Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Crime Losses Triple To £1.3bn In H1 2021

Individuals and organisations lost three times more money to cyber crime and fraud in the first half of the year compared to the same period in 2020, as incidents soared, according to new figures. The report revealed that between January 1 and July 31 2020, victims lost £414.7m to cyber crime and fraud. However, the figure surged to £1.3bn for the same period in 2021. This can be partly explained by the huge increase in cases from last year to this. In the first half of 2020, there were just 39,160 reported to Action Fraud, versus 289,437 in the first six months of 2021. https://www.infosecurity-magazine.com/news/cybercrime-losses-triple-to-13bn/

Ransomware On A Rampage; A New Wake-Up Call

The ransomware rampage is continuing at pace and continues to create significant cyber security challenges. The use of ransomware by hackers to leverage exploits and extract financial benefits is not new. Ransomware has been around for over 2 decades, (early use of basic ransomware malware was used in the late 1980s) but as of late, it has become a trending and more dangerous cybersecurity threat. The inter-connectivity of digital commerce and expanding attack surfaces have enhanced the utility of ransomware as cyber weapon of choice for bad actors. Like bank robbers, cyber criminals go where the money is accessible. And it is now easier for them to reap benefits from extortion. Hackers can now demand cryptocurrencies payments or pre-paid cards that can be anonymously transacted. Those means of digital payments are difficult to trace by law enforcement. https://www.forbes.com/sites/chuckbrooks/2021/08/21/ransomware-on-a-rampage-a-new-wake-up-call/?sh=64a622362e81

22% Of Cyber Security Incidents In H1 2021 Were Ransomware Attacks

A report uncovered the number and nature of UK cyber security breaches reported to the UK Information Commissioner’s Office (ICO) in 2020 and 2021. So far in 2021 phishing was to blame for most incidents, accounting for 40% of all cyber security cases reported to the ICO, slightly down from 44% the year before. However, ransomware is surging, up from 11% of all reported incidents in the first half of 2020 to 22% in 2021. https://www.helpnetsecurity.com/2021/08/25/cybersecurity-incidents-h1-2021/

Ransomware: These Four Rising Gangs Could Be Your Next Major Cyber Security Threat

In recent months some significant ransomware operators have seemingly disappeared. But that doesn't mean that ransomware is any less of a problem, quite the opposite – new groups are emerging to fill the gaps and are often worse than the gangs that went before them. Cyber security researchers have detailed four upcoming families of ransomware discovered during investigations – and under the right circumstances, any of them could become the next big ransomware threat. One of these is LockBit 2.0, a ransomware-as-a-service operation that has existed since September 2019 but has gained major traction over the course of this summer. Those behind it revamped their dark web operations in June – when they launched the 2.0 version of LockBit – and aggressive advertising has drawn attention from cyber criminals. https://www.zdnet.com/article/ransomware-these-four-rising-threats-could-be-the-next-major-cybersecurity-risk-facing-your-business/

Key Email Threats And The High Cost Of Business Email Compromise

Researchers published the results of a study analysing over 31 million threats across multiple organisations and industries, with new findings and warnings issued by technical experts that every organisation should be aware of. A key aspect to preventing attacks is having a deep understanding of cyber actor patterns and continuously monitoring and deconstructing campaigns to anticipate future ones. Phishing can be a profitable business model, and most breaches begin with a phishing email. What appears to be an innocent email from a trusted vendor or internal department can lead to firm-wide shutdowns, loss of crucial data, and millions in financial costs. As detailed in the report, threats ranging from ransomware, credential harvesters to difficult-to-discover but costly Business Email Compromise (BEC) targeted inboxes, could have resulted in over $354 million in direct losses had they been successful. https://www.helpnetsecurity.com/2021/08/23/key-email-threats/

Microsoft Warns Thousands Of Cloud Customers Of Exposed Databases

Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security a company discovered it was able to access keys that control access to databases held by thousands of companies. https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/

58% Of IT Leaders Worried Their Business Could Become A Target Of Rising Nation State Attacks

Researchers released the findings of a global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation state attacks. 72% of respondents said they worry that nation state tools, techniques, and procedures (TTPs) could filter through to the dark net and be used to attack their business. https://www.helpnetsecurity.com/2021/08/23/rising-nation-state-attacks/

Cyber Insurance Market Encounters ‘Crisis Moment’ As Ransomware Costs Pile Up

It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. Ransomware now accounts for 75% of all cyber insurance claims, up from 55% in 2016, according to the credit ratings agency. The percentage increase in claims is outpacing that of premiums, said a June report which concluded that “the prospects for the cyber insurance market are grim.” Fitch Ratings in April found that the ratio of losses to premiums earned was at 73% last year, jeopardizing the profitability of the industry. https://www.cyberscoop.com/cyber-insurance-ransomware-crisis/

Security Teams Report Rise In Cyber Risk

Do you feel like you are gaining in your ability to protect your data and your network? If you are like 80% of respondents to the a recent report, you expect to experience a data breach that compromises customer data in the next 12 months. The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets. https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cyber security and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. The vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. While the former two were addressed by Microsoft on April 13, a patch for CVE-2021-31207 was shipped as part of the Windows maker's May Patch Tuesday updates. https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html

Threats

Ransomware

• 70% of Cyber Pros Believe Cyber Insurance is Exacerbating Ransomware

• Nigerian Threat Actors Solicit Employees To Deploy Ransomware for Cut Of Profits

• FBI Shares Technical Details For Hive Ransomware

• New Ransomware Called LockFile Targets Microsoft Exchange Servers

• Researchers Find New Evidence Linking Diavol Ransomware To TrickBot Gang

• FBI Sends Its First-Ever Alert About A ‘Ransomware Affiliate’

Phishing

• That Email Asking For Proof Of Vaccination Might Be A Phishing Scam

• Phishing Could Have Cost Businesses $354m In Potential Direct Losses

Other Social Engineering

• Scammers Impersonate Europol Chief In An Effort To Defraud Belgians

• Man Admits Impersonating Apple Support Staff To Steal 620,000 Photos From iCloud Accounts

Malware

• 13 Million Malware Attacks On Linux Seen In Wild

• New SideWalk Backdoor Targets U.S.-Based Computer Retail Business

• Mozi Botnet Gains The Ability To Tamper With Its Victims’ Traffic

• Shadowpad Malware Is Becoming A Favourite Choice Of Chinese Espionage Groups

Mobile

• Dreadful Joker Virus That Can Empty Bank Accounts Returns: Remove These Apps On Your Device ASAP

• Pegasus iPhone Hacks Used As Lure In Extortion Scheme

IOT

• Mirai-Style Iot Botnet Is Now Scanning For Router-Pwning Critical Vuln In Realtek Kit

• IoT Market To Reach $1.5 Trillion By 2027, Security Top Priority

• Hackers Could Increase Medication Doses Through Infusion Pump Flaws

Vulnerabilities

• F5 Bug Could Lead To Complete System Takeover

• Multiple Products Impacted By OpenSSL RCE vulnerability

• Microsoft Breaks Silence On Barrage of ProxyShell Attacks

• Atlassian Warns Of Critical Confluence Flaw

• VMware Issues Patches To Fix New Flaws Affecting Multiple Products

• Critical Flaw Discovered In Cisco APIC for Switches — Patch Released

• New Ryzen Chipset Driver Patches Security Vulnerabilities

• CISA Warns Admins To Urgently Patch Exchange ProxyShell Bugs

• Attackers Actively Exploiting Realtek SDK Flaws

• Google Issues Warning For 2 Billion Chrome Users

Data Breaches/Leaks

• Guernsey Data Authority Imposed Sanctions On 11 Firms For Breaches Last Year

• Data Leak Exposed 38 Million Records, Including COVID-19 Vaccination Statuses

• Nokia Subsidiary Discloses Data Breach After Conti Ransomware Attack

• T-Mobile Breach Hits 53 Million Customers As Probe Finds Wider Impact

Organised Crime & Criminal Actors

• Infamous Hacker Group Claims To Be Selling Data From Over 70 Million AT&T Customers, According To A Privacy Group 

Cryptocurrency/Cryptojacking

• Man Sues Parents Of Teens Who Hijacked Nearly $1M In Bitcoin

• Coinbase Accounts Hacked As Bitcoin Hovers Near $50k

Insider Threats

• Employees Participating In Unethical Behaviours To Help An Organisation Actually Harm Themselves

DoS/DDoS

• Cloudflare says it stopped the largest DDoS attack ever reported

• Botnet Generates One Of The Largest DDoS Attacks On Record

OT, ICS, IIoT and SCADA

• ICS Vulnerabilities Disclosed In H1 2021 Rose By 41%

Nation State Actors

• Spies for Hire: China’s New Breed Of Hackers Blends Espionage And Entrepreneurship

• InkySquid State Actor Exploiting Known IE Bugs

• US Media, Retailers Targeted By New SparklingGoblin APT

Cloud

• 40% of SaaS (Cloud) Assets Are Unmanaged, Putting Companies At Risk For Data Leaks

Privacy

• Phones Of Nine Bahraini Activists Found To Have Been Hacked With NSO Spyware

Other News

• Razer bug lets you become a Windows 10 admin by plugging in a mouse

• Cyber Security Market Soaring As Threats Target Commercial And Govt Organisations

• UK to overhaul privacy rules in post-Brexit departure from GDPR

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.