Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Over Half of Companies Experienced Cyber Security Incidents Last Year

According to a recent global survey, over half of the participating companies faced major security incidents in the past year, necessitating additional resources to tackle these challenges. Despite these incidents, many organisations claim improved performance on key cyber security indicators and express confidence in their threat detection capabilities. The research highlights a concerning discrepancy between perceived security measures and the actual state of security operations, underscoring a lack of comprehensive visibility and effective response mechanisms within companies. Particularly concerning is the finding that organisations can typically monitor only two-thirds of their IT environments, exposing significant vulnerabilities. Furthermore, the study points to a greater need for greater automation and third-party assistance in threat detection and response, suggesting that while companies are aware of their shortcomings, the path to enhanced security involves embracing AI-driven solutions to close these gaps. This insight highlights to leadership the importance of investing in advanced cyber security technologies and expertise to safeguard the organisation’s digital assets effectively.

Sources: [Beta News] [Verdict]

Deepfake Video Conference Costs Business $25 Million

There has been a surge in the number of artificial intelligence deepfake attacks where technology is being used to impersonate individuals. In one case, a finance professional at a multinational was reportedly swindled out of $25 million (HK$200 million) of company money when scammers created a deepfake of his London-based chief financial officer in a video conference call, faking both the CFO’s look and voice. The scam involved the fake CFO making increasingly urgent demands to execute money transfers, resulting in 15 transfers from the victim employee. The reality of the attack was only discovered by the victim after he had contacted the company’s corporate head office.

Sources: [The Register] [Help Net Security] [TechCentral ] [Tripwire]

Watershed Year for Ransomware as Victims Rose by Almost 50% And Payments Hit $1 Billion All-Time High

Even with enforcers shutting down some ransomware gangs, the business of ransomware is booming. A recent report from Palo Alto Networks Unit 42 found a 49% increase in the number of victims reported on ransomware leak sites; this does not include those who were victims but did not appear on sites. This comes as ransomware hit an all time high, with over $1b made in ransomware payments. Of note, this is just ransom payments; this does not take in to account reputational damage, recovery costs and loss in share value. The real effects of a ransomware attack may take months or even years to materialise. As ransomware remains a constant threat, it is important for organisations to be prepared.

Sources: [The Verge ] [Malwarebytes] [Infosecurity Magazine] [CSO Online] [ITPro] [TechRadar]

Malware-as-a-Service Now the Top Threat to Organisations

Recent studies have underscored a significant shift in the cyber threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) now dominating. These ‘as-a-service’ tools are particularly concerning as they lower the barrier to entry for cyber criminals, enabling even those with limited technical knowledge to launch sophisticated attacks. The report found that the most common as-a-Service tools were Malware loaders (77% of investigated threats), crypto-miners (52% of investigated threats) and botnets (39% of investigated threats). These findings underscore the adaptability of these threats, with malware strains being developed with multiple functions to maximise damage. Despite these trends, traditional methods like phishing continue to pose significant challenges for security teams. It’s clear that staying ahead of these evolving threats requires a proactive and comprehensive approach to cyber security.

Sources:[Infosecurity Magazine] [Beta News] [Help Net Security]

Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances

A recent report has found that over 97% of UK firms have paid a ransom in the last two years, finding even more reason to operate in a when-not-if environment. When asked about their recovery in an event, 38% said they could recover in four to six days, and 34% need one to two weeks to recover; almost one in four (24%) need over three weeks to recover data and restore business processes. Only 12% said their company had stress-tested their data security, data management, and data recovery processes or solutions in the six months prior to being surveyed, and 46% had not tested their processes or solutions in over 12 months.

Sources: [The FinTech Times] [ Help Net Security]

Chinese State Hackers Hid in National Infrastructure for at Least 5 Years

US cyber officials have said that they discovered China-sponsored hackers lurking in American computer networks, positioning themselves to disrupt communications, energy, transportation and water systems; and this had been going on for at least 5 years. This has led to a joint warning from the US FBI, National Security Agency and Cyber Infrastructure and Security Agency, which has been cosigned by Britain, Canada, Australia and New Zealand. This dwell time isn’t just something that is encountered in critical infrastructure networks; attackers lurk on networks, undiscovered often for years, allowing them to see everything going on in the corporate environment.

Sources: [NTD] [Washington Times]

Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor

Email attacks against businesses have increased dramatically as hackers continually use generative AI tools to optimise their content and streamline malicious campaigns, new research has claimed.

The report from Acronis is based on data collected from more than a million unique endpoints across 15 countries, and found AI-powered phishing affected more than 90% of organisations last year. AI helped has email attacks grow by 222% since the second half of 2023.

Sources: [New Electronics] [TechRadar]

Security Leaders, C-Suite Unite to Tackle Cyber Threats

A recent survey found that CEOs are taking a more hands-on approach and prioritising cyber resilience in 2024, leading to the breakdown of traditional silos between IT operations and security teams. The survey polled over 200 C-Suite and senior-level IT executives globally, and revealed a growing recognition of the importance of collaboration in combating sophisticated cyber threats, with 99% of respondents observing increased connectivity between the teams over the past year. While progress has been made, challenges remain, with only 48% of organisations establishing joint protocols for incident mitigation or recovery. Looking ahead, respondents anticipate a significant role for artificial intelligence (AI) in enhancing security efforts, with 68% expecting AI to streamline threat detection and response. Despite advancements, fragmented data protection solutions persist as a challenge, impacting over 90% of organisations' cyber resiliency. This underscores the need for a top-down approach to cyber security, with CEOs and boards driving collaboration between IT operations and security teams to optimise cyber preparedness initiatives and mitigate cyber risks effectively.

Source: [Security Boulevard]

UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons

UN sanction monitors are investigating dozens of suspected cyber attacks by North Korea that have raked in $3 billion to help North Korea further its nuclear weapons programme, according to excerpts of an unpublished UN report. “The panel is investigating 58 suspected DPRK cyber attacks on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help fund DPRK’s WMD development,” according to the monitors, who report twice a year to the 15-member security council.

Source: [The Guardian]

What Does a ‘Cyber Security Culture’ Actually Entail?

Fostering a robust cyber security culture emerges as a critical imperative for organisations in 2023, as revealed by ITPro Today's "State of Cybersecurity in 2023" study. Despite this recognition, organisations grapple with various challenges, including budget constraints, staffing shortages, and the failure to implement fundamental security practices like the principle of least privilege and zero trust. Insufficient staffing and constrained budgets elevate the risk of breaches, emphasising the need for a collective effort to bolster security measures.

Cultivating a cyber security culture entails educating every employee on security risks and holding them accountable for risk reduction efforts. While security teams play a pivotal role in setting expectations and providing guidance, a culture of cyber security necessitates continuous training, integration of security into everyday work, and clear delineation of risk ownership throughout the organisation. By prioritising proactive measures and fostering individual responsibility, organisations can fortify their defences against evolving cyber threats and mitigate risks effectively.

Source: [ITPro Today]

Beyond Checkboxes: Security Compliance as a Business Enabler

In today's complex business landscape, regulatory requirements are increasingly intricate, especially concerning cyber security compliance. While compliance might evoke images of stringent regulations and time-consuming audits, reframing our perspective reveals its potential as a vital business enabler. Security leaders, in collaboration with senior management, must cultivate a culture where commitment to cyber security compliance permeates the organisation, emphasising its role in fostering trust, facilitating global market access, and even serving as a competitive advantage. Moreover, robust compliance programs drive operational efficiency, innovation, and cost savings in the long run. Embracing cyber security compliance as a strategic enabler, rather than a regulatory burden, positions businesses for success, innovation, and resilience in an ever-evolving digital landscape.

Source: [Forbes]

No One in Cyber Security Is Ready for the SolarWinds Prosecution

The concept of "materiality" has taken centre stage for Chief Information Security Officers (CISOs) in light of new SEC regulations, requiring US public companies to disclose "material cyber security incidents" within four days. The SolarWinds breach and subsequent SEC charges against the company and its CISO highlight the seriousness of these regulations. This shift necessitates a deeper understanding of what constitutes "material" risk in cyber security and a more transparent approach to risk communication. However, many CISOs face challenges in quantifying and communicating cyber risks effectively to boards and executives, who often lack familiarity with cyber security terminology. This regulatory change underscores the need for CISOs to bridge the gap between cyber security and financial reporting, ensuring accurate and precise risk communication at the C-Suite level. Additionally, policymakers should incentivise C-Suite accountability for cyber risk management, fostering a culture where cyber risks are addressed proactively and transparently.

Source:[Council on Foreign Relations]

Governance, Risk and Compliance

• Over half of companies experienced cyber security incidents last year (betanews.com)

• Beyond Checkboxes: Security Compliance As Business Enabler (forbes.com)

• What Goes Into a Strong Cyber Security Culture? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Why an HR-IT Partnership is Critical for Managing Cyber Security Risk - Security Boulevard

• The Cyber Threats Every C-Level Exec Should Care About In 2024 (forbes.com)

• Never Mind the Buzz; Here's the Consequences: No One in Cyber Security Is Ready for the SolarWinds Prosecution | Council on Foreign Relations (cfr.org)

• Security Leaders, C-Suite Unite to Tackle Cyberthreats - Security Boulevard

• Cyber Security, Hybrid Workforce Management Among Top 2024 Business Challenges (allwork.space)

• How CISOs navigate policies and access across enterprises - Help Net Security

• Resisting Hindsight Bias: A Proposed Framework for CISO Liability - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• The ransomware business is booming, even as enforcers shut down some players - The Verge

• Ransomware victim numbers rose by 50% in 2023 | CSO Online

• Known ransomware attacks up 68% in 2023 | Malwarebytes

• Paying ransoms is becoming a cost of doing business for many - Help Net Security

• Ransomware Payments Hit $1bn All-Time High Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• Chainalysis: 2023 a 'watershed' year for ransomware | TechTarget

• The hidden cost of ransomware is more painful than many realize | ITPro

• Cohesity Reveals over 9 in 10 UK Firms Have Paid Ransoms Despite Alleged "No Pay" Stances | The Fintech Times

• Is critical infrastructure prepared for OT ransomware? • The Register

• Akira and 8Base are the ransomware gangs to watch in 2024 • The Register

• Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)

• ‘These are threat-to-life crimes’: How hospitals are responding to a rise in ransomware attacks – NBC4 Washington (nbcwashington.com)

• NCC Group records the most ransomware victims ever in 2023 | TechTarget

• LockBit Reigns Supreme in Soaring Ransomware Landscape - Infosecurity Magazine (infosecurity-magazine.com)

• How security experts unravel ransomware (engadget.com)

• Cyber Attacks by North Korea raked in $3bn to build nuclear weapons, UN monitors suspect | North Korea | The Guardian

• US govt ups bounty on Hive ransomware gang members to $15M • The Register

Ransomware Victims

• Industry giants Clorox and Johnson Controls report financial losses from cyber attacks (therecord.media)

• Clorox says cyber attack caused $49 million in expenses (bleepingcomputer.com)

• Blackbaud blasted for failing to prevent customer breaches | Computer Weekly

• Lurie Children's Hospital cyber attack forces systems offline • The Register

• Blackbaud settles FTC data security probe into 2020 ransomware attack | K-12 Dive (k12dive.com)

• Thanks to a shadowy hacker group, the British Library is still on its knees. Is there any way to stop them? | Lamorna Ash | The Guardian

• California union confirms ransomware attack following LockBit claims (therecord.media)

• Another Chicago hospital announces cyber attack (therecord.media)

• Scots care charity target of huge cyber attack - TFN

• Funerals reportedly canceled due to ransomware attack on Austrian town (therecord.media)

Phishing & Email Based Attacks

• Fake board meeting nets cyber criminals more than €28m - TechCentral.ie

• QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security (darkreading.com)

• 222% surge in email attacks during 2023

• Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar

• South African Railways Lost Over $1M in Phishing Scam (darkreading.com)

• These were the most common phishing emails of 2023 — make sure you don't get caught out as well | TechRadar

Artificial Intelligence

• Fake board meeting nets cyber criminals more than €28m - TechCentral.ie

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

• Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar

• Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft uncovers extensive Iranian AI-based cyber ops against Israel amid Gaza war | Ctech (calcalistech.com)

• Could a threat actor socially engineer ChatGPT? (securityintelligence.com)

• Current approaches can’t mitigate the AI cyber security threat. What can? (networkingplus.co.uk)

Malware

• Malware-as-a-Service Now the Top Threat to Organisations - Infosecurity Magazine (infosecurity-magazine.com)

• Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• macOS Malware Campaign Showcases Novel Delivery Technique (darkreading.com)

• China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)

• FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network (thehackernews.com)

• Netherlands accuses China of cyber spying after security service makes malware discovery | NL Times

• Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials (thehackernews.com)

• Fresh 'Mispadu Stealer' Variant Emerges (darkreading.com)

• Mini PC maker ships systems with factory-installed spyware — AceMagic says issue was contained to the 'first shipment' | Tom's Hardware (tomshardware.com)

• Raspberry Robin Evolves With Stealth Tactics, New Exploits - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar

• Google Links Over 60 Zero-Days to Commercial Spyware Vendors - SecurityWeek

• 'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps (darkreading.com)US insurance firms sound alarm after 66,000 individuals impacted by SIM swap attack (bitdefender.com)

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunchWizz Removed from Apple and Google Stores for Sextortion Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Top Mobile App Security Risks | MSSP Alert

• February 2024 Android security patch here for Pixels - Android Authority

• Google fixed an Android critical remote code execution flaw (securityaffairs.com)

• Warning from LastPass as fake app found on Apple App Store | Malwarebytes

• Android XLoader malware can now auto-execute after installation (bleepingcomputer.com)

• This Android malware can steal all your photos and texts without being opened — how to stay safe | Tom's Guide (tomsguide.com)

Denial of Service/DoS/DDOS

• That electric toothbrush DDoS story you saw might have been a case of mistranslation | ITPro

Internet of Things – IoT

• The toothbrush DDoS attack: How misinformation spreads in the cyber security world • Graham Cluley

• Global cities unprepared for emerging risks warns study

• Understanding the Connection Between IoT Vulnerabilities and Home Network Intrusions - Security Boulevard

• As Smart Cities Expand, So Do the Threats (darkreading.com)

Data Breaches/Leaks

• AnyDesk forces password reset for customers as 18k credentials go up for sale online | SC Media (scmagazine.com)

• Cloudflare hacked — company reveals details of November 2023 cyber attack, blames previous Okta breach | TechRadar

• HPE investigates new breach after data for sale on hacking forum (bleepingcomputer.com)

• Alleged data breach sees names, addresses and phone numbers of serving police staff shared on email - North Wales Live (dailypost.co.uk)

• Blackbaud Comments on FTC Settlement, Continues to Strengthen Cyber Security - MarketWatch

• FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach | TechCrunch

• Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)

• Millions of User Records Stolen From 65 Websites via SQL Injection Attacks - SecurityWeek

• 'ResumeLooters' Attackers Steal Millions of Career Records (darkreading.com)

• Data breach at French healthcare services firm puts millions at risk (bleepingcomputer.com)

• Verizon Says Data Breach Impacted 63,000 Employees - SecurityWeek

• Data breaches at Viamedis and Almerys impact 33 million in France (bleepingcomputer.com)

• Report: More Than Half of Americans Have Had Their Data Exposed (govtech.com)

• Data of half the population of France stolen in its largest ever cyber attack. This is what we know | Euronews

• HopSkipDrive says personal data of 155,000 drivers stolen in data breach | TechCrunch

Organised Crime & Criminal Actors

• Over half of companies experienced cyber security incidents last year (betanews.com)

• Malware-as-a-Service Now the Top Threat to Organisations - Infosecurity Magazine (infosecurity-magazine.com)

• As-a-Service tools empower criminals with limited tech skills - Help Net Security

• Teens Committing Scary Cyber Crimes, What's Behind the Trend? (darkreading.com)

• Nigerian President Dismisses Nation's 'Cyber Crime Haven' Image (darkreading.com)

• Lessons Learned From Tracing Cyber Crime’s Evolution On The Dark Web (forbes.com)

• US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW

• Report: Blocked IP addresses increased by 116.42% | Security Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Pig-butchering scams morph into DeFi threats (cointelegraph.com)

• Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)

Insider Risk and Insider Threats

• Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register

• How bias can undermine insider threat monitoring | TechRadar

• What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard

• Engineer accused of stealing secret US government tech used to detect nuclear missile launches (nbcnews.com)

Supply Chain and Third Parties

• Cloudflare hacked — company reveals details of November 2023 cyber attack, blames previous Okta breach | TechRadar

• Blackbaud blasted for failing to prevent customer breaches | Computer Weekly

• Removing the weakest link: Strengthen the security of your supply chain (techuk.org)

Cloud/SaaS

• Stop chasing shadow IT: Tackle the root causes of cloud breaches | SC Media (scmagazine.com)

• Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard

• Organisations Left Grappling for Solutions Amid Alarming Cloud Security Gaps | Network Computing

Identity and Access Management

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

Encryption

• Raspberry Pi Pico cracks BitLocker in under a minute • The Register

Linux and Open Source

• Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• Credential Harvesting Vs. Credential Stuffing Attacks: What’s the Difference? - Security Boulevard

• Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)

• AnyDesk downplays impact of cyber attack | SC Media (scmagazine.com)

• Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard

Social Media

• Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials (thehackernews.com)

• Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook fatal accident scam still rages on | Malwarebytes

Regulations, Fines and Legislation

• Never Mind the Buzz; Here's the Consequences: No One in Cyber Security Is Ready for the SolarWinds Prosecution | Council on Foreign Relations (cfr.org)

• How the SEC's Rules on Cyber Security Incident Disclosure Are Exploited (darkreading.com)

• Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say (databreaches.net)

• No one's happy with latest US cyber incident reporting plan • The Register

• 2023 Cyber Security Regulation Recap (Part 3): Privacy Protection - Security Boulevard

Models, Frameworks and Standards

• Exploring NIST Cyber Security Framework 2.0 - Help Net Security

Careers, Working in Cyber and Information Security

• Combatting Stress In The Cyber Security Industry (forbes.com)

• IT Security Hiring Must Adapt to Skills Shortages (informationweek.com)

Law Enforcement Action and Take Downs

• Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register

• Romance fraudster jailed after conning women out of £300k - BBC News

• Cops arrest 17-year-old suspected of hundreds of swattings nationwide | Ars Technica

• How security experts unravel ransomware (engadget.com)

• US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW

• Report: Blocked IP addresses increased by 116.42% | Security Magazine

Misinformation, Disinformation and Propaganda

• The toothbrush DDoS attack: How misinformation spreads in the cyber security world • Graham Cluley

• Report Details Scope of Global Threat to Elections - Security Boulevard

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)

• NCSC and partners issue warning about state-sponsored attackers hiding out in critical infrastructure networks... - NCSC.GOV.UK

Nation State Actors

China

• Chinese Hackers Preparing ‘Destructive Attacks,’ CISA Warns (govinfosecurity.com)

• Chinese Hackers Hid in US Infrastructure for 5 Years | Newsmax.com

• China's Cyber Attackers Target US and Allied Militaries (newsweek.com)

• FBI Issues Ominous Warning of Imminent Cyber Attack on Critical Infrastructure - Security Boulevard

• Dutch intelligence finds Chinese hackers spying on secret Defence Ministry network (therecord.media)

• Shutting Down the Grid: Possible Cyber Attacks From Chinese Hackers | NTD

• China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)

• Top US venture capitalists invest in China tech for big returns (nypost.com)

• Classified Japanese diplomatic info leaked after Chinese cyber attacks - The Japan Times

• Philippines Says Hacker in China Behind Foiled Attack on Government Website - Bloomberg

• Chinese hackers fail to rebuild botnet after FBI takedown (bleepingcomputer.com)

Russia

• EU capitals fear Russian retaliation and cyber attacks after asset freezes – POLITICO

• The Kremlin threatens the West with years of trials and cyber attacks for trying to use its assets for Ukraine. - UBN

• Russia’s Countervalue Cyber Approach: Utility or Futility? - Carnegie Endowment for International Peace

Iran

• Designating Iranian Cyber Officials - United States Department of State

• Microsoft: Iran is refining its cyber operations | CyberScoop

• Microsoft uncovers extensive Iranian AI-based cyber ops against Israel amid Gaza war | Ctech (calcalistech.com)

• US sanctions Iranian officials over cyber attacks on water plants - BBC News

North Korea

• Cyber attacks by North Korea raked in $3bn to build nuclear weapons, UN monitors suspect | North Korea | The Guardian

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch

• Google: Half of all zero-days used against our products are developed by spyware vendors (therecord.media)

• Spyware business booming despite government crackdowns • The Register

Vulnerability Management

• How To Address OT And ICS Cyber Attack Vulnerabilities (forbes.com)

Vulnerabilities

• Fortinet FortiSIEM hit by two 10/10 severity vulns • The Register

• Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (bleepingcomputer.com)

• Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services (thehackernews.com)

• Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products (thehackernews.com)

• Ivanti: Patch new Connect Secure auth bypass bug immediately (bleepingcomputer.com)

• Newest Ivanti SSRF zero-day now under mass exploitation (bleepingcomputer.com)

• Critical vulnerability in Mastodon sparks patching frenzy • The Register

• Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account (thehackernews.com)

• February 2024 Android security patch here for Pixels - Android Authority

• Google: Half of all zero-days used against our products are developed by spyware vendors (therecord.media)

• Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch

• JetBrains warns of new TeamCity auth bypass vulnerability (bleepingcomputer.com)

• Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica

• Google fixed an Android critical remote code execution flaw (securityaffairs.com)

• Cisco fixes critical Expressway Series CSRF vulnerabilities (securityaffairs.com)

• QNAP Patches High-Severity Bugs in QTS, Qsync Central - SecurityWeek

Tools and Controls

• What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard

• How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)

• Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire

• Close security gaps with attack path analysis and management | TechTarget

• Using Proactive Intelligence Against Adversary Infrastructure - Security Boulevard

• A Hacker’s Perspective For Building Proactive Organisational Defences (forbes.com)

Reports Published in the Last Week

• Acronis Cyber Threats Report H2 2023 | Acronis Resource Center

Other News

• Report: Mac security threats on the rise, here’s what to watch out for - 9to5Mac

• Trustees urged to review cyber incident frameworks following NCSC changes - Pensions Age Magazine

• Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm - SecurityWeek

• ‘Elevated’ risk of hackers targeting UK drinking water, says credit agency | Cyber Crime | The Guardian

• What Will the Future of Cyber Security Bring? - Security Boulevard

• Cyber security remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber warfare | EY - Global

• Cyber attacks on knowledge institutions are increasing: what can be done? (nature.com)

• McPartland Review - Driving Economic Growth through Cyber Security (techuk.org)

• A view from Brussels: ENISA celebrates 20th anniversary amid 'grim times' (iapp.org)

• Revealed – top 10 cyber incidents of 2023 | Insurance Business America (insurancebusinessmag.com)

• NCSC warns CNI operators over ‘living-off-the-land’ attacks | Computer Weekly

• Serious threats, unserious responses (reason.com)

• Super Bowl LVIII Presents a Vast Attack Surface for Threat Actors (darkreading.com)

• We Need Cyber Security in Space to Protect Satellites | Scientific American

• Inquiry to explore cyber risk to Sunak-Starmer showdown | Computer Weekly

• Three predictions for responding to the cyber threat landscape in 2024 | Computer Weekly

• How Hospitals Can Help Improve Medical Device Data Security (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of IT Leaders Consider Security as an Afterthought

A recent industry report found that security is an afterthought for almost half of UK IT leaders, despite 92% of respondents agreeing that security risks had risen in the last five years. Additionally, 48% of respondents felt that the rapid development of new tools had caused challenges around security. The concept of security as an afterthought is worrying when considering that 39% of UK businesses identified a cyber attack within the past 12 months.

https://www.itsecurityguru.org/2023/03/14/almost-half-of-it-leaders-consider-security-as-an-afterthought-research-reveals

• Over $10bn Lost to Online Frauds, with Pig Butchering and Investment Scams Accounting for $3B, Overtaking BEC – FBI Report Says

According to the latest FBI crime report pig butchering now accounts for $3 billion of the $10 billion total lost to online fraud. Pig butchering is a rising investment scam that uses the promise of romance and the lure of making easy cryptocurrency profit against its unsuspecting targets. The concept of pig butchering is to “fatten up” the victim, with small returns on cryptocurrency and personal interactions, often with an element of romance; eventually, the victim is lured into making a larger investment with the scammer. In addition to pig butchering, other investment scams are growing in provenance and are set to overtake Business Email Compromise (BEC) as a major earner for cyber criminals.

https://www.darkreading.com/application-security/pig-butchering-investment-scams-3b-cybercrime-threat-overtaking-bec

• Over 721 Million Passwords were Leaked in 2022

A report published this week discovered 721.5 million exposed credentials online in 2022. Additionally, the report identified 72% of users reusing previously compromised passwords. The study also uncovered 8.6 billion personally identifiable information assets, including 67 million credit card numbers which were publicly available.

https://www.neowin.net/news/study-over-721-million-passwords-were-leaked-in-2022/

• How Much of a Cyber Security Risk are Suppliers?

When your business is digitally connected to a service provider, you need to understand how a cyber security attack on their business can affect yours. You can have all the right measures in place to manage your own cyber risks, but this doesn’t matter if there are undiscovered vulnerabilities in your supply chain. Organisations need to audit the cyber security of suppliers at several stages of their relationship; you may benefit from specialist cyber security support if you can’t do this in-house. Ask hard questions and consider advising your suppliers that if their cyber security is not enough then you may take your business elsewhere. Many businesses now require suppliers to be certified to schemes such as ISO 27001; demonstrating your security posture to your customers is an important ticket to trade.

https://www.thetimes.co.uk/article/how-much-of-a-cybersecurity-risk-are-my-suppliers-mqbwcf7p2

• 90% of £5m+ Businesses Hit by Cyber Attacks

A study from Forbes found that 57% of small and medium-sized enterprises had suffered an online attack. Businesses with an annual turnover in excess of £5 million were even more likely to experience a cyber crime with the figure rising to nearly 90% of firms of this size suffering a cyber attack. To make matters worse, the study found that a significant proportion of British businesses are without any form of protection against online attacks.

https://www.itsecurityguru.org/2023/03/13/nine-in-10-5m-businesses-hit-by-cyber-attacks/

• Rushed Cloud Migrations Result in Escalating Technical Debt

A cloud service provider found 83% of CIO’s are feeling pressured to stretch their budgets even further than before. 72% of CIOs admitted that they are behind in their digital transformation because of technical debt and 38% believed the accumulation of this debt is largely because of rushed cloud migrations. Respondents believed these rushed migrations caused for miscalculations in the cloud budget, which resulted in significant overspend.

https://www.helpnetsecurity.com/2023/03/16/managing-cloud-costs/

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

According to an intelligence report from Microsoft, Russia has been ramping up its cyber espionage operations and this now includes 17 European nations. Of all 74 countries targeted, the UK ranked third, after the US and Poland.

https://www.securityweek.com/microsoft-17-european-nations-targeted-by-russia-in-2023-as-espionage-ramping-up/

• Microsoft Warns of Large-Scale Use of Phishing Kits

Microsoft have found that phishing kits are being purchased and used to perform millions of phishing emails every day. In their report, Microsoft found the availability of purchasing such phishing kits was part of the industrialisation of the cyber criminal economy and lowered the barrier of entry for cyber crime. Microsoft identified phishing kits which had the capability to bypass multi factor authentication selling for as little as $300. The emergence of AI is only going to compound this.

https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html

• BEC Volumes Double on Phishing Surge

The number of Business Email Compromise (BEC) incidents doubled last year according to security provider Secureworks. In their report, they found that the main initial access vectors for BEC were phishing and systems with known vulnerabilities, with each accounting for a third of initial accesses.

https://www.infosecurity-magazine.com/news/bec-volumes-double-on-phishing/

• The Risk of Pasting Confidential Company Data in ChatGPT

Researchers analysed the use of artificial intelligence tool ChatGPT and found that 4.9% of employees have provided company data to the tool; ChatGPT builds its knowledge on this and in turn, this knowledge is shared publicly. The risk is serious, with employees putting their organisation at risk of leaking sensitive and confidential information. The research found that 0.9% of employees are responsible for 80% of leaks caused by pasting company data into ChatGPT and this number is expected to rise.

https://securityaffairs.com/143394/security/company-data-chatgpt-risks.html

• Ransomware Attacks have Entered a Heinous New Phase

With an increasing amount of victims refusing to pay, cyber criminal gangs are now resorting to new techniques; this includes the recent release of stolen naked photos of cancer patients and sensitive student records. Where encryption and a demand for payment were previously the de facto method for cyber criminals, this has now shifted to pure exfiltration. In a report, the FBI highlighted evolving and increasingly aggressive extortion behaviour, with actors increasingly threatening to release stolen data.

https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

• MI5 Launches New Agency to Tackle State-Backed Attacks

British intelligence agency MI5 have announced the creation of the National Protective Security Authority (NPSA), created as part of a major review of government defences. The NPSA is to operate out of MI5 and absorb and extend the responsibilities for the protection of national infrastructure. The NPSA will work with existing agencies such as the National Cyber Security Centre (NCSC) and the Counter Terrorism Security Office (CTSO) to provide defensive advice to UK organisations.

https://www.infosecurity-magazine.com/news/mi5-new-agency-tackle-statebacked/

• Why Cyber Awareness Training is an Ongoing Process

A survey conducted by Hornetsecurity found that 80% of respondents believed remote working introduced extra cyber security risks and 75% were aware that personal devices are used to access sensitive data, fuelling the need for employees to be cyber aware. Where IT security training is only undertaken once, for example in block training, it is likely that participants will have forgotten a lot of the content after as little as a week; this means that for organisations to get the most out of training, they need to conduct frequent awareness training. By conducting frequent training there is more chance of trainees retaining the training content and allowing the organisation to shape a culture of cyber security.

https://www.hornetsecurity.com/en/security-information/why-cyber-awareness-training-is-an-ongoing-process/

Threats

Ransomware, Extortion and Destructive Attacks

• BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (darkreading.com)

• The changing face of ransomware attacks (pandasecurity.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (bleepingcomputer.com)

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Clop ransomware gang begins extorting GoAnywhere zero-day victims (bleepingcomputer.com)

• Staples-owned Essendant facing multi-day "outage," orders frozen (bleepingcomputer.com)

• CISA now warns critical infrastructure of ransomware-vulnerable devices (bleepingcomputer.com)

• LockBit Ransomware gang claims to have stolen SpaceX confidential data from Maximum Industries- - Security Affairs

• Dissecting the malicious arsenal of the Makop ransomware gang- - Security Affairs

• The Prolificacy of LockBit Ransomware (thehackernews.com)

• Blackbaud agrees to pay $3m to settle SEC ransomware probe • The Register

• CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking - SentinelOne

• Ransomware Gang Claims It Hacked Amazon's Ring (gizmodo.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• Dish customers kept in the dark as ransomware fallout continues | TechCrunch

• Cancer patient sues hospital over stolen naked photos • The Register

• ChipMixer platform seized for laundering ransomware payments, drug sales (bleepingcomputer.com)

• Lawyers suspect Arnold Clark hackers have now leaked 45GB of personal data on dark web – Car Dealer Magazine

• Kaspersky Updates Decryption Tool for Conti Ransomware - MSSP Alert

• Conti-based ransomware ‘MeowCorp’ gets free decryptor (bleepingcomputer.com)

• Universities and colleges cope silently with ransomware attacks | CSO Online

Phishing & Email Based Attacks

• Top 50 most impersonated brands in phishing attacks and new tools you can use to protect your employees from them (cloudflare.com)

• Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily (thehackernews.com)

• Software for sale is fueling a torrent of phishing attacks that bypass MFA | Ars Technica

• Cyber criminals Devising More Tactics For Phishing Attacks (informationsecuritybuzz.com)

• 6 reasons why your anti-phishing strategy isn’t working | CSO Online

• Cyberthreat On New Email By Exotic Lily (informationsecuritybuzz.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• How two-step phishing attacks evade detection and what you can do about it - Help Net Security

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Pig Butchering & Investment Scams: The $3B Cyber crime Threat Overtaking BEC (darkreading.com)

• Organizations need to re-examine their approach to BEC protection - Help Net Security

• BEC Volumes Double on Phishing Surge - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• Software for sale is fuelling a torrent of phishing attacks that bypass MFA | Ars Technica

Malware

• SpyCloud Report: Malware Infections the Most Prolific & Persistent Threat to Businesses | Business Wire

• Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Malware Targets People Looking to Pirate Oscar-Nominated Films (darkreading.com)

• Law enforcement seized the website selling the NetWire RAT- - Security Affairs

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

• KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets (thehackernews.com)

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• Emotet attempts to sell access after infiltrating high-value networks | SC Media (scmagazine.com)

• What is Zeus Trojan Malware? - CrowdStrike

• Emotet, QSnatch Malware Dominate Malicious DNS Traffic (darkreading.com)

• Winter Vivern APT hackers use fake antivirus scans to install malware (bleepingcomputer.com)

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• New malware sample of defunct TeamTNT threat group raises concerns | SC Media (scmagazine.com)

• Adobe Acrobat Sign abused to push Redline info-stealing malware (bleepingcomputer.com)

• Tracking the global spread of malware - Help Net Security

Mobile

• Xenomorph Android malware now steals data from 400 banks (bleepingcomputer.com)

• GoatRAT Android Banking Trojan Targets Mobile Automated Payment System (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• FakeCalls Android malware returns with new ways to hide on phones (bleepingcomputer.com)

Botnets

• New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide (thehackernews.com)

• Botnet that knows your name and quotes your email is back with new tricks | Ars Technica

Denial of Service/DoS/DDOS

• Record Breaking DDoS Attack - 158.2 Million Packets Per Second (gbhackers.com)

Internet of Things – IoT

• Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom (thehackernews.com)

• Tesla App Lets Man Accidentally Steal Model 3 That Wasn't His (gizmodo.com)

Data Breaches/Leaks

• Negative Impacts of Data Loss and How to Avoid Them - MSSP Alert

• Mental health provider Cerebral alerts 3.1M people of data breach (bleepingcomputer.com)

• BMW exposes data of clients in Italy, experts warn- - Security Affairs

• Acronis states that only one customer's account was compromised- - Security Affairs

• Security giant Rubrik says hackers used Fortra zero-day to steal internal data | TechCrunch

• Key aerospace player leaks sensitive data | Cybernews

• Hundreds of thousands of customer records stolen from lender Latitude in cyber-attack | Business | The Guardian

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

• LA Housing Authority Suffers Year-Long Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker selling data allegedly stolen in US Marshals Service hack (bleepingcomputer.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

Organised Crime & Criminal Actors

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FBI Warns of Crypto-Stealing Play-to-Earn Games - Infosecurity Magazine (infosecurity-magazine.com)

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing Campaigns Use SVB Collapse to Harvest Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration (thehackernews.com)

• CrowdStrike discovered the first-ever Dero crypto mining campaign- - Security Affairs

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Insider Risk and Insider Threats

• Future-Proofing Your Business Against Insider Threats (informationsecuritybuzz.com)

Fraud, Scams & Financial Crime

• ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED

• Cyber crime Losses Exceeded $10 Billion in 2022: FBI - SecurityWeek

• Investment Fraud is Now Biggest Cyber crime Earner - Infosecurity Magazine (infosecurity-magazine.com)

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks - IT Security Guru

• ChatGPT fraud is on the rise: Here's what to watch out for | ZDNET

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector (darkreading.com)

• The SVB demise is a fraudster's paradise, so take precautions - Help Net Security

• Fighting financial fraud through fusion centers - Help Net Security

• UK Crypto Firm Loses $200m in Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK Bank Limits Crypto Payments to Smother Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

• Claim: FTX leaders helped themselves to $3.2B in cash • The Register

• Feds charge exiled Chinese billionaire over crypto fraud • The Register

Impersonation Attacks

• 'Vile' Gang Duo Breaches Police Database, Impersonates Officers in Extortion Gambit (darkreading.com)

Deepfakes

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

AML/CFT/Sanctions

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

Dark Web

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Supply Chain and Third Parties

• Top 10 operational risks: focus on third-party risk - Risk.net

• How much of a cyber security risk are my suppliers? (thetimes.co.uk)

Software Supply Chain

• We can't wait for SBOMs to be demanded by regulation - Help Net Security

• Best practices for securing the software application supply chain - Help Net Security

• Addressing Software Supply Chain Security - DevOps.com

Cloud/SaaS

• Rushed cloud migrations result in escalating technical debt - Help Net Security

• CrowdStrike report shows identities under siege, cloud data theft up | VentureBeat

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

Hybrid/Remote Working

• Orgs Have a Long Way to Go in Securing Remote Workforce (darkreading.com)

Attack Surface Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

Identity and Access Management

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface (darkreading.com)

• Navigating the future of digital identity - Help Net Security

Encryption

• Google Proposes Reducing TLS Cert Life Span to 90 Days (darkreading.com)

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

Passwords, Credential Stuffing & Brute Force Attacks

• Poor Passwords Still Weakest Link Hackers Seek, Report Reveals - MSSP Alert

• Study: Over 721 million passwords were leaked in 2022 - Neowin

• Understanding password behavior key to developing stronger cyber security protocols - Help Net Security

Social Media

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Spies, lies and influenced children: What TikTok must overcome to show us it can be trusted (telegraph.co.uk)

• Convincing Twitter 'quote tweet' phone scam targets bank customers (bleepingcomputer.com)

Malvertising

• BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (thehackernews.com)

Training, Education and Awareness

• Forgetting Curve according to Dr Ebbinghaus: Why cyber awareness training is an ongoing process - Hornetsecurity

Regulations, Fines and Legislation

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors (databreaches.net)

• When and how to report a breach to the SEC | CSO Online

• WhatsApp Tells UK Government It’s Still Not Willing To Undermine Its Encryption | Techdirt

• The US cyber security strategy won’t address today’s threats with regulation alone | CyberScoop

Governance, Risk and Compliance

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• Getting cyber security right requires a change of mindset | The Strategist (aspistrategist.org.au)

• UK's New Privacy Bill Could Mean More Work for Firms - Infosecurity Magazine (infosecurity-magazine.com)

• 6 principles for building engaged security governance | TechTarget

Models, Frameworks and Standards

• How to Apply NIST Principles to SaaS in 2023 (thehackernews.com)

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Data Protection

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

Law Enforcement Action and Take Downs

• International authorities bring NetWire's malware infrastructure to a standstill | TechSpot

• One of the darkweb’s largest cryptocurrency laundromats washed out | Europol (europa.eu)

Privacy, Surveillance and Mass Monitoring

• German states rethink reliance on Palantir technology | Financial Times (ft.com)

• Consumers Believe Vendors Don't Adequately Protect Their Personal Data, Report Finds - MSSP Alert

• Meet Data Privacy Mandates With Cyber security Frameworks (darkreading.com)

Artificial Intelligence

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (thehackernews.com)

• How to stop AI waging war on humans (thetimes.co.uk)

• ChatGPT and the Growing Threat of Bring Your Own AI to the SOC - SecurityWeek

• How Businesses Can Get Ready for AI-Powered Security Threats (darkreading.com)

• Humans Still More Effective Than ChatGPT at Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• UK spy agency warns of security threat from ChatGPT and rival chatbots | Metro News

• Why red team exercises for AI should be on a CISO's radar | CSO Online

• GPT-4 Can’t Stop Helping Hackers Make Cyber criminal Tools (forbes.com)

Misinformation, Disinformation and Propaganda

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust (darkreading.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Microsoft: Russian hackers may be readying new wave of destructive attacks | CyberScoop

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up - SecurityWeek

• UK’s Royal Navy, Ukraine Jointly Repel Simulated, Russian Cyber attack on National Infrastructure - MSSP Alert

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• YoroTrooper cyber spies target CIS energy orgs, EU embassies (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Polish intelligence dismantled a network of Russian spies- Security Affairs

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Nation State Actors

• MI5 Launches New Agency to Tackle State-Backed Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• UK bans TikTok from government mobile phones | TikTok | The Guardian

• North Korean hackers used polished LinkedIn profiles to target security researchers | CyberScoop

• A new Chinese era: security and control | Financial Times (ft.com)

• Russians told to rush to nuclear bomb shelters after hackers take over state media (telegraph.co.uk)

• Attacks on SonicWall appliances linked to Chinese campaign: Mandiant | CSO Online

• Remcos Trojan Linked to Cyber Espionage Operations Against Ukrainian Government - MSSP Alert

• The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• China sought control of telecoms to spy on Micronesia • The Register

• CISA: Federal civilian agency hacked by nation-state and criminal hacking groups | CyberScoop

• APT29 abuses EU information exchange systems in recent attacks- Security Affairs

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection (thehackernews.com)

• Russia disinformation looks to US far right to weaken Ukraine support | Russia | The Guardian

• This Is the New Leader of Russia's Infamous Sandworm Hacking Unit | WIRED

• Russia’s Cyber security Companies Shrug Off Sanctions - CEPA

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine- Security Affairs

• Wave of Stealthy China Cyber attacks Hits US., Private Networks, Google Says - WSJ

• Russian hackers plotting another cyber attack against Ukraine - Microsoft (ukrinform.net)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

Vulnerabilities

• Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack (thestack.technology)

• Critical Microsoft Outlook bug PoC shows how easy it is to exploit (bleepingcomputer.com)

• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022 (bleepingcomputer.com)

• Microsoft and Fortinet fix bugs under active exploit • The Register

• CISA warns of actively exploited Plex bug after LastPass breach (bleepingcomputer.com)

• Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers- Security Affairs

• Massive vulnerabilities revealed at Dogecoin, Litecoin, Zcash | Fortune Crypto

• SAP releases security updates fixing five critical vulnerabilities (bleepingcomputer.com)

• Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day - SecurityWeek

• Microsoft fixes Windows zero-day exploited in ransomware attacks (bleepingcomputer.com)

• Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws (bleepingcomputer.com)

• Firefox 111 patches 11 holes, but not 1 zero-day among them… – Naked Security (sophos.com)

• Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script - SecurityWeek

• Cyber attackers Continue Assault Against Fortinet Devices (darkreading.com)

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

• Google Warns Samsung and Pixel Phone Owners About 18 Dire Exploits - CNET

• Microsoft shares script to fix WinRE BitLocker bypass flaw (bleepingcomputer.com)

• Here's how Chinese spies exploited a critical Fortinet bug • The Register

• Bitwarden's password manager browser extension has a known exploit it hasn't addressed in five years | TechSpot

Tools and Controls

• Make Sure Your Cyber security Budget Stays Flexible (darkreading.com)

• What Is a Stateful Inspection Firewall? Ultimate Guide (enterprisestorageforum.com)

• When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About (thehackernews.com)

• Set up PowerShell script block logging for added security | TechTarget

• Brazil seizing Flipper Zero shipments to prevent use in crime (bleepingcomputer.com)

• Outlook app to get built-in Microsoft 365 MFA on Android, iOS (bleepingcomputer.com)

• 5 Reasons MSSP Clients Need Strong AppSec Strategies to Thwart Ransomware - MSSP Alert

• 5 Steps to Effective Cloud Detection and Response  - The New Stack

• Virtual patching: Cut time to patch from 250 days to (helpnetsecurity.com)

• ChatGPT may be a bigger cyber security risk than an actual benefit (bleepingcomputer.com)

• Change Is Coming to the Network Detection and Response (NDR) Market (darkreading.com)

• Rise of Ransomware Attacks Main Focus for SOCs, research finds - IT Security Guru

Other News

• CASPER attack steals data using air-gapped computer's internal speaker (bleepingcomputer.com)

• US govt web server attacked by 'multiple' criminal gangs • The Register

• Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Business Email Compromise Attacks Can Take Just Hours

Microsoft’s security intelligence team found that Business Email Compromise (BEC) attacks are moving rapidly, with some taking mere minutes. Microsoft found the whole process, from signing in using compromised credentials to registering typo squatting domains and hijacking an email thread, took threat actors only a couple of hours. Such a rapid attack leaves minimal time for organisations to identify and take preventative action. This is worrying when considering the cost of BEC is predicted to more than tens of billions.

https://www.bleepingcomputer.com/news/security/microsoft-business-email-compromise-attacks-can-take-just-hours/

Research Reveals ‘Password’ is Still the Most Common Term used by Hackers to Breach Enterprise Networks

In a report of over 800 million breached passwords, vendor Specops identified some worrying results. Some of the key findings from the report include 88% of passwords used in successful attacks consisting of 12 characters or less and the most common base terms used in passwords involving ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’. The report found that 83% of the compromised passwords satisfied both the length and complexity requirements of cyber security compliance standards such as NIST, GDPR, HIPAA and Cyber Essentials.

https://www.itsecurityguru.org/2023/03/08/research-reveals-password-still-the-most-common-term-used-by-hackers-to-breach-enterprise-networks/

Just 10% of Firms Can Resolve Cloud Threats in an Hour

Two-thirds (39%) of global organisations reported a surge in breaches over the past year, with IT complexity increasing and detection and response capabilities worsening, according to Palo Alto Networks. It found that as enterprises move more of their data and workloads to the cloud, they’re finding it increasingly difficult to discover and remediate incidents quickly. Over two-fifths (42%) reported an increase in mean time to remediate, while 90% said they are unable to detect, contain and resolve cyber-threats within an hour. Nearly a third (30%) reported a major increase in intrusion attempts and unplanned downtime. Part of the challenge appears to be the complexity of their cloud security environments – partly caused by tool bloat.

https://www.infosecurity-magazine.com/news/10-firms-resolve-cloud-threats-hour/

MSPs in the Crosshairs of Ransomware Gangs

Many attacks have heightened attention around third-party risk and the security obligations of MSPs in meeting multiple customers’ IT needs. Attacks such as the ones on RackSpace and LastPass show that some ransomware actors are now intentionally targeting MSPs to access sensitive customer data. It is now believed that some advanced persistent threat (APT) groups could be stepping up their attacks on MSP’s in order to gain sensitive customer data.

https://www.msspalert.com/cybersecurity-research/msps-in-the-crosshairs-of-ransomware-gangs/

Stolen Credentials Increasingly Empower the Cyber Crime Underground

Threat Intelligence provider Flashpoint found that last year threat actors exposed or stole 22.62 billion credentials and personal records, which often make their way to underground forums and cyber criminal markets. This follows a significant increase in market activity; just last year Flashpoint recorded 190 new illicit markets emerge and the continual rise in attacks focused on stealing credentials only further empowers cyber crime underground.

https://www.csoonline.com/article/3690409/stolen-credentials-increasingly-empower-the-cybercrime-underground.html#tk.rss_news

It’s Time to Assess the Potential Dangers of an Increasingly Connected World

As global conflicts continue, cyber has become the fifth front of warfare. The world is approaching 50 billion connected devices, controlling everything from our traffic lights to our nuclear arsenal and we have already seen large-scale cyber attacks. Adding to this, a multitude of infrastructure runs on services ran by a handful of companies; Palo Alto Networks, Cisco and Fortinet control more than 50% of the market for security appliances. As such, an attack on one of these companies could cause a huge ripple effect on their customers.

https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-

Mounting Cyber Threats Mean Financial Firms Urgently Need Better Safeguards

According to the International Monetary Fund (IMF) 64% of banks and supervisory authorities do not mandate testing and exercising cyber security and 54% lack dedicated a cyber incident reporting regime. This increases the risk of experiencing a cyber attack. Regularly testing and exercising security will aid any organisation in its cyber resilience.

https://www.imf.org/en/Blogs/Articles/2023/03/02/mounting-cyber-threats-mean-financial-firms-urgently-need-better-safeguards

Insider Threat: Developers Leaked 10m Credentials Including Passwords in 2022

Security provider GitGuardian found that the rate at which developers leaked critical software secrets jumped by 0.5 to reach 5.5 out of every 1,000 commits to GitHub repositories; overall, this amounted to at least 10 million instances of secrets leaking to a public repository. Generic passwords accounted for the majority of leaked secrets (56%) and more than a third (38%) of leaks involved API keys, random number generator seeds and other sensitive strings. These leaks can have worrying consequences for organisations.

https://www.darkreading.com/application-security/inside-threat-developers-leaked-10m-credentials-passwords-2022

Cyber Threat Detections Surges 55% In 2022

Security Provider Trend Micro has said that it stopped 146 billion cyber threats in 2022, a 55% increase on the previous year and evidence of the increase of attacks ramping up. Trend Micro also found a 242% increase in the number of blocked malicious files and an 86% increase in backdoor malware detections with the latter showing an increase in attackers gaining initial access. Furthermore, the number of critical vulnerabilities in 2022 doubled compared to the previous year. Trend Micro noted that this is all likely due to an ever expanding attack surface of organisations.

https://www.infosecurity-magazine.com/news/cyberthreat-detections-surge-55/

European Central Bank Tells Banks to Run Cyber Stress Tests after Rise in Hacker Attacks

The European Central Bank (ECB) will ask all major lenders in the Eurozone to detail by next year, how they would respond to and recover from a successful cyber attack. The ECB is in the process of designing a scenario involving a theoretical breach of the financial system’s cyber defences, which will be sent to all of the 111 banks it assesses to see how they would react. The stress test stems from the increasing amount of cyber attacks. If cyber has shown us anything, it’s that anyone can be a target and performing a stress test would help any organisation prepare for the worst.

https://www.ft.com/content/f03d68a4-fdb9-4312-bda3-3157d369a4a6

Employees Are Feeding Sensitive Business Data to ChatGPT

1 in 20 employees have put sensitive corporate data into popular AI tool ChatGPT, raising concerns that this could result in massive leaks of proprietary information. In some cases, this has involved employees cutting and pasting strategic documents and asking ChatGPT to make a PowerPoint.

https://www.darkreading.com/risk/employees-feeding-sensitive-business-data-chatgpt-raising-security-fears

Is Ransomware Declining? Not So Fast Experts Say

Security provider CrowdStrike have explained that the perceived decline in ransomware reflects the abilities of threat actors to adapt, splinter and regroup against defensive measures. CrowdStrike expand on this, stating that whilst ransom payments dipped slightly in 2022, there was an uprise in data extortion and ransomware as a service (RaaS).

https://www.techtarget.com/searchsecurity/news/365532201/Is-ransomware-declining-Not-so-fast-experts-say

Preventing Corporate Data Breaches Starts with Remembering that Leaks have Real Victims

The impact a data breach can have on an individual is devastating and ultimately there’s not much an individual can do themselves if the organisation that holds their data isn’t taking the right steps. To best protect themselves and their clients’ data, organisations should look to have appropriate defence in depth controls, including effective asset management, an open security culture, close monitoring of access, utilising strong authentication and maintaining an awareness of the ever changing threat landscape.

https://www.helpnetsecurity.com/2023/03/07/preventing-corporate-data-breaches/

Faced With Likelihood of Ransomware Attacks, Businesses Still Choosing to Pay Up

In a recent report Proofpoint found that globally 76% of organisations experienced ransomware attempts, with 64% eventually infected. Amongst those that had a cyber insurance policy, 82% of insurers stepped up to pay the ransom either in full or partially. The report found that with the rise in number and sophistication of attacks it is more important than ever for proper security training and awareness in organisations.

https://www.zdnet.com/article/faced-with-likelihood-of-ransomware-attacks-businesses-still-choosing-to-pay-up/

Experts See Growing Need for Cyber Security Workers as One in Six Jobs go Unfilled

A report by the Information and Communications Technology Council (ICTC) found that 1 in 6 cyber security jobs are unfulfilled and this is only expected to grow in the coming years. The ICTC stated that “This is not just about education or government funding, but about companies willing to provide hands-on training and experience to the next generation of cyber security experts”.

https://www.theglobeandmail.com/business/careers/article-experts-see-growing-need-for-cybersecurity-workers-as-one-in-six-jobs/

Threats

Ransomware, Extortion and Destructive Attacks

• Faced with likelihood of ransomware attacks, businesses still choosing to pay up | ZDNET

• MSPs in the Crosshairs of Ransomware Gangs - MSSP Alert

• Is ransomware declining? Not so fast, experts say | TechTarget

• FBI and CISA warn of increasing Royal ransomware attack risks (bleepingcomputer.com)

• City of Oakland Faces Major Data Leak - Infosecurity Magazine (infosecurity-magazine.com)

• Indigo Books Refuses LockBit Ransomware Demand (darkreading.com)

• Anatomy of a Ransomware Attack

• Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)

• Ransom House ransomware attack hit Hospital Clinic de Barcelona- - Security Affairs

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems (darkreading.com)

• Ransomware review: March 2023 (malwarebytes.com)

• Ransomware gang posts video of data stolen from Minneapolis schools (bleepingcomputer.com)

• IceFire ransomware now encrypts both Linux and Windows systems (bleepingcomputer.com)

• Examining Ransomware Payments From a Data-Science Lens (trendmicro.com)

• DND: Black & McDonald reported ransomware attack | CTV News

• Cyble — BlackSnake Ransomware Emerges from Chaos Ransomware's Shadow

Phishing & Email Based Attacks

• AI is taking phishing attacks to a whole new level of sophistication - Help Net Security

• Catches of the Month: Phishing Scams for March 2023 - IT Governance UK Blog

• Emotet starts post-break phishing campaign • The Register

BEC – Business Email Compromise

• Microsoft: Business email compromise attacks can take just hours (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

• Vishing attacks increasing, but AI's role still unclear | TechTarget

• Defeating the Deepfake Danger - SecurityWeek

• Does Your Help Desk Know Who's Calling? (thehackernews.com)

2FA/MFA

• NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• DrayTek VPN routers hacked with new malware to steal data, evade detection (bleepingcomputer.com)

• Malicious PyPI package signals direction of cyber crime • The Register

• How to prevent Microsoft OneNote files from infecting Windows with malware (bleepingcomputer.com)

• Snake Keylogger Malware Removal Guide (makeuseof.com)

• Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica

• New malware infects business routers for data theft, surveillance (bleepingcomputer.com)

• Old Windows ‘Mock Folders’ UAC bypass used to drop malware (bleepingcomputer.com)

• Emotet malware attacks return after three-month break (bleepingcomputer.com)

• AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)

• New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)

• Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)

• Custom Chinese Malware Found on SonicWall Appliance - SecurityWeek

• Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• FBI and international cops catch a NetWire RAT • The Register

Mobile

• Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps (thehackernews.com)

• Officials Targeted with Romance Scams and Android Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• Google One expands security features to all plans with dark web report, VPN access - Help Net Security

Denial of Service/DoS/DDOS

• Akamai mitigated a record-breaking DDoS that peaked 900Gbps- Security Affairs

Internet of Things – IoT

• TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese Hikvision cameras ‘that pose security threat’ used on King’s Sandringham estate (thetimes.co.uk)

Data Breaches/Leaks

• Preventing corporate data breaches starts with remembering that leaks have real victims - Help Net Security

• The LastPass Hack Somehow Gets Worse | WIRED

• LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach (thehackernews.com)

• Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs

• Popular fintech apps expose valuable, exploitable secrets - Help Net Security

• PayPal Sued Over Data Breach that Impacted 35,000 users (hackread.com)

• Acer Data Breach? Hacker Claims to Sell 160GB Trove of Stolen Data (hackread.com)

• Brazilian Conglomerate Suffers 3TB Data Breach: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Data breach exposed millions of Verizon customers' account info (androidpolice.com)

• Congress’ Social Security Numbers Leaked in DC Health Link Hack (gizmodo.com)

• Data protection vendor Acronis admits to data leak • The Register

• AT&T confirms 9m wireless accounts exposed by third part • The Register

Organised Crime & Criminal Actors

• At Least 30% of "Cyber-Criminals" Are Women: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber crime site shows off with a free leak of 2 million stolen card numbers - The Record from Recorded Future News

• BidenCash leaks 2.1M stolen credit/debit cards- Security Affairs

• Malicious PyPI package signals direction of cyber crime • The Register

• Where are the women in cyber security? • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic (thehackernews.com)

Insider Risk and Insider Threats

• 6 Ways To Go Beyond Awareness And Foster A Real Culture Of Cyber security (forbes.com)

Fraud, Scams & Financial Crime

• Scams Security Pros Almost Fell For (darkreading.com)

• FTX Confirms $9 Billion in Customer Funds Vanished (gizmodo.com)

• Experts Warn of "SMS Pumping" Fraud Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers using voice-cloning A.I. to mimic relatives | Fortune

• Alleged security breach leaves millions of dollars missing from Flutterwave accounts | TechCrunch

• UK Government Plans Skills Boost for Public Sector Fraud Fight - Infosecurity Magazine (infosecurity-magazine.com)

• Officials Targeted with Romance Scams and Android Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• New Rise In ChatGPT Scams Reported By Fraudsters (informationsecuritybuzz.com)

Deepfakes

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

• Defeating the Deepfake Danger - SecurityWeek

Insurance

• Talking Cyber Insurance With Munich Re - SecurityWeek

Dark Web

• Cyber crime site shows off with a free leak of 2 million stolen card numbers - The Record from Recorded Future News

• Google One expands security features to all plans with dark web report, VPN access - Help Net Security

Supply Chain and Third Parties

• Snap CISO talks risky supply chain security business • The Register

• SolarWinds IR lead: supply-chain attacks 'getting bigger' • The Register

• AT&T confirms 9m wireless accounts exposed by third part • The Register

Software Supply Chain

• SBOMs become a security staple for the software supply chain • The Register

Cloud/SaaS

• Just 10% of Firms Can Resolve Cloud Threats in an Hour - Infosecurity Magazine (infosecurity-magazine.com)

• Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks (thehackernews.com)

• Hackers are quickly learning how to target cloud systems (axios.com)

• Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security - Infosecurity Magazine (infosecurity-magazine.com)

Attack Surface Management

• 5 Reasons You Should Care About Unmanaged Assets (darkreading.com)

Asset Management

• 5 Reasons You Should Care About Unmanaged Assets (darkreading.com)

Encryption

• New TPM 2.0 flaws could let hackers steal cryptographic keys (bleepingcomputer.com)

• New Steganography Breakthrough Enables “Perfectly Secure” Digital Communications (scitechdaily.com)

API

• API Security for UK companies - IT Security Guru

• Attackers exploit APIs faster than ever before - Help Net Security

Open Source

• IceFire ransomware now encrypts both Linux and Windows systems (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Research Reveals 'Password' Still the Most Common Term Used by Hackers to Breach Enterprise Networks - IT Security Guru

• Stolen credentials increasingly empower the cyber crime underground | CSO Online

• The LastPass Hack Somehow Gets Worse | WIRED

• Credential Stuffing attack on Chick-fil-A impacted +71K users- Security Affairs

• The Role of Verifiable Credentials In Preventing Account Compromise (darkreading.com)

• Securing ways to share workplace passwords • The Register

• Young government workers show poor password management habits - Help Net Security

Social Media

• NCSC: Twitter Users Should Find MFA Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• TikTok unveils new European data security regime | Reuters

Training, Education and Awareness

• 6 Ways To Go Beyond Awareness And Foster A Real Culture Of Cyber security (forbes.com)

Regulations, Fines and Legislation

• Biden Administration's Cyber security Strategy Takes Aim at Hackers (gizmodo.com)

• Government Claims New UK GDPR Will Save Firms Billions - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Inadequate patches and advisories increase cyber risk - Help Net Security

• Why do Businesses Need to Focus More on Cyber security (hackread.com)

• Flashpoint: Threat vectors converging, increasing damage | TechTarget

• How to achieve and shore up cyber resilience in a recession - Help Net Security

• The cyber security landscape in the era of economic instability – Help Net Security

Models, Frameworks and Standards

• Open letter demands OWASP overhaul, warns of mass project exodus | CSO Online

• PCI Compliance Requirements Guide (trendmicro.com)

• NIST Retooling Cyber security Framework to Reflect Changing Cyber scape – MSSP Alert

Data Protection

• Government Claims New UK GDPR Will Save Firms Billions – Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Experts see growing need for cyber security workers as one in six jobs go unfilled – The Globe and Mail

• How to Jump-Start Your Cyber security Career (darkreading.com)

Law Enforcement Action and Take Downs

• Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine (thehackernews.com)

• FBI and international cops catch a NetWire RAT • The Register

Privacy, Surveillance and Mass Monitoring

• Secret Service and ICE break the law with fake phone towers • The Register

• Thought you'd opted out of online tracking? Think again • The Register

Artificial Intelligence

• AI is taking phishing attacks to a whole new level of sophistication - Help Net Security

• Employees Are Feeding Sensitive Business Data to ChatGPT (darkreading.com)

• You can poison AI datasets for just $60, a new study shows (fastcompany.com)

• Microsoft and MITRE developed a tool to prepare security teams for attacks on ML systems - Help Net Security

• Thousands scammed by AI voices mimicking loved ones in emergencies | Ars Technica

• Vishing attacks increasing, but AI's role still unclear | TechTarget

• AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security (darkreading.com)

• Criminals will use ChatGPT to unleash wave of fraud, warns Darktrace (telegraph.co.uk)

Misinformation, Disinformation and Propaganda

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• What can security teams learn from a year of cyber warfare? | Computer Weekly

• New Backdoor MQsTTang Attributed to Mustang Panda Group - Infosecurity Magazine (infosecurity-magazine.com)

• Pegasus spyware used to spy on a Polish mayor- Security Affairs

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• Sharp Panda targets government entities in Southeast Asia- Security Affairs

• Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert

• Chinese cyber spies target unpatched SonicWall gear • The Register

• What is Cyberwarfare? | Definition from TechTarget

Nation State Actors

• What can security teams learn from a year of cyber warfare? | Computer Weekly

• New Backdoor MQsTTang Attributed to Mustang Panda Group - Infosecurity Magazine (infosecurity-magazine.com)

• Russia Bans Messengers, Including WhatsApp, Telegram, And More (informationsecuritybuzz.com)

• Russia-Ukraine war: How both sides of the conflict have used crypto to win (cointelegraph.com)

• Chinese Hikvision cameras ‘that pose security threat’ used on King’s Sandringham estate (thetimes.co.uk)

• China-aligned APT is exploring new technology stacks for malicious tools - Help Net Security

• Sharp Panda targets government entities in Southeast Asia- Security Affairs

• Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (thehackernews.com)

• Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• Managed Service Provider Identifies Potential Chinese Spy Ring - MSSP Alert

• Chinese firm got Covid contract despite trying to hack NHS data, minister says | Politics | The Guardian

• Chinese cyber spies target unpatched SonicWall gear • The Register

• TikTok unveils new European data security regime | Reuters

• Lazarus group infiltrated South Korean finance firm twice last year | CSO Online

• Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• New Chinese regulatory body expected to streamline data governance rules | CSO Online

Vulnerability Management

• Inadequate patches and advisories increase cyber risk - Help Net Security

• Build Cyber Resiliency With These Security Threat-Mitigation Considerations

• Zero Day Threat Protection for Your Network (trendmicro.com)

• 557 CVEs Added to CISA's Known Exploited Vulnerabilities Catalog in 2022 - SecurityWeek

• Machine Learning Improves Prediction of Exploited Vulnerabilities (darkreading.com)

• Security Patch Management Strengthens Ransomware Defense (trendmicro.com)

• VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022 | TechTarget

Vulnerabilities

• TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers discover 'kill switch' in Starlink terminals - Security - iTnews

• PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716) - Help Net Security

• CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems (thehackernews.com)

• Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing - SecurityWeek

• Fortinet warns of new critical unauthenticated RCE vulnerability (bleepingcomputer.com)

• Information Disclosure Vulnerability in Adobe Experience Manager affecting multiple companies… | by Fat Selimi | Feb, 2023 | InfoSec Write-ups (infosecwriteups.com)

• Chinese cyber spies target unpatched SonicWall gear • The Register

• Chrome 111 Patches 40 Vulnerabilities - SecurityWeek

• Bitwarden flaw can let hackers steal passwords using iframes (bleepingcomputer.com)

• Veeam warns to install patches to fix a bug in Backup & Replication- Security Affairs

• Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware (thehackernews.com)

• Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks - SecurityWeek

• Jenkins Server Vulnerabilities Chained for Remote Code Execution  - SecurityWeek

Tools and Controls

• The LastPass Hack Somehow Gets Worse | WIRED

• 3 Ways Security Teams Can Use IP Data Context (darkreading.com)

• Two-Thirds of European Firms Have Started Zero Trust - Infosecurity Magazine (infosecurity-magazine.com)

• What is zero trust? A model for more effective security | CSO Online

• Too Many SOAR Vendors are Failing MSSPs - MSSP Alert

• Why enterprise SecOps strategies must include XDR and MDR | TechTarget

Other News

• Biden Administration's Cyber security Strategy Takes Aim at Hackers (gizmodo.com)

• Tracking device technology: A double-edged sword for CISOs | CSO Online

• From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality (thehackernews.com)

• What CISOs need to understand about document signing - Help Net Security

• Thousands of websites hacked as part of redirection campaign- Security Affairs

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 79% Of Companies Only Invest in Cyber Security After Hacking Incidents

The British cyber security company Tanium published a survey on investments in digital protection in UK companies with alarming results: 79% of them only approve investments in cyber security after suffering a data breach; 92% experienced a data attack or breach, of which 74% occurred in 2021. Leadership reticence is also high, with 63% of leaders convinced cyber security is only a concern after an attack.

The complexity of the situation has grown with the digital transformation of work. If it streamlines many processes, it can also open up serious security gaps. A sensitive point is the “home office”: companies need effective solutions to eliminate gaps that may appear between employees’ computers (often shared devices) and the company’s internal network.

Putting in solutions is just the beginning of a necessary strategy and investment effort in virtual protection. Complex scams based on phishing, reverse engineering, and backdoor-type malicious programs (“planted” discreetly on a device and sometimes inactive for months) often combine real-world and virtual-world fraud.

The escalation of corporate data hijacking appears in this scenario. The most notorious case at a global level of such an incident, with a million-dollar ransom demand, was launched in 2021 on Colonial Pipeline. This US company paid $40 million to regain control over strategic data after fuel supplies through its pipelines to several states were threatened for days.

https://informationsecuritybuzz.com/infosec-news/79-of-the-companies-only-invest-in-cybersecurity-after-hacking-incidents/

• Nearly Half of Breaches During First Half of 2022 Involved Stolen Credentials

According to a new report by Acronis, a Switzerland-based cyber security company, nearly half of breaches during the first six months of 2022 involved stolen credentials.

The goal of stealing credentials is to launch ransomware attacks. According to the report, these “continue to be the number one threat to large and medium-sized businesses, including government organisations.”

Attackers usually use phishing techniques to extract these credentials. In the first half of the year, over 600 malicious email campaigns made their way across the internet, of which 58% were phishing attempts and 28% featured malware.

Acronis also added that “as reliance on the cloud increases, attackers have homed in on different entryways to cloud-based networks.”

Additionally, cyber criminals now also target unpatched or software vulnerabilities to extract data, with a recent increase on Linux operating systems and managed service providers (MSPs) and their network of SMB customers.

The third vector spotted by Acronis was “non-traditional entry avenues” such as cryptocurrencies and decentralised finance (DeFi) systems.

https://www.itsecurityguru.org/2022/08/30/nearly-half-of-breaches-during-first-half-of-2022-involved-stolen-credentials/

• Outdated Infrastructure Not Up to Today’s Ransomware Challenges

A global research commissioned by Cohesity reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyber attacks plaguing enterprises globally.

Challenges pertaining to outdated infrastructure could easily be compounded by the fact that many IT and security teams don’t seem to have a plan in place to mobilise if and when a cyber attack occurs. Nearly 60% of respondents expressed some level of concern that their IT and security teams would be able to mobilise efficiently to respond to the attack.

These are just some of the findings from an April 2022 survey, conducted by Censuswide, of more than 2,000 IT and SecOps professionals (split nearly 50/50 between the two groups) in the United States, the United Kingdom, Australia and New Zealand. All respondents play a role in the decision-making process for IT or security within their organisations.

IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset – their data.

Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyber attacks.

https://www.helpnetsecurity.com/2022/08/30/outdated-infrastructure-manage-data/

• Ghost Data Increases Enterprise Business Risk

IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organisation's cloud attack surface.

Cloud sprawl is a big issue for organisations, with business teams spinning up cloud systems and services on their own, often without IT oversight. That leads to cloud data sprawl as data is scattered across different environments. If IT doesn’t know about the cloud systems and services, then IT is also not managing the data being collected, processed, and stored there.

We all know about shadow IT, the systems and network devices in the organisation’s environment that IT is not managing. Similarly, shadow data refers to unmanaged data store copies and snapshots or log data that are not part of IT’s backup and recovery strategy. Researchers at Cyera estimate that 60% of the data security posture issues that are present in cloud accounts stem from unsecured sensitive data.

Then there is the problem of ghost data. When data gets deleted from cloud systems, it isn’t fully gone. Copies linger in backups or snapshots of data stores. Ghost data refers to those copies left behind after the original has been deleted, and Cyera’s recent analysis show that enterprises have quite a lot of it.

After scanning the three major cloud providers (Amazon Web Services, Azure, and Google Cloud), Cyera researchers found that over 30% of scanned customer cloud data stores are ghost data and more than 58% contain sensitive, or very sensitive, data. For example, researchers found unsecured database snapshots in non-production environments that contained sensitive customer data where the original database had been destroyed. Researchers also uncovered sensitive personal and authentication data in plain text where the production data and application were no longer in use.

Ghost data usually has no business value - the data was deleted for a reason - and having it around unnecessarily increases business risk. Attackers don’t care if they get their hands on the original sensitive information or the copy because to them, all data has value, regardless of the form it takes.

https://www.darkreading.com/edge-threat-monitor/ghost-data-increases-enterprise-business-risk

• Detected Cyber Threats Surge 52% in 1H 2022

A leading cyber security vendor blocked 63 billion threats in the first half of 2022 alone, over 50% more than the same period a year ago.

The findings come from the Trend Micro 2022 Midyear Cybersecurity Report and illustrate the scale of the challenge facing network defenders.

Trend Micro highlighted the persistent threat posed by ransomware-as-a-service (RaaS) groups as one that will continue to cause major challenges for organisations in the years to come.

It said detections of prolific groups such as LockBit and Conti increased by 500% year-on-year in 1H 2022. Such groups will continue to adapt their tactics, techniques and procedures (TTPs) in the race for profits.

The report warned of a surge in threats targeting Linux systems, for example. It said detections of attacks on Linux servers and embedded systems grew 75% year-on-year in the first half of 2022. Both SMBs and larger organisations are now a target, it claimed.

Many RaaS groups exploit vulnerabilities as a primary attack vector. Their job is getting easier as the number of published common vulnerabilities and exposures (CVEs) continues to grow strongly.

Trend Micro’s Zero Day Initiative published advisories on 944 vulnerabilities in the first half of 2021, a 23% year-on-year increase. The number of critical bug advisories it published soared by 400% over the same period.

https://www.infosecurity-magazine.com/news/detected-cyberthreats-surge-52-in/

• An Interview with Initial Access Broker Wazawaka: ‘There Is No Such Money Anywhere as There is in Ransomware’

Last April, a ransomware group threatened to expose police informants and other sensitive information if the Washington, D.C. Metropolitan Police Department did not pay a demand.

The brazen attack was the work of a gang known as Babuk, which in early 2021 gained a reputation for posting stolen databases on its website from victims that refused to pay a ransom. Just days after it tried to extort the Metropolitan Police Department, Babuk announced it was closing its ransomware affiliate program, and would focus on data theft and extortion instead.

Earlier this year, cyber security journalist Brian Krebs uncovered details about one man behind the operation named Mikhail Matveev, who was also connected to a number of other groups and identities, including the handle ‘Wazawaka.’ According to Krebs, Matveev had become more unhinged than usual, “publishing bizarre selfie videos” and creating a Twitter account to share exploit code.

Matveev talked to Recorded Future about his interaction with other hackers, details about ransomware attacks he’s been involved in, and how he settled on the name Babuk.

Click the link below for the full interview but the long and short is ransomware has created a criminal ecosystem the likes of which the world has never seen.

https://therecord.media/an-interview-with-initial-access-broker-wazawaka-there-is-no-such-money-anywhere-as-there-is-in-ransomware/

• Cyber Crime Underground More Dangerous Than Organisations Realise

Kela, a cyber threat intelligence specialist, found in a new study of some 400 security pros in the US that organisations are more at risk from the “cyber crime underground” than they realise.

The Israel-based company surveyed security team members responsible for gathering cyber crime threat intelligence daily to better understand if they’re proactively scanning the dark web and other cyber crime sources, what tools they’re using and the gaps they see in their cyber crime threat intelligence approach. Nearly 60% of the respondents do not believe their current cyber crime prevention is effective, the results showed.

Here are the study’s key findings:

• 69% are concerned about threats from the cyber crime underground.

• 54% wouldn’t be surprised to find their organisation’s data on the cyber crime underground.

• Only 38% believe that they’re very likely to detect it if it was released.

• 48% have no documented cyber crime threat intelligence policy in place.

• Only 41% believe their current security program is very effective.

• 49% are not satisfied with the visibility they have of the cyber crime underground.

• Of the 51% who were satisfied with their visibility into the cyber crime underground, 39% were still unable to prevent an attack.

• Additional training and proficiency in cyber crime intelligence investigations is the most needed capability.

https://www.msspalert.com/cybersecurity-research/cybercrime-underground-more-dangerous-than-organizations-realize-threat-intelligence-firm-warns/

• New Ransomware Group BianLian Activity Exploding

A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since.

The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cyber security firm Redacted, published on September 1, 2022. The majority of the victim organisations have been based in Australia, North America and the UK.

The research team has given no attribution yet but believes the threat actor “represents a group of individuals who are very skilled in network penetration but are relatively new to the extortion/ransomware business.”

BianLian uses a custom toolkit, including homemade encryptors and encryption backdoors. Both, as well as the command-and-control (C&C) software the hackers use, are written in Go, an increasingly popular programming language among ransomware threat actors.

Troublingly, the Redacted team of researchers has found evidence that BianLian is likely now trying to up their game.

https://www.infosecurity-magazine.com/news/new-ransomware-group-bianlian/

• Can Your Passwords Withstand Threat Actors’ Dirty Tricks?

Password security hinges on the answer to that seemingly simple question. Unfortunately, you can’t know the answer until you’ve engaged a ruthless penetration tester to find out if your environment can stand up to the frighteningly good password cracking skills of today’s most nefarious hackers.

The whole purpose of hiring skilled penetration testers (“pentesters”) is to find out if your environment is truly impenetrable — and if it’s not, exactly how you should shore up your defences. Good pentesters and red teamers spend their time trying to simulate and emulate the real bad actors. After all, what’s the point of pressure-testing your IT infrastructure if you don’t use the same pressure that you’ll face in the real world?

You should “train like you fight.” Without sparring, how can you expect to jump into a boxing ring and go a few rounds with a skilled boxer? That’s the entire point of goal-based penetration testing and red/purple team engagements that simulate real-world threat actors.

Password cracking will continue to evolve – and so should your penetration testing tactics and plans. By the time you get to your fourth or fifth round with a quality pentesting consultancy, your risk mitigation will have dramatically improved — which means you’ll be able to move on to the next stage of security maturity.

https://www.helpnetsecurity.com/2022/08/30/stand-up-to-password-cracking/

• Ransomware Gangs’ Favourite Targets

Barracuda released its fourth-annual threat research report which looks at ransomware attack patterns that occurred between August 2021 and July 2022.

For the 106 highly publicised attacks our researchers analysed, the dominant targets are still five key industries: education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and financial (6%). The number of ransomware attacks increased year-over-year across each of these five industry verticals, and attacks against other industries more than doubled compared to last year’s report.

While attacks on municipalities increased only slightly, the analysis over the past 12 months showed that ransomware attacks on educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled. Many choose not to disclose when they get hit.

This year, researchers dug in deeper on these highly publicised attacks to see which other industries are starting to be targeted. Service providers were hit the most, and ransomware attacks on automobile, hospitality, media, retail, software, and technology organisations all increased as well.

Most ransomware attacks don’t make headlines, though. Many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses.

As ransomware and other cyber threats continue to evolve, the need for adequate security solutions has never been greater. Many cyber criminals target small businesses in an attempt to gain access to larger organisations. As a result, it is essential for security providers to create products that are easy to use and implement, regardless of a company’s size.

Additionally, sophisticated security technologies should be available as services, so that businesses of all sizes can protect themselves against these ever-changing threats. By making security solutions more accessible and user-friendly, the entire industry can help to better defend against ransomware and other cyber attacks.

https://www.helpnetsecurity.com/2022/08/31/ransomware-attack-patterns/

• Tentacles of ‘0ktapus’ Threat Group Victimise 130 Firms

Over 130 companies were tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organisations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

The primary goal of the threat actors was to obtain Okta identity credentials and multi-factor authentication (MFA) codes from users of the targeted organisations. These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organisation.

114 US-based firms were impacted, with additional victims of sprinkled across 68 additional countries. The full scope of the attack is still unknown but the 0ktapus campaign has been incredibly effective, and the full scale of it may not be known for some time.

The 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’ phone numbers.

While unsure exactly how threat actors obtained a list of phone numbers used in MFA-related attacks, one theory researchers posit is that 0ktapus attackers began their campaign targeting telecommunications companies.

https://threatpost.com/0ktapus-victimize-130-firms/180487/

• Organisations Are Spending Billions on Malware Defence That’s Easy to Bypass

Last year, organisations spent $2 billion on products that provide Endpoint Detection and Response, a relatively new type of security protection for detecting and blocking malware targeting network-connected devices. EDRs, as they're commonly called, represent a newer approach to malware detection. Static analysis, one of two more traditional methods, searches for suspicious signs in the DNA of a file itself. Dynamic analysis, the other more established method, runs untrusted code inside a secured "sandbox" to analyse what it does to confirm it's safe before allowing it to have full system access.

EDRs—which are forecasted to generate revenue of $18 billion by 2031 and are sold by dozens of security companies—take an entirely different approach. Rather than analyse the structure or execution of the code ahead of time, EDRs monitor the code's behaviour as it runs inside a machine or network. In theory, it can shut down a ransomware attack in progress by detecting that a process executed on hundreds of machines in the past 15 minutes is encrypting files en masse. Unlike static and dynamic analyses, EDR is akin to a security guard that uses machine learning to keep tabs in real time on the activities inside a machine or network.

Despite the buzz surrounding EDRs, new research suggests that the protection they provide isn't all that hard for skilled malware developers to circumvent. In fact, the researchers behind the study estimate EDR evasion adds only one additional week of development time to the typical infection of a large organisational network. That's because two fairly basic bypass techniques, particularly when combined, appear to work on most EDRs available in the industry.

https://arstechnica.com/information-technology/2022/08/newfangled-edr-malware-detection-generates-billions-but-is-easy-to-bypass/

Threats

Ransomware

• Global Ransomware Damages to Exceed $30bn by 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Research: 10 Key Findings, Five Ways to Defend Against Hijackers - MSSP Alert

• Cyber Attack: Spike in Ransomware Threat to More Than 1.2 Million Per Month Between January-June, Says Report | LatestLY

• LockBit ransomware gang gets aggressive with triple-extortion tactic (bleepingcomputer.com)

• New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim (thehackernews.com)

• Chile and Montenegro Floored by Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks (thehackernews.com)

• Ragnar Locker Brags About TAP Air Portugal Breach (darkreading.com)

• Police ‘negotiating with hackers’ who hit Paris hospital computer system | World | The Times

• Advanced cyber-attack: NHS doctors' paperwork piles up - BBC News

• Another Ransomware For Linux Likely In Development - Security Affairs

• Montenegro hit by ransomware attack, hackers demand $10 million (bleepingcomputer.com)

• Should ransomware payments be banned? A few considerations - Help Net Security

• Researchers Spot Snowballing BianLian Ransomware Gang Activity (darkreading.com)

• Ragnar Locker continues trend of ransomware targeting energy sector | CSO Online

• BlackCat ransomware claims attack on Italian energy agency (bleepingcomputer.com)

• Italian Oil Major Becomes Victim Of Ransomware Attack | OilPrice.com

• Damart clothing store hit by Hive ransomware, $2 million demanded (bleepingcomputer.com)

• Baker & Taylor's Systems Remain Offline a Week After Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Gloucester Council planning site still disrupted from cyber attack - BBC News

BEC – Business Email Compromise

• How BEC attacks on human capital management systems are increasing - Help Net Security

Malware

• Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users | McAfee Blog

• A study on malicious plugins in WordPress Marketplaces - Security Affairs

• Prynt Stealer Contains a Backdoor to Steal Victims' Data Stolen by Other Cyber criminals (thehackernews.com)

• New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers (thehackernews.com)

• BumbleBee a New Modular Backdoor Evolved From BookWorm (trendmicro.com)

• Malicious Chrome Extensions Plague 1.4M Users (darkreading.com)

Mobile

• Mobile banking apps put 300,000 digital fingerprints at risk • The Register

• Researcher unveils smart lock hack for fingerprint theft (techtarget.com)

• Source Code of Over 1800 Android and iOS Apps Gives Access to AWS Credentials - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams (darkreading.com)

• Singapore clocks higher ransomware attacks, warns of IoT risks | ZDNET

• Standards Body Publishes Guidelines for IoT Security Testing - Infosecurity Magazine (infosecurity-magazine.com)

• ieGeek Vulnerabilities still prevalent in 2022 - Amazon Ft. IG20 (realinfosec.net)

Data Breaches/Leaks

• Evil Corp and Conti Linked to Cisco Data Breach, eSentire Suggests - Infosecurity Magazine (infosecurity-magazine.com)

• Okta Says Customer Data Compromised in Twilio Hack | SecurityWeek.Com

• Password Manager With 25 Million Users Confirms Breach, Expert Weighs In (informationsecuritybuzz.com)

• Neopets says hackers had access to its systems for 18 months (bleepingcomputer.com)

• Akasa Air Suffers Data Leak on First Day of Operation- IT Security Guru

• Samsung says hackers obtained some customer data in newly disclosed breach | Engadget

• Millions of student loan accounts exposed in data breach | TechRadar

• Russian streaming platform confirms data breach affecting 7.5M users (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FBI: Crooks stole $1b+ in cryptocurrency already this year • The Register

• Ukraine takes down cyber crime group hitting crypto fraud victims (bleepingcomputer.com)

• FBI: Crooks are using these DeFi flaws to steal your money | ZDNET

• Windows malware delays coinminer install by a month to evade detection (bleepingcomputer.com)

• Cryptominer Disguised as Google Translate Targeted 11 Countries - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack (darkreading.com)

• Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers (thehackernews.com)

Insider Risk and Insider Threats

• West Yorkshire PC due in court over police computer searches - BBC News

Fraud, Scams & Financial Crime

• Big Banks vs. Big Tech: Who Is Liable For Online Fraud? (informationsecuritybuzz.com)

Insurance

• Cyber insurance has been around for 25 years. It’s still a bit of a mess. (slate.com)

• Who Pays for an Act of Cyber War? | WIRED

• Travelers, Policyholder Agree to Void Current Cyber Policy (insurancejournal.com)

• Cyber Frauds Skyrocket: Can Cyber Insurance Protect You in Real World? Experts Explain (news18.com)

• Google Cloud, Microsoft and AWS dive into cyber insurance - Protocol

• Cyber Insurance Price Hike Hits Local Governments Hard (insurancejournal.com)

• Insurers must rethink handling of cyber attacks on states | Financial Times (ft.com)

• Cyber insurance on rise as attacks surge | Mint (livemint.com)

Dark Web

• German man charged for trying to hire fake contract killer on darkweb | Euronews

• COVID-19 data put for sale on Dark Web - Security Affairs

• NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor (darkreading.com)

Supply Chain and Third Parties

• PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks - SentinelOne

Software Supply Chain

• NSA and CISA share tips to secure the software supply chain (bleepingcomputer.com)

Denial of Service DoS/DDoS

• DDoS activity launched by patriotic hacktivists is on the rise - Help Net Security

Cloud/SaaS

• 1 in 3 organisations don't know if their public cloud data was exfiltrated - Help Net Security

• Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation (darkreading.com)

Encryption

• CISA: Prepare now for quantum computers, not when hackers use them (bleepingcomputer.com)

• Homomorphic encryption: a holy grail for privacy, explained (fastcompany.com)

API

• The 4 Most Common OWASP API Security - IT Security Guru

Open Source

• Linux devices 'increasingly' under attack from hackers, warn security researchers | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

• LastPass source code breach – do we still recommend password managers? – Naked Security (sophos.com)

Social Media

• Social media is ruining our lives and the public are finally waking up (telegraph.co.uk)

• LinkedIn New Hacking Scam (informationsecuritybuzz.com)

• Thousands lured with blue badges in Instagram phishing attack (bleepingcomputer.com)

Training, Education and Awareness

• (ISC)² Launches 'Certified in Cybersecurity' Entry-Level Certification to Address Global Workforce Gap (darkreading.com)

Privacy

• Trident Royal Navy staff reveal sensitive data on fitness app | News | The Times

• Cops wanted to keep mass surveillance app secret; privacy advocates refused | Ars Technica

• US telcos admit to storing, handing over location data • The Register

• Facebook moves to settle Cambridge Analytica lawsuit | TechCrunch

• Homomorphic encryption: a holy grail for privacy, explained (fastcompany.com)

• Nobody’s special to the WFH software spies | Comment | The Times

Travel

• Cyber Safety for Summer Vacation | SecurityWeek.Com

Parental Controls and Child Safety

• Scammers Targeting Thousands Of Children As Young As Six, Figures Show (informationsecuritybuzz.com)

• Over a Third of Parents Do Not Know What Online Accounts Their Children Use - IT Security Guru

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Why Russia's cyber war in Ukraine hasn't played out as predicted (newatlas.com)

• Ukraine's army of hackers failed to thwart Russia and quickly gave up | New Scientist

• Cyber criminals Apparently Involved in Russia-Linked Attack on Montenegro Government | SecurityWeek.Com

• Who Pays for an Act of Cyber War? | WIRED

• Moscow gridlock as hackers send dozens of taxis to Hotel Ukraine (telegraph.co.uk)

• Finland To Offer Businesses Cybersec Vouchers In Wake Of Nato-related (informationsecuritybuzz.com)

• China-linked APT40 used ScanBox Framework in a long-running espionage campaign - Security Affairs

• Montenegro says Russian cyber attacks threaten key state functions (bleepingcomputer.com)

• Google says it cut off Russian disinformation sites from its vast ad display network - CyberScoop

• Ex-spies banned from arms exports for UAE hack-for-hire work • The Register

Nation State Actors

Nation State Actors – Russia

• Third-party hacking groups lose interest in Russia-Ukraine conflict, study claims | SC Media (scmagazine.com)

• FBI deploys cyber team to Montenegro following massive cyber attack | The Hill

• New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers (thehackernews.com)

• Montenegro Sent Back to Analog by Unprecedented Cyber Attacks | Balkan Insight

Nation State Actors – China

• Chinese Hackers Target Energy Firms in South China Sea | SecurityWeek.Com

• China-linked APT40 targets wind turbines, Aust. government • The Register

Nation State Actors – Misc

• Insurers must rethink handling of cyber attacks on states | Financial Times (ft.com)

Vulnerabilities

• Apple Quietly Releases Another Patch for Zero-Day RCE Bug (darkreading.com)

• Google Chrome emergency update fixes new zero-day used in attacks (bleepingcomputer.com)

• URGENT! Apple slips out zero-day update for older iPhones and iPads – Naked Security (sophos.com)

• WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites | SecurityWeek.Com

• Critical hole in Atlassian Bitbucket needs patching now • The Register

Reports Published in the Last Week

• Tackling the Growing and Evolving Digital Attack Surface 2022 Midyear Cybersecurity Report (trendmicro.com)

Other News

• Former Cyber criminal: These Are the Biggest Threats on the Internet (businessinsider.com)

• Stuxnet explained: The first known cyber weapon | CSO Online

• Infra Used in Cisco Hack Also Targeted Workforce Management Solution (thehackernews.com)

• Flicking the kill switch: governments embrace internet shutdowns as a form of control | Internet | The Guardian

• Okta Impersonation Technique Could be Utilized by Attackers | SecurityWeek.Com

• Remote Work Cyber Security: 12 Risks and How to Prevent Them (techtarget.com)

• Does your cyber crime prevention program work? - Help Net Security

• Does Blockchain really offer Better Digital Security? - IT Security Guru

• IT and Employees Don’t Always See Eye to Eye on Cyber Security - IT Security Guru

• New Cyber Security Regulations Are Coming. Here’s How to Prepare. (hbr.org)

• 3 Cyber Security Trends for 2022 - IT Security Guru

• Cyber security budget breakdown and best practices (techtarget.com)

• How Just-in-Time privilege elevation prevents data breaches and lateral movement - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.