Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Technology Has Enabled Cyber-Crime On An Industrial Scale

Nobody likes a call from the taxman. Donald Rumsfeld, who as America’s defence secretary oversaw a budget bigger than the economy of a typical country, nonetheless finds the rules so confusing that he writes to the Internal Revenue Service each year complaining that he has “no idea” whether he has filed his taxes correctly. So, it is hardly surprising that, when the phone rings and an official-sounding voice says you have underpaid your taxes and will be connected to an adviser to pay the balance, ordinary folk tremble.

https://www.economist.com/international/2021/05/06/new-technology-has-enabled-cyber-crime-on-an-industrial-scale

Cyber Security Control Failures Listed As Top Emerging Risk

Despite a myriad of risks resulting from the pandemic, such as the new work environment and environmental, social and governance (ESG) concerns, cyber security risk was singled out with notable consistency across all geographic regions and most industries, cited by 67% of respondents. The next highest cited risk, “the new working model” was cited by 43% of respondents. “Many organisations were forced to implement quick fixes to serious operational gaps as a result of their initial pandemic responses.”

https://www.helpnetsecurity.com/2021/05/03/cybersecurity-control-failures/

Third Parties Caused Data Breaches At 51% Of Organisations

Remote access is becoming an organisation's weakest attack surface, according to new research published. The new report, titled “A Crisis in Third-party Remote Access Security,” reveals a disparity between an organisation's perceived third-party access security threat and the protective measures it puts in place. Researchers found that organisations are exposing their networks to non-compliance and security risks by not taking action to reduce third-party access risk.

https://www.infosecurity-magazine.com/news/third-parties-breaches-at-51-of/

Apple Devices Under Attack — Update Your Mac, iPhone, iPad And Apple Watch Now

Apple on Monday (May 3) pushed out emergency patches to macOS, iPadOS, watchOS and two different versions of iOS to fix four flaws in WebKit, the rendering engine that underlies the Safari web browser. Install these updates when you receive them, because for each flaw, the company states that "Apple is aware of a report that this issue may have been actively exploited." In each case, Apple says, "processing maliciously crafted web content may lead to arbitrary code execution." In plain English, that means web pages could be built to remotely hack your Mac, iPhone, iPad, or Apple Watch.

https://www.tomsguide.com/uk/news/apple-urgent-updates-2105

Enforcing KYC, AML Laws Is Key To Reducing Ransomware Attacks: Task Force

Better enforcement of crypto currency regulations can help address an increasing number of ransomware attacks; a public-private task force claimed Thursday. The Ransomware Task Force, led by the Institute for Security and Technology with support from Microsoft, McAfee and various government agencies, published a report proposing a host of government and company responses to the growing threat of ransomware attacks, including recommendations to disrupt payments to the developers who develop this form of malware. A ransomware attack is one where a malicious actor hijacks a computer or network, locking it until the victim pays a ransom, often in crypto currency (ransomware victims paid close to $350 million in crypto to attackers last year). Paying the ransom is not necessarily a guarantee the perpetrator will share a decryption tool to unlock the computer.

https://www.coindesk.com/enforcing-kyc-aml-laws-is-key-to-reducing-ransomware-attacks-report-says

Ransomware Reality Shock: 92% Who Pay Do Not Get Their Data Back

As Apple gets caught up in an apparent $50 million ransomware extortion attempt by a significant cyber criminal gang, new research reveals just how unlikely it is that organisations will get all their data back if they pay up. On April 23, I reported how the notorious cyber criminal gang behind the REvil ransomware operation had attempted to get Apple to pay the ransom for another business that it had targeted. That business, REvil said, was Apple original design manufacturer Quanta Computer and the gang said it had stolen the schematics for several new Apple products. Several blueprints were published to the REvil dark web site, including one that 9to5Mac determined was related to the 2021 MacBook Pro.

https://www.forbes.com/sites/daveywinder/2021/05/02/ransomware-reality-shock-92-who-pay-dont-get-their-data-back/?sh=4c38f3d5e0c7

New Vulnerabilities Impact 60% Of The Internet’s Email Servers

The maintainers of the Exim email server software have released updates today to patch a collection of 21 vulnerabilities that can allow threat actors to take over servers using both local and remote attack vectors. Known as 21Nails, the vulnerabilities were discovered by the security firm Qualys. The bugs impact Exim, a type of email server known as a mail transfer agent (MTA) that helps email traffic travel across the internet and reach its intended destinations. While there are different MTA clients available, an April 2021 survey shows that Exim has a market share of nearly 60% among all MTA solutions, being widely adopted around the internet.

New vulnerabilities impact 60% of the internet’s email servers

Ransomware: There's Been A Big Rise In Double Extortion Attacks As Gangs Try Out New Tricks

There has been a big rise in the number of ransomware gangs that threaten to release information stolen from the victims if they themselves rather than the firm, do not pay the ransom for the decryption key required to restore their network. The idea behind these 'double extortion' ransomware attacks is that even if the victim organisation believes it can restore its network without giving into the ransom demands of cyber criminals – which regularly cost millions of dollars in Bitcoin – the threat of sensitive information about employees or customers being exposed could still push victims to giving into the blackmail and paying the ransom.

https://www.zdnet.com/article/ransomware-theres-been-a-big-rise-in-double-extortion-attacks-as-gangs-try-out-new-tricks/

They Told Their Therapists Everything. Hackers Leaked It All

Finnish mental health Clinic Vastaamo suffers catastrophic data breach. A security flaw at the firm’s IT provider not only exposed full names, dates of birth, and social security numbers, but also the actual written notes their therapists had taken. It was the patients themselves, rather than the firm were then left facing a demand for ransom payment to prevent public disclosure of their data.

https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/?utm_source=twitter&utm_medium=social&utm_campaign=onsite-share&utm_brand=wired&utm_social-type=earned

Millions At Security Risk From Old Routers

Millions of people could be using outdated routers that put them at risk of being hacked. The consumer watchdog examined 13 models provided to customers by internet-service companies such as EE, Sky and Virgin Media and found more than two-thirds had flaws. It estimated about six million people could have a device not updated since 2018 or earlier. So, in some cases, they would not have received crucial security updates.

https://www.bbc.co.uk/news/technology-56996717

An Estimated 30% Of All Smartphones Vulnerable To New Qualcomm Bug

Around a third of all smartphones in the world are believed to be affected by a new vulnerability in a Qualcomm modem component that can grant attackers access to the device’s call and SMS history and even audio conversations. First designed in the early 90s, the chip has been updated across the years to support 2G, 3G, 4G, and 5G cellular communications and has slowly become one of the world’s most ubiquitous technologies, especially with smartphone vendors. Devices that use Qualcomm MSM chips today include high-end smartphone models sold by Google, Samsung, LG, Xiaomi, and One Plus, just to name a few.

https://therecord.media/an-estimated-30-of-all-smartphones-vulnerable-to-new-qualcomm-bug/

Threats

Ransomware

• Cloud Hosting Provider Swiss Cloud Suffered A Ransomware Attack

• Babuk Quits Ransomware Encryption, Focuses On Data-Theft Extortion

Phishing

• 'Phishing' Sites Buying Workplace Login Details Linked to Well-Funded Start-up

Malware

• Global Phishing Attacks Spawn Three New Malware Strains

• New Pingback Malware Using ICMP Tunnelling to Evade C&C Detection

• New Buer Malware Downloader Rewritten in E-Z Rust Language

Mobile

• Serious Android flaw threatens hundreds of millions of users

Vulnerabilities

• Security Researchers Found 21 Flaws In This Widely Used Email Server, So Update Immediately

• Dell Is Issuing A Security Patch For Hundreds Of Computer Models Going Back To 2009

• Pulse Secure fixes VPN zero-day used to hack high-value targets

• Microsoft Warns Of Damaging Vulnerabilities In Dozens Of Iot Operating Systems

• Python Also Impacted By Critical Ip Address Validation Vulnerability

• Computer Scientists Discover New Vulnerability Affecting Computers Globally

Data Breaches

• Data Leak Implicates Over 200,000 People In Amazon Fake Product Review Scam

• Middle Market Companies Facing A Record Number Of Data Breaches

Nation State Actors

• Researchers Uncover Iranian State-Sponsored Ransomware Operation

• Rare New Windows Rootkit Spotted In Chinese Apt Attacks

Denial of Service

• A Massive DDoS Knocked Offline Belgian Government Websites

Privacy

• Android Devices Are Leaking Contact Tracing Data All Over The Place

Other News

• Woman Loses Nearly £113k In Dating Site Romance Fraud

• Healthcare Organisations Implementing Zero Trust To Tackle Cyber Attacks

• Hackers Break Into Tesla Using a Drone Flying Over the Car

• Penetration Testing Leaving Organisations With Too Many Blind Spots

• Goodbye Again, Flash—Microsoft Makes Removal From Windows 10 Mandatory

• Data Leak Makes Peloton’s Horrible, No-Good, Really Bad Day Even Worse

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.