Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Businesses Suffered 50% More Cyber Attack Attempts per Week in 2021

Cyberattack attempts reached an all-time high in the fourth quarter of 2021, jumping to 925 a week per organisation, partly due to attempts stemming from the Log4j vulnerability, according to new data.

Check Point Research on Monday reported that it found 50% more attack attempts per week on corporate networks globally in calendar year 2021 compared with 2020.

The researchers define a cyberattack attempt as a single isolated cyber occurrence that could be at any point in the attack chain — scanning/exploiting vulnerabilities, sending phishing emails, malicious website access, malicious file downloads (from Web/email), second-stage downloads, and command-and-control communications.

https://www.darkreading.com/attacks-breaches/corporate-networks-saw-50-more-attacks-per-week-in-2021-

Cyber Attacks Against MSPs Jump 67%

Cyber attacks spiked by 50 percent in 2021 as compared to 2020, aided by millions of attacks in December by hackers attempting to exploit the Log4J vulnerability, according to a Check Point Software Technologies research report.

In terming 2021 a “record breaking year,” the security provider pointed to a worldwide peak of 925 cyber attacks per organisation weekly and an October 2021 measure that showed a 40 percent increase in cyberattacks, with one out of every 61 entities hit by ransomware each week. The number of cyberattacks on managed service providers (MSPs) and internet service providers (ISPs) rose by nearly 70 percent year over year.

https://www.msspalert.com/cybersecurity-news/cyberattacks-vs-msps-skyrocket/

SMEs Still An Easy Target For Cyber Criminals

Cyber crime continues to be a major concern, with 51% of SMEs experiencing a cyber security breach, a Markel Direct survey reveals.

In this survey that polled 1000 respondents, Markel Direct explored the issue of cybercrime and its impact on the self-employed and SMEs. The survey found the most common cybersecurity attacks were malware/virus related (24%) followed by a data breach (16%) and phishing attack (15%), with 68% reporting the cost of their breach was up to £5,000.

This comes after the latest Quarterly Fraud and Cyber Crime Report revealed that Britons lost over £1 billion in the first six months of 2021, due to the considerable increase in fraudulent activity.

https://www.helpnetsecurity.com/2022/01/12/smes-cybersecurity-breach/

World Economic Forum: Cyber Security Failures an Increasing Global Threat

Cybersecurity was once again identified as a major short and medium-term threat to the world in this year’s World Economic Forum’s (WEF’s) The Global Risk Report. The analysis was based on insights from nearly 1000 global experts and leaders who responded to the WEF’s Global Risks Perception Survey (GRPS).

Perhaps unsurprisingly, environmental issues like climate action failure and extreme weather ranked highest on the risks facing the world over the short (0-2 years), medium (2-5 years) and long-term (5-10 years). In addition, a number of challenges exacerbated by the pandemic, such as livelihood crises, infectious diseases and mental health deterioration, also scored highly. Overall, this added up to a pessimistic assessment, with 84.2% of respondents stating they were either “worried” or “concerned” about the global outlook.

Digital challenges, such as “cyber security failures,” were also viewed as a significant and growing problem to the world. Nearly one in five (19.5%) respondents believe cybersecurity failures will be a critical threat to the world in just the next 0-2 years, and 14.6% said it would be in 2-5 years

https://www.infosecurity-magazine.com/news/world-economic-forum-cybersecurity/

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Microsoft started 2022 with a large January Patch Tuesday update covering nine critical CVEs, including a self-propagator with a 9.8 CVSS score.

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days.

The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP).

https://threatpost.com/microsoft-wormable-critical-rce-bug-zero-day/177564/

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

In an unprecedented move, Russia's Federal Security Service (FSB), the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations.

The surprise takedown, which it said was carried out at the request of the US authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organised cyber crime syndicate.

"In order to implement the criminal plan, these persons developed malicious software, organised the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet," the FSB said in a statement.

In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means.

https://thehackernews.com/2022/01/russia-arrests-revil-ransomware-gang.html

North Korea Hackers Stole $400m Of Cryptocurrency In 2021, Report Says

North Korean hackers stole almost $400m (£291m) worth of digital assets in at least seven attacks on cryptocurrency platforms last year, a report claims.

Blockchain analysis company Chainalysis said it was one of most successful years on record for cyber-criminals in the closed east Asian state.

The attacks mainly targeted investment firms and centralised exchanges.

North Korea has routinely denied being involved in hack attacks attributed to them.

"From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%," Chainalysis said in a report.

https://www.bbc.co.uk/news/business-59990477

No Lights, No Heat, No Money - That's Life In Ukraine During Cyber Warfare

Hackers who defaced and interrupted access to numerous Ukrainian government websites on Friday could be setting the stage for more serious cyberattacks that would disrupt the lives of ordinary Ukrainians, experts said.

"As tensions grow, we can expect more aggressive cyber activity in Ukraine and potentially elsewhere," said John Hultquist, an intelligence analyst at US cyber security company Mandiant, possibly including "destructive attacks that target critical infrastructure."

"Organisations need to begin preparing," Hultquist added.

Intrusions by hackers on hospitals, power utility companies, and the financial system were until recently rare. But organised cyber criminals, many of them living in Russia, have gone after institutions aggressively in the past two years with ransomware, freezing data and computerized equipment needed to care for hospital patients.

In some cases, those extortion attacks have led to patient deaths, according to litigation, media reports and medical professionals.

https://www.reuters.com/world/europe/no-lights-no-heat-no-money-thats-life-ukraine-during-cyber-warfare-2022-01-14/

Ukrainian Police Arrest Five Members Of Ransomware Affiliate

Ukrainian police announced the arrest of five members of a ransomware affiliate on Thursday, noting that the group was behind attacks on more than 50 companies across Europe and the US.

In a statement, both the Ukrainian Security Service and Ukrainian Cyber Police said the group made at least $1 million through their attacks on the companies.

US and UK law enforcement officials worked with Ukrainian officials on the operation.

Officials said the leader of the group was a 36-year-old who worked with his wife and three other people out of Kyiv. The five are facing a variety of charges in Ukraine related to money laundering, hacking, and selling malware.

One of the people charged is wanted by law enforcement agencies in UK after "using a virus to obtain bank card details of the customers of British banks," according to the police statement.

The bank card details were used to buy things online that were then resold.

https://www.zdnet.com/article/ukrainian-police-arrest-members-of-ransomware-affiliate/

Fingers Point To Lazarus, Cobalt, Fin7 As Key Hacking Groups Attacking Finance Industry

The Lazarus, Cobalt, and FIN7 hacking groups have been labeled as the most prevalent threat actors striking financial organisations today.

According to "Follow the Money," a new report (.PDF) published on the financial sector by Outpost24's Blueliv on Thursday, members of these groups are the major culprits of theft and fraud in the industry today.

The financial sector has always been, and possibly always will be, a key target for cybercriminal groups. Organisations in this area are often custodians of sensitive personally identifiable information (PII) belonging to customers and clients, financial accounts, and cash.

They also often underpin the economy: if a payment processor or bank's systems go down due to malware, this can cause irreparable harm not only to the victim company in question, but this can also have severe financial and operational consequences for customers.

https://www.zdnet.com/article/fingers-point-to-lazarus-cobalt-fin7-as-key-hacking-groups-focused-on-finance-industry/

Ransomware, Supply Chain, And Deepfakes: The Top Threats The Finance Industry Needs To Prepare For

The finance industry is constantly targeted by numerous threat actors, and they are always innovating and trying new techniques (such as deepfakes) to outsmart security teams and breach an organisation’s network.

In addition to that, there is currently a huge demand for data and new tools on the dark web. In fact, users are selling access to point-of-sale (PoS) terminals and login details to the websites of financial services organisations all the time.

How can financial organisations protect themselves from existing threats and combat new ones at the same time?

https://www.helpnetsecurity.com/2022/01/12/finance-industry-threats/

Threats

Ransomware

• Night Sky Ransomware Is Attacking Corporate Networks For 800k Ransom - The Cybersecurity Times

• One Of The REvil Members Arrested Was Behind Colonial Pipeline Attack - Security Affairs

• Ransomware Is Being Rewritten In Go For Joint Attacks On Windows, Linux Users | IT PRO

• Inside a Ransomware Hit at Nordic Choice Hotels - WSJ

• Watch Out, That Microsoft Edge Update Is Actually Ransomware | TechRadar

• Qlocker Ransomware Returns To Target QNAP NAS Devices Worldwide (bleepingcomputer.com)

• Trends That Shaped Ransomware – And Why It’s Not Slowing Down - CyberScoop

Phishing

• Check Your SPF Records: Wide IP Ranges Undo Email Security And Make For Tasty Phishes | ZDNet

• Phishers Are Targeting Office 365 Users By Exploiting Adobe Cloud - Help Net Security

• Hackers Exploiting Microsoft Exchange Server Vulnerabilities in Enterprise Phishing Campaigns - MSSP Alert

• Real Big Phish: Mobile Phishing & Managing User Fallibility | Threatpost

Malware

• Microsoft Defender Weakness Lets Hackers Bypass Malware Detection (bleepingcomputer.com)

• New RedLine Malware Version Spread As Fake Omicron Stat Counter (bleepingcomputer.com)

• ‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS | Threatpost

• FluBot Malware Continues To Evolve. What's New In Ver 5.0 And Beyond? Security Affairs

• Oops: Cyberspies Infect Themselves With Their Own Malware (bleepingcomputer.com)

Mobile

• Android Users Can Now Disable 2G to Block Stingray Attacks (bleepingcomputer.com)

• EFF Praises Android’s New 2G Kill Switch, Wants Apple To Follow Suit | Ars Technica

• How To Protect Yourself Against Sim-Swapping Scams With Mobile Phone Fraud On The Rise (inews.co.uk)

IoT

• How a Hacker Controlled Dozens of Teslas Using a Flaw in Third-Party App (vice.com)

• Better Smart Home Security In 5 Easy Steps - CNET

Organised Crime & Criminal Actors

• Cyber Attacks On Corporations Hit Record Breaking Highs - IT Security Guru

Cryptocurrency/Cryptomining/Cryptojacking

• Abcbot Botnet Is Linked To Xanthe Cryptojacking Group | ZDNet

• North Korean Hackers Impersonate Major Crypto Investment Firm to Scam Startups (vice.com)

Insider Risk and Insider Threats

• Insider Threat Does Not Have To Be Malicious, So How Do You Protect Your Organisation? - Help Net Security

• Data Security In The Age Of Insider Threats: A Primer - Help Net Security

• Former DHS Official Charged With Stealing Govt Employees' PII (bleepingcomputer.com)

• Forensics Expert Kept Murder Snaps on PC - Infosecurity Magazine

Fraud, Scams & Financial Crime

• £92m Lost To Romance Scammers In 2021 - IT Security Guru

• ‘It Felt Like Losing A Husband’: The Fraudsters Breaking Hearts – And Emptying Bank Accounts | Relationships | The Guardian

DoS/DDoS

• Extortion DDoS Attacks Grow Stronger And More Common (Bleepingcomputer.Com)

• DDoS Attacks That Come Combined With Extortion Demands Are On The Rise | ZDNet

CNI, OT, ICS, IIoT and SCADA

• Manufacturers Are Starting To Realize The Importance Of OT Security - Help Net Security

• FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure (thehackernews.com)

• Critical Infrastructure Falls Short on Ransomware Readiness, Mitigation, Recovery - MSSP Alert

Nation State Actors

• Ukraine Hacks Add to Worries of Cyber Conflict With Russia | SecurityWeek.Com

• Destructive Malware Targeting Ukrainian Organisations - Microsoft Security Blog

• US Olympic Athletes Urged to Leave Phones Behind (gizmodo.com)

• Suspected Chinese Hackers Use Log4j Flaw To Deploy Night Sky Ransomware, Microsoft Warns - CyberScoop

• Russian Submarines Threatening Undersea Cables, UK Defence Chief Warns - Security Affairs

• Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor (thehackernews.com)

• US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence (thehackernews.com)

Cloud

• The Rising Threat Of Cyber Criminals Targeting Cloud Infrastructure In 2022 - Help Net Security

• 5 Top Hybrid Cloud Security Challenges | CSO Online

Passwords & Credential Stuffing

• 4 Ways Cyber Criminals Hide Credential Stuffing Attacks | CSO Online

Parental Controls and Child Safety

• UK Hacker Jailed for Spying on Children and Downloading Indecent Images (thehackernews.com)

Vulnerabilities

• CISA Adds 15 Exploited Vulnerabilities From Google, IBM, Microsoft, Oracle And More To Catalog | ZDNet

• Threat Actors Can Bypass Malware Detection Due To Microsoft Defender Weakness - Security Affairs

• noPac Exploit: Microsoft AD Flaw May Lead to Total Domain Compromise | CrowdStrike

• Adobe Fixes 4 Critical Reader Bugs That Were Demonstrated At Tianfu Cup - Security Affairs

• WordPress 5.8.3 Security Update Fixes SQL Injection, XSS Flaws (bleepingcomputer.com)

• WordPress Bugs Exploded in 2021, Most Exploitable | Threatpost

• Sonicwall SMA 100 VPN Box Security Hole Exploit Info Shared • The Register

• Cisco Patches Critical Vulnerability in Contact Center Products | SecurityWeek.Com

• Millions of Routers Exposed to RCE by USB Kernel Bug | Threatpost

• MacOS Bug Could Let Creeps Snoop On You | Threatpost

• Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws | SecurityWeek.Com

Sector Specific

Financial Services Sector

• When It Comes To Banking Security, There's No Silver Bullet - Help Net Security

SMBs – Small and Medium Businesses

• Over Half of SMEs Have Experienced a Cyber Security Breach - Infosecurity Magazine

Reports Published in the Last Week

• Finance Whitepaper. Digital risk management for FSIs. (blueliv.com)

Other News

• Hackers Penetrate 93% of Local Company Networks, Cyber Simulation Finds - MSSP Alert

• URL Parsing: A Ticking Time Bomb Of Security Exploits - TechRepublic

• Europol Told to Delete Vast Trove of Personal Information - Infosecurity Magazine

• The Race Towards Renewable Energy Is Creating New Cyber Security Risks | ZDNet

• What Is Clipboard Hijacking? How to Avoid Becoming a Victim (makeuseof.com)

• White House Reminds Tech Giants Open Source Is A National Security Issue (bleepingcomputer.com)

• Want To Improve Corporate Security? Prioritize Personal Security | ZDNet

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.