Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• It’s Time to Evaluate Your Security Education Plan with the Rise in Social Engineering Attacks

Security provider Purplesec found 98% of attacks in 2022 involved an element of social engineering. Social engineering attacks can take many forms including phishing, smishing, vishing and quishing and it’s vital to educate your organisation on how to best prepare for these. Education plans should focusing on educating all levels of users, including those at the top. These plans should also be tested to allow organisations to assess where they are at and identify where they can improve.

https://www.darkreading.com/endpoint/as-social-engineering-attacks-skyrocket-evaluate-your-security-education-plan

• Mobile Users are More Susceptible to Phishing Attacks

A report conducted by mobile security provider Lookout focused on the impact of mobile phishing. Some of the key findings from the report included that more than 50% of personal devices were exposed to a mobile phishing attack every quarter, the percentage of users falling for multiple mobile phishing links increasing and an increased targeting of highly regulated industries such as insurance, banking and financial services. It is likely that this has resulted from the increase in relaxed bring your own device (BYOD) policies.

https://www.msspalert.com/cybersecurity-research/mobile-users-more-susceptible-to-phishing-attacks-than-two-years-ago/

• Phishing as a Service Stimulates Cyber Crime

Phishing attacks are at an all-time high and the usage of Phishing as a Service (PaaS) opens this attack technique to virtually anyone. The sale of “phishing kits” and usage of artificial intelligence has further increased the availability of this attack technique. In response, organisations should look to improve their email security, cloud security and education programs for employees.

https://www.trendmicro.com/en_us/ciso/23/c/phishing-as-a-service-phaas.html

• Attacker Breakout Time Drops to Just 84 Minutes

The average time it takes for a threat actor to move laterally from a compromised host within an organisation dropped 14% between 2012 and 2022 down to 84 minutes, according to a report by security provider Crowdstrike. With the reduction in time it takes a threat actor to move across systems, organisations have even less time to enact their incident response plans and contain breaches effectively, putting further pressure on the incident response team. By responding quickly, organisations can minimise the cost and damage of a breach. The report from Crowdstrike found that organisations were facing increasing difficulty in detecting suspicious activity as attackers are choosing to use valid organisation credentials rather than malware, to gain access to an organisation’s systems.

https://www.infosecurity-magazine.com/news/attacker-breakout-time-drops-just/

• Attackers are Developing and Deploying Exploits Faster Than Ever

A report from security provider Rapid7 found that over 56% of vulnerabilities were exploited within seven days of public disclosure. Worryingly, the median time for exploitation in 2022 was just one day. The finding from the report highlights the need for organisations to not only conduct threat intelligence to be aware of vulnerabilities but to also look to employ patches where possible in a timely manner.

https://www.helpnetsecurity.com/2023/03/03/attackers-developing-deploying-exploits/

• Old Vulnerabilities are Haunting Organisations and Aiding Attackers

Known vulnerabilities, vulnerabilities for which patches have already been made available, are one of the primary attack vectors for threat actors. Vulnerability management vendor Tenable found that the top exploited vulnerabilities were originally disclosed as far back as 2017 and organisations that had not applied these patches were at increased risks of attack.

https://www.helpnetsecurity.com/2023/03/03/known-exploitable-vulnerabilities/

• Scams Drive Nearly $9bn Fraud Surge in 2022

Americans lost $8.8 billion to fraud last year, with imposter scams responsible for $2.8 billion of that amount, according to the Federal Trade Commission (FTC). Losses to business imposters were particularly damaging, climbing to $660 million from the previous year. Interestingly, the FTC found that younger people reported losing money to fraud the most often.

https://www.infosecurity-magazine.com/news/investment-scams-drive-9bn-in/

• Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This

The World Economic Forum’s recent report found that 93% of cyber security leaders and 86% of business leaders think it is moderately or very likely that global geopolitical instability will lead to a catastrophic cyber event in the next two years. Reinforcing this, a report from (ISC)² found that 80% of business executives believe a weakening economy will increase cyber threats and a recession will only amplify this.

https://www.csoonline.com/article/3689008/economic-pressures-are-increasing-cybersecurity-risks-a-recession-would-amp-them-up-more.html

• Cyber Security in this Era of Polycrisis

A year since Russia invaded Ukraine, the geopolitical context is increasingly tense and volatile. The world faces several major crises in what has been coined a 'polycrisis,' a cluster of global shocks with compounding effects. This, along with increasing geopolitical tensions causes a rise in risk from cyber attacks. In fact, the European Union Agency for Cyber Security (ENISA) recently issued an alert regarding actors conducting malicious cyber activities against businesses and governments in the European Union and findings from Google show a 300% increase in state-sponsored cyber attacks targeting users in NATO countries.

https://www.weforum.org/agenda/2023/02/cybersecurity-in-an-era-of-polycrisis/

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions

Research provider TRM labs found that some major Russian-linked ransomware crime gangs have rebranded their activities in 2022 to avoid sanctions. To strengthen their anonymity, two major ransomware crime gangs LockBit and Conti restructured their activities. Conti is reported to have restructured into three smaller groups named Black Besta, BlackByte, Karakurt. LockBit on the other hand launched LockBit 3.0, which is focused on monetary gain. Additionally, the report found that Russian-speaking darknet markets had amassed over $130 million in sales.

https://cryptopotato.com/russian-ransomware-projects-rebranded-to-avoid-western-sanctions-report/

• Ransomware Attacks Ravaged Big Names in February

Despite the apparent slight drop in ransomware activity last month, several high profile targets of various industries were hit; this ranges from the likes of the US Marshal Service, retailer WH Smith, satellite provider Dish and many more. These attacks reinforce the concept that any organisation can be a victim, regardless of industry.

https://www.techtarget.com/searchsecurity/news/365532056/Ransomware-attacks-ravaged-big-names-in-February

• Firms Who Pay Ransoms Subsidise New Attacks

A report from security provider Trend Micro found that whilst only a relatively small number of ransomware victims pay their extorters, those that do pay are effectively funding 6-10 new attacks. The report also found that attackers are aware of which industries and countries pay ransoms more often, so organisations belonging to those industries and countries may find themselves an even more attractive target.

https://www.infosecurity-magazine.com/news/firms-pay-ransom-subsidise-10/

• How the Ukraine War Opened a Fault Line in Cyber Crime

A report from threat intelligence provider Recorded Future has highlighted the impact that the Russian invasion of Ukraine has had on cyber. Recorded Future explain how a number of threat actor groups fled during the war and in addition to differing political views between groups, there has been a disruption to the cyber environment. In fact, Recorded Future found that Russian-language dark web marketplaces have taken a major hit and the prediction is that the epicentre of cyber crime may shift to English-speaking dark web forums, shops and marketplaces.

https://www.darkreading.com/analytics/ukraine-war-fault-line-cybercrime-forever

Threats

Ransomware, Extortion and Destructive Attacks

• Firms Who Pay Ransom Subsidise 10 New Attacks: Report - Infosecurity Magazine (infosecurity-magazine.com)

• Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)

• New cyber attack tactics rise up as ransomware payouts increase | CSO Online

• Ransomware Attacks: Don’t Let Your Guard Down - SecurityWeek

• Ransomware attacks ravaged big names in February | TechTarget

• Cyber Insurance Market Back From Brink After Onslaught of Ransomware Attacks (insurancejournal.com)

• Royal Mail schools LockBit in leaked negotiation (malwarebytes.com)

• 'Ethical hacker' among ransomware suspects arrested • The Register

• Wiper malware goes global, destructive attacks surge - Help Net Security

• A Deep Dive into the Evolution of Ransomware Part 3 (trendmicro.com)

• New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware (bleepingcomputer.com)

• PureCrypter malware hits govt orgs with ransomware, info-stealers (bleepingcomputer.com)

• Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain (thehackernews.com)

• Dish Network confirms ransomware attack behind multi-day outage (bleepingcomputer.com)

• US Marshals Ransomware Hit Is 'Major' Incident (darkreading.com)

• The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)

• Vice Society publishes data stolen during Vesuvius ransomware attack • Graham Cluley

• US Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities (thehackernews.com)

Phishing & Email Based Attacks

• New cyber attack tactics rise up as ransomware payouts increase | CSO Online

• Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert

• Phishing as a Service Stimulates Cyber crime (trendmicro.com)

• Phone Attacks and MFA Bypass Drive Phishing to New Heights - Infosecurity Magazine (infosecurity-magazine.com)

• Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer (trendmicro.com)

BEC – Business Email Compromise

• New cyber attack tactics rise up as ransomware payouts increase | CSO Online

• Expert strategies for defending against multilingual email-based attacks - Help Net Security

• Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan (darkreading.com)

• The Top 5 New Social Engineering Attacks in 2023 - (ISC)² Blog (isc2.org)

• How to Prevent Callback Phishing Attacks on Your Organization (bleepingcomputer.com)

2FA/MFA

• Phone Attacks and MFA Bypass Drive Phishing to New Heights - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• RIG Exploit Kit still infects enterprise users via Internet Explorer (bleepingcomputer.com)

• Exfiltrator-22 Post-Exploitation Toolkit Nips At Cobalt Strike's Heels (darkreading.com)

• Malicious package flood on PyPI might be sign of new attacks to come | CSO Online

• Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)

• Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques (thehackernews.com)

• It's official: BlackLotus malware can bypass secure boot • The Register

• Threat actors target law firms with GootLoader and SocGholish--Security Affairs

• Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer (trendmicro.com)

Mobile

• Mobile Users More Susceptible to Phishing Attacks than Two Years Ago - MSSP Alert

• Mobile Banking Trojans Surge, Doubling in Volume (darkreading.com)

• Privacy Concerns Raised Over Android Apps' Data Safety Labels - Infosecurity Magazine (infosecurity-magazine.com)

• Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News

• Phone Attacks and MFA Bypass Drive Phishing to New Heights - Infosecurity Magazine (infosecurity-magazine.com)

• Don't be fooled by a pretty icon, malicious apps hide in plain sight - Help Net Security

Denial of Service/DoS/DDOS

• Danish Hospitals Struck By Cyber attack From ‘Anonymous Sudan’ (informationsecuritybuzz.com)

Data Breaches/Leaks

• LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek

• LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)

• Stanford University discloses data breach affecting PhD applicants (bleepingcomputer.com)

• More than 200 cyber attacks with theft of personal data reported to Irish authorities in a year (thejournal.ie)

• Threat actors leak Activision employee data on hacking forum--Security Affairs

• 10 US states that suffered the most devastating data breaches in 2022 - Help Net Security

• Australian orgs lodged 497 data breach notices in back half of 2022 - Security - iTnews

• WH Smith targeted by cyber attack with hackers accessing data on current and former employees | Business News | Sky News

• API Security Flaw Found in Booking.com Allowed Full Account Takeover - Infosecurity Magazine (infosecurity-magazine.com)

• Hatch Bank discloses data breach after GoAnywhere MFT hack (bleepingcomputer.com)

• GunAuction site was hacked and data of 565k accounts were exposed--Security Affairs

• Chick-fil-A confirms accounts hacked in months-long "automated" attack (bleepingcomputer.com)

• What GoDaddy's Years-Long Breach Means for Millions of Clients (darkreading.com)

Organised Crime & Criminal Actors

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)

• Russian IT “Brain Drain” Decentralizes Cyber crime - Infosecurity Magazine (infosecurity-magazine.com)

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cryptocurrency Bitcoin mining rig found in school crawlspace • The Register

• Highly evasive cryptocurrency miner targets macOS--Security Affairs

• Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques (thehackernews.com)

Insider Risk and Insider Threats

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

Fraud, Scams & Financial Crime

• Investment Scams Drive $9bn Fraud Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

• How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)

• FTC reveals alarming increase in scam activity, costing consumers billions - Help Net Security

• Resecurity identified the investment scam network Digital Smoke - Help Net Security

• Pig butchering scam explained: Everything you need to know (techtarget.com)

AML/CFT/Sanctions

• Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report (cryptopotato.com)

Insurance

• Cyber Insurance Market Back From Brink After Onslaught of Ransomware Attacks (insurancejournal.com)

• The future of cyber insurance - IT Security Guru

Dark Web

• Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (darkreading.com)

Supply Chain and Third Parties

• Third-party risks overwhelm traditional ERM setups - Help Net Security

• Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert

• Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)

Software Supply Chain

• Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)

• SBOM is a 'massive galaxy of mess' for supply chain security • The Register

• IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)

Cloud/SaaS

• How to Tackle the Top SaaS Challenges of 2023 (thehackernews.com)

• Cloud incident response: Frameworks and best practices | TechTarget

• Security teams have no control over risky SaaS-to-SaaS connections - Help Net Security

• It only takes one over-privileged identity to do major damage to a cloud - Help Net Security

• SCARLETEEL hackers use advanced cloud skills to steal source code, data (bleepingcomputer.com)

• Shocking Findings from the 2023 Third-Party App Access Report (thehackernews.com)

• Google Cloud Platform allows data exfiltration without a (forensic) trace - Help Net Security

• What Happened in That Cyber attack? With Some Cloud Services, You May Never Know (darkreading.com)

• Public SaaS Assets Are a Major Risk For Medium, Large Firms - Infosecurity Magazine (infosecurity-magazine.com)

• New Report: Inside the High Risk of Third-Party SaaS Apps (darkreading.com)

Containers

• Hackers Exploit Containerized Environments to Steals Proprietary Data and Software (thehackernews.com)

Hybrid/Remote Working

• Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)

• How to work from home securely, the NSA way (malwarebytes.com)

Encryption

• Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News

API

• Application Security vs. API Security: What is the difference? (thehackernews.com)

• API Security Flaw Found in Booking.com Allowed Full Account Takeover - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Iron Tiger hackers create Linux version of their custom malware (bleepingcomputer.com)

• Should organisations swear off open-source software altogether? | VentureBeat

• Top 10 open source software risks for 2023 | CSO Online

• IBM Contributes Supply Chain Security Tools to OWASP (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• LastPass Says DevOps Engineer Home Computer Hacked - SecurityWeek

• Critical Vulnerabilities Allowed Booking.com Account Takeover - SecurityWeek

• Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets (darkreading.com)

Social Media

• White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek

• EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO

• TikTok answers three big cyber-security fears about the app - BBC News

• Meta says $725M deal ends all Cambridge Analytica claims; one state disagrees | Ars Technica

Training, Education and Awareness

• As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan (darkreading.com)

Parental Controls and Child Safety

• Hackers Target Young Gamers: How Your Child Can Cause Business Compromise (darkreading.com)

Regulations, Fines and Legislation

• UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)

• Cyber resilience in focus: EU act to set strict standards - Help Net Security

• Work-From-Home Regulations Are Coming. Companies Aren’t Ready. (mit.edu)

• White House to Take Aggressive Stance Mandating Private Industry Make Systems Cyber Safe - MSSP Alert

• ML practitioners push for mandatory AI Bill of Rights - Help Net Security

Governance, Risk and Compliance

• Third-party risks overwhelm traditional ERM setups - Help Net Security

• Economic pressures are increasing cybersecurity risks; a recession would amp them up more | CSO Online

• CISOs Share Their 3 Top Challenges for Cybersecurity Management (darkreading.com)

• The Importance of Recession-Proofing Security Operations (darkreading.com)

• Third-Party Risks: Challenges for MSSPs and How to Overcome Them - MSSP Alert

• Decrypting Cyber Risk Quantification (trendmicro.com)

• How to de-risk your digital ecosystem | CSO Online

• CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles - SecurityWeek

Models, Frameworks and Standards

• CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping (bleepingcomputer.com)

Careers, Working in Cyber and Information Security

• Gartner Prediction: Nearly Half of Cybersecurity Pros Will Change Jobs by 2025 - MSSP Alert

• Top 7 cybersecurity jobs in high demand (cointelegraph.com)

• Growing Demand For Skilled Cybersecurity Workforce In Digital Age (informationsecuritybuzz.com)

• Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert | Computer Weekly

• Partnering With a Cybersecurity Vendor Can Help You Recruit Top Talent - MSSP Alert

• CISOs Are Stressed Out and It's Putting Companies at Risk (thehackernews.com)

Law Enforcement Action and Take Downs

• 'Ethical hacker' among ransomware suspects arrested • The Register

• The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win (darkreading.com)

Privacy, Surveillance and Mass Monitoring

• UK seeks to ‘focus’ espionage bill to head off Lords rebellion | Financial Times (ft.com)

• Press greets Home Office redraft of national security bill with scepticism | Media | The Guardian

• Privacy Concerns Raised Over Android Apps' Data Safety Labels - Infosecurity Magazine (infosecurity-magazine.com)

• The Air Force Is Now Using Facial Recognition Drones (gizmodo.com)

• How dog tracker apps are snooping on humans, according to cyber security experts (telegraph.co.uk)

Artificial Intelligence

• Generative AI Changes Everything We Know About Cyber attacks (darkreading.com)

• ChatGPT is bringing advancements and challenges for cybersecurity - Help Net Security

• How I Broke Into a Bank Account With an AI-Generated Voice (vice.com)

• ML practitioners push for mandatory AI Bill of Rights - Help Net Security

Misinformation, Disinformation and Propaganda

• China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)

• Russian IT “Brain Drain” Decentralizes Cyber crime - Infosecurity Magazine (infosecurity-magazine.com)

• How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)

• Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)

• 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop

• Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)

• CISA Calls For Increased Vigilance One Year After Ukraine's Russian Invasion - Infosecurity Magazine (infosecurity-magazine.com)

• CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs

• White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek

• Russian charged with smuggling US counterintel tech • The Register

• Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online

• China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)

• 'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek

• Belgium’s cyber security agency links China to spear phishing attack on MP | Financial Times (ft.com)

• China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian

• China Is Relentlessly Hacking Its Neighbors | WIRED

Nation State Actors

• Cyber security must be tightened up in this era of polycrisis | World Economic Forum (weforum.org)

• Russian IT “Brain Drain” Decentralizes Cyber crime - Infosecurity Magazine (infosecurity-magazine.com)

• How the Ukraine War Opened a Fault Line in Cyber crime, Possibly Forever (darkreading.com)

• Hacker group defaces Russian websites to display the Kremlin on fire | TechCrunch

• Russia-Ukraine War: A Year of Cyber Shortfalls (foreignpolicy.com)

• CISA Calls For Increased Vigilance One Year After Ukraine's Russian Invasion - Infosecurity Magazine (infosecurity-magazine.com)

• CERT of Ukraine: Russia-linked APT backdoored multiple govt sites-Security Affairs

• Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (darkreading.com)

• White House: No More TikTok on Gov't Devices Within 30 Days - SecurityWeek

• Russian charged with smuggling US counterintel tech • The Register

• Cyber security in wartime: how Ukraine's infosec community is coping | CSO Online

• EU Parliament bans staff from using TikTok over ‘cybersecurity concerns’ – POLITICO

• China's BlackFly Targets Materials Sector in 'Relentless' Quest for IP (darkreading.com)

• 'Hackers' Behind Air Raid Alerts Across Russia: Official - SecurityWeek

• Belgium’s cyber security agency links China to spear phishing attack on MP | Financial Times (ft.com)

• 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop

• China spends billions on pro-Russia disinformation, US special envoy says | China | The Guardian

• China Is Relentlessly Hacking Its Neighbors | WIRED

• TikTok answers three big cyber-security fears about the app - BBC News

• Russia bans foreign messaging apps in government organisations (bleepingcomputer.com)

• Chinese hackers use new custom backdoor to evade detection (bleepingcomputer.com)

Vulnerability Management

• Unpatched old vulnerabilities continue to be exploited: Report | CSO Online

• All CVEs Are Not Created Equal (darkreading.com)

Vulnerabilities

• A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica

• Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig (portswigger.net)

• Popular IBM file transfer tool vulnerable to cyber attacks, CISA says - The Record from Recorded Future News

• Hackers are actively exploiting Zoho ManageEngine flaw-Security Affairs

• All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million (searchenginejournal.com)

• CISA warns of hackers exploiting ZK Java Framework RCE flaw (bleepingcomputer.com)

• Security Defects in TPM 2.0 Spec Raise Alarm - SecurityWeek

• Cisco patches critical Web UI RCE flaw in multiple IP phones (bleepingcomputer.com)

• Aruba Networks fixes six critical vulnerabilities in ArubaOS (bleepingcomputer.com)

• Microsoft releases Windows security updates for Intel CPU flaws (bleepingcomputer.com)

Tools and Controls

• LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (thehackernews.com)

• Well-funded security systems fail to prevent cyber attacks in US and Europe: Report | CSO Online

• The Future of Network Security: Predictive Analytics and ML-Driven Solutions (thehackernews.com)

• Microsoft announces automatic BEC, ransomware attack disruption capabilities - Help Net Security

• How to use zero trust and IAM to defend against cyber attacks in an economic downturn | VentureBeat

• Zero trust: building a mixed estate - NCSC.GOV.UK

• Pentesting No Longer Driven by Regulatory Compliance, New Study Finds - MSSP Alert

• Application Security vs. API Security: What is the difference? (thehackernews.com)

• A new AI-based tool to detect DDoS attacks

• CISA Shares Advice to Improve Networks' Monitoring and Hardening - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms - Microsoft Security Blog

• Accurately assessing the success of zero-trust initiatives | TechTarget

Other News

• Attackers are developing and deploying exploits faster than ever - Help Net Security

• Attacker Breakout Time Drops to Just 84 Minutes - Infosecurity Magazine (infosecurity-magazine.com)

• Moving target defence must keep cyber attackers guessing - Help Net Security

• Covert cyber attacks on the rise as attackers shift tactics for maximum impact - Help Net Security

• Dormant accounts are a low-hanging fruit for attackers - Help Net Security

• Dish Network goes offline after likely cyber attack, employees cut off (bleepingcomputer.com)

• News Corp says state hackers were on its network for two years (bleepingcomputer.com)

• UK won the Military Cyberwarfare exercise Defence Cyber Marvel-Security Affairs

• To Safeguard Critical Infrastructure, Go Back to Basics (darkreading.com)

• Feds accuse Google of destroying evidence in antitrust case • The Register

• Microsoft recommending you scan more Exchange server files • The Register

• CISA director urges tech sector to stop shipping unsafe products | CyberScoop

• Developers can make a great extension of your security team - Help Net Security

• 2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots (thehackernews.com)

• Uncovering the most pressing cybersecurity concerns for SMBs - Help Net Security

• Wiz execs: Most overhyped security tool is technology itself • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Employees Bypass Cyber Security Guidance to Achieve Business Objectives

Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.

https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/

• Three Quarters of Businesses Braced for Serious Email Attack this Year

According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.

https://www.csoonline.com/article/3688573/three-quarters-of-businesses-braced-for-serious-email-attack-this-year.html#tk.rss_news

• The Cost of Living Crisis is Triggering a Wave of Workplace Crime

Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000.  Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.

https://news.sky.com/story/the-cost-of-living-crisis-is-triggering-a-wave-of-workplace-crime-heres-how-12817082

• Fighting Ransomware with Cyber Security Audits

With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.

https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html

• Record Levels of Fraud Impacting 90% of Payment Compliance Teams

New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.

https://www.itsecurityguru.org/2023/02/17/overwhelm-impacts-90-of-payment-compliance-teams-as-they-combat-record-levels-of-fraud/

• CISOs Struggle with Stress and Limited Resources

A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.

https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/

• Cyber Threats and Regulations Mount for Financial Industry

Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.

https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry

• HardBit Ransomware Wants Insurance Details to Set the Perfect Price

Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.

 https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/ 

• Social Engineering is Becoming Increasingly Sophisticated

The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.

https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html

• A Fifth of Brits Have Fallen Victim to Online Scammers

Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.

https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/

• Cyber Attacks Hit Data Centres to Steal Information from Companies

Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.

https://www.csoonline.com/article/3688909/cyberattacks-hit-data-centers-to-steal-information-from-global-companies.html#tk.rss_news  

• Phishing Fears Ramp Up on Email, Collaboration Platforms

Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.

https://www.darkreading.com/remote-workforce/phishing-fears-ramp-up-on-e-mail-collaboration-platforms

• The War in Ukraine has Shaken up the Cyber Criminal Eco-System

One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.

https://www.zdnet.com/article/the-war-in-ukraine-has-shaken-up-the-cybercriminal-ecosystem-google-says/

• Police Bust €41m Email Scam Gang

A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.

https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/

Threats

Ransomware, Extortion and Destructive Attacks

• HardBit ransomware wants insurance details to set the perfect price (bleepingcomputer.com)

• An Overview of the Global Impact of Ransomware Attacks (bleepingcomputer.com)

• Fight Ransomware with a Cyber security Audit (trendmicro.com)

• Time to Deploy Ransomware Drops 94% - Infosecurity Magazine (infosecurity-magazine.com)

• Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)

• A Deep Dive into the Evolution of Ransomware Part 1 (trendmicro.com)

• A Deep Dive into the Evolution of Ransomware Part 2 (trendmicro.com)

• Guardian staff forced to work out of former brewery after ransomware attack (telegraph.co.uk)

• Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers (trendmicro.com)

• Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)

• GoAnywhere zero-day opened door to Clop ransomware (malwarebytes.com)

• Derivatives market still hit by fallout from Ion Markets cyber attack | Financial Times (ft.com)

• Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)

• Royal Mail resumes overseas deliveries via post offices after cyber-attack | Royal Mail | The Guardian

• LockBit gang takes credit for attack on water utility in Portugal - The Record from Recorded Future News

• IBM: Ransomware defenders showing signs of improvement | TechTarget

• ESXiArgs Ransomware Has Spread to 500 New Targets in Europe. Will there be More? - MSSP Alert

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED

• Food giant Dole hit by ransomware, halts North American production temporarily (bitdefender.com)

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)

• Trellix Report: LockBit 3.0 Ransomware "Most Aggressive" with Demands - MSSP Alert

• Israel's Top Tech University Targeted by DarkBit Ransomware (darkreading.com)

• Warnings were issued over a log-in system used by Cork university in weeks before cyber attack (thejournal.ie)

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Lockbit gang hit Portuguese municipal water utility Aguas do Porto-Security Affairs

• Student Medical Records Exposed After LAUSD Breach (darkreading.com)

Phishing & Email Based Attacks

• Three-quarters of businesses braced for ‘serious’ email attack this year | CSO Online

• Phishing Fears Ramp Up on Email, Collaboration Platforms (darkreading.com)

• Big rise in 'email thread hijacking' by cyber criminals (rte.ie)

• Fifth of Brits Have Fallen Victim to Online Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing as a Service (cyberark.com)

• Smishing, vishing and whaling: How phishing scams are evolving | The Star

• Microsoft Outlook flooded with spam due to broken email filters (bleepingcomputer.com)

• Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek

BEC – Business Email Compromise

• Google Translate Helps BEC Groups Scam Companies in Any Language (darkreading.com)

• Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Social engineering, deception becomes increasingly sophisticated-Security Affairs

• Smishing, vishing and whaling: How phishing scams are evolving | The Star

• Coinbase cyber attack targeted employees with fake SMS alert (bleepingcomputer.com)

2FA/MFA

• Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)

Malware

• GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft (thehackernews.com)

• Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)

• Researchers unearth Windows backdoor that’s unusually stealthy | Ars Technica

• Researchers warn of 'Havoc' command and control tool • The Register

• New WhiskerSpy malware delivered via trojanized codec installer (bleepingcomputer.com)

• Frebniis malware abuses Microsoft IIS feature to create a backdoor-Security Affairs

• New Stealc malware emerges with a wide set of stealing capabilities (bleepingcomputer.com)

• Experts Warn of RambleOn Android Malware Targeting South Korean Journalists (thehackernews.com)

• Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users - Infosecurity Magazine (infosecurity-magazine.com)

• Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (darkreading.com)

• Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (darkreading.com)

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)

• Russian national accused of developing, selling malware appears in US. court | CyberScoop

• Defenders on high alert as backdoor attacks become more common - Help Net Security

Mobile

• Five easy steps to keep your smartphone safe from hackers | ZDNET

• Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities - SecurityWeek

• Is Telegram the New Dark Web? Report Documents “Cybercrime Ecosystem” on Messaging App - CPO Magazine

• Accidental WhatsApp account takeovers? It's a thing • The Register

• Google will boost Android security through firmware hardening (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Seven German Airports Hit by Suspected Cyber Attack (heimdalsecurity.com)

• 4 Tips to Guard Against DDoS Attacks (darkreading.com)

Internet of Things – IoT

• Locking down the remote printer • The Register

• Are your IoT devices at risk? Cyber security concerns for 2023 - Help Net Security

Data Breaches/Leaks

• Sensitive US military emails exposed by unsecured Azure server • The Register

• DNA testing firm inks settlement after forgotten DB break-in • The Register

• Activision did not notify employees of data breach for months | TechCrunch

• GoDaddy blasted for breach response | SC Media (scmagazine.com)

• TELUS investigating leak of stolen source code, employee data (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The war in Ukraine has shaken up the cyber criminal ecosystem, Google says | ZDNET

• Russian cyber crime alliances upended by Ukraine invasion • The Register

• Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek

• Is Telegram the New Dark Web? Report Documents “Cyber crime Ecosystem” on Messaging App - CPO Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Norwegian police recover $5.9m crypto stolen by North Korea • The Register

• Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek

• Coinbase breached by social engineers, employee data stolen – Naked Security (sophos.com)

• ‘Nevada Group’ hackers target thousands of computer networks | Financial Times (ft.com)

• Pirated Final Cut Pro infects your Mac with cryptomining malware (bleepingcomputer.com)

• SBF faces four additional charges in FTX collapse case • The Register

Insider Risk and Insider Threats

• Employees bypass cyber security guidance to achieve business objectives - Help Net Security

• Insider Threats Don't Mean Insiders Are Threatening (darkreading.com)

• Insider threats must be top-of-mind for organisations facing layoffs - Help Net Security

Fraud, Scams & Financial Crime

• Overwhelm impacts 90% of payment compliance teams as they combat record levels of fraud - IT Security Guru

• The cost of living crisis is triggering a wave of workplace crime - here's how | UK News | Sky News

• Fifth of Brits Have Fallen Victim to Online Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• FTC: Americans lost $8.8 billion to fraud in 2022 after 30% surge (bleepingcomputer.com)

• Firm Fined £200K For "Exploitative" Call Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Europol busts ‘CEO fraud’ gang that stole €38M in a few days (bleepingcomputer.com)

• Criminals are flooding the internet with fake advice scams and adware, so watch out | TechRadar

• ‘They bleed you dry’: the recruitment scammers preying on Australian job seekers | Australia news | The Guardian

• City Fund Managers Jailed for £8m Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers Mimic ChatGPT to Steal Business Credentials (darkreading.com)

• SBF faces four additional charges in FTX collapse case • The Register

Insurance

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

Supply Chain and Third Parties

• UK NCSC Launches Recommendations on Supply Chain Mapping - Infosecurity Magazine (infosecurity-magazine.com)

• Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)

• Third-Party Providers Create Identity and Access Control Challenges for Fintech Apps (darkreading.com)

• 3 Steps to Automate Your Third-Party Risk Management Program (thehackernews.com)

Software Supply Chain

• This Will Be the Year of the SBOM, for Better or for Worse (darkreading.com)

Cloud/SaaS

• Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat

• Four steps SMBs can take to close SaaS security gaps - Help Net Security

• Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? (darkreading.com)

• Four Reasons Why Web Security is as Important as Endpoint Security for MSSP Clients - MSSP Alert

Containers

• 87% of Container Images in Production Have Critical or High-Severity Vulnerabilities (darkreading.com)

Encryption

• Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)

• AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek

API

• Why people-driven remediation is the key to strong API security - Help Net Security

• ‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector | The Daily Swig (portswigger.net)

Open Source

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

Passwords, Credential Stuffing & Brute Force Attacks

• Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)

Social Media

• Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users - Infosecurity Magazine (infosecurity-magazine.com)

• 7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media (darkreading.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

Malvertising

• Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)

Training, Education and Awareness

• Global threats fuel cyber defence training • The Register

Parental Controls and Child Safety

• Over confidence is putting children at risk online says Kaspersky research - IT Security Guru

Regulations, Fines and Legislation

• Cyber threats, Regulations Mount for Financial Industry (darkreading.com)

• Firm Fined £200K For "Exploitative" Call Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Employees bypass cyber security guidance to achieve business objectives - Help Net Security

• The financial system is alarmingly vulnerable to cyber attack | Financial Times (ft.com)

• Cyber threats, Regulations Mount for Financial Industry (darkreading.com)

• Fight Ransomware with a Cyber security Audit (trendmicro.com)

• Evolving Threat Landscape Leading to Cyber security Pro “Burnout,” Study Says - MSSP Alert

• Benchmarking your cyber security budget in 2023 | VentureBeat

• Security breach? Don’t blame your employees | TechCrunch

• 7 reasons to avoid investing in cyber insurance | CSO Online

• 5 top threats from 2022 most likely to strike in 2023 | CSO Online

• Cyber arms race, economic headwinds among top macro cyber security risks for 2023 | CSO Online

• Malicious actors push the limits of attack vectors - Help Net Security

Data Protection

• ICO Calls on Accountants to Improve SME Data Protection - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• CISOs struggle with stress and limited resources - Help Net Security

• Stress pushing CISOs out the door | CSO Online

• Complexity, volume of cyber attacks lead to burnout in security teams - Help Net Security

Law Enforcement Action and Take Downs

• Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek

• Russian national accused of developing, selling malware appears in US. court | CyberScoop

• Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Supreme Court declines to hear Wikimedia case against NSA surveillance program | CyberScoop

Artificial Intelligence

• MLOps Security AI power analysis breaks post-quantum security algorithm ... (eenewseurope.com)

• AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek

• Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Security Experts Warn of Foreign Cyber Threat to 2024 Voting - SecurityWeek

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs

• Russian cybercrime alliances upended by Ukraine invasion • The Register

• Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence-Security Affairs

• Musk restricts Starlink for Ukraine, cites World War III | Fortune

• America Loves Spying by Balloon, Just Like China (gizmodo.com)

• How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek

• Armenia and Azerbaijan Hackers Use OxtaRAT to Monitor Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Russia blames 'hackers' for fake missile strike alerts • The Register

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

• British Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)

Nation State Actors

• ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs

• The war in Ukraine has shaken up the cybercriminal ecosystem, Google says | ZDNET

• Russian cybercrime alliances upended by Ukraine invasion • The Register

• EU Cyber security Agency Warns Against Chinese APTs - Infosecurity Magazine (infosecurity-magazine.com)

• Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence-Security Affairs

• Russian spy working inside as security in a British embassy has been jailed for 13 years | UK News | Sky News

• Norwegian police recover $5.9m crypto stolen by North Korea • The Register

• America Loves Spying by Balloon, Just Like China (gizmodo.com)

• EU Organisations Warned of Chinese APT Attacks - SecurityWeek

• How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek

• Earth Zhulong Familiar Patterns Target Southeast Asian Firms (trendmicro.com)

• Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack (trendmicro.com)

• Putin Speech Broadcast Temporarily Stopped By DDoS Attack (informationsecuritybuzz.com)

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED

• Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (thehackernews.com)

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

Vulnerability Management

• CVSS system criticized for failure to address real-world impact | The Daily Swig (portswigger.net)

• Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

Vulnerabilities

• US Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog (thehackernews.com)

• Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy (thehackernews.com)

• SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities - SecurityWeek

• Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after release of PoC exploit-Security Affairs

• A New Kind of Bug Spells Trouble for iOS and macOS Security | WIRED

• VMware Patches Critical Vulnerability in Carbon Black App Control Product (thehackernews.com)

• New Privilege Escalation Bug Class Found on macOS and iOS - Infosecurity Magazine (infosecurity-magazine.com)

• PoC exploit code for critical Fortinet FortiNAC bug released online-Security Affairs

• Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks - SecurityWeek

• Hackers Exploit Privilege Escalation Flaw on Windows Backup Service - Infosecurity Magazine (infosecurity-magazine.com)

• Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (bleepingcomputer.com)

• Exploitation attempts observed against Fortinet FortiNAC flaw | TechTarget

• Researchers find hidden vulnerabilities in hundreds of Docker containers - Help Net Security

Tools and Controls

• Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)

• Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat

• 10 Best Network Security Solutions & Providers - 2023 (cybersecuritynews.com)

• Modern Software: What's Really Inside? (darkreading.com)

• Why privileged access management should be critical to your security strategy | VentureBeat

• The battle for data security now falls on developers; here’s how they can win | VentureBeat

• Zero trust, XDR prominent in Gartner’s Hype Cycle for Endpoint Security | VentureBeat

• Advantages of the AWS Security Maturity Model (trendmicro.com)

Other News

• Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)

• NSA shares guidance on how to secure your home network (bleepingcomputer.com)

• Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)

• Malicious actors push the limits of attack vectors - Help Net Security

• Researchers Hijack Popular NPM Package with Millions of Downloads (thehackernews.com)

• Is OWASP at Risk of Irrelevance? (darkreading.com)

• Justice Department Debuts 'Disruptive Technology Strike Force' (gizmodo.com)

• How to Detect New Threats via Suspicious Activities (thehackernews.com)

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

• White House cyber security strategy to force large companies to make systems secure by design | CyberScoop

• Microsoft urges Exchange admins to remove some antivirus exclusions (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.