Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Advisory 13 November 2024 – Microsoft, Ivanti, Adobe, Fortinet, Citrix, AMD, Intel, Chrome and Zoom Security Updates
Black Arrow Cyber Advisory 13 November 2024 – Microsoft, Ivanti, Adobe, Fortinet, Citrix, AMD, Intel, Chrome and Zoom Security Updates
Executive summary
Alongside Microsoft's November Patch Tuesday, several vendors—including Ivanti, Adobe, Fortinet, Citrix, Intel, AMD, Google, and Zoom—have released security updates to address vulnerabilities across their product ranges. Microsoft's updates rectify 91 security issues, including four zero-day vulnerabilities, with two actively being exploited. Ivanti has issued updates for Endpoint Manager, Avalanche, Connect Secure, and Security Access Client, addressing multiple vulnerabilities rated as 'critical', 'high', and 'medium'. Adobe's patches tackle 48 security issues affecting Commerce, InDesign, Photoshop, Illustrator, and Substance 3D Painter. Fortinet has released updates for several products, including FortiOS, to remediate 'high' rated vulnerabilities. Citrix has provided security updates for various products such as Virtual Apps, Desktops, and Netscaler. Intel has issued 44 security advisories covering a variety of products. AMD has released eight advisories relating to incorrect default permissions in various software utilities. Lastly, Google has updated Chrome, and Zoom has released updates, both addressing multiple 'high' severity security issues.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov
Ivanti
Further details on specific updates across affected Ivanti products can be found here:
Adobe
Further details of the vulnerabilities in affected Adobe products can be found here under ‘Recent bulletins and advisories’:
https://helpx.adobe.com/security/security-bulletin.html
Fortinet
Further details of the vulnerabilities in affected Fortinet products can be found here:
https://www.fortiguard.com/psirt/FG-IR-23-396
https://www.fortiguard.com/psirt/FG-IR-23-475
https://www.fortiguard.com/psirt/FG-IR-24-144
https://www.fortiguard.com/psirt/FG-IR-24-199
Citrix
Further details of the vulnerabilities in affected Citrix products can be found here:
Intel
Further details of the vulnerabilities in affected Intel products can be found here:
https://www.intel.com/content/www/us/en/security-center/default.html
AMD
Further details of the vulnerabilities in affected AMD products can be found here:
https://www.amd.com/en/resources/product-security.html
Chrome
Further details of the vulnerabilities in Google Chrome can be found here:
https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html
Zoom
Further details of the vulnerabilities in Zoom can be found here:
https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 08 November 2024
Black Arrow Cyber Threat Intelligence Briefing 08 November 2024:
-Fake Copyright Infringement Emails Spread Rhadamanthys Malware
-Use Public Wi-Fi? You Might Not Want to After You Read This
-New MacOS Malware Linked to North Korean Hackers
-Disaster Recovery Planning is Key in the Modern-Day Business Environment
-The Biggest Underestimated Security Threat of Today? Advanced Persistent Teenagers
-Ransomware Attacks Hit Record Levels in 2024 Despite Law Enforcement Crackdowns
-The West Must Respond to Russia’s Rapidly Escalating Hybrid Warfare
-China’s Elite Hackers Expand Target List to European Union
-How Early-Stage Companies Can Go Beyond Cyber Security Basics
-How AI Will Shape the Next Generation of Cyber Threats
-Cyber Security Trends and Tips for Small and Medium Businesses to Stay Protected
-What are the key Threats to Global National Security?
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Fake Copyright Infringement Emails Spread Rhadamanthys Malware
Check Point Research has identified a widespread phishing campaign targeting hundreds of organisations globally with fake copyright infringement emails. These emails deploy Rhadamanthys, a sophisticated cyber security threat that steals sensitive data, including cryptocurrency wallet information. The attackers impersonate brands mainly from the technology and media sectors, with nearly 70% of fake emails appearing to come from these industries. They exploit fears of copyright violation to prompt downloads of malicious files. The malware uses advanced techniques, such as embedding itself in large files to evade detection. Organisations are advised to strengthen phishing defences and monitor for unusual file downloads to mitigate this risk.
Use Public Wi-Fi? You Might Not Want to After You Read This
A recent survey found that nearly half of internet users connect to public Wi-Fi networks without verifying their legitimacy, with one in four experiencing security issues as a result. Cyber criminals exploit these unsecured networks to steal sensitive data like passwords and banking information. Experts highlight that despite warnings, convenience often outweighs caution, putting both individuals and organisations at risk of data breaches and identity theft. The report underscores the need for businesses to educate employees on the dangers of public Wi-Fi and to adopt secure practices such as using VPNs to protect sensitive information.
New MacOS Malware Linked to North Korean Hackers
Security researchers have identified new macOS malware linked to a North Korean hacking group targeting cryptocurrency businesses. The malware, named "Hidden Risk", is distributed through phishing emails masquerading as cryptocurrency news articles. Recipients are tricked into downloading a malicious program that runs on both Intel and Apple silicon Macs. The program was mistakenly notarised by Apple, allowing it to bypass security measures, but this approval has since been revoked. The malware creates a backdoor into the system, enabling hackers to execute commands and install additional payloads. The campaign is believed to have started in July and is attributed to the BlueNoroff group.
Disaster Recovery Planning is Key in the Modern-Day Business Environment
A recent survey has found that 78% of senior IT professionals reported data loss due to system failure, human error, or cyber attack in the past year, highlighting that protective measures are often breached. Yet only 54% are confident in their ability to recover data and minimise downtime after a disaster. Nearly 40% cite a lack of in-house technical expertise, 29% point to insufficient investment, and 28% note a lack of senior support as barriers to recovery planning. With incidents including a recent global outage costing businesses up to $1.5 billion, prioritising disaster recovery planning is critical for organisational resilience.
The Biggest Underestimated Security Threat of Today? Advanced Persistent Teenagers
Security experts have identified that financially motivated teenage hackers, termed "advanced persistent teenagers", are emerging as a significant cyber security threat. Organisations have suffered major data breaches and paid substantial ransoms due to these attacks, which often exploit social engineering tactics like phishing emails and impersonating helpdesk staff. Despite their youth, these hackers demonstrate capabilities once limited to nation states. Experts emphasise that insider threats and identity-related vulnerabilities are now among the biggest concerns, highlighting the need for improved identity and access management and a better understanding of the human element in cyber security.
Ransomware Attacks Hit Record Levels in 2024 Despite Law Enforcement Crackdowns
A cyber security expert noted that this year saw four eight-figure payments due to successful ransomware attacks, including a $22 million payment by a major health tech company. Data-theft-only attacks have risen by 30%, as some threat actors decide to not encrypt their victim’s systems and instead focus only on data theft. While authorities have disrupted significant ransomware operations, active groups have increased by 30% year-over-year, with 31 new groups emerging. There is a growing debate on banning ransom payments to deter these escalating cyber attacks.
The West Must Respond to Russia’s Rapidly Escalating Hybrid Warfare
Recent reports reveal that Russia is intensifying its hybrid warfare against the West. NATO Secretary General Mark Rutte highlighted a surge in cyber attacks, disinformation campaigns, and industrial sabotage across allied territories. These threats have expanded beyond Ukraine, affecting Western Europe and even the Arctic region. Despite reduced reliance on Russian energy, several EU countries remain vulnerable due to ongoing dependencies. The Kremlin is also exploiting non-traditional media and supporting populist movements to destabilise democracies. This escalating situation underscores the urgent need for Western governments and security services to collaborate in countering these multifaceted threats.
China’s Elite Hackers Expand Target List to European Union
Cyber security software provider ESET reports that China's elite government-backed hackers are expanding their targets to include the European Union. The report highlights that groups like MirrorFace, traditionally focused on Japan, are now targeting EU organisations. Despite this shift, motivations may remain Japan-centric, as spearphishing emails relate to events like EXPO 2025 in Osaka. The use of legitimate tools such as SoftEther VPN by these hackers is a growing concern, allowing them to blend into normal network traffic. ESET advises organisations to treat unexpected deployments of such tools as suspicious, emphasising the need for heightened vigilance.
How Early-Stage Companies Can Go Beyond Cyber Security Basics
Businesses are confronting increasingly sophisticated cyber threats, with phishing scams, zero-day vulnerabilities, and ransomware attacks on the rise. While compliance frameworks like GDPR and PCIDSS provide a foundation, they are insufficient alone as they may not keep pace with evolving cyber criminal tactics. Many organisations risk a false sense of security by focusing solely on compliance, often engaging in procedural tick-box exercises rather than enhancing their security posture. To mitigate risks, organisations must adopt proactive, dynamic, risk-based security strategies, including layered defences, employee training, and robust incident response plans.
How AI Will Shape the Next Generation of Cyber Threats
Advancements in AI are significantly lowering the barrier to entry for cyber attackers. As AI-powered attack tools become accessible and packaged as user-friendly products on the dark web, even those without technical expertise can launch sophisticated cyber attacks. This shift greatly widens the pool of potential attackers beyond traditional threats, and highlights that organisations must adopt AI-powered defences to stay ahead. Ethical concerns also arise in deploying AI for cyber security, especially regarding data privacy and automated responses. Over the next five to ten years, AI-driven threats are expected to evolve significantly, introducing entirely new types of attacks.
Cyber Security Trends and Tips for Small and Medium Businesses to Stay Protected
Microsoft highlights that cyber attacks are increasingly affecting SMBs, with 31% having experienced incidents like ransomware and phishing. These attacks cost SMBs up to $7 million, impacting finances and reputation. 94% recognise cyber security’s importance, and over 70% work with specialists to manage their security. AI’s rise increases security needs, with 81% of SMBs acknowledging this. Many SMBs plan to boost cyber security spending; hybrid work also poses challenges, with 68% finding secure data access difficult for remote workers.
What are the key Threats to Global National Security?
A recent analysis identifies cyber security threats as the foremost concern for nations leveraging digital technologies, with cyber attacks increasingly targeting critical infrastructure. Climate change is another pressing issue, causing resource shortages and contributing to conflicts, with over two in five regions facing climate-induced migration. Bioterrorism also poses significant risks, yet nearly a third of countries have not invested adequately in public health preparedness. Economic espionage is impacting key sectors like technology and defence, and the ongoing threat of nuclear proliferation remains a major global security challenge.
Sources:
https://inews.co.uk/inews-lifestyle/public-wifi-wont-want-to-read-3348687
https://uk.pcmag.com/security/155250/new-macos-malware-linked-to-north-korean-hackers
https://www.techspot.com/news/105399-ransomware-attacks-set-rise-record-levels-2024-despite.html
https://cyberscoop.com/china-apt-eset-target-typhoon-mirrorface/
https://cyberscoop.com/cybersecurity-for-startups-early-stage-companies/
https://www.helpnetsecurity.com/2024/11/07/buzz-hillestad-prismatic-ai-driven-attacks/
https://www.itsecurityguru.org/2024/11/01/what-are-the-key-threats-to-global-national-security/
Governance, Risk and Compliance
7 cyber security trends for small and medium businesses | Microsoft Security Blog
CISO Top 10 Priorities for Q3 2024: Navigating Cyber Security's Evolving Challenges | SC Media
Disaster recovery planning is key in the modern-day business environment
Cyber security in crisis: Are we ready for what's coming? - Help Net Security
IT Security Centralization Makes Industrial Spies Profitable
How Cyber Security Training Must Adapt to a New Era of Threats - Security Boulevard
Chief risk storyteller: How CISOs are developing yet another skill | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Cyber insurers would not welcome ban on ransomware payments :: Insurance Day
GoZone ransomware accuses and threatens victims - Help Net Security
RansomHub dethrones LockBit as top ransomware cartel | Cybernews
Iranian Threat Actors Ramp Up Ransomware, Cyber Activity
Ransomware attacks caused prolonged disruptions in October | TechTarget
Police Doxing of Criminals Raising Ransomware-Attack Stakes
Meet Interlock — The new ransomware targeting FreeBSD servers
Cyber attack disrupts classes at Irish technology university
Ransomware Victims
Devon school 'blackmailed' by hackers in cyber-attack - BBC News
Schneider Electric attackers demand ransom paid in baguettes • The Register
Ransomware Group Demands Payment in French Baguettes
Ransomware Attack Disrupts Georgia Hospital's Access to Health Records - SecurityWeek
Hacker Claims to Leak Nokia Source Code - InfoRiskToday
California court suffering from tech outages after cyber attack
Ransomware attack costs Microchip Technology over $21M | SC Media
Phishing & Email Based Attacks
Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign - SecurityWeek
Dangerous new phishing campaign infects Windows devices with malicious Linux VM | TechRadar
Beware of phishing emails delivering backdoored Linux VMs! - Help Net Security
Fake Copyright Infringement Emails Spread Rhadamanthys
US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing - SecurityWeek
DocuSign's Envelopes API abused to send realistic fake invoices
Cyber Criminals Exploit DocuSign APIs to Send Fake Invoices - Infosecurity Magazine
Large-Scale Phishing Campaign Exposed Using New Version Of Rhadamanthys Malware
Phishing Emails and Spam Are Similar, but There Are 5 Key Differences
Gmail Users Beware—Link Hovering Attacks On The Up
Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late
Scammers Target Starlink Users With Elaborate Phishing Scheme
Other Social Engineering
LastPass warns of fake support centers trying to steal customer data
Fake Copyright Infringement Emails Spread Rhadamanthys
Malware operators use copyright notices to lure in businesses | SC Media
Advanced Variant Of FakeCall Malware Targets Mobile Users
FBI recovers just $8M after crypto scam crashes Kansas bank • The Register
Things you should know about ‘digital arrest’ scams! - The Hindu BusinessLine
Artificial Intelligence
The deepfake threat to CEOs | Fortune
How AI will shape the next generation of cyber threats - Help Net Security
Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign - SecurityWeek
Experts warn some ChatGPT models can be hacked to launch deepfake scams | TechRadar
ChatGPT-4o can be used for autonomous voice-based scams
AI threats dictate a return to Human Intelligence | Cybernews
Defenders Outpace Attackers in AI Adoption - Infosecurity Magazine
OWASP Releases AI Security Guidance
Why Cyber Criminals Are Not Necessarily Embracing AI | HackerNoon
Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare
Trump plans to dismantle Biden AI safeguards after victory - Ars Technica
2FA/MFA
Google Cloud to Mandate Multifactor Authentication by 2025 - Infosecurity Magazine
Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late
Malware
New Malware Campaign Targets Windows Users Through Gaming Apps
Hackers increasingly use Winos4.0 post-exploitation kit in attacks
Industrial companies in Europe targeted with GuLoader - Help Net Security
5 Most Common Malware Techniques in 2024
MacOS under attack by crypto thieves: malicious app disguises itself as PDF | Cybernews
New SteelFox malware hijacks Windows PCs using vulnerable driver
New MacOS Malware Linked to North Korean Hackers
Microsoft services exploited for stealthy malware deployment | SC Media
Large-Scale Phishing Campaign Exposed Using New Version Of Rhadamanthys Malware
Typosquat campaign impersonates 287+ popular npm packages • The Register
Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT - Check Point Research
Bots/Botnets
Microsoft reveals major Chinese botnet is attacking users across the world | TechRadar
Microsoft credentials pilfered by APT Storm via botnet spray-and-pray router attack | SC Media
Organisations are fighting a losing battle against advanced bots | TechRadar
Mobile
Advanced Variant Of FakeCall Malware Targets Mobile Users
New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers
Dangerous Android banking malware looks to trick victims with fake money transfers | TechRadar
Here's What I Do Whenever I Receive a Scam Message on WhatsApp
What Telegram’s recent policy shift means for cyber crime
Mobile & IoT Security Requires More Industry Attention
How I Spot Smishing Texts Easily (and You Can, Too)
Denial of Service/DoS/DDoS
UK Council Sites Recover Following Russian DDoS Blitz - Infosecurity Magazine
DDoS site Dstat.cc seized and two suspects arrested in Germany
UK councils bat away DDoS barrage from Putin fanboys • The Register
Cyber attack disrupts classes at Irish technology university
Internet of Things – IoT
IoT Security Failures Can Be Sh*tty - Security Boulevard
Iranian APT Targets IP Cameras, Extends Attacks Beyond Israel
Chinese Air Fryers May Be Spying on Consumers, Which? Warns - Infosecurity Magazine
Mobile & IoT Security Requires More Industry Attention
Data Breaches/Leaks
Recovering From a Breach: 4 Steps Every Organisation Should Take - Security Boulevard
Telecoms company Magnet+ investigating possible cyber attack – The Irish Times
Identity-related data breaches cost more than average incidents - Help Net Security
Nokia investigates breach after hacker claims to steal source code
Scissor-maker Fiskars sliced by hackers | Cybernews
Domestic abuse victim’s home address leaked to ex-partner after data breach | The Independent
210,000 Impacted by Saint Xavier University Data Breach - SecurityWeek
Organised Crime & Criminal Actors
Operation Synergia II sees Interpol swoop on cyber crims • The Register
Massive Nigerian Cyber Crime Bust Sees 130 Arrested - Infosecurity Magazine
Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs
Cyber Threats Increase as Russia, China Train New Criminals - Africa Defense Forum
The biggest underestimated security threat of today? Advanced persistent teenagers | TechCrunch
Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies | WIRED
Hacker Said to Be Behind Breach of Snowflake (SNOW) Customers Arrested - Bloomberg
How to Defend Against Alleged Snowflake Attacker… | Intel 471
What Telegram’s recent policy shift means for cyber crime
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
MacOS under attack by crypto thieves: malicious app disguises itself as PDF | Cybernews
FBI recovers just $8M after crypto scam crashes Kansas bank • The Register
Insider Risk and Insider Threats
FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
Oh, the Humanity! How to Make Humans Part of Cyber Security
Insurance
Cyber insurers would not welcome ban on ransomware payments :: Insurance Day
Supply Chain and Third Parties
Banks urged to improve resilience to IT meltdowns • The Register
Supply Chain Attack Uses Smart Contracts for C2 Ops - Infosecurity Magazine
New Report from BlueVoyant Shows Progress in Third-Party Cyber Risk Management, But Breaches Persist
The State of Supply Chain Defence in 2024 Report
Serco, DHL among firms affected by Microlise cyber attack | ITPro
Cloud/SaaS
The future of cloud computing: Top trends and predictions | TechTarget
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups
Google Cloud to Mandate Multifactor Authentication by 2025 - Infosecurity Magazine
Microsoft 365 security blind spots: Is your business exposed? - Partner Content - Security - iTnews
Outages
Banks urged to improve resilience to IT meltdowns • The Register
Identity and Access Management
Identity-related data breaches cost more than average incidents - Help Net Security
Encryption
“Q Day” Is Coming: Is the World Prepared? - Centre for International Governance Innovation
Quantum Has Landed, So Now What?
Linux and Open Source
Dangerous new phishing campaign infects Windows devices with malicious Linux VM | TechRadar
Beware of phishing emails delivering backdoored Linux VMs! - Help Net Security
Meet Interlock — The new ransomware targeting FreeBSD servers
Passwords, Credential Stuffing & Brute Force Attacks
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
Microsoft credentials pilfered by APT Storm via botnet spray-and-pray router attack | SC Media
A Hacker's Guide to Password Cracking
Okta’s ‘secure by design’ pledge suffers a buggy setback | CSO Online
Social Media
South Korea fines Meta about $15 mln over collection of user data | Reuters
Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns
Malvertising
NCSC Publishes Tips to Tackle Malvertising Threat - Infosecurity Magazine
Training, Education and Awareness
How Cyber Security Training Must Adapt to a New Era of Threats - Security Boulevard
Regulations, Fines and Legislation
Banks urged to improve resilience to IT meltdowns • The Register
The NIS 2 Era Is Here: Are You Compliance-Ready? | Goodwin - JDSupra
Government-backed cyber security has a long way to go, warns Arctic Wolf
Apple could face EU's first-ever DMA fine as soon as this month - 9to5Mac
Exploring DORA: How to manage ICT incidents and minimize cyber threat risks
HIPAA Not ‘Strong Enough’ for Health Care’s Cyber Security Needs
South Korea fines Meta about $15 mln over collection of user data | Reuters
Biden administration prepares second executive order on cyber security | SC Media
Germany drafts law to protect researchers who find security flaws
Trump plans to dismantle Biden AI safeguards after victory - Ars Technica
Combating Cyber Crime: What to Expect From Trump Presidency?
Models, Frameworks and Standards
The NIS 2 Era Is Here: Are You Compliance-Ready? | Goodwin - JDSupra
Exploring DORA: How to manage ICT incidents and minimize cyber threat risks
OWASP Releases AI Security Guidance
NIST CSF 2.0 Critical - Security Boulevard
Data Protection
Consumer privacy risks of data aggregation: What should organisations do? - Help Net Security
South Korea fines Meta about $15 mln over collection of user data | Reuters
Careers, Working in Cyber and Information Security
24% of CISOs actively looking to leave their jobs | CSO Online
A grassroots movement to tackle cyber skills gap | Professional Security Magazine
UK Cyber Security Wages Soar Above Inflation as Stress Levels Rise - Infosecurity Magazine
Proactive Ways To Bridge The Cyber Security Talent Gap
How Playing Cyber Games Can Help You Get Hired
Keep Learning or Keep Losing: There's No Finish Line
US Coast Guard's New Cyber Units: A Game Changer for National Security - ClearanceJobs
Want to attract diverse cyber talent? Go beyond the same-old recruiting techniques | SC Media
MoD seeks leader for ‘defensive cyber operations’ – PublicTechnology
How CISOs can turn around low-performing cyber pros | CSO Online
Law Enforcement Action and Take Downs
FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
Operation Synergia II sees Interpol swoop on cyber crims • The Register
Massive Nigerian Cyber Crime Bust Sees 130 Arrested - Infosecurity Magazine
Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs
DDoS site Dstat.cc seized and two suspects arrested in Germany
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
Hacker Said to Be Behind Breach of Snowflake (SNOW) Customers Arrested - Bloomberg
How to Defend Against Alleged Snowflake Attacker… | Intel 471
Gov't IT contractors arrested for defrauding the feds • The Register
US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing - SecurityWeek
FBI recovers just $8M after crypto scam crashes Kansas bank • The Register
Police Doxing of Criminals Raising Ransomware-Attack Stakes
Misinformation, Disinformation and Propaganda
Russian disinformation campaign active ahead of 2024 US election
US Says Russia Behind Fake Haitian Voters Video - Infosecurity Magazine
CISA: U.S. election disinformation peddled at massive scale | TechTarget
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
US warns of Russia and Iran’s disinformation campaigns as election day unfolds
False bomb threats only blemish on Election Day voting process
Russian Fake News and Bomb Threats Target Election Day Votes
Here are the post-election disinfo threats experts are watching for
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
IT Security Centralization Makes Industrial Spies Profitable
The West must respond to Russia’s rapidly escalating hybrid warfare - Atlantic Council
What are the key Threats to Global National Security? - IT Security Guru
Lord Harries links nuclear to cyber threats
Nation State Actors
Cyber Threats Increase as Russia, China Train New Criminals - Africa Defense Forum
China
Microsoft reveals major Chinese botnet is attacking users across the world | TechRadar
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
Chinese APTs Cash In on Years of Edge Device Attacks
Thousands of hacked TP-Link routers used in years-long account takeover attacks - Ars Technica
Sophos Warns Chinese Hackers Are Becoming Stealthier - Infosecurity Magazine
NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices - SecurityWeek
Microsoft credentials pilfered by APT Storm via botnet spray-and-pray router attack | SC Media
China's elite hackers expand target list to European Union | CyberScoop
China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
China's Volt Typhoon breached Singtel, reports say • The Register
Chinese Group Accused of Hacking Singtel in Telecom Attacks - Bloomberg
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
Chinese Air Fryers May Be Spying on Consumers, Which? Warns - Infosecurity Magazine
Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns
Russia
The West must respond to Russia’s rapidly escalating hybrid warfare - Atlantic Council
N Korea may receive tech in exchange for military support • The Register
CISA: US election disinformation peddled at massive scale | TechTarget
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
Cyber attack sparks extra security at Portsmouth council - BBC News
UK Council Sites Recover Following Russian DDoS Blitz - Infosecurity Magazine
Russian disinformation campaign active ahead of 2024 US election
US Says Russia Behind Fake Haitian Voters Video - Infosecurity Magazine
False bomb threats only blemish on Election Day voting process
Russian Fake News and Bomb Threats Target Election Day Votes
Here are the post-election disinfo threats experts are watching for
Cyber Threats Increase as Russia, China Train New Criminals - Africa Defense Forum
1 Million Cyber Attacks Made On Montco Election, Mainly From Russia | Norristown, PA Patch
Iran
CISA: U.S. election disinformation peddled at massive scale | TechTarget
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
Iranian Threat Actors Ramp Up Ransomware, Cyber Activity
Iranian APT Targets IP Cameras, Extends Attacks Beyond Israel
Here are the post-election disinfo threats experts are watching for
Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare
North Korea
N Korea may receive tech in exchange for military support • The Register
Tools and Controls
Banks urged to improve resilience to IT meltdowns • The Register
Disaster recovery planning is key in the modern-day business environment
AI threats dictate a return to Human Intelligence | Cybernews
What is Unified Threat Management (UTM)? | Definition from TechTarget
Recovering From a Breach: 4 Steps Every Organisation Should Take - Security Boulevard
Google Says Its AI Found SQLite Vulnerability That Fuzzing Missed - SecurityWeek
Google Cloud to Mandate Multifactor Authentication by 2025 - Infosecurity Magazine
New cyber security advisory highlights defence-in-depth strategies
Oh, the Humanity! How to Make Humans Part of Cyber Security
How to Win at Cyber by Influencing People
Security Assessment Reports: A Complete Overview - Security Boulevard
The human factor in cyber resilience | UKAuthority
Typosquat campaign impersonates 287+ popular npm packages • The Register
Scotland’s Digital Office highlights tabletop cyber security exercises | UKAuthority
Defenders Outpace Attackers in AI Adoption - Infosecurity Magazine
4 Main API Security Risks Organisations Need to Address
The ins and outs of threat emulation | TechRadar
Navigating the evolving landscape of cyber risk management
Germany drafts law to protect researchers who find security flaws
What is a Cyber Range? - Security Boulevard
Okta’s ‘secure by design’ pledge suffers a buggy setback | CSO Online
Effective Phishing Exercises: How To Plan, Execute And Follow Up
Microsoft 365 security blind spots: Is your business exposed? - Partner Content - Security - iTnews
Other News
Cyber security in crisis: Are we ready for what's coming? - Help Net Security
CISO Top 10 Priorities for Q3 2024: Navigating Cyber Security's Evolving Challenges | SC Media
The ironic vulnerability: why insurers are prime targets for cyber attacks
Cyber attack disrupts classes at Irish technology university
Public sector cyber break-ins: Our money, our right to know • The Register
'Unauthorized activity' downs Washington's court systems • The Register
The Internet's Defenders Are Running Out of Money—And We're All at Risk | IBTimes
How to Win at Cyber by Influencing People
Scotland’s Digital Office highlights tabletop cyber security exercises | UKAuthority
How early-stage companies can go beyond cyber security basics | CyberScoop
How to Outsmart Stealthy E-Crime and Nation-State Threats
Cyber Trends: Keep an Eye on Critical Infrastructure Sectors
Five ways cyber criminals target healthcare and how to stop them | ITPro
JPMorgan CISO says three trends play a role in how he protects the banking giant | Fortune
Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems
Don't search for information on cats at work — you could be at risk of being hacked | TechRadar
Combating Cyber Crime: What to Expect From Trump Presidency?
Facing Growing Threats, Space Industry Expands Its Cyber Warning Center
Governments are facing a huge surge in cyber attacks | TechRadar
Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)
Cyber attack on American Water: A warning to critical infrastructure
Vulnerability Management
Vulnerabilities
Microsoft SharePoint RCE bug exploited to breach corporate network
Worrying WordPress plugin security flaw could let hackers hijack your site | TechRadar
Okta vulnerability allowed accounts with long usernames to log in without a password
New SteelFox malware hijacks Windows PCs using vulnerable driver
Sophos Firewall hack on government network used an all-new custom malware | TechRadar
Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw • The Register
CISA warns of critical Palo Alto Networks bug exploited in attacks
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack | WIRED
PfSense Stored XSS Vulnerability Leads To RCE Attacks, PoC Published
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks - SecurityWeek
Okta’s ‘secure by design’ pledge suffers a buggy setback | CSO Online
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 01 November 2024
Black Arrow Cyber Threat Intelligence Briefing 01 November 2024:
-Banks and Regulators Warn of Rise in ‘Quishing’ QR Code Scams
-Russia Carrying Out Targeted Attacks In UK, Microsoft Warns
-Spoof Eventbrite Phishing Emails Lure in Victims in Major Attack
-Business Email Compromise Scams Dominate Q3 2024 Threats
-This Nasty Android Trojan is Hijacking Calls to Your Bank and Sending Them to Hackers
-What Military Wargames Can Teach About Cyber Security
-Businesses Expect Cyber Threats to Rise, but Aren’t Ready for Them
-The Overlooked Importance of Identifying the Riskiest Users
-Hackers Targeted a $12 Billion Cyber Security Company with a Deepfake of Its CEO. Here's Why Small Details Made It Unsuccessful.
-Small Businesses Boosting Cyber Security as Threats Grow
-The Rise of the vCISO: From Niche to Necessity?
-Five Eyes Agencies Offer Security Advice for Small Businesses
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Banks and Regulators Warn of Rise in ‘Quishing’ QR Code Scams
Banks and regulators have flagged a concerning rise in "quishing" scams, where fraudsters use QR codes in emails to bypass corporate cyber security. This technique, involving QR codes in PDF attachments, often evades standard security filters, tricking recipients into disclosing financial details. Increased during the pandemic, such scams now represent over 20% of UK online scams, with reports doubling in the past year. While these scams frequently occur via email, they also target public QR code installations, from parking meters to EV chargers. As quishing continues to evolve, organisations may need to enhance detection capabilities to counter this growing threat.
Russia Carrying Out Targeted Attacks In UK, Microsoft Warns
Microsoft and AWS have issued warnings about targeted cyber attacks by a Russian-backed group, aimed primarily at the UK and other countries. Known as Midnight Blizzard or APT29, this group has been using highly targeted spear-phishing emails since October to infiltrate government, defence, academic, and non-profit sectors. Posing as Microsoft or AWS staff, attackers use social engineering techniques involving remote access protocol attachments that create direct connections to attacker-controlled servers. This method can expose user credentials and facilitate unauthorised access to sensitive information, including device resources, potentially allowing attackers to install persistent malware on compromised systems.
Spoof Eventbrite Phishing Emails Lure in Victims in Major Attack
Cyber criminals have increasingly exploited Eventbrite’s platform, with a 900% surge in phishing attacks using this trusted event management service. Hackers create fake events under familiar brand names, leveraging Eventbrite's built-in mailing system to distribute phishing emails that bypass common security filters due to the trusted domain of ‘noreply@events.eventbrite.com’. Through these messages, victims are urged to take immediate action, often leading to the disclosure of sensitive data like login credentials, tax identification numbers, and payment details. This method has proven effective, highlighting the need for heightened vigilance around trusted online platforms.
Business Email Compromise Scams Dominate Q3 2024 Threats
The VIPRE Security Group’s recent report highlights the increasing sophistication of Business Email Compromise (BEC) scams, which accounted for 58% of phishing attempts and heavily relied on impersonating authority figures such as CEOs and IT staff, representing 89% of these attacks. Techniques like URL redirection and harmful attachments disguised as critical documents have increased, underscoring the need for robust cyber security measures and employee awareness, especially approaching the holiday season.
This Nasty Android Trojan is Hijacking Calls to Your Bank and Sending Them to Hackers
A recent report highlights a sophisticated threat from the Android-based FakeCall trojan, which intercepts sensitive calls by replacing the phone’s default dialler. This malicious software enables hackers to hijack both incoming and outgoing calls, allowing them to impersonate bank staff and gather sensitive data from unsuspecting users. FakeCall is distributed through malicious apps that exploit Android’s accessibility features. Since its detection in 2022, FakeCall has expanded its reach, now able to mimic over 20 financial organisations. This trojan's continuous development, including screen streaming and screenshot capabilities, points to its evolving potency.
What Military Wargames Can Teach About Cyber Security
Tabletop wargaming has become an essential tool in cyber security, helping organisations prepare for the swift, critical decisions required in the first 24-48 hours of a ransomware attack. Despite the widespread use of technologies to prevent cyber attacks, 2024 has seen an increase in ransomware and data breaches, exposing gaps in many companies' response capabilities. By simulating realistic ransomware scenarios, tabletop exercises enable organisations to stress-test response strategies, address compliance gaps, and refine their disaster recovery plans. This hands-on approach enhances organisational resilience, ensuring leadership and cross-functional teams are equipped for effective incident response and secure recovery. Black Arrow Cyber Consulting provides proctored tabletop cyber incident response exercises, enabling firms to better handle and recover from cyber incidents.
Businesses Expect Cyber Threats to Rise, but Aren’t Ready for Them
Recent research indicates UK businesses are increasingly concerned about cyber threats, with 75% of companies reporting a rise in attempted attacks and nearly 40% experiencing a successful breach. Despite these concerns, only 35% of leaders feel adequately prepared to handle cyber incidents. This gap between awareness and readiness highlights the need for robust, proactive security measures, especially as the UK emerges as the most targeted country in Europe. As organisations recognise the strategic value of cyber security, embedding it into decision-making becomes essential to protect against evolving digital risks and ensure future resilience.
The Overlooked Importance of Identifying the Riskiest Users
Reach Security highlights the significance of identifying and managing the riskiest users within an organisation. Their findings indicate that 80% to 90% of cyber security threats are linked to just 3% to 5% of users, with 20% of these high-risk individuals changing each month. Implementing a "see one, do one, teach one" model, similar to healthcare’s incremental learning, can empower high-risk users to understand and mitigate specific threats. This approach helps organisations allocate resources more effectively, reduce dependency on numerous security tools, and foster a more resilient cyber security culture by enabling high-risk users to act as advocates within the organisation.
Hackers Targeted a $12 Billion Cyber Security Company with a Deepfake of Its CEO. Here's Why Small Details Made It Unsuccessful.
A recent incident involving $12 billion cyber security firm Wiz highlights the growing threat of deepfake scams targeting top executives. Hackers attempted to use an audio deepfake of Wiz’s CEO, Assaf Rappaport, to steal employee credentials, aiming to access the firm’s internal systems and data. The attempt failed because employees recognised the CEO’s distinct speech patterns. Deepfake scams are increasingly sophisticated, with recent reports indicating that half of global companies have faced such attacks, and 66% of business leaders see deepfakes as a serious risk to their organisations.
Small Businesses Boosting Cyber Security as Threats Grow
The Identity Theft Resource Center’s latest report highlights that small businesses are increasingly bolstering their cyber security efforts in response to growing identity-related cyber attacks. Over 80% of small businesses reported experiencing a cyber attack or data breach in the past year with financial losses exceeding $500,000, in some cases doubling. In response, many small businesses are ramping up investment in security tools, staff training, and vendor checks. Additionally, as new state privacy laws emerge, over 75% of small business leaders express concern about compliance, spurring increased focus on data protection practices.
The Rise of the vCISO: From Niche to Necessity?
The rise of virtual Chief Information Security Officers (vCISOs) highlights a shift in cyber security for small and medium-sized businesses (SMBs). With cyber threats evolving rapidly, vCISOs offer flexible, high-level security expertise that strengthens defences while remaining cost-effective. vCISOs help organisations navigate complex regulatory requirements and manage emerging technologies, such as IoT and machine learning, ensuring a tailored security approach that promotes resilience and business growth. Speak to Black Arrow about our fully scalable and flexible vCISO service to help organisations of all sizes and sectors.
Five Eyes Agencies Offer Security Advice for Small Businesses
The Five Eyes alliance, composed of intelligence agencies from the US, UK, Canada, Australia, and New Zealand, has issued new security guidelines to support small businesses, especially tech firms, in defending against cyber attacks. These guidelines focus on safeguarding intellectual property from sophisticated state-backed actors, such as China, as well as criminal groups and competitors. Recommendations include appointing dedicated security managers, keeping a comprehensive asset inventory, and managing data access with third-party partners. This coordinated effort aims to strengthen business security globally, reducing vulnerabilities across both private and public sectors.
Sources:
https://www.ft.com/content/8aca741e-6448-4511-a54d-64f3a97747b1
https://www.silicon.co.uk/security/microsoft-aws-attacks-russia-586762
https://securitybrief.co.nz/story/business-email-compromise-scams-dominate-q3-2024-threats
https://www.techradar.com/pro/businesses-expect-cyber-threats-to-rise-but-arent-ready-for-them
https://securityboulevard.com/2024/10/small-businesses-boosting-cybersecurity-as-threats-grow-itrc/
https://www.csoonline.com/article/3595617/the-rise-of-the-vciso-from-niche-to-necessity.html
https://www.scworld.com/news/five-eyes-agencies-offers-security-advice-for-small-businesses
Governance, Risk and Compliance
The 10 biggest issues CISOs and cyber teams face today | CSO Online
Businesses expect cyber threats to rise, but aren’t ready for them | TechRadar
Most companies are bracing for a cyber attack within a year
For a Stronger Security Culture, Replace Sticks With Carrots
The rise of the vCISO: From niche to necessity? | CSO Online
Security outsourcing on the rise as CISOs seek cyber relief | CSO Online
Small Businesses Boosting Cyber Security as Threats Grow: ITRC - Security Boulevard
The State of Cyber Security: Challenges, Priorities and Insights - Infosecurity Magazine
CISOs as Organisational Bridge Builders for Cyber Security Culture | HackerNoon
13 Cyber Crime Facts That Will Give You Chills | HackerNoon
A Halloween Haunting: Unveiling Cyber Security’s Scary Stats
Terrifying Trends in the 2024 Cyber Threat Landscape - Security Boulevard
Spooky Cyber Stats and Trends in Time for Halloween
Five Eyes agencies offer security advice for small businesses | SC Media
Security priorities emphasize CISO role on the rise | CSO Online
Three quarters of businesses report rise in cyber attacks
Is Your Business Truly Safe From Risk? | Entrepreneur
What Military Wargames Can Teach Us About Cyber Security
NCSC warns of gap between threats and defence capabilities
99% of CISOs work extra hours every week - Help Net Security
How CIOs and CISOs can partner to improve workforce productivity and security | CIO
The Power of Proactive Risk Assessments in Cyber Security - Security Boulevard
Threats
Ransomware, Extortion and Destructive Attacks
Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
In legal first, Japan convicts man of abusing AI to generate ransomware | Malay Mail
Black Basta Ransomware Operators Using Microsoft Teams To Breach Organisations
Fog ransomware targets SonicWall VPNs to breach corporate networks
Patched SonicWall critical vulnerability still used in several ransomware attacks | CSO Online
Black Basta operators phish employees via Microsoft Teams - Help Net Security
North Korean govt hackers linked to Play ransomware attack
Three common privilege access mistakes that can lead to a ransomware incident | SC Media
Russia sentences REvil ransomware members to over 4 years in prison
Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
REvil convictions unlikely to curb Russian cyber crime | TechTarget
Ransomware hits web hosting servers via vulnerable CyberPanel instances - Help Net Security
The ransomware negotiation playbook adds new chapters | CSO Online
Ransomware Victims
OnePoint Patient Care Data Breach Exposes 795,000 Records
Atende refused to pay the ransom, and now pays the price | CSO Online
Interbank confirms data breach following failed extortion, data leak
Ransomware hits web hosting servers via vulnerable CyberPanel instances - Help Net Security
Phishing & Email Based Attacks
Cyber Scams & Why We Fall for Them - Security Boulevard
BEC cyber attacks have the highest financial impact - Digital Journal
Business Email Compromise scams dominate Q3 2024 threats
The Weapon of Choice of Cyber Criminals: BEC Impersonation
Spoof Eventbrite phishing emails look to lure in victims in major attack | TechRadar
Threat actors are stepping up their tactics to bypass email protections - Help Net Security
Black Basta operators phish employees via Microsoft Teams - Help Net Security
Phishers reach targets via Eventbrite services - Help Net Security
Spooky Spam, Scary Scams: Halloween Threats Rise - Security Boulevard
Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organisations - SecurityWeek
Russian Hackers Pose as Microsoft Employees in Email Phishing Attacks
Facebook Businesses Targeted in Infostealer Phishing Campaign
Cyber criminals are leveraging big retail names in attacks this holiday season | TechRadar
Over a thousand online shops hacked to show fake product listings
Russian spies using remote desktop protocol files to phish • The Register
New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot - Infosecurity Magazine
Hackers are swiping cookies to bypass email security, FBI says - UPI.com
APT29 Spearphishing Campaign Targets Thousands with RDP Files - Infosecurity Magazine
German MPs and their staff fail simple phishing attack test | Tom's Hardware
Russia Is Targeting US Officials in Email Phishing Campaign: Microsoft - Bloomberg
Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
BEC cyber attacks have the highest financial impact - Digital Journal
Business email compromise scams dominate Q3 2024 threats
The Weapon of Choice of Cyber Criminals: BEC Impersonation
Phishers reach targets via Eventbrite services - Help Net Security
AI-Powered BEC Scams Zero in on Manufacturers - Infosecurity Magazine
Other Social Engineering
Cyber Scams & Why We Fall for Them - Security Boulevard
BEC cyber attacks have the highest financial impact - Digital Journal
Banks and regulators warn of rise in ‘quishing’ QR code scams
Hackers Sent a Deepfake of Wiz CEO to Dozens of Employees | Entrepreneur
Fraudsters revive old tactics mixed with modern technology - Help Net Security
How Hackers Exploit Google To Target You
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium
Artificial Intelligence
In legal first, Japan convicts man of abusing AI to generate ransomware | Malay Mail
Hackers Sent a Deepfake of Wiz CEO to Dozens of Employees | Entrepreneur
Mozilla: ChatGPT Can Be Manipulated Using Hex Code
AI Cyber Attacks Rise but Businesses Still Lack Insurance - Security Boulevard
Future capabilities of AI-powered threats
How artificial intelligence is lowering the barrier to cyber crime
Trust and risk in the AI era - Help Net Security
White House Issues New Directive on AI and National Security | UC Berkeley School of Information
Apple is challenging hackers to break into the company's servers | Fortune
Regulators Combat Deepfakes With Anti-Fraud Rules
80 percent believe cyber security skills will be vital in AI environments
2FA/MFA
New Windows Warning As Hacker Breaks Google Chrome 2FA Security Encryption
Malware
New Windows Driver Signature bypass allows kernel rootkit installs
Police hacks, disrupts Redline, Meta infostealer operations - Help Net Security
'All servers' for Redline and Meta infostealers hacked by Dutch police and FBI
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot - Infosecurity Magazine
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
Kremlin-backed hackers have new Windows and Android malware to foist on Ukrainian foes
Why Wiping Your Hard Drive Doesn't Always Remove Malware
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium
Government Sector Suffers 236% Surge in Malware Attacks - Infosecurity Magazine
Bots/Botnets
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Mobile
Macron's bodyguards show his location by sharing Strava data • The Register
Google Warns Of New Android And Windows Cyber Attack—1 Thing Stops It
Android malware "FakeCall" now reroutes bank calls to attackers
These Samsung phones are at risk for a big security vulnerability | Digital Trends
Russia Targets Ukraine Army via Spoofed Recruitment App
Denial of Service/DoS/DDoS
DDoS attacks surge to unprecedented levels, bombarding servers with 4.2Tbps | Cybernews
Is DDoS being left out in the cold by regulations? | TechFinitive
Russia arrests hacker accused of preventing electronic voting during local election
Internet of Things – IoT
Government Warns Foreign Tech In Cars Is Vulnerable To Hackers, Proposes Ban
IoT needs more respect for its consumers, creations, and itself - Help Net Security
Hackers target critical zero-day vulnerability in PTZ cameras
Data Breaches/Leaks
Free, France’s second largest ISP, confirms data breach after leak
ICO: 55% of UK Adults Have Had Data Lost or Stolen - Infosecurity Magazine
Hacker claims to have data linked to 19 million French mobile and internet customers | ITPro
Over 80% of US Small Businesses Have Been Breached - Infosecurity Magazine
OnePoint Patient Care Data Breach Exposes 795,000 Records
Cyber security Breaches Survey 2024: Impact of Cyber Crime | SC Media UK
Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches
Organised Crime & Criminal Actors
Russia sentences REvil ransomware members to over 4 years in prison
How artificial intelligence is lowering the barrier to cyber crime
REvil convictions unlikely to curb Russian cyber crime | TechTarget
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Ex-Disney techie arrested for potentially deadly menu hacks • The Register
The Overlooked Importance of Identifying Riskiest Users
Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches
Insider threat hunting best practices and tools | TechTarget
Insurance
AI Cyber Attacks Rise but Businesses Still Lack Insurance - Security Boulevard
Supply Chain and Third Parties
Third-Party Identities: The Weakest Link in Your Cyber Security Supply Chain
How the NIS2 Directive Impacts Supply Chain Cyber Security
Cloud/SaaS
AWS CDK flaw exposed accounts to full takeover • The Register
Black Basta Ransomware Operators Using Microsoft Teams To Breach Organisations
Adversarial groups adapt to exploit systems in new ways - Help Net Security
The SaaS Governance Gap | Grip Security - Security Boulevard
NIS2 Arrives with Major Changes to EU SaaS Cyber Security - Security Boulevard
What the CrowdStrike outage teaches us about cloud security | SC Media
China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking
Black Basta operators phish employees via Microsoft Teams - Help Net Security
Hackers find 15,000 credentials by scanning for git configuration | CyberScoop
Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
New Details Emerge About Expansive TeamTNT Attacks | MSSP Alert
Outages
Delta Sues CrowdStrike Over ‘Catastrophic’ Software Glitch – BNN Bloomberg
What the CrowdStrike outage teaches us about cloud security | SC Media
When Cyber Security Tools Backfire
The Case Against Abandoning CrowdStrike Post-Outage
Identity and Access Management
Third-Party Identities: The Weakest Link in Your Cyber Security Supply Chain
Three common privilege access mistakes that can lead to a ransomware incident | SC Media
Encryption
Quantum Computing and Cyber Security – Preparing for a New Age of Threats | MSSP Alert
How to achieve crypto-agility and future-proof security | TechTarget
Linux and Open Source
Admins Spring into action over latest open source vuln • The Register
Hardening Linux Servers Against Threats and Attacks | Linux Journal
Passwords, Credential Stuffing & Brute Force Attacks
The state of password security in 2024 - Help Net Security
Hackers find 15,000 credentials by scanning for git configuration | CyberScoop
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Social Media
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
Stolen credit cards up for grabs on Meta’s Threads • The Register
Facebook Businesses Targeted in Infostealer Phishing Campaign
Malicious Ads Are Flooding Facebook: Here's How to Stay Safe
Malvertising
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
Malicious Ads Are Flooding Facebook: Here's How to Stay Safe
Training, Education and Awareness
For a Stronger Security Culture, Replace Sticks With Carrots
3 crucial considerations for your security awareness and training program | CSO Online
Regulations, Fines and Legislation
NIS2 Arrives with Major Changes to EU SaaS Cyber Security - Security Boulevard
NIS2 directive impact | Professional Security Magazine
NIS2 Compliance Puts Strain on Business Budgets - Infosecurity Magazine
Cyber Security | UK Regulatory Outlook October 2024 - Osborne Clarke | Osborne Clarke
UK organisations scrambling to divert funds for NIS2 compliance spending | ITPro
The SEC is Cracking Down on Misleading Cyber Security Disclosure | Fenwick & West LLP - JDSupra
Industry trade groups still have ‘concerns’ with cyber reporting mandate | CyberScoop
Is DDoS being left out in the cold by regulations? | TechFinitive
Regulators Combat Deepfakes With Anti-Fraud Rules
Models, Frameworks and Standards
NIS2 Arrives with Major Changes to EU SaaS Cyber Security - Security Boulevard
NIS2 directive impact | Professional Security Magazine
UK organisations scrambling to divert funds for NIS2 compliance spending | ITPro
Backup and Recovery
Is Backup Testing Part of Your Security Strategy? | HackerNoon
Data Protection
ICO: 55% of UK Adults Have Had Data Lost or Stolen - Infosecurity Magazine
Careers, Working in Cyber and Information Security
99% of CISOs work extra hours every week - Help Net Security
Mastering Cyber Security: A Comprehensive Guide to Self-Learning - Security Boulevard
Aldi managers paid more than government cyber security expert
UK needs cyber security professionals, but won't pay up • The Register
80 percent believe cyber security skills will be vital in AI environments
The Government Wants You to Fight Cyber Crime. Do You Have What It Takes?
Cyber security Awareness Month: 5 new AI skills cyber pros need
Law Enforcement Action and Take Downs
In legal first, Japan convicts man of abusing AI to generate ransomware | Malay Mail
Alexander McCartney: Catfish killer brought down by one phone call - BBC News
Police hacks, disrupts Redline, Meta infostealer operations - Help Net Security
'All servers' for Redline and Meta infostealers hacked by Dutch police and FBI
Two notorious infostealer malware operations were just knocked offline | ITPro
FBI has conducted more than 30 disruption operations in 2024 | CyberScoop
REvil convictions unlikely to curb Russian cyber crime | TechTarget
Russia arrests hacker accused of preventing electronic voting during local election
Misinformation, Disinformation and Propaganda
Senator says domain reg firms aiding Russian disinfo spread • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
What can businesses learn from the rise of cyber espionage?
Nation State Actors
Cyber threats surge from state-sponsored and criminal actors
China
China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking
US says Chinese hackers breached multiple telecom providers
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Government Warns Foreign Tech In Cars Is Vulnerable To Hackers, Proposes Ban
Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices | WIRED
Chinese hackers targeted phones used by Trump and Vance, New York Times reports - The Hindu
Donald Trump and JD Vance potential targets of China cyber attack - BBC News
Chinese Hackers Reportedly Targeted Trump, Vance Phones
China's Elite Cyber Corps Hone Skills on Virtual Battlefields
Russia and China-linked state hackers intensify attacks on Netherlands, security officials warn
Beijing claims its found spy devices at sea • The Register
Canada Faces 'Second-to-None' PRC-Backed Threat Actors
Russia
Russia Carrying Out Targeted Attacks In UK, Microsoft Warns
Amazon seizes domains used in rogue Remote Desktop campaign to steal data
New Cyber Attack Warning—Confirming You Are Not A Robot Can Be Dangerous
APT29 Spearphishing Campaign Targets Thousands with RDP Files - Infosecurity Magazine
Google Warns Of New Android And Windows Cyber Attack—1 Thing Stops It
Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organisations - SecurityWeek
Russian Hackers Pose as Microsoft Employees in Email Phishing Attacks
Russian spies using remote desktop protocol files to phish • The Register
Senator says domain reg firms aiding Russian disinfo spread • The Register
Russia’s ‘Midnight Blizzard’ hackers target government workers in novel info-stealing campaign
Kremlin-backed hackers have new Windows and Android malware to foist on Ukrainian foes
Sweden and Norway rethink cashless society plans over Russia security fears | Sweden | The Guardian
Pro-Russia hackers claim Greater Manchester council cyber attacks - BBC News
Kremlin-linked hackers target Ukraine’s state, military agencies in new espionage campaign
Russia and China-linked state hackers intensify attacks on Netherlands, security officials warn
Russia Targets Ukraine Army via Spoofed Recruitment App
Russia Is Targeting US Officials in Email Phishing Campaign: Microsoft - Bloomberg
Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data - Infosecurity Magazine
REvil convictions unlikely to curb Russian cyber crime | TechTarget
Russia sentences REvil ransomware members to over 4 years in prison
Iran
Cyber threats surge from state-sponsored and criminal actors
Iran Hackers Peddle Stolen Trump Emails
North Korea
Cyber threats surge from state-sponsored and criminal actors
Tools and Controls
For a Stronger Security Culture, Replace Sticks With Carrots
Threat actors are stepping up their tactics to bypass email protections - Help Net Security
The Overlooked Importance of Identifying Riskiest Users
Is Backup Testing Part of Your Security Strategy? | HackerNoon
The SaaS Governance Gap | Grip Security - Security Boulevard
Proactive and responsible disclosure | Professional Security Magazine
When Cyber Security Tools Backfire
What Military Wargames Can Teach Us About Cyber Security
Attack surface management: The key to securing expanding digital frontiers | SC Media
New report reveals persistent API security breaches risk
Hackers are swiping cookies to bypass email security, FBI says - UPI.com
US, Australia Release New Security Guide for Software Makers - SecurityWeek
More Than Just a Corporate Wiki? How Threat Actors are Exploiting Confluence - Security Boulevard
Why cyber tools fail SOC teams - Help Net Security
Into the Wild: Using Public Data for Cyber Risk Hunting
API Security Matters: The Risks of Turning a Blind Eye - SecurityWeek
Designing a Future-focused Cyber Security Investment Strategy - SecurityWeek
The Power of Proactive Risk Assessments in Cyber Security - Security Boulevard
Risk hunting: A proactive approach to cyber threats - Help Net Security
Top 10 Cyber Security Metrics and KPIs | Mimecast
Apple opens Private Cloud Compute to public scrutiny • The Register
German MPs and their staff fail simple phishing attack test | Tom's Hardware
Insider threat hunting best practices and tools | TechTarget
How IT leaders can assess “secure-by-design” software claims | CIO
Companies are spending barely any IT budget on security | TechRadar
Reports Published in the Last Week
Other News
Small Businesses Boosting Cyber Security as Threats Grow: ITRC - Security Boulevard
13 Cyber Crime Facts That Will Give You Chills | HackerNoon
Spooky Cyber Stats and Trends in Time for Halloween
Five Eyes Agencies Launch Startup Security Initiative - Infosecurity Magazine
Five Eyes tell tech startups to take infosec seriously • The Register
Terrifying Trends in the 2024 Cyber Threat Landscape - Security Boulevard
Stop being a sitting target for cyber threats! | TechRadar
Healthcare Breaches Costliest for 12 Years Running, Hit New $10.1M Record High
Irish businesses now facing more than one cyber attack per week
Funding crisis ‘puts universities at higher risk of cyber attacks’
CISA Launches First International Cyber Security Plan - Infosecurity Magazine
Lateral Movement in Recent Cyber Security Breaches - Security Boulevard
Government Sector Suffers 236% Surge in Malware Attacks - Infosecurity Magazine
US, Australia Release New Security Guide for Software Makers - SecurityWeek
Proactive & Preventative Cyber Defence - DevX
OT security becoming a mainstream concern | CSO Online
Microsoft delays its troubled AI-powered Recall feature yet again | ZDNET
Vulnerability Management
Many financial firms have high-severity software security flaws over a year old | TechRadar
Put End-of-Life Software to Rest
Microsoft Update Warning—400 Million Windows PCs Now At Risk
A Sherlock Holmes Approach to Cyber Security: Eliminate the Impossible with Exposure Validation
Microsoft will charge Windows 10 users $30 per year for security updates | Tom's Hardware
Vulnerabilities
Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products - SecurityWeek
New tool bypasses Google Chrome’s new cookie encryption system
AWS CDK flaw exposed accounts to full takeover • The Register
New Cisco ASA and FTD features block VPN brute-force password attacks
New Windows Driver Signature bypass allows kernel rootkit installs
Fog ransomware targets SonicWall VPNs to breach corporate networks
Patched SonicWall critical vulnerability still used in several ransomware attacks | CSO Online
Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel
New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors
Wi-Fi Alliance test suite has a worrying security flaw | TechRadar
New Windows Warning As Hacker Breaks Google Chrome 2FA Security Encryption
Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland - SecurityWeek
Google Patches Critical Chrome Vulnerability Reported by Apple - SecurityWeek
LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk - Infosecurity Magazine
Admins Spring into action over latest open source vuln • The Register
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
These Samsung phones are at risk for a big security vulnerability | Digital Trends
CVE-2024-9680 – Mozilla Firefox Security Vulnerability – October 2024 - Security Boulevard
Hackers target critical zero-day vulnerability in PTZ cameras
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 25 October 2024
Black Arrow Cyber Threat Intelligence Briefing 25 October 2024:
-Overconfidence in Cyber Security: A Hidden Risk
-Gallagher Re Study Links Cyber Security Gaps to Higher Insurance Claims
-AI and Deepfakes Fuel Phishing Scams, Making Detection Harder
-AI-Generated Cyber Threats Have C-Suite Leaders on Edge
-The Single Biggest Vulnerability in Your Cyber Security Is You
-Why Cyber Security Acumen Matters in the C-Suite
-Cyber Incidents Surge, Damaging Brand Trust and Business Relationships – Hiscox
-Cyber Resilience vs Cyber Security: Which is More Critical?
-Phishing Attacks Snare Security and IT Leaders
-CISO Role Gaining Influence as 20% Report Directly to CEOs, Finds Survey
-Threat Actors Are Exploiting Vulnerabilities Faster Than Ever
-Employees Lack Fundamental Security Awareness
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Overconfidence in Cyber Security: A Hidden Risk
Organisations often assume that adding more cyber security tools equates to better protection, yet this overconfidence can lead to blind spots. Companies with fragmented solutions are 3.5 times more likely to face major security incidents. The Uber data breach in 2022 illustrated how alert fatigue—where excessive notifications overwhelm teams—can lead to overlooked threats, even with advanced tools in place. To counter this, experts recommend streamlining cyber security systems, prioritising critical alerts, and regularly auditing security processes. Building a resilient defence isn’t about quantity but the strategic use of technology paired with continuous training and monitoring.
Gallagher Re Study Links Cyber Security Gaps to Higher Insurance Claims
Gallagher Re's recent study, using data from Bitsight and its own cyber incident records, highlights that gaps in cyber security increase the risk of incidents and insurance claims. Organisations with larger cyber footprints, such as extensive IP address networks, are particularly vulnerable, pointing to a need for insurers to consider technographic data alongside traditional metrics. The study suggests that targeted use of external scanning data could help insurers lower loss ratios by up to 16.4%, focusing on the most damaging risks. Basic cyber hygiene, including rapid patching and endpoint management, remains essential for mitigating incidents and reducing potential claims.
AI and Deepfakes Fuel Phishing Scams, Making Detection Harder
Teleport's study highlights that AI-powered impersonation and deepfake-driven phishing are now the hardest cyber threats for businesses to defend against, with 52% of respondents marking these as particularly challenging. AI has enabled cyber criminals to create highly convincing phishing scams targeting credentials, significantly lowering both the cost and skill needed to launch attacks. Despite the adoption of AI tools by 68% of organisations to combat these threats, overconfidence in AI's protective capabilities may be risky.
AI-Generated Cyber Threats Have C-Suite Leaders on Edge
AI-driven cyber attacks are becoming a major concern for senior executives, as sophisticated deepfakes and AI phishing scams pose evolving risks. A recent gathering of over 100 cyber security leaders in Silicon Valley highlighted the growing difficulty in combating AI-powered phishing attacks, with three-quarters of surveyed Fortune 500 security officers reporting significant challenges. Additionally, over half noted the increasing prevalence of deepfake audio and video impersonations. The threat is amplified by AI tools that often lack proper data governance, potentially exposing organisations to heightened risks from third-party suppliers, with predicted fraud losses in the US expected to climb to $40 billion by 2027.
The Single Biggest Vulnerability in Your Cyber Security Is You
A recent report highlights that human error accounts for 68% of successful cyber attacks, indicating it as a significant vulnerability within cyber security. Despite advances in technical defences, human-centric errors, such as skills-based and knowledge-based mistakes, persist as weak points. Current cyber security education and policy efforts focus largely on technical defences, but often overlook the psychological aspects of behaviour. Experts suggest that minimising cognitive load, fostering a positive cyber security culture, and adopting long-term strategies for behavioural change are crucial to reducing human error and building a more resilient cyber security posture.
Why Cyber Security Acumen Matters in the C-Suite
As generative AI and sophisticated cyber threats rise, the need for cyber security expertise within the C-suite has become critical. Effective leaders must balance AI-driven innovations with a strong cyber security framework to prevent potential breaches. This alignment is essential for strategic decision-making, resource allocation, and collaborative crisis response. Boards and CEOs who understand these risks are better positioned to safeguard data, intellectual property, and reputation. Regulatory expectations are increasing, and companies that prioritise cyber security acumen are better prepared to handle compliance challenges and adapt swiftly to evolving threats.
Cyber Incidents Surge, Damaging Brand Trust and Business Relationships – Hiscox
The latest Hiscox Cyber Readiness Report reveals a surge in cyber incidents, with 70% of UK organisations and 67% globally experiencing increased attacks over the past year. This rise in cyber threats is eroding brand trust and impacting business relationships. Nearly half of affected firms face challenges in attracting new customers, a sharp rise from 20% last year, with 43% reporting a loss of existing customers. Additionally, many organisations have integrated Generative AI, with over half acknowledging heightened cyber risk. Yet, a lack of expertise remains, with 37% of UK businesses underprepared to address these evolving risks.
Cyber Resilience vs Cyber Security: Which is More Critical?
Focusing on cyber resilience is increasingly essential for organisations today. Unlike traditional cyber security, which aims to prevent breaches, cyber resilience emphasises an organisation’s ability to continue operating amidst an incident. By adopting a culture of resilience, organisations can safeguard their operations, data, and reputation—even in the face of a cyber attack. Investing in resilience, beginning with people and culture, offers a strong return as it prepares businesses to adapt quickly to adversities. Moreover, in an era of heightened threats, cyber resilience is becoming a competitive advantage, enhancing trust with customers, stakeholders, and insurers.
Phishing Attacks Snare Security and IT Leaders
A recent survey by Arctic Wolf and Sapio Research highlights persistent vulnerabilities in cyber security culture, despite IT leaders’ high confidence levels. While 80% of leaders feel prepared against phishing, nearly two-thirds admitted to clicking on phishing links themselves. Moreover, 36% of IT leaders have bypassed their own security protocols, exposing organisations to heightened risks. In addition, 68% of security professionals reuse passwords, a significant lapse in cyber hygiene. To address these issues, experts advocate for personalised, behaviour-based training and a proactive reporting culture. Only 60% of firms have adopted AI policies, with just 29% of end users aware of these policies, underscoring a need for clearer communication.
CISO Role Gaining Influence as 20% Report Directly to CEOs, Finds Survey
A recent Deloitte Global survey highlights the increasing strategic importance of cyber security in business, with 20% of chief information security officers (CISOs) now reporting directly to CEOs. Covering responses from nearly 1,200 cyber leaders worldwide, the report shows CISOs are evolving from technical experts to key advisers on cross-business risk and resilience, a role intensified by the rise in AI-driven cyber threats. High-performing organisations lead in integrating AI into cyber defence, aiming for 27% better outcomes. Nearly 60% plan to increase cyber budgets, emphasising the alignment of security initiatives with broader digital investments and strategic growth.
Threat Actors Are Exploiting Vulnerabilities Faster Than Ever
Mandiant’s recent research highlights the urgent need for rapid patching as attackers are now exploiting vulnerabilities within just five days on average, a steep drop from 63 days in 2018. The study, based on 138 vulnerabilities disclosed in 2023, reveals a significant shift toward zero-day exploits, now outpacing N-day vulnerabilities. Zero-day vulnerabilities are unknown to vendors and lack available patches at the time of disclosure; N-day vulnerabilities are security flaws that have already been publicly disclosed and typically have a patch available but may remain unaddressed on systems, creating opportunities for cyber attacks. The report underscores that while patching is essential, implementation can be slow, particularly across large systems, mobile devices, or critical infrastructure where operational disruptions pose serious risks.
Employees Lack Fundamental Security Awareness
A recent Fortinet survey highlights growing concern among executives regarding employee cyber security awareness, with 70% stating their teams lack essential knowledge – a significant increase from last year. Over 60% expect a rise in employee-targeted cyber attacks leveraging AI. Positively, 80% of organisations are now more open to implementing security awareness initiatives. Nearly half of these leaders deliver training content quarterly, with phishing prevention as a top focus. The findings underline the necessity of a strong first line of defence, with targeted campaigns and accessible training vital to enhancing organisational cyber resilience.
Sources:
https://www.helpnetsecurity.com/2024/10/24/ai-impersonation-cyberattack-vector/
https://fortune.com/2024/10/24/ai-generated-cyber-threats-c-suite-cfo-leaders-edge/
https://www.sciencealert.com/the-single-biggest-vulnerability-in-your-cyber-security-is-you
https://www.darkreading.com/vulnerabilities-threats/why-cybersecurity-acumen-matters-c-suite
https://betanews.com/2024/10/18/cyber-resilience-vs-cybersecurity-which-is-more-critical/
https://securityboulevard.com/2024/10/phishing-attacks-snare-security-it-leaders/
https://www.techrepublic.com/article/threat-actors-mandiant-report-2024/
https://betanews.com/2024/10/23/employees-lack-fundamental-security-awareness/
Governance, Risk and Compliance
CISOs Concerned Over Growing Demands of Role - Security Boulevard
Lack of investment leaving firms open to cyber attack - PwC – The Irish Times
AI-generated cyber threats have C-suite leaders on edge | Fortune
Poor MFA, identity attacks dominate threat landscape in Q3 2024 | SC Media
Why Cyber Security Acumen Matters in the C-Suite
Overconfidence in Cyber Security: A Hidden Risk
Call for cyber security sea change as world looks to meet rising threats
Joe Sullivan: CEOs must be held accountable for security too | TechTarget
Cyber resilience vs. cybersecurity: Which is more critical? (betanews.com)
CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches (darkreading.com)
CISO role gaining influence as 20% report directly to CEOs, finds survey
CISOs respond: 49% of CISOs plan to leave role without industry action | Security Magazine
In 2025 Security And Risk Pros Will Brace For Regulations And Resilience (forbes.com)
Gartner's 2025 tech trends show how your business needs to adapt - and fast | ZDNET
Effective strategies for measuring and testing cyber resilience - Help Net Security
Why strong cyber security means we must reduce complexity | World Economic Forum
Is the future of tech roles fractional? - BusinessCloud
Achieving peak cyber resilience - Help Net Security
68% of directors don't have a board-approved AI policy - IoD Ireland
Board Members Should Review Cyber Risk Disclosure Procedures Following SEC Enforcement
Best Cyber Security Metrics to Use in the Boardroom | Kovrr - Security Boulevard
CISO Insights: 10 modern capabilities to revamp your security | Fastly
What CIOs Must Consider With Sophos Buying Secureworks
Unclear pricing for GRC tools creates market confusion - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
The evolution of cyber crime: How ransomware became the weapon of choice | TechRadar
Healthcare Sees 300% Surge in Ransomware Attacks
ESET partner breached to send data wipers to Israeli orgs (bleepingcomputer.com)
Ransomware Rising – Understanding, Preventing and Surviving Cyber Extortion - Security Boulevard
Akira is encrypting again after abandoning double extortion • The Register
Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks
NotLockBit: Ransomware Discovery Serves As Wake-Up Call For Mac Users | Tripwire
A Dangerous Alliance: Scattered Spider, RansomHub Join Forces
CISA confirms Veeam vulnerability is being used in ransomware attacks (therecord.media)
NotLockBit Ransomware Can Target macOS Devices - SecurityWeek
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
Government is fed up with ransomware payments fueling cyber attacks (cnbc.com)
Has BlackCat returned as Cicada3301? Maybe.
Chinese trader laundered more than $17M for Lazarus Group in 25 hacks (cointelegraph.com)
Ransomware protection: AI and strategies to combat rising threats - SiliconANGLE
Ransomware attacks against healthcare orgs is on the rise, Microsoft says (qz.com)
Ransomware is driving an increase in emergency patient care (cyberscoop.com)
Ransomware's ripples felt across ERs as care suffers • The Register
Russia recommends prison sentence for REvil hackers | SC Media
Are Leaders Ready to Break the Ransomware Cycle - Security Boulevard
What's behind the 51% drop in ransomware attacks? (securityintelligence.com)
Organisations Paying Fewer Ransoms, Building Resilience: Kaseya | MSSP Alert
Ransomware Victims
How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch
Radisson’s Country Inn and Suites Allegedly Hit by Ransomware | MSSP Alert
Ransomware's ripples felt across ERs as care suffers • The Register
Henry Schein discloses data breach a year after ransomware attack
50,000 Files Exposed in Nidec Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware gang stoops to new low, targets prominent nonprofit for disabled people (therecord.media)
Spate of ransomware attacks on German-speaking schools hits another in Switzerland
Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (thehackernews.com)
Phishing & Email Based Attacks
Cyber criminal underground “thriving” as weekly attacks surge by 75% in Q3 2024 | ITPro
Evolving cyber criminal tactics targeting SMBs - Help Net Security
Latrodectus Malware Increasingly Used by Cyber Criminals - SecurityWeek
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Top open source email platform hacked to steal user details | TechRadar
AI and deepfakes fuel phishing scams, making detection harder - Help Net Security
Evolving Email Threats and How to Protect Against Them - IT Security Guru
Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign (securityaffairs.com)
Threat actors increasingly using malicious virtual hard drives in phishing attacks | CSO Online
LinkedIn bots and spear phishers target job seekers | Malwarebytes
75% of US Senate Campaign Websites Fail to Implement DMARC - Infosecurity Magazine
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans (thehackernews.com)
Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Evolving cyber criminal tactics targeting SMBs - Help Net Security
Other Social Engineering
Experts warn North Koreans are posing as IT workers in the West
'Pig butchering': How cyber criminals target investors with fake trading apps
LinkedIn bots and spear phishers target job seekers | Malwarebytes
HYPR is latest firm to reveal hiring of fraudulent IT worker overseas | CyberScoop
Artificial Intelligence
AI-generated cyber threats have C-suite leaders on edge | Fortune
55% Of Employees Using AI At Work Have No Training On Its Risks (forbes.com)
Hackers are finding new ways to leverage AI - Help Net Security
OpenAI’s voice API can build AI agents for phone scams • The Register
New Cyber Security Warning As 1,000 Elite Hackers Embrace AI
AI and deepfakes fuel phishing scams, making detection harder - Help Net Security
AI tools are being increasingly abused to launch cyber attacks | TechRadar
AI hack: Do not give chatbots your personal data
Cyber Security Teams Largely Ignored in AI Policy Development - Infosecurity Magazine
This new AI jailbreaking technique lets hackers crack models in just three interactions | ITPro
In 2025 Security And Risk Pros Will Brace For Regulations And Resilience (forbes.com)
The rise of the machines and the growing AI identity attack surface | CSO Online
68% of directors don't have a board-approved AI policy - IoD Ireland
AI-Powered Attacks Flood Retail Websites - Infosecurity Magazine
AI honeypot hit 800K times | Cybernews
CIOs under pressure to deliver AI outcomes faster | CIO
2FA/MFA
Poor MFA, identity attacks dominate threat landscape in Q3 2024 | SC Media
Understanding the Importance of MFA: A Comprehensive Guide - Security Boulevard
QR codes are being hijacked to bypass MFA protections | TechRadar
Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
Malware
HM Surf macOS vuln potentially exploited by Adloader malware • The Register
Latrodectus Malware Increasingly Used by Cyber Criminals - SecurityWeek
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Over 6,000 WordPress hacked to install plugins pushing infostealers
Over 10M+ Personal And Corporate Devices Infected By Information Stealers (cybersecuritynews.com)
Modern Malware Is Stealthier Than Older Attacks: This Is How It Stays Hidden
Netskope Reports Possible Bumblebee Loader Resurgence - Infosecurity Magazine
Sneaky Ghostpulse malware loader hides inside PNG pixels • The Register
Hackers infect thousands of WordPress sites with malware plugins | PCWorld
Perfctl malware strikes again via Docker Remote API servers • The Register
'Prometei' Botnet Spreads its Cryptojacker Worldwide (darkreading.com)
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans (thehackernews.com)
Bots/Botnets
Anti-Bot Services Help Cyber Crooks Bypass Google 'Red Page' (darkreading.com)
'Prometei' Botnet Spreads its Cryptojacker Worldwide (darkreading.com)
Mobile
Google Warns of Samsung Zero-Day Exploited in the Wild - SecurityWeek
Why you should power off your phone at least once a week - according to the NSA | ZDNET
Millions of mobile app users at risk from hardcoded creds • The Register
Location tracking of phones is out of control. Here’s how to fight back. - Ars Technica
Denial of Service/DoS/DDoS
How to detect DDoS attacks | TechTarget
Military Exercises Trigger Russian DDoS Attacks on Japan (govinfosecurity.com)
Russia-Linked Hacktivists Attack Japan's Govt, Ports (darkreading.com)
Data Breaches/Leaks
Internet Archive Breached Again, Hackers Exploited Unrotated API Tokens (cybersecuritynews.com)
Cisco Confirms Security Incident After Hacker Offers to Sell Data - SecurityWeek
Insurance admin Landmark says data breach impacts 800,000 people
Cisco takes DevHub portal offline after hacker publishes stolen data (bleepingcomputer.com)
Henry Schein discloses data breach a year after ransomware attack
Millions affected in major health data breach caused by a missing password | TechRadar
Data Breach Impacts Insurer Johnson and Johnson | MSSP Alert
Omni Family Health Data Breach Impacts 470,000 Individuals - SecurityWeek
Dance Apparel Company Sued After 65,000 Customers' Data Exposed
Organised Crime & Criminal Actors
Cyber criminal underground “thriving” as weekly attacks surge by 75% in Q3 2024 | ITPro
The evolution of cyber crime: How ransomware became the weapon of choice | TechRadar
'Pig butchering': How cyber criminals target investors with fake trading apps
Russia recommends prison sentence for REvil hackers | SC Media
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cyber Criminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Chinese trader laundered more than $17M for Lazarus Group in 25 hacks (cointelegraph.com)
'Prometei' Botnet Spreads its Cryptojacker Worldwide (darkreading.com)
Fraudulent DeFi game leveraged in new crypto investor-targeted Lazarus attack | SC Media
Insider Risk and Insider Threats
The Single Biggest Vulnerability in Your Cyber Security Is You : ScienceAlert
The Enemy Within: Navigating the Evolving Landscape of (globenewswire.com)
Fortinet report: 70% of staff lack cyber security awareness
Human error is the weakest link in the cyber security chain. Here are 3 ways to fix it
Insurance
Gallagher leader warns cyber is still an emerging risk | Insurance Times
Facing the uncertainty of cyber insurance claims - Help Net Security
The future of cyber insurance: Meeting the demand for non-attack coverage - Help Net Security
Supply Chain and Third Parties
Can the cyber security industry stop history repeating? | TechRadar
Cloud/SaaS
Think You're Secure? 49% of Enterprises Underestimate SaaS Risks
Microsoft lost some customers' cloud security logs - Help Net Security
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (thehackernews.com)
Half of Organisations Have Unmanaged Long-Lived Cloud Credentials - Infosecurity Magazine
Unmanaged Cloud Credentials Pose Risk to Half of Orgs (darkreading.com)
Top open source email platform hacked to steal user details | TechRadar
Navigating the Complexities & Security Risks of Multi-cloud Management
Evolving cloud threats: Insights and recommendations - Help Net Security
Grip Security Releases 2025 SaaS Security Risks Report
Microsoft creates fake Azure tenants to pull phishers into honeypots (bleepingcomputer.com)
Outages
Can the cyber security industry stop history repeating? | TechRadar
Identity and Access Management
Poor MFA, identity attacks dominate threat landscape in Q3 2024 | SC Media
A Comprehensive Guide to Finding Service Accounts in Active Directory
What is step-up authentication & how can it help prevent financial fraud? (businesscloud.co.uk)
Encryption
What NIST's post-quantum cryptography standards mean for data security
How to fend off a quantum computer attack - Help Net Security
Linux and Open Source
Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass (bleepingcomputer.com)
Why remove Russian maintainers of Linux kernel? Here's what Torvalds says | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
Half of Organisations Have Unmanaged Long-Lived Cloud Credentials - Infosecurity Magazine
Unmanaged Cloud Credentials Pose Risk to Half of Orgs (darkreading.com)
Top open source email platform hacked to steal user details | TechRadar
Millions of mobile app users at risk from hardcoded creds • The Register
The Key Components For a Secure Password Policy - Infosecurity Magazine (infosecurity-magazine.com)
Cisco fixes bug under exploit in brute-force attacks • The Register
Millions affected in major health data breach caused by a missing password | TechRadar
Social Media
LinkedIn bots and spear phishers target job seekers | Malwarebytes
Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations
What to Know About Meta’s Facial Recognition Plans | TIME
Training, Education and Awareness
55% Of Employees Using AI At Work Have No Training On Its Risks (forbes.com)
Fortinet report: 70% of staff lack cyber security awareness
Employees lack fundamental security awareness (betanews.com)
Regulations, Fines and Legislation
EU’s NIS2 Directive for cyber security resilience enters full enforcement | CSO Online
How can businesses comply with EU’s new cyber law?
NIS2’s cyber security value spreads beyond its expanded scope | CSO Online
EU’s NIS2 Directive for cyber security resilience enters full enforcement | CSO Online
SEC.gov | SEC Charges Four Companies With Misleading Cyber Disclosures
EU’s NIS 2 enters into force: compliance is now mandatory
SEC charges tech companies for downplaying SolarWinds breaches (bleepingcomputer.com)
Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations
SEC is Not Accepting Half-Truths - Security Boulevard
UK Government Introduces New Data Governance Legislation - Infosecurity Magazine
SEC SolarWinds Fines a Warning to Organisations, MSSPs | MSSP Alert
Cyber Incident Response Checklist for SEC Compliance | Troutman Pepper - JDSupra
The struggle for software liability: Inside a ‘very, very, very hard problem’ (therecord.media)
In 2025 Security And Risk Pros Will Brace For Regulations And Resilience (forbes.com)
OODA Loop - Board Members Should Review Cyber Risk Disclosure Procedures Following SEC Enforcement
Models, Frameworks and Standards
EU’s NIS2 Directive for cyber security resilience enters full enforcement | CSO Online
How can businesses comply with EU’s new cyber law?
How can businesses comply with EU’s new cyber law?
NIS2’s cyber security value spreads beyond its expanded scope | CSO Online
EU’s NIS 2 enters into force: compliance is now mandatory
EU Adopts Cyber Resilience Act For Connected Devices
What NIST's post-quantum cryptography standards mean for data security
What is DORA – and how can Proton help with compliance? | Proton
Data Protection
Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations
Careers, Working in Cyber and Information Security
What even is a ‘cyber security profession’?
CISOs Concerned Over Growing Demands of Role - Security Boulevard
Cyber security leaders struggle with job stress (devx.com)
Joe Sullivan: CEOs must be held accountable for security too | TechTarget
CISOs respond: 49% of CISOs plan to leave role without industry action | Security Magazine
Making Cyber Security Accessible For Neurodiverse Talent (darkreading.com)
What's more important when hiring for cyber security roles? - Help Net Security
What I’ve learned in my first 7-ish years in cyber security
Law Enforcement Action and Take Downs
Bumblebee malware returns after recent law enforcement disruption (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
CISA proposes new security requirements for businesses exposed to cyber espionage | CSO Online
Nation State Actors
China
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
Gambling sector subjected to APT41 intrusions | SC Media
Russia
Russian Intelligence Ramps Up Global Cyber Campaign, Says Western Intelligence
Former UK special forces director warns of Russian cyber-security threat - Jersey Evening Post
Russian Trolls Sow US Election Chaos (darkreading.com)
Military Exercises Trigger Russian DDoS Attacks on Japan (govinfosecurity.com)
How Russia’s Spies Hacked the Entire Nation of Georgia – BNN Bloomberg
Russian Strategic Information Attack for Catastrophic Effect
Russia-Linked Hacktivists Attack Japan's Govt, Ports (darkreading.com)
Why remove Russian maintainers of Linux kernel? Here's what Torvalds says | ZDNET
Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (thehackernews.com)
Russian Foreign Ministry reports 'large-scale' cyber attack on its resources
Russia recommends prison sentence for REvil hackers | SC Media
Iran
Iranian hackers act as brokers selling critical infrastructure access (bleepingcomputer.com)
North Korea
Experts warn North Koreans are posing as IT workers in the West
Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices
Chinese trader laundered more than $17M for Lazarus Group in 25 hacks (cointelegraph.com)
HYPR is latest firm to reveal hiring of fraudulent IT worker overseas | CyberScoop
Cyber firm launches free tool to weed out hackers in hiring process
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Sidewinder APT Deploying Expanded Attacks | MSSP Alert
Think Tanks Urge Action to Curb Misuse of Spyware and Hack-for-Hire - Infosecurity Magazine
Tools and Controls
Understanding the Importance of MFA: A Comprehensive Guide - Security Boulevard
Time to Get Strict With DMARC (darkreading.com)
55% Of Employees Using AI At Work Have No Training On Its Risks (forbes.com)
Microsoft lost some customers' cloud security logs - Help Net Security
A Business Continuity Cheat Sheet - Compare the Cloud
Can the cyber security industry stop history repeating? | TechRadar
A Comprehensive Guide to Finding Service Accounts in Active Directory
Call for cyber security sea change as world looks to meet rising threats
Fortinet report: 70% of staff lack cyber security awareness
Cyber resilience vs. cyber security: Which is more critical? (betanews.com)
CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches (darkreading.com)
Multi-layered security is the key to keeping data safe – here’s why | ITPro
Effective strategies for measuring and testing cyber resilience - Help Net Security
New Research Underscores the Growing Security Risk Due to Hybrid Work Environments | Business Wire
Negating AI cyber attacks with defence in depth | TechRadar
Threat intelligence vs. threat hunting: Better together | TechTarget
API Vulnerabilities Jump 21% in Third Quarter - Security Boulevard
In 2025 Security And Risk Pros Will Brace For Regulations And Resilience (forbes.com)
68% of directors don't have a board-approved AI policy - IoD Ireland
Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
Achieving peak cyber resilience - Help Net Security
Cyber security incident response: Is your business prepared? | Proton
Microsoft creates fake Azure tenants to pull phishers into honeypots (bleepingcomputer.com)
Unclear pricing for GRC tools creates market confusion - Help Net Security
Five Ways To Improve Your Security Posture, Fast
Enhancing Cyber Security Post-Breach: A Comprehensive Guide - Security Boulevard
What is Third-Party Risk Monitoring in Cyber Security? | UpGuard
Other News
Acronym Overdose – Navigating the Complex Data Security Landscape (thehackernews.com)
The Rise of Cyber Attacks on Critical Infrastructure: Are You Prepared? - Security Boulevard
Why Cyber Security Should Be at the Top of the Agenda for the Utilities Sector (thefastmode.com)
The American Water cyber attack: Explaining how it happened (techtarget.com)
Security Checks: 85% of Online Shoppers Make Security a Top Priority
IT security and government services: Balancing transparency and security - Help Net Security
Vulnerability Management
Threat actors exploit zero days within 5 days, says Google's Mandiant | SC Media (scworld.com)
What is Vulnerability Management? Compliance, Challenges, & Solutions - Security Boulevard
Threat Actors Are Exploiting Vulnerabilities Faster Than Ever (techrepublic.com)
Vulnerabilities
Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass (bleepingcomputer.com)
Microsoft launches Edge 130 with lots of security patches and feature changes - gHacks Tech News
MacOS Safari Exploit Exposes Camera, Mic, Browser Data (darkreading.com)
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (thehackernews.com)
Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices
Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira - SecurityWeek
Fortinet releases patches for undisclosed critical FortiManager vulnerability - Help Net Security
HM Surf macOS vuln potentially exploited by Adloader malware • The Register
Google Warns of Samsung Zero-Day Exploited in the Wild - SecurityWeek
VMware fixes critical vCenter Server RCE bug - again! (CVE-2024-38812) - Help Net Security
CISA confirms Veeam vulnerability is being used in ransomware attacks (therecord.media)
Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign (securityaffairs.com)
Samsung phone users exposed to EoP attacks, Google warns • The Register
High-risk vulnerability affecting UniFi Network Server | Cybernews
CISA Warns Recent Microsoft SharePoint RCE Flaw Exploited in Attacks - SecurityWeek
Microsoft SharePoint RCE under active exploit • The Register
Cisco fixed tens of vulnerabilities, including an actively exploited one
Cisco fixes VPN DoS flaw discovered in password spray attacks
Hackers infect thousands of WordPress sites with malware plugins | PCWorld
Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 October 2024
Black Arrow Cyber Threat Intelligence Briefing 18 October 2024:
-70% of Senior Executives Targeted by Cyber Attack in Past 18 Months, New Study Reveals
-Defenders Must Adapt to Shrinking Exploitation Timelines
-Supply Chain Vulnerabilities are Facilitating a Surge in Ransomware
-Limited Visibility and Tool Proliferation Prevent CISOs from Detecting Breaches
-Organisations Need to Better Prepare Swiftly from Cyber Attacks, New NCSC Head Warns
-Microsoft Logs 600 million Identity Attacks Per Day as Nation-States Team Up with Cyber Criminals for Attacks
-Over 90% of Phishing Campaigns Lead Victims to Malware
-Here’s How Attackers Are Getting Around Phishing Defences
-Firm Hacked After Accidentally Hiring North Korean Cyber Criminal
-Rampant Ransom Payments Highlight Need for Urgent Action on Cyber Resiliency
-October is Cyber Security Awareness Month – It’s a Good Time to Update Your Training Programme
-Phishing Tactics: The Top Attacks Trends in 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
70% of Senior Executives Targeted by Cyber Attack in Past 18 Months, New Study Reveals
A recent report from GetApp highlights that 70% of senior executives have been targeted by cyber attacks in the last 18 months, with AI-driven deepfakes contributing to 22% of attacks. 42% of companies overlook the risks of unsecured communication channels, and 41% fail to regularly update systems. Additionally, 28% of organisations globally do not provide specialised cyber security training for executives, leaving businesses vulnerable to evolving threats.
Defenders Must Adapt to Shrinking Exploitation Timelines
A Mandiant report reveals that the time for attackers to exploit vulnerabilities has dropped sharply to just five days in 2023, down from 32 days in 2022. Zero-day vulnerabilities, which are unknown to vendors, have been favoured over publicly known (n-day) flaws, accounting for 70% of first exploits. Despite media attention, only a portion of vulnerabilities are actively exploited. The findings emphasise the importance of rapid patching and segmented network architectures to reduce risk, as threat actors increasingly exploit vulnerabilities across diverse technologies. Effective prioritisation of patching is now more critical than ever.
Supply Chain Vulnerabilities are Facilitating a Surge in Ransomware
A new report highlights the rising threat of ransomware attacks stemming from software supply chain vulnerabilities, with 62% of small and medium-sized businesses impacted. The findings reveal that 91% of businesses are concerned about ransomware affecting their downstream partners, with nearly half considering changing vendors. The role of AI in cyber attacks is also increasing, with 55% of businesses feeling more at risk due to AI-enhanced threats. Despite the challenges, 97% of those affected managed to restore their data, though 46% had to pay a ransom, with 31% paying over $1 million.
Limited Visibility and Tool Proliferation Prevent CISOs from Detecting Breaches
Despite global security spending set to reach $215 billion in 2024, 44% of CISOs reported failing to detect data breaches over the past year. A key issue is limited visibility, with 70% acknowledging their tools fall short in identifying breaches across hybrid cloud infrastructure. Gaining full visibility into encrypted and lateral traffic is critical, as 93% of malware hides there. CISOs are also overwhelmed by tool proliferation, with 60% prioritising tool consolidation. Concerns around AI-driven cyber attacks are rising, and 46% plan to implement AI to address visibility gaps and improve detection capabilities.
Organisations Need to Better Prepare to Recover Swiftly from Cyber Attacks, New NCSC Head Warns
The new head of the UK’s National Cyber Security Centre, Dr Richard Horne, has warned of escalating cyber threats, and the importance of preparing organisations to recover swiftly from cyber attacks. In 2024 alone, the NCSC responded to 50% more major incidents compared to the previous year, with severe attacks tripling. This rise in threats is driven by the expanding cyber crime marketplace, lowering the barriers for attackers. Horne stressed the need for global collaboration and for security to be embedded in technology from the start.
Microsoft Logs 600 million Identity Attacks Per Day as Nation-States Team Up with Cyber Criminals for Attacks
Microsoft’s 2024 Digital Defence Report reveals a significant rise in identity-based cyber attacks, tracking 600 million attacks over the fiscal year. Despite 41% of enterprises adopting multi-factor authentication (MFA), attackers bypass MFA through infrastructure vulnerabilities. Password attacks, such as phishing and brute force methods, still account for over 99% of these incidents. Although attempted ransomware attacks surged by 2.75 times, successful data encryption fell by threefold. Notably, state-backed cyber criminal collaborations are growing, complicating attack attribution, while AI and passwordless authentication are highlighted as essential for future protection.
Over 90% of Phishing Campaigns Lead Victims to Malware
A recent Comcast Business report highlights phishing as the top cyber security threat in 2023, with over 2.6 billion interactions detected. More than 90% of these phishing attempts aimed to direct victims to sites hosting malware, emphasising the need for stronger anti-phishing measures and staff education. Remote services were the primary method for lateral movement, with over 409 million events detected. The report recommends adopting tools like endpoint detection and response (EDR) and managed detection and response (MDR) to help IT teams detect and respond to early-stage threats through real-time network monitoring.
Here’s How Attackers Are Getting Around Phishing Defences
Email security provider Egress' latest report reveals that cyber attackers are bypassing phishing defences by manipulating natural language processing (NLP) technologies used in email filters. They achieve this by inserting benign text, links, and other obfuscation techniques, allowing malicious emails to pass through undetected. Notably, 78% of malicious emails incorporate multiple evasion tactics. Attackers exploit weaknesses in email security systems, including slow processing times that may cause incomplete scans. This trend is concerning, as phishing remains a significant threat, contributing to 31% of all security incidents according to Verizon’s 2024 breach report.
Firm Hacked After Accidentally Hiring North Korean Cyber Criminal
A company was hacked after unknowingly hiring a North Korean cyber criminal as a remote IT worker. The individual, who falsified employment history and personal details, gained access to the company’s network, stole sensitive data, and later demanded a ransom in cryptocurrency. This incident highlights an increasing threat of North Korean workers infiltrating Western firms to fund their regime, with many cases emerging since 2022. While most of these workers are after steady income, this case marks a significant shift towards data theft and extortion from within company defences.
Rampant Ransom Payments Highlight Need for Urgent Action on Cyber Resiliency
According to the Global Cyber Resilience Report 2024, 69% of organisations have paid ransoms this year, despite 77% having a 'do not pay' policy. Only 2% of firms can recover data within 24 hours, despite 98% setting that as their target. This highlights a major gap between perceived and actual cyber resilience. Organisations are unprepared for modern threats, with fewer than half implementing essential security measures like multi-factor authentication. To reduce risks, businesses must adopt modern data security practices, engage in realistic threat simulations, and invest in automated recovery systems to mitigate the growing threat of AI-driven cyber attacks.
October is Cyber Security Awareness Month – It’s a Good Time to Update Your Training Programme
October marks the 21st annual Cyber Security Awareness Month, highlighting the importance of user awareness in defending against cyber attacks. The US Cyber Security and Infrastructure Security Agency (CISA) reports that 90% of successful cyber attacks start with phishing, and Verizon notes that human factors are involved in 68% of breaches. This underscores the need for continuous training across all levels of an organisation. Key actions include using strong passwords, enabling multi-factor authentication, and maintaining up-to-date systems. It’s a good time to review or implement training programmes, ensuring they meet current standards and promote security awareness both at work and home.
Phishing Tactics: The Top Attacks Trends in 2024
Phishing attacks have evolved beyond email, with AI enabling more personalised and sophisticated tactics, such as voice cloning and deepfakes. Attackers increasingly combine phishing with other cyber attacks, like ransomware, to compromise entire networks. This can lead to data breaches, financial losses, and legal consequences under regulations like GDPR. Organisations must adopt a multi-layered defence strategy, combining employee training, multi-factor authentication, and advanced filtering tools. Regular incident response planning is also crucial to minimise the impact of phishing attacks, as techniques continue to grow more complex and harder to detect.
Sources:
https://www.helpnetsecurity.com/2024/10/16/time-to-exploit-vulnerabilities-2023/
https://www.techradar.com/pro/supply-chain-vulnerabilities-are-facilitating-a-surge-in-ransomware
https://www.helpnetsecurity.com/2024/10/18/cisos-security-tools/
https://www.infosecurity-magazine.com/news/cyber-threats-defend-ncsc-head/
https://cyberscoop.com/email-natural-language-obfuscation-phishing-egress/
https://www.bbc.co.uk/news/articles/ce8vedz4yk7o
https://www.jdsupra.com/legalnews/october-is-cybersecurity-awareness-5531410/
https://www.itpro.com/security/cyber-attacks/phishing-tactics-the-top-attacks-trends-in-year
Governance, Risk and Compliance
Gap Between Cyber Threats And Defences ‘Widening’, Cyber Security Chief Warns - PM Today
UK Reports 50% Spike in 'Nationally Significant' Incidents (inforisktoday.com)
'Nationally significant' cyber attacks are surging, warns the UK's new cyber chief (therecord.media)
Despite massive security spending, 44% of CISOs fail to detect breaches - Help Net Security
Cyber crime's constant rise is becoming everyone's problem - Help Net Security
The Cyber Security Burnout Crisis Is Reaching The Breaking Point (forbes.com)
A quarter of cyber security leaders are ready to quit (betanews.com)
Most businesses “overconfident and underprepared” for 2025 cyber threats – PCR (pcr-online.biz)
Why Cyber Security’s Core Focus Should Be Defending Data (govinfosecurity.com)
Cyber security compliance: the heavy burden of regulations on IT leaders - Raconteur
Return on cyber investment | Professional Security Magazine
What Cyber Security Leaders Can Learn From Golf (darkreading.com)
Cyber Security Awareness Month: How CISOs can engage, educate, and empower - Security Boulevard
CISOs' Privacy Responsibilities Keep Growing (darkreading.com)
What Is the ‘Most Pressing Concern’ for Cyber Professionals? (techrepublic.com)
While Cyber Attacks Are Inevitable, Resilience Is Vital (automation.com)
Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)
Threats
Ransomware, Extortion and Destructive Attacks
More Ransoms Being Paid and More Data Being Lost: Hornetsecurity - Security Boulevard
RansomHub becomes dominant ransomware group in Q3 2024 (securitybrief.co.nz)
Basic cyber hygiene still offers the best defence against ransomware | SC Media (scworld.com)
53% of survey respondents admit to paying over $500,000 ransom | Security Magazine
Are You Prepared for Ransomware IRL? - Security Boulevard
Ransomware Attacks Tripled for Microsoft Customers Last Year (tech.co)
Supply chain vulnerabilities are facilitating a surge in ransomware | TechRadar
Would banning ransomware insurance stop the scourge? • The Register
Schools under siege: from nation-states to ransomware gangs • The Register
99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)
Ransomware Threats Surge with 31 New Groups in 2024 (techinformed.com)
Ransomware still a major threat despite disruption to RaaS groups (betanews.com)
Rampant ransom payments highlight need for urgent action on cyber resiliency | TechRadar
Akira, Fog Ransomware Leverages Critical Veeam RCE | MSSP Alert
INC ransomware rebranded to Lynx, say security researchers • The Register
Ransomware Victims
53% of survey respondents admit to paying over $500,000 ransom | Security Magazine
How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)
Casio Confirms Ransomware Outage and Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Schools under siege: from nation-states to ransomware gangs • The Register
Casio says 'no prospect of recovery yet' after ransomware attack | TechCrunch
India’s biggest health insurer gets ransomware following data breach | TechRadar
Hackers blackmail Globe Life after stealing customer data (bleepingcomputer.com)
BianLian ransomware claims attack on Boston Children's Health Physicians (bleepingcomputer.com)
Phishing & Email Based Attacks
How AI created an email security gap | SC Media (scworld.com)
Attackers are using QR codes sneakily crafted in ASCII and blob URLs in phishing emails | CSO Online
Here’s how attackers are getting around phishing defences | CyberScoop
Phishing tactics: The top attacks trends in 2024 | ITPro
Over 90% of phishing campaigns lead victims to malware | Security Magazine
Phishing tactics: The top attacks trends in 2024 | ITPro
99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)
Be Aware of These Eight Underrated Phishing Techniques - SecurityWeek
Someone Just Lost $35 Million Worth of Crypto After Falling for This Phishing Scam
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
Firm hacked after accidentally hiring North Korean cyber criminal - BBC News
99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)
Scammers use AI to create convincing Gmail phishing calls (appleinsider.com)
What is tailgating (piggybacking) and how to prevent it? | Definition from TechTarget
Alabama man arrested for role in SEC Twitter account hijacking | CyberScoop
Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI
Artificial Intelligence
How AI created an email security gap | SC Media (scworld.com)
From Misuse to Abuse: AI Risks and Attacks (thehackernews.com)
World Economic Forum: AI, Quantum Require ‘Paradigm Shift’ in Security - Security Boulevard
What Is Deepfake Technology? Ultimate Guide To AI Manipulation (eweek.com)
AI is bringing XSS vulnerabilities back to the spotlight | CSO Online
Navigating the Cyber Security Risks of Shadow & Open-Source GenAI - Security Boulevard
LLMs Are a New Type of Insider Adversary (darkreading.com)
Anthropic flags AI's potential to 'automate sophisticated destructive cyber attacks' | ZDNET
Deepfake lovers swindle victims out of $46M in Hong Kong AI scam - Ars Technica
AI Report Finds 74% of Cyber Security Leaders Aware of Sensitive Data Risks | Business Wire
AI data collection under fire - Help Net Security
4 Frightening Things Coming For Security This Season (informationsecuritybuzz.com)
How to Mitigate the Impact of Rogue AI Risks | Trend Micro (US)
NY's Financial Regulator Releases AI Cyber Security Guidance - Law360
AI Companies Are Not Meeting EU AI Act Standards (informationsecuritybuzz.com)
2FA/MFA
Cyber Crime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users (forbes.com)
Malware
Over 90% of phishing campaigns lead victims to malware | Security Magazine
OpenAI confirms threat actors use ChatGPT to write malware (bleepingcomputer.com)
New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT (thehackernews.com)
New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)
Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (thehackernews.com)
New FASTCash malware Linux variant helps steal money from ATMs (bleepingcomputer.com)
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (thehackernews.com)
Fake Google Meet pages deliver infostealers - Help Net Security
Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (thehackernews.com)
Bots/Botnets
How DDoS Botent is used to Infect your Network? - Security Boulevard
Mobile
Over 200 malicious apps on Google Play downloaded millions of times (bleepingcomputer.com)
Which? warns UK users to keep mobile numbers to avoid security risks - Neowin
TrickMo’s Latest Trick - Stealing PINs And Unlock Patterns (informationsecuritybuzz.com)
The hidden risks of IoT: Why businesses need to modernize mobile security | TechRadar
Android banking trojan stealing money: no antivirus software can detect it | Cybernews
What to do if your iPhone or Android smartphone gets stolen? - Help Net Security
Not iPhones, but secure Android phones: that's what Trump's campaign uses - PhoneArena
Trump campaign gets 'unhackable' phones • The Register
Denial of Service/DoS/DDoS
A Deep Dive into DDoS Carpet-Bombing Attacks - Security Boulevard
How DDoS Botent is used to Infect your Network? - Security Boulevard
Independent Russian news site rides out a week of DDoS incidents (therecord.media)
Largest DDoS Cloudflare Attack On Global Sectors Mitigated - Security Boulevard
Internet of Things – IoT
Hackers took over robovacs to chase pets and yell slurs - The Verge
Hackers Made Robot Vacuums Shout Racist Slurs in Their Owners’ Homes (pcmag.com)
The hidden risks of IoT: Why businesses need to modernize mobile security | TechRadar
Organisations Slow to Protect Doors Against Hackers: Researcher - SecurityWeek
Data Breaches/Leaks
Data breaches trigger increase in cyber insurance claims - Help Net Security
Cisco investigates breach after stolen data for sale on hacking forum (bleepingcomputer.com)
Data Breaches: The Not-So-Hidden Cost of Doing Business | Baker Donelson - JDSupra
Fidelity Investments Data Breach Impacts 77,000 Customers - SecurityWeek
US healthcare org admits up to 400k people's data stolen • The Register
Cisco confirms ongoing probe into alleged data breach • The Register
Contractor pays $300K to settle Medicare data breach • The Register
Casio confirms customer data stolen in a ransomware attack (bleepingcomputer.com)
Hackers blackmail Globe Life after stealing customer data (bleepingcomputer.com)
Game Freak Confirms 1TB Data Leaked in Breach | MSSP Alert
Hundreds of thousands of CVs leaked - here's what we know | TechRadar
Organised Crime & Criminal Actors
Microsoft wants tougher punishments for cyber criminals • The Register
Cyber crime's constant rise is becoming everyone's problem - Help Net Security
Southeast Asian Cyber Crime Profits Fuel Shadow Economy (darkreading.com)
Microsoft logs 600 million identity attacks per day as threat actors collaborate more | ITPro
Escalating Cyber Threats Demand Stronger Global Defence and Cooperation - Microsoft On the Issues
The Wiretap: Microsoft Says Kremlin Is Working With Cyber Criminals To Spy On Ukraine (forbes.com)
Cyber Gangs Aren't Afraid of Prosecution (darkreading.com)
Brazilian Police Arrest Notorious Hacker USDoD - SecurityWeek
Two alleged operators of Anonymous Sudan named, charged • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Someone Just Lost $35 Million Worth of Crypto After Falling for This Phishing Scam
North Korean hackers steal $3B in crypto since 2017: report | Invezz
Radiant Capital Suffers $50M Loss in Second Major Hack - DailyCoin
Insider Risk and Insider Threats
The NHI management challenge: When employees leave - Help Net Security
LLMs Are a New Type of Insider Adversary (darkreading.com)
Insurance
Would banning ransomware insurance stop the scourge? • The Register
Data breaches trigger increase in cyber insurance claims - Help Net Security
Supply Chain and Third Parties
Supply chain vulnerabilities are facilitating a surge in ransomware | TechRadar
How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)
Cyber Security Experts Brace for the Next Crisis After the CrowdStrike Near-Disaster - ClearanceJobs
UK Public sector at risk from supply chain attacks, new report warns | ITPro
Cloud/SaaS
Why are we still confused about cloud security? | InfoWorld
Why companies are struggling to keep up with SaaS data protection - Help Net Security
Tenable releases report on cloud security (devx.com)
38% of organisations are at risk of critical exposures | Security Magazine
Cyber Crime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users (forbes.com)
Outages
Cyber Security Experts Brace for the Next Crisis After the CrowdStrike Near-Disaster - ClearanceJobs
Identity and Access Management
The Invisible Army of Non-Human Identities (darkreading.com)
Microsoft's guidance to help mitigate Kerberoasting | Microsoft Security Blog
Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks | HackerNoon
The NHI management challenge: When employees leave - Help Net Security
NHIs may be your biggest — and most neglected — security hole | CSO Online
Orgs With SSO Are Vulnerable to Identity-Based Attacks (darkreading.com)
Encryption
The CISO’s guide to establishing quantum resilience | CSO Online
The quantum dilemma: Game-changer or game-ender - Help Net Security
Chinese researchers claim quantum encryption attack • The Register
Linux and Open Source
New FASTCash malware Linux variant helps steal money from ATMs (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
How Hybrid Password Attacks Work and How to Defend Against Them (thehackernews.com)
The War on Passwords Is One Step Closer to Being Over | WIRED
FIDO Alliance is Standardizing Passkey Portability - Thurrott.com
Understand these seven password attacks and how to stop them (bleepingcomputer.com)
Are Password Managers Safe to Use? (Benefits, Risks & Best Practices) (techrepublic.com)
Social Media
Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI
Training, Education and Awareness
Regulations, Fines and Legislation
NIS2: Most EU countries miss deadline to meet new cyber security rules (cnbc.com)
EU cyber security bill NIS2 hits compliance deadline | Computer Weekly
European companies anxious over non-implementation of EU cyber rules | Euronews
What is the NIS2 Directive and Why Now? - Infosecurity Magazine (infosecurity-magazine.com)
NIS 2 Compliance Deadline Approaches: What You Need To Know (techrepublic.com)
Huge number of businesses not ready for new EU cyber security laws (businessplus.ie)
Ireland to miss EU cyber security deadline (rte.ie)
Are Irish businesses ready for new cyber security rules? (rte.ie)
Only two EU countries meet NIS2 deadline - TechCentral.ie
Is your organisation ready for NIS2? | Intel 471
How NIS2 will impact sectors from healthcare to energy - Help Net Security
Ex-NCSC Chief: UK Cyber Incident Reporting a 'Good Step' (govinfosecurity.com)
Contractor pays $300K to settle Medicare data breach • The Register
AI Companies Are Not Meeting EU AI Act Standards (informationsecuritybuzz.com)
New Cyber Security Rules Threaten Defence Industrial Base - Law360
NY's Financial Regulator Releases AI Cyber Security Guidance - Law360
Models, Frameworks and Standards
EU cyber security bill NIS2 hits compliance deadline | Computer Weekly
European companies anxious over non-implementation of EU cyber rules | Euronews
What is the NIS2 Directive and Why Now? - Infosecurity Magazine (infosecurity-magazine.com)
NIS2: Most EU countries miss deadline to meet new cyber security rules (cnbc.com)
Huge number of businesses not ready for new EU cyber security laws (businessplus.ie)
Only two EU countries meet NIS2 deadline - TechCentral.ie
Is your organisation ready for NIS2? | Intel 471
NIS2 Directive: Experts share their views on the cyber security law (telecomstechnews.com)
How NIS2 will impact sectors from healthcare to energy - Help Net Security
Data Protection
CISOs' Privacy Responsibilities Keep Growing (darkreading.com)
Is a CPO Still a CPO? Privacy Leadership's Evolving Role (darkreading.com)
Careers, Working in Cyber and Information Security
CISSP and CompTIA Security+ lead as most desired security credentials - Help Net Security
The Cyber Security Burnout Crisis Is Reaching The Breaking Point (forbes.com)
Breaking into Cyber Security: It's Never Too Late- IT Security Guru
A quarter of cyber security leaders are ready to quit (betanews.com)
Stagnant salaries risk growth of infosec sector | The Global Recruiter
Security leaders can't catch a break, with many on the verge of quitting | TechRadar
Five alternative paths to the CISO chair | SC Media (scworld.com)
Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)
Cyber Security Careers Go Beyond Coding | NIST
SMBs are being hit hardest by cyber security skills gap | TechRadar
Law Enforcement Action and Take Downs
Dutch police dismantled dual dark web market 'Bohemia/Cannabia' (securityaffairs.com)
Cyber Gangs Aren't Afraid of Prosecution (darkreading.com)
Brazilian Police Arrest Notorious Hacker USDoD - SecurityWeek
Two alleged operators of Anonymous Sudan named, charged • The Register
Alabama man arrested for role in SEC Twitter account hijacking | CyberScoop
Microsoft wants tougher punishments for cyber criminals • The Register
Misinformation, Disinformation and Propaganda
How nation-states exploit political instability to launch cyber operations - Help Net Security
Flood of Election-Related Cyber Activity Unleashed (darkreading.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation-State Cyber Threats: The Hidden War on Infrastructure - Security Boulevard
Nation State Actors
How nation-states exploit political instability to launch cyber operations - Help Net Security
Gap Between Cyber Threats And Defences ‘Widening’, Cyber Security Chief Warns - PM Today
UK Reports 50% Spike in 'Nationally Significant' Incidents (inforisktoday.com)
'Nationally significant' cyber attacks are surging, warns the UK's new cyber chief (therecord.media)
Schools under siege: from nation-states to ransomware gangs • The Register
China
Meet the Chinese 'Typhoon' hackers preparing for war | TechCrunch
China Accuses US of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns (thehackernews.com)
US lawmakers demand probe into China's Salt Typhoon hacks • The Register
White House forms emergency team to deal with China espionage hack | Stars and Stripes
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws (darkreading.com)
UK Fears Chinese Hackers Compromised Critical Infrastructure (bloomberglaw.com)
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks - SecurityWeek
Chinese researchers claim quantum encryption attack • The Register
Intel denies Chinese claims it helps US intelligence orgs • The Register
China trade group claims Intel ignore... - Mobile World Live
China infosec body slams Intel over chip security • The Register
Russia
Agencies warn about Russian government hackers going after unpatched vulnerabilities | CyberScoop
How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)
Russia is actively scanning everything for known vulns • The Register
The Wiretap: Microsoft Says Kremlin Is Working With Cyber Criminals To Spy On Ukraine (forbes.com)
Uncle Sam puts $10M bounty on Russian troll farm Rybar • The Register
Independent Russian news site rides out a week of DDoS incidents (therecord.media)
The Door Closes on Kaspersky: Russia’s Tech World-Beater - CEPA
Russian court websites down after breach claimed by pro-Ukraine hackers (therecord.media)
Iran
Report: Iran cyber attacks against Israel surge after Gaza war (voanews.com)
Iran's APT34 Abuses MS Exchange (darkreading.com)
A cyber attack hit Iranian government sites and nuclear facilities (securityaffairs.com)
North Korea
Firm hacked after accidentally hiring North Korean cyber criminal - BBC News
North Korean hackers steal $3B in crypto since 2017: report | Invezz
Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
Despite massive security spending, 44% of CISOs fail to detect breaches - Help Net Security
The Invisible Army of Non-Human Identities (darkreading.com)
SOC Teams: Threat Detection Tools Are Stifling Us (darkreading.com)
Microsoft's guidance to help mitigate Kerberoasting | Microsoft Security Blog
Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks | HackerNoon
The dark side of API security - Help Net Security
Organisations Slow to Protect Doors Against Hackers: Researcher - SecurityWeek
FIDO Alliance is Standardizing Passkey Portability - Thurrott.com
New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)
CIOs want a platform that combines AI, networking, and security - Help Net Security
Why Continuous API Security is Essential for Modern Businesses - Security Boulevard
NHIs may be your biggest — and most neglected — security hole | CSO Online
Why companies are struggling to keep up with SaaS data protection - Help Net Security
Rampant ransom payments highlight need for urgent action on cyber resiliency | TechRadar
Return on cyber investment | Professional Security Magazine
Orgs With SSO Are Vulnerable to Identity-Based Attacks (darkreading.com)
Hybrid Work Exposes New Vulnerabilities in Print Security (darkreading.com)
Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)
What is Business Continuity Plan? How it Works! (cybersecuritynews.com)
Secure by Design: The (Necessary) Future of Hardware and Software - IT Security Guru
Finance and Insurance API Security: A Critical Imperative - Security Boulevard
While Cyber Attacks Are Inevitable, Resilience Is Vital (automation.com)
CISOs' strategies for managing a growing attack surface - Help Net Security
Reports Published in the Last Week
Other News
Microsoft wants tougher punishments for cyber criminals • The Register
Defenders must adapt to shrinking exploitation timelines - Help Net Security
The Lingering Beige Desktop Paradox (darkreading.com)
New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)
Most businesses “overconfident and underprepared” for 2025 cyber threats – PCR (pcr-online.biz)
Microsoft: K-12, Universities Face Thousands of Attacks (darkreading.com)
Breaking down government hacks: The rise of the modern kill chain (federalnewsnetwork.com)
British intelligence services to protect all UK schools from ransomware attacks (therecord.media)
Top 10 Countries with Best Cyber Security, Finland Ranked First - Life En.tempo.co
6 biggest healthcare security threats | CSO Online
Retail CISOs Take on More Risk to Foster Innovation (darkreading.com)
Marlink reports increase in maritime cyber threats - Port Technology International
Vulnerability Management
Agencies warn about Russian government hackers going after unpatched vulnerabilities | CyberScoop
Google: 70% of exploited flaws disclosed in 2023 were zero-days (bleepingcomputer.com)
Russia is actively scanning everything for known vulns • The Register
Patch-22: The Catch of Waiting to Fix Cyber Security Vulnerabilities - Security Boulevard
How to defend against zero-day vulnerabilities | TechRadar
Secure by Design: The (Necessary) Future of Hardware and Software - IT Security Guru
Zero-Days Account for Most Exploited Bugs in 2023 | MSSP Alert
Vulnerabilities
86k Fortinet devices still vulnerable to active exploits • The Register
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites (thehackernews.com)
Oracle Patches Over 200 Vulnerabilities With October 2024 CPU - SecurityWeek
Windows 11 bug steals 8.63GB of storage space that you can't get back | Windows Central
Windows 11's 2024 update is now also killing internet connections | PCWorld
Juniper Networks Patches Dozens of Vulnerabilities - SecurityWeek
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws (darkreading.com)
Akira, Fog Ransomware Leverages Critical Veeam RCE | MSSP Alert
Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities - SecurityWeek
Vulnerable instances of Log4j still being used nearly 3 years later | SC Media (scworld.com)
Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site - SecurityWeek
VMware fixes high-severity SQL injection CVE-2024-38814 in HCX (securityaffairs.com)
SolarWinds hardcoded credential now exploited in the wild • The Register
Fortinet Edge Devices Under Attack - Again - InfoRiskToday
Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)
Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters - SecurityWeek
F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability - SecurityWeek
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)
Mozilla releases second Firefox 131 security update - gHacks Tech News
Recent Firefox Zero-Day Exploited Against Tor Browser Users - SecurityWeek
Chrome 130 Released with Fix for 17 Security Flaws (cybersecuritynews.com)
CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (thehackernews.com)
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks - SecurityWeek
Iran's APT34 Abuses MS Exchange (darkreading.com)
Netgear WiFi Extender Vulnerability Let Attackers Inject Malicious Commands - Cyber Security News
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 October 2024
Black Arrow Cyber Threat Intelligence Briefing 11 October 2024:
-Your IT Systems Are Being Attacked. Are You Prepared?
-Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds
-Mounting Phishing Attacks Enabled by AI, Deepfakes
-AI is Most Serious Threat to Orgs, According to Security Professionals
-MI5 Chief Warns of Cyber Threats to the UK
-Walking the Tightrope Between Innovation and Risk
-Ransomware Severity Up 68% in First Half of 2024
-31 New Ransomware Groups in 12 Months
-Lack of Cyber Risk Quantification Leaves Companies Financially Exposed: PwC Report
-Software Supply Chain Weaknesses are Increasingly Putting Businesses at Risk
-UK Businesses Cite Economic Risks and Cyber Crime as Top 2024 Concerns: Marsh McLennan
-Cloud Security Risks Surge as 38% of Firms Face Exposures
-Insider Threat Damage Balloons as Visibility Gaps Widen
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Your IT Systems Are Being Attacked. Are You Prepared?
Recent cyber attacks are becoming more frequent and sophisticated, emphasising the need for executive-level engagement in cyber security. Yet many organisations remain unprepared, with CEOs often delegating responsibility to IT departments. A survey revealed that while increasing AI use is expected to lead to more breaches, four in five security officers plan to use AI for defence. Experts advise that CEOs should actively participate in cyber security planning, ask critical questions like 'What are we doing? Is it enough? How do we know?', and regularly review measures to avoid significant business disruptions and regulatory penalties.
Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds
The UK's National Cyber Security Centre (NCSC) has found that 80% of board members and security leaders are uncertain about who holds responsibility for cyber security in their organisations. This confusion stems from CISOs believing accountability lies with the board, while board members think it rests with CISOs. The NCSC's research highlighted that many board members lack in-depth cyber knowledge, leading to gaps in oversight. In response, the NCSC has published new guidance to help CISOs effectively communicate with boards, aiming to bridge this gap and reduce cyber risk across organisations.
Mounting Phishing Attacks Enabled by AI, Deepfakes
A recent report has found that phishing attacks increased by 28% between the first and second quarters of 2024. Of the phishing kits used, 75% leveraged artificial intelligence and 82% incorporated deepfake capabilities. 44% of the attacks between April and June exploited compromised email accounts, with 8% originating from supply chain accounts. Hyperlinks were identified as the most common attack payload, followed by attachments. The report highlighted that attackers' use of AI in phishing toolkits lowers the barrier to entry for cyber attacks. It emphasised the need for organisations to adopt advanced AI defences without introducing new vulnerabilities by using AI unnecessarily.
AI is Most Serious Threat to Orgs, According to Security Professionals
Keeper Security has found that AI-driven cyber threats are now the most serious concern for organisations, with 51% of security leaders identifying them as such. Despite 81% of organisations implementing AI usage policies and 77% of leaders being familiar with AI security best practices, 35% feel least prepared to combat AI-powered attacks compared to other cyber threats. The survey also highlighted that 84% of IT and security leaders find AI-powered tools have made phishing and smishing attacks harder to detect. Organisations are prioritising data encryption, employee training, and advanced threat detection systems to counter these evolving threats.
MI5 Chief Warns of Cyber Threats to the UK
MI5 has warned that cyber threats from Russia, China, and Iran are a growing concern for the UK. Director General Ken McCallum highlighted that these nations are heavily investing in human intelligence and advanced cyber operations targeting government information, technology, and democratic institutions. Despite expelling over 750 Russian diplomats since early 2022—the majority being spies—cyber espionage activities have intensified. MI5 and the National Cyber Security Centre anticipate increased cyber attacks on Western cyber defences, particularly from Russian state actors. McCallum also emphasised the distinct threat posed by China, urging a comprehensive response to build resilience.
Walking the Tightrope Between Innovation and Risk
A recent analysis revealed that early engagement with CISOs in innovation projects leads to proactive security measures, building trust and ensuring innovation and security can coexist. Interestingly, organisations using older operational systems were shielded from recent security incidents, highlighting the inevitable trade-off between innovation and risk. The report suggests reframing the conversation to 'secure innovation' and emphasises fostering a security-first culture where employees are the first line of defence. Additionally, it stresses the importance of ensuring third-party vendors are secure, as a single compromised user could trigger a company-wide incident.
Ransomware Severity Up 68% in First Half of 2024
Cyber Insurer Coalition has found that while cyber insurance claims frequency decreased slightly in the first half of 2024, ransomware severity surged by 68%, with average losses per incident reaching $353,000. Businesses with over $100 million in revenue saw a 140% increase in claims severity, averaging losses of $307,000. Ransomware, though accounting for 18% of claims, heavily drove overall severity. The report also highlighted that 40% of policyholders paid ransom demands. Additionally, organisations using outdated technologies were 2.5 times more likely to experience a claim, underscoring the need for updated security measures.
31 New Ransomware Groups in 12 Months
There has been a 30% increase in active ransomware groups over the past year, with 31 new ransomware groups identified in the last twelve months. Despite intensified law enforcement efforts, the ransomware landscape has become more fragmented. LockBit remained the most active group, accounting for 17% of victims but down 8% from the previous year due to law enforcement operations. The cyber criminal group Play doubled its victim count to become the second most active, while newcomer RansomHub accounted for 7%.
Lack of Cyber Risk Quantification Leaves Companies Financially Exposed: PwC Report
PwC's latest report reveals a significant gap in how organisations quantify cyber risks financially. Despite 89% of executives agreeing on the importance of measuring cyber risk for investment prioritisation, only 15% effectively do so. This disconnect leaves many companies financially vulnerable, with only 21% allocating cyber budgets to top risks. While 77% of executives expect cyber security budgets to increase next year, without proper quantification, funds may not address the most pressing threats. The report highlights that over half of executives see cyber security as a differentiator influencing customer trust and brand loyalty, yet a lack of effective measurement persists.
Software Supply Chain Weaknesses are Increasingly Putting Businesses at Risk
BlackBerry reports that software supply chain weaknesses are increasingly putting businesses at risk of cyber attacks, with 51% of UK IT leaders receiving notifications of attacks or vulnerabilities in the past year. Despite this, 58% trust their suppliers' cyber security policies are comparable or stronger than their own, yet less than half requested compliance confirmations. Additionally, 51% found unknown participants in their software supply chain. The consequences are significant: 71% suffered financial loss, 67% faced data and reputational damage, and 42% took over a week to recover from such attacks.
UK Businesses Cite Economic Risks and Cyber Crime as Top 2024 Concerns: Marsh McLennan
Marsh McLennan has found that economic risks and financial challenges are the top concern for UK businesses over the next 12 months, with 43% of leaders citing these issues. Cyber threats take the number two spot, where the sharp rise in attacks is seen as a growing concern, jumping from 20% in 2023 to 39% in 2024. The report highlights that business leaders plan to prioritise strengthening cyber security measures, including assessing supply chain risks and customer relationships.
Cloud Security Risks Surge as 38% of Firms Face Exposures
Cloud security risks are surging, with 38% of organisations globally facing critical exposures from a combination of security gaps. These security concerns intensify due to the "toxic cloud triad" of publicly exposed, critically vulnerable, and highly privileged cloud workloads, leaving firms vulnerable to cyber attacks resulting in disruptions, system takeovers, and data breaches. Despite the average cost of a data breach in 2024 nearing $5 million, many organisations have misconfigurations and excessive permissions; 84% possess unused or long-standing access keys; and 74% have publicly exposed storage.
Insider Threat Damage Balloons as Visibility Gaps Widen
Recent research indicates that insider threats have led to a sharp increase in cyber attacks, with 83% of organisations experiencing such incidents in 2024, up from 60% the previous year. The growing complexity of IT systems and the adoption of technologies like AI and cloud services are creating visibility gaps and escalating risks. Nearly half of the organisations reported more frequent insider attacks, with remediation costs ranging from $100,000 to $2 million per incident. Additionally, 45% take a week or longer to recover, underscoring the need for improved policies, staff training, and advanced incident-response solutions.
Sources:
https://www.darkreading.com/cyberattacks-data-breaches/it-systems-being-attacked-prepared
https://www.infosecurity-magazine.com/news/boardciso-mismatch-on-cyber/
https://www.msspalert.com/brief/mounting-phishing-attacks-enabled-by-ai-deepfakes
https://www.inforisktoday.com/mi5-chief-warns-cyberthreats-to-uk-a-26483
https://www.darkreading.com/vulnerabilities-threats/walking-tightrope-innovation-risk
https://www.infosecurity-magazine.com/news/new-ransomware-groups-emerge-2024/
https://www.infosecurity-magazine.com/news/cloud-security-risks-surge-38/
Governance, Risk and Compliance
Board-CISO Mismatch on Cyber Responsibility - Infosecurity Magazine (infosecurity-magazine.com)
Walking the Tightrope Between Innovation & Risk (darkreading.com)
Warning over cyber security gap in the HR sector | theHRD (thehrdirector.com)
Your IT Systems Are Being Attacked. Are You Prepared? (darkreading.com)
US CISO Compensation on the Rise, Report Finds | MSSP Alert
45% of cyber security leaders are stressed about budget restraints | Security Magazine
The three qualities modern CISOs must have today to succeed | SC Media (scworld.com)
CISO Paychecks: Worth the Growing Security Headaches? (darkreading.com)
From IT to Boardroom: NIS2 Reshapes Cyber Security Roles (databreachtoday.co.uk)
Organisations are taking action towards cyber resilience: PwC - Reinsurance News
Cyber risk advice for boards | Professional Security Magazine
How the increasing demand for cyber insurance is changing the role of the CISO | CSO Online
Chief risk storyteller: How CISOs are developing yet another skill | CSO Online
Ex-Uber CISO Requests New, 'Fair' Trial (darkreading.com)
Cultivating a security-first mindset: Key leadership actions - Help Net Security
What is OPSEC (operations security)? | Definition from TechTarget
Widening talent pool in cyber with on-demand contractors - Help Net Security
Cyber Accountability Building • Stimson Center
Facts and Stats about Cyber Security and Compliance - Security Boulevard
Many C-suite execs have lost confidence in IT, including CIOs | CIO
Threats
Ransomware, Extortion and Destructive Attacks
Why evolving cyber threats mean small businesses are ransomware targets – Computerworld
Secureworks: Ransomware takedowns didn’t put off cyber criminals | Computer Weekly
Guidance for ransomware incidents | Professional Security Magazine
Ransomware double-extortion group listings peaked in 2024, report finds | SC Media (scworld.com)
Criminals Are Testing Their Ransomware in Africa (darkreading.com)
Homeland Security Blocked 500+ Ransomware Attacks Since 2021 (pymnts.com)
US agency warns against crypto-hungry Trinity ransomware (cointelegraph.com)
Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (cybersecuritynews.com)
Ransomware Victims
Study: 92% of Healthcare Firms Hit by Cyber Attacks This Year (inforisktoday.com)
American Water shut down some of its systems following a cyber attack (securityaffairs.com)
Casio reports IT systems failure after weekend network breach (bleepingcomputer.com)
Credit monitoring and supply chain risk company hacked | CyberScoop
Medical Group Pays $240K Fine for 3 Ransomware Attacks (govinfosecurity.com)
MoneyGram: No evidence ransomware is behind recent cyber attack (bleepingcomputer.com)
Cyber expert suggests American Water cyber incident was a ransomware attack | ITPro
Phishing & Email Based Attacks
Mounting Phishing Attacks Enabled by AI, Deepfakes | MSSP Alert
Commodity and Bulk Phishing Attacks See Huge Rise | SC Media UK (scmagazineuk.com)
Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks (darkreading.com)
Cyber crooks abuse stolen SharePoint, OneDrive, and Dropbox accounts for phishing | Cybernews
Mamba 2FA Cyber Crime Kit Strikes Microsoft Users (darkreading.com)
9 types of phishing attacks and how to identify them | CSO Online
Microsoft 365 accounts targeted by dangerous new phishing scam | TechRadar
62% of observed finance domains involved in phishing attacks | Security Magazine
Scarlett Johansson tops McAfee 2024 Celebrity Hacker Hotlist (betanews.com)
Despite Online Threats, Users Aren’t Changing Behavior (darkreading.com)
Today’s “Good Enough MFA” Should Be Phishing-Resistant - Security Boulevard
OpenAI says Chinese gang tried to phish its staff • The Register
Hurricane Helene exploited in FEMA scams, phishing | SC Media (scworld.com)
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks (darkreading.com)
Cyber crooks abuse stolen SharePoint, OneDrive, and Dropbox accounts for phishing | Cybernews
9 types of phishing attacks and how to identify them | CSO Online
Other Social Engineering
9 types of phishing attacks and how to identify them | CSO Online
To Deliver Malware, Attackers Use the Phone | Intel 471
Despite Online Threats, Users Aren’t Changing Behavior (darkreading.com)
Scarlett Johansson tops McAfee 2024 Celebrity Hacker Hotlist (betanews.com)
Hurricane Helene exploited in FEMA scams, phishing | SC Media (scworld.com)
Attackers Using VSCode to Remotely Compromise Systems | MSSP Alert
Artificial Intelligence
42.5% of fraud attempts are now driven by AI - TechCentral.ie
AI anxiety afflicts 90% of consumers and businesses - see what worries them most | ZDNET
AI Most Serious Threat to Orgs, According to Security Professionals - IT Security Guru
Mounting Phishing Attacks Enabled by AI, Deepfakes | MSSP Alert
Three key strategies for organisations to protect themselves from deepfakes - IT Security Guru
OpenAI details how threat actors are abusing ChatGPT | TechTarget
Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse (404media.co)
Risk Strategies Drawn From the EU AI Act (darkreading.com)
2FA/MFA
Today’s “Good Enough MFA” Should Be Phishing-Resistant - Security Boulevard
Why are we still talking about cyber security basics after all these years? - Security Boulevard
Malware
How Malware is Evolving: Sandbox Evasion and Brand Impersonation - Security Boulevard
Ukrainian pleads guilty to operating Raccoon Stealer malware (bleepingcomputer.com)
Malicious Chrome Add-ons Evade Google's Updated Security (darkreading.com)
To Deliver Malware, Attackers Use the Phone | Intel 471
Two never-before-seen tools, from same group, infect air-gapped devices - Ars Technica
The “Mongolian Skimmer” Uses Unicode To Conceal Its Malicious Intent (informationsecuritybuzz.com)
Malicious packages in open-source repositories are surging | CyberScoop
Crypto-stealing malware campaign infects 28,000 people (bleepingcomputer.com)
How macOS malware works and how to secure your Mac
Attackers Using VSCode to Remotely Compromise Systems | MSSP Alert
Bots/Botnets
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (thehackernews.com)
Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually (thehackernews.com)
Websites are losing the fight against bot attacks - Help Net Security
Unseen Threats: 95% of Advanced Bots Escape Detection on Websites | HackerNoon
Why Web Application Firewalls Are an Indispensable Part of the Security Stack (thefastmode.com)
Gorilla Botnet Launches Over 300,000 DDoS Attacks (informationsecuritybuzz.com)
Mobile
Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs (securityaffairs.com)
This Trojan disguises as Google Chrome or NordVPN to wipe out your accounts | Cybernews
Android 16 could let you lock your phone down even tighter with new security features | TechRadar
Google officially kicks Kaspersky antivirus software app off the Play Store | TechRadar
Google brings better bricking to Androids, to curtail crims • The Register
3 iPhone settings I changed to thwart thieves - and what to do if your phone is stolen | ZDNET
Don’t use iPhone Mirroring at work, experts warn • The Register
Denial of Service/DoS/DDoS
Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors (thehackernews.com)
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (thehackernews.com)
DDoS attacks are on the rise, and are increasingly politically-motivated | TechRadar
Internet of Things – IoT
How smart TVs spy on you and harvest data • The Register
You Need a Separate Network To Protect Yourself From Your Smart Devices (howtogeek.com)
New EU law touts strict cyber security requirements for all connected and IoT devices | Cybernews
14,000 medical devices are online, unsecured and vulnerable | CyberScoop
Data Breaches/Leaks
National Public Data files for bankruptcy after info leak • The Register
90% of Successful Attacks Result in Leaked Data (darkreading.com)
MoneyGram says hackers stole customers' personal information and transaction data | TechCrunch
Internet Archive hacked, data breach impacts 31 million users (bleepingcomputer.com)
Marriott settles for $52M after years-long breaches • The Register
Comcast confirms 237K affected in feisty breach notification • The Register
ADT discloses second breach in 2 months, hacked via stolen credentials (bleepingcomputer.com)
MoneyGram Breach: Social Security Numbers, Bank Account Details Looted (pcmag.com)
FCC Fines T-Mobile $31.5 Million After Carrier Was Hacked 8 Times In 5 Years | Techdirt
Major breach exposes every Dutch police officer: state-sponsored actor suspected | Cybernews
Leaked documents reveal British military’s secret assistance to Israeli army | Al Bawaba
Data loss incidents impact patient care - Help Net Security
Organised Crime & Criminal Actors
British man arrested over hack-to-trade scheme using email password resets | ITPro
Cyber crime and harm - POST (parliament.uk)
Man pleads guilty to stealing over $37M worth of cryptocurrency (securityaffairs.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Lego's website was hacked to promote a crypto scam (engadget.com)
Crypto-stealing malware campaign infects 28,000 people (bleepingcomputer.com)
Man pleads guilty to stealing over $37M worth of cryptocurrency (securityaffairs.com)
FBI created a crypto token so it could watch it being abused • The Register
US agency warns against crypto-hungry Trinity ransomware (cointelegraph.com)
Insider Risk and Insider Threats
Insider Threat Damage Balloons as Visibility Gaps Widen (darkreading.com)
Despite Online Threats, Users Aren’t Changing Behaviour (darkreading.com)
Insurance
Severity of Ransomware Attacks Rose 68% in First Half of 2024, Report Shows (claimsjournal.com)
Cyber insurance demand to rise as new threats emerge, says Bloomberg Intelligence - Reinsurance News
How the increasing demand for cyber insurance is changing the role of the CISO | CSO Online
Supply Chain and Third Parties
Software supply chain weaknesses are increasingly putting businesses at risk | TechRadar
The CrowdStrike bug and the risk of cascading failures - SiliconANGLE
What The SolarWinds Case Means For CISOs And Corporate Cyber Security (forbes.com)
Credit monitoring and supply chain risk company hacked | CyberScoop
Cloud/SaaS
Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks (darkreading.com)
Cyber crooks abuse stolen SharePoint, OneDrive, and Dropbox accounts for phishing | Cybernews
Mamba 2FA Cyber Crime Kit Strikes Microsoft Users (darkreading.com)
Cloud Security Challenges in the Modern Era - Compare the Cloud
Hackers still prefer credentials-based techniques in cloud attacks | SC Media (scworld.com)
Microsoft 365 accounts targeted by dangerous new phishing scam | TechRadar
Social Media Accounts: The Weak Link in Organisational SaaS Security (thehackernews.com)
Outages
The CrowdStrike bug and the risk of cascading failures - SiliconANGLE
What The SolarWinds Case Means For CISOs And Corporate Cyber Security (forbes.com)
MoneyGram: No evidence ransomware is behind recent cyber attack (bleepingcomputer.com)
Encryption
Chinese hack shows why Apple is right about security backdoors (9to5mac.com)
The Wiretap: China Has Infiltrated Police Wiretap Systems (forbes.com)
The 30-year-old internet backdoor law that came back to bite | TechCrunch
Massive US security breach highlights danger of weakening encryption | Proton
Linux and Open Source
CUPS could be abused to launch massive DDoS attack • The Register
Malicious packages in open-source repositories are surging | CyberScoop
Passwords, Credential Stuffing & Brute Force Attacks
There was a 12% increase in brute force cyber attack techniques in 2024 | Security Magazine
This Popular Security Method Doesn't Actually Stop Hackers (makeuseof.com)
Hackers still prefer credentials-based techniques in cloud attacks | SC Media (scworld.com)
Password Basics: Why Mastering Fundamentals Is Crucial (informationsecuritybuzz.com)
Why are we still talking about cyber security basics after all these years? - Security Boulevard
ADT discloses second breach in 2 months, hacked via stolen credentials (bleepingcomputer.com)
Social Media
EU Court Limits Meta's Use of Personal Facebook Data for Targeted Ads (thehackernews.com)
Social Media Accounts: The Weak Link in Organisational SaaS Security (thehackernews.com)
The Social Media Moral Panic Is All About Confusing Risks & Harms | Techdirt
Training, Education and Awareness
Cyber security Is Serious — but It Doesn't Have to Be Boring (darkreading.com)
Regulations, Fines and Legislation
From IT to Boardroom: NIS2 Reshapes Cyber Security Roles (databreachtoday.co.uk)
Marriott settles for $52M after years-long breaches • The Register
Cyber Security and Resilience Bill Update (techuk.org)
UK’s cyber incident reporting law to move forward in 2025 | Computer Weekly
Influential resource on international cyber law updated for 2024 (techxplore.com)
New EU law touts strict cyber security requirements for all connected and IoT devices | Cybernews
How to secure your business before new Cyber Security and Resilience Bill (businesscloud.co.uk)
NIS2 & DORA: Staying ahead of the curve | TechRadar
Risk managers call for EU cyber consistency (emergingrisks.co.uk)
EU retaliates against Russian ‘hybrid warfare’ with new regulations (brusselssignal.eu)
FCC Fines T-Mobile $31.5 Million After Carrier Was Hacked 8 Times In 5 Years | Techdirt
Balancing legal frameworks and enterprise security governance - Help Net Security
Risk Strategies Drawn From the EU AI Act (darkreading.com)
Medical Group Pays $240K Fine for 3 Ransomware Attacks (govinfosecurity.com)
Models, Frameworks and Standards
Meet the shared responsibility model with new CIS resources - Help Net Security
From IT to Boardroom: NIS2 Reshapes Cyber Security Roles (databreachtoday.co.uk)
NIS2 & DORA: Staying ahead of the curve | TechRadar
NIS2 & DORA: Staying ahead of the curve | TechRadar
DORA regulation's nuts and bolts - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
US CISO Compensation on the Rise, Report Finds | MSSP Alert
Banishing Burnout: Data Security Hangs in Balance in Cyber Wellbeing Crisis - IT Security Guru
CISO Paychecks: Worth the Growing Security Headaches? (darkreading.com)
Widening talent pool in cyber with on-demand contractors - Help Net Security
Imposter syndrome in cyber security | Pen Test Partners
Cyber security careers - BBC News
Career Spotlight: The Growing Demand for OT Security Experts (databreachtoday.co.uk)
6 Simple Steps to Eliminate SOC Analyst Burnout (thehackernews.com)
UK Cyber Team seeks future security professionals | Computer Weekly
Law Enforcement Action and Take Downs
British man arrested over hack-to-trade scheme using email password resets | ITPro
Ukrainian pleads guilty to operating Raccoon Stealer malware (bleepingcomputer.com)
Dutch cops reveal takedown of 'largest dark web market' • The Register
Homeland Security Blocked 500+ Ransomware Attacks Since 2021 (pymnts.com)
UK to Continue Disruptive Actions Targeting Cyber Crime (databreachtoday.co.uk)
Man pleads guilty to stealing over $37M worth of cryptocurrency (securityaffairs.com)
FBI created a crypto token so it could watch it being abused • The Register
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
MI5 Chief Warns of Cyber Threats to the UK - InfoRiskToday
DDoS attacks are on the rise, and are increasingly politically-motivated | TechRadar
Nation State Actors
China
MI5 Chief Warns of Cyber Threats to the UK - InfoRiskToday
The 30-year-old internet backdoor law that came back to bite | TechCrunch
Massive US security breach highlights danger of weakening encryption | Proton
Chinese cyber spies reportedly breached Verizon, AT&T • The Register
Illegal donations: how does dark money get into UK politics? | TBIJ (thebureauinvestigates.com)
OpenAI says it has disrupted 20-plus foreign influence networks in past year | CyberScoop
OpenAI says Chinese gang tried to phish its staff • The Register
Russia
MI5 Chief Warns of Cyber Threats to the UK - InfoRiskToday
DOJ seizes 41 Russian-controlled domains in cyber-espionage crackdown | CSO Online
European govt air-gapped systems breached using custom malware (bleepingcomputer.com)
NCSC issues fresh alert over wave of Cozy Bear activity | Computer Weekly
Microsoft: ‘relentless’ Russia-sponsored hacking group has been disrupted - Security - CRN Australia
Russia and Iran want ‘sustained mayhem’ in UK, MI5 warns
Major breach exposes every Dutch police officer: state-sponsored actor suspected | Cybernews
EU retaliates against Russian ‘hybrid warfare’ with new regulations (brusselssignal.eu)
US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (bleepingcomputer.com)
Illegal donations: how does dark money get into UK politics? | TBIJ (thebureauinvestigates.com)
Google officially kicks Kaspersky antivirus software app off the Play Store | TechRadar
Pro-Russian cyber attacks hit Belgium for fourth consecutive day (belganewsagency.eu)
Kaspersky says it's closing down its UK office and laying off dozens | TechCrunch
Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (thehackernews.com)
Cyber Attack Group 'Awaken Likho' Targets Russian Government with Advanced Tools (thehackernews.com)
Iran
MI5 Chief Warns of Cyber Threats to the UK - InfoRiskToday
Russia and Iran want ‘sustained mayhem’ in UK, MI5 warns
Illegal donations: how does dark money get into UK politics? | TBIJ (thebureauinvestigates.com)
Earth Simnavaz Levies Advanced Cyber Attacks Against UAE and Gulf Regions | Trend Micro (US)
North Korea
North Korean Hackers Attacking US Organisations With Unique Hacking Tools (cybersecuritynews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
DDoS attacks are on the rise, and are increasingly politically-motivated | TechRadar
Leaked documents reveal British military’s secret assistance to Israeli army | Al Bawaba
What is spyware? And how do you protect yourself from it? | TechRadar
Tools and Controls
MSSP Market News: Survey Shows 62% of SOC Alerts are Ignored | MSSP Alert
How to protect data centres as Critical National Infrastructure (networkingplus.co.uk)
Cyber insurance demand to rise as new threats emerge, says Bloomberg Intelligence - Reinsurance News
45% of cyber security leaders are stressed about budget restraints | Security Magazine
Organisations are taking action towards cyber resilience: PwC - Reinsurance News
How the increasing demand for cyber insurance is changing the role of the CISO | CSO Online
Hackers Exploiting DNS Tunneling Service To Bypass Network Firewalls (cybersecuritynews.com)
Strengthening Cyber Security with NDR and EDR integration - SiliconANGLE
Setting Up Your Network Security? Avoid These 4 Mistakes (techrepublic.com)
Cyber security professionals are turning to AI as more lose control of detection tools | ZDNET
SOC teams are frustrated with their security tools - Help Net Security
Why Web Application Firewalls Are an Indispensable Part of the Security Stack (thefastmode.com)
Cyber security leaders still shaky about post-attack recovery, reports show | Healthcare IT News
How to Get Going with CTEM When You Don't Know Where to Start (thehackernews.com)
Cyber Security Is Serious — but It Doesn't Have to Be Boring (darkreading.com)
Other News
Study: 92% of Healthcare Firms Hit by Cyber Attacks This Year (inforisktoday.com)
Five percent of all Adobe Commerce and Magento stores hacked, researchers say | Cybernews
NCSC celebrates eight years as Horne blows in | Computer Weekly
Cyber security in an age of terror
Almost half of UK higher education institutions experience a cyber attack every week | TechRadar
London Fire Brigade block almost 340,000 cyber attacks (verdict.co.uk)
Healthcare's Grim Cyber Prognosis Requires Security Booster (darkreading.com)
Kaspersky says it's closing down its UK office and laying off dozens | TechCrunch
Building Cyber Resilience in SMBs With Limited Resources (darkreading.com)
Middle East, Turkey See Cyber Threats Rise (darkreading.com)
Modern payment systems: An effective way to reduce your attack surface | ITPro
Illegal donations: how does dark money get into UK politics? | TBIJ (thebureauinvestigates.com)
Cyber security tips for barristers, solicitors and legal... - NCSC.GOV.UK
Government launches cyber standard for local authorities | Computer Weekly
Reasons why MSPs are the future | Microscope (computerweekly.com)
Vulnerability Management
Vulnerabilities
Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (bleepingcomputer.com)
CISA says critical Fortinet RCE flaw now exploited in attacks (bleepingcomputer.com)
Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (cybersecuritynews.com)
Five percent of all Adobe Commerce and Magento stores hacked, researchers say | Cybernews
UK telcos including BT at risk from DrayTek router vulnerabilities | Computer Weekly
Critical Apache Avro SDK RCE flaw impacts Java applications (securityaffairs.com)
PoC Exploit Released for Microsoft Office 0-day Flaw - CVE-2024-38200 (cybersecuritynews.com)
Single HTTP Request Can Exploit 6M WordPress Sites (darkreading.com)
Okta Classic customers told to check logs for sign-on bypass | SC Media (scworld.com)
Adobe Releases Security Updates for Multiple Products | CISA
Three new Ivanti CSA zero-day actively exploited in attacks (securityaffairs.com)
US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (bleepingcomputer.com)
VMware NSX Vulnerabilities Allow Hackers To Execute Arbitrary Commands (cybersecuritynews.com)
Researchers discover 14 new DrayTek vulnerabilities | Security Magazine
WordPress LiteSpeed Cache plugin flaw could allow site takeover (securityaffairs.com)
Still running Windows 11 22H2? No more security fixes from Microsoft for you! (betanews.com)
Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) - Help Net Security
Firefox Zero-Day Under Attack: Update Your Browser Immediately (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 09 October 2024 – Microsoft and Adobe Security Updates
Black Arrow Cyber Advisory 09 October 2024 – Microsoft Patch Tuesday and Adobe Security Updates
Executive summary
Microsoft’s October Patch Tuesday provides updates to address 117 security issues across its product range, including two actively exploited vulnerabilities and three publicly disclosed bugs. In addition to the Microsoft updates this week also saw Adobe fix 52 vulnerabilities across various products.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of Windows, and all affected Adobe products as soon as possible. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.
Microsoft
Further details on other specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct
Adobe
Further details of the vulnerabilities in Adobe products can be found here under ‘Recent bulletins and advisories’:
https://helpx.adobe.com/security/security-bulletin.html
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 04 October 2024
Black Arrow Cyber Threat Intelligence Briefing 04 October 2024:
-How Snoozing on Cyber Security Fails Modern Businesses
-Cyber Criminals Capitalise on Poorly Configured Cloud Environments
-90% of Cyber Security Incidents Could Be Avoided, Survey Reveals
-The Cyber Industry Needs to Accept It Can't Eliminate Risk
-Cyber Teams Say They Can’t Keep Up with Attack Volumes
-C-Level Executives are a Weak Point for Cyber Security
-Email Phishing Attacks Surge as Attackers Bypass Security Controls
-Security Threats Are More Pressing Than Ever for Business Leaders, With Cloud Worries Taking Top Spot
-Ten Million Brits Hit by Fraud in Just Three Years
-Is the Weakest Link in Cyber Security Becoming Even Weaker?
-Cyber Incidents are the Achilles Heel for Major UK CEOs, Report Finds
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
How Snoozing on Cyber Security Fails Modern Businesses
A recent study has found that many organisations are delaying crucial data security updates, likened to hitting the snooze button on an alarm. This reluctance to modernise security measures leaves businesses vulnerable to evolving threats as technologies like cloud and AI are integrated into operations. The report highlights that clinging to legacy security systems can lead to significant financial and reputational damage. Despite the ever-present threat of cyber attacks, many organisations hesitate to upgrade due to comfort with existing systems and perceived cost implications. The adoption of modern security practices like Zero Trust models and AI-driven tools is essential to mitigate these risks.
Cyber Criminals Capitalise on Poorly Configured Cloud Environments
According to the 2024 Elastic Global Threat Report, cyber criminals are exploiting poorly configured cloud environments and leveraging off-the-shelf offensive security tools, which account for approximately 54% of observed malware alerts, with one tool responsible for over 27% of infections. Misconfigurations are widespread: 47% of Microsoft Azure failures are tied to storage issues, and 30% of AWS failures result from the lack of multi-factor authentication. There has been a 12% increase in brute-force techniques, particularly in Azure environments. While defence technologies are making progress, the report emphasises the need for enterprises to enhance cloud configurations and enforce security measures like multi-factor authentication.
90% of Cyber Security Incidents Could Be Avoided, Survey Reveals
Veeam Software has found that only 43% of EMEA IT decision-makers believe the forthcoming NIS2 directive will significantly enhance EU cyber security. This scepticism persists despite 90% of respondents reporting at least one security incident in the past year that NIS2 could have prevented. While nearly 80% are confident they will eventually comply with NIS2, up to two-thirds expect to miss the October 2024 deadline. The report highlights barriers to compliance, including technical debt (24%), lack of leadership understanding (23%), and insufficient budget (21%). Additionally, 40% have experienced decreased IT budgets since NIS2 was announced, with many organisations ranking it lower in urgency than other business priorities.
The Cyber Industry Needs to Accept It Can't Eliminate Risk
A recent analysis highlights that striving for zero risk in cyber security is unattainable for organisations. The reliance on large technology providers like CrowdStrike exposes systemic risks, where an incident can have widespread impact across dependent businesses. The article emphasises that instead of pursuing perfection, organisations should focus on reducing risks to a manageable level. Transparency with stakeholders about residual risks is crucial to set realistic expectations and maintain trust. It also suggests diversifying technology stacks to avoid overloading risk onto a few providers, and implementing practical security measures that can be consistently followed to manage risks effectively.
Cyber Teams Say They Can’t Keep Up with Attack Volumes
ISACA has found that understaffing and underfunding are major concerns for cyber security professionals in Europe, with 61% reporting understaffed teams and 52% citing underfunding despite predicted spending increases. The report highlighted that 68% feel their work is more stressful now than in 2019 due to a complex threat landscape. Nearly 58% expect to face a cyber attack in the next 12 months, up six percentage points from 2023. Additionally, 52% pointed to a lack of soft skills among cyber pros, especially communication, exacerbating the skills gap in the industry.
C-Level Executives are a Weak Point for Cyber Security
Research indicates that 72% of US senior executives have been targeted by cyber attacks in the past 18 months, highlighting the C-suite as a key security vulnerability. Attacks have grown in frequency and sophistication, with impersonation scams up by 26%, and 27% involving AI-assisted deepfakes. Despite this, many organisations have not prioritised executive security training, though 87% of IT professionals believe senior executives require more training than other staff. As cyber security remains a top concern, companies must enhance security measures to protect their data.
Email Phishing Attacks Surge as Attackers Bypass Security Controls
Egress has reported a 28% rise in email phishing attacks in Q2 2024 compared to Q1, highlighting attackers' effective methods to bypass security controls. These threats intensify as 44% of attacks originated from internally compromised accounts and 8% from supply chain accounts. The report found that 89% of phishing emails involved impersonation, often targeting HR, IT and finance departments. Additionally, commodity attacks have surged, causing a 2700% increase in phishing volumes during such campaigns. Emerging trends also show attackers using multi-channel approaches, leveraging platforms like MS Teams and WhatsApp to exploit vulnerabilities.
Security Threats Are More Pressing Than Ever for Business Leaders, With Cloud Worries Taking Top Spot
PwC has found that cloud-related threats are now the top concern for executives, with 42% ranking them as their primary worry. Despite this focus, 34% admit they are least prepared to address these issues. Hack-and-leak operations and third-party breaches are also significant concerns, cited by 38% and 35% of respondents respectively. Interestingly, Chief Information Security Officers place ransomware among their top three worries, with 42% feeling underprepared to tackle it. The expanding attack surface from increased reliance on cloud, AI, and connected devices underscores the need for an agile, enterprise-wide approach to resilience.
Ten Million Brits Hit by Fraud in Just Three Years
A recent study sponsored by Santander UK and conducted by the Social Market Foundation (SMF) revealed that 21% of respondents across 15 European countries experienced fraud between 2021 and 2023, at a direct cost of £168bn. However, the SMF estimated the total cost of such incidents at £420bn; this includes productivity losses from having to spend time reporting and recovering from the fraud incident. In the UK alone, victims lost an average of £907 each, amounting to a total direct cost of around £9bn. The report highlights that while most believe banks should lead in compensating victims, many also see digital platforms and telecom providers as responsible. Both SMF and Santander are calling on the British government to spearhead a global initiative to combat fraud, including international agreements and enhanced law enforcement.
Is the Weakest Link in Cyber Security Becoming Even Weaker?
Human error is the leading cause of cyber security breaches, with Cybint reporting that 95% result from human mistakes. Verizon's 2023 Data Breach Investigations Report highlights that 74% of incidents involve a human element, such as clicking on phishing links. The rise of deepfakes and increased exposure of personal information have intensified these risks, making attacks more sophisticated. Despite awareness training, prominent organisations continue to face breaches. Notably, Gen Z is over three times more likely to fall for online fraud compared to baby boomers. Remote working has further blurred boundaries, increasing vulnerability to cyber attacks.
Cyber Incidents are the Achilles Heel for Major UK CEOs, Report Finds
FGS Global has found that cyber attacks are the top concern for UK businesses, with 36% of senior leaders reporting cyber incidents in the past year. Despite 85% of firms experiencing a crisis, only 36% feel highly prepared to handle ransomware attacks, which over half fear facing. The report highlights a lack of understanding around cyber security and cyber crime, intensified by AI risks.
Sources:
https://votiro.com/blog/how-snoozing-on-cybersecurity-fails-modern-businesses/
https://www.helpnetsecurity.com/2024/10/04/cloud-environments-attack-surface/
https://dcnnmagazine.com/security/90-of-cybersecurity-incidents-could-be-avoided-survey-reveals/
https://www.computerweekly.com/opinion/The-cyber-industry-needs-to-accept-it-cant-eliminate-risk
https://www.computerweekly.com/news/366612212/Cyber-teams-say-they-cant-keep-up-with-attack-volumes
https://www.techradar.com/pro/c-level-executives-are-a-weak-point-for-cybersecurity-research-says
https://www.infosecurity-magazine.com/news/email-phishing-surge-bypass/
https://www.infosecurity-magazine.com/news/ten-million-brits-hit-fraud-three/
https://hackernoon.com/is-the-weakest-link-in-cybersecurity-becoming-even-weaker
https://www.cityam.com/cyber-incidents-are-the-achilles-heel-for-major-uk-ceos-report-finds/
Governance, Risk and Compliance
CFOs Suit Up for Cyber War as Risk Management Evolves (pymnts.com)
Allies to Leverage During a Cyber Crisis (darkreading.com)
The cyber industry needs to accept it can't eliminate risk | Computer Weekly
Cyber incidents are the Achilles Heel for major UK CEOs, report finds (cityam.com)
As CISO roles expand, so should cyber budgets, says NASCIO 2024 cyber security report | StateScoop
Human Capital and Risk Governance: Insider Threats To Cyber Security (forbes.com)
Global cyber threat to double predicts new report (emergingrisks.co.uk)
Over Half of Cyber Professionals Feel Their Budget is Underfunded - IT Security Guru
C-level executives are a weak point for cyber security | TechRadar
Average North American CISO salary now $565,000 • The Register
BlackBerry report: Cyber threats up 53%, critical sectors hit (securitybrief.co.nz)
Cyber teams say they can’t keep up with attack volumes | Computer Weekly
Watch out, CFOs: cyber crime is booming, says former White House advisor | Fortune
Normalizing Security Culture: Stay Ready (darkreading.com)
Cyber attacks causing reputational damages: CIRA – BNN Bloomberg
Security spending signals major role change for CISOs and their teams | CSO Online
Strengthening Security Posture Through People-First Engagement (informationsecuritybuzz.com)
Forrester's CISO Budget Planning Guide for 2025: Prioritize API Security - Security Boulevard
Gartner: CISOs should ditch ‘zero tolerance’ prevention (techinformed.com)
How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware gangs are using stolen data to threaten CEOs | Fortune
Embargo ransomware escalates attacks to cloud environments (bleepingcomputer.com)
Microsoft: Cloud Environments of US Organisations Targeted in Ransomware Attacks - SecurityWeek
Multinational police effort hits sections of Lockbit ransomware operation | CyberScoop
Russia’s FSB protected Evil Corp gang that carried out NATO cyber-attacks (yahoo.com)
US charges Joker's Stash and Rescator money launderers (bleepingcomputer.com)
More frequent disruption operations needed to dent ransomware gangs, officials say | CyberScoop
Ransomware activity shows no signs of slowing down - Help Net Security
International Counter Ransomware Initiative 2024 Joint Statement | The White House
Ransomware crew infects 100+ orgs monthly with BabyLockerKZ • The Register
Cyber Crime is Still Evil Corp, But Disruptions Are Helping (inforisktoday.com)
Healthcare organisations are having to pay millions to solve ransomware attacks | TechRadar
Here's what to expect from the Counter Ransomware Initiative meeting this week (therecord.media)
JPCERT shares Windows Event Log tips to detect ransomware attacks (bleepingcomputer.com)
Some of the world's biggest countries are teaming up to tackle ransomware scams | TechRadar
Ransomware August 2024 round-up: fools, rules and tools | TechFinitive
Ransomware Victims
Patelco Credit Union Data Breach Impacts Over 1 Million People - SecurityWeek
Ransomware forces Texas hospital to turn away ambulances • The Register
Agence France-Presse says cyber attack targeted IT systems (therecord.media)
Dermatology Practice Sued After Ransomware Attack Exposed Data (bloomberglaw.com)
Phishing & Email Based Attacks
UK on high alert over Iranian spear-phishing attacks, says NCSC | Computer Weekly
New report reveals a rise in phishing attacks, as commodity (globenewswire.com)
Beyond Phishing: AI's New Tricks for Cyber Attacks (govinfosecurity.com)
UK issues alert over threat from cyber attackers working for Iranian state | Evening Standard
iPhone, Android Users Warned After 50,000 Message Email Bomb Attack (forbes.com)
Common Words in Email Scams: Money, Income, Investment, More | Entrepreneur
QR Code phishing is advancing to a new level, so be on your guard | TechRadar
Attackers Targeting Recruiters With More_Eggs Backdoor (darkreading.com)
“Gone Phishing”—Every Cyber Attacker’s Favorite Phrase - Gigaom
IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials | MSSP Alert
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa (thehackernews.com)
Ireland is the most phished country in the world, says survey (siliconrepublic.com)
Business Email Compromise (BEC)/Email Account Compromise (EAC)
IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials | MSSP Alert
Other Social Engineering
QR Code phishing is advancing to a new level, so be on your guard | TechRadar
Students Add Facial Recognition to Meta Smart Glasses to Identify Strangers in Real-Time - MacRumors
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa (thehackernews.com)
Physical Security Is a Big Part of Staying Digitally Safe: My 5 Top Tips (makeuseof.com)
Meet the people hacker trying to improve cyber security (siliconrepublic.com)
Artificial Intelligence
AI-related cyber crime sparks concern among 65% of global survey participants (techmonitor.ai)
New report reveals a rise in phishing attacks, as commodity (globenewswire.com)
Is the Weakest Link in Cyber Security Becoming Even Weaker? | HackerNoon
Three essential steps for organisations to safeguard against deepfakes | TechRadar
Beyond Phishing: AI's New Tricks for Cyber Attacks (govinfosecurity.com)
Putting an end to the AI cyber responsibility turf wars | CyberScoop
Shadow AI, Data Exposure Plague Workplace Chatbot Use (darkreading.com)
FIN7 Gang Hides Malware in AI “Deepnude” Sites - Infosecurity Magazine (infosecurity-magazine.com)
Ukraine-Russia Cyber Battles Have Real-World Impact (darkreading.com)
Deepfake Ukrainian diplomat targeted US senator on Zoom call (bitdefender.com)
Could APIs be the undoing of AI? - Help Net Security
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition (thehackernews.com)
1 in 4 people have experienced identity fraud - and most of them blame AI | ZDNET
Rogue AI: What the Security Community is Missing | Trend Micro (US)
Spotting AI-generated scams: Red flags to watch for - Help Net Security
Cyber security experts praise veto of California's AI safety bill | SC Media (scworld.com)
2FA/MFA
The most common authentication method is also the least secure - Help Net Security
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA (thehackernews.com)
Malware
FIN7 Gang Hides Malware in AI “Deepnude” Sites - Infosecurity Magazine (infosecurity-magazine.com)
New Fin7 Hacker’s AI Naked Image Generator Serves Up More Than Nudes (forbes.com)
DCRat Malware Spreads via HTML Smuggling | MSSP Alert
Attackers Targeting Recruiters With More_Eggs Backdoor (darkreading.com)
Thousands of Linux systems infected by stealthy malware since 2021 (arstechnica.com)
Microsoft reveals how Windows 10 and Windows 11 block keyloggers - Neowin
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition (thehackernews.com)
Here's How Criminals Use CAPTCHAs to Help Spread Malware (makeuseof.com)
North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (thehackernews.com)
Bots/Botnets
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet (thehackernews.com)
What bots mean for businesses and consumers - Help Net Security
Mobile
iPhone, Android Users Warned After 50,000 Message Email Bomb Attack (forbes.com)
This nasty Android adware is making phones unusable — how to stay safe | Tom's Guide (tomsguide.com)
‘Pig butchering’ trading apps found on Google Play, App Store (bleepingcomputer.com)
Verizon outage: iPhones, Android devices stuck in SOS mode (bleepingcomputer.com)
Denial of Service/DoS/DDoS
Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps - SecurityWeek
After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks - SecurityWeek
Hacktivist activity drives a rise in DDoS attacks (betanews.com)
Telcos face increasing frequency and sophistication of DDoS attacks - Nokia (telecoms.com)
Cloudflare mitigated new record-breaking DDoS attack of 3.8 Tbps (securityaffairs.com)
Wave of record-breaking DDoS attacks originating from compromised WiFi routers | Cybernews
Internet of Things – IoT
Trojan cars: Why the US fears Chinese cyber attacks on electric vehicles (france24.com)
Students Add Facial Recognition to Meta Smart Glasses to Identify Strangers in Real-Time - MacRumors
Data Breaches/Leaks
Transport for London (TfL) cyber attack: What you need to know - BBC News
43% of data breaches target small businesses in 5 industries | Retail Technology Review
UK data watchdog confirms it's investigating MoneyGram data breach | TechCrunch
Patelco Credit Union Data Breach Impacts Over 1 Million People - SecurityWeek
T-Mobile US agrees to $31.5M settlement after IT breaches • The Register
Dutch police breached by a state actor (securityaffairs.com)
Louisiana Accounting Firm Breach Impacts More Than 127K Customers | MSSP Alert
Organised Crime & Criminal Actors
UK man allegedly used genealogy sites to hack execs’ email accounts | Fortune
Cyber Crime is Still Evil Corp, But Disruptions Are Helping (inforisktoday.com)
How the FBI and Mandiant caught a 'serial hacker' who tried to fake his own death | TechCrunch
UK reveals father and son at heart of Evil Corp hacking group - BBC News
Man charged for selling forged license keys for network switches (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Linux malware “perfctl” behind years-long cryptomining campaign (bleepingcomputer.com)
Over $750 Million Stolen in Crypto Last Quarter Despite Drop in Hacks: CertiK - Decrypt
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet (thehackernews.com)
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition (thehackernews.com)
Insider Risk and Insider Threats
Is the Weakest Link in Cyber Security Becoming Even Weaker? | HackerNoon
Insider Threats: Are Disgruntled Employees a Cyber Security Risk? | PLANSPONSOR
Insurance
A Guide to Buying and Maintaining Cyberinsurance | PLANSPONSOR
Beazley forecasts cyber insurance market to grow to $40bn by 2030 - Reinsurance News
Munich Re’s HSB launches comprehensive cyber insurance solution for SMBs - Reinsurance News
Supply Chain and Third Parties
Cyber companies need a best practice approach to major incidents. | Computer Weekly
Digital twins are optimizing supply chains and more. Here's why enterprises should care | ZDNET
Cloud/SaaS
Embargo ransomware escalates attacks to cloud environments (bleepingcomputer.com)
Microsoft: Cloud Environments of US Organisations Targeted in Ransomware Attacks - SecurityWeek
Cloud threats top execs' list of cyber nightmares • The Register
Cyber criminals capitalize on poorly configured cloud environments - Help Net Security
The top enterprise cloud threats of 2024 (betanews.com)
Hackers Breach Hybrid Cloud with Stolen Entra ID Credentials (petri.com)
IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials | MSSP Alert
Hacker made millions from breaking into business Office 365 accounts | TechRadar
Navigating the Security Risks of Multicloud Management (darkreading.com)
Top 6 Cloud Security Threats to Watch Out For - Security Boulevard
The End of The SaaS Era: Rethinking Software’s Role In Business
Outages
Cyber companies need a best practice approach to major incidents. | Computer Weekly
UK Post Office axes MoneyGram services in wake of cyber attack (finextra.com)
Verizon outage: iPhones, Android devices stuck in SOS mode (bleepingcomputer.com)
The Playstation Network is down in a global outage (bleepingcomputer.com)
Identity and Access Management
Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions - SecurityWeek
Active Directory attack guidance issued by Five Eyes | SC Media (scworld.com)
Encryption
The fix for BGP’s weaknesses – RPKI – has issues of its own • The Register
Linux and Open Source
Worried about that critical RCE Linux bug? Here's why you can relax | ZDNET
After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks - SecurityWeek
Thousands of Linux systems infected by stealthy malware since 2021 (arstechnica.com)
Passwords, Credential Stuffing & Brute Force Attacks
The most common authentication method is also the least secure - Help Net Security
Up to 600 million Facebook and Instagram passwords stored in plain text (9to5mac.com)
IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials | MSSP Alert
Passkeys and Cyber Security Awareness: A New Era Of Business Security (informationsecuritybuzz.com)
Poor password habits still an issue worldwide (betanews.com)
Complicated Passwords Make You Less Safe, Experts Now Say (forbes.com)
Why your password policy should include a custom dictionary (bleepingcomputer.com)
Social Media
Up to 600 million Facebook and Instagram passwords stored in plain text (9to5mac.com)
Students Add Facial Recognition to Meta Smart Glasses to Identify Strangers in Real-Time - MacRumors
UK regulator preparing for ‘strong action’ against tech giants
Are social media influencers equipped to dodge cyber attacks? | Mint (livemint.com)
Brits bemoan personal data practices but do little about it • The Register
Training, Education and Awareness
Is the Weakest Link in Cyber Security Becoming Even Weaker? | HackerNoon
One-Third of UK Teachers Do Not Have Cyber Security Training (techrepublic.com)
Regulations, Fines and Legislation
NIS2 could prevent cyber security incidents but many businesses aren't ready (betanews.com)
Up to 600 million Facebook and Instagram passwords stored in plain text (9to5mac.com)
SolarWinds CISO: World's Cyber Regulations Still 'In Flux' (pymnts.com)
Sellafield nuclear site in Cumbria fined for IT security breaches - BBC News
Government outlines plan for Cyber Security and Resilience Bill | UKAuthority
How Should CISOs Navigate the SEC Cyber Security Rules? (darkreading.com)
Ireland to grant National Cyber Security Centre emergency powers (finextra.com)
Opinion: How to design a US data privacy law | Ars Technica
UK data watchdog confirms it's investigating MoneyGram data breach | TechCrunch
T-Mobile US agrees to $31.5M settlement after IT breaches • The Register
Opinion | Artificial Intelligence Requires Specific Safety Rules - The New York Times (nytimes.com)
Minimum Healthcare Cyber Standards Called by New Legislation | MSSP Alert
UK regulator preparing for ‘strong action’ against tech giants
Cyber Security in the European Union | Cooley LLP - JDSupra
Financial regulatory agencies are sunsetting a tool to assess cyber risks | FedScoop
Cyber security experts praise veto of California's AI safety bill | SC Media (scworld.com)
Models, Frameworks and Standards
NIS2 could prevent cyber security incidents but many businesses aren't ready (betanews.com)
Could Security Misconfigurations Top OWASP List? (darkreading.com)
Government outlines plan for Cyber Security and Resilience Bill | UKAuthority
Data Protection
Opinion: How to design a US data privacy law | Ars Technica
Brits bemoan personal data practices but do little about it • The Register
Careers, Working in Cyber and Information Security
Average North American CISO salary now $565,000 • The Register
Cyber UK's quickest growing tech field, but skills gap remains | Computer Weekly
Cyber security Professionals Operate Under Increased Stress Levels - Security Boulevard
How Are We Going to Fill 4.8 Million Cyber Security Jobs? (inforisktoday.com)
Cyber security hiring slows, pros' stress levels rise - Help Net Security
Share of Women in UK Cyber Roles Now Just 17% - Infosecurity Magazine (infosecurity-magazine.com)
Law Enforcement Action and Take Downs
Russia exploited Evil Corp relationship for NATO attacks • The Register
Unmasked: The Evil Corp cyber gangster who worked for LockBit | Computer Weekly
More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers - SecurityWeek
Iranian hackers charged over Trump campaign disruption | TechRadar
U.S. charges Joker's Stash and Rescator money launderers (bleepingcomputer.com)
Law enforcement arrests vacationing LockBit developer in ongoing operation | TechSpot
Cyber Crime is Still Evil Corp, But Disruptions Are Helping (inforisktoday.com)
How the FBI and Mandiant caught a 'serial hacker' who tried to fake his own death | TechCrunch
UK reveals father and son at heart of Evil Corp hacking group - BBC News
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa (thehackernews.com)
Iranian hackers charged for ‘hack-and-leak’ plot to influence election (bleepingcomputer.com)
More frequent disruption operations needed to dent ransomware gangs, officials say | CyberScoop
Telegram revealed it shared U.S. user data with law enforcement (securityaffairs.com)
Man charged for selling forged license keys for network switches (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Intel agencies warn of Iran's ongoing phishy behavior • The Register
Iranian hackers charged over Trump campaign disruption | TechRadar
Microsoft cracks down further on Russian hackers looking to disrupt elections | TechRadar
Deepfake Ukrainian diplomat targeted US senator on Zoom call (bitdefender.com)
Iranian hackers charged for ‘hack-and-leak’ plot to influence election (bleepingcomputer.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
CFOs Suit Up for Cyber War as Risk Management Evolves (pymnts.com)
Protecting Democratic Institutions from Cyber Threats - Microsoft On the Issues
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Trojan cars: Why the US fears Chinese cyber attacks on electric vehicles (france24.com)
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration (thehackernews.com)
Russia
Russia exploited Evil Corp relationship for NATO attacks • The Register
Multinational police effort hits sections of Lockbit ransomware operation | CyberScoop
Police arrest four suspects linked to LockBit ransomware gang (bleepingcomputer.com)
More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers - SecurityWeek
Russia’s FSB protected Evil Corp gang that carried out Nato cyber-attacks (yahoo.com)
Trojan cars: Why the US fears Chinese cyber attacks on electric vehicles (france24.com)
Ukraine-Russia Cyber Battles Have Real-World Impact (darkreading.com)
Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (bleepingcomputer.com)
Microsoft cracks down further on Russian hackers looking to disrupt elections | TechRadar
Deepfake Ukrainian diplomat targeted US senator on Zoom call (bitdefender.com)
bne IntelliNews - Russian tech startups, cyber security firms flourish amid sanctions
Russian authorities arrest nearly 100 in raids tied to cyber criminal money laundering | CyberScoop
Dutch police breached by a state actor (securityaffairs.com)
Law enforcement arrests vacationing LockBit developer in ongoing operation | TechSpot
Iran
UK on high alert over Iranian spear-phishing attacks, says NCSC | Computer Weekly
Intel agencies warn of Iran's ongoing phishy behaviour • The Register
Iranian hackers charged over Trump campaign disruption | TechRadar
Iranian hackers charged for ‘hack-and-leak’ plot to influence election (bleepingcomputer.com)
North Korea
North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (thehackernews.com)
North Korea Profits as 'Stonefly' APT Swarms US Co's. (darkreading.com)
North Korean hackers attack Diehl Defence company - Militarnyi
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Hacktivist activity drives a rise in DDoS attacks (betanews.com)
ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions | WIRED
Tools and Controls
Is the Weakest Link in Cyber Security Becoming Even Weaker? | HackerNoon
CFOs Suit Up for Cyber War as Risk Management Evolves (pymnts.com)
Cyber companies need a best practice approach to major incidents. | Computer Weekly
Allies to Leverage During a Cyber Crisis (darkreading.com)
The cyber industry needs to accept it can't eliminate risk | Computer Weekly
As CISO roles expand, so should cyber budgets, says NASCIO 2024 cyber security report | StateScoop
Over Half of Cyber Professionals Feel Their Budget is Underfunded - IT Security Guru
Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions - SecurityWeek
How to Plan and Prepare for Penetration Testing (thehackernews.com)
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA (thehackernews.com)
Moving DevOps Security Out of 'the Stone Age' (darkreading.com)
Security spending signals major role change for CISOs and their teams | CSO Online
Three hard truths hindering cloud-native detection and response - Help Net Security
Forrester's CISO Budget Planning Guide for 2025: Prioritize API Security - Security Boulevard
Gartner: CISOs should ditch ‘zero tolerance’ prevention (techinformed.com)
API security maturity model to assess API security posture | TechTarget
Top 6 Cloud Security Threats to Watch Out For - Security Boulevard
JPCERT shares Windows Event Log tips to detect ransomware attacks (bleepingcomputer.com)
The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It (cybereason.com)
Top 5 Myths of AI & Cyber Security (darkreading.com)
How organisations can derive value from security investments and enable business growth | ITPro
How to balance your understanding of threats and how you respond to them | ITPro
Does your security strategy show continuous improvement? | ITPro
The convergence of network and security – how it helps achieve business outcomes | ITPro
Other News
The cyber industry needs to accept it can't eliminate risk | Computer Weekly
Cyber incidents are the Achilles Heel for major UK CEOs, report finds (cityam.com)
Global cyber threat to double predicts new report (emergingrisks.co.uk)
Cyber teams say they can’t keep up with attack volumes | Computer Weekly
How Snoozing on Cyber Security Fails Modern Businesses - Security Boulevard
UK man allegedly used genealogy sites to hack execs’ email accounts | Fortune
UK Post Office axes MoneyGram services in wake of cyber attack (finextra.com)
Feds say Microsoft security ‘requires an overhaul’ — but will it listen? – Computerworld
Global cyber attacks will more than double this year to 211, says QBE - Reinsurance News
Critical Infrastructure: The latest target for cyber criminals? | TechRadar
When Innovation Outpaces Financial Services Cyber Security - Security Boulevard
Securing Space in the Age of Advanced Cyber Threats (eetimes.eu)
Schools reminded to maintain cyber hygiene by Ofqual | Education Business (educationbusinessuk.net)
America's policy in cyber space is about persistence, not deterrence (cyberscoop.com)
One-Third of UK Teachers Do Not Have Cyber Security Training (techrepublic.com)
Global Cyber Security Agencies Release OT Security Guidelines (inforisktoday.com)
Vulnerability Management
Could Security Misconfigurations Top OWASP List? (darkreading.com)
What are zero-day vulnerabilities? | TechRadar
NVD still backlogged with 17K+ unprocessed bugs • The Register
Systems used by courts and governments across the US riddled with vulnerabilities | Ars Technica
Vulnerabilities
Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug (securityaffairs.com)
Worried about that critical RCE Linux bug? Here's why you can relax | ZDNET
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (thehackernews.com)
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now (thehackernews.com)
New Chrome Security Warning For 3 Billion Windows, Mac, Linux, Android Users (forbes.com)
Rackspace systems hit by zero-day exploit of third-party app • The Register
Organisations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities - SecurityWeek
Zimbra RCE Vuln Under Attack Needs Immediate Patching (darkreading.com)
700K+ DrayTek routers are sitting ducks on the internet • The Register
Critical flaw in NVIDIA Container Toolkit allows full host takeover (bleepingcomputer.com)
Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (bleepingcomputer.com)
VLC Player Vulnerability Let Attackers Execute Malicious Code (cybersecuritynews.com)
Arc browser adds security bulletins and bug bounties - The Verge
The fix for BGP’s weaknesses – RPKI – has issues of its own • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 September 2024
Black Arrow Cyber Threat Intelligence Briefing 27 September 2024:
-Cyber Threats Top the 2024 Travelers Risk Index, Fourth Time in Six Years
-Preparing for the Cyber Security and Fraud Risks of Deepfakes: What Executive Teams Need to Know
-Organisation Data on Dark Web Increases Cyber Attack Risk: Marsh McLennan
-84 Percent of Enterprises Suffered Security Incidents in the Last Year
-It's Estimated That 91% of Cyber Attacks Begin with Phishing Emails
-82% of Phishing Sites Now Target Mobile Devices
-UK Firms Are Dangerously Overconfident About Paying Ransoms to Cyber Criminals
-Preparing To Fail is a Vital Part of Cyber Security
-Over a Third of Employees Secretly Sharing Work Info with AI
-Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyber Attacks
-Underfunding and Leadership Gaps Weaken Cyber Security Defences
-Racist Network Rail Wi-Fi Hack was Work of Malicious Insider
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Threats Top the 2024 Travelers Risk Index, Fourth Time in Six Years
The 2024 Travelers Risk Index shows cyber threats as the top concern for 62% of businesses, surpassing medical cost inflation, employee benefits costs, and economic uncertainty (all at 59%). Despite increased awareness, 30% of over 1,200 respondents lack cyber insurance, though coverage rose to 65% from 60% last year. Cyber incidents rose for the eighth time in nine years, with 24% experiencing breaches. Key concerns include security breaches (57%), ransomware (54%), unsafe employee practices (53%), and system glitches (53%).
Preparing for the Cyber Security and Fraud Risks of Deepfakes: What Executive Teams Need to Know
Reports from the US National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the FBI highlight deepfake technology as a major concern due to the availability of AI tools. Deepfakes can replicate voices and likenesses, making impersonations undetectable. One company lost $25 million to deepfake fraud. Organisations are advised to implement response plans and detection technologies as they become more available, as well as shared phrases to validate identity, but many lack comprehensive strategies, leaving them vulnerable to deepfake-enabled fraud and reputational damage.
Organisation Data on Dark Web Increases Cyber Attack Risk: Marsh McLennan
Searchlight Cyber and the Marsh McLennan Cyber Risk Intelligence Center have found that the presence of any data related to an organisation on the dark web significantly increases the risk of cyber attacks. Despite this, many organisations lack visibility into their dark web exposure. The report emphasises that proactively monitoring the dark web can enable organisations to adjust their defences and effectively stop attacks before they occur.
84 Percent of Enterprises Suffered Security Incidents in the Last Year
Netwrix research shows 84% of enterprises experienced cyber attacks in the past year, up from 65% in 2023. AI automation increases attack frequency and sophistication. Over half of large organisations faced unexpected expenses to fix security gaps. Additionally, 22% faced compliance fines, and 21% suffered reduced competitive edge. Nearly 30% estimate financial damage from cyber threats of at least $50,000.
It's Estimated That 91% of Cyber Attacks Begin with Phishing Emails
Phishing emails cause significant disruption, with 91% of cyber attacks starting this way. Larger companies are vulnerable to lateral phishing (from internal compromised email accounts), while smaller businesses face frequent external phishing and extortion schemes. Smaller businesses experience nearly three times more extortion attacks than larger firms. Many organisations lack tailored security measures to combat evolving email risks, highlighting the need to prioritise email security.
82% of Phishing Sites Now Target Mobile Devices
Zimperium’s 2024 zLabs Global Mobile Threat Report finds 82% of phishing sites target mobile devices, with 76% using HTTPS to appear secure. Unique malware samples increased by 13% year-on-year, with riskware and trojans making up 80% of threats. Healthcare is the most affected industry, with 39% of mobile threats from phishing. Sideloaded apps (installed on a device through unofficial means, bypassing the standard app store) pose significant risks, especially in financial services where 68% of threats are linked to them. Advanced security solutions are essential to protect mobile endpoints.
UK Firms Are Dangerously Overconfident About Paying Ransoms to Cyber Criminals
Cohesity found that ransomware is a top concern for UK organisations, with over half experiencing attacks in 2023. Three-quarters would pay a ransom to recover data, despite only 4% fully recovering after payment. Costs averaged £870,000 per incident, with some reaching £20 million. Fewer than 2% restored operations within 24 hours, and one in five took up to two months. This highlights the need for resilience and robust recovery processes over ransom payments.
Preparing To Fail is a Vital Part of Cyber Security
The UK Government reports that 50% of businesses suffered cyber attacks in 2023. The Synnovis ransomware attack disrupted NHS services, highlighting unpreparedness for worst-case scenarios including when organisations rely on other organisations in their supply chain. Few organisations plan for high-impact risks or supply chain attacks. The report stresses the need for pre-assigned roles and responsibilities to ensure swift remediation. Preparing for the most damaging incidents is essential for organisational survival.
Over a Third of Employees Secretly Sharing Work Info with AI
CybSafe and the National Cyber Security Alliance found that employees sharing sensitive work information with AI tools without permission is a major concern. This behaviour is prevalent among Gen Z (46%) and millennials (43%). Despite awareness of AI risks, over half of employees lack training on safe AI use. Two-thirds of survey respondents worry AI will make scams harder to detect and increase cyber crime. Trust in companies’ AI implementation is low, with 35% expressing low trust. Organisations need training and robust policies to mitigate AI-related risks.
Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyber Attacks
Recent incidents have highlighted that vulnerabilities in widely-used IT and security tools are a top concern for organisations, with supply chain cyber attacks rising significantly between 2022 and 2023. Despite strengthening direct network defences, many organisations have yet to safeguard against third-party control failures. Key strategies include advanced supplier risk management, securing the software development pipeline, and implementing strong access controls. Adopting frameworks like the NIST cyber security framework and incorporating cyber security requirements into vendor contracts are essential. Without proactive measures, organisations remain vulnerable to significant reputational and operational damage from supply chain cyber attacks.
Underfunding and Leadership Gaps Weaken Cyber Security Defences
Trend Micro found that cyber security threats are the top concern for organisations, but many lack strategic leadership and investment. With 96% of IT leaders worried about the expanding attack surface, the report noted that despite blocking 161 billion threats in 2023, —a 10% increase from the previous year—nearly half of respondents said their leadership did not consider cyber security their responsibility. Only 36% can afford 24/7 coverage, leading to fragmented approaches. Over half believe their organisation’s attitude towards cyber security varies monthly, highlighting inconsistency in risk management. Cyber security is a boardroom issue, and neglecting it could have disastrous consequences.
Racist Network Rail Wi-Fi Hack was Work of Malicious Insider
A cyber attack on public Wi-Fi at 19 UK railway stations on 25 September blocked passengers from accessing the service, receiving racist and Islamophobic messages instead. The British Transport Police arrested an employee of GlobalReach Technology, the Wi-Fi provider, for suspected involvement. Although no personal data was compromised, the incident underscores the significant risks posed by malicious insiders. Telent, responsible for the network, aims to restore services by the weekend. This event highlights the need for robust insider threat mitigation strategies.
Sources:
https://www.jdsupra.com/legalnews/preparing-for-the-cybersecurity-and-3002248/
https://hackernoon.com/its-estimated-that-91percent-of-cyber-attacks-begin-with-phishing-emails
https://www.infosecurity-magazine.com/news/82-phishing-target-mobile-devices/
https://www.infosecurity-magazine.com/news/third-employees-sharing-work-info/
https://informationsecuritybuzz.com/underfunding-and-leadership-gaps-weaken-cybersecurity-defenses/
Governance, Risk and Compliance
84 percent of enterprises suffered security incidents in the last year (betanews.com)
AI threats pushing cyber pros to seek legal safeguards | Cybernews
Preparing to fail is a vital part of cyber security - Ian McGowan (scotsman.com)
AI Adoption Set to Unravel Years of Cyber Resilience - IT Security Guru
Brands are changing cyber security strategies due to AI threats (securityintelligence.com)
Underfunding And Leadership Gaps Weaken Cyber Security Defences (informationsecuritybuzz.com)
How Cyber-Risk & Business Risk Are the Same (darkreading.com)
Cyber threats top the 2024 Travelers Risk Index, fourth time in six years - Reinsurance News
New cyber security advisory highlights defence-in-depth strategies (securityintelligence.com)
How cyber compliance helps minimize the risk of ransomware infections - Help Net Security
What to do - and not to do - when you suffer a cyber-attack (businesscloud.co.uk)
Reporting cyber security posture and systemic risk to the board | CIO
How to give cyber security the priority treatment it deserves (moneymarketing.co.uk)
Balancing Risk and Innovation - A CISO Perspective | Security Magazine
Digital security is everyone's concern – Daily Business Magazine (dailybusinessgroup.co.uk)
Are You Sabotaging Your Cyber Security Posture? - Security Boulevard
Round-the-Clock Cyber Coverage Lacking in Many Orgs | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
Companies Often Pay Ransomware Attackers Multiple Times - Security Boulevard
Cyber security experts urge a stronger security posture in response to AI attacks - SiliconANGLE
ENISA Warns About Hacktivist, Ransomware Crossover (databreachtoday.co.uk)
UK firms are dangerously overconfident about paying ransoms to cyber criminals | ITPro
MFA bypass becomes a critical security issue as ransomware tactics advance - Help Net Security
Ransomware Task Force finds 73% attack increase in 2023 | TechTarget
How cyber compliance helps minimize the risk of ransomware infections - Help Net Security
Warnings After New Valencia Ransomware Group Strikes Businesses and Leaks Data | Tripwire
Two-Thirds of Healthcare Organisations Hit by Ransomware – (globenewswire.com)
Ransomware Victims
ICO Fine Software Provider £6M Following Ransomware Attack (nelsonslaw.co.uk)
Two-Thirds of Healthcare Organisations Hit by Ransomware – (globenewswire.com)
Cyber attack could cost Western Isles council more than £1m - BBC News
Lancaster Royal Grammar targeted by cyber ransom hackers - BBC News
AutoCanada says ransomware attack "may" impact employee data (bleepingcomputer.com)
US government agency confirms it was hit by major ransomware attack | TechRadar
Delaware Libraries confirms RansomHub cyber attack • The Register
Phishing & Email Based Attacks
It's Estimated That 91% Of Cyber Attacks Begin With Phishing Emails | HackerNoon
Phishing and deepfakes are leading AI-powered threats (betanews.com)
82% of Phishing Sites Now Target Mobile Devices - Infosecurity Magazine (infosecurity-magazine.com)
Enterprises suffer surge in mobile phishing attacks (betanews.com)
Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials (thehackernews.com)
This Phishing Service Helped Criminals Break Into 1 Million+ Stolen Phones (pcmag.com)
Marko Polo hackers found to be running dozens of scams | SC Media (scmagazine.com)
One quarter of small business owners have been targeted by AI-driven scams (prnewswire.com)
75% of organisations say phishing poses the greatest AI risk | Security Magazine
Microsoft 365 Credentials Targeted by TikTok URL-Based Phishing | MSSP Alert
Other Social Engineering
Beware: fraud and smishing scams targeting students | Bournemouth University
US indicts two over socially engineered $230M+ crypto heist • The Register
How to Stop Getting Spam Calls? This Expert Weighs In. (dailydot.com)
Artificial Intelligence
These Are Cyber Chiefs' Biggest Fears About AI (investopedia.com)
Phishing and deepfakes are leading AI-powered threats (betanews.com)
AI threats pushing cyber pros to seek legal safeguards | Cybernews
AI Adoption Set to Unravel Years of Cyber Resilience - IT Security Guru
Brands are changing cybersecurity strategies due to AI threats (securityintelligence.com)
Less Than Half of AI Users Trained on Security and (globenewswire.com)
HackerOne: 48% of Security Professionals Believe AI Is Risky (techrepublic.com)
Hackers deploy AI-written malware in targeted attacks (bleepingcomputer.com)
One quarter of small business owners have been targeted by AI-driven scams (prnewswire.com)
Hacker plants false memories in ChatGPT to steal user data in perpetuity | Ars Technica
Are new gen AI tools putting your business at additional risk? (securityintelligence.com)
SANS Institute: Top 5 dangerous cyber attack techniques in 2024 (securityintelligence.com)
LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO (thehackernews.com)
Police are using AI to write crime reports. What could go wrong? | ZDNET
2FA/MFA
MFA bypass becomes a critical security issue as ransomware tactics advance - Help Net Security
New Chrome Alert After Hackers Claim 2FA Security Cracked In 10 Minutes (forbes.com)
Malware
AI’s Influence on Malware Attacks Tops IT Pros’ Concerns | MSSP Alert
Unique malware sample volumes seen surging | Computer Weekly
New MacOS Malware Let Attackers Control The Device Remotely (cybersecuritynews.com)
HP Spots a Malware Attack That Was Likely Built With Generative AI (pcmag.com)
RomCom Malware Resurfaces With SnipBot Variant (darkreading.com)
Infostealer malware bypasses Chrome’s new cookie-theft defences (bleepingcomputer.com)
This Windows malware is now evolving to target Linux systems | TechRadar
Move over, Cobalt Strike, there's a new post-exploit tool • The Register
Global infostealer malware operation targets crypto users, gamers (bleepingcomputer.com)
New PondRAT Malware Hidden in Python Packages Targets Software Developers (thehackernews.com)
Russia clings to malware as attacks on Ukraine persist • The Register
Bots/Botnets
65% of websites are unprotected against simple bot attacks - Help Net Security
Mobile
82% of Phishing Sites Now Target Mobile Devices - Infosecurity Magazine (infosecurity-magazine.com)
Mobile Phishing Attacks Targeting Enterprises Surge, Zimperium Researchers Find (prnewswire.com)
The NSA advises you to turn off your phone once a week - here's why | ZDNET
Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials (thehackernews.com)
New Octo Android malware version impersonates NordVPN, Google Chrome (bleepingcomputer.com)
This Phishing Service Helped Criminals Break Into 1 Million+ Stolen Phones (pcmag.com)
New Android banking trojan Octo2 targets European banks (securityaffairs.com)
Victims lose $70k to Play Store wallet-draining app • The Register
Opinion | Israel’s Pager Attacks Have Changed the World - The New York Times (nytimes.com)
How Digital Forensics Experts Read Your Encrypted WhatsApp Messages (forbes.com)
Denial of Service/DoS/DDoS
DDoS overtakes ransomware as most active cyber threat in Europe | Cybernews
Austria subjected to pro-Russian DDoS intrusions | SC Media (scworld.com)
Internet of Things – IoT
3 tips for securing IoT devices in a connected world - Help Net Security
Hacking Kia cars made after 2013 using just their license plate (securityaffairs.com)
Data Breaches/Leaks
TfL sends letters to 5,000 cyber attack customers whose details were hacked | Evening Standard
'Harvest now, decrypt later': Why hackers are waiting for quantum computing | VentureBeat
Dell's Security Woes Deepen: Attackers Strike Twice In One Week (informationsecuritybuzz.com)
Harvey Nichols confirms cyber attack, says customer data leaked | TechRadar
Twilio Call Data Exposed | MSSP Alert
Over 90 million French records exposed: mysterious data hoarder leaves instances open | Cybernews
Data of 3,191 congressional staffers leaked in the dark web (securityaffairs.com)
Threat Actor IntelBroker Allegedly Claims Leak of Deloitte Data (cybersecuritynews.com)
US Capitol Hit by Massive Dark Web Cyber Attack - Newsweek
Hacker uses Telegram chatbots to leak data - Security - iTnews
AutoCanada says ransomware attack "may" impact employee data (bleepingcomputer.com)
Organised Crime & Criminal Actors
ENISA Warns About Hacktivist, Ransomware Crossover (databreachtoday.co.uk)
Why so many hackers are Russian | Cybernews
Why so many hackers are Russian: Vol 2 | Cybernews
Life imitates xkcd comic as Florida gang beats crypto password from retiree | Ars Technica
Cybersecurity Experts Closing in on Ticketmaster Hacker (digitalmusicnews.com)
Risk & Repeat: What's next for Telegram and Pavel Durov? | TechTarget
Telegram CEO Pavel Durov will hand over data to government (nypost.com)
Shocking poll: Half the world has fallen victim to cyber attacks (studyfinds.org)
Why Russia is a Hotbed of Cyber Crime | Intel471
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Life imitates xkcd comic as Florida gang beats crypto password from retiree | Ars Technica
Hackers stole over $44 million from Asian crypto platform BingX (securityaffairs.com)
Marko Polo hackers found to be running dozens of scams | SC Media (scmagazine.com)
An official OpenAI X account just got hacked by crypto scammers | Mashable
US indicts two over socially engineered $230M+ crypto heist • The Register
Global infostealer malware operation targets crypto users, gamers (bleepingcomputer.com)
Insider Risk and Insider Threats
Racist Network Rail Wi-Fi hack was work of malicious insider | Computer Weekly
Mandiant gives tips on catching North Korean IT operatives • The Register
The Importance of Cyber Security Awareness and Insider Threat Management - Security Boulevard
Why insider threats are cyber security’s next big challenge - Hindustan Times
Insurance
Cyber insurance price hikes stabilize as insurers expect more from CISOs | CSO Online
The surge in cyber insurance and what it means for your business - Help Net Security
Cyber Insurers Owe Millions for Attack, Transcription Firm Says (bloomberglaw.com)
Supply Chain and Third Parties
China's 'Salt Typhoon' Cooks Up Cyber Attacks on US ISPs (darkreading.com)
Cyber security: Remember, We Are All Connected (epsnews.com)
Evaluating embedded vulnerabilities and cyber security risks in procurement | TechRadar
CrowdStrike to Congress: 'Perfect storm' led to IT outage • The Register
Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyber Attacks - SecurityWeek
Cloud/SaaS
AWS says customers are turning back to on-prem | TechRadar
Microsoft Trims Cloud Cyber Attack Surface (darkreading.com)
Microsoft 365 Credentials Targeted by TikTok URL-Based Phishing | MSSP Alert
Ivanti's Cloud Service Attacked via Second Vuln (darkreading.com)
Outages
'Cyber security issue' blamed for MoneyGram's ongoing outage • The Register
CrowdStrike exec to apologize for faulty update that caused global IT outage (yahoo.com)
CrowdStrike to Congress: 'Perfect storm' led to IT outage • The Register
Identity and Access Management
Securing non-human identities: Why fragmented strategies fail - Help Net Security
Active Directory compromise: Cyber security agencies provide guidance - Help Net Security
Encryption
How to prepare for post-quantum computing security | TechTarget
'Harvest now, decrypt later': Why hackers are waiting for quantum computing | VentureBeat
G7 Cyber Expert Group warns financial sector of quantum computing | SC Media (scworld.com)
How Digital Forensics Experts Read Your Encrypted WhatsApp Messages (forbes.com)
Linux and Open Source
Doomsday 9.9 unauthenticated RCE bug affects 'all Linux' • The Register
Printer bug sends researchers into uproar, affects major Linux distros | CyberScoop
This Windows malware is now evolving to target Linux systems | TechRadar
New Mallox ransomware Linux variant based on leaked Kryptina code (bleepingcomputer.com)
Paid open-source maintainers spend more time on security - Help Net Security
FreeBSD Hypervisor Vulnerability Lets Attackers Execute Malicious Code (cybersecuritynews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why You Need a Longer Password (howtogeek.com)
Public Sector Compliance: Passwords and Credentials Matter - Security Boulevard
Social Media
Microsoft 365 Credentials Targeted by TikTok URL-Based Phishing | MSSP Alert
An official OpenAI X account just got hacked by crypto scammers | Mashable
LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO (thehackernews.com)
42% of daily X users have a negative view of it - losing the block feature won't help | ZDNET
X's first transparency report since Musk reveals a surprising contradiction | ZDNET
Malvertising
Training, Education and Awareness
STUDY: Less Than Half of AI Users Trained on Security and (globenewswire.com)
Combating phishing attacks through awareness and simulation | Cybernews
The Importance of Cyber Security Awareness and Insider Threat Management - Security Boulevard
Regulations, Fines and Legislation
ICO Fine Software Provider £6M Following Ransomware Attack (nelsonslaw.co.uk)
Rethinking the United Nations Cybercrime Treaty (justsecurity.org)
Cyber Security | UK Regulatory Outlook September 2024 - Osborne Clarke | Osborne Clarke
UK government's bank data sharing plan blasted by critics • The Register
Models, Frameworks and Standards
New NIST program focuses on AI cyber security and privacy | SC Media (scmagazine.com)
Backup and Recovery
Isolated Cyber Vaults: The last line of defence against billions of attacks | TechRadar
Data Protection
LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO (thehackernews.com)
Careers, Working in Cyber and Information Security
It’s Never Too Late: Transitioning to a Career in Cyber Security - IT Security Guru
Future-proofing cyber security: Why talent development is key - Help Net Security
Round-the-Clock Cyber Coverage Lacking in Many Orgs | MSSP Alert
Law Enforcement Action and Take Downs
Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials (thehackernews.com)
This Phishing Service Helped Criminals Break Into 1 Million+ Stolen Phones (pcmag.com)
Telegram Agrees to Share User Data with Authorities for Criminal Investigations (thehackernews.com)
US indicts two over socially engineered $230M+ crypto heist • The Register
Risk & Repeat: What's next for Telegram and Pavel Durov? | TechTarget
Telegram CEO Pavel Durov will hand over data to government (nypost.com)
FBI raids government IT and cyber contractor Carahsoft - Nextgov/FCW
Misinformation, Disinformation and Propaganda
Fake UK news sites ‘spreading false stories’ about western firms in Ukraine | Russia | The Guardian
How Russia, China & Iran Are Targeting US Elections (darkreading.com)
China are the real hackers not us, Taiwan says after cyber accusations, Asia News - AsiaOne
Iranian-linked election interference operation shows signs of recent access | CyberScoop
Officials: Fake Kamala Harris Videos Part of Russian Influence Operations | MSSP Alert
China urges vigilance against Taiwanese cyber attacks - CNA (channelnewsasia.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Developing an effective cyber warfare response plan - Help Net Security
Volt Typhoon: The real end game of evolving nation-state threats - SiliconANGLE
The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions - Security Boulevard
Nation State Actors
Bulk of data centre cyber attacks coming from hostile states, warn EU experts (irishexaminer.com)
How Russia, China & Iran Are Targeting US Elections (darkreading.com)
China
US ISPs targeted by new Chinese cyber espionage gang | SC Media (scworld.com)
China's Salt Typhoon cyber spies spotted deep inside US ISPs • The Register
Chinese hackers allegedly hacked US ISPs for cyber espionage | CSO Online
Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China - SecurityWeek
China's 'Salt Typhoon' Cooks Up Cyber Attacks on US ISPs (darkreading.com)
Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw (securityaffairs.com)
Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020 (securityaffairs.com)
China are the real hackers not us, Taiwan says after cyber accusations, Asia News - AsiaOne
China urges vigilance against Taiwanese cyber attacks - CNA (channelnewsasia.com)
Russia
Fake UK news sites ‘spreading false stories’ about western firms in Ukraine | Russia | The Guardian
Russia-backed Gamaredon still ‘most engaged’ hacker group in Ukraine (therecord.media)
Ukraine sees shift in Russian hacking tactics: more widespread, less severe | Cybernews
Officials: Fake Kamala Harris Videos Part of Russian Influence Operations | MSSP Alert
Why so many hackers are Russian | Cybernews
Why so many hackers are Russian: Vol 2 | Cybernews
Russia clings to malware as attacks on Ukraine persist • The Register
Why Russia is a Hotbed of Cyber Crime | Intel471
Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks (thehackernews.com)
Kaspersky deletes itself, installs UltraAV antivirus without warning (bleepingcomputer.com)
Austria subjected to pro-Russian DDoS intrusions | SC Media (scworld.com)
Iran
UNC1860 provides Iran-linked APTs with access to Middle Eastern networks (securityaffairs.com)
Bulk of data centre cyber attacks coming from hostile states, warn EU experts (irishexaminer.com)
Concealed Fox Kitten infrastructure exposed | SC Media (scworld.com)
Sweden blames Iran for cyber-attack after Quran-burnings - BBC News
Iranian-linked election interference operation shows signs of recent access | CyberScoop
North Korea
Mandiant gives tips on catching North Korean IT operatives • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Did Israel infiltrate Lebanese telecoms networks? (securityaffairs.com)
ENISA Warns About Hacktivist, Ransomware Crossover (databreachtoday.co.uk)
Tools and Controls
Preparing to fail is a vital part of cyber security - Ian McGowan (scotsman.com)
AI Adoption Set to Unravel Years of Cyber Resilience - IT Security Guru
Less Than Half of AI Users Trained on Security and (globenewswire.com)
MFA bypass becomes a critical security issue as ransomware tactics advance - Help Net Security
Cloud Exit: 42% of Companies Move Data Back On-Premises - Techopedia
Why threat intelligence is essential to consolidated security | SC Media (scmagazine.com)
Mastercard's Bet on Recorded Future a Win for CTI (darkreading.com)
New cyber security advisory highlights defence-in-depth strategies (securityintelligence.com)
Combating phishing attacks through awareness and simulation | Cybernews
Developing an effective cyber warfare response plan - Help Net Security
Active Directory compromise: Cyber Security agencies provide guidance - Help Net Security
Keep Tier-One Applications Out of Virtual Environments (darkreading.com)
Boredom Is the Silent Killer in Your IT Systems (darkreading.com)
When technical debt strikes the security stack | CSO Online
What Does Platformization Mean for MSSPs and MDRs? | MSSP Alert
What Is Cyber Threat Hunting? (techrepublic.com)
Bulk of data centre cyber attacks coming from hostile states, warn EU experts (irishexaminer.com)
65% of websites are unprotected against simple bot attacks - Help Net Security
CrowdStrike exec to apologize for faulty update that caused global IT outage (yahoo.com)
Securing non-human identities: Why fragmented strategies fail - Help Net Security
Kaspersky users shocked by automatic antivirus replacement without explicit permission | Cybernews
Offensive cyber operations are more than just attacks - Help Net Security
Privacy And API Security: What’s At Stake? (informationsecuritybuzz.com)
How automated red teaming can improve your cyber security | Tech Donut
Move over, Cobalt Strike, there's a new post-exploit tool • The Register
Other News
Small doesn’t mean safe: how SMEs are under attack (smh.com.au)
Digital security is everyone's concern – Daily Business Magazine (dailybusinessgroup.co.uk)
Microsoft Trims Cloud Cyber Attack Surface (darkreading.com)
How Microsoft Is Beefing Up Security With 34,000 Engineers (databreachtoday.co.uk)
Microsoft CEO to cyber team: Don’t tell me how great everything is | The Seattle Times
Are You Sabotaging Your Cyber Security Posture? - Security Boulevard
Cyber security threats target healthcare - SiliconANGLE
ISO - Healthcare cyber security: Diagnosing risks, prescribing solutions
5 Cyber Security Threats Every Startup Should Know | LevelBlue (att.com)
Google, Apple and the antitrust tipping point (ft.com)
10 security bugs put fuel storage tanks at risk of attacks • The Register
6 Cyber Security Headaches Sporting Events Suffer (darkreading.com)
A lesson in cyber threats: Building resilient networks in education | theHRD (thehrdirector.com)
Vulnerability Management
Microsoft ends development of Windows Server Update Services (WSUS) (bleepingcomputer.com)
Windows Server 2025 gets hotpatching option, without reboots - Help Net Security
Boredom Is the Silent Killer in Your IT Systems (darkreading.com)
When technical debt strikes the security stack | CSO Online
EPSS vs. CVSS: What's the Best Approach to Vulnerability Prioritization? (thehackernews.com)
60% of vulnerabilities were leveraged against Microsoft Exchange | Security Magazine
Vulnerabilities
Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover (darkreading.com)
Doomsday 9.9 unauthenticated RCE bug affects 'all Linux' • The Register
Critical Linux bug is CUPS-based remote-code execution hole • The Register
Cisco Patches High-Severity Vulnerabilities in IOS Software - SecurityWeek
Critical Ivanti vTM auth bypass bug now exploited in attacks (bleepingcomputer.com)
Third Recent Ivanti Vulnerability Exploited in the Wild - SecurityWeek
Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA
HPE patches three critical flaws in Aruba software • The Register
Researcher reveals ‘catastrophic’ security flaw in the Arc browser - The Verge
Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229 | CISA
CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF - SecurityWeek
ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products - SecurityWeek
FreeBSD Hypervisor Vulnerability Lets Attackers Execute Malicious Code (cybersecuritynews.com)
60% of vulnerabilities were leveraged against Microsoft Exchange | Security Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 20 September 2024
Black Arrow Cyber Threat Intelligence Briefing 20 September 2024:
-Cyber Threats and AI Disruption Top Business Risks for 2024
-Half of UK Firms Lack Basic Cyber Security Skills
-Beyond A Buzzword: What Resilience in Cyber Really Means
-Do Boards Understand Their New Role in Cyber Security?
-All Smoke, No Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them
-Threat Actors Continue to Utilise HR-Related Phishing Tactics
-80% of Organisations Experienced an Email-Related Security Breach in the Last Year
-The Growing Danger of Visual Hacking and How to Protect Against It
-Cyber Warfare: A Growing Concern for the British Public
-The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses
-Attackers are Exploiting Vulnerabilities at a Record Pace—Here’s What to Do About It
-What Can Businesses Learn from the Rise of Cyber Espionage?
-When Startup Founders Should Start Thinking About Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Threats and AI Disruption Top Business Risks for 2024
Global law firm Clyde & Co's latest corporate risk radar report highlights that 76% of business leaders now view cyber threats as their primary technological concern. Regulatory scrutiny is considered a growing operational threat by 43% of leaders, due to an influx of new initiatives and inconsistent regulations. People-related challenges rank as the second-highest impact risk, identified by 58% of leaders as a threat to multinational operations. Notably, climate change has dropped from sixth to ninth in the global risk hierarchy, reflecting the increased urgency of other issues. Additionally, 29% of business leaders have identified disruption caused by artificial intelligence as a significant high-impact risk for the first time. The report emphasises the need for comprehensive risk planning and employee training to enhance security and resilience in today's volatile environment.
Half of UK Firms Lack Basic Cyber Security Skills
Recent government findings indicate that 44% of UK businesses have skills gaps in basic technical cyber security areas. Among the 637,000 businesses examined, 27% lack advanced skills such as penetration testing. Incident management skills gaps have risen sharply from 27% in 2020 to 48% in 2024. The Department for Science, Innovation & Technology (DSIT) reported that despite increased supply, a significant skills gap persists. Nearly half of businesses who do not outsource incident management are not confident in handling a cyber security breach. Employers and recruiters also believe that AI will impact the cyber skills landscape, potentially leading to job losses due to automation and a need for new skills to work with AI tools.
Beyond A Buzzword: What Resilience in Cyber Really Means
Cyber resilience is now essential for organisations of all sizes, as cyber attacks have become inevitable. Resilience involves not only preventing breaches but also minimising damage and swiftly restoring operations, requiring a shift towards adaptive threat management with quick detection and response. This year’s International Cyber Expo Global Cyber Summit highlighted that leaders are focusing on integrating employees into security frameworks and policies, as well as fostering a supportive work environment to prevent burnout among cyber security professionals. Diversity and community were noted as key factors in building resilient teams capable of innovative problem-solving. Achieving true cyber resilience is a balancing act between protecting organisational assets and ensuring the wellbeing of the workforce.
Do Boards Understand Their New Role in Cyber Security?
Research reveals that over 90% of cyber security incidents originate from human action, underscoring the critical role of boards in governing cyber security risk. However, many board members view cyber security as a purely technical issue, overly focusing on tools rather than strategic oversight. Boards are encouraged to upskill on cyber risks, strategically prioritising investments and understanding their roles in incident response. Boards are advised to seek external assessments of their cyber recovery plans, much like financial audits, to enhance preparedness. Additionally, boards are adjusting member selection criteria to include technology expertise that addresses both security and strategic opportunities. Understanding that technology safeguards critical data and automates business processes, boards must integrate cyber security into their core business strategy.
All Smoke, No Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them
Organisations are increasingly facing fake data breach claims from cyber criminals, causing unnecessary panic and resource diversion. These hoaxes can damage a company's reputation and erode customer trust, even when no actual breach has occurred. Experts advise implementing advanced security measures and establishing dedicated teams to verify breach claims before reacting publicly. Effective communication strategies are crucial to manage public perception and maintain control over the narrative. Continuous employee training and updated security protocols are essential to mitigate both real and fake cyber threats, safeguarding the organisation's reputation and customer confidence.
Threat Actors Continue to Utilise HR-Related Phishing Tactics
Phishing attacks are becoming increasingly sophisticated, with recent tactics continuing the trend of impersonating company HR departments to deceive employees. One notable campaign sent emails urging staff to review a revised employee handbook, using professional language and creating a sense of urgency to prompt immediate action. These emails directed recipients to fake login pages designed to capture sensitive credentials. Such attacks exploit trust and fear of non-compliance, emphasising the need for robust cyber security measures. Organisations are advised to implement advanced email security solutions and enhance user awareness training. A multi-layered defence approach, combining technology and vigilant employees, is essential to protect against these evolving phishing threats.
Report: 80% of Organisations Experienced an Email-Related Security Breach in the Last Year
The latest report from a cyber security solutions provider reveals that email-related threats are a top concern for critical infrastructure organisations. The study found that 80% of these entities experienced an email-related security breach in the past year, and 63% admit their email security needs improvement. Despite advancements in cyber security, nearly half of the organisations lack confidence in their current email defences, leaving them vulnerable to cyber attacks. 65% are not compliant with regulatory standards, exposing them to significant operational and business risks. The report highlighted that essential security measures like Content Disarm and Reconstruction (CDR) and URL scanning are missing in many organisations' defences. This underscores the urgent need to adopt a zero-trust mindset and strengthen prevention-based perimeter defence strategies.
The Growing Danger of Visual Hacking and How to Protect Against It
Visual hacking is a significant threat that many organisations overlook in their data security strategies. Despite focusing on cyber security within systems, physical methods like shoulder surfing can bypass these defences, exposing sensitive information. Physical barriers such as privacy screens are highly effective, blocking up to 99.8% of visible light at angles beyond 45 degrees, ensuring only the primary user can view the screen. Traditional privacy screens have drawbacks like increased device thickness and permanent privacy modes, impacting usability. Switchable privacy screens built into devices are gaining popularity, offering automated and software-controlled privacy without hindering functionality. Organisations are advised to adopt these advanced privacy measures to prevent unauthorised visual access and enhance overall data security.
Cyber Warfare: A Growing Concern for the British Public
New research by the International Cyber Expo reveals that over 70% of Britons believe cyber warfare is the next frontier in modern combat. Cyber attacks targeting critical infrastructure are the top concern, with 54% of respondents expressing worry. Nearly a third (31%) of the public admit feeling scared about the prospect of cyber warfare, and 43% are concerned about nation-state activities. The survey highlighted that despite government investments in traditional military forces, the majority perceive cyberspace as the emerging battlefield. Experts emphasise the need for increased awareness, preparedness, and investment in cyber security to protect critical infrastructure and national security.
The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses
A recent report by a cyber security solutions provider, Imperva, has found that vulnerable APIs and automated bot attacks are causing significant financial losses for businesses, with an estimated annual economic burden of up to $186 billion. An API, or Application Programming Interface, is like a bridge that allows different software applications to talk to each other and share information. A bot is a computer program that performs tasks automatically, often mimicking human actions. The study, which analysed over 161,000 cyber security incidents, revealed that the average enterprise managed 613 API endpoints in 2023, making them increasingly attractive targets for cybercriminals. Bot-related security incidents have surged dramatically, rising by 88% in 2022 and a further 28% in 2023. Insecure APIs alone have led to up to $87 billion in losses annually, marking a $12 billion increase from 2021. Automated API abuse by bots contributes significantly to this impact, costing organisations up to $17.9 billion each year. The report underscores the urgent need for robust security measures to protect against these growing threats.
Attackers are Exploiting Vulnerabilities at a Record Pace—Here’s What to Do About It
Recent findings show that attackers are exploiting vulnerabilities faster than ever, with the average time to exploitation now just 4.76 days—a 43% increase in speed compared to earlier this year. This rapid escalation emphasises the critical need for timely patching, yet 86% of breaches occurred through known vulnerabilities with available patches. 98% of organisations reported detecting exploits of vulnerabilities over five years old, underscoring the importance of strong cyber hygiene practices. Experts advise prioritising vulnerabilities actively under attack and ensuring robust incident response plans. Collaboration between public and private sectors is deemed essential to enhance cyber security and stay ahead of evolving threats.
What Can Businesses Learn from the Rise of Cyber Espionage?
Cyber espionage is becoming a critical concern for businesses, as state-sponsored attacks increasingly target the private sector to disrupt economies and access confidential information. The UK GCHQ estimates that at least 34 nation-states now have advanced cyber espionage teams. The rise of AI technologies has amplified these threats, with attackers using tools like large language models to enhance their capabilities. Attacks on major cloud providers pose significant risks due to their impact on software supply chains. While AI introduces new risks, it is also essential for improving threat detection and response. Organisations are urged to adopt zero trust architectures, conduct regular security audits, and strategically incorporate AI to protect against sophisticated cyber threats.
When Startup Founders Should Start Thinking About Cyber Security
A recent discussion has highlighted that cyber security risks pose a significant threat to startups, yet many founders prioritise rapid growth over security measures. Advanced persistent threats like China's Volt Typhoon have begun targeting startups, with one such attack breaching Versa Networks after exploiting a high-severity vulnerability. According to a survey by a business insurance company, over two-thirds of startup founders have experienced a cyber attack, with 86% owning some form of cyber insurance and 71% considering additional security measures. Despite this, investors seldom prioritise cyber security during negotiations, but the consequences of neglecting it can be catastrophic. Experts suggest that as startups expand, the importance of cyber security increases, and founders should integrate security planning from the outset to mitigate risks.
Sources:
https://www.infosecurity-magazine.com/news/half-of-uk-firms-lack-basic/
https://www.itsecurityguru.org/2024/09/19/beyond-a-buzzword-what-resilience-in-cyber-really-means/
https://www.cio.com/article/3523667/do-boards-understand-their-new-role-in-cybersecurity.html
https://securityboulevard.com/2024/09/threat-actors-continue-to-utilize-hr-related-phishing-tactics/
https://www.helpnetsecurity.com/2024/09/17/robert-ramsey-rain-technology-visual-hacking/
https://www.itsecurityguru.org/2024/09/19/cyber-warfare-a-growing-concern-for-the-british-public/
https://securityintelligence.com/articles/what-can-businesses-learn-from-rise-of-cyber-espionage/
https://www.darkreading.com/cybersecurity-operations/cybersecurity-influence-startup-investment
Governance, Risk and Compliance
The alarming gap between perception and reality in the corner office | TechRadar
Over Half of Breached UK Firms Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)
Nearly half of UK businesses unequipped to face cyber attacks, Ipsos finds (holyrood.com)
Half of UK Firms Lack Basic Cybersecurity Skills - Infosecurity Magazine (infosecurity-magazine.com)
Do boards understand their new role in cybersecurity? | CIO
Closing the gap between cyber risk strategy and execution (betanews.com)
Beyond A Buzzword: What Resilience in Cyber Really Means - IT Security Guru
Palo Alto Networks CEO says cybersecurity has ‘become an arms race’ – BNN Bloomberg
99% of Business Leaders Are Concerned About Internal Data (darkreading.com)
Fines and lawsuits after data breaches ‘worse than the attack itself’ (foodmanufacture.co.uk)
Better metrics can show how cybersecurity drives business success | CSO Online
It's Time To Dismantle The Long Held Silos Between Security And Tech Teams (forbes.com)
The Cybersecurity Landscape: New Threats, Same Mistakes (darkreading.com)
The Cost Of Inaction: How Breached Organisations Are Redefining Cyber Resilience | Scoop News
Companies aren't 'owning' their data (betanews.com)
SecOps' new frontier in the remote work era: HR | TechTarget
Only 1/3 of businesses have 24/7 security coverage, survey finds | SC Media (scmagazine.com)
Modernization: Nothing to fear except failing to future-proof | ITPro
Striking the balance between cybersecurity and operational efficiency - Help Net Security
What can businesses learn from the rise of cyber espionage? (securityintelligence.com)
Want to get ahead? Four activities that can enable a more proactive security regime | CSO Online
Protecting Critical Data and Infrastructure in the Digital Age | Entrepreneur
The ripple effects of regulatory actions on CISO reporting - Help Net Security
Citigroup strips COO of responsibility for data overhaul after $136mn fine
Threats
Ransomware, Extortion and Destructive Attacks
Over Half of Breached UK Firms Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)
Top 10 ransomware groups to watch | CSO Online
Infostealers: An Early Warning for Ransomware Attacks (darkreading.com)
Infostealers Cause Surge in Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware attacks: Rising threats and increasing demands - SiliconANGLE
Ransomware attacks are soaring to a new high | TechRadar
Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Attacks (cybersecuritynews.com)
Gen reveals 24% rise in ransomware attacks on consumers (securitybrief.co.nz)
Ransomware gangs now abuse Microsoft Azure tool for data theft (bleepingcomputer.com)
75 percent of organizations affected more than once by ransomware (betanews.com)
Germany seizes 47 crypto exchanges used by ransomware gangs (bleepingcomputer.com)
What more can be done to stop ransomware attacks? | CyberScoop
Defending Against Ransomware Threats: Tactics and Procedures Revealed by CISA (cimcor.com)
For ransomware, universities are paying more | EdScoop
Vanilla Tempest hackers hit healthcare with INC ransomware (bleepingcomputer.com)
Four ways to stay ahead of the ransomware threat | SC Media (scmagazine.com)
Ransomware Victims
Over Half of Breached UK Firms Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)
Qilin ransomware attack on Synnovis impacted over 900K patients (securityaffairs.com)
UnitedHealth CISO: We had to ‘start over’ after ransomware attack (cyberscoop.com)
Ascension Suffered $1.3 Billion Hit From Cyberattack, Analysis Finds - KFF Health News
LockBit boasts once again of ransoming eFile.com • The Register
Valencia Ransomware crew 'hits' California city and more • The Register
Vice Society Uses Inc Ransomware in Healthcare Attack (darkreading.com)
Data Stolen in Ransomware Attack That Hit Seattle Airport - SecurityWeek
Rhysida ships off Port of Seattle data for $6M • The Register
German radio station forced to broadcast 'emergency tape' following cyberattack (therecord.media)
Ransomware Group Leaks Data Allegedly Stolen From Kawasaki Motors - SecurityWeek
88,000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack - SecurityWeek
Phishing & Email Based Attacks
Threat Actors Continue to Utilize HR-Related Phishing Tactics - Security Boulevard
Email Attacks a Problem for National Infrastructure Companies (techrepublic.com)
How hackers are using legitimate tools to distribute phishing links | ITPro
Cybercriminals exploit content platforms for phishing attacks (securitybrief.co.nz)
What is email spam and how to fight it? | Definition from TechTarget
North Korean APT Bypasses DMARC for Cyber Espionage (darkreading.com)
DoJ accuses Chinese national of phishing for military code • The Register
Advanced Phishing Attacks Put X Accounts at Risk - Infosecurity Magazine (infosecurity-magazine.com)
What Is Phishing-Resistant MFA and How Does it Work? - Security Boulevard
Other Social Engineering
The growing danger of visual hacking and how to protect against it - Help Net Security
Security Firm's North Korean Hacker Hire Not Unique (darkreading.com)
Windows users targeted with fake human verification pages delivering malware - Help Net Security
New North Korean Social Engineering Campaign Targets Crypto Sector | MSSP Alert
Artificial Intelligence
How are cybercriminals upskilling to make the most of AI? - Raconteur
Companies skip security hardening in rush to adopt AI | CSO Online
The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks - SecurityWeek
Security leaders consider banning AI coding due to security risks - Help Net Security
OODA Loop - Attacker VS Defender. Who Will Win the Race to Best Operationalize AI?
Orca: AI services, models falling short on security | TechTarget
Hacker tricks ChatGPT into giving out detailed instructions for making homemade bombs | TechCrunch
Is that photo real or AI? Google's 'About this image' aims to help you tell the difference | ZDNET
Compliance frameworks and GenAI: The Wild West of security standards - Help Net Security
2FA/MFA
How MFA gets hacked — and strategies to prevent it | CSO Online
What Is Phishing-Resistant MFA and How Does it Work? - Security Boulevard
Malware
Infostealers: An Early Warning for Ransomware Attacks (darkreading.com)
Infostealers Cause Surge in Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)
This Harry Potter-Named Attack Runs Fileless Malware (makeuseof.com)
Espionage Alert: Google Sheets Exploit For Malware Control - Security Boulevard
This Windows Tool Can Let In Viruses Without Detection (makeuseof.com)
Hackers Force Chrome Users To Hand Over Google Passwords, Here’s How (forbes.com)
CISA warns of Windows flaw used in infostealer malware attacks (bleepingcomputer.com)
1.3 million Android-based TV boxes backdoored; researchers still don’t know how | Ars Technica
'SambaSpy' RAT's Multiple Features Pack Hefty Punch (darkreading.com)
Windows users targeted with fake human verification pages delivering malware - Help Net Security
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (thehackernews.com)
Bots/Botnets
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military - SecurityWeek
New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide (thehackernews.com)
FBI director says Chinese spies 'burned down' their botnet • The Register
Study: Bots pose major online fraud threat | Chain Store Age
Five Eyes alliance seizes control of extensive spy tech network used by China | TechRadar
How to detect and stop bot activity - Help Net Security
Mobile
14 dead as Hezbollah walkie-talkies explode in second, deadlier attack | Ars Technica
11 dead, thousands injured in explosive supply chain attack on Hezbollah pagers | Ars Technica
Mass pager attack in Lebanon raises concerns over cyber warfare and terrorism · Global Voices
Securing your smartphone: Vital steps to protect your digital assets | TechRadar
Android to be getting its own version of Apple's "Stolen Device Protection" feature - PhoneArena
Watch out! These 9 online banking scams drain your accounts | PCWorld
Here's How to Remotely Disable Your Smartphone If It's Stolen (makeuseof.com)
Denial of Service/DoS/DDOS
Financial services sector remains top DDoS target, Akamai reports (securitybrief.co.nz)
Internet of Things – IoT
Malware has infected 1.3 million Android TV boxes in 197 countries | TechSpot
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military - SecurityWeek
New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide (thehackernews.com)
NCSC exposes Chinese company running malicious Mirai botnet | Computer Weekly
FBI director says Chinese spies 'burned down' their botnet • The Register
Data Breaches/Leaks
Fortinet confirms breach that likely leaked 440GB of customer data | CSO Online
Cybersecurity company Fortinet suffers third-party data breach (techmonitor.ai)
23andMe to pay $30 million in genetics data breach settlement (bleepingcomputer.com)
Hackers steal nearly 1.7 million credit card numbers in breach | Mashable
After yet another data breach, how can you protect yourself? (thehill.com)
AT&T agrees to $13 million fine for third-party cloud breach | CyberScoop
This Dating App May Have Leaked Extremely Private Data: Check Your Account Now (makeuseof.com)
Over 1,000 ServiceNow instances found leaking corporate KB data (bleepingcomputer.com)
Temu denies breach after hacker claims theft of 87 million data records (bleepingcomputer.com)
Hackers steal iCloud photos through calendar invites -- no clicks required (appleinsider.com)
Construction firms breached in brute force attacks on accounting software (bleepingcomputer.com)
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data (bleepingcomputer.com)
88,000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack - SecurityWeek
Organised Crime & Criminal Actors
Violent cyber criminals to spend collective 191 years in prison • The Register
Ticketmaster boss who repeatedly hacked rival firm sentenced (bitdefender.com)
'Marko Polo' Creates Globe-Spanning Cybercrime Juggernaut (darkreading.com)
Criminals Keep Hacking Themselves, Letting Researchers Unmask Them (404media.co)
Europol takes down "Ghost" encrypted messaging platform used for crime (bleepingcomputer.com)
The Dark Web Demystified: Its Role In Privacy, Crime, And Regulation – Analysis – Eurasia Review
Tor says it’s "still safe" amid reports of police deanonymizing users (bleepingcomputer.com)
Suspects behind $230 million cryptocurrency theft arrested in Miami (bleepingcomputer.com)
Australian Police conducted supply chain attack on crime app • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (thehackernews.com)
Cryptojacking Gang TeamTNT Make a Comeback - Infosecurity Magazine (infosecurity-magazine.com)
Germany seizes 47 crypto exchanges used by ransomware gangs (bleepingcomputer.com)
Suspects behind $230 million cryptocurrency theft arrested in Miami (bleepingcomputer.com)
Tether and Others Freeze Millions Tied to Lazarus Group Wallets - DailyCoin
New North Korean Social Engineering Campaign Targets Crypto Sector | MSSP Alert
Insider Risk and Insider Threats
Insider threats highlighted, calls for enhanced security measures (securitybrief.co.nz)
How to reduce cyber risk during employee onboarding (bleepingcomputer.com)
Insurance
How Cyber Insurance Shifts Affect the Security Landscape (darkreading.com)
Why Breaking Down Silos Is Key To Optimizing Cyber Insurance Investments
How NIS2 Directive Impacts Businesses and Cyber Insurance (kingsbridge.co.uk)
Supply Chain and Third Parties
How Mega Attacks Are Spotlighting Critical 3rd-Party Risks (govinfosecurity.com)
Qilin ransomware attack on Synnovis impacted over 900K patients (securityaffairs.com)
The ‘Sleeping Time Bomb’ of Third-Party Cybersecurity Risk | Decipher (duo.com)
Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek
Fortinet confirms data breach, extortion demand | TechTarget
Why Strong Cybersecurity is the Key to Unlocking the Full Potential of Supply Chains | Entrepreneur
Third-party risk management can learn a lot from the musk ox | CSO Online
Construction firms breached in brute force attacks on accounting software (bleepingcomputer.com)
Concerns Over Supply Chain Attacks on US Seaports Grow (darkreading.com)
Cloud/SaaS
Cloud-Native Network Security Up 17%, Hardware Down 2% (darkreading.com)
Ransomware gangs now abuse Microsoft Azure tool for data theft (bleepingcomputer.com)
AT&T agrees to $13 million fine for third-party cloud breach | CyberScoop
RCE Flaw in Google Cloud Affected Millions of Servers (darkreading.com)
Hackers steal iCloud photos through calendar invites -- no clicks required (appleinsider.com)
How to stop hackers attacking hybrid clouds | ITPro
Outages
1 in 10 firms dump infosec wares after Crowstrike outage • The Register
Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek
Will Microsoft Rethink Windows Security? (govinfosecurity.com)
Cloudflare outage cuts off access to websites in some regions (bleepingcomputer.com)
Identity and Access Management
Gateways to havoc: Overprivileged dormant service accounts - Help Net Security
The proliferation of non-human identities - Help Net Security
Beyond human IAM: The rising tide of machine identities - Help Net Security
Encryption
Tor says it’s "still safe" amid reports of police deanonymizing users (bleepingcomputer.com)
Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (thehackernews.com)
Linux and Open Source
What is open-source and how does it benefit you? | ZDNET
Government unveils open-source security steps (baselinemag.com)
Passwords, Credential Stuffing & Brute Force Attacks
TfL requires in-person password resets for 30,000 employees after hack (bleepingcomputer.com)
Why Hackers Aren't Stopped by Account Lockouts | HackerNoon
Hackers Force Chrome Users To Hand Over Google Passwords, Here’s How (forbes.com)
Malware locks browser in kiosk mode to steal Google credentials (bleepingcomputer.com)
Over 2 million VPN passwords have been stolen – here's what you can do about it | TechRadar
Understanding Credential Stuffing Attacks - Security Boulevard
Construction firms breached in brute force attacks on accounting software (bleepingcomputer.com)
Social Media
France uses tough, untested cybercrime law to target Telegram's Durov | Reuters
British MPs and international organisations hacked on X | X | The Guardian
LinkedIn's new search filter aims to protect you from suspicious job postings | ZDNET
Instagram makes 'Teen Accounts' private by default - and AI will be checking your age | ZDNET
Facebook Hit With Class Action Over Spate of Hacked Accounts (bloomberglaw.com)
Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts (thehackernews.com)
Advanced Phishing Attacks Put X Accounts at Risk - Infosecurity Magazine (infosecurity-magazine.com)
Training, Education and Awareness
Regulations, Fines and Legislation
Fines and lawsuits after data breaches ‘worse than the attack itself’ (foodmanufacture.co.uk)
France uses tough, untested cybercrime law to target Telegram's Durov | Reuters
AT&T agrees to $13 million fine for third-party cloud breach | CyberScoop
5 new cybersecurity regulations businesses should know about | MIT Sloan
Citigroup strips COO of responsibility for data overhaul after $136mn fine
The ripple effects of regulatory actions on CISO reporting - Help Net Security
Compliance frameworks and GenAI: The Wild West of security standards - Help Net Security
How NIS2 Directive Impacts Businesses and Cyber Insurance (kingsbridge.co.uk)
Models, Frameworks and Standards
How NIS2 Directive Impacts Businesses and Cyber Insurance (kingsbridge.co.uk)
Data Protection
Careers, Working in Cyber and Information Security
Cyber workforce must almost double to meet global talent need | Computer Weekly
Cyber workforce size stalls despite skills shortages (betanews.com)
UK convenes global coalition to boost cyber skills and tackle growing threats - GOV.UK (www.gov.uk)
The cybersecurity workforce of the future requires diverse hiring practices - Help Net Security
Only 1/3 of businesses have 24/7 security coverage, survey finds | SC Media (scmagazine.com)
Law Enforcement Action and Take Downs
Violent cyber scum to spend collective 191 years in prison • The Register
France uses tough, untested cybercrime law to target Telegram's Durov | Reuters
Tor insists its safe after cops convict CSAM site admin • The Register
Ticketmaster boss who repeatedly hacked rival firm sentenced (bitdefender.com)
UK activists file complaint with police against NSO Group • The Register
Tor says it’s "still safe" amid reports of police deanonymizing users (bleepingcomputer.com)
Europol takes down "Ghost" encrypted messaging platform used for crime (bleepingcomputer.com)
Suspects behind $230 million cryptocurrency theft arrested in Miami (bleepingcomputer.com)
Australian Police conducted supply chain attack on crime app • The Register
Misinformation, Disinformation and Propaganda
Putin really wants to put Trump back in the White House • The Register
US accuses RT, others of covert arms dealing, global influence operations | CyberScoop
Malicious Actors Sow Discord With Election Compromise Claims (darkreading.com)
FBI, CISA Warn of Fake Voter Data Hacking Claims - SecurityWeek
44% of people report believing election-related misinformation - Adobe study | ZDNET
Russian threat groups shift attention to Harris-Walz campaign, researchers find | CyberScoop
Russian troll farms turn up heat on presidential candidates | SC Media (scmagazine.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Mass pager attack in Lebanon raises concerns over cyber warfare and terrorism · Global Voices
Cyber Warfare: A Growing Concern for the British Public - IT Security Guru
What can businesses learn from the rise of cyber espionage? (securityintelligence.com)
Espionage Alert: Google Sheets Exploit For Malware Control - Security Boulevard
Nation State Actors
China
Did a Chinese University Hacking Competition Target a Real Victim? | WIRED
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military - SecurityWeek
Chinese spies spent 4 months in aerospace firm’s server • The Register
New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide (thehackernews.com)
FBI director says Chinese spies 'burned down' their botnet • The Register
China suspected of hacking diplomatic body for Pacific islands region (therecord.media)
DoJ accuses Chinese national of phishing for military code • The Register
Chinese gov’t mulls anti-money laundering law to ‘monitor’ new fintech
Chinese boffins claim Starlink signals can defeat stealth • The Register
Temu denies breach after hacker claims theft of 87 million data records (bleepingcomputer.com)
Russia
Putin really wants to put Trump back in the White House • The Register
Despite Russia warnings, critical infrastructure unprepared • The Register
Russian Secret Sub Unit Menaces Undersea Cables - Business Insider
US accuses RT, others of covert arms dealing, global influence operations | CyberScoop
RT News Hosted Russian Cyber Spy Unit, US Says (darkreading.com)
Russian troll farms turn up heat on presidential candidates | SC Media (scmagazine.com)
Malicious Actors Sow Discord With Election Compromise Claims (darkreading.com)
Russian threat groups shift attention to Harris-Walz campaign, researchers find | CyberScoop
'Marko Polo' Creates Globe-Spanning Cybercrime Juggernaut (darkreading.com)
Russian Security Firm Doctor Web Hacked - SecurityWeek
Iran
As Geopolitical Tensions Mount, Iran's Cyber Operations Grow (darkreading.com)
North Korea
Security Firm's North Korean Hacker Hire Not Unique (darkreading.com)
SecOps' new frontier in the remote work era: HR | TechTarget
North Korean APT Bypasses DMARC for Cyber Espionage (darkreading.com)
Tether and Others Freeze Millions Tied to Lazarus Group Wallets - DailyCoin
New North Korean Social Engineering Campaign Targets Crypto Sector | MSSP Alert
The Next US President Needs a New North Korea Strategy | The National Interest
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
11 dead, thousands injured in explosive supply chain attack on Hezbollah pagers | Ars Technica
Explosive Pagers Reveal Major Security Breach Within Hezbollah (armyrecognition.com)
Mass pager attack in Lebanon raises concerns over cyber warfare and terrorism · Global Voices
UK activists file complaint with police against NSO Group • The Register
Key Predator spyware peddlers added to US sanctions list • The Register
Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets (darkreading.com)
Tools and Controls
Closing the gap between cyber risk strategy and execution (betanews.com)
Beyond A Buzzword: What Resilience in Cyber Really Means - IT Security Guru
1 in 10 firms dump infosec wares after Crowstrike outage • The Register
UK Data Centers Gain Critical Infrastructure Status, Raising Green Belt Controversy - SecurityWeek
Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek
Security leaders consider banning AI coding due to security risks - Help Net Security
OODA Loop - Attacker VS Defender. Who Will Win the Race to Best Operationalize AI?
Why Pay A Pentester? (thehackernews.com)
SecOps' new frontier in the remote work era: HR | TechTarget
Over 2 million VPN passwords have been stolen – here's what you can do about it | TechRadar
Better metrics can show how cybersecurity drives business success | CSO Online
It's Time To Dismantle The Long Held Silos Between Security And Tech Teams (forbes.com)
How to reduce cyber risk during employee onboarding (bleepingcomputer.com)
Only 1/3 of businesses have 24/7 security coverage, survey finds | SC Media (scmagazine.com)
Striking the balance between cybersecurity and operational efficiency - Help Net Security
Organizations overwhelmed by numerous and insecure remote access tools - Help Net Security
DNS security best practices to implement now | TechTarget
What is Enterprise Attack Surface Management? | UpGuard
Is that photo real or AI? Google's 'About this image' aims to help you tell the difference | ZDNET
Want to get ahead? Four activities that can enable a more proactive security regime | CSO Online
Other News
When Startup Founders Should Be Thinking About Cybersecurity (darkreading.com)
73% Of Small Businesses Concerned About Cyber Security, New AMI Research Shows | Scoop News
Nearly half of UK businesses unequipped to face cyber attacks, Ipsos finds (holyrood.com)
TfL requires in-person password resets for 30,000 employees after hack (bleepingcomputer.com)
BT Report HUGE Rise in Malicious IP Scanners Across UK Network - ISPreview UK
The Cybersecurity Landscape: New Threats, Same Mistakes (darkreading.com)
Why are utilities especially vulnerable to cyberattacks? - Digital Journal
Increased Cybersecurity Essential For NGOs: Help Available (forbes.com)
Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene (thehackernews.com)
Cybercrime in the Education Sector | MSSP Alert
Cyberattacks Are Huge Threat for All Manufacturers | ASSEMBLY (assemblymag.com)
Ports need to prepare for cyber attacks | News | Port Strategy
The rising threat of cyberattacks in the restaurant industry (securityintelligence.com)
Hospitality & Travel Cybersecurity: Protection the During Peak Seasons - Security Boulevard
Cyber threats to shipping explained | Pen Test Partners
Cybersecurity in the Skies - Avionics International (aviationtoday.com)
Vulnerability Management
Attackers are exploiting vulnerabilities at a record pace—here’s what to do about it | CSO Online
Insecure software makers are the real cyber villains – CISA • The Register
Patch management: A dull IT pain that won’t go away | CSO Online
The Ultimate Unseen Vulnerability in Addressing Cybersecurity Threats: Communication | HackerNoon
Is Microsoft really going to cut off security updates for your 'unsupported' Windows 11 PC? | ZDNET
CISA Releases Analysis of FY23 Risk and Vulnerability Assessments | CISA
Detecting vulnerable code in software dependencies is more complex than it seems - Help Net Security
The line between citizen developers and IT pros gets fuzzier - is that a problem? | ZDNET
Vulnerabilities
More details on that Windows Installer 'make me admin' hole • The Register
CISA warns of Windows flaw used in infostealer malware attacks (bleepingcomputer.com)
Google Chrome 129: new features and security fixes arrive on all platforms - gHacks Tech News
1 PoC Exploit for RCE Flaw, but 2 Patches From Veeam (darkreading.com)
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) - Help Net Security
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (thehackernews.com)
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (thehackernews.com)
Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Attacks (cybersecuritynews.com)
VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server | CISA
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers (thehackernews.com)
Windows vulnerability abused braille “spaces” in zero-day attacks (bleepingcomputer.com)
SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager (securityaffairs.com)
D-Link addressed three critical RCE in wireless router models (securityaffairs.com)
Apple Patches Major Security Flaws With iOS 18 Refresh - SecurityWeek
GitLab releases security updates to fix 17 vulnerabilities | Security Magazine
RCE Flaw in Google Cloud Affected Millions of Servers (darkreading.com)
Is Microsoft really going to cut off security updates for your 'unsupported' Windows 11 PC? | ZDNET
Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 13 September 2024
Black Arrow Cyber Threat Intelligence Briefing 13 September 2024:
-Trustwave Report Highlights Critical Cyber Threats to Financial Services Sector
-Old Habits, New Threats, Why More Phishing Attacks are Bypassing Technical Controls
-Prolific Threat Actor Group Scattered Spider Sets Sights on Finance, Insurance Firms’ Cloud Infrastructure
-Cyber Criminals Target Smaller Firms as Larger Companies Beef Up Security
-The Rise of Deepfakes Means CEOs Need to Rethink Trust
-What now? Ransomware Victim Pays Hacker, but Decryption Key Fails
-UK Regulator to Significantly Reduce Maximum Fraud Losses Banks are Forced to Cover
-Enterprise Mobile Devices See Increased Attacks
-Business Email Compromise Costs $55bn Over a Decade
-Half of IT Decision Makers Have Had to Recover Data from a Backup with a Third Unable to Make Full Recovery
-Insurers and Asset Managers Continue to Invest in Longer Term Cyber Security Planning: Moody’s
-Russia's Top-Secret Military Unit Reportedly Plots Undersea Cable 'Sabotage’
-Think You Could Never Fall Victim to Cyber Crime? Think Again
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Trustwave Report Highlights Critical Cyber Threats to Financial Services Sector
Trustwave's latest research highlights significant cyber security challenges for the financial services sector, with ransomware and phishing emerging as major threats. The report found that 49% of attacks on financial institutions originated from phishing, while 24% of ransomware incidents were linked to a single threat actor group. Insider threats also pose a substantial risk, identified as the most costly type of data breach. The US was most affected, with 65% of ransomware attacks targeting its financial services. Trustwave emphasises the need for robust defences against these growing threats that include phishing-as-a-service and insider-driven breaches.
Old Habits, New Threats, Why More Phishing Attacks are Bypassing Technical Controls
Trust in Secure Email Gateways (SEGs) is waning, with 91% of cyber security leaders expressing frustration due to the increasing sophistication of phishing attacks. In the first quarter of 2024, 52% more attacks bypassed SEG detection, exploiting limitations in signature-based and reputation-based technologies. Techniques such as polymorphic attacks, compromised accounts, and social engineering have proven effective at evading legacy systems. With 68% of successful attacks passing all verification checks, experts recommend transitioning to integrated cloud email security solutions using AI and behavioural detection to better counter modern threats.
Prolific Threat Actor Group Scattered Spider Sets Sights on Finance, Insurance Firms’ Cloud Infrastructure
Scattered Spider, a hacking group targeting finance and insurance sectors, has intensified attacks on corporate cloud systems for data exfiltration and extortion, according to SC Media. They exploit exposed cloud access tokens on platforms like GitHub and purchase stolen credentials, focusing on services like Microsoft EntraID, AWS EC-2, and Okta. Smishing (text message) campaigns have also been used to infiltrate these systems, allowing attackers to demand ransoms and resell compromised credentials. Urgent implementation of multi-factor authentication and phishing awareness programmes are recommended, alongside the removal of private access tokens in developers' codes to mitigate risks.
Cyber Criminals Target Smaller Firms as Larger Companies Beef Up Security
Cyber criminals are increasingly targeting small and medium enterprises (SMEs), as larger organisations strengthen their cyber security measures and refuse to pay ransoms. In 2023, SMEs faced a significant rise in attacks where they accounted for nearly half of all incidents. While only 10% of large organisations paid ransoms, 44% of SMEs ended up paying between $25,000 and $100,000. The impact on SMEs, both financially and reputationally, can be devastating, with many struggling to recover from such cyber attacks.
The Rise of Deepfakes Means CEOs Need to Rethink Trust
Kroll’s recent report highlights a sharp rise in social engineering attacks, which have grown from 7% to 20% of all cyber security threats in just two quarters. Alarmingly, 43% of successful cyber attacks are now linked to social engineering, driven by the use of AI technologies like deepfakes. Corporate leaders are particularly vulnerable, with AI models capable of mimicking them using information freely available online. As businesses adjust to this new reality, CEOs must rethink the concept of trust and implement stronger measures to combat AI-enabled impersonation. This is an arms race that no one can avoid being a part of. What we can do is get smart about trust, and the first step to take is building the right context for it.
What now? Ransomware Victim Pays Hacker, but Decryption Key Fails
A security firm recently intervened in a ransomware attack involving the Hazard ransomware, where a company paid the ransom but received a faulty decryptor. A bug in the ransomware’s encryption process caused files to be doubly encrypted, leading to missing bytes necessary for decryption. Despite escalating the issue to the cyber criminals, no working solution was provided. The cyber firm’s researchers eventually resolved the issue using a brute-force method to recover the files. This case highlights the risks of paying ransoms, as unreliable decryptors are not uncommon. Best practices, including robust data backups, remain critical to mitigating ransomware incidents.
UK Regulator to Significantly Reduce Maximum Fraud Losses Banks are Forced to Cover
UK regulators are expected to reduce the proposed fraud reimbursement limit for banks and payment companies from £415,000 to £85,000, following concerns from ministers and fintech firms. The Payment Systems Regulator had initially planned the higher cap, but industry bodies like UK Finance warned it could lead to exploitation and harm smaller firms. In 2023, Britons lost £459 million to authorised push payment (APP) fraud, making the issue critical for consumer protection. A consultation on the lower limit is expected soon, aiming to balance protection for scam victims with industry sustainability.
Enterprise Mobile Devices See Increased Attacks
Lookout’s latest report on the mobile threat landscape reveals a 40% increase in mobile phishing attempts and malicious web attacks targeting enterprises. Over 80,000 malicious apps were detected on enterprise mobile devices, ranging from riskware to sophisticated spyware capable of stealing data and eavesdropping. The most common vulnerabilities are found in mobile browsers, with attackers exploiting unpatched versions. Lookout highlights that mobile device management (MDM) solutions, while essential, should be complemented by mobile threat defence (MTD) solutions to effectively safeguard against phishing and malware, particularly with Android being heavily targeted by spyware, trojans and other malware.
Business Email Compromise Costs $55bn Over a Decade
The FBI has warned organisations about the increasing threat of business email compromise (BEC), a form of social engineering responsible for nearly $55bn in losses globally between October 2013 and December 2023. Over 305,000 incidents were recorded, with scammers impersonating legitimate entities, such as suppliers or executives, to trick victims into transferring large sums. In 2023, BEC scams saw a 9% increase in global losses, often funnelling funds through UK and Hong Kong banks, third-party payment processors, or cryptocurrency exchanges. The FBI urges victims to contact their banks immediately if they detect fraudulent transfers.
Half of IT Decision Makers Have Had to Recover Data from a Backup with a Third Unable to Make Full Recovery
An annual survey of IT security decision makers in the UK found that 50% of respondents had to rely on backups following a cyber attack, with 25% only achieving partial data recovery and 8% failing due to weak backup systems. The findings highlight the need for stronger backup strategies, with 9% of organisations admitting their current systems are insufficient for rapid recovery. However, progress is evident, with automated backups to central and personal repositories rising to 30% in 2024, up from 19% in 2023. The report underscores the importance of robust backup solutions in today’s cyber threat landscape.
Insurers and Asset Managers Continue to Invest in Longer Term Cyber Security Planning: Moody’s
Moody’s recent report highlights that insurers and asset managers have significantly increased their cyber security investments, with spending rising by over 50% between 2019 and 2023 in response to the growing frequency of cyber attacks. The Americas saw the largest increase at 65%, followed by EMEA at 51% and APAC at 48%. Additionally, the share of IT budgets dedicated to cyber risk grew to 8% in 2023, and the number of cyber security employees rose by 23% from 2019 to 2022.
Russia's Top-Secret Military Unit Reportedly Plots Undersea Cable 'Sabotage’
US officials are increasingly concerned about Russia's naval activity near undersea cables, fearing potential sabotage by the General Staff Main Directorate for Deep Sea Research (GUGI). This unit, equipped with surface vessels, submarines, and naval drones, has reportedly been spotted near critical deep-sea infrastructure, raising alarms about the risk to fibre-optic cables that carry over 95% of international data. Sabotaging these cables could severely disrupt global communications. Recent reports also suggest Russian spy ships have been operating in Nordic waters, targeting both submarine cables and wind farms, further highlighting the growing threat.
Think You Could Never Fall Victim to Cyber Crime? Think Again
Bitdefender's 2024 Consumer Cybersecurity Assessment Report reveals that over 75% of individuals don’t believe they are targets for cyber criminals, with 37% convinced they aren't targeted at all. This misconception leaves people more vulnerable to cyber attacks, which can range from phishing and spyware to man-in-the-middle attacks. Hackers don’t just focus on large corporations; anyone can be a target, as personal information like email addresses and dates of birth hold value. Even experienced individuals can fall for scams, proving that everyone must remain vigilant against evolving threats, especially as attacks continue to grow in sophistication and scale.
Sources
https://securitybrief.co.nz/story/trustwave-highlights-critical-cyber-threats-to-financial-services
https://www.techspot.com/news/104700-ransomware-victim-paid-hacker-but-decryption-failed.html
https://www.ft.com/content/69611fac-03a2-4731-b12e-bf1583219270
https://betanews.com/2024/09/10/enterprise-mobile-devices-see-increased-attacks/
https://www.infosecurity-magazine.com/news/business-email-compromise-55bn/
https://www.theregister.com/2024/09/09/russia_readies_submarine_cable_sabotage/
https://www.makeuseof.com/how-everyone-is-potential-cybercrime-victim/
Governance, Risk and Compliance
Cybercriminals target SMEs as large companies beef up security - The Economic Times (indiatimes.com)
Businesses' preparedness against cyber threats beginning to shrink: Beazley - Reinsurance News
Global Study Finds Organizations Facing Cybersecurity Gaps (govtech.com)
Trustwave highlights critical cyber threats to financial services (securitybrief.co.nz)
How to Hire a CISO as Scrutiny Intensifies | Woodruff Sawyer - JDSupra
What savvy hiring execs look for in a CISO today | CSO Online
Cyber Staffing Shortages Remain CISOs' Biggest Challenge (darkreading.com)
Boards caught off guard as hackers exploit AI - CIR Magazine
Cyber threats put pressure on in-house legal chiefs (ft.com)
How to Strengthen and Improve Your Company's Security Posture - Security Boulevard
The Cybersecurity Cat-And-Mouse Game (forbes.com)
What are the cybersecurity trends shaping workforce management? | Business Law Donut
Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth - Security Boulevard
Building Security Culture: Taking Cybersecurity To Main Street | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware demands exponentially increase, averaging $1.5 Million this year | TechRadar
Top Types Of Cyber Extortion Scams And 7 Ways To Stay Safe (forbes.com)
Ransomware: Attacks Once More Nearing Peak Levels | Symantec Enterprise Blogs (security.com)
What now? Ransomware victim pays hacker, but decryption key fails | TechSpot
RomCom Group Exploiting Microsoft Office 0-day To Deploy Ransomware (cybersecuritynews.com)
Ransomware rocked healthcare, public services in August | TechTarget
NoName ransomware gang deploying RansomHub malware in recent attacks (bleepingcomputer.com)
RansomHub Serves Up LaZagne (informationsecuritybuzz.com)
Updated attack arsenal bolsters RansomHub stealth | SC Media (scmagazine.com)
Threat Operation Behind Cicada3301 Ransomware Delivery Examined | MSSP Alert
How Law Enforcement's Ransomware Strategies Are Evolving (darkreading.com)
How Can Individuals Protect Themselves From Ransomware Attacks? (informationsecuritybuzz.com)
Most Educational Organizations Paid More Than the Original (globenewswire.com)
Meow ransomware sees surge of activity post-overhaul • The Register
Should State Governments Ban Ransomware Payments? (govtech.com)
Ransomware Victims
What now? Ransomware victim pays hacker, but decryption key fails | TechSpot
Ransomware rocked healthcare, public services in August | TechTarget
Hunters claims to have ransomed ICBC London, stolen 6.6TB • The Register
Healthcare giant settles patient data theft lawsuit for $65M • The Register
Cyber crooks shut down some US, UK schools • The Register
Charles Darwin School Bromley closes due to cyber attack | News Shopper
Cyber attack-hit Tewkesbury Borough Council 'rebuilding services' - BBC News
Significant ransom payment by major Iranian IT firm underway | SC Media (scmagazine.com)
Tewkesbury council says systems still down after cyber attack - BBC News
TfL Cyber Attack Raises Data Security Concerns - Hayes Connor
Amateurish 'CosmicBeetle' Ransomware Stings Turkish SMBs (darkreading.com)
Phishing & Email Based Attacks
72% of BEC attacks were from free webmail domains | Security Magazine
Losses due to cryptocurrency and BEC scams are soaring - Help Net Security
Think You Could Never Fall Victim to Cybercrime? Think Again (makeuseof.com)
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023 (bleepingcomputer.com)
Phishing in focus: Disinformation, election and identity fraud - Help Net Security
Sextortion scam now use your "cheating" spouse’s name as a lure (bleepingcomputer.com)
Alert notification as phishing bait | Kaspersky official blog
Phishers abuse HTTP refresh headers for deeper deception • The Register
How to prevent vendor email compromise attacks | TechTarget
No, your partner didn't cheat on you. Well, at least, when this email said so - Neowin
Business Email Compromise (BEC)/Email Account Compromise (EAC)
72% of BEC attacks were from free webmail domains | Security Magazine
Losses due to cryptocurrency and BEC scams are soaring - Help Net Security
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023 (bleepingcomputer.com)
How to prevent vendor email compromise attacks | TechTarget
Other Social Engineering
UK regulator to slash maximum fraud losses banks are forced to cover (ft.com)
Losses due to cryptocurrency and BEC scams are soaring - Help Net Security
Think You Could Never Fall Victim to Cybercrime? Think Again (makeuseof.com)
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023 (bleepingcomputer.com)
Inside Thailand's $2 Billion Scam Industry Now Targeting Americans - Newsweek
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware (thehackernews.com)
Sextortion scam now use your "cheating" spouse’s name as a lure (bleepingcomputer.com)
No, your partner didn't cheat on you. Well, at least, when this email said so - Neowin
Lured by a Promising Job, He Was Forced to Scam People - The New York Times (nytimes.com)
Watch Out for This New LinkedIn Job Scam (tech.co)
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (thehackernews.com)
Ongoing Lazarus Group campaign sets sights on blockchain pros | SC Media (scmagazine.com)
Artificial Intelligence
For security, we have to stop picking up the phone | TechCrunch
The Rise Of Deepfakes Means CEOs Need To Rethink Trust (forbes.com)
Why AI and Cybersecurity Are on a Collision Course (govtech.com)
US proposes requiring reporting for advanced AI, cloud providers (yahoo.com)
The Weaponization of AI and ML is Complicating the Digital Battlefield - Security Boulevard
Boards caught off guard as hackers exploit AI - CIR Magazine
Underground Demand for Malicious LLMs Is Robust (govinfosecurity.com)
Singapore moots legislation to outlaw use of deepfakes during elections | ZDNET
MI6 and CIA using Gen AI to combat tech-driven threats • The Register
AI cybersecurity needs to be as multi-layered as the system it's protecting - Help Net Security
Early adopters are deploying AI agents in the enterprise now, with scaled adoption in 2025 | ZDNET
2FA/MFA
6 ways hackers sidestep your two-factor authentication | PCWorld
WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers (thehackernews.com)
Malware
US charges Russian military officers for unleashing wiper malware on Ukraine | Ars Technica
New malware shakes macOS security paradigm – hackers eying iPhones next | Cybernews
Google Users Warned Of Surging Malvertising Campaigns (searchenginejournal.com)
Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive (cybersecuritynews.com)
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware (thehackernews.com)
Mustang Panda Feeds Worm-Driven USB Attack Strategy (darkreading.com)
How Remote Access Trojans Bypass Traditional Security Measures | HackerNoon
Threat Hunting Case Study: Uncovering FIN7 | Intel471
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (thehackernews.com)
Earth Preta Evolves its Attacks with New Malware and Strategies | Trend Micro (US)
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (thehackernews.com)
Android TV Box Malware, Vo1d, Infects Over A Million Devices Worldwide (informationsecuritybuzz.com)
Mobile
Enterprise mobile devices see increased attacks (betanews.com)
SpyAgent Android malware steals your crypto recovery phrases from images (bleepingcomputer.com)
New malware shakes macOS security paradigm – hackers eying iPhones next | Cybernews
Found: 280 Android apps that use OCR to steal cryptocurrency credentials | Ars Technica
Samsung’s Update Decision—Bad News Confirmed For Millions Of Galaxy Users (forbes.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Smart home security advice. Ring, SimpliSafe, Swann, and Yale | Pen Test Partners
Android TV Box Malware, Vo1d, Infects Over A Million Devices Worldwide (informationsecuritybuzz.com)
Data Breaches/Leaks
Data breach victims skyrocket over 1,100%: How to protect yourself - CyberGuy
Why is the world witnessing a surge in data breaches? (betanews.com)
Threat Actor Claims Fortinet Data Breach via Third-Party Service (cybersecuritynews.com)
Cyber-crook leaks 20GB of data 'stolen' from Capgemini • The Register
Fortinet Confirms Data Breach (informationsecuritybuzz.com)
Understanding the Types of Cybersecurity Breaches - Security Boulevard
Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database | WIRED
Car rental company Avis discloses a data breach (securityaffairs.com)
Popular French retailers confirm hackers stole customer data (therecord.media)
Payment gateway data breach affects 1.7 million credit card owners (bleepingcomputer.com)
300,000 Impacted by Data Breach at Car Rental Firm Avis - SecurityWeek
Organised Crime & Criminal Actors
Think You Could Never Fall Victim to Cyber Crime? Think Again (makeuseof.com)
Cyber skills for sale: what leaders can learn from the dark web - Raconteur
Analysis of thousands of channels reveals Telegram is flooded with criminal networks | TechSpot
Russian, Kazakhstani men living in Miami indicted over cybercrime training service | CyberScoop
Inside Thailand's $2 Billion Scam Industry Now Targeting Americans - Newsweek
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram (404media.co)
Threat Hunting Case Study: Uncovering FIN7 | Intel471
Comms Business - BT logs 2,000 signals of potential cyber attacks per second
Evasion Tactics Used By Cybercriminals To Fly Under The Radar - SecurityWeek
FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals (thehackernews.com)
Chinese hackers linked to cybercrime syndicate arrested in Singapore (bleepingcomputer.com)
Lured by a Promising Job, He Was Forced to Scam People - The New York Times (nytimes.com)
Cambodian senator sanctioned by US over cyber-scams • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Losses due to cryptocurrency and BEC scams are soaring - Help Net Security
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023 (bleepingcomputer.com)
Found: 280 Android apps that use OCR to steal cryptocurrency credentials | Ars Technica
Indodax hacked for $22 million, Lazarus Group suspected | Invezz
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (thehackernews.com)
Ongoing Lazarus Group campaign sets sights on blockchain pros | SC Media (scmagazine.com)
Insider Risk and Insider Threats
Why is employee surveillance and tracking on the rise?
Insurance
Competition Fueled by Strong Cyber Insurance Profitability, Pricing Declines (claimsjournal.com)
Cyber threat needs public sector response (emergingrisks.co.uk)
Cyber insurance set for explosive growth - Help Net Security
62% of Businesses Filed a Cyber Insurance Claim in Last 12 Months | MSSP Alert
Supply Chain and Third Parties
Scattered Spider Sets Sights on Finance, Insurance Firms’ Cloud Infrastructure | MSSP Alert
Threat Actor Claims Fortinet Data Breach via Third-Party Service (cybersecuritynews.com)
One More Tool Will Do It? Reflecting on the CrowdStrike Fallout (thehackernews.com)
Think rebuild, not recovery, after a supply chain attack (betanews.com)
The Rising Tide of Software Supply Chain Attacks (darkreading.com)
Why the CrowdStrike outage hit Delta so hard | Fortune
Cloud/SaaS
Scattered Spider Sets Sights on Finance, Insurance Firms’ Cloud Infrastructure | MSSP Alert
US proposes requiring reporting for advanced AI, cloud providers (yahoo.com)
Cloud security fears, rising costs, privacy concerns? | ITPro
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches (thehackernews.com)
Microsoft 365 was down for thousands of users - here's what happened | ZDNET
Why cloud security strategy is changing to prioritise recovery - Raconteur
Outages
One More Tool Will Do It? Reflecting on the CrowdStrike Fallout (thehackernews.com)
Microsoft 365 was down for thousands of users - here's what happened | ZDNET
Microsoft, Cyber Firms Pursue Changes After CrowdStrike Outage (claimsjournal.com)
Why the CrowdStrike outage hit Delta so hard | Fortune
Identity and Access Management
Encryption
Is Your Business Ready For The Quantum Cybersecurity Threat? (informationsecuritybuzz.com)
The Quantum Leap in Cybersecurity: A New Era of Challenges (eetimes.eu)
Edward Snowden made China a quantum networking superpower • The Register
Linux and Open Source
Linux and open-source documentation is a mess: Here's the solution | ZDNET
How to Explain the Security Advantages of Open Source - The New Stack
Passwords, Credential Stuffing & Brute Force Attacks
Credential Theft Protection: Defending Your Organization’s Data | MSSP Alert
How to defend against brute force and password spray attacks (bleepingcomputer.com)
The $13 billion problem: Tackling the growing sophistication of account takeovers (betanews.com)
Social Media
Analysis of thousands of channels reveals Telegram is flooded with criminal networks | TechSpot
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram (404media.co)
Opinion | The Tide May Be Turning for Telegram, TikTok and X - The New York Times (nytimes.com)
US arrests leaders of alleged Telegram terrorist group - BBC News
Watch Out for This New LinkedIn Job Scam (tech.co)
Malvertising
Google Users Warned Of Surging Malvertising Campaigns (searchenginejournal.com)
Google abusing ad tech dominance, UK competition watchdog finds - BBC News
Regulations, Fines and Legislation
US proposes requiring reporting for advanced AI, cloud providers (yahoo.com)
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram (404media.co)
How to Hire a CISO as Scrutiny Intensifies | Woodruff Sawyer - JDSupra
Opinion | The Tide May Be Turning for Telegram, TikTok and X - The New York Times (nytimes.com)
US arrests leaders of alleged Telegram terrorist group - BBC News
Google abusing ad tech dominance, UK competition watchdog finds - BBC News
Malaysia introduces a new Cyber Security Act | Herbert Smith Freehills | Global law firm
Backup and Recovery
Half of IT Leaders Faced Backup Recovery & One-Third Failed (itsecuritywire.com)
Careers, Working in Cyber and Information Security
Global Study Finds Organizations Facing Cybersecurity Gaps (govtech.com)
Building a career where you have the power to do the most good (siliconrepublic.com)
Cyber skills for sale: what leaders can learn from the dark web - Raconteur
Internships can be a gold mine for cybersecurity hiring | CSO Online
Cyber Staffing Shortages Remain CISOs' Biggest Challenge (darkreading.com)
Why Breaking into Cybersecurity Isn’t as Easy as You Think - Security Boulevard
Mind the talent gap: Infosec jobs abound, but hiring is flat • The Register
10 Writing Tips for Cybersecurity Professionals (darkreading.com)
Law Enforcement Action and Take Downs
Russian, Kazakhstani men living in Miami indicted over cybercrime training service | CyberScoop
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram (404media.co)
US arrests leaders of alleged Telegram terrorist group - BBC News
How Law Enforcement's Ransomware Strategies Are Evolving (darkreading.com)
17-year-old arrested in connection with cyber attack on TfL | UK News | Sky News
Arrest made in NCA investigation into Transport for London cyber attack - National Crime Agency
FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals (thehackernews.com)
Chinese hackers linked to cybercrime syndicate arrested in Singapore (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Russia’s election influence efforts show sophistication, officials say - The Washington Post
Russia focusing on US social media stars to covertly influence voters | Reuters
‘Guerrilla projects’: Russia revels in US allegations of media warfare | Media News | Al Jazeera
Phishing in focus: Disinformation, election and identity fraud - Help Net Security
The US is Preparing Criminal Charges in Iran Hack Targeting Trump, AP Sources Say - SecurityWeek
Cybersecurity, disinformation dominates hearing on elections | CyberScoop
Russia Trying to Sway Voters Toward Trump Using Influencers: Official - Business Insider
Gallup Poll Bugs Open Door to Election Misinformation (darkreading.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The Biggest Cyber Warfare Attacks In Global Geopolitics (informationsecuritybuzz.com)
The Weaponization of AI and ML is Complicating the Digital Battlefield - Security Boulevard
Nation State Actors
China
Mustang Panda Feeds Worm-Driven USB Attack Strategy (darkreading.com)
Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia (thehackernews.com)
Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets (darkreading.com)
Earth Preta Evolves its Attacks with New Malware and Strategies | Trend Micro (US)
TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign (thehackernews.com)
Edward Snowden made China a quantum networking superpower • The Register
House Committee Warns of Chinese Cranes' Threat to U.S. Port Security (gcaptain.com)
Hunters claims to have ransomed ICBC London, stolen 6.6TB • The Register
Chinese hackers linked to cybercrime syndicate arrested in Singapore (bleepingcomputer.com)
Portuguese government to continue ban on Chinese 5G equipment (techmonitor.ai)
Russia
Russia reportedly readies submarine cable 'sabotage' • The Register
Russia’s election influence efforts show sophistication, officials say - The Washington Post
Germany Accuses Russia’s GRU Military Intelligence of Cyberattacks on NATO, EU - The Moscow Times
NCSC Calls Out Cyber-Attacks From Russia's GRU (silicon.co.uk)
US charges Russian military officers for unleashing wiper malware on Ukraine | Ars Technica
US Offers $60 Million Bounty in Hunt for Russian Hackers - Newsweek
Western intelligence warns Russia targeting aid to Ukraine - Naval Technology (naval-technology.com)
‘Guerrilla projects’: Russia revels in US allegations of media warfare | Media News | Al Jazeera
Russia Trying to Sway Voters Toward Trump Using Influencers: Official - Business Insider
Russia focusing on US social media stars to covertly influence voters | Reuters
Wix to block Russian users starting September 12 (bleepingcomputer.com)
Iran
The Biggest Cyber Warfare Attacks In Global Geopolitics (informationsecuritybuzz.com)
Advisory warns of Iran ransomware threat (baselinemag.com)
The Iran cyber threat: Breaking down attack tactics | ITPro
The US is Preparing Criminal Charges in Iran Hack Targeting Trump, AP Sources Say - SecurityWeek
Significant ransom payment by major Iranian IT firm underway | SC Media (scmagazine.com)
North Korea
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware (thehackernews.com)
Indodax hacked for $22 million, Lazarus Group suspected | Invezz
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (thehackernews.com)
How not to hire a North Korean IT spy | CSO Online
Watch Out for This New LinkedIn Job Scam (tech.co)
Ongoing Lazarus Group campaign sets sights on blockchain pros | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Commercial Spyware Use Roars Back Despite Sanctions (darkreading.com)
Predator Spyware Resurfaces: Renewed Threats And Global Implications (informationsecuritybuzz.com)
US arrests leaders of alleged Telegram terrorist group - BBC News
Bomb threats are cyber attack - News - Rádio RSI English (rtvs.sk)
Tools and Controls
AI cybersecurity needs to be as multi-layered as the system it's protecting - Help Net Security
Half of IT Leaders Faced Backup Recovery & One-Third Failed (itsecuritywire.com)
CTEM: The next frontier in cybersecurity | TechRadar
Top API risks and how to mitigate them | TechTarget
Credential Theft Protection: Defending Your Organization’s Data | MSSP Alert
Best practices for implementing the Principle of Least Privilege - Help Net Security
Inside the Secrets of Physical Penetration Testing | HackerNoon
Competition Fueled by Strong Cyber Insurance Profitability, Pricing Declines (claimsjournal.com)
6 ways hackers sidestep your two-factor authentication | PCWorld
Think rebuild, not recovery, after a supply chain attack (betanews.com)
Data centres to be given massive boost and protections from cyber criminals and IT blackouts - GOV.UK (www.gov.uk)
WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers (thehackernews.com)
Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth - Security Boulevard
Cyber threat needs public sector response (emergingrisks.co.uk)
Cyber insurance set for explosive growth - Help Net Security
How Effective Threat Hunting Programs are Shaping Cybersecurity - Security Boulevard
8 key aspects of a mobile device security audit program | TechTarget
Why cloud security strategy is changing to prioritise recovery - Raconteur
MI6 and CIA using Gen AI to combat tech-driven threats • The Register
Other News
Cybercriminals target SMEs as large companies beef up security - The Economic Times (indiatimes.com)
Businesses' preparedness against cyber threats beginning to shrink: Beazley - Reinsurance News
The Escalating Threat of Cybercrime and the Urgent Need for Advanced Defenses (thefastmode.com)
ICO and NCA sign memorandum of understanding for further collaboration on cyber security | ICO
How to Strengthen and Improve Your Company's Security Posture - Security Boulevard
The Biggest Cybersecurity Threats Facing Small Businesses Today - DevX
Your travel guide to public Wi-Fi, security and privacy (securitybrief.co.nz)
Data centres deemed 'critical infrastructure' by government | NASDAQ:AMZN (proactiveinvestors.co.uk)
Rogue WHOIS server gives researcher superpowers no one should ever have | Ars Technica
Microsoft Office 2024 to disable ActiveX controls by default (bleepingcomputer.com)
New RAMBO attack steals data using RAM in air-gapped computers (bleepingcomputer.com)
Cyberattacks on US utilities surged 70% this year, says Check Point (yahoo.com)
The future of automotive cybersecurity: Treating vehicles as endpoints - Help Net Security
How higher ed can stay ahead of growing cyber threats - eCampus News
Cisco merch shoppers stung in CosmicSting attack • The Register
Shipping has left gates ‘wide open’ for cyber attacks | TradeWinds (tradewindsnews.com)
Vulnerability Management
Vulnerabilities
SonicWall SSLVPN access control flaw is now exploited in attacks (bleepingcomputer.com)
Cisco Patches High-Severity Vulnerabilities in Network Operating System - SecurityWeek
Veeam patches critical flaws, urges users to update (computing.co.uk)
Citrix Releases Security Updates for Citrix Workspace App for Windows | CISA
RomCom Group Exploiting Microsoft Office 0-day To Deploy Ransomware (cybersecuritynews.com)
Ivanti fixes maximum severity RCE bug in Endpoint Management software (bleepingcomputer.com)
Adobe Patches Critical, Code Execution Flaws in Multiple Products - SecurityWeek
Chrome 128 Update Resolves High-Severity Vulnerabilities - SecurityWeek
Intel Warns of 20+ Processor Vulnerabilities, Advises Firmware Updates - SecurityWeek
Adobe fixes Acrobat Reader zero-day with public PoC exploit (bleepingcomputer.com)
Palo Alto Networks Patches Dozens of Vulnerabilities - SecurityWeek
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) - Help Net Security
Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (bleepingcomputer.com)
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution (thehackernews.com)
Samsung’s Update Decision—Bad News Confirmed For Millions Of Galaxy Users (forbes.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 11 September 2024 – Microsoft Patch Tuesday, Adobe and Ivanti Security Updates
Black Arrow Cyber Advisory 11 September 2024 – Microsoft Patch Tuesday, Adobe and Ivanti Security Updates
Executive summary
Microsoft’s September Patch Tuesday provides updates to address 79 security issues across its product range, including four actively exploited zero-day vulnerabilities and one publicly disclosed zero-day. In addition to the Microsoft updates this week also saw Adobe fix 28 vulnerabilities across various products, and Ivanti addressing several critical severity vulnerabilities in their Endpoint Manager product, and several high severity vulnerabilities in their Workspace Control and Cloud Security Appliance products.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of Windows, Adobe and Ivanti that are products impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.
Microsoft
Further details on other specific updates within this Microsoft patch Tuesday can be found here:
Adobe
Further details of the vulnerabilities in Adobe products can be found here under ‘Recent bulletins and advisories’:
https://helpx.adobe.com/security/security-bulletin.html
Ivanti
Further details of the vulnerabilities in Ivanti Cloud Service Appliance (CSA) can be found here:
Further details of the vulnerabilities in Ivanti Workspace Control (IWC) can be found here:
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC?language=en_US
Further details of the vulnerabilities in Ivanti Endpoint Manager (EPM) can be found here:
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 06 September 2024
Black Arrow Cyber Threat Intelligence Briefing 06 September 2024:
-Active Ransomware Groups Surge by 56% in 2024
-Authorised Push Payment (APP) Fraud Dominates as Scams Hit All-Time High
-Phishing Remains Top Cyber Threat, Credential Exposure Incidents Surging
-When Cyber Security Breaches Are Inevitable, It's Time to Call for A New Approach
-Critical infrastructure Sustained 13 Cyber Attacks per Second in 2023
-How Phishing Messages Break Through Email Filters
-Can Every Business Afford to Be a Target?
-To Beat Cyber-Crime Your Business Needs a Cyber Hygiene Review
-UK Public Growing Anxious Over Dependence on IT Systems
-Russia’s Most Notorious Special Forces Unit Tied to Assassinations and Sabotage, Now Has Its Own Cyber Warfare Team
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Active Ransomware Groups Surge by 56% in 2024
There was a 56% increase in active ransomware gangs in the first half of 2024, with 73 groups in operation compared to 46 in H1 2023. This rise highlights the growing fragmentation of the ransomware landscape, partly driven by law enforcement actions that disrupted major Ransomware-as-a-Service (RaaS) groups. Notably, ransomware gang BlackCat disappeared after an “exit scam” following a ransom from US healthcare provider Change Healthcare in March 2024. Smaller groups are now emerging rapidly, executing targeted attacks, and frequently reappearing under new identities, complicating cyber security efforts.
Authorised Push Payment (APP) Fraud Dominates as Scams Hit All-Time High
The UK’s Financial Ombudsman Service reported a record high in fraud and scam cases in Q2 2024, with authorised push payment (APP) fraud making up over half of the complaints. APP fraud, where victims are tricked into transferring money to fraudsters, is contentious as many banks argue that victims made a conscious decision, thus forfeiting reimbursement. Between April and June 2024, 8,734 complaints were lodged, marking a 43% year-on-year increase. The rise is attributed not only to increased fraud but also to more complex multi-stage fraud, card payments lacking protection, and more cases being filed by professional representatives.
Phishing Remains Top Cyber Threat, Credential Exposure Incidents Surging
ReliaQuest’s Q3 2024 Attacker Trends Analysis reveals that phishing remains the top cyber threat, accounting for 37% of incidents. However, credential exposure incidents have surged dramatically to 88% of security alerts, up from 60% in 2023, indicating a critical weakness in credential management. Malware, particularly the Remote Access Trojan (RAT) "SocGholish", affected 23% of customers, often linked to phishing campaigns. Additionally, MITRE ATT&CK techniques such as T1078 (Valid Accounts) and T1204 (User Execution) were frequently exploited, highlighting the need for stronger credential protection and phishing defences.
When Cyber Security Breaches Are Inevitable, It's Time to Call for A New Approach
At a recent TED Conference discussions highlighted how emerging technologies like AI and quantum computing are poised to both elevate and challenge cyber security. Research from Proofpoint shows that 94% of cloud customers were targeted monthly in 2023, with 62% successfully compromised, underscoring the increased risk. To counter this, businesses must adopt a cyber resilience mindset, focusing on sustaining operations during and after a cyber attack. This involves planning, regular practice, early detection, and partnerships to ensure organisations remain resilient amid growing cyber threats.
Critical infrastructure Sustained 13 Cyber Attacks per Second in 2023
Critical infrastructure faced over 420 million cyber attacks between January 2023 and January 2024, marking a 30% rise from the previous year. Power grids, transportation, and communication networks are particularly vulnerable due to the severe disruption any failures would cause. The US, UK, Germany, India, and Japan were the most frequently targeted, with threat actors predominantly originating from China, Russia, and Iran. The increasing digitisation of global infrastructure has heightened the risk of cyber attacks, particularly following the onset of the war in Ukraine.
How Phishing Messages Break Through Email Filters
The APWG’s Phishing Activity Trends Report for Q1 2024 revealed over 963,000 phishing attacks, with Business Email Compromise (BEC) fraud seeing a 50% rise in the average wire transfer request to $84,000. Cyber security researchers at LevelBlue Labs detailed sophisticated evasion techniques used by attackers, including voice phishing (vishing), exploiting compromised accounts, and leveraging social engineering. Attackers bypass email security gateways (SEGs) by using advanced tactics such as manipulating ZIP archives and reversing text in email source code, enabling them to distribute malware undetected. These developments highlight the urgent need for enhanced anti-phishing measures and user vigilance.
Can Every Business Afford to Be a Target?
Small and medium-sized businesses (SMBs) face an evolving cyber threat landscape, as cyber criminals increasingly adopt business models like Ransomware-as-a-Service (RaaS). According to recent findings, SMBs are particularly vulnerable due to limited financial and staffing resources, leaving them exposed to phishing attacks, leaked data, and common technology vulnerabilities. Ransomware groups provide tools to less skilled attackers, expanding the scope of attacks. Phishing remains a significant threat, especially as SMBs rely on SaaS applications. To protect themselves, SMBs must find cost-effective solutions, such as automated threat monitoring and leveraging AI for threat intelligence analysis.
To Beat Cyber-Crime Your Business Needs a Cyber Hygiene Review
A recent survey revealed that 58% of large businesses experienced cyber crime in the past 12 months, costing around £5,000 per incident. With human error responsible for 95% of cyber security breaches, a focus on cyber hygiene is critical. Organisations should conduct a ‘cyber-hygiene deep clean,’ which includes documenting all hardware, software, and applications, and updating or uninstalling outdated or unused systems. Regular password updates, software patches, and thorough vulnerability assessments of public-facing assets are essential to prevent breaches. Protecting customer data, especially PII, must be prioritised to avoid compliance issues and fines.
UK Public Growing Anxious Over Dependence on IT Systems
A recent survey by OnePoll for the International Cyber Expo found that 78% of UK respondents are concerned about the heavy reliance of global organisations on IT systems and software providers. This comes after the July 2024 CrowdStrike outage, where a faulty update affected around 8.5 million computers worldwide, disabling many Windows systems. The survey revealed that 44% of respondents were impacted, with 18% directly affected and 26% knowing someone who was. The incident highlights growing apprehension over cyber security vulnerabilities and the potential for widespread disruption to everyday life and business operations.
Russia’s Most Notorious Special Forces Unit Tied to Assassinations and Sabotage, Now Has Its Own Cyber Warfare Team
A new cyber threat group, identified as Cadet Blizzard and linked to Russia’s GRU Unit 29155, has been revealed by Western government agencies. Known for its physical sabotage and assassinations, Unit 29155 has now developed a cyber warfare team responsible for multiple hacking operations targeting Ukraine, the US, and other countries. Since 2022, the group has launched attacks using Whispergate malware, which destroyed data in at least two dozen Ukrainian organisations, and engaged in defacement and data theft under the guise of a fake hacktivist group, Free Civilian. This intertwining of physical and digital tactics highlights the growing threat posed by state-sponsored cyber warfare.
Sources
https://www.infosecurity-magazine.com/news/active-ransomware-groups-surge/
https://www.infosecurity-magazine.com/news/app-fraud-scams-alltime-high/
https://informationsecuritybuzz.com/phishing-top-cyber-threat-despite-drop/
https://www.techradar.com/pro/critical-infrastructure-sustained-13-cyber-attacks-per-second-in-2023
https://cybersecuritynews.com/phishing-email-filter-breakthroughs/
https://informationsecuritybuzz.com/can-every-business-afford-to-be-target/
https://itbrief.co.uk/story/uk-public-growing-anxious-over-dependence-on-it-systems
https://www.wired.com/story/russia-gru-unit-29155-hacker-team/
Governance, Risk and Compliance
To beat cyber-crime your business needs a cyber-hygiene review - Digital Journal
More than a CISO: the rise of the dual-titled IT leader | CSO Online
Quantifying Risks to Make the Right Cyber Security Investments (inforisktoday.com)
When Cyber Security Breaches Are Inevitable, It's Time To Call For A New Approach (forbes.com)
Making Enterprises Resilient In The Face Of Growing Cyber Threats (forbes.com)
Why the CFO-CISO relationship is key to mitigating cyber risk - Raconteur
Can Every Business Afford To Be A Target? (informationsecuritybuzz.com)
The true cost of cyber crime for your business - Help Net Security
Boards Need to Take a Hard Look tt Their Cyber Vulnerabilities (forbes.com)
Incident response planning vital for cyber security (devx.com)
Surge in cyber risks will create new exposures (emergingrisks.co.uk)
Security boom is over, with third of budgets flat or falling • The Register
How Should You Manage Cyber Risk in 2024? (informationweek.com)
Cost of a data breach: Cost savings with law enforcement involvement (securityintelligence.com)
Don’t Get Your Security from Your RMM Provider: The Risks You Should Know | MSSP Alert
Insurance groups urge state support for ‘uninsurable’ cyber risks (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
RansomHub claims 210 scalps in bid for ransomware supremacy • The Register
Ransomware gangs of 2024: The rise of the affiliates (techinformed.com)
Everything you need to know about RansomHub, the new force in the digital extortion industry | ITPro
New ransomware group is hitting VMware ESXi systems hard | TechRadar
Active Ransomware Groups Surge by 56% in 2024 - Infosecurity Magazine (infosecurity-magazine.com)
Global Ransomware Attacks Spiked Along with Payments and Demands in Q2: Corvus (claimsjournal.com)
Ransomware tactics 2024: why you need to protect yourself differently | TechFinitive
How ransomware tactics are shifting, and what it means for your business - Help Net Security
Why Are Organisations Losing the Ransomware Battle? | Axio
IT worker charged over $750,000 cyber extortion plot against former employer (bitdefender.com)
Qilin Ransomware Attack Used To Steal Chrome Browser Data - Security Boulevard
RansomHub Emerges in Rapidly Evolving Ransomware Landscape - Security Boulevard
Fog ransomware crew evolving into wide-ranging threat | Computer Weekly
Cicada Ransomware - What You Need To Know | Tripwire
83% of organisations experienced at least one ransomware attack in the last year - Help Net Security
Researcher sued for sharing data stolen by ransomware with media (bleepingcomputer.com)
Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems (bleepingcomputer.com)
Ransomware Gangs Pummel Southeast Asia (darkreading.com)
Linux Ransomware Threats: How Attackers Target Linux Systems (itprotoday.com)
Ransomware Victims
Housing charity latest to get hit by ransomware attack - TFN
City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack - SecurityWeek
Tewkesbury Borough Council cyber attack sparks disruption - BBC News
Halliburton confirms data was stolen in ongoing cyber attack | TechCrunch
‘Critical’ cyber attack on pension fund ‘almost certain’ - Somerset Live
Lockbit claims breach on Canada’s largest school board: Is the group back with a vengeance? | ITPro
Planned Parenthood confirms cyber attack as RansomHub claims breach (bleepingcomputer.com)
Phishing & Email Based Attacks
How Phishing Messages Break Through Email Filters - Report (cybersecuritynews.com)
Phishing Remains Top Cyber Threat (informationsecuritybuzz.com)
File-sharing phishing attacks zero-in on the financial sector | SC Media (scmagazine.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
Help friends and family avoid phishing emails (appleinsider.com)
Novel attack on Windows spotted in Chinese phishing campaign • The Register
Travelers Beware of Sophisticated Booking.com Phishing Attack (cybersecuritynews.com)
Business Email Compromise (BEC)
Nigerian man sentenced to 5 years for role in BEC operation | CyberScoop
Two Nigerians Sentenced to Prison in US for BEC Fraud - SecurityWeek
Other Social Engineering
How Phishing Messages Break Through Email Filters - Report (cybersecuritynews.com)
APP Fraud Dominates as Scams Hit All-Time High - Infosecurity Magazine (infosecurity-magazine.com)
Stop Scanning Random QR Codes (gizmodo.com)
Quishing, an insidious threat to electric car owners (securityaffairs.com)
VIEW: Deepfakes represent growing cyber threat - CIR Magazine
The attack with many names: SMS Toll Fraud - Help Net Security
FBI warns crypto firms of aggressive social engineering attacks (bleepingcomputer.com)
Travelers Beware of Sophisticated Booking.com Phishing Attack (cybersecuritynews.com)
Cryptohack Roundup: Focus on Pig Butchering - DataBreachToday
Recruiters and job candidates need to be vigilant of emerging cyber crime (thehrdirector.com)
North Korean Hackers Targets Job Seekers with Fake FreeConference App (thehackernews.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
Artificial Intelligence
The six most dangerous new threats security teams need to know about - IT Security Guru
AI-enhanced cyber attack tops emerging enterprise risk rankings – Gartner - CIR Magazine
AI as an Insider Threat | AFCEA International
87% of executives are concerned about bot attacks and AI fraud | Security Magazine
Deepfakes represent growing cyber threat - CIR Magazine
Gen reveals 46% surge in cyber attacks; AI scams grow rapidly (securitybrief.co.nz)
Think hard before deploying Copilot for Microsoft 365 • The Register
Businesses still ready to invest in Gen AI, with risk management a top priority | ZDNET
Clearview AI fined $33 million for facial recognition database | TechRadar
There are many reasons why companies struggle to exploit generative AI, says Deloitte survey | ZDNET
1 in 3 workers are using AI multiple times a week - and they're shouting about it | ZDNET
Inside NSA's partnerships with AI makers to prevent future attacks - Washington Times
Is AI the new bloatware? | ZDNET
AI, cyber and critical infrastructure | Professional Security
Governments need to beef up cyberdefence for the AI era - and get back to the basics | ZDNET
2FA/MFA
The six most dangerous new threats security teams need to know about - IT Security Guru
How Hackers Bypass MFA, And What You Can Do About It (forbes.com)
Admins of MFA bypass service plead guilty to fraud (bleepingcomputer.com)
UK trio pleads guilty to operating $10M MFA bypass biz • The Register
Malware
'Voldemort' Malware Curses Orgs Using Global Tax Authorities (darkreading.com)
This malware pretends to be a real VPN service to lure in victims | TechRadar
GitHub comments abused to spread Lumma Stealer malware as fake fixes (bleepingcomputer.com)
Godzilla Fileless Backdoor Exploits Atlassian Confluence Vulnerability (cybersecuritynews.com)
3,000 "ghost accounts" on GitHub spreading malware (securityintelligence.com)
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore (thehackernews.com)
New Golang malware capable of cross-platform backdoor attacks spotted in the wild | TechRadar
What is malvertising? Cyber criminals exploiting search ads to spread malware | Invezz
China's 'Earth Lusca' Propagates Multiplatform Backdoor (darkreading.com)
Microsoft Observed A New Tickler Malware Attack Satellite Devices (cybersecuritynews.com)
Chinese organisations are being hit by Cobalt Strike malware from within China | TechRadar
New Backdoor Used By Iranian State-Sponsored Group | Decipher (duo.com)
Thousands of abandoned PyPI projects could be hijacked: Report | CSO Online
Fake OnlyFans cyber crime tool infects hackers with malware (bleepingcomputer.com)
Numerous malware deployed in prolonged APT32 intrusion | SC Media (scmagazine.com)
Mobile
Android And iOS Users Attacked By Russian APT29 Hackers, Google Warns (forbes.com)
This Popular App Company Was Sold, and Now Its Android Apps Are a Privacy Risk (makeuseof.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
Denial of Service/DoS/DDOS
Massive DDoS poured 3.15 billion packets per second on Microsoft server | Cybernews
Only 25% of organisations are prepared to manage a DDoS attack | Security Magazine
Internet of Things – IoT
Attacks Continue on Connected Devices - Electrical Contractor Magazine (ecmag.com)
A Deep Dive Into IoT Communication Protocols (informationsecuritybuzz.com)
CCTV biz Verkada pays $3M to settle FTC complaint • The Register
Data Breaches/Leaks
170 million strong data leak traced to US data broker | TechRadar
Over 1.4M Users Exposed in Tracelo Breach | MSSP Alert
Microchip Technology confirms data was stolen in cyber attack (bleepingcomputer.com)
Organised Crime & Criminal Actors
Philippine authorities detain more than 160 people over suspected cyber crime operation - Bloomberg
Admins of MFA bypass service plead guilty to fraud (bleepingcomputer.com)
CEO's Arrest Likely Won't Dampen Cyber criminal Interest in Telegram (darkreading.com)
Alleged cyber criminal wanted by US spent 15 years evading arrest (voanews.com)
The true cost of cyber crime for your business - Help Net Security
UK trio pleads guilty to operating $10M MFA bypass biz • The Register
Cyber criminals use legitimate software for attacks increasing (securitybrief.co.nz)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day - SecurityWeek
FTC: Over $110 million lost to Bitcoin ATM scams in 2023 (bleepingcomputer.com)
FBI warns crypto firms of aggressive social engineering attacks (bleepingcomputer.com)
North Korean scammers prep stealth attacks on crypto outfits • The Register
Cryptohack Roundup: Focus on Pig Butchering - DataBreachToday
Insider Risk and Insider Threats
How Employees Can Protect a Company's Cyber Security - DevX
IT worker charged over $750,000 cyber extortion plot against former employer (bitdefender.com)
INSIDER THREAT AWARENESS MONTH: Are you prepared? - IT Security Guru
Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities (thehackernews.com)
Human firewalls are essential to keeping SaaS environments safe - Help Net Security
AI as an Insider Threat | AFCEA International
Insurance
Insurance groups urge state support for ‘uninsurable’ cyber risks (ft.com)
Supply Chain and Third Parties
UK Public Worried About Global Over Reliance on IT Systems - IT Security Guru
Improved Software Supply Chain Resilience Equals Increased Security (darkreading.com)
What is Vendor Risk Monitoring in Cyber Security? | UpGuard
Top 8 Vendor Risk Monitoring Solutions in 2024 | UpGuard
Boards Need To Take A Hard Look At Their Cyber Vulnerabilities (forbes.com)
Cloud/SaaS
A third of organisations suffered a SaaS data breach this year - Help Net Security
File-sharing phishing attacks zero-in on the financial sector | SC Media (scmagazine.com)
How Confident Are You That Your Critical Saas Applications Are Secure? (thehackernews.com)
Human firewalls are essential to keeping SaaS environments safe - Help Net Security
What Is the Shared Fate Model? (darkreading.com)
Rising cloud costs leave CIOs seeking ways to cope | CIO
Outages
UK public growing anxious over dependence on IT systems (itbrief.co.uk)
We must break tech monopolies before they break us (thenextweb.com)
Boards Need To Take A Hard Look At Their Cyber Vulnerabilities (forbes.com)
Identity and Access Management
Why Identity Teams Need to Start Reporting to the CISO (darkreading.com)
The Evolution of Identity and Access Management (IAM) - Security Boulevard
Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities (thehackernews.com)
Linux and Open Source
Linux Ransomware Threats: How Attackers Target Linux Systems (itprotoday.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why You Shouldn't Store Passwords in Your Browser: Password Security Risks | HackerNoon
The New Effective Way to Prevent Account Takeovers (thehackernews.com)
Social Media
Russian minister: Telegram 'too free' on content moderation • The Register
Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network (hackread.com)
Germany’s Far Right Is in a Panic Over Telegram | WIRED
Fake OnlyFans cyber crime tool infects hackers with malware (bleepingcomputer.com)
Malvertising
In plain sight: Malicious ads hiding in search results (welivesecurity.com)
What is malvertising? Cyber criminals exploiting search ads to spread malware | Invezz
Your Google searches becoming big target for 'malvertising' hackers (cnbc.com)
Malvertising is popping up on search engines - The Hustle
Regulations, Fines and Legislation
Clearview AI fined $33 million for facial recognition database | TechRadar
UK Signs Council of Europe AI Convention - Infosecurity Magazine (infosecurity-magazine.com)
CCTV biz Verkada pays $3M to settle FTC complaint • The Register
Models, Frameworks and Standards
6 IT risk assessment frameworks compared | CSO Online
Banks Brace for DORA Cyber Security Deadline on Jan. 17 (inforisktoday.com)
NIST Cybersecurity Framework (CSF) and CTEM – Better Together (thehackernews.com)
Complying with PCI DSS requirements by 2025 - Help Net Security
Explaining The OWASP API Security Top 10 (informationsecuritybuzz.com)
NIST Obtains OpenAI, Anthropic AI Model Access | MSSP Alert
Making Sense of Cyber Security Standards Like FedRAMP (pymnts.com)
Careers, Working in Cyber and Information Security
Championing the Wins to Improve Wellbeing in the Cyber Workplace - IT Security Guru
Biden admin calls infosec 'national service' in job-fill bid • The Register
Are IT certifications replacing the college degree? | CIO
Law Enforcement Action and Take Downs
Philippine authorities detain more than 160 people over suspected cyber crime operation - Bloomberg
IT worker charged over $750,000 cyber extortion plot against former employer (bitdefender.com)
Admins of MFA bypass service plead guilty to fraud (bleepingcomputer.com)
CEO's Arrest Likely Won't Dampen Cyber criminal Interest in Telegram (darkreading.com)
Nigerian man sentenced to 5 years for role in BEC operation | CyberScoop
Alleged cyber criminal wanted by US spent 15 years evading arrest (voanews.com)
UK trio pleads guilty to operating $10M MFA bypass biz • The Register
Two Nigerians Sentenced to Prison in US for BEC Fraud - SecurityWeek
Cost of a data breach: Cost savings with law enforcement involvement (securityintelligence.com)
Misinformation, Disinformation and Propaganda
Justice Department accuses Russia of interfering with 2024 elections | CyberScoop
US charges Russian GRU hacking team behind WhisperGate • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
China's 'Earth Lusca' Propagates Multiplatform Backdoor (darkreading.com)
Chinese organisations are being hit by Cobalt Strike malware from within China | TechRadar
Novel attack on Windows spotted in Chinese phishing campaign • The Register
Russia
NCSC and allies call out Russia's Unit 29155 over cyber warfare | Computer Weekly
Russian GRU Unit Tied to Assassinations Linked to Global Cyber Sabotage and Espionage - SecurityWeek
Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team | WIRED
Android And iOS Users Attacked By Russian APT29 Hackers, Google Warns (forbes.com)
Justice Department accuses Russia of interfering with 2024 elections | CyberScoop
Sweden warns of heightened risk of Russian sabotage | Sweden | The Guardian
Russian military intelligence organised cyber attacks against Estonian institutions | News | ERR
US charges Russian GRU hacking team behind WhisperGate • The Register
The FCC has finally banned Kaspersky from telecoms kits | TechRadar
Iran
Israeli spies targeted by Iranian hackers | SC Media (scmagazine.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
New Backdoor Used By Iranian State-Sponsored Group | Decipher (duo.com)
North Korea
North Korean scammers prep stealth attacks on crypto outfits • The Register
North Korean Hackers Targets Job Seekers with Fake FreeConference App (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Numerous malware deployed in prolonged APT32 intrusion | SC Media (scmagazine.com)
Civil Rights Groups Call For Spyware Controls - Infosecurity Magazine (infosecurity-magazine.com)
Germany’s Far Right Is in a Panic Over Telegram | WIRED
Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network (hackread.com)
Spyware vendors thwart restrictions by changing names, reorganise, move - The Washington Post
Predator spyware resurfaces with signs of activity, Recorded Future says | CyberScoop
Civil Rights Groups Call For Spyware Controls - Infosecurity Magazine (infosecurity-magazine.com)
Tools and Controls
To beat cyber-crime your business needs a cyber-hygiene review - Digital Journal
Evolution of Attack Surface Management - Security Boulevard
This malware pretends to be a real VPN service to lure in victims | TechRadar
API Attack Surface: How to secure it and why it matters - Security Boulevard
Why enterprises need real-time visibility of their invisible threats (betanews.com)
Quantifying Risks to Make the Right Cyber Security Investments (inforisktoday.com)
When Cyber Security Breaches Are Inevitable, It's Time To Call For A New Approach (forbes.com)
Making Enterprises Resilient In The Face Of Growing Cyber Threats (forbes.com)
Why the CFO-CISO relationship is key to mitigating cyber risk - Raconteur
Choosing the Best Cyber Security Prioritization Method for Your Organisation - Security Boulevard
What is Vendor Risk Monitoring in Cyber Security? | UpGuard
Is the "Network" Defendable? - Security Boulevard
How Confident Are You That Your Critical SaaS Applications Are Secure? (thehackernews.com)
The Evolution of Identity and Access Management (IAM) - Security Boulevard
NIST Cybersecurity Framework (CSF) and CTEM – Better Together (thehackernews.com)
Explaining The OWASP API Security Top 10 (informationsecuritybuzz.com)
Incident response planning vital for cyber security (devx.com)
Rising cloud costs leave CIOs seeking ways to cope | CIO
Think hard before deploying Copilot for Microsoft 365 • The Register
Use AI threat modeling to mitigate emerging attacks | TechTarget
Don’t Get Your Security from Your RMM Provider: The Risks You Should Know | MSSP Alert
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore (thehackernews.com)
Businesses still ready to invest in Gen AI, with risk management a top priority | ZDNET
Inside NSA's partnerships with AI makers to prevent future attacks - Washington Times
Other News
Critical infrastructure sustained 13 cyber attacks per second in 2023 | TechRadar
SQL injection bug allows anyone to skip airport security • The Register
TfL cyber attack could be due to poor cyber-hygiene, expert says - Verdict
TfL cyber attack could've brought London 'to a standstill' (telecomstechnews.com)
Can Every Business Afford To Be A Target? (informationsecuritybuzz.com)
We must break tech monopolies before they break us (thenextweb.com)
Cyber criminals use legitimate software for attacks increasing (securitybrief.co.nz)
Is the "Network" Defendable? - Security Boulevard
Surge in cyber risks will create new exposures (emergingrisks.co.uk)
Five notorious cyber attacks that targeted governments (theconversation.com)
Vulnerability Management
Tenable finds only 3% of vulnerabilities pose significant risks (securitybrief.co.nz)
Businesses must act now to address the zero day surge | TechRadar
Vulnerabilities
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (thehackernews.com)
Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise - SecurityWeek
Cisco warns of backdoor admin account in Smart Licensing Utility (bleepingcomputer.com)
Godzilla Fileless Backdoor Exploits Atlassian Confluence Vulnerability (cybersecuritynews.com)
Hacktivist Group Exploit WinRAR Vulnerability to Encrypt Windows & Linux (cybersecuritynews.com)
Chrome 128 Updates Patch High-Severity Vulnerabilities - SecurityWeek
Your Google Pixel Phone's September Update Arrived (droid-life.com)
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica
Worried about the YubiKey 5 vulnerability? Here's why I'm not | ZDNET
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution (thehackernews.com)
ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217 | UpGuard
Log4j Continues to act as Organisational Vulnerability - Security Boulevard
DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign - SecurityWeek
Vulnerabilities In Two WordPress Contact Form Plugins Affect +1.1 Million (searchenginejournal.com)
VMware fixed a code execution flaw in Fusion hypervisor (securityaffairs.com)
D-Link says it is not fixing four RCE flaws in DIR-846W routers (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 August 2024
Black Arrow Cyber Threat Intelligence Briefing 30 August 2024:
-76% of Managed Service Providers (MSPs) Faced an Infrastructure Cyber Attack in Last 12 Months
-Third-Party Risk Management is Under the Spotlight
-46% of Enterprises Experience Four or More Ransomware Attacks in a Single Year, Affecting ERP Applications and Systems 89% of the Time
-Cyber Security Spending is Going to Surge in 2025, and AI Threats are a Key Factor
-Aggressively Monitoring for Changes Is a Key Aspect of Cyber Security
-Half of Enterprises Suffer Breaches Despite Heavy Security Investments
-Why the 80-20 Rule No Longer Works for Cyber Security
-Deepfakes: Seeing is No Longer Believing
-Online Scam Cycles are Getting Shorter and More Effective
-Cyber Attacks on Critical Infrastructure Increased by 30% in One Year
-Russia is Signalling It Could Take Out the West's Internet and GPS. There's No Good Backup Plan
-NATO Believes Russia Poses a Threat to the West’s Internet and GPS Services
-Cyber Attacks on UK Law Firms Surge by 77% Amid Rising Ransomware Threat
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
76% of Managed Service Providers (MSPs) Faced an Infrastructure Cyber Attack in Last 12 Months
A recent report by Netwrix highlights that 76% of Managed Service Providers (MSPs) experienced a cyber attack on their infrastructure in the past 12 months, mirroring the 79% seen across all organisations. Of those attacked, 51% incurred unplanned expenses to address security gaps, while 31% suffered a loss of competitive edge, and 27% faced compliance fines - higher than the averages in other sectors. Notably, nearly half (49%) of cloud security incidents involved user account compromises, while 46% of on-premises attacks were related to ransomware or other malware. These findings underscore the critical need for robust security measures in the MSP sector.
Third-Party Risk Management is Under the Spotlight
Recent research highlights a critical vulnerability in the financial sector's digital supply chain resilience, exposed by the recent CrowdStrike IT outage. Despite regulatory pressure from bodies such as the Bank of England and the EU's Digital Operational Resilience Act (DORA), only 20.8% of financial professionals report having stressed exit plans in most third-party agreements, crucial for managing risks from supplier disruptions. With DORA set to be implemented by January 2025, the findings are concerning, as less than 19% of respondents expressed complete confidence in their third-party exit strategies, underscoring the urgent need for improved operational resilience in financial services.
46% of Enterprises Experience Four or More Ransomware Attacks in a Single Year, Affecting ERP Applications and Systems 89% of the Time
Onapsis has revealed that 83% of organisations have faced at least one ransomware attack in the past year, with 46% experiencing four or more, and 14% facing ten or more attacks. Notably, 89% of these attacks impacted Enterprise Resource Planning (ERP) systems, leading to significant business disruptions, with 61% of attacks resulting in at least 24 hours of downtime. As AI-enhanced threats grow, the impact on ERP systems is expected to worsen. The research underscores the inadequacy of generic security solutions, with 93% of respondents agreeing on the need for dedicated ERP security to protect business-critical applications.
Cyber Security Spending is Going to Surge in 2025, and AI Threats are a Key Factor
Gartner's latest research predicts a significant rise in global cyber security spending, expected to reach $183.9 billion in 2024 and increase by 15.1% to $212 billion in 2025. This surge is driven by the adoption of generative AI tools, which are heightening investments in application, data, and infrastructure security. The use of large language models (LLMs) in large-scale social engineering attacks is anticipated to contribute to 17% of cyber attacks or data leaks by 2027. Additionally, the growing shift to cloud services is expected to boost demand for cloud security solutions, with the Cloud Access Security Broker (CASB) and Cloud Workload Protection Platform (CWPP) market projected to hit $8.7 billion by 2025.
Aggressively Monitoring for Changes Is a Key Aspect of Cyber Security
Effective cyber security relies on multiple layers of defence, with file integrity monitoring and change detection being two of the most crucial. These layers are managed through an organisation's change management programme, which ensures that changes are carefully planned, tested, documented, and approved. In the past, making undocumented changes without oversight was common, but today, such practices are a fast track to unemployment. Modern change management involves detailed coordination and approval processes, often by committees, to minimise risks and prevent disruptions to business operations. These layers, while essential, underscore that no system is entirely risk-free.
Half of Enterprises Suffer Breaches Despite Heavy Security Investments
Recent reports indicate a sharp rise in data breach frequency and costs, with the average breach now costing $4.88 million, a 10% increase from the previous year. Notably, 40% of breaches involve data spread across multiple environments, including cloud and on-premises, taking an average of 283 days to identify and contain. Despite having extensive security measures, 51% of enterprises still reported breaches in the last 24 months, with 93% experiencing significant disruptions. Human error remains a critical factor, contributing to 68% of breaches. Additionally, 98% of businesses are linked to breaches through third-party relationships, highlighting the need for robust security across the supply chain.
Why the 80-20 Rule No Longer Works for Cyber Security
A recent analysis challenges the application of the Pareto Principle in cyber security, highlighting that monitoring only 80% of assets leaves organisations significantly exposed. The report reveals that over 90% of CISOs acknowledge breaches are more likely to originate from unknown or unmanaged assets rather than well-monitored ones. Using the metaphor of a ship with unchecked sections, the study emphasises that neglecting even a small percentage of assets can lead to catastrophic outcomes. It questions why some security leaders persist with this approach, given that the unmonitored 20% often contains the most exploitable vulnerabilities. The findings underscore the critical need for comprehensive asset management to effectively mitigate cyber risks.
Deepfakes: Seeing is No Longer Believing
The rising threat of deepfakes is significantly impacting organisations and public trust, with 47% of companies having encountered deepfakes and 70% believing these AI-generated attacks could heavily affect them. Despite 73% of organisations implementing measures against deepfakes, confidence in these defences remains low, with 62% fearing their efforts are insufficient. Public concern is also high, with 81% of Americans worried about the impact of deepfakes on election integrity. However, many people overestimate their ability to detect deepfakes, with 60% believing they could identify one, despite the increasing sophistication of these AI-generated threats.
Online Scam Cycles are Getting Shorter and More Effective
A recent Chainalysis mid-year report highlights that online scam cycles have become significantly shorter and more effective, with cyber criminals increasingly favouring smaller, faster, and more targeted campaigns. The report reveals that 43% of scam revenues on the blockchain were sent to wallets created within the past year, a sharp rise from 29.9% in 2022. This shift indicates a surge in newly launched scams, with the average duration of scams dropping from 271 days in 2020 to just 42 days in 2024. This trend underscores the growing agility and sophistication of cyber criminals in executing their fraudulent activities.
Cyber Attacks on Critical Infrastructure Increased by 30% in One Year
A recent report from KnowBe4 reveals a significant 30% increase in cyber attacks on critical infrastructure, amounting to over 420 million attacks between January 2023 and 2024, or approximately 13 attacks every second. Globally, the weekly average of cyber incidents has quadrupled since 2020, with a doubling just in 2023. The report also highlights growing vulnerabilities in the US power grid, with around 60 new vulnerable points emerging daily, raising the total from 21,000 in 2022 to approximately 24,000. These findings underscore the escalating risks facing critical infrastructure and the urgent need for enhanced security measures.
Russia is Signalling It Could Take Out the West's Internet and GPS. There's No Good Backup Plan
NATO intelligence officials have raised concerns that Russia may disrupt global internet and GPS networks, with recent reports suggesting that Russia is mapping undersea fibre optic cables, which carry 95% of international data. Russia's deputy chairman of the Security Council, Dmitry Medvedev, issued a stark warning after the Nord Stream 2 pipeline attack, suggesting Russia could target these vital communications links. Incidents such as the disruption of telecommunications between Sweden and Estonia in 2023 and the grounding of flights due to GPS interference highlight the growing threat. NATO is increasing surveillance, but experts stress the urgent need for resilient backup systems to protect against potential cyber attacks on this critical infrastructure.
Cyber Attacks on UK Law Firms Surge by 77% Amid Rising Ransomware Threat
A recent study has revealed a 77% increase in successful cyber attacks on UK law firms over the past year, rising from 538 to 954 incidents. Law firms are particularly attractive targets for cyber criminals due to the sensitive and valuable data they hold, leading to frequent ransomware attacks and blackmail attempts. According to a report by the UK’s National Cyber Security Centre, nearly three-quarters of the UK’s top 100 law firms have been impacted by cyber-attacks. The average ransom demand following an attack is $2.47 million, with firms typically paying $1.65 million. Despite the escalating threat, 35% of UK law firms still lack a cyber mitigation plan. Experts recommend stronger cyber defences, including data segregation, to better protect against these attacks.
Sources:
https://www.helpnetsecurity.com/2024/08/29/third-party-risk-management-spotlight/
https://www.helpnetsecurity.com/2024/08/27/data-breach-trends/
https://www.scmagazine.com/perspective/why-the-80-20-rule-no-longer-works-for-cybersecurity
https://www.helpnetsecurity.com/2024/08/29/deepfakes-technology-threat/
https://cyberscoop.com/online-scamming-cycles-shorter-more-effective-chainalysis/
https://www.businessinsider.com/russia-could-take-out-west-internet-gps-back-up-plan-2024-8
https://informationsecuritybuzz.com/cyberattacks-uk-law-firms-ransomware/
Governance, Risk and Compliance
How hard is it to navigate and comply with global cyber security regulations? | Business Wire
Cyber attacks on law firms jumped by 77% over the past year | Law Gazette
Half of enterprises suffer breaches despite heavy security investments - Help Net Security
Why the 80-20 rule no longer works for cyber security | SC Media (scmagazine.com)
Evolving Cyber Security: Aligning Strategy with Business Growth - Security Boulevard
Global Cyber Security spending to surge by 15% next year (electronicspecifier.com)
Cyber security spending is going to surge in 2025 – and AI threats are a key factor | ITPro
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Third-party risk management is under the spotlight - Help Net Security
European Agencies are Taking Cyber Security Seriously and Your Business Should, Too | Entrepreneur
Why cyber risk quantification is ‘becoming more mainstream’ - Security - CRN Australia
Boards Need a New Approach to Technology
If you’re a CISO without D&O insurance, you may need to fight for it | CSO Online
Cyber Security Maturity: A Must-Have on the CISO’s Agenda - SecurityWeek
Business leaders are losing faith in IT, according to this IBM study. Here's why | ZDNET
Cyber Hygiene: Constant Defence Against Evolving B2B Threats (pymnts.com)
6 hot cyber security trends — and 2 going cold | CSO Online
US firms see spike in cyber security services as data breaches increase: ISG - Reinsurance News
Why Companies Need Real-Time Compliance (informationsecuritybuzz.com)
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
BlackSuit Ransomware Threat Actors Demand Up To $500 Million - Security Boulevard
BlackSuit Ransomware Deployed After 15 Days From Initial Access (cybersecuritynews.com)
Ransomware Attacks, Demands, And Payments Rise In Q2 (informationsecuritybuzz.com)
Lateral movement: Clearest sign of unfolding ransomware attack - Help Net Security
Ransomware Group Defences Are Better Than Fortune 100 Firms (govinfosecurity.com)
FBI: RansomHub ransomware breached 210 victims since February (bleepingcomputer.com)
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Threat Group 'Bling Libra' Pivots to Extortion for Cloud Attacks (darkreading.com)
BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (thehackernews.com)
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates - Help Net Security
PoorTry Windows driver evolves into a full-featured EDR wiper (bleepingcomputer.com)
Ransomware attacks increasingly target ERP systems (securitybrief.co.nz)
'Big-game hunting' - Ransomware gangs are focusing on more lucrative attacks - Exponential-e Blog
77% of Educational Institutions Spotted a Cyber Attack Within the Last 12 Months (darkreading.com)
Ransomware Victims
US oil giant Halliburton confirms cyber attack behind systems shutdown (bleepingcomputer.com)
BlackSuit ransomware stole data of 950,000 from software vendor (bleepingcomputer.com)
Hunters International ransomware gang threatens to leak US Marshals data | SC Media (scmagazine.com)
Blood donation: NHS stocks are still in short supply after June cyber attack | The BMJ
Cyber attack disrupts Seattle’s Tacoma International Airport and seaport - The Hindu
Ransomware Gang Leaks Data Allegedly Stolen From Microchip Technology - SecurityWeek
77% of Educational Institutions Spotted a Cyber Attack Within the Last 12 Months (darkreading.com)
Patelco confirms thousands of customers hit in ransomware attack | TechRadar
McLaren Health Care restores network weeks after ransomware attack | Healthcare Dive
Play ransomware hackers claim attack on US manufacturer Microchip Technology (therecord.media)
Phishing & Email Based Attacks
Widespread QR Code Phishing Targeted Microsoft 365 Credentials | MSSP Alert
File sharing phishing attacks increase 350 percent (betanews.com)
PSA: Watch out for phishing attacks with fake banking app updates - 9to5Mac
Attackers exploiting trust in VPNs for phishing attacks | Cybernews
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (thehackernews.com)
Spoofing: What It Is And How To Spot It | HuffPost Life
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit | Tripwire
Other Social Engineering
Scammers are increasingly using messaging and social media apps to attack | ZDNET
AI voice generators: What they can do and how they work | ZDNET
Deepfakes: Seeing is no longer believing - Help Net Security
Powerful Spyware Exploits Enable a New String of 'Watering Hole' Attacks | WIRED
Don’t call it quishing but, please, do take it seriously | TechFinitive
Spoofing: What It Is And How To Spot It | HuffPost Life
How Telecom Vulnerabilities Can Be a Threat to Cyber Security Posture (darkreading.com)
Widespread QR Code Phishing Targeted Microsoft 365 Credentials | MSSP Alert
Threat actor lures victims to malware-laden VPN page via call, text | SC Media (scmagazine.com)
Artificial Intelligence
AI voice generators: What they can do and how they work | ZDNET
Deepfakes: Seeing is no longer believing - Help Net Security
Cyber security spending is going to surge in 2025 – and AI threats are a key factor | ITPro
1 in 5 top companies mention generative AI in their financial reports, but not in a good way | ZDNET
Why LLMs Are Just the Tip of the AI Security Iceberg (darkreading.com)
News Desk 2024: Hacking Microsoft Copilot Is Scary Easy (darkreading.com)
6 hot cyber security trends — and 2 going cold | CSO Online
OpenAI and Anthropic to collaborate with US government on AI safety | ZDNET
2FA/MFA
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (thehackernews.com)
How Telecom Vulnerabilities Can Be a Threat to Cyber Security Posture (darkreading.com)
Malware
Hackers infect ISPs with malware that steals customers’ credentials | Ars Technica
A new macOS data stealer is going after Apple users | TechRadar
Cthulhu Stealer malware aimed to take macOS user data (appleinsider.com)
New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules (thehackernews.com)
MacOS Malware Mimicked Popular Apps to Steal Passwords, Crypto Wallets (pcmag.com)
Microsoft: Exchange Online mistakenly tags emails as malware (bleepingcomputer.com)
This sneaky Linux malware went undetected for years, and is using all-new attack tactics | TechRadar
New vulnerabilities, infostealer compromise on the rise | SC Media (scmagazine.com)
Hackers linked to Russian government found using some very familiar malware tools | TechRadar
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises (bleepingcomputer.com)
Threat actor lures victims to malware-laden VPN page via call, text | SC Media (scmagazine.com)
New Tickler malware used to backdoor US govt, defence orgs (bleepingcomputer.com)
Hackers Exploited Digital Marketing Tools to Launch Malicious Campaigns (cybersecuritynews.com)
New Cyber Attack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads (thehackernews.com)
Mobile
Attackers draining bank accounts using new Android card cloning malware | Cybernews
PSA: Watch out for phishing attacks with fake banking app updates - 9to5Mac
Denial of Service/DoS/DDOS
Mind the Geopolitical Bot: Defending Digitalisation in an Era of Mass Disruption (institute.global)
Internet of Things – IoT
Unpatchable 0-day in surveillance cam is being exploited to install Mirai | Ars Technica
Data Breaches/Leaks
A third of companies hit by data breach amid rising concerns (securitybrief.co.nz)
5 Of The Biggest Security Breaches To Ever Hit Microsoft (slashgear.com)
NHS staff mobile numbers revealed in data breach - BBC News
Scottish health boards hit by cyber-attack (holyrood.com)
500k Impacted by Texas Dow Employees Credit Union Data Breach - SecurityWeek
AMD data reportedly offered for sale on dark web souk • The Register
Hackers claim to have hit US Marshals Service with a major cyber attack | TechRadar
Park’N Fly notifies 1 million customers of data breach (bleepingcomputer.com)
Patelco confirms thousands of customers hit in ransomware attack | TechRadar
DICK’s Sporting Goods says confidential data exposed in cyber attack (bleepingcomputer.com)
Staff details stolen in Banham Poultry cyber attack - BBC News
Watchdog warns FBI is very sloppy on safe data storage • The Register
Organised Crime & Criminal Actors
Ransomware Group Defences Are Better Than Fortune 100 Firms (govinfosecurity.com)
Greasy Opal's CAPTCHA solver still serving cyber crime after 16 years (bleepingcomputer.com)
Telegram: Why Extremists, Criminal Activity Thrive on Chat App - Bloomberg
Hacker USDoD Sheds Light on Identity | MSSP Alert
Adversaries love bots, short-lived IP addresses, out-of-band domains - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
MacOS Malware Mimicked Popular Apps to Steal Passwords, Crypto Wallets (pcmag.com)
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking (darkreading.com)
Crypto scammers who hacked McDonald's Instagram account say they stole $700,000 (bitdefender.com)
Insider Risk and Insider Threats
Microsoft security tools probed for workplace surveillance • The Register
Insurance
Meeting The New Cyber Insurance Requirements (informationsecuritybuzz.com)
If you’re a CISO without D&O insurance, you may need to fight for it | CSO Online
Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums (darkreading.com)
Insurer Seeks to Rescind Policy Over Privacy Law Compliance (bloomberglaw.com)
Supply Chain and Third Parties
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Third-party risk management is under the spotlight - Help Net Security
76% of MSPs faced an infrastructure cyber attack in last 12 months | Security Magazine
BlackSuit ransomware stole data of 950,000 from software vendor (bleepingcomputer.com)
Supply Chain Security for FinServ - ActiveState
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Cloud/SaaS
File sharing phishing attacks increase 350 percent (betanews.com)
SaaS security woes continue to haunt cyber teams | ITPro
How to Strengthen Your SaaS Security Posture Management - Security Boulevard
Threat Group 'Bling Libra' Pivots to Extortion for Cloud Attacks (darkreading.com)
Enterprise SaaS apps are still a major security risk | TechRadar
When Convenience Costs: CISOs Struggle With SaaS Security Oversight - SecurityWeek
Cyber criminals capitalize on travel industry's peak season - Help Net Security
Outages
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Third-party risk management is under the spotlight - Help Net Security
Supply Chain Security for FinServ - ActiveState
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Identity and Access Management
Why ransomware attackers target Active Directory - Help Net Security
The Evolving Landscape Of Identity And Access Management In 2024 (informationsecuritybuzz.com)
Encryption
Denmark wants to ban encrypted Telegram, Signal chats | Cybernews
Linux and Open Source
New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules (thehackernews.com)
Linux malware sedexp uses udev rules for persistence and evasion (securityaffairs.com)
This sneaky Linux malware went undetected for years, and is using all-new attack tactics | TechRadar
Passwords, Credential Stuffing & Brute Force Attacks
MacOS Malware Mimicked Popular Apps to Steal Passwords, Crypto Wallets (pcmag.com)
Widespread QR Code Phishing Targeted Microsoft 365 Credentials | MSSP Alert
If You're Still Using This Insecure Password Method, It's Time to Stop (makeuseof.com)
Social Media
Scammers are increasingly using messaging and social media apps to attack | ZDNET
Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures (thehackernews.com)
Malvertising
Hackers Exploited Digital Marketing Tools to Launch Malicious Campaigns (cybersecuritynews.com)
Regulations, Fines and Legislation
Uber Hit With €290m GDPR Fine - Infosecurity Magazine (infosecurity-magazine.com)
UK Labour Party reprimanded over cyber attack backlog by privacy regulator (therecord.media)
The NIS2 Directive: How far does it reach? - Help Net Security
Cyber law reform should be top of Labour's policy list | Computer Weekly
Lawmakers must incentivize cyber protection for critical infrastructure | CyberScoop
Models, Frameworks and Standards
The NIS2 Directive: How far does it reach? - Help Net Security
NIS2 Directive: Focusing on Critical Infrastructure Security (govinfosecurity.com)
5 open source Mitre ATT&CK tools | TechTarget
Data Protection
Uber Hit With €290m GDPR Fine - Infosecurity Magazine (infosecurity-magazine.com)
UK Labour Party reprimanded over cyber attack backlog by privacy regulator (therecord.media)
Watchdog reprimands Labour following data protection breach - BBC News
Law Enforcement Action and Take Downs
Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures (thehackernews.com)
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Telegram CEO arrest is fuzzy warning to Big Tech | Reuters
Stakes high for European Union after arrest of Telegram co-founder | European Union | The Guardian
Russia-France ties hit new low after Telegram boss' arrest, Moscow says | Reuters
Telegram is a bigger headache than Elon Musk’s X for the EU – POLITICO
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit | Tripwire
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The New Frontiers of Cyber-Warfare: Insights From Black Hat 2024 (itprotoday.com)
Ramping Up Cyber Defences Against Adversarial States | AFCEA International
Military 'silent hangar' to help protect against foreign GPS jamming - GOV.UK
Nation State Actors
China
Hackers infect ISPs with malware that steals customers’ credentials | Ars Technica
Chinese government hackers infiltrate at least two top US ISPs | TechRadar
Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (bleepingcomputer.com)
Chinese cyber attacks hit nearly half of German firms, study – DW – 08/28/2024
Cyber crime and sabotage cost German firms $300 bln in past year | Reuters
Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs (darkreading.com)
US efforts to stop Chinese hackers haven’t been fully effective, FBI official says - Nextgov/FCW
Russia
Russia Could Take Out West's Internet, No Good Back up Plan - Business Insider
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyber Attack (thehackernews.com)
In Russia, questions swirl over Telegram CEO's arrest - BBC News
The bewildering politics of Telegram - POLITICO
Russia's APT29 using spyware exploits in new campaigns | TechTarget
Powerful Spyware Exploits Enable a New String of 'Watering Hole' Attacks | WIRED
Latvia and Ukraine sign memorandum of understanding on cyber security | Ukrainska Pravda
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Iran
Tehran’s state-sponsored hackers helping cybergangs deploy ransomware | Cybernews
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates - Help Net Security
New Tickler malware used to backdoor US govt, defence orgs (bleepingcomputer.com)
Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp (thehackernews.com)
Iran hunts down double agents with fake recruiting sites • The Register
Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor | WIRED
North Korea
South Korean Spies Exploit WPS Office Zero-Day - Infosecurity Magazine (infosecurity-magazine.com)
North Korean Hackers Target Developers with Malicious npm Packages (thehackernews.com)
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Telegram: Why Extremists, Criminal Activity Thrive on Chat App - Bloomberg
Cyber Attacks Deployed in Retaliation to Telegram CEO Arrest | MSSP Alert
Tools and Controls
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Aggressively Monitoring for Changes Is a Key Aspect of Cyber Security (darkreading.com)
Global Cyber Security spending to surge by 15% next year (electronicspecifier.com)
Third-party risk management is under the spotlight - Help Net Security
Is the vulnerability disclosure process glitched? How CISOs are being left in the dark | CSO Online
How to Strengthen Your SaaS Security Posture Management - Security Boulevard
Remote Work: A Ticking Time Bomb Waiting to be Exploited (bleepingcomputer.com)
When Convenience Costs: CISOs Struggle With SaaS Security Oversight - SecurityWeek
Combating alert fatigue by prioritizing malicious intent | SC Media (scmagazine.com)
Attackers exploiting trust in VPNs for phishing attacks | Cybernews
Ransomware attacks increasingly target ERP systems (securitybrief.co.nz)
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (thehackernews.com)
Why cyber risk quantification is ‘becoming more mainstream’ - Security - CRN Australia
Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums (darkreading.com)
Cyber Hygiene: Constant Defence Against Evolving B2B Threats (pymnts.com)
Supply Chain Security for FinServ - ActiveState
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Why Every Business Should Prioritize Confidential Computing (darkreading.com)
How Security Teams are Strengthening Their Threat Hunting - Security Boulevard
Why Companies Need Real-Time Compliance (informationsecuritybuzz.com)
10 key steps for crafting a robust business continuity plan (networkingplus.co.uk)
Focus on What Matters Most: Exposure Management and Your Attack Surface (thehackernews.com)
After cyber security lab wouldn’t use AV software, US accuses Georgia Tech of fraud | Ars Technica
How to use the NIST CSF and AI RMF to address AI risks | TechTarget
5 open source Mitre ATT&CK tools | TechTarget
Inside the role of a ransomware negotiator - CBS News
The art and science behind Microsoft threat hunting: Part 3 | Microsoft Security Blog
Other News
Cyber attacks on critical infrastructure increase 30 percent (betanews.com)
Cyber attacks on law firms jumped by 77% over the past year | Law Gazette
Why the 80-20 rule no longer works for cyber security | SC Media (scmagazine.com)
Evolving Cyber Security: Aligning Strategy with Business Growth - Security Boulevard
Types of hackers: Black hat, white hat, red hat and more | TechTarget
6 hot cyber security trends — and 2 going cold | CSO Online
Cyber Security Maturity: A Must-Have on the CISO’s Agenda - SecurityWeek
Top Travel Sites Have Some First-Class Security Issues to Clean Up (darkreading.com)
A macro look at the most pressing cyber security risks - Help Net Security
Cyber Accountability: US Strategy Puts Onus on Big Tech (inforisktoday.com)
Microsoft hosts a closed security summit? How transparent • The Register
Nothing to Smile About: Hacks on Dental Practices Swell (databreachtoday.co.uk)
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool | Trend Micro (US)
Cyber threats that shaped the first half of 2024 - Help Net Security
A coherent Labour cyber strategy depends on consistency | Computer Weekly
Vulnerability Management
Vulnerabilities rise in first half of 2024 (betanews.com)
Is the vulnerability disclosure process glitched? How CISOs are being left in the dark | CSO Online
New vulnerabilities, infostealer compromise on the rise | SC Media (scmagazine.com)
How to make Windows updates less annoying, in three easy steps | ZDNET
Windows 11 updates are about to become a lot easier with hotpatching | PCWorld
Cyber criminals capitalise on travel industry's peak season - Help Net Security
Vulnerabilities
SonicWall Patches Critical SonicOS Vulnerability - SecurityWeek
Chrome just patched some high-risk security flaws, so go update now | PCWorld
Microsoft Edge RCE Vulnerability Let Attackers Take Control of the System (cybersecuritynews.com)
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports (thehackernews.com)
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses (darkreading.com)
BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (thehackernews.com)
3CX Phone System Local Privilege Escalation Vulnerability - Security Boulevard
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking (darkreading.com)
Cisco Patches Multiple NX-OS Software Vulnerabilities - SecurityWeek
Update Windows now, there are some worrying security hacks on the way | TechRadar
Second Apache OFBiz Vulnerability Exploited in Attacks - SecurityWeek
WordPress Elementor Widgets Add-On Vulnerability (searchenginejournal.com)
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) - Help Net Security
South Korean Spies Exploit WPS Office Zero-Day - Infosecurity Magazine (infosecurity-magazine.com)
Still have a Windows 10 PC? You have 5 options before support ends next year | ZDNET
3 easy ways to make Windows updates less annoying | ZDNET
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23 August 2024
Black Arrow Cyber Threat Intelligence Briefing 23 August 2024:
-Why C-Suite Leaders Are Prime Cyber Targets
-Most Ransomware Attacks Occur Between 1am and 5am When Security Staff are Asleep,
Study Finds
-Companies are Not as Resilient as They Think, Cyber Resilience Overestimation Leads to Business Continuity Issues, Ransom Payments
-Third of Firms Put Money Aside to Pay Cyber Ransoms
-AI-Powered Cyber Threats Are Too Overpowering for Over 50% of Security Teams
-Five Novel Email Phishing Attacks and What to Do About Them
-NFC Traffic Stealer Targets Android Users and Their Banking Info
-91% of Cyber Attacks Targeted Multiple Organisations Using Mass Scanning to Uncover and Exploit Vulnerabilities
-You Really Need to Stop Using Work Laptops for Personal Use. Here's Why
-Human Nature is Causing Our Cyber Security Problem
-Cyber Crime Consolidation: The Big Fish Are Getting Bigger
-Why End of Life for Applications Is the Beginning of Life for Hackers
-Beyond Prevention: Why Breach Readiness Is Your Cyber Security Lifeline
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Why C-Suite Leaders Are Prime Cyber Targets
A recent report by GetApp reveals that 72% of surveyed cyber security professionals have observed cyber attacks targeting senior executives in the past 18 months, with incidents involving AI-generated deepfakes in 27% of cases. Despite this growing threat, 37% of companies globally do not provide specialised cyber security training for their top leaders, leaving a significant vulnerability. The report also notes a sharp rise in attack frequency, with 69% of US companies experiencing increased attacks over the past three years, higher than the global average. Over half of US firms reported at least one identity fraud incident affecting a senior executive, highlighting the urgent need for enhanced cyber security strategies, including ongoing training and advanced security tools.
Most Ransomware Attacks Occur Between 1am and 5am When Security Staff are Asleep, Study Finds
The 2024 ThreatDown State of Ransomware report by Malwarebytes reveals that ransomware attacks are increasingly timed to exploit periods when security professionals are off-duty, with most incidents occurring between 1 am and 5 am. The report highlights a 33% global increase in ransomware attacks over the past year, with the UK experiencing a 67% rise and the US a 63% increase. Traditional response measures to ransomware are proving inadequate, as threat actors now move rapidly to compromise networks. This stresses the need for continuous security coverage to keep pace with evolving ransomware tactics.
Companies are Not as Resilient as They Think, Cyber Resilience Overestimation Leads to Business Continuity Issues, Ransom Payments
Cohesity’s Global Cyber Resilience Report 2024 reveals a worrying disconnect between organisations' confidence in their cyber resilience strategies and the reality of escalating cyber threats. The survey of over 3,100 IT and security decision-makers across eight countries found that 67% of respondents had fallen victim to a ransomware attack in 2024, with 69% admitting to paying a ransom, despite 77% of these organisations having a "do not pay" policy. While 78% expressed confidence in their resilience strategies, an overwhelming 96% acknowledged that the threat to their industry had increased or would increase this year, with many willing to pay over $1 million to recover data.
Third of Firms Put Money Aside to Pay Cyber Ransoms
A recent survey reveals that nearly a third of businesses have set aside funds specifically to pay ransoms in the event of a ransomware attack, reflecting the growing threat landscape. The survey found that half of the companies had suffered a ransomware breach in the past year, with one in three admitting to paying a ransom. Additionally, 31% of businesses reported severe impacts from cyber security incidents, either within their organisation or supply chain. Despite these challenges, 29% of respondents expect a successful cyber attack in the next year, with medium-to-large enterprises planning to invest an average of €1.18 million in cyber security, although a significant portion still feel their defences are outdated.
AI-Powered Cyber Threats Are Too Overpowering for Over 50% of Security Teams
A recent report by Absolute Security reveals that over half (54%) of UK Chief Information Security Officers (CISOs) feel their security teams are unprepared for emerging AI-powered threats. The Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 CISOs, highlights growing concerns about the impact of AI on cyber resilience. Nearly half (46%) view AI as more of a threat than a benefit to their organisation's security. Additionally, 39% of CISOs have personally stopped using AI due to cyber breach concerns, and 44% have banned AI use by employees for the same reason. The findings underscore the need for enhanced strategies to address AI-driven cyber risks.
Five Novel Email Phishing Attacks and What to Do About Them
Phishing attacks are continuing to grow in sophistication, driven by AI and evolving techniques. Notably, "pastejacking" tricks victims into running malicious code via copied commands, while phishing through Google Drawings exploits the tool's perceived safety to steal personal data. Cyber criminals are also abusing URL protection services, re-writing URLs to bypass security checks. A new trend blends spear phishing with mass phishing, using AI to personalise large-scale attacks. Real-time phishing, which bypasses two-factor authentication, is now widespread, with ready-made kits available on dark web markets, illustrating the growing complexity and reach of modern phishing tactics.
NFC Traffic Stealer Targets Android Users and Their Banking Info
ESET has uncovered a new Android malware named NGate, capable of cloning contactless payment data from physical credit and debit cards, posing significant risks of fraudulent transactions. This malware, the first of its kind observed in the wild, is based on NFCgate, a legitimate tool developed by students at Germany's University of Darmstadt for research purposes. NGate exploits NFCgate’s ability to capture and relay near-field communication (NFC) traffic, extending the range of contactless communication. Threat actors are using this capability alongside phishing and social engineering tactics to steal funds via fraudulent ATM transactions.
91% of Cyber Attacks Targeted Multiple Organisations Using Mass Scanning to Uncover and Exploit Vulnerabilities
The latest "Fastly Threat Insights Report" highlights a significant rise in cyber attacks, with 91% now targeting multiple organisations by scanning them online en-mass, up from 69% in 2023. The report, based on data from Fastly’s Network Learning Exchange, reveals that 36% of global internet traffic originates from bots, with short-lived IP addresses being used by attackers to evade detection. Notably, the High-Tech sector remains the top target, accounting for 37% of attacks. Fastly's findings underscore the need for adaptive security measures, as attackers increasingly exploit vulnerabilities across a broader range of targets using advanced techniques.
You Really Need to Stop Using Work Laptops for Personal Use. Here's Why
A recent study by ESET has revealed that 90% of employees use their company-provided laptops for personal activities, creating significant cyber security risks. Risky behaviours, such as viewing adult content and connecting to unsecured public Wi-Fi, were particularly common among younger workers. ESET attributes these risks to the shift towards hybrid and remote work, urging companies to enhance security measures for corporate devices and to educate employees on safe practices. These findings emphasised the need for stronger endpoint security.
Human Nature is Causing Our Cyber Security Problem
A recent analysis highlights the persistent challenge of cyber attacks, now the most significant threat to businesses, yet many organisations continue to delay adopting necessary security measures. This reluctance is attributed to a motivational deficit rooted in temporal discounting—a human tendency to prioritise immediate gratification over long-term benefits. Despite the severe consequences of security breaches and increasing regulatory pressures, organisations often procrastinate on implementing modern processes and critical tools. The article suggests that, much like automatic enrolment in retirement plans has increased participation, similar mechanisms are needed to combat procrastination and improve cyber security practices.
Cyber Crime Consolidation: The Big Fish Are Getting Bigger
A recent report by Chainalysis reveals that cyber criminals seized $16.7 billion in illicit funds during the first half of 2024, a 20% drop from the previous year, marking the fourth consecutive annual decline. Despite this overall decrease, large-scale crypto heists nearly doubled to $1.58 billion, and ransomware payments reached $459.8 million, a 2% increase from the same period last year. The median ransom payment has surged from under $200,000 in early 2023 to $1.5 million by mid-2024, reflecting a shift towards targeting larger organisations and critical infrastructure. The year is on track to be the highest-grossing for ransomware, despite disruptions to major gangs like ALPHV/BlackCat and LockBit.
Why End of Life for Applications Is the Beginning of Life for Hackers
A recent analysis highlights the significant cyber security risks posed by aging software, with over 35,000 applications set to reach end-of-life status in the next year. End-of-life software may still receive critical security patches, but end-of-support applications will no longer receive any updates, making them prime targets for threat actors. Chief Information Security Officers (CISOs) face challenges in securing backing for updates, particularly when applications are tied to outdated hardware or unsupported vendors. The Apache Log4j vulnerability exemplifies the dangers of neglecting software updates. Effective risk management requires proactive planning to address these aging software assets before they become significant vulnerabilities.
Beyond Prevention: Why Breach Readiness Is Your Cyber Security Lifeline
A recent analysis underscores the limitations of breach prevention strategies in the evolving cyber security landscape. Despite significant investments in firewalls, endpoint detection and response (EDR) and intrusion detection systems, the increasing sophistication of cyber threats has rendered breaches almost inevitable. The high number of recent breaches highlights that prevention alone is insufficient to protect critical business processes and data. Organisations must shift from relying solely on prevention to adopting a resilience-by-design approach, ensuring that they can continue operations even in the face of an attack. This proactive stance is essential to address the growing capabilities of cyber criminals.
Sources:
https://www.helpnetsecurity.com/2024/08/22/c-suite-leaders-prime-cyber-targets/
https://www.techrepublic.com/article/ransomware-trends-malwarebytes/
https://www.insurancejournal.com/news/national/2024/08/22/789621.htm
https://www.scmagazine.com/perspective/five-novel-email-phishing-attacks-and-what-to-do-about-them
https://cybernews.com/security/cybercrime-consolidation-big-fish-getting-bigger/
Governance, Risk and Compliance
Why C-suite leaders are prime cyber targets - Help Net Security
What is digital executive protection and how does it work? | CSO Online
The Cyber Security Paradox: Why Free Costs Too Much | HackerNoon
72% of cyber security leaders faced a cyber attack in last 18 months | Security Magazine
Cyber crime consolidation: the big fish are getting bigger | Cybernews
Companies aren’t as cyber resilient as they think | CIO Dive
Human Nature Is Causing Our Cyber Security Problem (darkreading.com)
You really need to stop using work laptops for personal use — here's why | TechRadar
Beyond prevention: Why breach readiness is your cyber security lifeline (securitybrief.co.nz)
CISOs list human error as their top cyber security risk (securityintelligence.com)
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
3 CIO lessons for maximizing cyber security investments | CIO Dive
Strategies for security leaders: Building a positive cyber security culture - Help Net Security
The influence of optimism bias and loss aversion in cyber risk management decisions (techxplore.com)
Governance, Risk and Compliance: The Current Context | MSSP Alert
CISOs on the Hook: SEC Tightens Cyber security Disclosures (govinfosecurity.com)
Threats
Ransomware, Extortion and Destructive Attacks
Why Are Organisations Losing the Ransomware Battle? (darkreading.com)
Ransomware Surge Exploits Cyber security Gaps Caused by M&A - Security Boulevard
Ransomware Victims Paid $460 Million in First Half of 2024 - SecurityWeek
Ransomware Trends: Most Attacks Hit Between 1am and 5am, Study Finds (techrepublic.com)
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
Cyber Crime Goes Corporate As Ransomware Gangs Want More (pymnts.com)
Ransomware on track for record profits, even as fewer victims pay | SC Media (scmagazine.com)
Third of firms put money aside to pay cyber ransoms (rte.ie)
Ransomware attacks rise 20% in July, industrial sectors hit hardest (securitybrief.co.nz)
Ransomware Attack Proceeds, Crypto Theft Rise in First Half | MSSP Alert
No honour among ransomware thieves: affiliates' trust craters after takedown (computing.co.uk)
Tracing the destructive path of ransomware's evolution (betanews.com)
Ransomware attacks rise over 60 percent (betanews.com)
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack - IT Security Guru
Q2’24 marks second highest quarter for ransomware attacks, says Corvus - Reinsurance News
RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary (darkreading.com)
Chainalysis: Illicit Crypto Activity Down 20%, Stolen Funds and Ransomware Up | Cryptoglobe
Why you need to know about ransomware | Malwarebytes
Critical industries top ransomware hitlist, attacks dwindle • The Register
Understanding the 'Morphology' of Ransomware: A Deeper Dive - SecurityWeek
U.S. charges Karakurt extortion gang’s “cold case” negotiator (bleepingcomputer.com)
Qilin Targets Chrome-Stored Credentials In “Troubling” New Attack (informationsecuritybuzz.com)
The changing dynamics of ransomware as law enforcement strikes - Help Net Security
Ransomware Victims
How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch
Top US oilfield firm Halliburton hit by cyber attack, source says (yahoo.com)
Halliburton Suffers Cyber Attack | Houston Press
Medibank's data breach costs anticipated to reach $126m by mid-2025 - Security - iTnews
AutoCanada Hit by Cyber Attack - SecurityWeek
Three councils fall victim to cyber-attack (themj.co.uk)
CDK Global antitrust lawsuit leads to $100 million payout for car dealers (qz.com)
Top architectural firm reveals it was hit by major ransomware attack | TechRadar
Phishing & Email Based Attacks
The evolving threat landscape: Staying ahead of phishing attack trends | TechRadar
Five novel email phishing attacks – and what to do about them | SC Media (scmagazine.com)
The cyber attack cycle: First comes outage, next comes phishing (securityintelligence.com)
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks - SecurityWeek
Abnormal sees 350% uptick in phishing via file-sharing sites (securitybrief.co.nz)
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
Android and iOS users targeted with novel banking app phishing campaign | Cybernews
Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs (cybersecuritynews.com)
Anatomy of an Attack (thehackernews.com)
This sophisticated new phishing campaign is going after US government contractors | TechRadar
Iran named as source of Trump campaign phish, leaks • The Register
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (thehackernews.com)
Other Social Engineering
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Artificial Intelligence
AI-powered cyber threats are too overpowering for over 50% of security teams - IT Security Guru
Protecting against AI-enabled cyber crime | Professional Security
73% of orgs embracing gen AI, but far fewer are assessing risks | VentureBeat
Fraud tactics and the growing prevalence of AI scams - Help Net Security
xAI’s new Grok image generator floods X with controversial AI fakes - The Verge
Could AI be your company’s Achilles heel? - Raconteur
Deepfakes Are Having a Deeper Impact on These Three Industries (techspective.net)
Organisations turn to biometrics to counter deepfakes - Help Net Security
Artificial intelligence, real anxiety: Why we can't stop worrying and love AI | ZDNET
Microsoft Copilot Studio Vulnerability Led to Information Disclosure - SecurityWeek
OpenAI kills Iranian accounts spreading US election disinfo • The Register
2FA/MFA
The Silver Bullet of MFA Was Never Enough (darkreading.com)
Microsoft Mandates MFA for All Azure Sign-Ins - Infosecurity Magazine (infosecurity-magazine.com)
Malware
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (thehackernews.com)
Cyber criminals launch new malware that can completely wipe out your antivirus | TechRadar
This new threat proves that Macs aren't immune from malware | Digital Trends
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
New Russian threat targets over 100 Apple macOS browser extensions | Fox News
Beyond the wail: deconstructing the BANSHEE infostealer — Elastic Security Labs
Styx Stealer Malware Stealing Browser And Instant Messenger Data (cybersecuritynews.com)
5 Emerging Malware Variants You Must Be Aware Of (informationsecuritybuzz.com)
Cyber criminals Exploit Popular Software Searches to Spread FakeBat Malware (thehackernews.com)
Massive infostealer campaign exploits legitimate brands | SC Media (scmagazine.com)
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (thehackernews.com)
Hackers deployed new malware against university in Taiwan (therecord.media)
New macOS Malware TodoSwift Linked to North Korean Hacking Groups (thehackernews.com)
Chinese Threat Actors Use MSI Files to Bypass Windows, VT Detection (darkreading.com)
Hackers may have found an entirely new way to backdoor into Windows systems | TechRadar
Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds (darkreading.com)
New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data (thehackernews.com)
Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware - SecurityWeek
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware (thehackernews.com)
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics (thehackernews.com)
Has my PC been hacked? 5 ways to detect virus attacks, step-by-step | PCWorld
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (thehackernews.com)
Mobile
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
Google Pixels Carry Verizon App Doubling As a Backdoor (darkreading.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs (cybersecuritynews.com)
Czech Mobile Users Targeted in New Banking Credential Theft Scheme (thehackernews.com)
Does Your Smartphone Need An Antivirus App? - TechRound
Denial of Service/DoS/DDOS
Average DDoS attack costs $6,000 per minute - Help Net Security
Moscow detains scientist suspected of carrying out DDoS attacks on Russia (therecord.media)
Russia blames mass tech outages on DDoS attack | TechRadar
49% of DDoS attacks targeted gaming organisations | Security Magazine
Internet of Things – IoT
Russia fears Ukraine hijacking home CCTV systems for intel • The Register
Data Breaches/Leaks
The saga of the National Public Data Social Security number leak continues - The Verge
Thousands of Oracle NetSuite sites said to be exposing customer data | SC Media (scmagazine.com)
Florida data broker says it was ransacked by cyber-thieves • The Register
The Slow-Burn Nightmare of the National Public Data Breach | WIRED
FlightAware admits passwords, SSNs exposed for over 3 years • The Register
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Security flaws in Microsoft's Health Bot put patient data at risk (computing.co.uk)
Apple Prototypes and Corporate Secrets Are for Sale Online—If You Know Where to Look | WIRED
Organised Crime & Criminal Actors
Cyber crime consolidation: the big fish are getting bigger | Cybernews
Researchers Uncover New Infrastructure Tied to FIN7 Cyber crime Group (thehackernews.com)
Digital wallets can allow purchases with stolen credit cards • The Register
Kim Dotcom: 5 outrageous moments from the internet’s anti-hero (thenextweb.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ransomware Attack Proceeds, Crypto Theft Rise in First Half | MSSP Alert
Hackers linked to $14M Holograph crypto heist arrested in Italy (bleepingcomputer.com)
Digital wallets can allow purchases with stolen credit cards • The Register
Chainalysis: Illicit Crypto Activity Down 20%, Stolen Funds and Ransomware Up | Cryptoglobe
Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds (darkreading.com)
Unicoin recovers from G-Suite raid, hints at data woes • The Register
PostgreSQL databases under attack - Help Net Security
11 Cyber security Risks for NFT Buyers | HackerNoon
Insider Risk and Insider Threats
You really need to stop using work laptops for personal use — here's why | TechRadar
CISOs list human error as their top cyber security risk (securityintelligence.com)
Human Nature Is Causing Our Cyber security Problem (darkreading.com)
Insurance
Supply Chain and Third Parties
Three councils fall victim to cyber-attack (themj.co.uk)
Cloud/SaaS
Survey Surfaces Growing SaaS Application Security Concerns - Security Boulevard
45% of tech leaders have experienced a SaaS cyber security incident | Security Magazine
Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign - SecurityWeek
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence? (thehackernews.com)
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
It's Time To Untangle the SaaS Ball of Yarn (thehackernews.com)
8 cloud security gotchas most CISOs miss | CSO Online
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence? - Security Boulevard
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
GitHub Enterprise Server vulnerable to critical auth bypass flaw (bleepingcomputer.com)
Microsoft Mandates MFA for All Azure Sign-Ins - Infosecurity Magazine (infosecurity-magazine.com)
Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue - SecurityWeek
Azure Kubernetes Services Vulnerability Exposed Sensitive Information - SecurityWeek
Authentication bypass discovered in Microsoft Entra ID | Security Magazine
North Korean Hackers Pivot Away From Public Cloud (inforisktoday.com)
Outages
The cyber attack cycle: First comes outage, next comes phishing (securityintelligence.com)
CrowdStrike hits out at rivals’ ‘shady’ attacks after global IT outage
CrowdStrike outage lessons learned: Questions to ask vendors | TechTarget
CrowdStrike deja vu for IT admins with 'performance issue' • The Register
Post Office systems crash hits 'collapsing' Horizon system | Computer Weekly
Encryption
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Linux and Open Source
Don't panic! It's only 60 Linux CVE security bulletins a week | ZDNET
PostgreSQL databases under attack - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
The saga of the National Public Data Social Security number leak continues - The Verge
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
Qilin Targets Chrome-Stored Credentials In “Troubling” New Attack (informationsecuritybuzz.com)
Czech Mobile Users Targeted in New Banking Credential Theft Scheme (thehackernews.com)
Social Media
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Training, Education and Awareness
The Cyber Security Paradox: Why Free Costs Too Much | HackerNoon
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
The worst security test ever? University slammed over fake Ebola scare as phishing test | TechRadar
Regulations, Fines and Legislation
Cisco wants United Nations to revisit cyber crime Convention • The Register
Cyber security Is Everywhere: ENISA COO - GovInfoSecurity
EU Directive Network and Information Security (NIS2): Modernizing security compliance (betanews.com)
CISOs on the Hook: SEC Tightens Cyber security Disclosures (govinfosecurity.com)
FAA Proposes New Aircraft Cyber security Rules - Infosecurity Magazine (infosecurity-magazine.com)
Models, Frameworks and Standards
ISO 27001 vs NIST: The Differences and How They Overlap - Security Boulevard
EU Directive Network and Information Security (NIS2): Modernizing security compliance (betanews.com)
Careers, Working in Cyber and Information Security
British civil service to target cyber specialists with new graduate scheme (therecord.media)
Law Enforcement Action and Take Downs
Hackers linked to $14M Holograph crypto heist arrested in Italy (bleepingcomputer.com)
National Crime Agency threatens extraditions over rise in sextortion cases (yahoo.com)
U.S. charges Karakurt extortion gang’s “cold case” negotiator (bleepingcomputer.com)
No honour among ransomware thieves: affiliates' trust craters after takedown (computing.co.uk)
Misinformation, Disinformation and Propaganda
FBI says Iranian hackers are targeting both presidential campaigns (engadget.com)
Are 2024 US Political Campaigns Prepared for Coming Cyber Threats? (darkreading.com)
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
Meet the Iranian cyber attackers suspected of trying to hack the U.S. election - Washington Times
US warns of Iranian hackers escalating influence operations (bleepingcomputer.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
Are 2024 US Political Campaigns Prepared for Coming Cyber Threats? (darkreading.com)
China
US lawmakers urge probe into TP-Link over fears of possible cyber attacks | TechRadar
Chinese Threat Actors Use MSI Files to Bypass Windows, VT Detection (darkreading.com)
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Hackers deployed new malware against university in Taiwan (therecord.media)
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics (thehackernews.com)
Russia
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (thehackernews.com)
Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks - SecurityWeek
Cyber attack hits Monobank, Ukraine's largest direct bank (kyivindependent.com)
Ukraine subjected to novel malware attack | SC Media (scmagazine.com)
Russia fears Ukraine hijacking home CCTV systems for intel • The Register
Moscow detains scientist suspected of carrying out DDoS attacks on Russia (therecord.media)
Russia blames mass tech outages on DDoS attack | TechRadar
Iran
Meet the Iranian cyber attackers suspected of trying to hack the U.S. election - Washington Times
FBI says Iranian hackers are targeting both presidential campaigns (engadget.com)
Iran named as source of Trump campaign phish, leaks • The Register
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware (thehackernews.com)
OpenAI kills Iranian accounts spreading US election disinfo • The Register
Iran and Israel are already engaged in a fierce cyberwar (economist.com)
North Korea
New macOS Malware TodoSwift Linked to North Korean Hacking Groups (thehackernews.com)
North Korean Hackers Pivot Away From Public Cloud (inforisktoday.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
Ransomware Gangs Introduce New EDR-Killing Tool (informationsecuritybuzz.com)
73% of orgs embracing gen AI, but far fewer are assessing risks | VentureBeat
The Cyber security Paradox: Why Free Costs Too Much | HackerNoon
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
Beyond prevention: Why breach readiness is your cyber security lifeline (securitybrief.co.nz)
The Silver Bullet of MFA Was Never Enough (darkreading.com)
Cyber criminals launch new malware that can completely wipe out your antivirus | TechRadar
Common API security issues: From exposed secrets to unauthorized access - Help Net Security
Organisations turn to biometrics to counter deepfakes - Help Net Security
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
This system can sort real pictures from AI fakes — why aren’t platforms using it? - The Verge
RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary (darkreading.com)
How Pen Testing is Evolving and Where it’s Headed Next - Security Boulevard
Cyber security and Physical Security Go Hand-in-Hand | HHS.gov
3 lessons for maximizing cyber security investments | CIO Dive
The influence of optimism bias and loss aversion in cyber risk management decisions (techxplore.com)
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Are virtual machines safe for end users? | TechTarget
AI for application security: Balancing automation with human oversight - Help Net Security
EDR vs. MDR vs. XDR: Key differences | TechTarget
Top Cyber security Risk Mitigation Strategies Every Business Should Implement (cybersaint.io)
Other News
72% of cyber security leaders faced a cyber attack in last 18 months | Security Magazine
72% of Senior Executives Targeted by Cyber attacks in the Last 18 Months | Business Wire
Sitting Ducks Attack: Over 1M Domains At Risk Of Takeover! - Security Boulevard
How Hollywood hacking scenes turn cyber security into entertainment (globenewswire.com)
Browser Syncing Is Useful, but Be Aware of These 4 Security Issues (makeuseof.com)
36% of global internet traffic originated from bots | Security Magazine
How might the UK's cyber landscape change under Labour? | Computer Weekly
Are the New FAA Cyber Requirements for Future Planes Enough? (govinfosecurity.com)
Preparing the IT Infrastructure For the Next Era of Cyber attacks | Entrepreneur
Switzerland to join European Cyber Security Organisation (aa.com.tr)
Protecting connected, self-driving vehicles from hackers (techxplore.com)
Empowering SMBs On The Path To Cyber security Maturity (forbes.com)
Olympics were case in point of cyber threat to global sport (emergingrisks.co.uk)
Africa's Economies Feel Pain of Cyber security Deficit (darkreading.com)
Food security: Accelerating national protections around critical infrastructure - Help Net Security
Security Alert: U.K. Political Donation Sites at Risk - Security Boulevard
Vulnerability Management
Fastly report reveals 91% of cyber attacks now target multiple organisations - SiliconANGLE
Why End of Life for Applications Is the Beginning of Life for Hackers (darkreading.com)
The Fundamentals of Vulnerability Management Explained | MSSP Alert
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Vulnerability prioritization is only the beginning - Help Net Security
Vulnerabilities
PoC Exploit Released for Windows 0-Day Downgrade Attack (cybersecuritynews.com)
Google fixes ninth Chrome zero-day exploited in attacks this year (bleepingcomputer.com)
If You Have an AMD CPU, You Must Install This Vital Security Update (makeuseof.com)
Microsoft shares workaround for Outlook crashing after opening (bleepingcomputer.com)
Kubernetes Vulnerability Exposes Clusters to Command Injection Attacks (cybersecuritynews.com)
Windows 0-Day Flaw Exploited by Lazarus to Gain Unauthorized Access (cybersecuritynews.com)
Serious flaws in Microsoft apps on macOS could let hackers spy on users | ITPro
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (thehackernews.com)
F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus - SecurityWeek
Symantec warns of new sophisticated backdoor exploiting patched PHP vulnerability - SiliconANGLE
AMD changes its mind, says it will patch more Ryzen chips against security flaw | TechRadar
Authentication bypass discovered in Microsoft Entra ID | Security Magazine
Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue - SecurityWeek
Security flaws in Microsoft's Health Bot put patient data at risk (computing.co.uk)
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (thehackernews.com)
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira - SecurityWeek
SolarWinds left hardcoded credentials in helpdesk product • The Register
Azure Kubernetes Services Vulnerability Exposed Sensitive Information - SecurityWeek
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks (bleepingcomputer.com)
GitHub Enterprise Server vulnerable to critical auth bypass flaw (bleepingcomputer.com)
Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 16 August 2024
Black Arrow Cyber Threat Intelligence Briefing 16 August 2024:
-Business and Tech Consolidation Opens Doors for Cyber Criminals
-High-Risk Cloud Exposures Surge Due to Rapid Service Growth
-69% of UK Small Businesses Currently Use Weak Passwords to Access Important Documents
-DDoS Attacks Surge 46% in First Half of 2024
-Six Ransomware Gangs Behind Over 50% of 2024 Attacks
-Why Attacks Against Critical National Infrastructure are Such a Threat and How Governments are Responding
-Social Engineering Attacks Continue to Evolve, Here’s How to Keep Up
-How Phishing Attacks Adapt Quickly to Capitalise on Current Events
-MacOS is Increasingly Targeted by Threat Actors
-There’s a New Ransomware Gang on the Block, and it’s Exploiting the Human Element
-What is Threat Intelligence?
-New Cyber Security Laws ‘Could Double’ Number of Reported Breaches
-Why MFA Alone is not Enough: The Crucial Role of Security Awareness Training
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Business and Tech Consolidation Opens Doors for Cyber Criminals
A recent analysis highlights the rising cyber risks associated with increasing M&A activity, which grew by 36% in Q1 2024, and the consolidation of technology services where industries rely on single suppliers for critical platforms. These trends have significantly expanded potential points of failure for cyber attacks. High-profile incidents, such as the BlackCat group's attack on Change Healthcare, demonstrate the severe downstream impacts of breaches, including significant business interruptions and revenue loss. The report urges businesses to reassess their approach to cyber risk, emphasising the importance of resilience across interconnected systems and their extended supply chains.
High-Risk Cloud Exposures Surge Due to Rapid Service Growth
A recent report by Palo Alto Networks' Unit 42 reveals that organisations are introducing over 300 new digital services each month, contributing to nearly 32% of high or critical cloud exposures. The report highlights the complexity of the cyber security landscape, with 73% of high-risk exposures stemming from IT and networking infrastructure, business operations applications, and remote access services. Over 23% of these exposures involve critical IT and security infrastructure, leaving essential systems vulnerable to attacks. This rapid expansion of services makes it increasingly difficult for organisations to maintain a secure IT asset inventory, heightening the risk of exploitation.
69% of UK Small Businesses Currently Use Weak Passwords to Access Important Documents
A recent study by highlights concerning cyber security practices among UK small businesses, revealing that 69% use weak passwords for accessing crucial documents and internal platforms. The research, which analysed hundreds of small to mid-sized organisations, found that 47% lacked up-to-date anti-virus software, and 15% had no firewall protection against cyber attacks. Additionally, nearly half (48%) of these businesses do not offer cyber security awareness training to their employees, leaving them vulnerable to potential risks when using technology. These findings underscore significant gaps in basic cyber security measures within the sector.
DDoS Attacks Surge 46% in First Half of 2024
The first half of 2024 has seen a significant rise in Distributed Denial of Service (DDoS) attacks, with a 46% increase compared to the same period last year, reaching 445,000 attacks in Q2 2024.
A DDoS attack is like a digital traffic jam that blocks access to a website or online service. Imagine if thousands of people tried to enter a shop all at once, overwhelming the doors so no one could get in. In a DDoS attack, many computers, often controlled by hackers, flood a website with so much fake traffic that it can't handle the load. This makes the website slow down or even crash, preventing real users from accessing it. The goal of these attacks is usually to disrupt services, cause financial loss, or damage a company's reputation.
The increase in attack volumes and power underscores the growing threat posed by DDoS attacks, where even comparatively mild 300 Gbps attack can render an unprotected server unavailable, leading to reputational damage and loss of customers.
Six Ransomware Gangs Behind Over 50% of 2024 Attacks
A recent report by Palo Alto Networks' Unit 42 reveals that the ransomware landscape for 2024 is dominated by just six gangs. LockBit 3.0 remains the most active ransomware group in 2024, despite a law enforcement takedown six months ago. LockBit 3.0 accounted for 325 victims in the first half of 2024, leading the list of 53 ransomware groups tracked. The Play gang follows in second place with 155 victims, up from fourth place last year. Newcomer 8base ranked third with 119 victims, followed by Akira, BlackBasta and Medusa. Overall, Unit 42 observed a 4.3% year-over-year increase in ransomware activity, with 1,762 posts on leak sites in H1 2024.
Why Attacks Against Critical National Infrastructure are Such a Threat and How Governments are Responding
A recent analysis underscores the escalating threat posed by state-sponsored cyber attacks against critical national infrastructure (CNI), which includes vital systems such as energy grids, telecommunications networks, and water infrastructure. Notably, UK and US authorities have identified pro-Russian hacktivists targeting small-scale industrial control systems (ICS) in North America and Europe, leveraging techniques that pose physical risks to vulnerable and misconfigured operational technology (OT) environments. Historical precedents, such as the 2021 Colonial Pipeline ransomware attack and the breach of a Florida water treatment plant, illustrate the severe consequences of such incursions, which can cause physical damage and impact lives on a significant scale. The inherent vulnerabilities of outdated legacy systems, particularly in sectors like energy, exacerbate these risks, highlighting the urgent need for enhanced defence strategies and international cooperation.
Social Engineering Attacks Continue to Evolve, Here’s How to Keep Up
Social engineering attacks continue to evolve, having advanced significantly since the early days of phishing. Traditional tactics have been replaced by more sophisticated methods, such as Business Email Compromise (BEC), which surged by over 100% last year, causing losses exceeding $2.9 billion. Additionally, the rise of AI-generated attacks has further complicated detection, with 80% of organisations reporting exposure to such threats. Add to the list QR code phishing, vishing (voice phishing), baiting, pretexting, romance scams, deepfakes, etc., there is a clear need for adaptive security strategies focused on human behaviour, alongside more personalised and timely cyber security awareness training to combat these increasingly complex attacks.
How Phishing Attacks Adapt Quickly to Capitalise on Current Events
Egress reveals that 94% of businesses were impacted by phishing attacks in 2023, marking a 40% increase from the previous year. The surge in phishing is largely attributed to the rise of generative AI, which has simplified the creation of convincing malicious content, including deepfake videos. Additionally, Phishing as a Service (PhaaS) has enabled even unskilled attackers to launch sophisticated phishing campaigns with ease. These developments have made phishing more agile, allowing threat actors to quickly exploit unexpected events for high-impact attacks, significantly heightening the threat landscape.
MacOS is Increasingly Targeted by Threat Actors
A recent analysis highlights the growing interest of cyber threat actors in targeting macOS devices, challenging the long-held perception of Apple computers as more secure than Windows. While Windows holds a dominant market share of about 72%, with Apple at 15%, the increasing use of macOS in organisations, particularly in the SME sector, where Apple's share is 22.4%, has made it a more attractive target. From January 2023 to July 2024, over 40 threat actors were observed focusing on macOS, with 21 active in 2024 alone, indicating a rising trend in macOS-targeted malware. Despite Apple’s robust security measures, vulnerabilities continue to be exploited as macOS usage grows.
There’s a New Ransomware Gang on the Block, and it’s Exploiting the Human Element
A recent analysis by the Sophos X-Ops Incident Response team has identified a new ransomware threat actor, "Mad Liberator". The group only emerged in mid-July and is becoming known for targeting users of the remote-access application Anydesk. Unlike traditional ransomware gangs, Mad Liberator primarily focuses on data exfiltration, occasionally using encryption and double extortion tactics. The group has already targeted at least eight victims across various sectors and countries, pressuring them by posting stolen data on a leak site when ransoms are not paid. The methods used by Mad Liberator to gain initial access remain unclear, adding to the mystery surrounding this emerging threat.
What is Threat Intelligence?
A recent analysis highlights the growing importance of threat intelligence in cyber security strategies, as organisations face increasingly sophisticated and large-scale cyber threats. Threat intelligence involves collecting, analysing, and disseminating information on past, current, and potential future threats, drawing from sources like the dark web and industry-specific data. This intelligence enables proactive defence by allowing organisations to anticipate and mitigate attacks, optimise resources, and make informed decisions. It also supports compliance with cyber security regulations. The report categorises threat intelligence into strategic, tactical, operational, and technical types, each providing unique insights crucial for developing effective defence mechanisms.
New Cyber Security Laws ‘Could Double’ Number of Reported Breaches
A recent analysis by the Compliance Institute predicts a significant increase in reported data breaches and cyber crime incidents when the EU Digital Operational Resilience Act (DORA) takes effect in January. The new regulations will impose stricter standards on financial institutions across Europe, focusing on their ability to protect, detect, contain, and recover from ICT-related incidents. With DORA’s enhanced reporting obligations and detection requirements, the volume of reported incidents is expected to at least double, highlighting the urgent need for organisations to enhance their resilience and compliance efforts.
Why MFA Alone is not Enough: The Crucial Role of Security Awareness Training
A recent analysis highlights the increasing sophistication of phishing campaigns, with credential phishing accounting for 91% of active threats in 2023, a 67% rise from 2022. The effectiveness of these attacks is exacerbated in environments lacking Multi-Factor Authentication (MFA), as seen in the Change Healthcare breach, where stolen credentials compromised sensitive health data. While MFA and unique passwords are vital, they alone are insufficient; kits that enable attackers to bypass MFA, like Tycoon 2FA, illustrate that even these measures can be circumvented. The report underscores the importance of comprehensive cyber security strategies, including robust password management and ongoing security awareness training to empower employees as the first line of defence.
Sources:
https://www.helpnetsecurity.com/2024/08/16/technology-consolidation-risks/
https://www.infosecurity-magazine.com/news/high-risk-cloud-exposures-palo/
https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html
https://www.theregister.com/2024/08/13/lockbit_ransomware_stats/
https://thehackernews.com/2024/08/how-phishing-attacks-adapt-quickly-to.html
https://intel471.com/blog/macos-is-increasingly-targeted-by-threat-actors
https://cybernews.com/security/mad-liberator-new-ransomware-gang-exploiting-human-element/
https://securityboulevard.com/2024/08/what-is-threat-intelligence-3/
Governance, Risk and Compliance
What is Threat Intelligence? - Security Boulevard
Cyber Security's Real Challenge Is Communication, Not Just Technology (darkreading.com)
Effective Communication Is Key to Successful Cyber Security (govinfosecurity.com)
Flashpoint CEO: Cyber, physical security threats converging | TechTarget
How CIOs, CTOs, and CISOs view cyber risks differently - Help Net Security
AI governance and clear roadmap lacking across enterprise adoption | ZDNET
How leading CISOs build business-critical cyber cultures | CIO
It’s time to bring cyber into the boardroom - Anthony Quinn (scotsman.com)
How Outdated Security Measures Can Devastate Your Organisation - Security Boulevard
Threats
Ransomware, Extortion and Destructive Attacks
74% of ransomware victims were attacked multiple times in a year - Help Net Security
Six ransomware gangs behind over 50% of 2024 attacks • The Register
There’s a new ransomware gang on the block, and it’s exploiting the human element | Cybernews
STAC6451 Hackers Attacking Microsoft SQL Servers to Compromise Organisations (cybersecuritynews.com)
Infiltrating ransomware gangs on the dark web - CBS News
Ransomware Group BlackSuit Upgrades Capabilities | Silicon UK
FBI claims success in taking down another major ransomware group | TechRadar
‘Elite’ ransomware pioneer suspect charged after 9-year hunt • The Register
Black Basta-Linked Attackers Target Users with SystemBC Malware (thehackernews.com)
Unlearning the RaaS Model: How ransomware attacks are evolving | TechRadar
Ransomware Attacks on Industrial Firms Surged in Q2 2024 - SecurityWeek
Cyber crime group disables EDR software to launch RansomHub ransomware | SC Media (scmagazine.com)
July ransomware attacks slam public sector organisations | TechTarget
New Double-Extortion Ransomware Attacking Linux Machines (cybersecuritynews.com)
'Radar' ransomware group taken down by FBI - Tech Monitor
Suspected head of Reveton, Ransom Cartel RaaS groups arrested - Help Net Security
Ransomware Victims
Enzo Biochem penalized $4.5M over 2023 ransomware theft • The Register
The Washington Times newspaper claimed by Rhysida ransomware cartel | Cybernews
Swiss-based Schlatter says IT network affected by cyberattack - CNA (channelnewsasia.com)
Phishing & Email Based Attacks
Email Security Risk Remains Alarmingly High (informationsecuritybuzz.com)
Russia launching more sophisticated phishing attacks, new report finds | Russia | The Guardian
How Phishing Attacks Adapt Quickly to Capitalize on Current Events (thehackernews.com)
Why Business Email Compromise Scams Target B2B Relationships (pymnts.com)
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA - SecurityWeek
How to spot phishing in the age of AI - IT Security Guru
Russians team up with young, English-speaking hackers for cyberattacks | 60 Minutes - CBS News
Scammers dupe chemical company into wiring $60 million - Help Net Security
Email Breach Report 2024: Vulnerable Names And Providers Exposed (informationsecuritybuzz.com)
Social engineering attacks continue to evolve – here’s how to keep up | SC Media (scmagazine.com)
Russia FSB cyber snoops linked to massive phishing campaign • The Register
Phishing via file-sharing services jumps 350%, warns Abnormal Security (techmonitor.ai)
Google raps APT42 for high-profile spear-phishing attacks • The Register
There's more than 25 ways to bypass a Secure Web Gateway • The Register
Russian hacking campaign targets rights groups, media, former US ambassador | CyberScoop
Beware of Phishing Campaign that Impersonates Google Safety Centre (cybersecuritynews.com)
Apple Intelligence is “a boomer dad” that reportedly prioritizes phishing emails | Cybernews
BEC
Why Business Email Compromise Scams Target B2B Relationships (pymnts.com)
Scammers dupe chemical company into wiring $60 million - Help Net Security
Chemical company Orion loses $60 million in business email compromise scam (therecord.media)
Other Social Engineering
There’s a new ransomware gang on the block, and it’s exploiting the human element | Cybernews
A new extortion crew, Mad Liberator, emerges on the scene • The Register
USPS Text Scammers Duped His Wife, So He Hacked Their Operation | WIRED
Social engineering attacks continue to evolve – here’s how to keep up | SC Media (scmagazine.com)
Artificial Intelligence
How to spot phishing in the age of AI - IT Security Guru
Why a 'Swiss cheese' approach is needed to combat deepfakes [Q&A] (betanews.com)
Microsoft Copilot Flaws Could Lead to Targeted Cyber Attacks (petri.com)
Cyber Security: The Impact Of AI On Today’s Businesses - Minutehack
Rogue AI is the Future of Cyber Threats | Trend Micro (US)
AI governance and clear roadmap lacking across enterprise adoption | ZDNET
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Apple Intelligence is “a boomer dad” that reportedly prioritizes phishing emails | Cybernews
A world-first law in Europe is targeting artificial intelligence. Other countries can learn from it
Grok gets an impressive upgrade - and unchecked AI image generation apparently | ZDNET
74% of IT professionals worry AI tools will replace them - Help Net Security
Grammarly's new tool aims to detect AI-generated text. Here's how it works | ZDNET
2FA/MFA
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA - SecurityWeek
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
Malware
Flaw in AMD Chips Can Be Exploited to Plant Malware That Survives OS Reinstalls | PCMag
Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs (bleepingcomputer.com)
Black Basta-Linked Attackers Target Users with SystemBC Malware (thehackernews.com)
Malware Loaders Dominate Cyber Security Threats In 2024 (informationsecuritybuzz.com)
Mobile
How to Remove an Android Virus - Tech Advisor
Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App | WIRED
Denial of Service/DoS/DDOS
DDoS attack volume rises, peak power reaches 1.7 Tbps - Help Net Security
DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals (thehackernews.com)
Internet of Things – IoT
Are Brain-Computer Interfaces at Risk of Mass Cyberattacks? | HackerNoon
Your Gym Locker May Be Hackable | WIRED
How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards | WIRED
Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users (thehackernews.com)
Ecovacs home robots can be hacked to spy on their owners, researchers say | TechCrunch
Data Breaches/Leaks
One of the worst data breaches in history just got worse | Digital Trends
Cyber attacks 2024: The biggest attacks of the first half of 2024 - Security Boulevard
Trump Campaign Blames Iranian Hack on Docs Leaked to Media (databreachtoday.co.uk)
Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All | WIRED
Almost 50 PII categories impacted in data breach at East Valley Institute of Technology | Cybernews
Hackers leak 2.7 billion data records with Social Security numbers (bleepingcomputer.com)
Kakao Pay shared over 40M users' data with China’s Alipay • The Register
Organised Crime & Criminal Actors
Cyber criminal Duo Attracts FBI Notice by Spending Big & Living Large (darkreading.com)
Russian Sentenced To 40 Months For Selling Stolen Data On Dark Web (informationsecuritybuzz.com)
Cyber threat actors evolve tactics - CIR Magazine
Megaupload Founder Kim Dotcom Gets Extradition to US, Claims 'I'm Not Leaving' | PCMag
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
43% of Meta ads based on UK prime minister are crypto scams (protos.com)
Insurance
Cyber insurance costs ease, but for how much longer? - Raconteur
Evolving threat landscape influencing cyber insurance market | TechTarget
Federal Cyber Insurance Policy for Cataclysmic Cyber Events Imminent | MSSP Alert
Supply Chain and Third Parties
Delta And Frontier Airlines Want Tech Companies To Pay Up For Losses (forbes.com)
The role of employee awareness in preventing supply chain attacks | TechRadar
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Cloud/SaaS
Phishing via file-sharing services jumps 350%, warns Abnormal Security (techmonitor.ai)
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs (darkreading.com)
Major GitHub repos leak access tokens putting code and clouds at risk | CSO Online
Outages
Delta And Frontier Airlines Want Tech Companies To Pay Up For Losses (forbes.com)
Encryption
NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum
Linux and Open Source
18-year-old browser bug still allows access to internal networks – Computerworld
Zero trust: How the ‘Jia Tan’ hack complicated open-source software | CyberScoop
New Double-Extortion Ransomware Attacking Linux Machines (cybersecuritynews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
Social Media
Fake X content warnings on Ukraine war, earthquakes used as clickbait (bleepingcomputer.com)
43% of Meta ads based on UK prime minister are crypto scams (protos.com)
Labour MPs begin quitting X over ‘hate and disinformation’ | X | The Guardian
Grok gets an impressive upgrade - and unchecked AI image generation apparently | ZDNET
Malvertising
43% of Meta ads based on UK prime minister are crypto scams (protos.com)
Training, Education and Awareness
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
The role of employee awareness in preventing supply chain attacks | TechRadar
Regulations, Fines and Legislation
New cyber security laws ‘could double’ number of reported breaches – The Irish Times
UN Approves Cyber Crime Treaty Despite Major Tech, Privacy Concerns (darkreading.com)
How Can Organisations Navigate SEC's Cyber Materiality Disclosures? (darkreading.com)
How to implement NIS2, Christoph Werkmeister, Hanna Hoffmann, Julia Utzerath (freshfields.com)
Enzo Biochem penalized $4.5M over 2023 ransomware theft • The Register
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
A world-first law in Europe is targeting artificial intelligence. Other countries can learn from it
Cyber Security In Healthcare: Regulation, Incentives Patient Safety (informationsecuritybuzz.com)
Models, Frameworks and Standards
NIST Releases First 3 Finalized Post-Quantum Encryption Standards | NIST
How to implement NIS2, Christoph Werkmeister, Hanna Hoffmann, Julia Utzerath (freshfields.com)
How UK firms can get ready for the implementation of NIS2 | Computer Weekly
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Data Protection
X faces GDPR complaints for unauthorized use of data for AI training (bleepingcomputer.com)
Careers, Working in Cyber and Information Security
It's Time to Promote Security Talent From Within (darkreading.com)
Calls for lighter visa restrictions mount as UK tech faces talent shortfall | ITPro
Law Enforcement Action and Take Downs
FBI claims success in taking down another major ransomware group | TechRadar
‘Elite’ ransomware pioneer suspect charged after 9-year hunt • The Register
Cyber Criminal Duo Attracts FBI Notice by Spending Big & Living Large (darkreading.com)
Russian Sentenced To 40 Months For Selling Stolen Data On Dark Web (informationsecuritybuzz.com)
'Radar' ransomware group taken down by FBI - Tech Monitor
Suspected head of Reveton, Ransom Cartel RaaS groups arrested - Help Net Security
Misinformation, Disinformation and Propaganda
Multiple Iran groups step up US election influence efforts • The Register
Microsoft Report Exposes Iranian Cyber Warfare Targeting U.S. Election (fdd.org)
Tackling Disinformation Online With The Use Of Proper Tools (informationsecuritybuzz.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Japan will launch DARPA-esque research institute for cyber warfare | Cybernews
Nation State Actors
Trump Leak Likely a Harbinger of More Interference to Come (databreachtoday.co.uk)
China
China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa (thehackernews.com)
APT41 Spinoff Expands Chinese Actor's Scope Beyond Asia (darkreading.com)
Chinese hacking groups target Russian government, IT firms (bleepingcomputer.com)
Expanded attacks by Earth Baku detailed | SC Media (scmagazine.com)
China-linked cyber-spies infect Russian govt, IT sector • The Register
Russia
Russia launching more sophisticated phishing attacks, new report finds | Russia | The Guardian
Russians team up with young, English-speaking hackers for cyberattacks | 60 Minutes - CBS News
Russian cyber spies stole data and emails from UK government systems (securityaffairs.com)
Chinese hacking groups target Russian government, IT firms (bleepingcomputer.com)
Russia FSB cyber snoops linked to massive phishing campaign • The Register
Russian hacking campaign targets rights groups, media, former US ambassador | CyberScoop
Russian-Linked Hackers Target Eastern European NGOs and Media (thehackernews.com)
How the Kaspersky ban affects you and how to protect your data | Proton
Russia blocks Signal for 'violating' anti-terrorism laws (bleepingcomputer.com)
Russian Sentenced To 40 Months For Selling Stolen Data On Dark Web (informationsecuritybuzz.com)
Iran
Multiple Iran groups step up US election influence efforts • The Register
Microsoft Report Exposes Iranian Cyber Warfare Targeting U.S. Election (fdd.org)
Trump campaign said senior staffer hacked by Iran-backed APT | SC Media (scmagazine.com)
Google raps APT42 for high-profile spear-phishing attacks • The Register
Iran increases phishing attempts on U.S., Israeli targets | CyberScoop
North Korea
Beyond espionage – how the Lazarus Group is reshaping cyber security threats (securitybrief.co.nz)
North Korea stole technical data about key ROK military spy planes: Ruling party | NK News
South Korea says DPRK hackers stole spy plane technical data (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Greece leaves spy services unchecked on Predator hacks – POLITICO
Tools and Controls
Why MFA alone isn’t enough: The crucial role of security awareness training | TechRadar
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA - SecurityWeek
What is Threat Intelligence? - Security Boulevard
The role of employee awareness in preventing supply chain attacks | TechRadar
The Importance Of APIs/API Security In Financial Services (informationsecuritybuzz.com)
35% of exposed API keys still active, posing major security risks - Help Net Security
EDR testing: How to validate EDR tools | TechTarget
Cyber crime group disables EDR software to launch RansomHub ransomware | SC Media (scmagazine.com)
Taming Identity Sprawl With A Least Privilege Approach (informationsecuritybuzz.com)
Effective Communication Is Key to Successful Cyber Security (govinfosecurity.com)
A deep dive into multi-stage attacks and the need for complete visibility | TechRadar
Three ways a cyber-resilient approach can keep your data safe | TechRadar
Flashpoint CEO: Cyber, physical security threats converging | TechTarget
The 5 Different Types of Firewalls Explained (techtarget.com)
Evolving threat landscape influencing cyber insurance market | TechTarget
There's more than 25 ways to bypass a Secure Web Gateway • The Register
AI In Cyber Security: Can We Trust It? | MSSP Alert
How to select an MDR security service | TechTarget
Student raised security concerns in Mobile Guardian MDM weeks before cyberattack | TechCrunch
Federal Cyber Insurance Policy for Cataclysmic Cyber Events Imminent | MSSP Alert
Cyber Security: The Impact Of AI On Today’s Businesses - Minutehack
Apple Intelligence is “a boomer dad” that reportedly prioritizes phishing emails | Cybernews
AI/ML's Role in Cyber Security: Balancing Innovation, Safety (inforisktoday.com)
Other News
We are gradually becoming inured to technological messes – The Irish Times
Aware of what tech debt costs them, CIOs still can’t make it an IT priority | CIO
Why attacks against critical national infrastructure (CNI) are such a threat | ITPro
Three ways a cyber-resilient approach can keep your data safe | TechRadar
Flashpoint CEO: Cyber, physical security threats converging | TechTarget
Britain moves to tamper down cyber security row | SC Media (scmagazine.com)
The impact of cyber crime on modern businesses in Europe - Emerging Europe (emerging-europe.com)
Global Aviation Cyber Risk Landscape 2024 (airtrafficmanagement.net)
Media and entertainment firms are being hit with more cyberattacks than ever | TechRadar
What the Delta-Crowdstrike lawsuit may mean for IT contracts | TechTarget
Delta vs. CrowdStrike: The duties vendors owe to customers - or do they? - Help Net Security
How the Kaspersky ban affects you and how to protect your data | Proton
Cyber Security In Healthcare: Regulation, Incentives Patient Safety (informationsecuritybuzz.com)
US considers breaking up Google after illegal monopoly ruling, reports say | Google | The Guardian
Vulnerability Management
Tackling Vulnerabilities & Errors Head-on for Proactive Security (darkreading.com)
Easterly: Cyber security is a software quality problem | CyberScoop
A Lesson From the CrowdStrike Incident (darkreading.com)
Zero trust: How the ‘Jia Tan’ hack complicated open-source software | CyberScoop
Lessons learned from CrowdStrike's automation errors | TechTarget
Vulnerabilities
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (bleepingcomputer.com)
Microsoft discloses Office zero-day, still working on a patch (bleepingcomputer.com)
Microsoft Office Apps Provide a New Path for Hackers (howtogeek.com)
0-Click Outlook Vulnerability Triggred RCE When Email is Opened (cybersecuritynews.com)
Fortinet, Zoom Patch Multiple Vulnerabilities - SecurityWeek
18-year-old browser bug still allows access to internal networks – Computerworld
Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share (thehackernews.com)
Open Source Firewall pfsense Vulnerable to Remote Code Execution Attacks (cybersecuritynews.com)
Microsoft Copilot Flaws Could Lead to Targeted Cyberattacks (petri.com)
Worried about the Windows BitLocker recovery bug? 6 things you need to know | ZDNET
Former Microsoft security architect showcases 15 different ways to break Copilot | Windows Central
Adobe Calls Attention to Massive Batch of Code Execution Flaws - SecurityWeek
Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities - SecurityWeek
SolarWinds addressed a critical RCE in all Web Help Desk versions (securityaffairs.com)
Attacks Leveraging Windows SmartScreen Bypass Flaw Deployed Since March | MSSP Alert
Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR - SecurityWeek
FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability (thehackernews.com)
Ivanti warns of critical vTM auth bypass with public exploit (bleepingcomputer.com)
SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps - SecurityWeek
Post-Exploitation Technique After Hacking Ivanti, Fortigate VPN Servers (cybersecuritynews.com)
GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover (thehackernews.com)
Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 14 August 2024 – Microsoft, Adobe, Ivanti, SAP, Fortinet, Zoom, Intel and AMD Security Updates
Black Arrow Cyber Advisory 14 August 2024 – Microsoft, Adobe, Ivanti, SAP, Fortinet, Zoom, Intel and AMD Security Updates
Executive summary
Microsoft’s August Patch Tuesday provides updates to address 89 security issues across its product range, including six actively exploited zero-day vulnerabilities and three publicly disclosed zero-days. In addition to the Microsoft updates this week also saw Adobe fix 72 vulnerabilities across various products, Ivanti addressing a critical vulnerability in their Virtual Traffic Manager product and SAP releasing 25 patches for a variety of products, including 2 for critical vulnerabilities. Also, Fortinet released patches for a number of their different products, Zoom addressed 15 vulnerabilities across their product range, including two high-severity issues, and Intel and AMD patched 110 vulnerabilities between them.
Microsoft
Within the 89 addressed security issues, the actively exploited zero-day vulnerabilities include privilege elevations, memory corruption, web security feature bypass and remote code execution. All of which have been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog”. Also, among the updates provided by Microsoft were 8 critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution and information disclosure.
Adobe
This month, Adobe released fixes for 72 vulnerabilities, of which 35 were rated critical, across several of their products. The affected products and their respective vulnerabilities are as follows: Adobe Illustrator (1 critical), Adobe Dimension (3 critical), Adobe Photoshop (1 critical), InDesign (9 critical), Adobe Acrobat Reader (8 critical), Adobe Bridge (2 critical), Adobe Commerce (7 critical), Adobe InCopy (1 critical), Adobe Substance 3D Stager (1 critical), Adobe Substance 3D Sampler (1 critical), Adobe 3D Designer (1 critical). Adobe have specifically warned that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks. At current, Adobe is not aware of any of these vulnerabilities being actively exploited.
Fortinet
Fortinet have released patches for three vulnerabilities impacting FortiOS, FortiAnalyser, FortiManager, FortiProxy, FortiPAM and FortiSwitchManager. At current, Fortinet makes no mention of any of these vulnerabilities being actively exploited. Further details on the vulnerabilities and the patches can be found in the details below.
Ivanti
Ivanti have released a security update to address a critical vulnerability (CVE-2024-7593) in Virtual Traffic Manager (vTM) which could allow an unauthenticated attacker to bypass authentication of the admin panel and create admin users. The issue affects vTM versions 22.2, 22.3, 22.3R2, 22.5R1, 22.6R1, and 22.7R1, with fixes available in versions 22.2R1, 22.7R2, and 22.3R3, 22.5R2, and 22.6R2 (all available the week of August 19, 2024). Currently Ivanti is not aware of any of these vulnerabilities being actively exploited however there is a public proof of concept that has been released so it is advised to apply the patches as soon as possible.
SAP
This month, SAP has released 25 patches, which include 17 new releases and 8 updates from previous releases. 2 patches have been given the “hot news” priority in SAP, the highest severity. The vulnerabilities encompass a range of issues, including missing authentication checks, server-side request forgery (SSRF), XML injection and Prototype pollution.
Intel and AMD
Intel has published 43 new advisories covering roughly 70 vulnerabilities, including 9 high-severity issues affecting products like Intel NUC and Ethernet Controllers. Exploitation of these vulnerabilities can lead to privilege escalation, information disclosure, and denial of service. Meanwhile, AMD has released patches for 46 vulnerabilities across 8 advisories. Further information on the different vulnerabilities can be found below.
Zoom
This month, Zoom addressed 15 vulnerabilities across their product range, including two high-severity issues. CVE-2024-39825 affects Zoom Workplace apps and Rooms clients, allowing authenticated attackers to escalate privileges. CVE-2024-39818 impacts Zoom Workplace apps and Meeting SDKs, enabling authenticated users to access restricted information. Currently Zoom is not aware of any active exploitation but users are advised to update the affected applications.
What’s the risk to me or my business?
There are a large number of actively exploited vulnerabilities which could affect the confidentiality, integrity and availability of the systems. There is also a large quantity of critical and non-critical vulnerabilities that have been addressed in various vendor patches.
What can I do?
The updates should be applied as soon as possible for all the actively exploited vulnerabilities and all other vulnerabilities that have a critical severity rating. Each vulnerability should be internally assessed and patched following vulnerability management and software/firmware update practices, in line with the risk that the vulnerabilities pose to the underlying systems.
More information:
Microsoft
Further details on other specific updates within this Microsoft patch Tuesday can be found here:
Adobe
Further details of the vulnerabilities in Adobe Illustrator can be found here:
https://helpx.adobe.com/security/products/illustrator/apsb24-45.html
Further details of the vulnerabilities in Adobe Dimension can be found here:
https://helpx.adobe.com/security/products/dimension/apsb24-47.html
Further details of the vulnerabilities in Adobe Photoshop can be found here:
https://helpx.adobe.com/security/products/photoshop/apsb24-49.html
Further details of the vulnerabilities in Adobe InDesign can be found here:
https://helpx.adobe.com/security/products/indesign/apsb24-56.html
Further details of the vulnerabilities in Adobe Acrobat Reader can be found here:
https://helpx.adobe.com/security/products/acrobat/apsb24-57.html
Further details of the vulnerabilities in Adobe Bridge can be found here:
https://helpx.adobe.com/security/products/bridge/apsb24-59.html
Further details of the vulnerabilities in Adobe Commerce can be found here:
https://helpx.adobe.com/security/products/magento/apsb24-61.html
Further details of the vulnerabilities in Adobe InCopy can be found here:
https://helpx.adobe.com/security/products/incopy/apsb24-64.html
Further details of the vulnerabilities in Adobe Substance 3D Stager can be found here:
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-60.html
Further details of the vulnerabilities in Adobe Substance 3D Sampler can be found here:
https://helpx.adobe.com/security/products/substance3d-sampler/apsb24-65.html
Further details of the vulnerabilities in Adobe Substance 3D Designer can be found here:
https://helpx.adobe.com/security/products/substance3d_designer/apsb24-67.html
Fortinet
https://www.fortiguard.com/psirt?page=1&date=&severity=&product=FortiExtender,FortiAP-U,FortiAP-W2,FortiAP-S,FortiOS-6K7K,FortiSwitchManager,FortiSandbox,FortiAP-C,FortiAnalyzer,FortiSwitch,FortiManager,FortiAP,FortiOS,FortiAnalyzer-BigData&component=&version= [ND1]
Ivanti
Further details of the vulnerabilities on Ivanti Virtual Traffic Manager can be found here:
SAP
Further details of the vulnerabilities addressed by SAP can be found here:
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2024.html
Intel
https://www.intel.com/content/www/us/en/security-center/default.html
AMD
https://www.amd.com/en/resources/product-security.html
Zoom
Known Exploited Vulnerabilities Catalog:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 09 August 2024
Black Arrow Cyber Threat Intelligence Briefing 09 August 2024:
-UK Business Struggling to Prioritise Cyber Security Needs
-The C-Suite Conundrum: Are Senior Executives the Achilles’ Heel of Cyber Security?
-Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication
-Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cyber Criminals
-How the Theft of 40M UK Voter Register Records was Entirely Preventable
-18-Year-Old Security Flaw in Firefox and Chrome Exploited in Attacks
-99% of Global 2000 Companies Directly Connected to a Supply Chain Breach
-Email Attacks Skyrocket 293%
-Police Recover Over $40m Headed to BEC Scammers
-Russia's Priorities in Prisoner Swap Suggest Cyber Focus
-Point of Entry: Why Hackers Target Stolen Credentials for Initial Access
-FBI: BlackSuit Ransomware Behind Over $500 Million in Ransom Demands
-Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes
-Finance Should Pay Much More Attention to Undersea Cables Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Business Struggling to Prioritise Cyber Security Needs
UK businesses are increasingly struggling to meet cyber security demands due to insufficient technology, expertise, and funding. Over 80% of organisations report a significant cyber skills gap, with six in 10 CISOs citing underfunded security budgets. Insider threats, particularly those involving AI tools like ChatGPT, are identified as the biggest risk, yet nearly two-thirds of organisations lack the technology to combat these threats. While 85% have turned to automation to bolster defences, experts caution against overreliance on AI, stressing the need for skilled personnel. Simultaneously, 86% of cyber security professionals now rank unknown threats as their top concern, driving nearly 99% of organisations to plan outsourcing segments of their cyber risk management to third-party providers within the next two years. This trend underscores the importance of improved network visibility and the critical role of managed detection and response (MDR) services, which depend heavily on accurate data and human analysis.
The C-Suite Conundrum: Are Senior Executives the Achilles’ Heel of Cyber Security?
A recent analysis highlights the heightened risk facing C-suite executives, who are increasingly targeted by sophisticated spear phishing and whaling attacks due to their access to valuable corporate data and decision-making authority. CEOs are the primary targets, receiving 23% of phishing emails, followed closely by chief people officers (21%) and chief finance officers (19%). The human element remains a significant vulnerability, with 74% of breaches linked to human error, including misdirected emails. To mitigate these risks, organisations should provide tailored security training for executives and enhance their email security with integrated cloud solutions to prevent advanced threats and outbound data loss.
Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication
Ransomware attacks are escalating in 2024, with over 2,500 incidents recorded in the first half of the year, averaging more than 14 attacks daily. The rise in double extortion tactics is evident, with postings on leak sites increasing from 24 per month in early 2023 to 40 per month in 2024. Despite this growing sophistication, many organisations still neglect basic cyber hygiene, leaving vulnerabilities in RDP, VPNs, and the absence of multi-factor authentication as key entry points for attackers. A separate report by Sophos X-Ops highlights the increasing psychological tactics of ransomware gangs, who now aim to inflict emotional and reputational harm on victims. The Monti gang, for example, threatened to expose an employee's falsely accused browser history, while other groups have doxed (leaked personal information online) business owners, revealing personal and financial details. Ransomware operators also leverage media pressure and new regulations, threatening to report breaches to regulatory bodies if victims fail to comply. This shift underscores the intensified psychological warfare being waged by ransomware groups against targeted organisations.
Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cyber Criminals
A recent report highlights the increasing sophistication of cyber threats, with cyber crime-as-a-service models such as Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) lowering the barrier to entry for attackers. Notably, information-stealing malware accounted for 29% of early investigations, while phishing remains a significant concern, with 17.8 million phishing emails detected between December 2023 and July 2024. The report underscores the need for more proactive or anticipatory security measures as traditional reactive defences struggle to keep pace with evolving tactics, techniques, and procedures (TTPs) used by cyber criminals.
How the Theft of 40M UK Voter Register Records was Entirely Preventable
The UK’s Information Commissioner’s Office (ICO) has revealed that the massive data breach affecting 40 million UK voters was entirely preventable. The breach, which went undetected for over a year, was attributed to the Electoral Commission's failure to patch known vulnerabilities in its self-hosted Microsoft Exchange server. The ICO criticised the Commission for inadequate security measures, including poor password management, and noted that these basic lapses allowed hackers to steal voter information. Despite the severity of the breach, the ICO did not impose a fine, citing the absence of evidence that the stolen data was misused.
18-Year-Old Security Flaw in Firefox and Chrome Exploited in Attacks
A recently highlighted vulnerability, known as "0.0.0.0 Day", has persisted for 18 years and affects Linux and macOS devices, allowing malicious websites to bypass security in Chrome, Firefox, and Safari. This flaw enables attackers to interact with local network services, potentially changing settings or accessing protected information, and in some cases, executing remote code. Despite being reported in 2008, the vulnerability remains unresolved, with browsers acknowledging the issue and working towards a fix. The flaw exploits inconsistencies in browser security mechanisms like Cross-Origin Resource Sharing (CORS) and Private Network Access (PNA), making it a significant ongoing risk.
99% of Global 2000 Companies Directly Connected to a Supply Chain Breach
SecurityScorecard and The Cyentia Institute has revealed that 99% of Global 2000 companies are directly connected to vendors that have experienced recent breaches, underscoring the escalating risk of supply chain cyber attacks. These interconnected businesses face severe cyber risks, with supply chain incidents costing 17 times more to manage than first-party breaches. The report estimates that losses from Global 2000 breaches over 15 months ranged between $20 billion and $80 billion, with 90% of these companies acting as vendors to each other.
Email Attacks Skyrocket 293%
Acronis reveals a 293% surge in email attacks during the first half of 2024 compared to the same period in 2023, with ransomware detections also rising by 32% from Q4 2023 to Q1 2024. The report highlights that SMBs in government and healthcare are particularly vulnerable, with new ransomware groups accounting for 84 global attacks. The growing use of AI in cyber attacks, including social engineering and automation, is emphasised as a significant emerging threat. It is recommended that MSPs adopt a comprehensive security strategies, including advanced endpoint protection and security awareness training, to combat these evolving risks.
Police Recover Over $40m Headed to BEC Scammers
A Singaporean commodity firm narrowly avoided a significant loss after falling victim to a business email compromise (BEC) scam, transferring $42.3m to fraudsters in Timor Leste. Fortunately, the Singapore Police Force, utilising Interpol's Global Rapid Intervention of Payments (I-GRIP) mechanism, managed to recover $41m within ten days of the incident. This case underscores the effectiveness of rapid international cooperation in combating financial cyber crime. BEC scams continue to be a major threat, with the FBI reporting over $2.9bn lost to such attacks in 2023 alone.
Russia's Priorities in Prisoner Swap Suggest Cyber Focus
A recent prisoner exchange between the United States and Russia involved the release of eight convicted Russian nationals, including cyber criminals Vladislav Klyushin and Roman Seleznev, in return for 16 imprisoned Americans and Europeans. Klyushin, involved in a $93 million "hack-to-trade" scheme, and Seleznev, who ran a large-scale credit card fraud operation, highlight Russia's emphasis on cyber activities. Despite concerns about the implications of such exchanges, experts suggest that this historic swap, supported by five allied nations, is unlikely to alter how law enforcement approaches cyber crime prosecution.
Point of Entry: Why Hackers Target Stolen Credentials for Initial Access
ENISA, the European Union Agency for Cybersecurity, has highlighted the growing threat posed by stolen credentials, now the leading cause of data breaches, accounting for 24% of incidents. The Initial Access Broker (IAB) market has seen significant growth, with cyber criminals using malware such as Redline and Raccoon Stealer to harvest and sell credentials. Despite advancements in security measures, including multi-factor authentication (MFA), attackers continue to find ways to bypass defences. The report underscores the critical need for organisations to enforce strong password policies and continuously monitor for compromised credentials to mitigate this evolving threat.
FBI: BlackSuit Ransomware Behind Over $500 Million in Ransom Demands
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI has confirmed that the ransomware group previously known as Royal has rebranded as BlackSuit, demanding over $500 million in ransoms since its emergence. Active since September 2022, BlackSuit is believed to be the direct successor of the Conti syndicate, responsible for attacks on over 350 organisations and linked to major incidents like the CDK Global IT outage. Ransom demands typically range from $1 million to $10 million, with a peak demand of $60 million. The rebranding follows the deployment of a new encryptor, marking an evolution in the group's tactics and capabilities.
Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes
According to a recent survey conducted among nearly 1,000 IT and security professionals, it was found that 74% of respondents had experienced multiple ransomware attacks within the past year. Among those targeted, 78% ended up paying the ransom. Even more concerning is that out of those who paid, 72% did so on more than one occasion. Notably, 33% reported paying the ransom as many as four times or more. Despite these payments, 87% of attacks led to significant business disruption, including data loss, and 35% of victims did not receive functional decryption keys. Recovery was slow, with nearly half taking up to seven days to restore minimal IT functionality. This comes as another report highlights the rising threat, with security leaders facing an average of eight attacks per year, leading to nearly $2.5 million in ransom payments.
Finance Should Pay Much More Attention to Undersea Cables Risk
A recent analysis has highlighted the critical yet overlooked risk posed by undersea cables, which carry over 99% of global internet traffic, including $10 trillion in daily financial transactions. A new Rogucci report warns that while previous threats were mainly local sabotage, the current danger stems from state-sponsored hostile acts, with nations like Russia posing significant risks. The report calls for a $5 billion investment to triple the repair fleet and establish a centralised command to ensure network resilience. Without immediate action, the world’s financial infrastructure remains highly vulnerable to catastrophic disruption.
Sources:
https://www.scmagazine.com/news/most-companies-are-afraid-of-unseen-cybersecurity-threats
https://www.scmagazine.com/news/ransomware-gangs-leverage-new-tactics-to-pressure-victims-to-pay-up
https://www.helpnetsecurity.com/2024/08/09/maas-threat-landscape/
https://www.helpnetsecurity.com/2024/08/06/email-attacks-h1-2024/
https://www.infosecurity-magazine.com/news/police-recover-40m-bec-scammers/
https://www.darkreading.com/cyber-risk/russias-priorities-in-prisoner-swap-suggest-cyber-focus
https://www.insurancejournal.com/news/national/2024/08/08/787480.htm
https://www.ft.com/content/ab0e00b3-ce0a-4b44-a694-d398d67f64cc
Governance, Risk and Compliance
How C-Suite Leaders Can Set The Cyber Security Tone (forbes.com)
UK business struggling to prioritise cyber security needs, report reveals (holyrood.com)
CISOs don't feel supported at board level (betanews.com)
Boardroom Defence: Questions About Cyber Security (forbes.com)
Microsoft on CISOs: Thriving Community Means Stronger Security (darkreading.com)
Cyber resilience and the C-Suite navigating innovation and risk | SC Media (scmagazine.com)
Executives Beware: Understanding the Risk of Targeted Cyber Attacks - Security Boulevard
Effective Board Communication: Lessons from CrowdStrike for CISOs | UpGuard
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware groups develop more sophisticated business models (betanews.com)
Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses - Security Week
Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes (insurancejournal.com)
Ransomware gangs leverage new tactics to pressure victims to pay up | SC Media (scmagazine.com)
Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication - Security Week
Ransomware attacks expected to worsen this year | SC Media (scmagazine.com)
Organisations face an average of 8 ransomware incidents per year | Security Magazine
FBI: BlackSuit ransomware made over $500 million in ransom demands (bleepingcomputer.com)
Soft ransomware targets, a new top emerging risk for enterprises: Gartner - Reinsurance News
Intelligence bill would elevate ransomware to a terrorist threat | CyberScoop
Should Organisations Pay Ransom Demands? (securityaffairs.com)
Royal ransomware crew puts on a BlackSuit in rebrand | Computer Weekly
Proton ransomware continues evolution with latest Zola variant | SC Media (scmagazine.com)
Ransomware gang targets IT workers with new RAT masquerading as IP scanner - Help Net Security
Ransomware Victims
UK IT provider faces $7.7 million fine for 2022 ransomware breach (bleepingcomputer.com)
French Museums Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
Surge in Magniber ransomware attacks impact home users worldwide (bleepingcomputer.com)
Watchdog set to fine NHS IT firm after medical records hack - BBC News
Ransomware attack paralyzes milking robots — cow dead | CSO Online
Ransomware Attack Cost Keytronic Over $17 Million - Security Week
Phishing & Email Based Attacks
The Alarming Surge Of Lateral Phishing – Are We All Just Sitting Ducks? | HackerNoon
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
62 percent of phishing emails pass DMARC checks (betanews.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Email attacks skyrocket 293% - Help Net Security
Microsoft 365 anti-phishing alert "erased" with one simple trick - Help Net Security
Darktrace report: 56% of phishing emails bypass security checks (securitybrief.co.nz)
KnowBe4 Releases Q2 Quarterly Phishing Test Results | Business Wire
HR emails top phishing tactics in KnowBe4's Q2 2024 report (securitybrief.co.nz)
Phishers have figured out that everyone is afraid of HR | CSO Online
BEC
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
Email attacks skyrocket 293% - Help Net Security
Other Social Engineering
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Artificial Intelligence
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
Auditors fear AI will ‘turbocharge’ cyber crime - CIR Magazine
AI in the Enterprise: Cutting Through the Hype and Assessing Real Risks - Security Week
Do you know what's in the new AI Cyber Code? - Accountancy Age
ACCA welcomes gov’s proposed AI cyber security code | Accountancy Today
Tech giants reveal plans to combat AI-fueled election antics | CyberScoop
Security industry braces for Democracy’s biggest test yet | SC Media (scmagazine.com)
Disinformation may 'go nuclear' rather than 'go viral,' researchers say | TechCrunch
Securing against GenAI weaponization - Help Net Security
AI-obsessed company leaders can't ignore cyber security, says Palo Alto's CEO | Fortune
UK cyber spies plan AI lab to counter hostile state threats (cryptopolitan.com)
The dangers of voice deepfakes in the November election | TechTarget
AI PCs bring new security protections and risks. Here's what users need to know | ZDNET
What Does the EU AI Act Mean for Cyber Security? - Silicon UK Expert Advice
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
2FA/MFA
Implement MFA or Risk Non-Compliance With GDPR - Security Week
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
Malware
Hackers breach ISP to poison software updates with malware (bleepingcomputer.com)
Google Ads used to spread Mac malware disguised as 'Loom' (appleinsider.com)
Malware goes undetected by hiding malicious code in uncommon MS Access format - VMRay
Sneaky SnakeKeylogger slithers into Windows email inboxes • The Register
North Korean hackers exploit VPN update flaw to install malware (bleepingcomputer.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Chameleon Banking Trojan Makes a Comeback Cloaked as CRM App (darkreading.com)
New CMoon USB worm targets Russians in data theft attacks (bleepingcomputer.com)
Bad apps bypass Windows alerts for six years using LNK files • The Register
Ransomware gang targets IT workers with new RAT masquerading as IP scanner - Help Net Security
Mobile
Cyber Security is Not Complete Without EDR for Mobile | MSSP Alert
New LianSpy malware hides by blocking Android security feature (bleepingcomputer.com)
Extensive capabilities of new BlankBot Android trojan detailed | SC Media (scmagazine.com)
Google Patches New Android Kernel Vulnerability Exploited in the Wild (thehackernews.com)
Flaw in 5G phones exposes millions of users to spying (newsbytesapp.com)
Denial of Service/DoS/DDOS
Gaming Industry Faces 94% Surge in DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft Azure Attack Shows Persistence of Blunt Hacking Tool (claimsjournal.com)
How to recover from a DDoS attack – and what they can teach businesses | ITPro
Port of Tyne website hit by cyber attack - BBC News
Internet of Things – IoT
20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers (darkreading.com)
As use of IoT devices grows, so do the associated security risks | ZDNET
Next-Gen Vehicle Technologies Poses Challenges For Cyber Security Pros (informationsecuritybuzz.com)
With Most Modern Cars Locked Down, Hackers Turn to EV Chargers (pcmag.com)
Data Breaches/Leaks
How the theft of 40M UK voter register records was entirely preventable | TechCrunch
Personal Data of 3 Billion People Stolen in Hack, Suit Says (bloomberglaw.com)
Florida firm sued over theft of 2.9B personal records • The Register
ADT confirms data breach after customer info leaked on hacking forum (bleepingcomputer.com)
Tech Contractor Exposes Data Of 4.6 Million US Voters (informationsecuritybuzz.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Billion-dollar bust as cops op shutters Cryptonator wallet • The Register
Airbnb host adds ‘no crypto mining’ rule after tenant installs 10 rigs
How blockchain can support third-party risk management | TechTarget
Insider Risk and Insider Threats
Suspicious Minds: Insider Threats in The SaaS World (thehackernews.com)
Stopping cyber attackers from targeting the weakest links in security | ITPro
Insurance
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
Supply Chain and Third Parties
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
99% of Global 2000 Companies Directly Connected to a Supply Chain Breach | Business Wire
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
CrowdStrike: Delta Rejected Our Help in Wake of Windows Crash (pcmag.com)
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Lessons unlearned -- the cyber security industry is stuck in the past (betanews.com)
Tech Contractor Exposes Data Of 4.6 Million US Voters (informationsecuritybuzz.com)
Sports venues must vet their vendors to maintain security - Help Net Security
Cloud/SaaS
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins (darkreading.com)
Suspicious Minds: Insider Threats in The SaaS World (thehackernews.com)
Inherent disadvantage: Why attackers have the upper hand in the cloud | SC Media (scmagazine.com)
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds - Security Week
Outages
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Delta: CrowdStrike’s offer for help too little, too late • The Register
Lessons unlearned -- the cyber security industry is stuck in the past (betanews.com)
Encryption
The looming threat of Q-day and how CFOs should prepare | Fortune
Preparing for the Future of Post-Quantum Cryptography (darkreading.com)
US nears milestone in race to prevent quantum hacking (ft.com)
Linux and Open Source
Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com)
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Point of entry: Why hackers target stolen credentials for initial access (bleepingcomputer.com)
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds - Security Week
Social Media
US sued TikTok and ByteDance for violating children’s privacy laws - Security Affairs
Many dating apps a matchmaker for cyber criminals, study finds | Premium | Compliance Week
Online platforms told they risk stirring up hate and violence - BBC News
Malvertising
Google Ads used to spread Mac malware disguised as 'Loom' (appleinsider.com)
You’re telling me that ad was fake? Malvertising is sneakier than ever (securitybrief.co.nz)
Training, Education and Awareness
Stopping cyber attackers from targeting the weakest links in security | ITPro
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
Regulations, Fines and Legislation
UK IT provider faces $7.7 million fine for 2022 ransomware breach (bleepingcomputer.com)
US sued TikTok and ByteDance for violating children’s privacy laws - Security Affairs
Implement MFA or Risk Non-Compliance With GDPR - Security Week
Florida firm sued over theft of 2.9B personal records • The Register
Watchdog set to fine NHS IT firm after medical records hack - BBC News
Do you know what's in the new AI Cyber Code? - Accountancy Age
ACCA welcomes gov’s proposed AI cyber security code | Accountancy Today
SEC ends probe into MOVEit attacks impacting 95 million people (bleepingcomputer.com)
Intelligence bill would elevate ransomware to a terrorist threat | CyberScoop
Unraveling the ‘Materiality’ Mystery of SEC Compliance (informationweek.com)
NIS2 Directive in the EU: An imminent deadline, insufficient preparation - IT Security Guru
What Does the EU AI Act Mean for Cyber Security? - Silicon UK Expert Advice
Cyber Security and Resilience Bill good news for business and insurers (emergingrisks.co.uk)
Models, Frameworks and Standards
Download: CIS Critical Security Controls v8.1 - Help Net Security
NIS2 Directive in the EU: An imminent deadline, insufficient preparation - IT Security Guru
Backup and Recovery
What's the best way to protect against HDD failure? | TechTarget
Careers, Working in Cyber and Information Security
How to start your cyber security career: Expert tips and guidance - Help Net Security
What cyber security pros can learn from first responders (securityintelligence.com)
Law Enforcement Action and Take Downs
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Billion-dollar bust as cops op shutters Cryptonator wallet • The Register
Nashville man arrested for aiding North Korean remote IT worker fraud | CyberScoop
US dismantles laptop farm used by undercover North Korean IT workers (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Tech giants reveal plans to combat AI-fueled election antics | CyberScoop
Security industry braces for Democracy’s biggest test yet | SC Media (scmagazine.com)
Disinformation may 'go nuclear' rather than 'go viral,' researchers say | TechCrunch
The dangers of voice deepfakes in the November election | TechTarget
Microsoft: Iran makes late play to meddle in US elections | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK cyber spies plan AI lab to counter hostile state threats (cryptopolitan.com)
How Africa became the testing ground for cyber warfare | ITPro
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Nation State Actors
China
How the theft of 40M UK voter register records was entirely preventable | TechCrunch
Easterly: Potential Chinese cyber attack could unfold like CrowdStrike error | CyberScoop
Hackers breach ISP to poison software updates with malware (bleepingcomputer.com)
Chinese cyber attack sparks alert over six year old MS vuln | Computer Weekly
Fears of war with China grow but Labour is intent on a relationship with Beijing (inews.co.uk)
China's APT41 Targets Taiwan Research Institute for Cyber Espionage (darkreading.com)
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Russia
Russia's Priorities in Prisoner Swap Suggest Cyber Focus (darkreading.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
New CMoon USB worm targets Russians in data theft attacks (bleepingcomputer.com)
Iran
Microsoft: Iran makes late play to meddle in US elections | CyberScoop
Israeli hacktivist group claims it took down Iran's internet • The Register
North Korea
North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry (thehackernews.com)
North Korean hackers exploit VPN update flaw to install malware (bleepingcomputer.com)
Nashville man arrested for aiding North Korean remote IT worker fraud | CyberScoop
US dismantles laptop farm used by undercover North Korean IT workers (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Israeli hacktivist group claims it took down Iran's internet • The Register
Tools and Controls
62 percent of phishing emails pass DMARC checks (betanews.com)
Cyber Security is Not Complete Without EDR for Mobile | MSSP Alert
Security teams failing to manage Apple devices effectively (betanews.com)
Why every modern SOC needs a dedicated Vulnerability Operations Center (VOC) | TechRadar
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
AI in the Enterprise: Cutting Through the Hype and Assessing Real Risks - Security Week
The Potential Pitfalls Of Cyber Security Platformisation (forbes.com)
Securing from Active Directory Attacks - Security Boulevard
Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released - Help Net Security
The API Security Crisis: Why Your Company Could Be Next (darkreading.com)
How to recover from a DDoS attack – and what they can teach businesses | ITPro
12 types of endpoint security | TechTarget
Building an Effective Strategy to Manage AI Risks (darkreading.com)
Microsoft 365 anti-phishing alert "erased" with one simple trick - Help Net Security
After the Dust Settles: Post-Incident Actions - Security Week
Cyber Security and Resilience Bill good news for business and insurers (emergingrisks.co.uk)
Stopping cyber attackers from targeting the weakest links in security | ITPro
How Situational Awareness Enhances the Security of Your Facility - Security Boulevard
Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year - Security Week
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
AI PCs bring new security protections and risks. Here's what users need to know | ZDNET
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Where internal audit teams are spending most of their time - Help Net Security
Effective Board Communication: Lessons from CrowdStrike for CISOs | UpGuard
Other News
Most companies are afraid of unseen cyber security threats | SC Media (scmagazine.com)
Finance should pay much more attention to undersea cables risk (ft.com)
Mobile device management vendor Mobile Guardian attacked • The Register
Every Microsoft employee is now being judged on their security work - The Verge
How Cyber Criminals Are Weaponizing Sound Waves | HackerNoon
Report: Myths about tech still plaguing the IT world • The Register
UK under threat from exposed industrial systems – Censys (datacentrenews.uk)
How I got ‘hacked’ and what that says about the banking system (ft.com)
Attackers Use Multiple Techniques to Bypass Reputation-Based Security (darkreading.com)
Is the US Federal Government Increasing Cyber Risk Through Monoculture? (darkreading.com)
Over 40,000 Internet-Exposed ICS Devices Found in US: Censys - Security Week
Vulnerability Management
CVEs Surge 30% in 2024, Only 0.91% Weaponized - Infosecurity Magazine (infosecurity-magazine.com)
Why every modern SOC needs a dedicated Vulnerability Operations Center (VOC) | TechRadar
Best Practices for Effective Vulnerability Management | MSSP Alert
Monitoring KEV List for Changes Can Guide Security Teams (darkreading.com)
Vulnerabilities
Windows Update downgrade attack "unpatches" fully-updated systems (bleepingcomputer.com)
18-year-old security flaw in Firefox and Chrome exploited in attacks (bleepingcomputer.com)
Bitdefender Vulnerability Let Attackers Trigger SSRF Attacks (cybersecuritynews.com)
Microsoft Edge Vulnerability Let Attackers Execute Arbitrary Code (cybersecuritynews.com)
12 wide-impact firmware vulnerabilities and threats | CSO Online
Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com)
Google Patches New Android Kernel Vulnerability Exploited in the Wild (thehackernews.com)
20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers (darkreading.com)
Windows Smart App Control has a worrying security bug that hackers exploited for years | TechRadar
Microsoft Update Warning—70% Of All Windows Users Now At Risk (forbes.com)
Chrome, Firefox Updates Patch Serious Vulnerabilities - Security Week
Apple to Address '0.0.0.0' Security Vulnerability in Safari 18 - MacRumors
Critical Progress WhatsUp RCE flaw now under active exploitation (bleepingcomputer.com)
Windows Update Flaws Allow Undetectable Downgrade Attacks - Security Week
Hackers Exploited An 18-Year-Old Loophole In Safari, Chrome And Firefox (forbes.com)
Download iOS 17.6.1 Now to Ensure This Feature Is Working Correctly - CNET
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins (darkreading.com)
GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU - Security Week
Chinese cyber attack sparks alert over six year old MS vuln | Computer Weekly
BIND Vulnerabilities: Urgent Security Updates Released - Security Boulevard
AWS Patches Vulnerabilities Potentially Allowing Account Takeovers - Security Week
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (thehackernews.com)
Cisco warns of critical RCE zero-days in end of life IP phones (bleepingcomputer.com)
Exploit released for Cisco SSM bug allowing admin password changes (bleepingcomputer.com)
CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature (thehackernews.com)
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
Flaw in 5G phones exposes millions of users to spying (newsbytesapp.com)
Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year - Security Week
1Password vulnerability lets attackers steal Vault items • The Register
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
Microsoft: Exchange 2016 reaches extended end of support in October (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 08 August 2024 – Critical WhatsUp Gold RCE Vulnerability
Black Arrow Cyber Advisory 08 August 2024 – Critical WhatsUp Gold RCE Vulnerability
Executive summary
Progress Software has released patches for WhatsUp Gold, a network monitoring application. The patches fix three critical vulnerabilities including one which is seeing active exploitation attempts. The actively exploited critical vulnerability (CVE-2024-4885) allows an unauthenticated malicious attacker to perform remote code execution with elevated privileges. The other two critical vulnerabilities (CVE-2024-4883 and CVE-2024-4884) allow an unauthenticated attacker to perform remote code execution with elevated privileges.
What’s the risk to me or my business?
The vulnerability CVE-2024-4885 allows unauthenticated remote code execution, enabling attackers to execute arbitrary commands with elevated privileges (service account). Exploitation of this flaw can lead to severe consequences, including unauthorised access to sensitive data, disruption of network monitoring services and potential lateral movement within the network.
Increased risk of further exploitation through other vulnerabilities
Active exploitation attempts have been observed since August 1, 2024, highlighting the urgency for businesses to address this vulnerability. Failure to mitigate this risk could result in significant financial and reputational damage.
What can I do?
Security researchers have uncovered active exploitation attempts of CVE-2024-4885 in the wild, dating back to the 1st of August. Given the severity of this vulnerability, which impacts all versions released prior to 2023.1.3, immediate action is advised. Black Arrow strongly recommends the prompt application of the available patches to mitigate the risk.
Technical Summary
CVE-2024-4885 – If successfully exploited this vulnerability, in the WhatsUp.ExportUtilities.Export.GetFileWithoutZip function, allows an unauthenticated attacker to execute of commands as a service account through NmApi.exe.
CVE-2024-4884 - If successfully exploited, this vulnerability allows an unauthenticated attacker to execute commands with iisapppool\nmconsole privileges. The vulnerability specifically exists in Apm.UI.Areas.APM.Controllers.CommunityController.
CVE-2024-4883 - If successfully exploited, this vulnerability allows an unauthenticated attacker to execute commands with iisapppool\nmconsole privileges. The vulnerability specifically exists in Apm.UI.Areas.APM.Controllers.CommunityController.
Further information on WhatsUp Gold can be found here:
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 02 August 2024
Black Arrow Cyber Threat Intelligence Briefing 02 August 2024:
-UK IT Leaders Feeling Less Secure Despite Cyber Security Investments
-Average Data Breach Cost Jumps to $4.88 Million, Collateral Damage Increased
-Cyber Attacks Are Inevitable, Stop Preparing for If One Happens and Start Preparing for When One Will
-How AI is Shaping Fraud as BEC Attacks Surge 20% Annually Thanks to AI Tooling
-Organisations Fail to Log 44% of Cyber Attacks. Just One in 10 Attacks Flagged by Security Tools, 40% of Environments are Vulnerable to Full Takeover
-One in Five Employees Have No Cyber Security Training
-Ferrari Exec Foils Deepfake Attempt by Asking the Scammer a Question Only CEO Benedetto Vigna Could Answer
-Half of Businesses Report an Increase in State-Sponsored Cyber Threats Amid Rising Geopolitical Tension
-New Android Malware Wipes your Device After Draining Bank Accounts
-Report Reveals how Cyber Attacks Target Organisations Depending on Size
-An 18% Increase in Ransomware Attacks Includes $75M Payment
-UK ‘Desperately Exposed’ to Cyber Threats - Is It Time for the UK to Refresh Its Cyber Strategy?
-People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK IT Leaders Feeling Less Secure Despite Cyber Security Investments
A recent report indicates that despite increased investment in cyber security, over 87% of UK IT leaders feel less secure than a year ago. In a survey of 150 decision-makers, 90% noted a rise in the risk and severity of cyber attacks, with 61% finding the attack surface uncontrollable. Concerns include ransomware, lack of visibility, identity misuse, misconfiguration, and emerging technologies like Generative AI. Despite 97% increasing their cyber security budgets, 61% doubt its sufficiency, and 71% believe complete security is unattainable. Additionally, 53% have adopted some Zero Trust controls, but face challenges in comprehensive implementation due to costs and resource limitations.
Average Data Breach Cost Jumps to $4.88 Million, Collateral Damage Increased
IBM's annual Cost of a Data Breach Report for 2024 reveals the global average cost of a data breach has reached $4.88 million, marking a 10% increase from the previous year. A significant 70% of breached organisations reported severe disruption, with recovery taking over 100 days for most. AI and automation in security can reduce breach costs by $2.2 million, with organisations using these technologies detecting incidents 98 days faster. The report notes that 40% of breaches involved data stored across multiple environments, costing over $5 million on average. Staffing shortages also led to higher breach costs, averaging $5.74 million for those with severe shortages.
Cyber Attacks Are Inevitable, Stop Preparing for If One Happens and Start Preparing for When One Will
Cyber resilience is crucial for businesses, going far beyond the traditional approach to cyber security measures. In Q1 2024, organisations faced an average of 1,308 cyber attacks per week, marking a 28% increase from the previous quarter. Cyber crime losses hit $12.8 billion in 2023 and are projected to reach $23.84 trillion by 2027. A robust incident response plan and regular security audits are key to help mitigate long-term costs and ensure business continuity. Training employees and engaging third-party experts are also recommended to fortify defences against sophisticated cyber threats. Embracing cyber resilience is not merely a trend but a vital strategy for maintaining operational integrity in the digital landscape.
How AI is Shaping Fraud as BEC Attacks Surge 20% Annually Thanks to AI Tooling
A recent study by Vipre Security Group reveals a significant rise in business email compromise (BEC) attacks, driven by AI tools generating scam messages. The Email Threat Trends Report: Q2 2024, based on 1.8 billion processed emails, detected 226 million spam messages and nearly 17 million malicious URLs. Almost half (49%) of blocked spam emails were BEC attacks, with a 20% increase in BEC incidents compared to Q2 2023, and 40% of these attacks were AI-generated. Additionally, the report highlighted a doubling of evasive malicious attachments and a 74% rise in malicious URLs, with phishing being a dominant threat as 86% of malspam emails used malicious links.
Organisations Fail to Log 44% of Cyber Attacks. Just One in 10 Attacks Flagged by Security Tools, 40% of Environments are Vulnerable to Full Takeover
A recent study by Picus Security highlights significant gaps in cyber defence, revealing that only 12% of simulated cyber attacks triggered an alert and just 56% were logged by detection tools. Organisations manage to prevent 70% of attacks on average, but 40% of tested environments had vulnerabilities allowing attackers to gain domain admin privileges. Despite their reputation macOS endpoints were found to be particularly vulnerable, preventing just 23% of simulated attacks compared to 62% for Windows and 65% for Linux. Furthermore, only 9% of data exfiltration techniques were thwarted, with BlackByte ransomware being notably difficult to defend against, stopped by just 17% of organisations. These findings underscore the need for improved threat exposure management and the adoption of an "assume breach" mindset to enhance detection and response capabilities.
One in Five Employees Have No Cyber Security Training
A recent report by reveals significant gaps in workplace cyber security training among UK employees. The survey found that 18% of employees have never received any cyber security training, with 83% lacking training on deepfakes and AI, 60% on secure remote working, and 51% on avoiding phishing scams. Additionally, 48% have never been trained on creating strong passwords. Despite nearly three-quarters claiming to follow cyber security advice, 29% admit they forget to adhere to practices, and 22% find the advice too complicated. Furthermore, 14% do not consider it their responsibility to secure work systems. Organisations need to provide clear, relevant training, integrating it into daily roles and workflows to mitigate cyber risks effectively.
Ferrari Exec Foils Deepfake Attempt by Asking the Scammer a Question Only CEO Benedetto Vigna Could Answer
A Ferrari NV executive was recently targeted as part of a deepfake scam, where a fraudster impersonated CEO Benedetto Vigna in a convincing live phone call. The executive’s suspicion was aroused by mechanical intonations, leading to the scam's exposure when the impersonator failed to answer a personal question. Such incidents are on the rise, with AI tools increasingly used for voice cloning. In a similar case, an unnamed multinational lost $26 million to a deepfake scam. Experts warn that these AI-based tools will become increasingly accurate, necessitating robust training and vigilance for executives.
Half of Businesses Report an Increase in State-Sponsored Cyber Threats Amid Rising Geopolitical Tension
A recent report by Absolute Security reveals a significant rise in state-sponsored cyber threats, amid escalating geopolitical tensions, with 47% of businesses noting increased attacks over the past year. The UK faced a Chinese-backed cyber attack exposing the personal information of 270,000 Defence Ministry personnel, servicemen and veterans. The report, surveying 250 UK CISOs, reveals that 69% fear the financial impact of ransomware could cripple their organisation, with 62% worried about job security following a major attack. Ransomware remains the top concern, with four out of five CISOs identifying it as their most significant cyber threat.
New Android Malware Wipes your Device After Draining Bank Accounts
A recent report reveals a new Android malware, BingoMod, which can wipe devices after stealing up to €15,000 per transaction from victims' bank accounts. Disguised as legitimate security apps, BingoMod is distributed through smishing (SMS based phishing) campaigns and exploits Android's Accessibility Services for extensive control. It uses on-device fraud techniques to bypass standard anti-fraud systems by initiating transactions directly from the victim's device. The malware includes features like remote command execution and screen-casting, and can disable security apps and goes on to wipe external storage. Currently in early development, BingoMod employs advanced evasion mechanisms, complicating detection efforts.
Report Reveals how Cyber Attacks Target Organisations Depending on Size
A recent report by Barracuda highlights distinct differences in email attack types based on company size. Large organisations with over 2,000 employees face a higher risk of lateral phishing (a kind of cyber attack where the phishing email purportedly comes from a corporate email address), accounting for 42% of targeted attacks, compared to just 2% for companies with up to 100 employees. Smaller companies, however, are predominantly targeted by external phishing, which comprises 71% of email threats against them. Additionally, smaller firms experience three times more extortion attacks than larger ones. The report emphasises the need for regular security awareness training and multi-layered defences to mitigate these threats, with smaller businesses potentially benefiting from managed service providers.
An 18% Increase in Ransomware Attacks Includes $75M Payment
A recent report reveals an 18% increase in ransomware attacks, with a record $75 million payment made to the Dark Angels group. The US experienced a 93% year-over-year rise, followed by Italy at 78% and Mexico at 58%. Despite law enforcement efforts, ransomware syndicates like Lockbit 2.0 reconstitute operations using standby IT infrastructure. Similarly, a report by Cisco Talos Incident Response reveals that ransomware and business email compromise (BEC) attacks now constitute 60% of cyber engagements. Ransomware alone accounted for nearly 30% of these incidents, marking a 22% increase from the previous quarter. Although BEC engagements have slightly decreased, they remain a significant threat for the second consecutive quarter. Additionally, 80% of ransomware victims lacked proper multi-factor authentication (MFA) on critical systems, with misconfigured systems contributing to a 46% increase in vulnerabilities.
UK ‘Desperately Exposed’ to Cyber Threats - Is It Time for the UK to Refresh Its Cyber Strategy?
A recent warning from the UK Science Secretary highlights Britain's dire vulnerability to cyber and other potentially catastrophic threats such as another pandemic, attributing this exposure to severe public spending cuts under the previous government. Peter Kyle, appointed Science Secretary three weeks ago, criticised the lack of action on rising cyber security risks and inadequate preparedness for cyber and other threats, exacerbated by internal conflicts within the Tory ranks. He emphasised that "national resilience suffered terribly, catastrophically," leaving the NHS and other services weakened and the country ill-prepared for future threats. This comes as a report by the Chartered Institute for IT (BCS) has listed a series of recommendations after the last month saw more concerns about Russian cyber attacks on the UK linked to misinformation about the Southport attack and a major outage taking down aeroplanes, trains, hospitals, broadcasters and scores of companies.
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
A recent report by Keeper Security, Fortifying Cyber Resilience: Insights Into Global Cybersecurity Practices, highlights concerning trends in password management. Despite 85% of respondents believing their passwords are secure, over half admit to sharing them, and 2 in 5 reuse passwords. The survey of over 6,000 individuals globally found that 62% are overwhelmed by managing multiple passwords, with 24% writing them down and 19% storing them in browsers or phone apps. Notably, 34% share passwords for streaming sites. Organisations and employees should consider the need for adopting password managers, creating strong, unique passwords, and enabling Multi-Factor Authentication (MFA) to help mitigate cyber risks. A recent study highlights the alarming speed at which modern systems can crack passwords. An eight-character password of same-case English letters and digits can be guessed in just 17 seconds. The study found that 59% of passwords can be cracked in under an hour, revealing a significant vulnerability.
Sources:
https://www.helpnetsecurity.com/2024/07/30/ibm-cost-data-breach-report-2024/
https://www.infosecurity-magazine.com/news/bec-attacks-surge-20-annually-ai/
https://informationsecuritybuzz.com/bec-emails-are-now-ai-generated/
https://www.infosecurity-magazine.com/news/one-10-attacks-detected-security/
https://www.helpnetsecurity.com/2024/08/02/threat-exposure-management/
https://pcr-online.biz/2024/07/26/report-exposes-lack-of-cybersecurity-training-in-uk-workplaces/
https://www.hrmagazine.co.uk/content/news/one-in-five-employees-have-no-cybersecurity-training
https://www.computerweekly.com/opinion/Is-it-time-to-refresh-the-UKs-cyber-strategy
Governance, Risk and Compliance
UK IT leaders feeling less secure despite cybersecurity investments (securitybrief.co.nz)
SMEs spending thousands on outsourced cyber security costs | Insurance Times
What CISOs need to keep CEOs (and themselves) out of jail - Help Net Security
Average data breach cost jumps to $4.88 million, collateral damage increased - Help Net Security
Cyber Threat Worries Hit HR | The Global Recruiter
Recent Incidents Have CISOs — and Everyone Else — Talking (recordedfuture.com)
The Cybersecurity Leadership Crisis Dooming America’s Companies (forbes.com)
Cyber warning amid regulatory countdown (emergingrisks.co.uk)
Why CISOs face greater personal liability - Help Net Security
Report exposes lack of Cybersecurity training in UK workplaces – PCR (pcr-online.biz)
Executive Cybersecurity Accountability: A Rising Trend? - Security Boulevard
The three cybersecurity blind spots affecting today’s CISOs | TechRadar
Is it time to refresh the UK's cyber strategy? | Computer Weekly
Emerging Issues Shaping The Future Of Cyber GRC (realbusiness.co.uk)
Addressing communication roadblocks to overcome cybersecurity threats - IT Security Guru
Crucial Lessons Learned For Cybersecurity Resilience (forbes.com)
Business focus: Instilling best cybersecurity practices at work - Digital Journal
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware and email attacks are hitting businesses more than ever before | TechRadar
Report: An 18% Increase in Ransomware Attacks Includes $75M Payment - Security Boulevard
Ransomware: What Every Business Needs To Know (informationsecuritybuzz.com)
Email Attacks Surge, Ransomware Threat Remains Elevated - Security Boulevard
Organisations urged to take a proactive approach to ransomware threats (securitybrief.co.nz)
Law firms facing "astronomical ransom demands" from cyber attackers - Legal Futures
Russian ransomware generates over $500m in crypto proceeds, TRM Labs says
Russian ransomware gangs account for 69% of all ransom proceeds (bleepingcomputer.com)
Utility firms hit by huge leap in cyber threats – insurer (emergingrisks.co.uk)
How the Change Healthcare attack may affect cyber insurance | TechTarget
Ransomware Dominated by Russian Threat Operations | MSSP Alert
Black Basta ransomware switches to more evasive custom malware (bleepingcomputer.com)
LockBit ransomware titan now hangs by a thread • The Register
Would Making Ransom Payments Illegal Result in Fewer Attacks? (darkreading.com)
Black Basta Develops Custom Malware in Wake of Qakbot Takedown (darkreading.com)
Australian Companies Will Soon Need to Report Ransom Payments (darkreading.com)
Ransomware Victims
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment (pcmag.com)
Law firms facing "astronomical ransom demands" from cyber attackers - Legal Futures
How the Change Healthcare attack may affect cyber insurance | TechTarget
World leading silver producer Fresnillo discloses cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
13% of phishing scams analysed likely to be AI-generated: CSA | The Straits Times
Ransomware and email attacks are hitting businesses more than ever before | TechRadar
Proofpoint settings exploited to send millions of phishing emails daily (bleepingcomputer.com)
Hackers Use Microsoft Forms for Two-Step Phishing Attacks (cybersecuritynews.com)
IBM, Nike, Disney, others caught in Proofpoint phish palaver • The Register
Email Attacks Surge, Ransomware Threat Remains Elevated - Security Boulevard
'LockBit of phishing' EvilProxy used in 1M+ attacks monthly • The Register
Watch out — that Microsoft OneDrive security warning could actually be a malware scam | TechRadar
Nation-state actors exploit political tension to launch phishing campaigns (betanews.com)
Acronis reports 293% increase in email cyber attacks in H1 2024 (securitybrief.co.nz)
Microsoft is the most commonly imitated company in phishing scams | TechRadar
Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains - Security Week
Phishing campaigns target SMBs in Poland, Romania and Italy (securityaffairs.com)
SideWinder phishing campaign targets maritime facilities in multiple countries (securityaffairs.com)
Business Email Compromise (BEC), Email Account Compromise (EAC)
13% of phishing scams analysed likely to be AI-generated: CSA | The Straits Times
Ransomware and email attacks are hitting businesses more than ever before | TechRadar
Email Attacks Surge, Ransomware Threat Remains Elevated - Security Boulevard
Other Social Engineering
Watch out — that Microsoft OneDrive security warning could actually be a malware scam | TechRadar
Massive SMS stealer campaign infects Android devices in 113 countries (bleepingcomputer.com)
Dynamically Evolving SMS Stealer Threatens Global Android Users (darkreading.com)
New Android malware wipes your device after draining bank accounts (bleepingcomputer.com)
9 Social Engineering Attack Examples to Watch Out For | MSSP Alert
Threat actor impersonates Google via fake ad for Authenticator | Malwarebytes
A field guide on how to spot fake pictures - The Washington Post
North Koreans Target Devs Worldwide With Spyware, Job Offers (darkreading.com)
Artificial Intelligence
13% of phishing scams analysed likely to be AI-generated: CSA | The Straits Times
Ferrari exec foils deepfake plot by asking a question only the CEO could answer | Fortune
Most people worry about deepfakes - and overestimate their ability to spot them | ZDNET
AI-Powered Deepfake Tools Used by Cyber Criminals | Trend Micro (US)
How AI Is Assisting Cyber Criminals - TechRound
FraudGPT helps cyber criminals hack (mybroadband.co.za)
CISOs face AI risks while managing innovation & security (securitybrief.co.nz)
IT leaders worry the rush to adopt Gen AI may have tech infrastructure repercussions | ZDNET
Growing underground market for rogue AI sparks cyber security concerns | The Straits Times
A field guide on how to spot fake pictures - The Washington Post
Malware
Watch out — that Microsoft OneDrive security warning could actually be a malware scam | TechRadar
How Infostealers Pillaged the World’s Passwords | WIRED
WhatsApp for Windows lets Python, PHP scripts execute with no warning (bleepingcomputer.com)
New Specula tool uses Outlook for remote code execution in Windows (bleepingcomputer.com)
Black Basta ransomware switches to more evasive custom malware (bleepingcomputer.com)
Updated TgRat trojan sets sights on Linux servers | SC Media (scmagazine.com)
OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script (thehackernews.com)
macOS Malware Disguise As Unarchiver App Steals User Data (cybersecuritynews.com)
Black Basta Develops Custom Malware in Wake of Qakbot Takedown (darkreading.com)
Hackers abuse free TryCloudflare to deliver remote access malware (bleepingcomputer.com)
Mobile
New Android malware wipes your device after draining bank accounts (bleepingcomputer.com)
WhatsApp for Windows lets Python, PHP scripts execute with no warning (bleepingcomputer.com)
Massive SMS stealer campaign infects Android devices in 113 countries (bleepingcomputer.com)
Dynamically Evolving SMS Stealer Threatens Global Android Users (darkreading.com)
Google on why you should disable 2G on your Android phone (9to5google.com)
CBP needs warrant to search phones, says yet another judge • The Register
Denial of Service/DoS/DDOS
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
Microsoft apologises after thousands report new outage - BBC News
Microsoft: DDoS defence error amplified attack on Azure, leading to outage - Help Net Security
Internet of Things – IoT
Global Smart Buildings Cyber Security Market Responds to (globenewswire.com)
Data Breaches/Leaks
Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly
More Legal Records Stolen in 2023 Than Previous 5 Years Combined (darkreading.com)
Unauthorized access at HealthEquity affects 4.3M people • The Register
UK govt links 2021 Electoral Commission breach to Exchange server (bleepingcomputer.com)
FBCS data breach impact now reaches 4.2 million people (bleepingcomputer.com)
Researcher says deleted GitHub data can be accessed 'forever' | TechTarget
South Korea probes data leak of agents spying on the North | South China Morning Post (scmp.com)
CrowdStrike Denies Claims that IoC list Exposed by USDoD | MSSP Alert
Cognizant denies data breach claims, says hacker group stole fake test data
France's cyber crime unit called in on Israeli athletes data leak (insidethegames.biz)
Organised Crime & Criminal Actors
Russian cyber criminals head home in US prisoner swap deal • The Register
Hacker USDoD: “I don't pick sides. I play both sides and always win” – interview | Cybernews
Cyber Crime and the Dark Web | MSSP Alert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Russian ransomware generates over $500m in crypto proceeds, TRM Labs says
Blockchain Security: Vulnerabilities and Protective Measures | MSSP Alert
Russian-Speaking Groups Dominate Crypto-Related Cyber Crime: TRM Labs (cryptopotato.com)
WazirX increases bounty to $23 million for recovery of stolen assets
Wave of Cyber Attacks Rocks the Crypto World: Key Incidents from the Past Week (coinpedia.org)
Insurance
How the Change Healthcare attack may affect cyber insurance | TechTarget
Supply Chain and Third Parties
Microsoft charts plans for a future without CrowdStrike-like outages | Windows Central
Top Ways To Assess And Address Third-Party Cyber Security Risk (forbes.com)
Here's what the CrowdStrike outage exposed about our connected world. It's not good. (yahoo.com)
CrowdStrike Outage Losses Estimated at a Staggering $5.4B (darkreading.com)
Microsoft admits 8.5 million CrowdStruck machines was low • The Register
Microsoft 365 and Azure outage takes down multiple services (bleepingcomputer.com)
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
CrowdStrike Faces Lawsuits From Customers, Investors - Security Week
The CrowdStrike Meltdown: A Wake-up Call for Cyber Security (darkreading.com)
IT Outage Cost Delta Air Lines $500 million - AVweb
Cloud/SaaS
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
Microsoft: DDoS defence error amplified attack on Azure, leading to outage - Help Net Security
The three cyber security blind spots affecting today’s CISOs | TechRadar
The gap between business confidence and cyber resiliency - Help Net Security
Outages
Microsoft Suggests Windows Changes After CrowdStrike Outage (petri.com)
Here's what the CrowdStrike outage exposed about our connected world. It's not good. (yahoo.com)
CrowdStrike Outage Losses Estimated at a Staggering $5.4B (darkreading.com)
Companies Struggle to Recover From CrowdStrike's Crippling Falcon Update (darkreading.com)
Microsoft admits 8.5 million CrowdStruck machines was low • The Register
Microsoft Confirms New Outage Was Triggered By Cyber Attack (forbes.com)
CrowdStrike Faces Lawsuits From Customers, Investors - Security Week
The CrowdStrike Meltdown: A Wake-up Call for Cyber Security (darkreading.com)
IT Outage Cost Delta Air Lines $500 million - AVweb
Linux and Open Source
Updated TgRat trojan sets sights on Linux servers | SC Media (scmagazine.com)
Passwords, Credential Stuffing & Brute Force Attacks
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords - IT Security Guru
Acronis warns of Cyber Infrastructure default password abused in attacks (bleepingcomputer.com)
How quickly can attackers guess your password? | Securelist
Russia-linked brute-force attacks trying to compromise European networks, report (computing.co.uk)
How Infostealers Pillaged the World’s Passwords | WIRED
Social Media
Elon Musk's X now trains Grok on your data by default - here's how to opt out | ZDNET
Meta agrees to pay record $1.4B in Texas facial recognition suit - The Washington Post
Training, Education and Awareness
HR Magazine - One in five employees have no cyber security training
Report exposes lack of Cyber Security training in UK workplaces – PCR (pcr-online.biz)
SANS Institute Unveils Highly Anticipated Annual Security Awareness Report for 2024 (prweb.com)
Regulations, Fines and Legislation
Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly
NIS2 Directive: German government adopts draft NIS2 Implementation Act | Hogan Lovells - JDSupra
One Year Post-SEC Cyber Security Disclosure Updates: What has Changed? | Law.com
The Cyber Security Leadership Crisis Dooming America’s Companies (forbes.com)
The NIS2 Directive: Implications for Your Organisation - Security Boulevard
Cyber warning amid regulatory countdown (emergingrisks.co.uk)
Meta agrees to pay record $1.4B in Texas facial recognition suit - The Washington Post
'Essential' cyber protection law comes closer - Jersey Evening Post
Models, Frameworks and Standards
NIS2 Directive: German government adopts draft NIS2 Implementation Act | Hogan Lovells - JDSupra
The NIS2 Directive: Implications for Your Organisation - Security Boulevard
Cyber warning amid regulatory countdown (emergingrisks.co.uk)
Careers, Working in Cyber and Information Security
The cost of cyber security burnout: Impact on performance and well-being - Help Net Security
Contributing to Your Cyber Security Team as an Informal Leader (govinfosecurity.com)
Law Enforcement Action and Take Downs
UK cops shut down global call-spoofing service • The Register
FBI Flies 65-Strong Cyber Action Team Across Globe To Fight Hackers (forbes.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Half of Businesses Report Rise in State-Sponsored Cyber Threats (itsecuritywire.com)
SideWinder Launches New Espionage Campaign on Ports (inforisktoday.com)
Nation State Actors
Half of Businesses Report Rise in State-Sponsored Cyber Threats (itsecuritywire.com)
Nation-state actors exploit political tension to launch phishing campaigns (betanews.com)
China
Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly
Germany summons Chinese envoy over 2021 cyber attack – DW – 07/31/2024
Russia
Russian ransomware gangs account for 69% of all ransom proceeds (bleepingcomputer.com)
Russia-linked brute-force attacks trying to compromise European networks, report (computing.co.uk)
US Trades Cyber Criminals to Russia in Prisoner Swap – Krebs on Security
Russian ransomware generates over $500m in crypto proceeds, TRM Labs says
Russia’s war against Ukraine: Lessons on infrastructure security an (epc.eu)
Ukraine's IT Army Is a 'World First' in Cyberwarfare, but It's a Gamble - Business Insider
Ransomware Dominated by Russian Threat Operations | MSSP Alert
Domains with delegated name service may be Sitting Ducks • The Register
Russian-Speaking Groups Dominate Crypto-Related Cyber Crime: TRM Labs (cryptopotato.com)
From Geopolitics to Boardrooms: The Impact of the Kaspersky Ban - Security Boulevard
Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova (thehackernews.com)
Ukraine's cyber op shut down ATM services of major Russian banks (securityaffairs.com)
North Korea
UK and allies expose North Korean cyber campaign (ukdefencejournal.org.uk)
North Koreans Target Devs Worldwide With Spyware, Job Offers (darkreading.com)
South Korea probes data leak of agents spying on the North | South China Morning Post (scmp.com)
Tools and Controls
Just One in 10 Attacks Flagged By Security Tools - Infosecurity Magazine (infosecurity-magazine.com)
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords - IT Security Guru
SMEs spending thousands on outsourced cyber security costs | Insurance Times
HR Magazine - One in five employees have no cyber security training
Report exposes lack of Cyber Security training in UK workplaces – PCR (pcr-online.biz)
SANS Institute Unveils Highly Anticipated Annual Security Awareness Report for 2024 (prweb.com)
Threat intelligence: A blessing and a curse? - Help Net Security
Crucial Lessons Learned For Cyber Security Resilience (forbes.com)
Top Ways To Assess And Address Third-Party Cyber Security Risk (forbes.com)
The Critical Role Of Response Time In Cyber Security (informationsecuritybuzz.com)
Cheshire East Council ready to 'wargame' potential cyber attacks - BBC News
What is cyber attribution? | Definition from TechTarget
PR vs cyber security teams: Handling disagreements in a crisis (securityintelligence.com)
The Power and Peril of RMM Tools (thehackernews.com)
The three cyber security blind spots affecting today’s CISOs | TechRadar
Building Resilience: Key Cyber Security Solutions for Enterprises (itprotoday.com)
Sitting Ducks attack exposes over a million domains to hijacking (securityaffairs.com)
Why monitoring dark web traffic is crucial for cyber security teams | TechRadar
ECB cyber resilience stress test reveals banks' strengths and gaps - ThePaypers
6 types of DNS attacks and how to prevent them | TechTarget
DigiCert Revoking 83,000 Certificates of 6,800 Customers - Security Week
Cyber crisis? How good PR can save your brand | Computer Weekly
Reports Published in the Last Week
SANS Institute Unveils Highly Anticipated Annual Security Awareness Report for 2024 (prweb.com)
Cost of a Data Breach Report 2024.pdf (ibm.com)
Vipre Q2 2024 Email Threat Report
Fortifying Cyber Resilience: Insights Into Global Cyber Security Practices (keepersecurity.com)
Other News
Nearly 7% of Internet Traffic Is Malicious - Schneier on Security
Starmer told to ‘wake up’ and protect UK from cyber attacks before it is too late | The Independent
Organisations fail to log 44% of cyber attacks, major exposure gaps remain - Help Net Security
Report reveals how cyber attacks target organisations depending on size (securitybrief.co.nz)
Cyber attacks against UK utility companies up 586% in 2023: Chaucer - Reinsurance News
Cyber attacks on utilities increased seven-fold in 2023 - Utility Week
Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw - Security Week
Utility firms hit by huge leap in cyber threats – insurer (emergingrisks.co.uk)
Is it time to refresh the UK's cyber strategy? | Computer Weekly
French Internet Lines Cut in Latest Attack During Olympics – BNN Bloomberg
The Top Challenges Of Managed Security (forbes.com)
ECB cyber resilience stress test reveals banks' strengths and gaps - ThePaypers
Cyber Attacks Present Shipping's Biggest Threat Since WWII (pymnts.com)
Cyber Security: A key focus for North American Banks | Global Finance Magazine (gfmag.com)
From Geopolitics to Boardrooms: The Impact of the Kaspersky Ban - Security Boulevard
8 in 10 Large Merchants Have Faced Cyber Attacks in Past Year (pymnts.com)
Telecoms are prime targets for cyber attacks in 2024, Kaspersky report - Africa Business Communities
Vulnerability Management
6% of All Published CVEs Have Been Exploited in the Wild, Report Finds - IT Security Guru
NIST may not resolve vulnerability database backlog until early 2025, analysis shows - Nextgov/FCW
Why a strong patch management strategy is essential for reducing business risk - Help Net Security
NVD Backlog Continues to Grow (darkreading.com)
Navigating the Evolving Landscape of Cyber Security - Security Boulevard
Vulnerabilities
VMware ESXi hypervisor vulnerability grants full admin privileges | CSO Online
PatchNow: ServiceNow Critical RCE Bugs Under Active Exploit (darkreading.com)
Proofpoint settings exploited to send millions of phishing emails daily (bleepingcomputer.com)
Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw - Security Week
Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances - Security Week
Veeam Backup Software Being Exploited By New Ransomware Group - Security Boulevard
July Windows Server updates break Remote Desktop connections (bleepingcomputer.com)
Update your Chrome browser to add critical security feature | Digital Trends
Could Intel Have Fixed Spectre & Meltdown Bugs Earlier? (darkreading.com)
Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue (darkreading.com)
Microsoft Confirms It Broke Windows As 30-Minute Crashes Hit After Update (forbes.com)
RADIUS Protocol Vulnerability Impacted Multiple Cisco Products (cybersecuritynews.com)
Acronis Cyber Infrastructure bug actively exploited in the wild (securityaffairs.com)
Apple Rolls Out Security Updates for iOS, macOS - Security Week
Researcher says deleted GitHub data can be accessed 'forever' | TechTarget
New Specula tool uses Outlook for remote code execution in Windows (bleepingcomputer.com)
Got a PC with a 13th or 14th gen Intel Core CPU? You need to read this | ZDNET
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.