Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Warfare Will Grind Britain’s Economy To A Halt

The UK Integrated Security, Defence, Development and Foreign Policy Review was published this week, reflecting on current concerns and previously announced initiatives. The policy made it clear that emerging networks and technologies, such as electric vehicle charging points, provide an opportunity for adversaries to unbalance, paralyse or even defeat us, and a large scale attack on the UK could grind Britain’s economy to a halt.

https://www.telegraph.co.uk/technology/2021/03/22/cyber-warfare-will-grind-britains-economy-halt/

Almost $2 Billion Lost To BEC Scams In 2020

Losses emanating from Business Email Compromise (BEC) and Email Account Compromise (EAC) scams surpassed US$1.86 billion last year, which is more than the combined losses stemming from the next six costliest types of cyber crime. 19,000 reports of BEC/EAC scams last year, a decrease compared to the almost 24,000 incidents reported in 2019. The associated losses, however, increased by over US$90 million and accounted for 45 percent of the total losses (US$4.2 billion).

https://www.welivesecurity.com/2021/03/23/almost-2billion-lost-bec-scams-2020/

Ransomware Gang Says It Targets Firms Who Have Cyber Insurance

What I found particularly fascinating was a claim made by “Unknown” that the REvil gang specifically targets firms who have taken out insurance against ransomware attacks – presumably in the understandable belief that those corporate victims are more likely to pay up.

https://grahamcluley.com/ransomware-gang-says-it-targets-firms-with-cyber-insurance/

Three Billion Phishing Emails Are Sent Every Day

Cyber criminals are sending over three billion emails a day as part of phishing attacks designed to look like they come from trusted senders. By spoofing the sender identity used in the 'from' field in messages, cyber criminals attempt to lure potential victims into opening emails from names they trust. This could be the name of a trusted brand like a retailer or delivery company, or even, in more sophisticated attacks, the name of their CEO or a colleague.

https://www.zdnet.com/article/three-billion-phishing-emails-are-sent-every-day-but-one-change-could-make-life-much-harder-for-scammers/

Ransomware Gang Demands $50 Million From Computer Maker Acer

Acer has suffered a ransomware attack over the past weekend at the hands of the REvil ransomware gang, which is now demanding a whopping $50 million ransom payment to decrypt the company’s computers and not leak its data on the dark web. The attack has not disrupted production systems but only hit the company’s back-office network. The security breach was not deemed disruptive enough to prevent or delay the computer maker from announcing its Q4 2020 financial results on Wednesday.

https://therecord.media/ransomware-gang-demands-50-million-from-computer-maker-acer/

Office 365 Phishing Attack Targets Financial Execs

A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise (BEC) attacks. These new, sophisticated attacks are aimed at C-suite executives, their assistants, and financial departments, and can work around email security and Office 365 defences.

https://threatpost.com/office-365-phishing-attack-financial-execs/164925/

Microsoft Exchange Hacking: Thousands Of Email Servers Still Compromised – Ransomware Operators Still Piling In On Already Hacked Servers

Thousands of Microsoft Exchange servers are still compromised by hackers even after applying fixes. Owners of email servers that were compromised before Microsoft Corp. issued a patch nearly three weeks ago must take additional measures to remove the hackers from their networks. Microsoft has previously warned that patching will not evict a hacker who has already compromised a server.

https://www.livemint.com/technology/tech-news/microsoft-exchange-hacking-thousands-of-email-servers-still-compromised-11616462322125.html

Average Ransom Payment Surged 171% in 2020

The average ransomware payment soared by 171% year-on-year in 2020 as cyber crime gangs queued up to exploit the pandemic. The security vendor’s Unit 42 division compiled its Ransomware Threat Report 2021 from analysis of over 19,000 network sessions, 252 ransomware leak sites and 337 victim organizations.

https://www.infosecurity-magazine.com/news/average-ransom-payment-surged-171/

Phishers’ Perfect Targets: Employees Getting Back To The Office

Phishers have been exploiting people’s fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start and will continue to do it for as long it affects out private and working lives. Cyber criminals continually exploit public interest in COVID-19 relief, vaccines, and variant news, spoofing the Centers for Disease Control (CDC), U.S. Internal Revenue Service (IRS), U.S. Department of Health and Human Services (HHS), World Health Organization (WHO), and other agencies and businesses.

https://www.helpnetsecurity.com/2021/03/22/phishers-employees/

Nasty Malware Stealing Amazon, Facebook And Google Passwords

A new piece of malware called CopperStealer is lurking in “cracked” software downloads available on pirated-content sites, and the malware can compromise your login info for Amazon, Apple, Facebook and Google, among other services. Notably, CopperStealer runs on the same basic principles as SilentFade, a pernicious piece of malware that ravaged Facebook accounts back in 2019.

https://www.tomsguide.com/news/cracked-software-copperstealer-malware

Threats

Ransomware

• Ransomware Attack Foils IoT Giant Sierra Wireless

• Ransomware Gangs Have Found Another Set Of New Targets: Schools And Universities

• Ransomwared Bank Tells Customers It Lost Their SSNs

Phishing

• 9,000 Employees Targeted In Phishing Attack Against California Agency

• Brazil Leads In Phishing Attacks

• The Human Impact Of A Royal Mail Phishing Scam

• Microsoft Warns Of Phishing Attacks Bypassing Email Gateways

• Office 365 Phishing Attack Targets Financial Execs

Malware

• A Newly-Wormable Windows Botnet Is Ballooning In Size

• Fraudsters Jump On Clubhouse Hype To Push Malicious Android App

• Purple Fox Malware Evolves To Propagate Across Windows Machines

• Nasty malware stealing Amazon, Facebook and Google passwords

IOT

• The US Government Finally Gets Serious About IoT Security

Vulnerabilities

• Critical F5 BIG-IP Flaw Now Under Active Attack

• 5G Network Slicing Vulnerability Leaves Enterprises Exposed To Cyber Attacks

• Hackers Are Exploiting A Server Vulnerability With A Severity Of 9.8 Out Of 10

• WordPress Elementor Vulnerability Affects +7 Million

• Openssl Fixes Severe Dos, Certificate Validation Vulnerabilities

Data Breaches

• FatFace Tells Customers To Keep Its Data Breach ‘Strictly Private’

• Energy giant Shell discloses data breach after Accellion hack

Organised Crime & Criminal Actors

• Russian Pleads Guilty To Conspiracy To Introduce Malware Into Tesla's Computer Network

OT, ICS, IIoT and SCADA

• UK Cyber Security Law Forcing Energy Companies To Report Hacks Has Led To No Reports, Despite Numerous Hacks

Nation State Actors

• The Peculiar Ransomware Piggybacking Off of China’s Big Hack

• Working From Home? Watch for a Chinese Cyber Attack

Privacy

• Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports

Other News

• Oauth Apps Are Being Exploited To Launch Cyberattacks

• API Security Becomes A ‘Top’ Priority For Enterprise Players

• Remote Work Makes Cyber Security A Top Worry For CEOs

• Microsoft Exchange Server attacks: 'They're being hacked faster than we can count', says security company

• Office 365 Cyber Attack Lands Disgruntled IT Contractor in Jail

• Energy Giant Shell Is Latest Victim of Accellion Attacks

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.