law Firm Secures High Court Judgment Against Unknown Criminals

• Ransomware Encrypts South Africa's Entire Dept Of Justice Network

BEC

• Romance, BEC Scams Lands Soldier In Jail For 46 Months

Phishing

• The Top Keywords Used In Phishing Email Subject Lines

• Banks Confront New Type Of Phishing: 'Salami' Attacks

• Malware Attack On Aviation Sector Uncovered After Going Unnoticed For 2 Years

• Phishers Impersonate US DOT To Target Contractors After Senate Passed $1 Trillion Infrastructure Bill

Other Social Engineering

• Brits Open Doors For Tech-Enabled Fraudsters Because They 'Don't Want To Seem Rude'

• Scammers In Russia Offer Free Bitcoin On A Hacked Government Website

• FBI: $113 Million Lost To Online Romance Scams This Year

Malware

• Attackers Use Crypto Mining Malware to Target Organisations

• New Zloader attacks disable Windows Defender to evade detection

Mobile

• Cyber Security Expert: Israeli Spyware Company NSO Group Poses ‘A Serious Threat To Phone Users’

• This US Company Sold iPhone Hacking Tools To UAE Spies

• After The T-Mobile Breach, Companies Are Preventing Customers From Securing Their Accounts

IOT

• IOT Device Attacks Double In The First Half Of 2021, And Remote Work May Shoulder Some Of The Blame

• Smart TVs Are Everywhere But Many Remain Unprotected

Vulnerabilities

• Microsoft September 2021 Patch Tuesday Fixes 2 Zero-Days, 60 Flaws

• Pair of Google Chrome Zero-Day Bugs Actively Exploited

• HP Omen Hub Exposes Millions of Gamers To Cyber Attack

• Third Critical Bug Affects Netgear Smart Switches — Details And PoC Released

• Patch Now! PrintNightmare Over, MSHTML Fixed, A New Horror Appears … OMIGOD

• No Patch For High-Severity Bug In Legacy IBM System X Servers

• Experts Warn About Vulnerabilities of U.S. GPS System To Cyber Terrorists

• Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

• Apple Patches An NSO Zero-Day Flaw Affecting All Devices

• AMD CPU Driver Bug Can Break KASLR, Expose Passwords

Data Breaches/Leaks

• Over 60 Million Wearable, Fitness Tracking Records Exposed Via Unsecured Database

• Hackers Leak Passwords For 500,000 Fortinet VPN Accounts

• Stolen Credentials Led To Data Theft At United Nations

Organised Crime & Criminal Actors

• Telegram Emerges As New Dark Web For Cyber Criminals

• Russia Is Fully Capable Of Shutting Down Cyber Crime

• Criminal Hacking Is on the Rise. Microsoft’s President Says This Is How to Fight It

Cryptocurrency/Cryptojacking

• US Will Reportedly Impose Crypto Sanctions Amid Ransomware Attacks

DoS/DDoS

• Powerful Botnet Found To Be Launching Some Of The Biggest DDoS Attacks Ever

Nation State Actors

• Years-Long Attack By Chinese-Linked APT Groups Discovered By McAfee

• UK, US And Australia Launch Pact To Counter China

Cloud

• Misconfigured APIs Account for Two-Thirds of Cloud Breaches

• Zero Trust Requires Cloud Data Security With Integrated Continuous Endpoint Risk Assessment

Other News

• Facebook Says It Will Step Up Efforts To Stop Coordinated Campaigns That Cause Harm

• Healthcare Cyber Security: How To Prevent The Compromise Of Patient Records?

• Security Experts Predict A Global AI-Related Cyber Attack Before Year-End

• Japan Is Belatedly Recognising The Risks Of Cyber War

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations

A new survey suggests that most IT staff have felt pressured to ignore security concerns in favour of business operations. On Thursday, a new study report was released, which combines data from an online YouGov survey targeting office workers that adopted WFH and global research conducted with IT decision-makers. In total, 91% of those surveyed said that they have felt "pressured" to compromise security due to the need for business continuity during the COVID-19 pandemic. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a "ticking time bomb" for corporate security incidents. https://www.zdnet.com/article/91-of-it-teams-have-felt-forced-to-trade-security-for-business-operations/

Ransomware Attacks Increased Exponentially In 2021

The growing threat of ransomware has been highlighted by NCC Group's Research Intelligence and Fusion Team (RIFT) analysis. Between January-March 2021 and April-June 2021, the number of ransomware assaults studied by the team climbed by 288%, indicating that enterprises are still facing waves of digital extortion in the form of targeted ransomware. https://www.ehackingnews.com/2021/09/ransomware-attacks-increased.html

Phishing Attacks: One In Three Suspect Emails Reported By Employees Really Are Malicious

All the time spent ticking boxes in cyber security training sessions seems to be paying off after all: according to a new report, about a third of emails reported by employees really are malicious or highly suspect, demonstrating the effectiveness of the well-established maxim "Think before you click".  Researchers analysed over 200,000 emails that were flagged by employees from organisations across the globe in the first half of 2021 and found that 33% of the reports could be classified as phishing. https://www.zdnet.com/article/phishing-attacks-one-in-three-suspect-emails-reported-by-employees-really-are-malicious/

Hackers Shift From Malware To Credential Hijacking

Adversaries are relying less on malware to conduct attacks that are consequently more difficult to detect, according to an annual report conducted by researchers. “According to data from our customer base indexed by Threat Graph, 68% of detections from the last three months were not malware-based,” reads the report released Wednesday. “Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint, using legitimate credentials and built-in tools (living off the land)—which are deliberate efforts to evade detection by traditional antivirus products.” https://www.nextgov.com/cybersecurity/2021/09/report-hackers-shift-malware-credential-hacking/185209/

Attacker Breakout Time Now Less Than 30 Minutes

The average time it takes threat actors to move from initial access to lateral movement has fallen by 67% over the past year, putting extra pressure on security operations (SecOps) teams, according to researchers. The findings come from researchers own investigations with customers across around 248,000 unique global endpoints. For incidents where this “breakout time” could be derived over the past year, it averaged just 1 hour 32 minutes. However, in over a third (36%) of intrusions, adversaries managed to move laterally to additional hosts in under 30 minutes. https://www.infosecurity-magazine.com/news/attacker-breakout-time-now-less/

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday. https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html

53% Find It Difficult To Prevent An Insider Attack During Data Aggregation

Recent data from researchers found that 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack. The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception. To fully understand any insider incident, visibility into the entire kill chain of an attack is imperative to preventing the exfiltration of critical data. https://venturebeat.com/2021/09/02/53-find-it-difficult-to-prevent-an-insider-attack-during-data-aggregation/

The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge

Not only have ransomware attacks spiked, the amount of ransom demanded has grown exponentially—to somewhere between $50 and $70 million dollars. Cyber Insurers can’t cover “whatever amount the hacker demands”—so major policies lost money. Insurers have responded by raising premiums, restricting coverage, or even getting out of the cyber-insurance game altogether in vulnerable markets. https://www.helpnetsecurity.com/2021/09/10/cyber-insurance-ransomware/

Hackers Exploit Camera Vulnerabilities To Spy On Parents

Various zero day vulnerabilities in home baby monitor could be compromised that lets threat actors hack into camera feed and put malicious codes like malware. The security issues were found in the IoT gadgets, made by China based developer Victure, that were found by researchers. In a security report, researchers revealed about the stack-based buffer flaw present in ONVIF server Victure PC420 component camera that allows hackers to plant remote codes on the victim device. When compromised, hacker can discover cameras (not owned by them) and command devices to broadcast camera feeds to third party and exploit the camera firmware. https://www.ehackingnews.com/2021/09/hackers-exploit-camera-vulnerabilities.html

39% Of All Internet Traffic Is From Bad Bots

Automated traffic takes up 64% of internet traffic – and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals.

These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots. These advanced bots try their best to evade standard defences and attempt to perform their malicious activities under the radar. The report revealed that the most common of these persistent bots were ones that went after e-commerce applications and login portals. https://www.helpnetsecurity.com/2021/09/07/bad-bots-internet-traffic/

Threats

Ransomware

• REvil Ransomware Group Returns Following Kaseya Attack

• Ragnar Locker Gang Warns Victims Not To Call The FBI

• This Is The Perfect Ransomware Victim, According To Cyber Criminals

• 5 Surefire Things That’ll Get You Targeted By Ransomware

• Hive Is Dangerous New Ransomware Threat, FBI Says

• Why Ransomware Hackers Love A Holiday Weekend

BEC

Phishing

• Microsoft Outlook Shows Real Person’s Contact Info For IDN Phishing Emails

Other Social Engineering

• 'Bitcoin Fraud Cost Me £500,000'

Malware

• Traffic Exchange Networks Distributing Malware Disguised As Cracked Software

• New Malware Uses Novel Fileless Technique To Evade Detection

Mobile

• Dangerous New Cable Can Hack iPhones From One Mile Away

• This Android Security Flaw Could Let Hackers Follow All Your Movements

IOT

• IoT Attacks Skyrocket, Doubling In 6 Months

Vulnerabilities

• Zoho ManageEngine Password Manager Zero-Day Gets A Fix, Amid Attacks

• New CPU Side-Channel Attack Takes Aim At Chrome’s Site Isolation Feature

• Microsoft, CISA Urge Mitigations For Zero-Day RCE Flaw In Windows

• Atlassian CISO Defends Company's Confluence Vulnerability Response, Urges Patching

• PoC Released For GhostScript Vulnerability That Exposed Airbnb, Dropbox

• Netgear Smart Switches Open To Complete Takeover

• New 0-Day Attack Targeting Windows Users With Microsoft Office Documents

• Cisco Patches Critical Authentication Bug With Public Exploit

Data Breaches/Leaks

• Guntrader Breach Perp: I Don't Think It's A Crime To Dump 111k People's Details Online In Google Earth Format

Organised Crime & Criminal Actors

• TrickBot Gang Developer Arrested At The Seoul International Airport

• The Secret Vulnerability Of Cyber Criminals: Burnout

Cryptocurrency/Cryptojacking

• Financial Cyber Crime: Why Crypto Currency Is The Perfect ‘Getaway Car’

Insider Threats

• Enterprises Are Missing The Warning Signs Of Insider Threats

DoS/DDoS

• Yandex Is Battling The largest DDoS In Russian Internet history

Nation State Actors

• Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack

Cloud

• Organisations Struggling To Develop Cloud Applications That Meet Security Requirements

Privacy

• WhatsApp “End-To-End Encrypted” Messages Aren’t That Private After All

• ProtonMail Logs Activist's IP Address With Authorities After Swiss Court Order

Other News

• OWASP Shakes Up Web App Threat Categories With Release Of Draft Top 10

• SIEM Market Size To Reach $6436.2 Million By 2027

• A Zero-Trust Future: Why Cyber Security Should Be Prioritized For The Hybrid Working World

• Microsoft Has A $20 Billion Hacking Plan, But Cyber Security Has A Big Spending Problem

• Misbehaving Microsoft Teams Ad Brings Down The Entire Windows 11 Desktop

• This Seemingly Normal Lightning Cable Will Leak Everything You Type

• HSE Cyber Attack: Irish Health Service Still Recovering Months After Hack

• Brute-Force Attacks Target Inboxes For Gift Card Data

• Glasgow Firm Fined £150k After Half A Million Nuisance Calls, Spoofing Phone Number, Using False Trading Names

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week 

Ransomware Attacks Soar 288% in First Half of 2021

The number of ransomware attacks surged by 288% between the first and second quarters of 2021 as double extortion attempts grew, according to the latest data.

Nearly a quarter (22%) of data leaks in the second quarter came from the Conti ransomware group, who typically gain initial network access to victim organisations via phishing emails.

It’s an unfortunate fact that no organisation in any sector is safe from ransomware today.

Targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model. https://www.infosecurity-magazine.com/news/ransomware-attacks-soar-half-2021/  

Ransomware Costs Expected To Reach $265 Billion By 2031

Think ransomware is expensive now? It’s not predicted to get any cheaper over the next decade. Ransoms could cost victims a collective total of $265 billion by 2031. The estimate is based on the prediction that the price tag will increase 30% every year over the next 10 years. https://securityintelligence.com/news/ransomware-costs-expected-265-billion-2031/ 

Brute Force Email Attacks and Account Takeover Attempts Rise 671%, Reaching Unprecedented Levels, Causing Financial And Reputational Damage

A new Email Threat Report for Q3 2021 examines the escalating adverse impact of socially-engineered and never-seen-before email attacks, and other advanced email threats—both financial and reputational—to organisations worldwide. The report surveyed advanced email attacks across eight major industry sectors, including retail and consumer goods, manufacturing, technology, energy and infrastructure services, medical, media and television, finance, and hospitality.

The report also finds 61% of organisations experienced a vendor email compromise/supply chain attack in Q2 2021.

Key report findings include:

• 32.5% of all companies were targeted by brute force attacks in early June 2021

• 137 account takeovers occurred per 100,000 mailboxes for members of the C-suite

• 61% of organisations experienced a vendor email compromise attack this quarter

• 22% more business email compromise attacks since Q4 2020

• 60% chance of a successful account takeover each week for organisations with 50,000+ employees

• 73% of all advanced threats were credential phishing attacks

• 80% probability of attack every week for retail and consumer goods, technology, and media and television companies

https://finance.yahoo.com/news/brute-force-email-attacks-account-120100299.html  

Investigation Into Hacked "Map" Of UK Gun Owners

Gun-selling site Guntrader announced a data breach affecting more than 100,000 customers in July. This week, reports emerged that an animal rights activist blog had published the information. The group had formatted the data so it could be easily imported into mapping software to show individual homes. The National Crime Agency, which has been investigating the data breach and its fallout, said it "is aware that information has been published online as a result of a recent data breach which impacted Guntrader". https://www.bbc.co.uk/news/technology-58413847 

Eight US Financial Services Firms Given Six-Figure Fines Over BEC Data Breaches

The US Securities and Exchange Commission (SEC) has sanctioned multiple financial services firms for cyber security failures that led to the compromise of corporate email accounts and the personal data of thousands of individuals. The case was brought after the unauthorised takeover of cloud-based email accounts at Seattle-based KMS Financial Services, and subsidiaries of California-headquartered Cetera Financial Group and Iowa-based Cambridge Investment Group. https://portswigger.net/daily-swig/eight-us-financial-services-firms-given-six-figure-fines-over-bec-data-breaches

Ransomware Has Been A ‘Game Changer’ For Cyber Insurance

Ransomware attacks accounted for nearly one quarter of all cyber incidents globally last year, according to a software company. The researchers “think of December 2019 as the tipping point for when we started to see ransomware take hold”. The U.S. was hit by a barrage of ransomware attacks in 2019 that impacted at least 966 government agencies, educational establishments, and healthcare providers at a potential cost in excess of $7.5 billion. All of this has a massive knock-on affect for the Insurance firms. https://www.insurancejournal.com/news/national/2021/08/30/628672.htm 

Getting Ahead Of A Major Blind Spot For CISOs: Third-Party Risk

For many CISOs and security leaders, it was not long ago that their remit focused on the networks and digital ecosystems for their organisation alone. In today’s digital world, those days are a thing of the past with a growing number of businesses relying on third-party vendors to scale, save time and outsource expertise to stay ahead. With this change, new security risks affiliated with third-party vendors are more prevalent than ever before. https://www.helpnetsecurity.com/2021/09/01/getting-ahead-of-a-major-blind-spot-for-cisos-third-party-risk/ 

WhatsApp Hit With $267 Million GDPR Fine For Bungling User Privacy Disclosure

Ireland’s Data Protection Commission fined Facebook-owned messenger WhatsApp for $225 million for failing to provide users enough information about the data it shared with other Facebook companies.

The fine is the largest penalty that the Irish regulator has waged since the European Union data protection law, the General Data Protection Regulation, or GDPR, went into effect in 2018. https://www.cyberscoop.com/whatsapp-hit-with-267-million-gdpr-fine-for-bungling-user-privacy-disclosure/  

Microsoft Warns About Open Redirect Phishing Campaign

Microsoft’s Security Intelligence team is warning over phishing campaigns using open redirector links, links crafted to subvert normal inspection efforts. Smart users know to hover over links to see where they're going to lead, but these links are prepared for that type of user and display a safe destination designed to lure targets into a false sense of security. Click the link and you'll be redirected to a domain that appears legit (such as a Microsoft 365 login page, for example) and sets the stage for you to voluntarily hand over credentials to bad actors without even realising it until it's too late. https://www.windowscentral.com/microsoft-warns-about-open-redirect-phishing-campaign

Previous Employees With Access To Corporate Data Remain A Threat To Businesses

Offboarding employees securely is a key problem for business leaders, with 40% concerned that employees who leave a company retain knowledge of passwords that grant access to corporate data. This is according to a report, which found few organisations are implementing access management solutions that work with all applications, meaning most lack the ability to revoke access to all corporate data as soon as an employee leaves. https://www.helpnetsecurity.com/2021/09/02/previous-employees-access-data/

BEC Scammers Seek Native English Speakers On Underground

Looking for work? Speak fluent English? Capable of convincingly portraying a professional – as in, somebody a highly ranked corporate leader would talk to? If you lack scruples and disregard those pesky things called “laws,” it could be your lucky day: Cyber Crooks are putting up help-wanted ads, looking for native English speakers to carry out the social-engineering elements of business email compromise (BEC) attacks. https://threatpost.com/bec-scammers-native-english-speakers/169092/

Half Of Businesses Can't Spot These Signs Of Insider Cyber Security Threats

Most businesses are struggling to identify and detect early indicators that could suggest an insider is plotting to steal data or carry out other cyber attacks. Research suggests that over half of companies find it impossible or very difficult to prevent insider attacks. These businesses are missing indicators that something might be wrong. Those include unusual amounts of files being opened, attempts to use USB devices, staff purposefully circumventing security controls, masking their online activities, or moving and saving files to unusual locations. All these and more might suggest that a user is planning malicious activity, including the theft of company data. https://www.zdnet.com/article/half-of-businesses-cant-spot-these-signs-of-insider-cybersecurity-threats/

Threats

Ransomware

• Conti Ransomware Now Hacking Exchange Servers With ProxyShell Exploits

• First Ransomware to Use Intermittent Encryption Revealed

• Ransomware: It's Only A Matter Of Time Before A Smart City Falls Victim, And We Need To Take Action Now

• LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

• FBI, CISA: Ransomware Attack Risk Increases On Holidays, Weekends

• How Ransomware Runs The Underground Economy

• LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files

Phishing

• This Phishing Attack Is Using A Sneaky Trick To Steal Your Passwords, Warns Microsoft

• Report Analysis On Phishing Campaign Utilizing Vzwpix

Malware

• Cyber Attackers Are Now Quietly Selling Off Their Victim's Internet Bandwidth

• Cyber Criminal Sells Tool To Hide Malware In AMD, NVIDIA GPUS

• Cyber Criminals Abusing Internet-Sharing Services To Monetise Malware Campaigns

Mobile

• Snowden Slams Apple CSAM: Warns iPad, iPhone, Mac Users Worldwide

• Kaspersky Lab Has Reported About Android Viruses Designed To Steal Money Automatically

• Dangerous Android Malware Is Spreading — Beware Of Text Message Scam

Vulnerabilities

• ProxyToken: Another Nail-Biter From Microsoft Exchange

• New BrakTooth Flaws Leave Millions Of Bluetooth-Enabled Devices Vulnerable

• Atlassian Confluence Flaw Under Active Attack

• Meltdown-Like Vulnerability Disclosed For AMD Zen+ And Zen 2 Processors

• NPM Package With 3 Million Weekly Downloads Had A Severe Vulnerability

• Cisco Patches Critical Authentication Bug With Public Exploit

• QNAP Working On Patches For OpenSSL Flaws Affecting Its NAS Devices

• This Top TP-Link Router Ships With Some Serious Security Flaws

Data Breaches/Leaks

Organised Crime & Criminal Actors

• The Consumerisation Of The Cyber Crime-As-A-Service Market

• Chinese Authorities Arrest Hackers Behind Mozi IOT Botnet Attacks

Dark Web

• Data From Fujitsu Is Being Sold On The Dark Web

DoS/DDoS

• Cloudflare Says It Stopped The Largest DDoS Attack Ever Reported

• UK VoIP Telco Receives 'Colossal Ransom Demand', Reveals REvil Cyber Crooks Suspected Of 'Organised' DDoS Attacks On UK VoIP Companies

OT, ICS, IIoT and SCADA

• Nine Cyber Attacks On UK's Transport Sector Missed By Mandatory Reporting Laws

Cloud

• “Worst Cloud Vulnerability You Can Imagine” Discovered In Microsoft Azure

Other News

• Why Zero-Trust Models Should Replace Legacy VPNs

• T-Mobile CEO Calls Latest Data Breach ‘Humbling,’ Claims It’s Committed To Security

• China Restricts Kids’ Online Gaming To Three Hours A Week

• Unpatched Exchange Servers An Overlooked Risk

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Crime Losses Triple To £1.3bn In H1 2021

Individuals and organisations lost three times more money to cyber crime and fraud in the first half of the year compared to the same period in 2020, as incidents soared, according to new figures. The report revealed that between January 1 and July 31 2020, victims lost £414.7m to cyber crime and fraud. However, the figure surged to £1.3bn for the same period in 2021. This can be partly explained by the huge increase in cases from last year to this. In the first half of 2020, there were just 39,160 reported to Action Fraud, versus 289,437 in the first six months of 2021. https://www.infosecurity-magazine.com/news/cybercrime-losses-triple-to-13bn/

Ransomware On A Rampage; A New Wake-Up Call

The ransomware rampage is continuing at pace and continues to create significant cyber security challenges. The use of ransomware by hackers to leverage exploits and extract financial benefits is not new. Ransomware has been around for over 2 decades, (early use of basic ransomware malware was used in the late 1980s) but as of late, it has become a trending and more dangerous cybersecurity threat. The inter-connectivity of digital commerce and expanding attack surfaces have enhanced the utility of ransomware as cyber weapon of choice for bad actors. Like bank robbers, cyber criminals go where the money is accessible. And it is now easier for them to reap benefits from extortion. Hackers can now demand cryptocurrencies payments or pre-paid cards that can be anonymously transacted. Those means of digital payments are difficult to trace by law enforcement. https://www.forbes.com/sites/chuckbrooks/2021/08/21/ransomware-on-a-rampage-a-new-wake-up-call/?sh=64a622362e81

22% Of Cyber Security Incidents In H1 2021 Were Ransomware Attacks

A report uncovered the number and nature of UK cyber security breaches reported to the UK Information Commissioner’s Office (ICO) in 2020 and 2021. So far in 2021 phishing was to blame for most incidents, accounting for 40% of all cyber security cases reported to the ICO, slightly down from 44% the year before. However, ransomware is surging, up from 11% of all reported incidents in the first half of 2020 to 22% in 2021. https://www.helpnetsecurity.com/2021/08/25/cybersecurity-incidents-h1-2021/

Ransomware: These Four Rising Gangs Could Be Your Next Major Cyber Security Threat

In recent months some significant ransomware operators have seemingly disappeared. But that doesn't mean that ransomware is any less of a problem, quite the opposite – new groups are emerging to fill the gaps and are often worse than the gangs that went before them. Cyber security researchers have detailed four upcoming families of ransomware discovered during investigations – and under the right circumstances, any of them could become the next big ransomware threat. One of these is LockBit 2.0, a ransomware-as-a-service operation that has existed since September 2019 but has gained major traction over the course of this summer. Those behind it revamped their dark web operations in June – when they launched the 2.0 version of LockBit – and aggressive advertising has drawn attention from cyber criminals. https://www.zdnet.com/article/ransomware-these-four-rising-threats-could-be-the-next-major-cybersecurity-risk-facing-your-business/

Key Email Threats And The High Cost Of Business Email Compromise

Researchers published the results of a study analysing over 31 million threats across multiple organisations and industries, with new findings and warnings issued by technical experts that every organisation should be aware of. A key aspect to preventing attacks is having a deep understanding of cyber actor patterns and continuously monitoring and deconstructing campaigns to anticipate future ones. Phishing can be a profitable business model, and most breaches begin with a phishing email. What appears to be an innocent email from a trusted vendor or internal department can lead to firm-wide shutdowns, loss of crucial data, and millions in financial costs. As detailed in the report, threats ranging from ransomware, credential harvesters to difficult-to-discover but costly Business Email Compromise (BEC) targeted inboxes, could have resulted in over $354 million in direct losses had they been successful. https://www.helpnetsecurity.com/2021/08/23/key-email-threats/

Microsoft Warns Thousands Of Cloud Customers Of Exposed Databases

Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security a company discovered it was able to access keys that control access to databases held by thousands of companies. https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/

58% Of IT Leaders Worried Their Business Could Become A Target Of Rising Nation State Attacks

Researchers released the findings of a global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation state attacks. 72% of respondents said they worry that nation state tools, techniques, and procedures (TTPs) could filter through to the dark net and be used to attack their business. https://www.helpnetsecurity.com/2021/08/23/rising-nation-state-attacks/

Cyber Insurance Market Encounters ‘Crisis Moment’ As Ransomware Costs Pile Up

It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. Ransomware now accounts for 75% of all cyber insurance claims, up from 55% in 2016, according to the credit ratings agency. The percentage increase in claims is outpacing that of premiums, said a June report which concluded that “the prospects for the cyber insurance market are grim.” Fitch Ratings in April found that the ratio of losses to premiums earned was at 73% last year, jeopardizing the profitability of the industry. https://www.cyberscoop.com/cyber-insurance-ransomware-crisis/

Security Teams Report Rise In Cyber Risk

Do you feel like you are gaining in your ability to protect your data and your network? If you are like 80% of respondents to the a recent report, you expect to experience a data breach that compromises customer data in the next 12 months. The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets. https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cyber security and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. The vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. While the former two were addressed by Microsoft on April 13, a patch for CVE-2021-31207 was shipped as part of the Windows maker's May Patch Tuesday updates. https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html

Threats

Ransomware

• 70% of Cyber Pros Believe Cyber Insurance is Exacerbating Ransomware

• Nigerian Threat Actors Solicit Employees To Deploy Ransomware for Cut Of Profits

• FBI Shares Technical Details For Hive Ransomware

• New Ransomware Called LockFile Targets Microsoft Exchange Servers

• Researchers Find New Evidence Linking Diavol Ransomware To TrickBot Gang

• FBI Sends Its First-Ever Alert About A ‘Ransomware Affiliate’

Phishing

• That Email Asking For Proof Of Vaccination Might Be A Phishing Scam

• Phishing Could Have Cost Businesses $354m In Potential Direct Losses

Other Social Engineering

• Scammers Impersonate Europol Chief In An Effort To Defraud Belgians

• Man Admits Impersonating Apple Support Staff To Steal 620,000 Photos From iCloud Accounts

Malware

• 13 Million Malware Attacks On Linux Seen In Wild

• New SideWalk Backdoor Targets U.S.-Based Computer Retail Business

• Mozi Botnet Gains The Ability To Tamper With Its Victims’ Traffic

• Shadowpad Malware Is Becoming A Favourite Choice Of Chinese Espionage Groups

Mobile

• Dreadful Joker Virus That Can Empty Bank Accounts Returns: Remove These Apps On Your Device ASAP

• Pegasus iPhone Hacks Used As Lure In Extortion Scheme

IOT

• Mirai-Style Iot Botnet Is Now Scanning For Router-Pwning Critical Vuln In Realtek Kit

• IoT Market To Reach $1.5 Trillion By 2027, Security Top Priority

• Hackers Could Increase Medication Doses Through Infusion Pump Flaws

Vulnerabilities

• F5 Bug Could Lead To Complete System Takeover

• Multiple Products Impacted By OpenSSL RCE vulnerability

• Microsoft Breaks Silence On Barrage of ProxyShell Attacks

• Atlassian Warns Of Critical Confluence Flaw

• VMware Issues Patches To Fix New Flaws Affecting Multiple Products

• Critical Flaw Discovered In Cisco APIC for Switches — Patch Released

• New Ryzen Chipset Driver Patches Security Vulnerabilities

• CISA Warns Admins To Urgently Patch Exchange ProxyShell Bugs

• Attackers Actively Exploiting Realtek SDK Flaws

• Google Issues Warning For 2 Billion Chrome Users

Data Breaches/Leaks

• Guernsey Data Authority Imposed Sanctions On 11 Firms For Breaches Last Year

• Data Leak Exposed 38 Million Records, Including COVID-19 Vaccination Statuses

• Nokia Subsidiary Discloses Data Breach After Conti Ransomware Attack

• T-Mobile Breach Hits 53 Million Customers As Probe Finds Wider Impact

Organised Crime & Criminal Actors

• Infamous Hacker Group Claims To Be Selling Data From Over 70 Million AT&T Customers, According To A Privacy Group 

Cryptocurrency/Cryptojacking

• Man Sues Parents Of Teens Who Hijacked Nearly $1M In Bitcoin

• Coinbase Accounts Hacked As Bitcoin Hovers Near $50k

Insider Threats

• Employees Participating In Unethical Behaviours To Help An Organisation Actually Harm Themselves

DoS/DDoS

• Cloudflare says it stopped the largest DDoS attack ever reported

• Botnet Generates One Of The Largest DDoS Attacks On Record

OT, ICS, IIoT and SCADA

• ICS Vulnerabilities Disclosed In H1 2021 Rose By 41%

Nation State Actors

• Spies for Hire: China’s New Breed Of Hackers Blends Espionage And Entrepreneurship

• InkySquid State Actor Exploiting Known IE Bugs

• US Media, Retailers Targeted By New SparklingGoblin APT

Cloud

• 40% of SaaS (Cloud) Assets Are Unmanaged, Putting Companies At Risk For Data Leaks

Privacy

• Phones Of Nine Bahraini Activists Found To Have Been Hacked With NSO Spyware

Other News

• Razer bug lets you become a Windows 10 admin by plugging in a mouse

• Cyber Security Market Soaring As Threats Target Commercial And Govt Organisations

• UK to overhaul privacy rules in post-Brexit departure from GDPR

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

A Third of Global Companies Have Experienced Ransomware Attack, Survey Finds

Roughly a third of large international companies have faced a ransomware attack or other data breach in the last 12 months, according to a new survey.

Analysts surveyed almost 800 companies and found 37% of international companies experienced ransomware attacks this past year. The survey focused on companies with more than 500 employees.

https://www.vice.com/en/article/jg84q3/a-third-of-global-companies-have-experienced-ransomware-attack-survey-finds

Company Size Is A Nonissue With Automated Cyber Attack Tools

Even with plenty of old problems to contend with, firms need to get ready for new and more powerful automated ransomware tools.

Cyber criminals are constantly looking for the best return on their investment and solutions that lower the chance of being caught. Sadly, that appears to mean small businesses are their current target of opportunity.

Tech media and cyber pundits have been sounding the alarm and offering small businesses specific cybersecurity solutions for a few years now, but it seems to no avail.

https://www.techrepublic.com/article/company-size-is-a-nonissue-with-automated-cyberattack-tools/

Over 60% Of Employees Reuse Passwords Across Business And Personal Accounts

Nearly two thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue. Surprisingly, 97% of employees know what constitutes a strong password, yet over half (53%) admit to not always using one.

http://hrnews.co.uk/over-60-of-employees-reuse-passwords-across-business-and-personal/

LockBit 2.0 Ransomware Proliferates Globally 

Fresh attacks target companies’ employees, promising millions of dollars in exchange for valid account credentials for initial access.

The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.

https://threatpost.com/lockbit-ransomware-proliferates-globally/168746/

Secret Terrorist Watchlist With 2 Million Records Exposed Online

A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.

The list was left accessible on an Elasticsearch cluster that had no password on it.

https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/

Phishing Costs Nearly Quadrupled Over 6 Years

Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not pay-outs to crooks.

Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large US companies are now losing, on average, $14.8 million annually, or $1,500 per employee.

That’s up sharply from 2015’s figure of $3.8 million, according to a new study from Ponemon Institute that was sponsored by Proofpoint.

According to the study, released Tuesday, phishing leads to some of the costliest cyber attacks.

https://threatpost.com/phishing-costs-quadrupled/168716/

Security Teams Report Rise In Cyber Risk

A recent report shows declining confidence in many organisations’ security function to address today’s threats.

80% of respondents to the Trend Micro’s biannual Cyber Risk Index (CRI) report said they expect to experience a data breach that compromises customer data in the next 12 months.

The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets.

Organisations are overwhelmed as they pivot from traditional to distributed networks. Pandemic-driven work-from-home growth is potentially how businesses will be run going forward. That distributed network means that it’s harder for IT staff to know what assets are under their control and what security controls should be in place. With the line blurring between corporate and personal assets, organizations are overwhelmed with the pace of change.

https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html

Organisations Aware Of The Importance Of Zero Trust, Yet Still Relying On Passwords

Organisations have become more security conscious over the course of the pandemic, leading them to invest heavily in zero trust, according to a new study.

The report surveyed over 600 global security leaders about their initiatives and found that remote work has led to a change in how organizations view the importance of zero trust, with financial services, healthcare organisations and the software industry seeing the most significant progress.

78% of companies globally say that zero trust has increased in priority and nearly 90% are currently working on a zero trust initiative, up from just 41% a year ago.

https://www.helpnetsecurity.com/2021/08/11/importance-of-zero-trust/

Reliance On Third Party Workers Making Companies More Vulnerable To Cyber Attacks

A new survey revealed 83% of respondents agree that because organisations increasingly rely on contractors, freelancers, and other third party workers, their data systems have become more vulnerable to cyber attacks.

Further, 88% of people say organisations and government entities must have better data security systems in place to protect them from the increase in third party remote attacks.

Recent high-profile breaches, including SolarWinds, Colonial Pipeline, and JBS Foods, have exposed how vulnerable organisations are to cyber crime and in particular ransomware attacks. Of note with recent attacks is how data breaches can quickly affect aspects of everyday life, such as the ability to fill a car with petrol or buy meat at the supermarket.

https://www.helpnetsecurity.com/2021/08/16/reliance-on-third-party-workers/

The Cyber Security Skills Gap Persists For The Fifth Year Running

Most organisations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.

https://www.techrepublic.com/article/the-cybersecurity-skills-gap-persists-for-the-fifth-year-running/

T-Mobile Hack Is A Return To The Roots Of Cyber Crime

In the world of cyber crime, ransomware attacks might be the sophisticated bank heists. The hack of T-Mobile is more akin to smashing a window, grabbing merchandise, and running.

The attack that exposed the personal information of millions of T-Mobile customers spotlights a common type of cyber threat that can inflict significant damage to consumers, much like the recent rash of ransomware attacks hitting companies.

The breach exposed the data of more than 40 million people, T-Mobile confirmed Wednesday, including customer’s full names and driver’s license information. A hacker posted about the stolen information on a cyber crime forum late last week, offering to sell the information to buyers for the price of six bitcoin, or about $270,000.

This type of attack, in which hackers worm their way into companies’ systems, steal data and try to sell it online, has been a common tactic for years, cyber security experts say. Unlike the high-profile ransomware attacks that have disrupted fuel supplies, hospital systems and food production in recent months, these data exfiltration hacks do not lock down computer systems.

https://www.washingtonpost.com/technology/2021/08/19/tmobile-breach-data-hacks/

Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks

The first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, a new report reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May.

Bad actors continue to utilise phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on.

https://www.helpnetsecurity.com/2021/08/19/phishing-attacks-h1-2021/

Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily

A new report has shined a light on the state of connected devices. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020). These devices include medical and manufacturing devices that are critical to business operations along with network devices, IP phones, video surveillance cameras and facility devices (such as badge readers) that are not designed with security in mind, cannot be patched, and cannot support endpoint security agents.

With almost half of devices in the network that are either agentless or un-agentable, organisations need to complement their endpoint security strategy with a network-based security approach to discover and secure these devices.

https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/

Threats

Ransomware

• John Oliver On Ransomware Attacks: ‘It’s In Everyone’s Interest To Tet This Under Control’

• Hospitals Hamstrung By Ransomware Are Turning Away Patients

• Half Of US Hospitals Shut Down Networks Due To Ransomware

• Device Complexity Leaving Schools At Heightened Risk Of Ransomware Attacks

• This Ransomware Has Returned With New Techniques To Make Attacks More Effective

• Diavol Ransomware Sample Shows Stronger Connection To TrickBot Gang

• Ransomware Criminals' Demands Rise As Aggressive Tactics Pay Off

BEC

• 23 Charged Over Covid-19 Business Email Compromise Fraud

Phishing

• "Jigsaw Puzzle" Phishing Attacks Use Morse Code To Hide

• Cyber Attackers Embrace CAPTCHAs To Hide Phishing, Malware

• WordPress Sites Abused In Aggah Spear-Phishing Campaign

• This Microsoft 365 Spear-Phishing Campaign Has Been Running Riot For Over A Year

Other Social Engineering

• Delivery Scams Most Prominent Form Of Smishing

Malware

• Malware Campaign Uses Clever 'Captcha' To Bypass Browser Warning

• Malware Dev Infects Own PC And Data Ends Up On Intel Platform

• Researchers Discover New AdLoad Malware Campaigns Targeting Macs And Apple Products

Mobile

• How Hackers Can Use Message Mirroring Apps To See All Your SMS Texts — And Bypass 2FA Security

IOT

• Amazon Sidewalk Highlights Network Security Visibility Risks Consumer Services Pose

Vulnerabilities

• Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly A Million IoT Devices

• Unpatched Remote Hacking Flaw Disclosed In Fortinet's FortiWeb WAF

• Linux Glibc Security Fix Created A Nastier Linux Bug

• 65 Vendors Affected By Severe Vulnerabilities In Realtek Chips

• Eight-Year-Old Bug In Microsoft's 64-Bit VBA Prompts Complaints Of Neglect

• Cisco Won’t Fix Zero-Day RCE Vulnerability In End-Of-Life VPN Routers

• Adobe Addresses Two Critical Vulnerabilities In Photoshop

Data Breaches/Leaks

• Chase Bank Accidentally Leaked Customer Info To Other Customers

• Colonial Pipeline Reports Data Breach After May Ransomware Attack

• Ford Bug Exposed Customer And Employee Records From Internal Systems

Dark Web

• Dark Web Blockchain Analysis Tool Suspended After Flurry Of Media Coverage

• Dark Web Drug Dealer Indicted For Laundering $137 Million In Bitcoin From Prison

• Dark Web Criminals Have Built A Tool That Checks For Dirty Bitcoin

Supply Chain

DoS/DDoS

• Attackers Can Weaponize Firewalls And Middleboxes For Amplified DDoS Attacks

• Botnet Generates One of the Largest DDoS Attacks on Record

OT, ICS, IIoT and SCADA

• Mysterious Hacker Group Suspected In July Cyber Attack On Iranian Trains

Nation State Actors

• Chinese Espionage Tool Exploits Vulnerabilities In 58 Widely Used Websites

• North Korea Hackers Spreading Malware Via Browser Exploits

Cloud

• The Overlooked Security Risks Of The Cloud

Other News

• Blackbaud – Firm That Paid Off Crooks After 2020 Ransomware Attack – Fails To Get California Privacy Law Claim Dropped

• Threat Actors Hacked US Census Bureau In 2020 By Exploiting A Citrix Flaw

• Cyber Security Is Top Priority For Enterprises As They Shift To Digital-First Operating Models

• SMEs Awareness Of GDPR Is High, But Few Adhere To Its Legal Requirements

• Hacker Finds A Way To Steal Windows 365 User Names And Passwords

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

SMBs Increasingly Vulnerable To Ransomware, Despite The Perception They Are Too Small To Target

A new report this week warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year. The report revealed that during the first half of 2021, 4 out of 5 organisations experienced a cyber security breach originating from a vulnerability in their third-party vendor ecosystem. That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than $100,000.

https://www.helpnetsecurity.com/2021/08/10/smbs-ransomware/

May 2021 Saw A 440% Increase In Phishing, The Single Largest Phishing Spike On Record

In May 2021, a report revealed a 440% increase in phishing, holding the record for the single largest phishing spike in a single month. It also showed that industries such as oil, gas and mining saw a 47% increase in the same six-month period, with manufacturing and wholesale traders seeing a 32% increase. The report extends its yearly threat intelligence report, with updated metrics between January 1 and June 30 2021. It also investigates the latest trends in malware, phishing and crypto exchanges.

https://www.infosecurity-magazine.com/news/may-phishing-increase-webroot/

Users Can Be Just As Dangerous As Hackers

Most organisations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad. Most organisations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding. However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce. All these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of protecting against outside attackers. However, e2ee also resists internal governance and compliance programs.

https://thehackernews.com/2021/08/users-can-be-just-as-dangerous-as.html?m=1

With Crime-As-A-Service, Anyone Can Be An Attacker

Crime-as-a-Service (CaaS) is the practice of experienced cybercriminals selling access to the tools and knowledge needed to execute cyber crime – in particular, it’s often used to create phishing attacks. For hackers, phishing is one of the easiest ways to steal your organisation’s data. Traditionally, executing a successful phishing campaign required a seasoned cyber criminal with technical expertise and knowledge of social engineering. However, with the emergence of CaaS, just about anyone can become a master of phishing for a small fee.

https://www.helpnetsecurity.com/2021/08/03/crime-as-a-service/

The Rise Of Cloud Is Creating Security Blindspots

Businesses are growing increasingly reliant on cloud services, but with all the good, businesses must also face the bad, according to a new report which says that the rise of cloud means greater complexity and more security blind spots.

Increased expansion into the cloud has led to new risks. All of the respondents in the report had suffered at least one incident in their public cloud environment in the last year, with 30 percent saying they had no formal sign-off before pushing to production.

https://www.itproportal.com/news/the-rise-of-cloud-is-creating-security-blindspots/

Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily

A report has been released on the state of connected devices. The 2021 study addresses pandemic-related cyber security challenges, including the growth of connected devices and related increase of security risks from these devices as threat actors took advantage of chaos to launch attacks. The study incorporates security risk and trend analysis of anonymized data for the past 12 months (June 2020 through June 2021) across the company’s 500+ deployments in healthcare, life sciences, retail, and manufacturing verticals. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020).

https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/

The Value Of PII And How It Still Fuels Malign Activities In The Digital Ecosystem

The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums, an Intelligence report reveals. The research analysed the value of personally identifiable information (PII), drawing links between the breach economy, PII, and a range of emerging digital threats to executives and brands.

https://www.helpnetsecurity.com/2021/08/10/pii-value-digital-ecosystem/

Ransomware Payments Explode Amid ‘Quadruple Extortion’

Two reports slap hard figures on what’s already crystal clear: Ransomware attacks have skyrocketed, and ransomware payments are the comet trails that have followed them skyward. The average ransomware payment spiked 82 percent year over year: It’s now over half a million dollars, according to the first-half 2021 update report. As far as the sheer multitude of attacks goes, researchers on Thursday reported that they’ve identified and analysed 121 ransomware incidents so far in 2021, a 64 percent increase in attacks, year-over-year.

https://threatpost.com/ransomware-payments-quadruple-extortion/168622/

Hackers Netting Average Of Nearly $10,000 For Stolen Network Access

A new report from a cyber security company has spotlighted the thriving market on the dark web for network access that nets cyber criminals thousands of dollars. Researchers have examined network access sales on underground Russian and English-language forums before compiling a study on why criminals sell their network access and how criminals transfer their network access to buyers. More than 37% of all victims in a sample of the data were based in North America while there was an average price of $9,640 and a median price of $3,000.

https://www.zdnet.com/article/hackers-netting-average-of-nearly-10000-for-stolen-network-access/

1M Stolen Credit Cards Hit Dark Web For Free

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cyber criminal site dedicated to…selling payment-card credentials. Researchers noticed the leak of the payment-card data during a “routine monitoring of cyber crime and Dark Web marketplaces,” researchers said in a post published over the weekend. The cards were published on an underground card-selling market, AllWorld.Cards, and stolen between 2018 and 2019, according to info posted on the forum.

https://threatpost.com/1m-stolen-credit-cards-dark-web/168514/

Ransomware Group Demanding $50M In Accenture Security Breach

The hacker group behind a ransomware attack on global solution provider giant Accenture has made a ransom demand for $50 million, according to a cyber security firm that reports seeing the demand. The threat actor is demanding the $50 million in exchange for more than 6 TB of data, according to a tweet.

https://www.crn.com/news/security/ransomware-group-demanding-50m-in-accenture-security-breach-cyber-firm

Threats

Ransomware

• Top 5 Ransomware Operators By Income

• Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities

• Hackers Reportedly Threaten To Leak Data From Gigabyte Ransomware Attack

• Bitcoin Ransomware Hackers Hit Accenture

• Why Ransomware Is Such A Threat To Critical Infrastructure

• Ransomware Demands And Payments Hit New Records

• Synology Warns Of Malware Infecting NAS Devices With Ransomware

Phishing

• AI Wrote Better Phishing Emails Than Humans In A Recent Test

Other Social Engineering

• Cyber Fraud Shifts To Gaming, Travel And Leisure, Report Finds

Malware

• Discord Malware Is A Persistent And Growing Threat Warns Sophos

• Microsoft Warning: This Unusual Malware Attack Has Just Added Some New Tricks

• Experts Shed Light On New Russian Malware-As-A-Service Written In Rust

• IISpy: A Complex Server‑Side Backdoor With Anti‑Forensic Features

• Anatomy Of Native IIS Malware

Mobile

• A 5G Shortcut Leaves Phones Exposed to Stingray Surveillance

• Beware! New Android Malware Hacks Thousands of Facebook Accounts

IOT

• A Critical Random Number Generator Flaw Affects Billions Of IoT Devices

Vulnerabilities

• Microsoft's August 2021 Patch Tuesday: 44 Flaws Fixed, Seven Critical Including Print Spooler Vulnerability

• Microsoft Confirms There's Yet Another New Windows Print Spooler Security Bug

• Microsoft Exchange Server: Threat Actors Actively Scanning For Proxyshell Vulnerability, Researchers Warn

• Magento Update Released To Fix Critical Flaws Affecting E-Commerce Sites

• Vulnerability Found In Kindle E-Reader

• Got A Cheap Cisco Router In Your Home Office? If It's One Of These, There's An Exposed RCE Hole You Need To Plug

Organised Crime & Criminal Actors

• Attackers Started Exploiting a Router Vulnerability Just 2 Days After Its Disclosure

• Hackers Steal $600 Million In Crypto From DeFi Site Poly Network

Dark Web

• 1M Stolen Credit Cards Hit Dark Web For Free

Supply Chain

• MSSPs Particularly Vulnerable To Cisco FDM Flaw

DoS/DDoS

• Attackers Increasingly Turning to DDoS As A Ransom Vector

Nation State Actors

• Briton Suspected Of Spying For Russia Arrested In Germany

• Putin Is Crushing Biden’s Room To Negotiate On Ransomware

Cloud

• Data Of Three Million Elderly Citizens Exposed In Cloud Security Oversight

• AWS S3 Can Be A Security Risk For Your Business

Privacy

• UN Human Rights Experts Call For Spyware Crackdown

• Apple Says ‘Screeching Minority” Who Object Against Their Photos Being Scanned For The Police ‘Have Misunderstanding’

• Is Your Router Giving Away Your Location?

Other News

• The Challenges Healthcare CISOs Face In An Evolving Threat Landscape

• Hacker Shares The Scariest Things He's Seen On The Dark Web

• Researchers Develop RISC-V Chip for Quantum-Resistant Encryption

• Quantum Computers Could Threaten Blockchain Security. These New Defenses Might Be The Answer

• Saving Money By Holding Onto Old Tech Is Costing Us All Billions

• Unwanted Bot Traffic Costs Businesses $250 Million A Year

• Attacks Against Industrial Networks Will Become A Bigger Problem. We Need To Fix Security Now

• Kaseya's Universal Revil Decryption Key Leaked On A Hacking Forum

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Volumes Hit Record Highs As 2021 Wears On

Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks. To put that in perspective, the firm logged 304.6 million ransomware attempts for the entirety of 2020.

https://threatpost.com/ransomware-volumes-record-highs-2021/168327/

Ransomware Gangs Recruiting Insiders To Breach Corporate Networks

The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims' networks and encrypt devices. Any ransom payments that victims make are then split between the core group and the affiliate, with the affiliate usually receiving 70-80% of the total amount. However, in many cases, the affiliates purchase access to networks from other third-party pentesters rather than breaching the company themselves. With LockBit 2.0, the ransomware gang is trying to remove the middleman and instead recruit insiders to provide them access to a corporate network.

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/

More Than 12,500 Vulnerabilities Disclosed In First Half Of 2021

Two new reports were released, covering data breaches and vulnerabilities in the first half of 2021, finding that there was a decline in the overall number of reported breaches but an increase in the number of vulnerabilities disclosed.  The company's data breach report found that there were 1,767 publicly reported breaches in the first six months of 2021, a 24% decline compared to the same period last year. The number of reported breaches grew in the US by 1.5% while 18.8 billion records were exposed year to date, a 32% decline compared to the 27.8 billion records leaked in the first half of 2020.

https://www.zdnet.com/article/more-than-12500-vulnerabilities-disclosed-in-first-half-of-2021-risk-based-security/

New DNS Vulnerability Allows 'Nation-State Level Spying' On Companies

Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.

DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organisations that do not want to manage and secure yet another network asset on their own.

These DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration.

https://www.bleepingcomputer.com/news/security/new-dns-vulnerability-allows-nation-state-level-spying-on-companies/

Constant Review Of Third Party Security Critical As Ransomware Threat Climbs

Enterprises typically would give their third-party suppliers "the keys to their castle" after carrying out the usual checks on the vendor's track history and systems, according to a New York-based Forrester analyst who focuses on security and risk. They believed they had done their due diligence before establishing a relationship with the supplier, but they failed to understand that they should be conducting reviews on a regular basis, especially with their critical systems suppliers. Third-party suppliers should have the ability to deal with irregular activities in their systems and the appropriate security architecture in place to prevent any downstream effects, he added.

https://www.zdnet.com/article/constant-review-of-third-party-security-critical-as-ransomware-threat-climbs/

Kaseya Ransomware Attack Sets Off Race To Hack Service Providers

A ransomware attack in July that paralyzed as many as 1,500 organisations by compromising tech-management software from a company called Kaseya has set off a race among criminals looking for similar vulnerabilities, cyber security experts said. An affiliate of a top Russian-speaking ransomware gang known as REvil used two gaping flaws in software from Florida-based Kaseya to break into about 50 managed services providers (MSPs) that used its products, investigators said. Now that criminals see how powerful MSP attacks can be, "they are already busy, they have already moved on and we don’t know where," said head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.

https://www.reuters.com/technology/kaseya-ransomware-attack-sets-off-race-hack-service-providers-researchers-2021-08-03/

‘It’s Quite Feasible To Start A War’: Just How Dangerous Are Ransomware Hackers?

Secretive gangs are hacking the computers of governments, firms, even hospitals, and demanding huge sums. But if we pay these ransoms, are we creating a ticking time bomb? They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.

https://www.theguardian.com/technology/2021/aug/01/crypto-criminals-hack-the-computer-systems-of-governments-firms-even-hospitals

Joint UK/US Advisory Detailing Top 30 Vulnerabilities Include Plenty Of Usual Suspects

A joint advisory from law enforcement agencies in the US, UK, and Australia this week tallied the 30 most-frequently exploited vulnerabilities. Perhaps not surprisingly, the list includes a preponderance of flaws that were disclosed years ago; everything on the list has a patch available for whoever wants to install it. But as we've written about time and again, many companies are slow to push updates through for all kinds of reasons, whether it's a matter of resources, know-how, or an unwillingness to accommodate the downtime often necessary for a software refresh. Given how many of these vulnerabilities can cause remote code execution—you don't want this—hopefully they'll start to make patching more of a priority.

https://www.wired.com/story/top-vulnerabilities-russia-nso-group-iran-security-news/

Average Total Cost Of A Data Breach Increased By Nearly 10% Year Over Year

Based on in-depth analysis of real-world data breaches experienced by over 500 organisations, the global study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year. Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic. The new findings suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.

https://www.helpnetsecurity.com/2021/07/29/total-cost-data-breach/

65% Of All DDoS Attacks Target US And UK

Distributed denial of service (DDoS) attacks are common for cyber criminals who want to disrupt online-dependent businesses. According to the data analysed by a VPN team, 65% of all distributed denial of service (DDoS) attacks are directed at the US or UK. Computers and the internet industry are the favourite among cyber criminals. The United States was a target for 35% of all DDoS attacks in June 2021. Cyber criminals launched DDoS attacks against Amazon Web Services, Google, and other prominent US-based companies in the past. The United Kingdom comes second as it fell victim to 29% of all DDoS attacks. As the UK has many huge businesses, they often are targeted by hackers for valuable data or even a ransom. China was threatened by 18% of all DDoS attacks in June 2021. Assaults from and to China happen primarily due to political reasons, to interrupt some government agency.

https://www.pcr-online.biz/2021/08/05/65-of-all-ddos-attacks-target-us-and-uk/

Threats

Ransomware

• Ransomware Attempt Volume Sets Record, Reaches More Than 300 Million For First Half Of 2021: SonicWall

• Ransomware Attacks Rise Despite US Call For Clampdown On Cyber Criminals

• Isle Of Wight Schools Hit By Ransomware Attack

• BlackMatter Ransomware Gang Rises From The Ashes Of DarkSide, Revil

• Criminals Are Using Call Centres To Spread Ransomware In A Crafty Scheme

Phishing

• Phishing Campaign Dangles SharePoint File-Shares

• Microsoft Warns Office 365 Users Over This Sneaky Phishing Campaign

• Spear Phishing Now Targets Employees Outside The Finance And Executive Teams, Report Says

Other Social Engineering

• Bazarcaller – The Malware Gang That Talks You Into Infecting Yourself

Malware

• A Wide Range Of Cyber Attacks Leveraging Prometheus TDS Malware Service

• Several Malware Families Targeting IIS Web Servers With Malicious Modules

• Cyber Criminals Spoof Brave Browser Website To Push Malware

• Microsoft: This Windows And Linux Malware Does Everything It Can To Stay On Your Network

• Discord Once Again Found To Be Hosting Malware Payloads

Mobile

• An Explosive Spyware Report Shows Limits Of IOS, Android Security

• This Android Malware Steals Your Data In The Most Devious Way

• The Latest Android Bank-Fraud Malware Uses A Clever Tactic To Steal Credentials

Vulnerabilities

• Code Execution Flaw Found In Cisco Firepower Device Manager On-Box Software

• Cisco Issues Critical Security Patches To Fix Small Business VPN Router Bugs

• Decade-Long Vulnerability In Multiple Routers Could Allow Network Compromise

• Security Researchers Warn Of TCP/IP Stack Flaws In Operational Technology Devices

• PwnedPiper PTS Security Flaws Threaten 80% of Hospitals In The U.S.

• Researchers Highlight Windows Laptop TPM Vulnerabilities

Data Breaches

• Threat Actors Leaked Data Stolen From EA, Including FIFA Code

• Hackers Breach San Diego Hospital, Gaining Access To Patients'... Well, Uh, Everything

• Amazon Fined $886M For Alleged Data Breach

OT, ICS, IIoT and SCADA

• Novel Meteor Wiper Used In Attack That Crippled Iranian Train System

Organised Crime & Criminal Actors

• Critical Cobalt Strike Bug Leaves Botnet Servers Vulnerable To Takedown

Cryptocurrency/Cryptojacking

• Raccoon Stealer-As-A-Service Will Now Try To Grab Your Crypto Currency

Supply Chain

• Supply Chain Attacks Are Getting Worse, And You Are Not Ready For Them

Nation State Actors

• Here's 30 Servers Russian Intelligence Uses To Fling Malware At The West, Beams RiskIQ

• Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus

• New Chinese Spyware Being Used In Widespread Cyber Espionage Attacks

• Suspected Chinese Hackers Took Advantage Of Microsoft Exchange Vulnerability To Steal Call Records

• Iranian APT Lures Defense Contractor In Catfishing-Malware Scam

• Chinese Hackers Target Major Southeast Asian Telecom Companies

Cloud

• The Rise Of Cloud Is Creating Security Blind Spots

Reports Published in the Last Week

• APT Trends Report Q2 2021

• Spam and Phishing in Q2 2021

Other News

• It's Time To Improve Linux's Security

• Leaked Document Says Google Fired Dozens Of Employees For Data Misuse

• Hybrid Work Is Here To Stay – But What Does That Mean For Cyber Security?

• Huawei To America: You're Not Taking Cyber Security Seriously Until You Let China Vouch For Us

• Windows 11's Strict Hardware Requirements Cannot Be Bypassed, Microsoft Admits, "We Know It Sucks... We Will Still Block You"

• Trusted Platform Module Security Defeated In 30 Minutes, No Soldering Required

• NSA Warns Public Networks Are Hacker Hotbeds

• Credit-Card-Stealing, Backdoored Packages Found In Python's PyPi Library Hub

• Apple Plans To Scan US IPhones For Child Abuse Imagery

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Workers Ignore Security Risks To Maximize Productivity

A large proportion of employees often take shortcuts to optimize productivity at work, despite understanding the security risks, new data suggests. According to a survey which polled 8,000 workers worldwide, almost four in five (79%) have engaged in one or more “risky activity” in the past twelve months. In a third of cases (35%), this involved saving passwords to their browser. A similar percentage admitted to using a single password across multiple online accounts, while 23% connected personal devices to corporate networks.

https://www.itproportal.com/news/many-workers-ignore-security-risks-to-maximize-productivity/

Financial Services Accounting For Nearly 40% Of All Phishing URLs

A report was released for H1 2021, which revealed that there has been a major jump in phishing attacks since the start of the year with a 281 percent spike in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected for June alone. For this 6-month window researchers identified Crédit Agricole as the most impersonated brand, with 17,555 unique phishing URLs, followed by Facebook, with 17,338, and Microsoft, with 12,777.

https://www.helpnetsecurity.com/2021/07/22/financial-services-phishing/

Half Of Organisations Are Ineffective At Countering Phishing And Ransomware Threats

Half of organisations are not effective at countering phishing and ransomware threats. The findings come from a study compiled from interviews with 130 cyber security professionals in mid-sized and large organisations. “Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,”. “Organisations need multi-layered defences in place to mitigate these risks.”

https://www.helpnetsecurity.com/2021/07/19/countering-phishing-and-ransomware/

36% Of Organisations Suffered A Serious Cloud Security Data Leak Or A Breach In The Past Year

As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks—and the costs of addressing them—are increasing. The findings are part of the State of Cloud Security 2021 survey. The survey of 300 cloud pros (including cloud engineers; security engineers; DevOps; architects) found that 36% of organisations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they’re vulnerable to a major data breach related to cloud misconfiguration. 64% say the problem will get worse or remain unchanged over the next year.

https://www.helpnetsecurity.com/2021/07/27/cloud-security-data-leak/

HP Finds 75% Of Threats Were Delivered By Email In First Six Months Of 2021

According to the latest HP Report, email is still the most popular way for malware and other threats to be delivered, with more than 75% of threats being sent through email messages.  The report -- covering the first half of 2021 -- is compiled based on customers who opt to share their threat alerts with the company. HP's researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools can solve CAPTCHA challenges using computer vision techniques.

https://www.zdnet.com/article/hp-finds-75-of-threats-were-delivered-by-email-in-first-six-months-of-2021/

Data Breach Costs Hit Record High Due To Pandemic

Data breaches have always proved costly for victimized organisations. But the coronavirus pandemic made a bad situation even worse. A report released Wednesday looks at how and why the average cost of dealing with a data breach has jumped to a new high. The average cost of a data breach among companies surveyed reached $4.24 million per incident, the highest in 17 years.

https://www.techrepublic.com/article/data-breach-costs-hit-record-high-due-to-pandemic/

Top 30 Critical Security Vulnerabilities Most Exploited By Hackers

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors can swiftly weaponize publicly disclosed flaws to their advantage. The top 30 vulnerabilities span a wide range of software, including remote work, virtual private networks (VPNs), and cloud-based technologies, that cover a broad spectrum of products from Microsoft, VMware, Pulse Secure, Fortinet, Accellion, Citrix, F5 Big IP, Atlassian, and Drupal.

https://thehackernews.com/2021/07/top-30-critical-security.html

Average Time To Fix High Severity Vulnerabilities Grows From 197 Days To 246 Days In 6 Months: Report

A recent report has found that the remediation rate for severe vulnerabilities is on the decline, while the average time to fix is on the rise. The report, which is compiled monthly, covers window of exposure, vulnerability by class and time to fix. The latest report found that the window of exposure for applications has increased over the last six months while the top-5 vulnerability classes by prevalence remain constant, which the researchers behind the report said was a "systematic failure to address these well-known vulnerabilities." According to researchers, the time to fix vulnerabilities has dropped 3 days, from 205 days to 202 days. The average time to fix is 202 days, the report found, representing an increase from 197 days at the beginning of the year. The average time to fix for high vulnerabilities grew from 194 days at the beginning of the year to 246 days at the end of June.

https://www.zdnet.com/article/average-time-to-fix-high-vulnerabilities-grows-from-197-days-to-246-days-in-6-months-report/

Why Remote Working Leaves Us Vulnerable To Cyber Attacks

An industry survey found 56% of senior IT technicians believe their employees have picked up bad cyber security habits while working from home. For Example. A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack - US Independence Day, 4 July. They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers. Many firms were forced into a costly downtime period as a result. Among those targeted during the incident was a well-known software provider, Kaseya. REvil used Kaseya as a conduit to spread its ransomware - a malware that can scramble and steal an organisation's computer data - through other corporate and cloud-based networks that use the software.

https://www.bbc.co.uk/news/business-57847652

Stop Mitigating Cyber Security Threats And Start Preventing Them

The impacts of a successful cyber attack can be devastating. Through multiple forms of extortion, criminals can use stolen data and other business-critical assets, including sensitive financial and customer data to hold companies hostage with just one campaign. The average cost of a phishing attack last year was $832,500, with zero-day attacks costing around $1,238,000. Spending this amount of money to recover from a cyber attack could bring a company to its knees. Today’s cyber attacks present very real existential threats to businesses and C-level executives are beginning to fully realize the gravity of these threats. It is critical that organizations invest in solutions that are going to help stop these attackers before they enter their environments.

https://www.itproportal.com/features/stop-mitigating-cybersecurity-threats-and-start-preventing-them/

Threats

Ransomware

• Babuk Ransomware Decryptor Causes Encryption 'Beyond Repair'

• Ransomware Can Penetrate Quickly, Significantly Damaging An Organisation

• BlackMatter Ransomware Targets Companies With Revenue Of $100 Million And More

• LockBit Ransomware Now Encrypts Windows Domains Using Group Policies

• FBI Tracking More Than 100 Active Ransomware Groups

• The World's Top Ransomware Gangs Have created A cyber Crime "Cartel"

Social Engineering

• Average Organisation Targeted By Over 700 Social Engineering Attacks Each Year: Report

• These Hackers Built An Elaborate Online Profile To Fool Their Targets Into Downloading Malware

• FIN7’s Liquor Lure Compromises Law Firm With Backdoor

Malware

• Cisco Researchers Spotlight Solarmarker Malware

• Hackers Exploit Microsoft Browser Bug To Deploy VBA Malware On Targeted PCs

• Some Windows 11 Installers Infect Your PC With Malware

• Microsoft Warns Of LemonDuck Malware Targeting Windows and Linux Systems

• Discord CDN And API Abuses Drive Wave Of Malware Detections

• Japanese Computers Hit By A Wiper Malware Ahead Of 2021 Tokyo Olympics

Mobile

• New Android Malware Uses VNC To Spy And Steal Passwords From Victims

• UBEL Is The New Oscorp — Android Credential Stealing Malware Active In The Wild

Vulnerabilities

• Microsoft Warns Of Credential Stealing NTLM Relay Attacks Against Windows Domain Controllers

• VPN Servers Seized By Ukrainian Authorities Weren’t Encrypted

• Web Applications Have Become A Security Liability

• Hackers Have Found Yet Another Way To Attack Kubernetes Clusters

• Windows 10 Printer Problems Persist Following Latest Security Update

• Microsoft Rushes Fix For ‘PetitPotam’ Attack PoC

• Apple Releases Urgent 0-Day Bug Patch For Mac, iPhone And iPad Devices

• Researchers Warn Of Unpatched Kaseya Unitrends Backup Vulnerabilities

• New Linux Kernel Bug Lets You Get Root On Most Modern Distros

• Dozens Of Web Apps Vulnerable To DNS Cache Poisoning Via ‘Forgot Password’ Feature

• Nasty MacOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Data Breaches

• Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable In Massive Data Breach

• Gun Owners' Fears After Firearms Dealer Data Breach

Organised Crime & Criminal Actors

• Threat Actor Offers Clubhouse Secret Database Containing 3.8b Phone Numbers

• Number Of Hacking Tools Increasing As Cyber Criminals Become More Organised

Dark Web

• How The Dark Web Enables Access To Corporate Networks

Supply Chain

• Kaseya Denies Paying Ransom For Decryptor, Refuses Comment On NDA

DoS/DDoS

• DSoS Attacks Are Up, With Ever-Greater Network Impact

Nation State Actors

• Chinese Hackers Implant PlugX Variant On Compromised MS Exchange Servers

• APT Group Hits IIS Web Servers With Deserialization Flaws And Memory-Resident Malware

Privacy

• Behind The Mercenary Spyware Industry

Reports Published in the Last Week

• DDoS Attack Trends For 2021 Q2

• Spear Phishing: Top Threats And Trends Volume 6

Other News

• PunkSpider—The Search Engine For Web Exploits—Rises From the Dead

• Biden Warns A ‘Real Shooting War’ Could Come From Cyber Breach

• Hackers Turning To 'Exotic' Programming Languages For Malware Development

• Discord Is Now An Essential Tool For Hackers

• Research Roadblock? Security Pros Weigh In On China’s New Vulnerability Disclosure Law

• For Hackers, Space Is The Final Frontier

• A DNS Outage Just Took Down A Large Chunk Of The Internet

• Ireland Sees Biggest Rise In Cyber Security Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

40% Fell Victim To A Phishing Attack In The Past Month

The global shift to remote work has exacerbated the onslaught, sophistication, and impact of phishing attacks, according to Ivanti. Nearly three-quarters (74%) of respondents said their organisations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month.

Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85% said those attempts are getting more sophisticated. In fact, 73% of respondents said that their IT staff had been targeted by phishing attempts, and 47% of those attempts were successful.

Smishing and vishing scams are the latest variants to gain traction and target mobile users. According to recent research by Aberdeen, attackers have a higher success rate on mobile endpoints than on servers – a pattern that is trending dramatically worse. Meanwhile, the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M.

https://www.helpnetsecurity.com/2021/07/23/risk-phishing-attacks/

Traditional Ransomware Defences Are Failing Businesses

Traditional cyber security strategies are failing to protect organisations from ransomware attacks, new research suggests. Based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defences set up at the time of the attack. However, attack methods have grown too sophisticated for traditional security measures to keep up. Many attacks (24 percent) still start with a successful phishing attempt, while almost a third (31 percent) see attacker enter the network through public cloud.

https://www.itproportal.com/news/traditional-ransomware-defenses-are-failing-businesses/

Cyber Security Risk: The Number Of Employees Going Around IT Security May Surprise You

Last month, a report was published highlighting challenges associated with enabling IT freedoms while ensuring tight security procedures. The findings detail a complex balancing act between IT teams and network users. Calibrating this equilibrium is particularly challenging in the age of remote work as employees log on and virtually collaborate via a host of digital solutions. Overall, the survey found that virtually all employees (93%) "are working around IT restrictions," and a mere 7% said they were "satisfied with their corporate IT restrictions." Interestingly, this information about IT workarounds does not match security leaders' and IT expectations.

https://www.techrepublic.com/article/cybersecurity-risk-the-number-of-employees-going-around-it-security-may-surprise-you/

740 ransomware victims named on data leak sites in Q2 2021: report

More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cyber security firm Digital Shadows.

Out of the almost 2,600 victims listed on ransomware data leak sites, 740 of them were named in Q2 2021, representing a 47% increase compared to Q1.

https://www.zdnet.com/article/740-ransomware-victims-named-on-data-leak-sites-in-q2-2021-report/

A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats

For decades, the cyber security industry has followed a defense-in-depth strategy, which allowed organisations to designate the battlefield against bad actors at their edge firewall. Nowadays, cyber criminals have become as creative as ever. New cyber threats are emerging every day, and with the constantly increasing rate of Ransomware, Phishing, etc. We’re forced to take a more dynamic approach when tackling these cyber threats on a day to day basis. Recent statistics demonstrate the scale of the cyber security issues faced by companies. In 2020, malware attacks increased by 358% and ransomware increased by 435%, and the average cost of recovering from a ransomware attack has doubled in the last 12 months, reaching almost $2 million in 2021.

https://www.helpnetsecurity.com/2021/07/13/dynamic-approach-cybersecurity-threats/

Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack

Campbell Conroy & O'Neil, P.C., a law firm handling hundreds of cases for the world's leading companies, has announced a large data breach that resulted from a ransomware attack in February.  In a statement, the law firm said it noticed unusual activity on its network on February 27. The firm later realized it was being hit with a ransomware attack and contacted the FBI as well as cyber security companies for help.

https://www.zdnet.com/article/law-firm-for-ford-boeing-exxon-marriott-walgreens-and-more-hacked-in-ransomware-attack/

UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack

The Government was hinting yet again at covertly using Britain’s own offensive cyber capabilities – hitting back at cyber attacks with cyber attacks of our own. This approach goes all the way back to 2013, when then defence secretary told the Conservative Party conference that the UK would “build a dedicated capability to counter-attack in cyber space and, if necessary, to strike in cyber space”.

https://www.telegraph.co.uk/world-news/2021/07/19/uk-allies-accuse-china-reckless-cyber-extortion-microsoft-hack/

Even after Emotet takedown, Office docs deliver 43% of all malware downloads now

Malware delivered over the cloud increased by 68% in Q2, according to data from cyber security firm Netskope.

The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter.

The report noted that cloud storage apps account for more than 66% of cloud malware delivery.

"In Q2 2021, 43% of all malware downloads were malicious Office docs, compared to just 20% at the beginning of 2020. This increase comes even after the Emotet takedown, indicating that other groups observed the success of the Emotet crew and have adopted similar techniques," the report said.

https://www.zdnet.com/article/even-after-emotet-takedown-office-docs-deliver-43-of-all-malware-downloads-now/

Gun Owners' Fears After Firearms Dealer Data Breach

Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a "security breach".

Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner's Office.

Police, including the National Crime Agency, are investigating.

One affected gun owner said he was afraid the breach could lead to his family being targeted by criminals.

Gun ownership is tightly controlled in the UK, making guns difficult to acquire, and potentially valuable on the black market.

The individual, who did not wish to be named, told the BBC the breach "seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger".

https://www.bbc.co.uk/news/technology-57932823  

Threats

Ransomware

• SpearTip Finds New Diavol Ransomware Does Steal Data

• The Ransomware Point Of Attack Is Sharper

• Ransomware Incident At Major Cloud Provider Disrupts Real Estate, Title Industry

• In The Fight Against Ransomware, Microsoft Must Do More

• Tracking Malware And Ransomware Domains In 2021

BEC

Phishing

• Google Chrome Now Comes With Up To 50x Faster Phishing Detection

Malware

• Leaked NSO Group Data Hints At Widespread Pegasus Spyware Infections

• This New Malware Hides Itself Among Windows Defender Exclusions To Evade Detection

• MacBook Users Beware! Hackers Are Buying $49 Malware To Wreak Havoc On MacOS

• New MosaicLoader Malware Targets Software Pirates Via Online Ads

• CISA Warns Of Stealthy Malware Found On Hacked Pulse Secure Devices

• This Password-Stealing Windows Malware Is Distributed Via Ads In Search Results

• Pirate Gamers, Beware: This Malware Targets You

Mobile

• Joker Malware Returns To Target Millions More Android Devices

Vulnerabilities

• You'll Want To Shut Down The Windows Print Spooler Service (Yes, Again): Another Privilege Escalation Bug Found

• Google Patches Chrome Zero-Day, Eighth One In 2021

• Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

• 16-Year-Old Security Bug Affects Millions Of HP, Samsung, Xerox Printers

• Fortinet Fixes Bug Letting Unauthenticated Hackers Run Code As Root

• Windows 10 Vulnerability Lets Anyone Get Administrator Privileges

• Researchers Discover Security Flaws In Telegram Encryption Protocol

• New Sequoia Bug Gives You Root Access On Most Linux Systems

• Microsoft Shares Workaround For Windows 10 SeriousSAM Vulnerability

• Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

Data Breaches

• Aruba Waited Months To Notify Customers Regarding A Recent Data Breach

• Data Breach Claimants Lose Bid For Anonymity In Court

• Oil Giant Saudi Aramco Hit By 1TB Data Breach

Organised Crime & Criminal Actors

• Botnet Operator Who Proxied Traffic For Other Cybercrime Groups Pleads Guilty

Supply Chain

• NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

DoS/DDoS

• DDoS: Google Has A New Tool To Defend Against Attacks Launched By Botnets

OT, ICS, IIoT and SCADA

• Industrial Networks Exposed Through Cloud-Based Operational Tech

Nation State Actors

• Iranian State Sponsored Hacking Attempts

• UK And Allies Hold Chinese State Responsible For Pervasive Pattern Of Hacking

• China Accused Of Cyber-Attack On Microsoft Exchange Servers

• Chinese Hacking Group APT31 Uses Mesh Of Home Routers To Disguise Attacks

• France Warns Of APT31 Cyber Spies Targeting French Organisations

• APT Hackers Distributed Android Trojan Via Syrian E-Government Portal

Cloud

• Why The Bank Of England Has Its Head In The Cloud Over Data Security

Privacy

• FT Editor Among 180 Journalists Identified By Clients Of Spyware Firm

• Revealed: leak uncovers global abuse of cyber surveillance weapon

Other News

• Is Open-Source Software Secure?

• Application Security Tools Ineffective Against New And Growing Threats

• Pegasus: What Is The Israeli Spyware And How Can You Tell If It’s On Your Phone?

• UK.Gov's Huawei Watchdog Says Firm Made 'No Overall Improvement' On Firmware Security But Won't Say Why

• DHS Releases New Mandatory Cyber Security Rules For Pipelines After Colonial Ransomware Attack

• 1 in 5 companies fail PCI compliance assessments of their infrastructure

• Biden Puts a $10M Bounty on Foreign Hackers

• MITRE updates list of top 25 most dangerous software bugs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

 84% Of Organisations Experienced Phishing Or Ransomware Attacks In The Last Year

A new report from Trend Micro has found that 84% of organisations have reported phishing or ransomware security incidents in the last 12 months.

The findings come from an Osterman Research study commissioned by Trend Micro that was compiled from interviews with cyber security professionals in midsize and large organisations nationwide. The research also found that half of organisations are not effective at countering phishing and ransomware threats.

https://www.itpro.co.uk/security/ransomware/360191/84-of-organizations-experienced-phishing-or-ransomware-attacks-in-last

Phishing continues to be one of the easiest paths for ransomware

Ransomware gangs are still using phishing as one of the main ways to attack an organisation, according to a new survey from Cloudian featuring the insights of 200 IT decision-makers who experienced a ransomware attack over the last two years.

More than half of all respondents have held anti-phishing training among employees, and 49% had perimeter defenses in place when they were attacked.

Nearly 25% of all survey respondents said their ransomware attacks started through phishing, and of those victims, 65% had conducted anti-phishing training sessions. For enterprises with fewer than 500 employees, 41% said their attacks started with phishing. About one-third of all victims said their public cloud was the entry point ransomware groups used to attack them.

https://www.zdnet.com/article/phishing-continues-to-be-one-of-the-easiest-paths-for-ransomware-report/

Ransomware: Only Half Of Organisations Can Effectively Defend Against Attacks, Warns Report

Around half of firms don't have the technology to prevent or detect ransomware attacks, according to research by cybersecurity company Trend Micro. It suggests that many organisations don't have the cybersecurity capabilities required to prevent ransomware attacks, such as the ability to detect phishing emails, remote desktop protocol (RDP) compromise or other common techniques deployed by cyber attackers during ransomware campaigns. 

For example, the report warns that many organisations struggle with detecting the suspicious activity associated with ransomware and attacks that could provide early evidence that cyber criminals have compromised the network. That includes failing to identify unusual lateral movement across corporate networks, or being able to spot unauthorised users gaining access to corporate data.

https://www.zdnet.com/article/ransomware-only-half-of-organisations-can-effectively-defend-against-attacks-warns-report/

MI5 Chief Warns Public Of Cyber-Threat From Hostile States Such As China & Russia

Head of Britain's MI5, Ken McCallum, is urging the public to be as vigilant about threats from "hostile states" as from terrorism.

These include disruptive cyber-attacks, misinformation, espionage and interference in politics - and are usually linked to Russia and China.

McCallum is warning that "less visible threats... have the potential to affect us all," affecting UK jobs and public services and could even lead to a loss of life.

The head of the Security Service wants to challenge the idea that activity by so-called "hostile states", usually taken to mean primarily Russia and China, only affects governments or certain institutions.

Instead, he is to argue in an annual threat update, that the British public are not immune to the "tentacles" of covert action by other states.

In the speech at MI5's Thames House headquarters, Mr McCallum will warn the "consequences range from frustration and inconvenience, through loss of livelihood, potentially up to loss of life".

https://eutoday.net/news/security-defence/2021/uk-mi5-chief-ken-mccallum-warns-public-of-cyber-threat-from-hostile-states-such-as-china-russia

Almost All Organisations Have Suffered Insider Data Breaches

Egress’ Insider Data Breach Survey 2021 claims that 94 percent of organisations have experienced insider data breaches in the last year. Human error was the top cause of serious incidents, according to 84 percent of IT leaders surveyed.

However, IT leaders are more concerned about malicious insiders, with 28 percent indicating that intentionally malicious behaviour is their biggest fear. Despite causing the most incidents, human error came bottom of the list, with just over one-fifth (21 percent) saying that it’s their biggest concern.

Additionally, almost three-quarters (74 percent) of organisations have been breached because of employees breaking security rules, and 73 percent have been the victim of phishing attacks.

The survey, independently conducted by Arlington Research on behalf of Egress, surveyed 500 IT leaders and 3,000 employees in the US and UK across vertical sectors including financial services, healthcare and legal.

https://workplaceinsight.net/almost-all-organisations-have-suffered-insider-data-breaches/

Cyber Crime Costs Organisations Nearly $1.79 Million Per Minute

Cybercrime costs organisations an incredible $1.79m every minute, according to RiskIQ’s 2021 Evil Internet Minute Report.

The study, which analysed the volume of malicious activity on the internet, laid bare the scale and damage of cyber-attacks in the past year, finding that 648 cyber-threats occurred every minute.

The researchers calculated that the average cost of a breach is $7.2 per minute, while the overall predicted cybersecurity spend is $280,060 every minute.

E-commerce has been heavily hit by online payment fraud in the past year, with cyber-criminals taking advantage of the shift to online shopping during the COVID-19 pandemic. While the e-commerce industry saw a record $861.1bn in sales, it lost $38,052 to online payment fraud every minute.

https://www.infosecurity-magazine.com/news/cybercrime-costs-orgs-per-minute/

Phishing, Ransomware Driving Wave of Data Breaches

Data compromises have increased every month this year except May.

If that trend continues, or even if there is only an average of 141 new compromises per month for the next six months, the total will still exceed the previous high of 1,632 breaches set in 2017.

These were among the findings of the nonprofit organization Identity Theft Resource Center’s (ITRC) latest data breach analysis report, which revealed publicly reported U.S. data breaches are up 38% in the second quarter of 2021, for a total of 491 compromises, compared to Q1.

https://securityboulevard.com/2021/07/phishing-ransomware-driving-wave-of-data-breaches/

Top CVEs Trending with Cybercriminals

An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in.

Criminal small talk in underground forums offer critical clues about which known Common Vulnerabilities and Exposures (CVEs) threat actors are most focused on. This, in turn, offers defenders clues on what to watch out for.

An analysis of such chatter, by Cognyte, examined 15 cybercrime forums between Jan. 2020 and March 2021. In its report, researchers highlight what CVEs are the most frequently mentioned and try to determine where attackers might strike next.

“Our findings revealed that there is no 100 percent correlation between the two parameters, since the top five CVEs that received the highest number of posts are not exactly the ones that were mentioned on the highest number of Dark Web forums examined,” the report said. “However, it is still enough to understand which CVEs were popular among threat actors on the Dark Web during the time examined.”

https://threatpost.com/top-cves-trending-with-cybercriminals/167889/

Sonicwall Releases Urgent Notice About 'Imminent' Ransomware Targeting Firmware

Networking device maker SonicWall sent out an urgent notice to its customers about "an imminent ransomware campaign using stolen credentials" that is targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware.

In addition to the notice posted to its website, SonicWall sent an email to anyone using SMA and SRA devices, urging some to disconnect their devices immediately. They worked with Mandiant and other security companies on the issue, according to the release.

https://www.zdnet.com/article/sonicwall-releases-urgent-notice-about-imminent-ransomware-targeting-firmware/

Google Finds Zero-Day Security Flaws In All Your Favourite Browsers

Researchers at Google have shared insight into four zero-day security vulnerabilities in popular web browsers which were exploited in the wild earlier this year.

DIscovered by Google's Threat Analysis Group (TAG), the four vulnerabilities in Google Chrome, Internet Explorer, and WebKit, the browser engine used by Apple's Safari, were used as a part of three different campaigns.

https://www.techradar.com/news/google-finds-zero-day-security-flaws-in-all-your-favorite-browsers

Threats

Ransomware

• Ransomware attackers are growing bolder and using new extortion methods

• REvil ransomware gang's websites vanish soon after Kaseya fiasco, Uncle Sam threatens retaliation

• What it's really like to negotiate with ransomware attackers

• Holding The World To Ransom: Top 5 Online Gangs

• Ransomware demands are digital extortion: don’t pay

• Ransomware recovery: Plan for it now

• Ransomware shows the power and weakness of the web

• This ransomware gang hunts for evidence of crime to pressure victims into paying a ransom

• HelloKitty ransomware now targets VMware ESXi servers

BEC

• Business email compromise (BEC) attacks take phishing to the next level

Phishing

• Kaseya warns of phishing campaign pushing fake security updates

• Phishing, Ransomware Driving Wave of Data Breaches

Other Social Engineering

• Social Engineering Tactics Behind Ransomware

• Propaganda as a Social Engineering Tool

Malware

• Trickbot Malware Rebounds with Virtual-Desktop Espionage Module

• Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites

Mobile

• iOS zero-day let SolarWinds hackers compromise fully updated iPhones

Vulnerabilities

• Microsoft July 2021 Patch Tuesday: 117 vulnerabilities, Pwn2Own Exchange Server bug fixed

• SonicWall vulnerability allows attackers to obtain full control of device and underlying OS

• Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability

• So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into

• Serious Security Vulnerability Hits DrayTek’s UK Fibre Routers

• Kaseya issues patch for on-premise customers, SaaS rollout underway

Data Breaches

• Morgan Stanley suffered data breach of customers after supply chain hack

• Fashion retailer Guess discloses data breach after ransomware attack

• Insurance giant CNA reports data breach after ransomware attack

Organised Crime & Criminal Actors

• SolarWinds 0-day gave Chinese hackers privileged access to customer servers

• Magecart hackers hide stolen credit card data into images and bogus CSS files

Cryptocurrency/Cryptojacking

• Does cyber crime impact crypto currency prices? Researchers find out

Insider Threats

• New Code42 Study Reveals Significant Impact of Insider Risk

Dark Web

• Feds: Dark web operator sought to sell inside information

Supply Chain

• UK food supply chain vulnerable to cyber-attack, expert warns

OT, ICS, IIoT and SCADA

• Vulnerability in Schneider Electric PLCs allows for undetectable remote takeover

• Unpatched Critical RCE Bug Allows Industrial, Utility Takeovers

Nation State Actors

• Fake Zoom App Dropped by New APT ‘Luminous Moth’

• These Iranian hackers posed as academics in a bid to steal email passwords

Privacy

• Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

User Education, Awareness and Training

• Without training one in three users fall for phishing scams 

Other News

Kaseya's Staff Sounded the Alarm About Security Flaws for Years Before Ransomware Attack

Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware

Endpoint Detection (alone) won’t protect your organisation from advanced hacking groups

Kaseya hack proves we need better cyber metrics

Instagram's Security Checkup will help users secure their accounts after a hack

79% of organisations identify threat modelling as a top priority in 2021

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Hackers Demand $70 Million To End Biggest Ransomware Attack On Record

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers. REvil was demanding ransoms of up to $5 million, the researchers said. But late Sunday it offered in a posting on its dark web site a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in crypto currency.

https://www.cbsnews.com/news/ransomware-attack-revil-hackers-demand-70-million/

Zero Day Malware Reached An All-Time High Of 74% In Q1 2021

74% of threats detected in Q1 2021 were zero day malware – or those for which a signature-based antivirus solution did not detect at the time of the malware release – capable of circumventing conventional antivirus solutions. The report also covers new threat intelligence on rising network attack rates, how attackers are trying to disguise and repurpose old exploits, the quarter’s top malware attacks, and more.

https://www.helpnetsecurity.com/2021/06/29/zero-day-malware-q1-2021/

New Trojan Malware Steals Millions Of Login Credentials

There is a new custom Trojan-type malware that managed to infiltrate over three million Windows computers and steal nearly 26 million login credentials for about a million websites. The findings suggest that the Trojan classifies the websites into a dozen categories, which include virtually all popular email services, social media platforms, file storage and sharing services, ecommerce platforms, financial platforms, and more. In all, the unnamed malware managed to siphon away 1.2 terabytes of personal data including over a million unique email addresses, over two billion cookies, and more than six million other files.

https://www.techradar.com/news/malware-steals-millions-of-login-credentials-for-popular-websites

Ransomware As A Service: Negotiators Are Now In High Demand

The Ransomware-as-a-Service (RaaS) ecosystem is evolving into something akin to a corporate structure, with new openings available for "negotiators" -- a role focused on extorting victims to pay a ransom. A study in RaaS trends has recently come out saying that one-man-band operations have almost "completely dissolved" due to the lucrative nature of the criminal ransomware business. Showing the potential financial gains squeezed from companies desperate to unlock their systems have given rise to specialists in cyber crime and extortion and have also led to a high demand for individuals to take over the negotiation part of an attack chain.

https://www.zdnet.com/article/ransomware-as-a-service-negotiators-between-hackers-and-victims-are-now-in-high-demand/

MacOS Targeted In WildPressure APT Malware Campaign

Recently, threat actors known as WildPressure have added a MacOS malware variant to their latest campaign targeting energy sector businesses, while enlisting compromised WordPress websites to carry out attacks. Furthermore, known novel malware, initially identified in March 2020 and dubbed Milum, has now been retooled with a PyInstaller bundle containing a trojan dropper compatible with Windows and MacOS systems, according to researchers. Compromised endpoints allow the advanced persistent threat (APT) group to download and upload files and executing commands.

https://threatpost.com/macos-wildpressure-apt/167606/

The Cost Of Cyber Insurance Increased 32% Last Year And Shows No Signs Of Easing

The cost of insurance to protect businesses and organisations against the ever-increasing threat of cyber crimes has soared by a third in the last year. Also adding that global cyber insurance pricing has increased by an average of 32 percent in the year to June. Not only are premiums going through the roof, insurers are also attaching more strings to their policies, demanding ever more assurances that firms taking out cover have the necessary systems and processes in place to prevent a cyber mishap. Previous research also suggests that the upward squeeze on premiums shows no sign of easing, which, in turn, is putting more strain on the sector.

https://www.theregister.com/2021/07/05/cyber_insurance_report/

Critical Flaws In Windows Print Spooler Service Could Allow For Remote Attacks

Administrators are urged to apply the latest patches from Microsoft and disable the Windows Print spooler service in domain controllers and systems not used for printing. This is because Microsoft is currently grappling with a couple of security holes in its Windows Print spooler service that could allow attackers to remotely control an affected system. Anyone able to exploit the more recent vulnerability of the two would be able to run code on the compromised computer with full system privileges. That attacker could then install software, modify data and create new user accounts.

https://www.techrepublic.com/article/critical-flaws-in-windows-print-spooler-service-could-allow-for-remote-attacks/

End Users In The Dark About Latest Cyber Threats, Attacks

According to a recent survey, which polled consumers and end users, high-profile incidents such as the ransomware attack on Colonial Pipeline Co. and the breach of a Florida city's water utilities were either overlooked or ignored by many outside the IT and information security fields. As a result, the responsibility for keeping users informed and aware of the need for heightened security appears to fall on administrators and IT staff.

https://searchsecurity.techtarget.com/news/252503223/End-users-in-the-dark-about-latest-cyber-threats-attacks

British Airways Settles Over Record Claim For Data Breach

British Airways has settled what is thought to be the biggest claim for a data breach in British legal history, involving 16,000 victims. However, the amount was not disclosed. When The breach took place three years ago, multiple data sources and customer data was leaked, including the leakage of names, addresses and card payment details which affected 420,000 customers and staff. As a result, in 2019 the Information Commissioner’s Office hit BA with its largest ever fine at £20 million.

https://www.thetimes.co.uk/article/british-airways-settles-over-record-claim-for-data-breach-g0f63dnst

Hackers On Loose As 9,000 Data Leaks A Year Recorded

Public bodies and the private sector suffered nearly 9,000 data security incidents in 12 months with sensitive and private information hacked, lost or accidentally given to the wrong people. This Data was seen to lists more than 500 organisations hit by ransomware attacks and a further 562 incidents of hacking. There was also a total of 8,815 data security incidents in 2020/21 with the most breaches in the health and education sectors. Furthermore, over the past three years, police forces across England and Wales suffered an average eight breaches a week. Even security experts announced that these figures were “alarming” and that the public would be “disturbed” to learn how often important information/data was being lost.

https://www.thetimes.co.uk/article/hackers-9000-data-leaks-recorded-cyber-crime-56nvs7t6w

Threats

Ransomware

• Ransomware Demands Are Digital Extortion: Don’t Pay

• Trickbot Cyber Crime Group Linked To New Diavol Ransomware

• Swedish Coop Supermarkets Shut Due To US Ransomware Cyber Attack

• Ransomware-Hit Law Firm Gets Court Order Asking Crooks Not To Publish The Data They Stole

• The Rise And Rise Of Ransomware As A Service

• This Crowd Sourced Ransomware Payment Tracker Shows How Much Cyber Criminals Have Heisted

• Ransomware: US Warns Russia To Take Action After Latest Attacks

• Kaseya Says Up To 1,500 Businesses Compromised In Massive Ransomware Attack

Phishing

• Attackers Use ‘Offensive AI’ To Create Deepfakes For Phishing Campaigns

Malware

• Microsoft Office Users Face Malware-Protection Bypass

• TrickBot Spruces Up Its Banking Trojan Module

• WildPressure APT Emerges With New Malware Targeting Windows and MacOS

• Fake Kaseya VSA Security Update Drops Cobalt Strike

Vulnerabilities

• Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability

• Microsoft Warns Of Critical PowerShell 7 Code Execution Vulnerability

• Another 0-Day Looms For Many Western Digital Users

• Researchers Briefly Posted PoC For Windows Print Spooler RCE Flaw

• Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted

• SonicWall Addresses Critical CVE-2021-20026 Flaw In NSM Devices

• Kaseya Left Customer Portal Vulnerable To 2015 Flaw In Its Own Software

• Morgan Stanley Announces Breach Of Customer SSNs Through Accellion FTA Vulnerability

Data Breaches

• Hacker Obtains Data On Thousands Of VPN Users

• US Insurance Giant AJG Reports Data Breach After Ransomware Attack

• Thousands Of Patients Hit By NHS Data Breaches

Organised Crime & Criminal Actors

• UK, US Agencies Warn Of Large-Scale Brute-Force Attacks Carried Out By Russian APT

• Moroccan Hacker Dr Hex Arrested For Phishing Attacks, Malware Distribution

• Operation Lyrebird: Group-IB Assists INTERPOL In Identifying Suspect Behind Numerous Cyber Crimes Worldwide

Supply Chain

• Kaseya Supply Chain Attack Hits Nearly 40 Service Providers With REvil Ransomware

OT, ICS, IIoT and SCADA

• Oil & Gas Targeted in Year-Long Cyber Espionage Campaign

Nation State Actors

• SolarWinds Hackers Breached RNC Via Synnex In New Attack: Report

• Lazarus gang targets engineers with job offers using poisoned emails (tripwire.com)

Cloud

• Enterprise Hybrid and Multicloud Security Attack Surface Grows

• Public Cloud Security 'Just Barely Adequate,' Experts Say

Privacy

• A New ‘Digital Violence’ Platform Maps Dozens Of Victims Of NSO Group’s Spyware

• Audio Editor Audacity Denies Spyware Accusation

Other News

• IT Manager Who Swindled Essex Hospital Trust Out Of £800k Gets 5 Years In Prison

• US Companies Hit By 'Colossal' Cyber Attack

• Watch Out Gamers, Hackers Have You In Their Crosshairs

• Website Of Mongolian Certificate Authority Served Backdoored Client Installer

• Security Problems Worsen As Enterprises Build Hybrid And Multiloud Systems

• Report Shines Light On Revil's Depressingly Simple Tactics: Phishing, Credential Stuffing RDP Servers... The Usual

• Leaked infrastructure code, credentials and keys costing orgs an average of $1.2 million per year

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Russian Hackers Target IT Supply Chain In Ransomware Attack Leading To Hundreds Of Firms Being Hit

Hackers began a ransomware attack on Friday, hitting at least 200 companies, according to cyber security researchers. 

In what appears to be one of the largest supply chain attacks to date, hackers compromised Kaseya, an IT management software supplier, in order to spread ransomware to the managed service providers that use its technology, as well as to their clients in turn. 

The attacks have been attributed t=to REvil, the notorious Russia-linked ransomware cartel that the FBI claimed was behind recent crippling attack on beef supplier JBS. 

The attack is the latest example of hackers weaponising the IT supply chain in order to attack victims at scale, by breaching just one provider. Last year, it emerged that Russian state-backed hackers had hijacked the SolarWinds IT software group in order to penetrate the email networks of US federal agencies and corporations, for example. 

Late on Friday, Kaseya urged those using the compromised “VSA server” tool, which provides remote monitoring and patching capabilities, to shut it down immediately. 

https://www.ft.com/content/a8e7c9a2-5819-424f-b087-c6f2e8f0c7a1

71% Of Organisations Experienced BEC Attacks Over The Past Year

Business email compromise (BEC) attacks are one of the most financially damaging cyber crimes and have been on the rise over the past year. This is according to a new report which revealed that spoofed email accounts or websites accounted for the highest number of BEC attack as 71% of organisations acknowledged they had seen one over the past year. This is followed by spear phishing (69%) and malware (24%). Data from 270 IT and cyber security professionals were collected to identify the latest enterprise adoption trends, gaps and solution preferences related to phishing attacks.

https://www.helpnetsecurity.com/2021/06/25/bec-attacks-past-year/

Cyber Insurance Isn't Helping With Cyber Security, And It Might Be Making The Ransomware Crisis Worse, Say Researchers

Cyber insurance is designed to protect organisations against the fallout of cyber attacks, including covering the financial costs of dealing with incidents. However, some critics argue that insurance encourages ransomware victims to simply pay the ransom demand that will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it's the customer that makes any decision to pay the ransom, not the insurer.

https://www.zdnet.com/article/ransomware-has-become-anc`-existential-threat-that-means-cyber-insurance-is-about-to-change/

LinkedIn Breach Reportedly Exposes Data Of 92% Of Users, Including Inferred Salaries

A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. The hacker who obtained the data has posted a sample of 1M records, and checks confirm that the data is both genuine and up to date. No passwords are included, but as the site notes, this is still valuable data that can be used for identity theft and convincing-looking phishing attempts that can themselves be used to obtain login credentials for LinkedIn and other sites. https://9to5mac.com/2021/06/29/linkedin-breach/

Users Clueless About Cyber Security Risks

Organisations are facing yet another unprecedented threat to their cyber security now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new survey shows the mountains of work ahead for security teams in not just locking down their organisations’ systems but also in keeping users from getting duped into handing over the keys to the kingdom. 2,000 end users were surveyed in the U.S. and found the dangers to critical infrastructure, utilities and food supplies are not sinking in with the public, despite the deluge of headlines.

https://threatpost.com/users-clueless-cybersecurity-risks-study/167404/

Ransomware: Paying Up Won't Stop You From Getting Hit Again, Says Cyber Security Chief

Ireland's Health Service Executive (HSE) has been praised for its response after falling victim to a major ransomware attack and for not giving into cyber criminals and paying a ransom. HSE was hit with Conti ransomware in May, significantly impacting frontline health services. The attackers initially demanded a ransom of $20 million in bitcoin for the decryption key to restore the network. While the gang eventually handed over a decryption key without receiving a ransom, they still published stolen patient data – a common technique by ransomware attackers, designed to pressure victims into paying.

https://www.zdnet.com/article/ransomware-paying-up-wont-stop-you-from-getting-hit-again-says-cybersecurity-chief/

Don’t Leave Your Cyber IR Plan To IT, It’s An Organisational Risk

Phishing attacks, insider threats, denial of service disruptions, malware and ransomware — cyber security incidents like these happen on a daily basis. For most of these incidents, the onsite IT team will remediate based on a pre-developed plan and process. And for many of these incidents, that’s a solid approach. But those incident response plans and strategies are IT oriented and geared toward short-term fixes and single incident responses. Meaning, if an incident accelerates beyond a handful of infected laptops or a compromised server and begins to affect operations of all or even part of the organisation, business itself can be disrupted — or even shut down entirely.

https://securityintelligence.com/posts/incident-response-vs-cyber-crisis-management-plan/

Cyber Crime Never Sleeps

When the Colonial Pipeline fell victim to a ransomware attack, people across the United States were shocked to find that a single episode of cyber crime could lead to widespread delays, gas shortages and soaring prices at the pump. But disruptive ransomware attacks like these are far from rare; in fact, they are becoming more and more frequent. Cyber crime is on the rise, and our cyber security infrastructure desperately needs to keep up. A quick look at the data from the last year confirms that cyber crime is a growing threat. Identity theft doubled in 2020 over 2019.

https://www.newsweek.com/cybercrime-never-sleeps-opinion-1603901

IT, Healthcare And Manufacturing Facing Most Phishing Attacks

Researchers examined more than 905 million emails for the H1 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. Researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked.

https://www.zdnet.com/article/it-healthcare-and-manufacturing-facing-most-phishing-attacks-report/

Classified Ministry Of Defence Documents Found At Bus Stop

Classified Ministry of Defence documents containing details about HMS Defender and the British military have been found at a bus stop in Kent. One set of documents discusses the likely Russian reaction to the ship's passage through Ukrainian waters off the Crimea coast on Wednesday. Another details plans for a possible UK military presence in Afghanistan after the US-led NATO operation there ends. The government said an investigation had been launched.

https://www.bbc.co.uk/news/uk-57624942

Cabinet Office Increases Cyber Security Training Budget By Almost 500%

The UK’s Cabinet Office increased its cyber security training budget to £274,142.85 in the fiscal year 2021 – a 483% increase from the £47,018 spent in the previous year. In its FOI response, the Cabinet Office detailed the cyber security courses attended by its staff, revealing that the number of booked courses grew from 35 in 2019-20 to 428 in the current fiscal year.

https://www.itpro.co.uk/security/cyber-security/360039/cabinet-office-increases-cyber-spending-by-almost-500-amid-cctv

Threats

Ransomware

• Ransomware Funds More Ransomware, So How Do We Stop It?

• Cyber Security Chief Warns ‘Ransomware As A Service’ Scam

• New Ransomware Group Hive Leaks Altus Group Sample Files

• Increase In Ransomware Attacks ‘Absolutely Aligns’ With Rise Of Crypto, FireEye CEO Says

• Ransomware Gangs Now Creating Websites To Recruit Affiliates

• New Ransomware Highlights Widespread Adoption Of Golang Language By Cyber Attackers

• $12 Billion Government Contractor Booz Allen Facilitates Ransomware Payments—Even Though The FBI Says Never Pay

• Ransomware: A Thriving Business

• This Major Ransomware Attack Was Foiled At The Last Minute. Here's How They Spotted It

• Babuk Ransomware Builder Mysteriously Appears In VirusTotal

• Using VMs To Hide Ransomware Attacks Is Becoming More Popular

Phishing

• Phishing Most Common Cyber Incident Faced By SMEs

• HMRC-Branded Phishing Scams Up 87% In A Year

Malware

• Microsoft Admits To Signing Rootkit Malware In Supply-Chain Fiasco

• The 'ChaChi' Trojan Is Helping A Ransomware Gang Target Schools

• Indexsinas SMB Worm Campaign Infests Whole Enterprises

Mobile

• Carrier Suspected Of Injecting Ads Into Two-Factor SMS Messages

IoT

• Homes Filled With Smart Devices Could Be Exposed To Thousands Of Hacking Attacks In A Week

Data Breaches

• Tulsa Police Say 18,000 Files Are Leaked After Conti Ransomware Hack

Organised Crime & Criminal Actors

• Cobalt Strike Usage Explodes Among Cybercrooks

• FIN7 ‘Pen Tester’ Headed To Jail Amid $1B In Payment-Card Losses

 Cryptocurrency/Cryptojacking

• Hackers Crack Pirated Games With Crypto Jacking Malware

• Crackonosh Malware Abuses Windows Safe Mode To Quietly Mine For Crypto Currency

OT, ICS, IIoT and SCADA

• USB Threats Could Critically Impact Business Operations

Nation State Actors

• Russian Hackers Had Months-Long Access To Denmark's Central Bank

• Russian Hackers Are Trying To Brute-Force Hundreds Of Networks

• US And UK Agencies Accuse Russia Of Political Cyber Campaign

Cloud

• Cloud Security Is Still A Work In Progress

• 50% Of CISOs Say The Push For Rapid Growth And Digital Transformation Stalls Cloud Security

Privacy

• Data Collected To Promote Public Health Must Never Be Surrendered To Police

Vulnerabilities

• Microsoft Finds Netgear Router Bugs Enabling Corporate Breaches

• Cisco ASA Bug Now Actively Exploited As PoC Drops

• June 2021 Quarterly Exchange Updates

• Exploitable Critical RCE Vulnerability Allows Regular Users To Fully Compromise Active Directory

• Critical VMware Carbon Black Bug Allows Authentication Bypass

• My Book Live Users Wake Up To Wiped Devices, Active RCE Attacks

• Flaws In FortiWeb WAF Expose Fortinet Devices To Remote Hack

• NFC Flaws Let Researchers Hack ATMs By Waving A Phone

• 5G Security Vulnerabilities Fluster Mobile Operators

• Hackers Exploited 0-Day, Not 2018 Bug, To Mass-Wipe My Book Live Devices

• A Second Exploit Has Emerged In The Sad WD My Book Live Data Deletion Saga

• Microsoft Adds Second CVE For PrintNightmare Remote Code Execution

• Zyxel Says A Threat Actor Is Targeting Its Enterprise Firewall And VPN Devices

Other News

• Microsoft Says SolarWinds Hacking Group Has Breached Three New Victims

• Cyber Security Study: SolarWinds Attack Cost Affected Companies An Average Of $12 Million

• EA Ignored Domain Vulnerabilities For Months Despite Warnings And Breaches

• Hackney Blames A Cyber Attack For Not Issuing Council Tax Refund

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

BEC Losses Top $1.8B As Tactics Evolve

Business email compromise (BEC) attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organisations with these types of attacks last year alone — and things are getting worse. BEC attacks are carried out by cyber criminals either impersonating someone inside an organisation, or masquerading as a partner or vendor, bent on financial scamming. A new report from Cisco’s Talos Intelligence examined the tactics of some of the most dangerous BEC attacks observed in the wild in 2020 and reminded the security community that in addition to technology, smart users armed with a healthy scepticism of outside communications and the right questions to ask are the best line of defence. “The reality is, these types of emails and requests happen legitimately all over the world every day, which is what makes this such a challenge to stop,” the report said.

https://threatpost.com/bec-losses-top-18b/167148/

30M Dell Devices At Risk For Remote BIOS Attacks, Remote Code Execution

A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide. According to analysis the bugs affect 129 models of laptops, tablet, and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.

https://threatpost.com/dell-bios-attacks-rce/167195/

Bad Employee Behaviours Picked Up During Remote Working Pose Serious Security Risks in the New Hybrid Workplace

Most employers are wary that the post-pandemic hybrid workforce would bring bad cyber security behaviours. More than half (56%) of employers believed that employees had picked bad security practices while working remotely. Similarly, nearly two-fifths (39%) of employees also admitted that their employee behaviours differed significantly while working from home compared to the office. Additionally, nearly a third (36%) admitted discovering ‘workarounds’ since they started working remotely. Younger workers were more prone to these bad employee behaviours, with 51% of 16-24, 46% of 25-34, and 35% of 35-44-year-olds using ‘workarounds.’ Close to half (49%) of workers adopted the risky behaviour because they felt that they were not being watched by IT departments. Nearly a third (30%) said they felt that they could get away with the risky employee behaviours while working away from the office.

https://www.cpomagazine.com/cyber-security/bad-employee-behaviors-picked-up-during-remote-working-pose-serious-security-risks-in-the-new-hybrid-workplace/

7 Ways Technical Debt Increases Security Risk

Two in three CISOs believe that technical debt, the difference between what's needed in a project and what's finally deployed, to be a significant cause of security vulnerability, according to the 2021 Voice of the CISO report. Most technical debt is created by taking shortcuts while placing crucial aspects such as architecture, code quality, performance, usability, and, ultimately, security on hold. Many large organisations are carrying tens or hundreds of thousands of discovered but un-remediated risks in their vulnerability management systems,. In many sectors there's this insidious idea that underfunded security efforts, plus risk management, are almost as good as actually doing the security work required, which is dangerously wrong.

https://www.csoonline.com/article/3621754/7-ways-technical-debt-increases-security-risk.html

Organisations Ill-Equipped To Deal With Growing BYOD Security Threats

A report shows the rapid adoption of unmanaged personal devices connecting to work-related resources (aka BYOD) and why organisations are ill-equipped to deal with growing security threats such as malware and data theft. The study surveyed hundreds of cyber security professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced using personal mobile devices. The insights in this report are especially relevant as more enterprises are shifting to permanent remote work or hybrid work models, connecting more devices to corporate networks and, as a result, expanding the attack surface.

https://www.helpnetsecurity.com/2021/06/17/byod-security/

Firewall Manufacturer SonicWall Sees 226.3 Million Ransomware Attack Attempts This Year

Firewall manufacturer SonicWall said it saw dramatic increases in almost every market, even in those such as the US and UK, where ransomware attacks were already common. The US saw a 149% spike, and the UK 69%. “The bombardment of ransomware attacks is forcing organisations into a constant state of defence rather than an offensive stance,” said the SonicWall CEO. “And as the tidal wave of ransomware attacks continues to crush company after company, there is a lot of speculation on how to keep individual organisations safe, but no real consensus on how to move forward when it comes to combating ransomware.

https://www.computerweekly.com/news/252502854/SonicWall-sees-2263-million-ransomware-attack-attempts-this-year

Ransomware Criminals Look To Other Hackers To Provide Them With Network Access

According to a new report, cyber criminals distributing ransomware are increasingly turning to other hackers to buy access into corporate networks.

Researchers said a robust and lucrative criminal ecosystem exists where criminals work together to carry out ransomware attacks. In this ecosystem, ransomware operators buy access from independent cyber criminal groups who infiltrate major targets for part of the ransom proceeds.

Cyber criminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network said researchers.

https://www.itpro.co.uk/security/ransomware/359919/ransomware-criminals-look-to-other-hackers-to-provide-them-with-network

5 Biggest Healthcare Security Threats For 2021

Cyber Attacks targeting the healthcare sector have surged because of the COVID-19 pandemic and the resulting rush to enable remote delivery of healthcare services. Security vendors and researchers tracking the industry have reported a major increase in phishing attacks, ransomware, web application attacks, and other threats targeting healthcare providers. The trend has put enormous strain on healthcare security organisations that already had their hands full dealing with the usual volume of threats before the pandemic. “The healthcare industry is under siege from a range of complex security risks," says Terry Ray. Cyber Criminals are hunting for the sensitive and valuable data that healthcare has access to, both patient data and corporate data, he says. Many organisations are struggling to meet the challenge because they are under-resourced and rely on vulnerable systems, third-party applications, and APIs to deliver services.

https://www.csoonline.com/article/3262187/biggest-healthcare-security-threats.html

Threats

Ransomware

• What’s Making Your Company A Ransomware Sitting Duck

• Have We Reached Peak Ransomware? How The Internet's Biggest Security Problem Has Grown And What Happens Next

• Ransomware: Now Gangs Are Using Virtual Machines To Disguise Their Attacks

• Ransomware Gangs Get Paid Off As Officials Struggle For Fix

• Clop Ransomware Gang Doxes Two New Victims Days After Police Raids

• Wormable Bash DarkRadiation Ransomware Targets Linux Distros And Docker Containers

• Faux ‘DarkSide’ Gang Takes Aim At Global Energy, Food Sectors

• A Deep Dive Into The Operations Of The LockBIT Ransomware Group

• Fashion titan French Connection Says 'FCUK' Ss REvil-Linked Ransomware Makes Off With Data

BEC

• 71% Of Organisations Experienced BEC Attacks Over The Past Year

Phishing

• Phishing Attack's Unusual File Attachment Is A Double-Edged Sword

• Man Arrested After 26,000 'Phishing' Text Messages Sent Out In A Single Day

Other Social Engineering

• FIN7 Scammers Posed As Sec Officials, Sick Restaurant Customers To Hack Victims

Malware

• 50% Of Misconfigured Containers Hit By Botnets In Under An Hour

• Spam Downpour Drips New IcedID Banking Trojan Variant

• Dirtymoe Malware Has Infected More Than 100,000 Windows Systems

Mobile

• Flubot Seeks To Steal Financial Data On Android Phones

• 76% Of IT Decision Makers More Vulnerable To Mobile Attacks Than Just A Year Ago

Vulnerabilities

• Email Bug Allows Message Snooping, Credential Theft

• Google Confirms 7th Chrome ‘Zero Day’ Vulnerability, Upgrade Now

• Linux Marketplaces Vulnerable To RCE And Supply Chain Attacks

• Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

• Google Docs Is Being Weaponized By Hackers

• Sonicwall Bug Affecting 800k Firewalls Was Only Partially Fixed

• Hackers Are Using Unknown User Accounts To Target Zyxel Firewalls And VPNs

• SonicWall ‘Botches’ October Patch For VPN Bug

• Lexmark Printers Open To Arbitrary Code-Execution Zero-Day

• Misconfigurations In Most Active Directory Environments Create Serious Security Holes, Researchers Find

Data Breaches

• Tulsa’s Police-Citation Data Leaked By Conti Gang

• Cl0p Ransomware Group Dumps New Tranche Of Stolen Data

• Carnival Cruise Cyber-Torpedoed By Cyber Attack

Cryptocurrency

• Monero Emerges As Crypto Of Choice For Cyber Criminals

• Hackers Crack Pirated Games with Cryptojacking Malware

Dark Web

• Law Enforcement Secretly Ran Part Of The Dark Web, Again

OT, ICS, IIoT and SCADA

• Hackers Tried To Poison California Water Supply In Major Cyber Attack

Nation State Actors

• Cyber Attacks Are Primary Funding Source For North Korea

• The Lazarus Heist: How North Korea Almost Pulled Off A Billion-Dollar Hack

• South Korea's Nuclear Research Agency Hacked Using VPN Flaw

• Cyber Espionage By Chinese Hackers In Neighbouring Nations Is On The Rise

• Cyber Attack On Polish Government Officials Linked To Russian Hackers

Cloud

• NATO's Cloud Platform Has Been Hacked

Privacy

• I spy: are smart doorbells creating a global surveillance network?

• EU Data Protection Authorities Call For Ban On Facial Recognition

• All The Ways Amazon Tracks You And How To Stop It

Other News

• IT Leaders Say Cyber Security Funding Being Wasted On Remote Work Support

• Hackers Are Trying To Attack Big Companies. Small Suppliers Are The Weakest Link

• Only 7% Of Security Leaders Are Reporting To The CEO

• APNIC Left A Dump From Its WhoIS SQL Database In A Public Google Cloud bucket

• Average Time To Fix Critical Cyber Security Vulnerabilities Is 205 Days

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Now Ranks As UK’s Top Cyber Security Danger

Ransomware hackers are now the biggest cyber security threat in the UK for the majority of individuals and businesses in the region, Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC), said in a speech. “For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,” Cameron said in the speech at the second annual cyber security meeting at the Royal United Services Institute (RUSI), the oldest independent defense and security think tank worldwide.

https://www.pymnts.com/news/security-and-risk/2021/ransomware-now-ranks-as-uks-top-cybersecurity-danger/

54% of all employees reuse passwords across multiple work accounts

Results of a study into current attitudes and adaptability to at-home corporate cyber security, employee training, and support in the current global hybrid working era revealed some interesting results. The report surveyed 3,006 employees, business owners, and C-suite executives at large organisations (250+ employees), who have worked from home and use work issued devices in the UK, France and Germany.

According to the findings 54% of all employees use the same passwords across multiple work accounts. 22% of respondents still keep track of passwords by writing them down, including 41% of business owners and 32% of C-level executives.

42% of respondents admit to using work-issued devices for personal reasons daily while working from home. Of these, 29% are using work devices for banking and shopping, and 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with 23% of business owners and 15% of C-level respondents using them for illegal streaming/watching TV.

A year after the pandemic began and work-from-home policies were implemented, 37% of all employees across all sectors are yet to receive cyber security training to work from home, leaving businesses largely exposed to evolving risks. 43% of all employees suggest that cyber security isn’t the responsibility of the workforce, with 60% believing this should be handled by IT teams.

https://www.helpnetsecurity.com/2021/06/10/employees-reuse-passwords-across-multiple-work-accounts/

VPN Attacks Up Nearly 2000% As Companies Embrace A Hybrid Workplace

In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware. “2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organisations, which is what we started to see in Q1 and are continuing to see today.”

https://www.helpnetsecurity.com/2021/06/15/vpn-attacks-up/

Most Firms Face Second Ransomware Attack After Paying Off First

Most businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack. And almost half of those that pay up say some or all their data retrieved were corrupted. Some 80% of organisations that paid ransom demands experienced a second attack, of which 46% believed the subsequent ransomware to be caused by the same hackers. Amongst those that paid to regain access to their systems, 46% said at least some of their data was corrupted, according to a survey released Wednesday. The study polled 1,263 security professionals in seven markets worldwide, including 100 in Singapore, as well as respondents in Germany, France, the US, and UK.

https://www.zdnet.com/article/most-firms-face-second-ransomware-attack-after-paying-off-first/

Over 65,000 Ransomware Attacks Expected In 2021: Former Cisco CEO

U.S. companies are expected to endure over 65,000 ransomware attacks this year — and that's “a conservative number,” according to John Chambers, former CEO of Cisco Systems. With McDonald’s, JBS, and Colonial Pipeline Co. all recently coming under cyber attacks, Chambers does not foresee an end to the onslaught of cyber security threats anytime soon. He estimated that the number of ransomware attacks in 2021 could end up being as high as 100,000, with each one costing companies an average of $170,000. In the case of Colonial, just one password was needed for hackers to compromise the entire company’s IT infrastructure. This led to Colonial and JBS paying a combined $15 million in ransom against FBI advice.

https://finance.yahoo.com/news/over-65000-ransomware-attacks-expected-in-2021-former-cisco-ceo-125100793.html

Business Leaders Now Feel More Vulnerable To Cyber Attacks

Geographically speaking, 55% of US and 49% of UK respondents have experienced the most severe impact to their network security due to these attacks (suggesting that their businesses are more of a target than those in continental Europe) which, in turn, has resulted in a clear majority of respondents (60%) increasing their investment in this area. A sizeable 68% of leaders said their company has experienced a DDoS attack in the last 12 months with the UK (76%) and the US (73%) experiencing a significantly higher proportion compared to 59% of their German and 56% French counterparts. Additionally, over half of the leaders who participated in the survey confirmed that they specifically experienced a DDoS ransom or extortion attack in that time, with a large number of them (65%) targeted at UK companies, compared with the relatively low number in France (38%).

https://www.helpnetsecurity.com/2021/06/14/business-leaders-feel-vulnerable-cyber-attacks/

Ransomware Gang Turns To Revenge Porn

At least one ransomware gang has taken a rare and highly invasive step in order to convince its victims to pay: leaking nude images allegedly uncovered as part of their hack of a target company. The news presents an escalation in the world of ransomware and digital extortion, and comes as the U.S. government and other countries discuss new measures to curb the spike in ransomware incidents. Ransomware groups have recently targeted, and in some cases extracted payment from, the Colonial Pipeline Company, meat producer JBS, and the Irish healthcare system. Locking down computers with ransomware can already have a substantial impact on business operations; leaking information on top of that can present victims with another risk. But posting nude images publicly on the internet threatens to make extortion of organisations a much more personal matter.

https://www.vice.com/en/article/z3xzby/ransomware-gang-revenge-porn-leaks-nude-images

Bank Of America Spends Over $1 Billion Per Year On Cyber Security

Bank of America CEO Brian Moynihan said Monday that the company has ramped its cyber security spending to over $1 billion a year. “I became CEO 11 and a half years ago, and we probably spent three to $400 million [per year] and we’re up over a billion now,” Moynihan said on CNBC’s “Squawk Box.” “The institutions around us, other institutions and my peers, spend like amounts, and our contracting parties spend like amounts,” he added. “In other words, we cause spending in third parties that provide services to us to protect us in the same way. So there’s a lot of money being spend on this, and I think one of the things our industry has done a great job of is work together.”

https://www.cnbc.com/2021/06/14/bank-of-america-spends-over-1-billion-per-year-on-cybersecurity.html

Bad Cyber Security Behaviours Plaguing The Remote Workforce

According to the report, younger employees are most likely to admit they cut cyber security corners, with 51% of 16-24 year olds and 46% of 25-34 year olds reporting they’ve used security workarounds. In addition, 39% say the cyber security behaviours they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.

https://www.helpnetsecurity.com/2021/06/16/cybersecurity-behaviors/

Threats

Ransomware

• Why Backups Are Not The Panacea For Recovery From A Ransomware Attack

• Microsoft Systems Targeted By 'Black Kingdom' Ransomware

• Takeaways From The Colonial Pipeline Ransomware Attack

• Police Bust Major Ransomware Gang Cl0p

• Ryuk Ransomware Recovery Cost Us $8.1m And Counting, Says Baltimore School Authority

• Paradise Ransomware Source Code Released On A Hacking Forum

• Experts Shed Light On Distinctive Tactics Used By Hades Ransomware

• How Remote Work Opened The Floodgates To Ransomware

• The latest Revil Ransomware Victim? Sol Oriens. Oh, A US Nuclear Weapons Contractor

• Ransomware Attackers Are Leveraging Old SonicWall SRA Flaw

BEC

• Microsoft Takes Down Large‑Scale BEC Operation

• Behind The Scenes Of Business Email Compromise: Using Cross-Domain Threat Data To Disrupt A Large BEC Campaign

• Microsoft: Scammers Bypass Office 365 MFA In BEC Attacks

Phishing

• Threat Actors Use Google Docs To Host Phishing Attacks

Malware

• Malicious PDFs Flood the Web, Lead To Password-Snarfing

• Alarming Malware Discovery Reveals 1.2 TB Data Theft From Millions Of Windows PCs

Vulnerabilities

• Update Your Chrome Browser To Patch Yet Another 0-Day Exploited In-The-Wild

• Vulnerability In Microsoft Teams Granted Attackers Access To Emails, Messages, And Personal Files

• McAfee Finds Security Vulnerability In Peloton Products

• Critical Remote Code Execution Flaw In Thousands Of VMWare vCenter Servers Remains Unpatched

Data Breaches

• UK Listed Law Firm Gateley Admits Client Data Lost Through Cyber Attack

• Alibaba Suffers Billion-Item Data Leak Of Usernames And Mobile Numbers

• Maritime Firm HMM Suffers Security Breach And Cyber Attack On Its Email Systems

• Mensa Data Spillage Was Due to 'Unauthorised Internal Download'

• Volkswagen, Audi Disclose Data Breach Impacting Over 3.3 Million Customers, Interested Buyers

Organised Crime & Criminal Actors

• Police Grab Slilpp, Biggest Stolen-Logins Market

Cryptocurrency

• Criminals Are Mailing Altered Ledger Devices To Steal Crypto Currency

Supply Chain

• NoxPlayer Supply-Chain Attack Is Likely The Work Of Gelsemium Hackers

OT, ICS, IIoT and SCADA

• Utilities ‘Concerningly’ At Risk from Active Exploits

Nation State Actors

• Biden Says He Told Putin U.S. Will Hack Back Against Future Russian Cyber Attacks

• Little-Noticed Cyber Spying Campaign Blamed On China Was Much Wider Than Thought

Denial of Service

• 100% Increase In Daily DDoS Traffic In 2020 As Potential Grows For 10 TBPS Attack

Cloud

• Unsecured Servers And Cloud Services: How Remote Work Has Increased The Attack Surface That Hackers Can Target

• Complexity Is The Biggest Threat To Cloud Success And Security

Privacy

• Amazon To Let Customers Sue After Thousands Of Alexa Complaints

Other News

• Airline And Bank Websites Go Down In Another Major Internet Failure

• Corporate Attack Surfaces Growing Concurrently With A Dispersed Workforce

• This Secretive Firm Has Powerful New Hacking Tools

• Vigilante Malware Rats Out Software Pirates While Blocking The Pirate Bay

• Fallout Of EA Source Code Breach Could Be Severe, Cyber Security Experts Say

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World’s Biggest Meat Producer JBS Pays $11m Cyber Crime Ransom

JBS, the world’s biggest meat processor, has paid an $11m (£7.8m) ransom after a cyber attack shut down operations, including abattoirs in the US, Australia and Canada. While most of its operations have been restored, the Brazilian-headquartered company said it hoped the payment would head off any further complications including data theft. JBS, which supplies more than a fifth of all beef in the US, reportedly made the payment in bitcoin.

https://www.theguardian.com/business/2021/jun/10/worlds-biggest-meat-producer-jbs-pays-11m-cybercrime-ransom

Jackware: A New Type Of Ransomware Could Be 10 Times As Dangerous

Between the attacks on Colonial Pipeline and JBS, which disrupted nearly half of the East Coast’s gasoline supply for a week and threatened 20% of the U.S. meat market, respectively, consumers are finally experiencing the first physical impacts to their daily lives from cyber attacks. As bad as these attacks are, they could get a lot worse. Cyber criminals are constantly evolving, and what is keeping many security professionals up at night is the growing risk of “jackware” — a new type of ransomware that could be 10 times more dangerous because instead of encrypting Windows computers and servers. Jackware hijacks the actual physical devices and machines that make modern life possible. It’s only a matter of when we will see these attacks happen

https://finance.yahoo.com/news/ransomware-jackware-115229732.html?soc_src=social-sh&soc_trk=tw&tsrc=twtr

Lewd Phishing Lures Aimed At Business Explode

Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The Threat Intelligence team with GreatHorn made the discovery and explained it’s not simply libido driving users to click on these suggestive scams. Instead, these emails popping up on people’s screens at work are intended to shock the user, opening the door for them to make a reckless decision to click. It’s a tactic GreatHorn called “dynamite phishing.”

https://threatpost.com/lewd-phishing-lures-business-explode/166734/

UK Schools Forced To Shut Following Critical Ransomware Attack

Two schools in the south of England have been forced to temporarily close their doors after a ransomware attack that encrypted and stole sensitive data. The Skinners' Kent Academy and Skinners' Kent Primary School were attacked on June 2, according to a statement on the trust’s website which said it is currently working with third-party security experts, the police, and the National Cyber Security Centre (NCSC). It revealed that on-premises servers were targeted at the Tunbridge Well-based schools. As student and staff emergency contact details, medical records, timetables, and registers were encrypted by the attackers, the decision was taken to close on Monday.

https://www.infosecurity-magazine.com/news/schools-shut-ransomware-attacl/

Emerging Ransomware Targets Dozens Of Businesses Worldwide

An emerging ransomware strain in the threat landscape claims to have breached 30 organisations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organisations in the Middle East and North Africa last year. The affected entities are believed to be government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the U.S., U.K., and a dozen more countries in Asia, Europe, the Middle East, and South America.

https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html

COVID-19 Has Transformed Work, But Cyber Security Is Not Keeping Pace, Report Finds

An international survey of tech professionals from the Thales Group finds some bleak news for the current state of data security: the COVID-19 pandemic has upended cyber security norms, and security teams are struggling to keep up. The problems appear to be snowballing; lack of preparation has led to a scramble resulting in poor data protection practices, outdated security infrastructure not receiving needed overhauls, a jumble of new systems that only make matters worse and priority misalignment between security teams and leadership.

https://www.techrepublic.com/article/covid-19-has-transformed-work-but-cybersecurity-isnt-keeping-pace-report-finds/

Colonial Pipeline Ransomware Attack Was The Result Of An Old VPN Password

It took only one dusty, no-longer-used password for the DarkSide cyber criminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cyber security experts. Attackers used the password to a VPN account that was no longer in use but still allowed them to remotely access Colonial Pipeline’s network, Charles Carmakal, senior vice president at FireEye’s cyber security consulting firm Mandiant, told Bloomberg in an interview, according to a published report on the news outlet’s website.

https://threatpost.com/darkside-pwned-colonial-with-old-vpn-password/166743/

Evil Corp Rebrands Ransomware To Escape Sanctions

Threat actors behind a notorious Russian cyber crime group appear to have rebranded their ransomware once again in a bid to escape US sanctions prohibiting victims from paying them. Experts took to Twitter to point out that a leak site previously run by the Babuk group, which famously attacked Washington DC’s Metropolitan Police Department (MPD), had rebranded to “PayloadBin.” The Babuk group claimed that it was shutting down its affiliate model for encrypting victims and moving to a new model back in April. A ‘new’ ransomware variant with the same name has also been doing the rounds of late, but according to CTO of Emsisoft, Fabian Wosar, it’s nothing more than a copycat effort by Evil Corp.

https://www.infosecurity-magazine.com/news/evil-corp-rebrands-ransomware/

Billions Of Passwords Leaked Online From Past Data Breaches

A list of leaked passwords discovered on a hacker forum may be one of the largest such collections of all time. A 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords, likely gathered from past data breaches.

https://www.techrepublic.com/article/billions-of-passwords-leaked-online-from-past-data-breaches/

Threats

Ransomware

• Emerging 'Prometheus' Ransomware Claims 30 Victims In A Dozen Countries, Palo Alto Networks Says

• Ransomware Gangs Are Increasingly Going After SonicWall Devices

• A Deep Dive Into Nefilim, A Ransomware Group With An Eye For $1BN+ Revenue Companies

• Fujifilm Refuses To Pay Ransomware Demand, Restores Network From Backups

Phishing

• New Sophisticated Email-Based Attack From Nobelium

• Phishing Emails Remain In User Inboxes Over 3 Days Before They're Removed

• This Phishing Email Is Pushing Password-Stealing Malware To Windows PCs

Other Social Engineering

• Dangerous Connections: Sextortion Scams Soar During Lockdown, ITV News Investigation Finds

• WhatsApp Hijack Scam Continues To Spread

Malware

• Pirated Games Helped A Malware Campaign Compromise 3.2 Million PCs

• Steam Gaming Platform Hosting Malware

• Mystery Malware Steals 26M Passwords From Millions Of PCs. Are You Affected?

• Unit 42 Discovers First Known Malware Targeting Windows Containers

• Freakout Malware Worms Its Way Into Vulnerable VMware Servers

Mobile

• Android Banking Malware Sharply Increased In The First Chunk Of 2021, Reckons ESET

Vulnerabilities

• Microsoft June 2021 Patch Tuesday: 50 Vulnerabilities Patched, Six Zero-Days Exploited In The Wild

• Adobe Issues Security Updates For 41 Vulnerabilities In 10 Products

• Update Google Chrome Right Now To Avoid A Zero-Day Vulnerability

• Puzzlemaker Attacks Exploit Windows Zero-Day, Chrome Vulnerabilities

• Another Brick In The Wall: eCrime Groups Leverage SonicWall VPN Vulnerability

• Google Patches Critical Android RCE Bug

• Intel Plugs 29 Holes In CPUs, Bluetooth, Security

• Critical Zero-Day Vulnerabilities Found In ‘Unsupported’ Fedena School Management Software

• Microsoft Office MSGraph Vulnerability Could Lead To Code Execution

• WordPress Force Installs Jetpack Security Update On 5 Million Sites

Data Breaches

• EA Got Hit By A Data Breach, And Hackers Are Selling Source Code

• Dutch Pizza Chain Discloses Breach After Hacker Tries To Extort Company

Organised Crime & Criminal Actors

• ANOM: Hundreds Arrested In Massive Global Crime Sting Using Messaging App

Cryptocurrency

• Bitcoin Falls After US Seizes Most Of Colonial Ransom

• Crypto Currency Dealers Face Closure For Failing Uk Money Laundering Test

Nation State Actors

• Gelsemium: When Threat Actors Go Gardening

• Security Researcher Says Attacks On Russian Government Have Chinese Fingerprints – And Typos, Too

• Novel ‘Victory’ Backdoor Spotted In Chinese APT Campaign

• Chinese Hackers Using Previously Unknown Backdoor

Denial of Service

• ‘Fancy Lazarus’ Cyber Attackers Ramp Up Ransom DDoS Efforts

• DDoS Attacks Increase 341% Amid Pandemic

Charities

• Hackers Stole $650,000 From Nonprofit And Got Away

Other News

• US Investigates Leak Of Records Showing Billionaires Pay Little Tax

• Most Mobile Finance Apps Vulnerable To Data Breaches

• Many Executives Still Don't Understand Basic Tech

• The Rise Of Cyber Security Debt

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insurers Recoil As Ransomware Attacks ‘Skyrocket’

The Great Fire of London helped forge the property insurance market, as residents feared a repeat of the savage destruction of 1666. In the absence of a state-backed fire service, some insurers even employed their own brigades, betting that limiting the damage to a property would be cheaper than rebuilding it. After a wave of high-profile cyber assaults, Graeme Newman, chief innovation officer at London-based insurance provider CFC, draws a parallel with today’s rapidly evolving market for cyber coverage. Insurance companies now provide emergency support services as well as financial compensation, so “the insurers own the digital fire trucks”, he said.

https://www.ft.com/content/4f91c4e7-973b-4c1a-91c2-7742c3aa9922

US Puts Cyber Crime On Par With Terror After Ransomware Attacks

The US government is raising the fight against cyber criminals to the same level as the battle against terrorists after a surge of ransomware attacks on large corporations. Internal guidance circulated by the Department of Justice instructs prosecutors to pool their information about hackers. The idea, said John Carlin, of the attorney-general’s office, is to “make the connections between actors and work your way up to disrupt the whole chain”.

https://www.thetimes.co.uk/article/us-cybercrime-terror-ransomware-attacks-joe-biden-pzrqbkfwt

Russia Under Fire As Cyber Attack Leaves 7,000 Out Of Work

An attack this week on JBS meatworks in North America and Australia brought the firm to a standstill, and now threatens to turn into a diplomatic row with Russia. JBS are reported to supply 20% of the world meat market and the ransomware attack has left 7,000 workers unable to do their jobs.

https://www.afr.com/politics/russia-under-fire-as-ransomware-attack-leaves-7000-out-of-work-20210602-p57xha

Irish Health Service Confirms Data Of Nearly 520 Patients Is Online After Cyber Attack

The Health Service Executive (HSE) has confirmed the data of nearly 520 patients is online after media reports of their publication. In a statement, the HSE said the data contains correspondence with patients, minutes of meetings and includes sensitive patient data. The HSE also confirmed corporate documents are among the HSE data illegally accessed.  Confirmation of the authenticity of this data follows an analysis carried out by the agency and comments from the Minister for Communications, Eamon Ryan, that reports of patient data being shared online are "very credible".

https://www.irishexaminer.com/news/arid-40301054.html

Enterprise Networks Vulnerable To 20-Year-Old Exploits

While the industry focuses on exotic attacks – like the SolarWinds incident — the real risk to enterprises comes from older exploits, some as much as 20-years old. “While organisations always need to keep up with the latest security patches, it is also vital to ensure older system and well-known vulnerabilities from years past are monitored and patched as well,” says Etay Maor, senior director of security strategy at Cato Networks. “Threat actors are attempting to take advantage of overlooked, vulnerable systems.” Our research showed that attackers often scanned for end-of-life and unsupported systems. Common Vulnerability and Exposures (CVE) identified were exploits targeting software, namely vSphere, Oracle WebLogic, and Big-IP, as well as routers with remote administration vulnerabilities.

https://www.helpnetsecurity.com/2021/05/27/enterprise-networks-vulnerable/

US Authorities Seize Two Domains Used By SolarWinds Intruders For Malware Spear-Phishing Operation

Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development (USAID). The domain takeovers, which occurred on Friday, followed a court order issued in the wake of a Microsoft report warning about the spear-phishing campaign. The phishing effort relied on malware-laden messages sent via marketing service Constant Contact. "Cyber intrusions and spear-phishing email attacks can cause widespread damage throughout affected computer networks, and can result in significant harm to individual victims, government agencies, NGOs, and private businesses,” said Acting US Attorney Raj Parekh for the Eastern District of Virginia, in a statement. "As demonstrated by the court-authorized seizure of these malicious domains, we are committed to using all available tools to protect the public and our government from these worldwide hacking threats."

https://www.theregister.com/2021/06/02/feds_seize_nobelium/

Hacker Group DarkSide Operates In A Similar Way To A Franchise

DarkSide, the hacker group behind the recent Colonial Pipeline ransomware attack, has a business model that’s more familiar than people think, according to New York Times correspondent Andrew Kramer, “It operates something like a franchise, where individual hackers can come and receive the ransomware software and use it, as well as, use DarkSide’s reputation, as it were, to extract money from their targets, mostly in the United States,” Kramer said in an interview that aired Wednesday night.

https://www.cnbc.com/2021/06/02/hacker-group-darksides-operates-in-a-similar-way-to-a-franchise-new-york-times-reporter-says.html?__source=sharebar|twitter&par=sharebar

Interpol Intercepts $83 Million Fighting Financial Cyber Crime

The Interpol (short for International Criminal Police Organisation) has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers. Over 40 law enforcement officers specialized in fighting cyber crime across the Asia Pacific region took part in the Interpol-coordinated Operation HAECHI-I spanning more than six months. Between September 2020 and March 2021, law enforcement focused on battling five types of online financial crimes: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.

https://www.bleepingcomputer.com/news/security/interpol-intercepts-83-million-fighting-financial-cyber-crime/

Is It Really The Wild West In Cyber Crime? Why We Need To Re-Examine Our Approach To Ransomware

Once again, cyber security has become a headline topic within and well outside technology circles, along with the little-known operator of a significant fuel pipeline: Colonial Pipeline. A ransomware attack, and ensuing panic buying of gasoline, resulted in widespread fuel shortages on the east coast, thrusting the issue of cyber security into the lives of everyday Americans. Colonial Pipeline CEO Joseph Blount later acknowledged that his company ultimately paid the cybercriminals $4.4 million to unlock company systems, generating a great deal of controversy around the simple question (and associated complex potential answers), of whether companies should pay when their systems are held hostage by ransomware.

https://www.techrepublic.com/article/is-it-really-the-wild-west-in-cybercrime-why-we-need-to-re-examine-our-approach-to-ransomware/

Threats

Ransomware

• Anti-Ransomware Biz Exagrid ‘Paid $2.6M Ransomware Demand’

• White House Contacts Russia After Hack Of World’s Largest Meatpacking Company

• This New Ransomware Is Targeting Unpatched Microsoft Exchange Servers

• Fujifilm Becomes Latest Ransomware Victim As White House Urges Business Leaders To Take Action

• Cyber Crime Forum Advertises Alleged Database, Source Code From Russian Firm That Helped Parler

• On The Taxonomy And Evolution Of Ransomware

Phishing

• Phishing Emails Remain in User Inboxes Over 3 Days ... (darkreading.com)

Other Social Engineering

• The Bizarro Streaming Site That Hackers Built From Scratch

Malware

• Malware Can Use This Trick To Bypass Ransomware Defense In Antivirus Solutions

• Exchange Servers Targeted By ‘Epsilon Red’ Malware

Mobile

IOT

• Amazon Sidewalk Poised To Sweep You Into Its Mesh

 Vulnerabilities

• XSS Vulnerability Found In Popular WYSIWYG Website Editor

• Huawei USB LTE Dongles Are Vulnerable To Privilege Escalation Attacks

• Hackers Actively Exploiting 0-Day In WordPress Plugin Installed On Over 17,000 Sites

• EPUB Vulnerabilities: Electronic Reading Systems Riddled With Browser-Like Flaws

• SonicWall Urges Customers To 'Immediately' Patch NSM On-Prem Bug

Data Breaches

• GDPR: EU Privacy Watchdog Probing The Use Of AWS And Azure Cloud Services

Supply Chain

• What Is A Supply Chain Attack?

• Microsoft Office 365 A Major Supply Chain Attack Vector

Nation State Actors

• Chinese Cyber Criminals Spent Three Years Creating A New Backdoor To Spy On Governments

• Kimsuky APT Continues To Target South Korean Government Using Appleseed Backdoor

• Russian Hacker Pavel Sitnikov Arrested For Sharing Malware Source Code

Privacy

• You Have A Week To Opt-Out Of Amazon Sidewalk, Do It Now

Other News

• “Have I Been Pwned” Breach Site Partners With… The FBI!

• 17 Cyber Insurance Application Questions You'll Need To Answer

• Cyber Criminals Go Corporate As Hacking Becomes A Business

• The Human Cost Of Understaffed SOCs

• Security Ops Teams Struggle To Switch Off At Home

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise

In early May, global insurer AXA made a landmark policy decision: The company would stop reimbursing French companies for ransomware payments to cyber criminals. The decision, which reportedly came after French authorities questioned whether the practice had fuelled the current epidemic in ransomware attacks, may be just the beginning of a general retreat that will force companies to reconsider their attempts to outsource cyber-risk to insurance firms. Already, the massive damages from one damaging crypto worm, NotPetya, caused multiple lawsuits when insurers refused to pay out on cyber insurance claims.

https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109

Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack

The cyber attack on IT systems in the health service will cost it at least €100 million, according to chief executive Paul Reid. This is at the lower end of estimates of the total cost, he indicated, and includes the cost of restoring the network, upgrading systems to Microsoft 365 and the disruption caused to patients. Appointments for about 7,000 patients a day are being cancelled, almost two weeks after a criminal gang hacked the HSE systems. Mr Reid said the HSE was keen to see an independent and objective assessment of the cyber attack.

https://www.irishtimes.com/news/health/cyberattack-hse-faces-final-bill-of-at-least-100m-1.4577076

Ransomware: Dramatic Increase In Attacks Is Causing Harm On A Significant Scale

A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK's National Crime Agency (NCA) has warned. The NCA's annual National Strategic Assessment (NSA) of Serious and Organised Crime details how the overall threat from cyber crime has increased during the past year, with more severe and high-profile attacks against victims. Ransomware attacks have grown in frequency and impact over the course of the last year, to such an extent that they rank alongside other major crimes "causing harm to our citizens and communities on a significant scale," warns the report.

https://www.zdnet.com/article/ransomware-dramatic-increase-in-attacks-is-causing-harm-on-a-significant-scale/

Deepfakes Could Be The Next Big Security Threat To Businesses

An overwhelming majority of businesses say that manipulated online content and media such as deepfakes are a serious security risk to their organisation. Deepfakes have already been shown to pose a threat to people portrayed in the manipulated videos, and could have serious repercussions when the individual holds a position of importance, be it as a leader of a country, or a leader of an enterprise. Earlier in 2021, the FBI’s cyber division warned that deepfakes are a critical emerging threat that can be used in all manners of social engineering attacks including ones aimed at businesses.

https://www.techradar.com/news/deepfakes-could-be-the-next-big-security-threat-to-businesses

Ransomware: Two-Thirds Of Organisations Say They'll Take Action To Boost Their Defences

The severe disruption caused by the Colonial Pipeline ransomware attack has alerted organisations to the need to bolster their defences against cyber attacks – and two-thirds are set to take actions required to prevent them becoming another ransomware victim following the incident. The ransomware attack against Colonial Pipeline – one of the largest pipeline operators in the United States, providing almost half of the East Coast's fuel – caused disruption to operations and led to gas shortages, demonstrating how cyber attacks can have physical consequences.

https://www.zdnet.com/article/ransomware-two-thirds-of-organisations-say-theyll-take-action-to-boost-their-defences/

The 10 Most Dangerous Cyber Threat Actors

When hacking began many decades ago, it was mostly the work of enthusiasts fuelled by their passion for learning everything they could about computers and networks. Today, nation-state actors are developing increasingly sophisticated cyber espionage tools, while cyber criminals are cashing in millions of dollars targeting everything from Fortune 500 companies to hospitals. Cyber attacks have never been more complex, more profitable, and perhaps even more baffling. At times, drawing clear lines between different kinds of activities is a challenging task. Nation-states sometimes partner with each other for a common goal, and sometimes they even appear to be working in tandem with cyber criminal gangs.

https://www.csoonline.com/article/3619011/the-10-most-dangerous-cyber-threat-actors.html

Cyber Security Leaders Lacking Basic Cyber Hygiene

Constella Intelligence released the results of a survey that unlocks the behaviours and tendencies that characterize how vigilant organisations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge. The findings from the survey, which polled over 100 global cyber security leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications, revealed that 57% have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%).

https://www.helpnetsecurity.com/2021/05/26/cybersecurity-leaders-cyber-hygiene/

Watch Out: Crypto Jacking Is On The Rise Again

During the last year, though, malicious crypto mining has seen a resurgence, with NTT’s 2021 Global Threat Intelligence Report, published this month, revealing that crypto miners have now overtaken spyware as the world’s most common malware. Crypto miners, says NTT, made up 41% of all detected malware in 2020, and were most widely found in Europe, the Middle East, Africa, and the Americas. The most common coinminer variant was XMRig, which infects a user’s computer to mine Monero, accounting for 82% of all mining activity. Others included Crypto miner and XMR-Stack.

https://cybernews.com/security/watch-out-cryptojacking-is-on-the-rise-again/

Threats

Ransomware

• Ransomware Attacks Are Becoming More Common – How Do We Stop Them?

• Ryuk Ransomware Operators Shift Tactics To Target Victims

• Bose Confirms Ransomware Attack That Exposed Employee Data

• Russian To Be Deported After Failed Tesla Ransomware Plot

• Ransomware Attack Halts Child Protection Court Cases

• FBI Warns Of Conti Ransomware Attacks Against Healthcare Organisations

• HSE Cyber Attack Has Had ‘Devastating Impact’, Cancer Services Director Says

Phishing

• Financial Spear-Phishing Campaigns Pushing RATs

• This Massive Phishing Campaign Delivers Password-Stealing Malware Disguised As Ransomware

Other Social Engineering

• NatWest Launches 'Urgent' Crypto Currency Scam Alert

• Eight Men Arrested Over Royal Mail Delivery Scam Texts

• Fake Amazon Order Emails Lead To Vishing

Malware

• This Fake Streaming Service Will Spread Malware

• This Ransomware-Spreading Malware Botnet Just Will Not Go Away

Mobile

• New Malware Plunders Dutch Android Users’ Bank Accounts

IOT

• Hackers Can Use Smart Plugs To Break Into Your Home Network

Vulnerabilities

• VMware Sounds Ransomware Alarm Over Critical Severity Bug

• Trend Micro Bugs Threaten Home Network Security

• Digging Into A Ubiquiti Firmware Update Bug

• “Unpatchable” Vuln In Apple’s New MAC Chip – What You Need To Know

• PDF Feature ‘Certified’ Widely Vulnerable To Attack

• SonicWall urges customers to 'immediately' patch NSM On-Prem bug

• FBI Issues Warning About Fortinet Vulnerabilities After Apt Group Hacks Local Gov’t Office

• Restaurant Reservation System Patches Easy-To-Exploit XSS Bug

• Bluetooth Flaws Allow Attackers To Impersonate Legitimate Devices

Data Breaches

• UK Police Suffered Thousands Of Data Breaches In 2020

• Air India Cyber Attack: Personal Data Of Over 4.5 Million Passengers Leaked

Organised Crime & Criminal Actors

• ‘Privateer’ Threat Actors Emerge From Cyber Crime Swamp

Cryptocurrency

• Crypto Currency Crackdown Will not Stop Ransomware, CISA Official Says

• Watch Out: Crypto Jacking Is On The Rise Again

• Bitcoin Mine Found Stealing Electricity

Dark Web

• French Authorities Seize Their Third Dark Web Marketplace

OT, ICS, IIoT and SCADA

• Cyber Attacks On Operational Technology Are On The Rise

• UK Prepares For Ransomware Attacks On Pipelines

Nation State Actors

• Threat Actor ‘Agrius’ Emerges To Launch Wiper Attacks Against Israeli Targets

• Russian Group Behind SolarWinds Spy Campaign Conduct New Cyber Attacks

• Belgium Uproots Cyber Espionage Campaign With Suspected Ties To China

Privacy

• Employers Are Watching Remote Workers And They Are Monitoring These Activities

• GCHQ’s Mass Data Interception Violated Right To Privacy, Court Rules

• Amazon Devices Will Soon Automatically Share Your Internet With Neighbours

Reports Published in the Last Week

• Report: Cloud Security Breaches Surpass On-Prem Ones For The First Time

Other News

• Enemy Hackers Target NATO With Constant Cyber Attacks

• Security Is An Architectural Issue: Why The Principles Of Zero Trust And Least Privilege Matter So Much Right Now

• GDPR Is Being Used As A Bureaucratic Dodge To Avoid Public Scrutiny

• UK Universities To Be Offered Advice On National Security Threats

• How Hacking Became A Professional Service In Russia

• A Chinese Hacking Competition May Have Given Beijing New Ways To Spy On The Uyghurs

• 'Did Weak WiFi Password Lead The Police To Our Door?'

• How Much Economic Damage Would Be Done If A Cyber Attack Took Out The Internet?

• German Cyber Security Chief Fears Hackers Could Target Hospitals

• How The Post-Pandemic World Will Challenge CISOs

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.