Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Ransomware Now Ranks As UK’s Top Cyber Security Danger

Ransomware hackers are now the biggest cyber security threat in the UK for the majority of individuals and businesses in the region, Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC), said in a speech. “For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,” Cameron said in the speech at the second annual cyber security meeting at the Royal United Services Institute (RUSI), the oldest independent defense and security think tank worldwide.

https://www.pymnts.com/news/security-and-risk/2021/ransomware-now-ranks-as-uks-top-cybersecurity-danger/

54% of all employees reuse passwords across multiple work accounts

Results of a study into current attitudes and adaptability to at-home corporate cyber security, employee training, and support in the current global hybrid working era revealed some interesting results. The report surveyed 3,006 employees, business owners, and C-suite executives at large organisations (250+ employees), who have worked from home and use work issued devices in the UK, France and Germany.

According to the findings 54% of all employees use the same passwords across multiple work accounts. 22% of respondents still keep track of passwords by writing them down, including 41% of business owners and 32% of C-level executives.

42% of respondents admit to using work-issued devices for personal reasons daily while working from home. Of these, 29% are using work devices for banking and shopping, and 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with 23% of business owners and 15% of C-level respondents using them for illegal streaming/watching TV.

A year after the pandemic began and work-from-home policies were implemented, 37% of all employees across all sectors are yet to receive cyber security training to work from home, leaving businesses largely exposed to evolving risks. 43% of all employees suggest that cyber security isn’t the responsibility of the workforce, with 60% believing this should be handled by IT teams.

https://www.helpnetsecurity.com/2021/06/10/employees-reuse-passwords-across-multiple-work-accounts/

VPN Attacks Up Nearly 2000% As Companies Embrace A Hybrid Workplace

In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware. “2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organisations, which is what we started to see in Q1 and are continuing to see today.”

https://www.helpnetsecurity.com/2021/06/15/vpn-attacks-up/

Most Firms Face Second Ransomware Attack After Paying Off First

Most businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack. And almost half of those that pay up say some or all their data retrieved were corrupted. Some 80% of organisations that paid ransom demands experienced a second attack, of which 46% believed the subsequent ransomware to be caused by the same hackers. Amongst those that paid to regain access to their systems, 46% said at least some of their data was corrupted, according to a survey released Wednesday. The study polled 1,263 security professionals in seven markets worldwide, including 100 in Singapore, as well as respondents in Germany, France, the US, and UK.

https://www.zdnet.com/article/most-firms-face-second-ransomware-attack-after-paying-off-first/

Over 65,000 Ransomware Attacks Expected In 2021: Former Cisco CEO

U.S. companies are expected to endure over 65,000 ransomware attacks this year — and that's “a conservative number,” according to John Chambers, former CEO of Cisco Systems. With McDonald’s, JBS, and Colonial Pipeline Co. all recently coming under cyber attacks, Chambers does not foresee an end to the onslaught of cyber security threats anytime soon. He estimated that the number of ransomware attacks in 2021 could end up being as high as 100,000, with each one costing companies an average of $170,000. In the case of Colonial, just one password was needed for hackers to compromise the entire company’s IT infrastructure. This led to Colonial and JBS paying a combined $15 million in ransom against FBI advice.

https://finance.yahoo.com/news/over-65000-ransomware-attacks-expected-in-2021-former-cisco-ceo-125100793.html

Business Leaders Now Feel More Vulnerable To Cyber Attacks

Geographically speaking, 55% of US and 49% of UK respondents have experienced the most severe impact to their network security due to these attacks (suggesting that their businesses are more of a target than those in continental Europe) which, in turn, has resulted in a clear majority of respondents (60%) increasing their investment in this area. A sizeable 68% of leaders said their company has experienced a DDoS attack in the last 12 months with the UK (76%) and the US (73%) experiencing a significantly higher proportion compared to 59% of their German and 56% French counterparts. Additionally, over half of the leaders who participated in the survey confirmed that they specifically experienced a DDoS ransom or extortion attack in that time, with a large number of them (65%) targeted at UK companies, compared with the relatively low number in France (38%).

https://www.helpnetsecurity.com/2021/06/14/business-leaders-feel-vulnerable-cyber-attacks/

Ransomware Gang Turns To Revenge Porn

At least one ransomware gang has taken a rare and highly invasive step in order to convince its victims to pay: leaking nude images allegedly uncovered as part of their hack of a target company. The news presents an escalation in the world of ransomware and digital extortion, and comes as the U.S. government and other countries discuss new measures to curb the spike in ransomware incidents. Ransomware groups have recently targeted, and in some cases extracted payment from, the Colonial Pipeline Company, meat producer JBS, and the Irish healthcare system. Locking down computers with ransomware can already have a substantial impact on business operations; leaking information on top of that can present victims with another risk. But posting nude images publicly on the internet threatens to make extortion of organisations a much more personal matter.

https://www.vice.com/en/article/z3xzby/ransomware-gang-revenge-porn-leaks-nude-images

Bank Of America Spends Over $1 Billion Per Year On Cyber Security

Bank of America CEO Brian Moynihan said Monday that the company has ramped its cyber security spending to over $1 billion a year. “I became CEO 11 and a half years ago, and we probably spent three to $400 million [per year] and we’re up over a billion now,” Moynihan said on CNBC’s “Squawk Box.” “The institutions around us, other institutions and my peers, spend like amounts, and our contracting parties spend like amounts,” he added. “In other words, we cause spending in third parties that provide services to us to protect us in the same way. So there’s a lot of money being spend on this, and I think one of the things our industry has done a great job of is work together.”

https://www.cnbc.com/2021/06/14/bank-of-america-spends-over-1-billion-per-year-on-cybersecurity.html

Bad Cyber Security Behaviours Plaguing The Remote Workforce

According to the report, younger employees are most likely to admit they cut cyber security corners, with 51% of 16-24 year olds and 46% of 25-34 year olds reporting they’ve used security workarounds. In addition, 39% say the cyber security behaviours they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.

https://www.helpnetsecurity.com/2021/06/16/cybersecurity-behaviors/

Threats

Ransomware

• Why Backups Are Not The Panacea For Recovery From A Ransomware Attack

• Microsoft Systems Targeted By 'Black Kingdom' Ransomware

• Takeaways From The Colonial Pipeline Ransomware Attack

• Police Bust Major Ransomware Gang Cl0p

• Ryuk Ransomware Recovery Cost Us $8.1m And Counting, Says Baltimore School Authority

• Paradise Ransomware Source Code Released On A Hacking Forum

• Experts Shed Light On Distinctive Tactics Used By Hades Ransomware

• How Remote Work Opened The Floodgates To Ransomware

• The latest Revil Ransomware Victim? Sol Oriens. Oh, A US Nuclear Weapons Contractor

• Ransomware Attackers Are Leveraging Old SonicWall SRA Flaw

BEC

• Microsoft Takes Down Large‑Scale BEC Operation

• Behind The Scenes Of Business Email Compromise: Using Cross-Domain Threat Data To Disrupt A Large BEC Campaign

• Microsoft: Scammers Bypass Office 365 MFA In BEC Attacks

Phishing

• Threat Actors Use Google Docs To Host Phishing Attacks

Malware

• Malicious PDFs Flood the Web, Lead To Password-Snarfing

• Alarming Malware Discovery Reveals 1.2 TB Data Theft From Millions Of Windows PCs

Vulnerabilities

• Update Your Chrome Browser To Patch Yet Another 0-Day Exploited In-The-Wild

• Vulnerability In Microsoft Teams Granted Attackers Access To Emails, Messages, And Personal Files

• McAfee Finds Security Vulnerability In Peloton Products

• Critical Remote Code Execution Flaw In Thousands Of VMWare vCenter Servers Remains Unpatched

Data Breaches

• UK Listed Law Firm Gateley Admits Client Data Lost Through Cyber Attack

• Alibaba Suffers Billion-Item Data Leak Of Usernames And Mobile Numbers

• Maritime Firm HMM Suffers Security Breach And Cyber Attack On Its Email Systems

• Mensa Data Spillage Was Due to 'Unauthorised Internal Download'

• Volkswagen, Audi Disclose Data Breach Impacting Over 3.3 Million Customers, Interested Buyers

Organised Crime & Criminal Actors

• Police Grab Slilpp, Biggest Stolen-Logins Market

Cryptocurrency

• Criminals Are Mailing Altered Ledger Devices To Steal Crypto Currency

Supply Chain

• NoxPlayer Supply-Chain Attack Is Likely The Work Of Gelsemium Hackers

OT, ICS, IIoT and SCADA

• Utilities ‘Concerningly’ At Risk from Active Exploits

Nation State Actors

• Biden Says He Told Putin U.S. Will Hack Back Against Future Russian Cyber Attacks

• Little-Noticed Cyber Spying Campaign Blamed On China Was Much Wider Than Thought

Denial of Service

• 100% Increase In Daily DDoS Traffic In 2020 As Potential Grows For 10 TBPS Attack

Cloud

• Unsecured Servers And Cloud Services: How Remote Work Has Increased The Attack Surface That Hackers Can Target

• Complexity Is The Biggest Threat To Cloud Success And Security

Privacy

• Amazon To Let Customers Sue After Thousands Of Alexa Complaints

Other News

• Airline And Bank Websites Go Down In Another Major Internet Failure

• Corporate Attack Surfaces Growing Concurrently With A Dispersed Workforce

• This Secretive Firm Has Powerful New Hacking Tools

• Vigilante Malware Rats Out Software Pirates While Blocking The Pirate Bay

• Fallout Of EA Source Code Breach Could Be Severe, Cyber Security Experts Say

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.