Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

61 Percent Of Employees Fail Basic Cyber Security Quiz

Nearly 70% of employees polled in a new survey said they recently received cyber security training from their employers, yet 61% nevertheless failed when asked to take a basic quiz on the topic. This was one of the leading findings of a research study that sought to understand the cyber security habits of some 1,200 workers, as well as their knowledge of best practices and ability to recognize security threats.

https://www.scmagazine.com/home/security-news/61-percent-of-employees-fail-basic-cybersecurity-quiz/

More Than 1,900 Distinct Hacking Groups Are Active Today

There are currently more than 1,900 distinct hacking groups that are active today, a number that grew from 1,800 groups recorded at the end of 2019. In its yearly cyber crime report, the company said it discovered 650 new threat actors during 2020, but new evidence also allowed it to remove 500 groups from its threat actor tracker due to overlaps in activity and hacking infrastructure with previously known clusters.

https://therecord.media/fireeye-more-than-1900-distinct-hacking-groups-are-active-today/

Ransomware: The Internet's Biggest Security Crisis Is Getting Worse

Organisations continue to fall victim to ransomware, and yet progress on tackling these attacks, which now constitute one of the biggest security problems on the internet, remains slow. From small companies to councils, government agencies and big business, the number and range of organisations hit by ransomware is rising. One recent example; schools with 36,000 students have been hit, leaving pupils without access to email as attempts were made to get systems back online. That is at least four chains of schools attacked in the last month.

https://www.zdnet.com/article/ransomware-the-internets-biggest-security-crisis-is-getting-worse-we-need-a-way-out/?&web_view=true

Enterprise Security Attackers Are One Password Away From Your Worst Day

If the definition of insanity is doing the same thing over and over and expecting a different outcome, then one might say the cyber security industry is insane.

Criminals continue to innovate with highly sophisticated attack methods, but many security organisations still use the same technological approaches they did 10 years ago. The world has changed, but cyber security hasn’t kept pace.

Distributed systems, with people and data everywhere, mean the perimeter has disappeared. And the hackers couldn’t be more excited. The same technology approaches, like correlation rules, manual processes and reviewing alerts in isolation, do little more than remedy symptoms while hardly addressing the underlying problem.

Credentials are supposed to be the front gates of the castle, but as the SOC is failing to change, it is failing to detect. The cyber security industry must rethink its strategy to analyse how credentials are used and stop breaches before they become bigger problems.

https://techcrunch.com/2021/04/16/enterprise-security-attackers-are-one-password-away-from-your-worst-day/

Microsoft’s April Update Patches 114 Bugs—Half Of Which Allow Remote Code Execution

The fourth Patch Tuesday of 2021 is another big one. Today, Microsoft revealed 114 vulnerabilities fixed in the monthly security, over half of which could potentially be exploited for remote code execution by attackers. Of the 55 remote execution bugs, over half were tied to Windows’ Remote Procedure Call (RPC) interface. Four more were Microsoft Exchange bugs (all urgent fixes) reported to Microsoft by the National Security Agency. In addition, six Chrome vulnerabilities that were previously addressed by Google are included in the roll-up.

https://news.sophos.com/en-us/2021/04/13/microsofts-april-update-patches-114-bugs-more-than-half-of-which-allow-remote-code-execution/

Nation-State Cyber Attacks Targeting Businesses Are On The Rise

Businesses are increasingly coming under fire from nation state-backed hackers as governments around the world engage in attacks to steal secrets or lay the foundations for future attacks. Nation States, Cyberconflict and the Web of Profit, a study by cyber security researchers at HP and criminologists at the University of Surrey, warns that the number of key nation-state attacks has risen significantly over the past three years – and that enterprises and businesses are increasingly being targeted. An analysis of nation-state cyber attacks between 2017 and 2020 reveals that just over a third of organisations targeted were businesses: cyber defence, media, government, and critical infrastructure are all also common targets in these attacks, but enterprise has risen to the top of the list.

https://www.zdnet.com/article/nation-state-cyber-attacks-targeting-businesses-are-on-the-rise/

Cyber Criminals Are Installing Cryptojacking Malware On Unpatched Microsoft Exchange Servers

Cyber criminals are targeting vulnerable Microsoft Exchange servers with cryptocurrency mining malware in a campaign designed to secretly use the processing power of compromised systems to make money. Zero-day vulnerabilities in Microsoft Exchange Server were detailed last month when Microsoft released critical security updates to prevent the exploitation of vulnerable systems. Cyber attackers ranging from nation-state-linked hacking groups to ransomware gangs have rushed to take advantage of unpatched Exchange servers -- but they are not the only ones.

https://www.zdnet.com/article/free-money-cyber-criminals-are-installing-cryptojacking-malware-on-unpatched-microsoft-exchange-servers/

NAME:WRECK DNS Vulnerabilities Affect Over 100 Million Devices

Security researchers have disclosed nine vulnerabilities affecting network communication stacks running on at least 100 million devices. Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them. The vulnerabilities were found in a wide range of products, from high-performance servers and networking equipment to operational technology (OT) systems that monitor and control industrial equipment. According to researchers threat actors could exploit NAME:WRECK vulnerabilities to deal significant damage to government or enterprise servers, healthcare facilities, retailers, or companies in the manufacturing business by stealing sensitive data, modifying or taking equipment offline for sabotage purposes.

https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/

Brits Still Confused By Multi-Factor Authentication

The British public are still woefully underinformed and unaware of the security benefits of multi-factor authentication (MFA). The industry association, founded in 2012 to promote authentication standards and reduce global reliance on passwords, recently polled over 4000 consumers in the UK, France, Germany, and the US. It revealed that half (49%) UK consumers have had their social media accounts compromised or know a friend or family member who has. However, despite a continued number of high-profile account takeovers, 43% said this does not make them enhance security on their accounts, even though they “feel like” they should. Part of the problem seems to be a general lack of understanding about the benefits of MFA in protecting account holders from phishing, as well as credential stuffing and other brute force attack types. Although such features are offered by all social media companies today, over a quarter (26%) of respondents said they were not using or didn’t know about them.

https://www.infosecurity-magazine.com/news/brits-still-confused-by/

623K Payment Cards Stolen From Cyber Crime Forum

The Swarmshop cyber underground “card shop” has been hit by hackers, who lifted the site’s database of stolen payment-card data and leaked it online. That is according to researchers, who said that the database was posted on a rival underground forum. Card shops, are online cyber criminal forums where stolen payment-card data is bought and sold. Researchers said the database in question contains 623,036 payment-card records from card-issuers in Brazil, Canada, China, France, Mexico, Saudi Arabia, Singapore, the U.K., and the U.S.

https://threatpost.com/623m-payment-cards-stolen-from-cybercrime-forum/165336/

Threats

Ransomware

• How The Kremlin Provides A Safe Harbour For Ransomware

• Dutch Supermarkets Run Out Of Cheese After Ransomware Attack

• This Nasty Ransomware Hacks Your VPN To Break Into Your Device

Phishing

• New Invoice Payment Phishing Attack

• Tax Phish Swims Past Google Workspace Email Security

Other Social Engineering

• 7 New Social Engineering Tactics Threat Actors Are Using Now

• Cloud-Native Watering Hole Attack: Simple And Potentially Devastating

Malware

• Hackers Using Website's Contact Forms to Deliver IcedID Malware

Mobile

• Joker Malware Infected 538,000 Huawei Android Devices

Vulnerabilities

• Chrome And Edge Hacked By New Zero-Day Flaw — What To Do

• Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop

• Microsoft Security Update Fixes Zero-Day Vulnerabilities In Windows And Other Software

• Critical Security Alert: If You Haven't Patched This Old Vpn Vulnerability, Assume Your Network Is Compromised

• WhatsApp Addressed Two Security Vulnerabilities In Its App For Android That Could Have Been Exploited To Remotely Hack The Victim’s Device.

• Security Bug Allows Attackers to Brick Kubernetes Clusters

• 84% Of Codebases Contain An Open Source Vulnerability

Data Breaches

• Clubhouse Data Breach: 1.3 Million Users Have Info Leaked Online

• Covid Results Emails May Breach GDPR

Organised Crime & Criminal Actors

• Coronavirus Triggers Epidemic Of Cyber Fraud

Nation State Actors

• Iran Vows Revenge For 'Israeli' Attack On Natanz Nuclear Site

• US Poised To Impose Sanctions On Russia For Cyber-Attacks

• NSA: Top 5 Vulnerabilities Actively Abused By Russian Govt Hackers

Privacy

• 24% Of Workers Spied On By Bosses

Reports Published in the Last Week

• SMB Cyber Security Trust & Confidence Report 2021

• Most Imitated Brands In Phishing Emails In First Quarter Of 2021: Report

Other News

• A Casino Gets Hacked Through a Fish-Tank Thermometer

• SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

• Detecting the "Next" SolarWinds-Style Cyber Attack

• The FBI Is Remotely Hacking Hundreds Of Computers To Protect Them From Hafnium

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.