Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• High Risk Users May be Few, but the Threat They Pose is Huge

High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.

https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/

• The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.

https://fortune.com/2023/02/15/cost-cybersecurity-insurance-soaring-state-backed-attacks-cover-shmulik-yehezkel/

• Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows

According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.

https://www.msspalert.com/cybersecurity-research/cyberattacks-worldwide-increased-to-an-all-time-high-check-point-research-reveals/

• Most Organisations Make Cyber Security Decisions Without Insights

A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.

https://www.msspalert.com/cybersecurity-research/mandiant-report-most-organizations-make-cybersecurity-decisions-without-insights/

• Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities.  A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.

https://venturebeat.com/security/ransomware-attackers-finding-new-ways-to-weaponize-old-vulnerabilities/

• Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.

https://www.msspalert.com/cybersecurity-research/are-c-suite-executives-fluent-in-it-security-speak-five-reasons-why-the-communication-gap-is-wider-than-you-think/

• Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.

https://www.infosecurity-magazine.com/news/bec-groups-multilingual/

• EU Countries Told to Step up Defence Against State Hackers

European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.

https://www.reuters.com/world/europe/eu-countries-told-step-up-defence-against-state-hackers-2023-02-14/

• Cyber Criminals Exploit Fear and Urgency to Trick Consumers

Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.

https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/

• How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.

https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/

• Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.

https://www.computerweekly.com/news/365531158/Russian-spear-phishing-campaign-escalates-efforts-toward-critical-UK-US-and-European-targets

• 5 Biggest Risks of Using Third Party Managed Service Providers

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.

https://www.csoonline.com/article/3687812/5-major-risks-third-party-services-may-bring-along-with-them.html#tk.rss_news

• Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.

https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

• US, UK slap sanctions on Russians linked to Conti and more • The Register

• Threat Analysis: VMware ESXi Attacks Soared in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (bleepingcomputer.com)

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• December ransomware attack leads to massive data breach from California health network - The Record from Recorded Future News

• Over 500 ESXiArgs Ransomware infections in one day in Europe-Security Affairs

• New ESXi ransomware strain spreads, foils decryption tools | TechTarget

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• North Korea Using Healthcare Ransomware To Fund More Hacking (informationsecuritybuzz.com)

• DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure-Security Affairs

• US Warns Critical Sectors Against North Korean Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Cisco Talos spots new MortalKombat ransomware attacks | TechTarget

• Ion: after the hack, the clean-up - Risk.net

• Hackers Target Israel’s Technion Demanding Huge Sum In Bitcoin - I24NEWS

• City of Oakland systems offline after ransomware attack (bleepingcomputer.com)

• MTU cyber breach: Probe after ransomware attacks 'like a murder investigation' (irishexaminer.com)

• MTU data appears on dark web after cyber attack – The Irish Times

• Oakland City Services Struggle to Recover From Ransomware Attack (darkreading.com)

• LockBit spree hits three large companies (techmonitor.ai)

• Ransomware gang uses new zero-day to steal data on 1 million patients | TechCrunch

• City of Oakland issued state of emergency after ransomware attack-Security Affairs

• Glasgow Arnold Clark customers at risk after major cyber attack | HeraldScotland

• LockBit and Royal Mail Ransomware Negotiation Leaked - Infosecurity Magazine (infosecurity-magazine.com)

• No relief in sight for ransomware attacks on hospitals | TechTarget

• Burton Snowboards cancels online orders after 'cyber incident' (bleepingcomputer.com)

• Dallas Central Appraisal District paid $170,000 to ransomware attackers (bitdefender.com)

Phishing & Email Based Attacks

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• NameCheap's email hacked to send Metamask, DHL phishing emails (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security GuruCyber

• Venmo Phishing Abusing LinkedIn "slink"

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

BEC – Business Email Compromise

• BEC Groups Target Firms With Multilingual Impersonation Attacks - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Malware

• Experts Warn of Surge in Multipurpose Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious Npm Package Uses Typosquatting, Downloads Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft OneNote Abuse for Malware Delivery Surges - Security Week

• New TA886 group targets companies with Screenshotter malware-Security Affairs

• Novel phishing campaign takes screenshots ahead of payload delivery | SC Media (scmagazine.com)

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Devs targeted by W4SP Stealer malware in malicious PyPi packages (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security Guru

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Pepsi distributor blames info-stealing malware for breach • The Register

• Malware that can do anything and everything is on the rise - Help Net Security

• Lokibot, AgentTesla Grow in January 2023's Most Wanted Malware List - Infosecurity Magazine (infosecurity-magazine.com)

• New stealthy 'Beep' malware focuses heavily on evading detection (bleepingcomputer.com)

• Thousands of WordPress sites have been infected by a mystery malware | TechRadar

• Beep: New Evasive Malware That Can Escape Under The Radar (informationsecuritybuzz.com)

• Hackers start using Havoc post-exploitation framework in attacks (bleepingcomputer.com)

• Hackers Targeting US and German Firms Monitor Victims' Desktops with Screenshotter (thehackernews.com)

• Malware authors leverage more attack techniques that enable lateral movement | CSO Online

Mobile

• RedEyes hackers use new malware to steal data from Windows, phones (bleepingcomputer.com)

Botnets

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

Denial of Service/DoS/DDOS

• Cloudflare blocks record-breaking 71 million RPS DDoS attack (bleepingcomputer.com)

• 87% of largest DDoS attacks in Q4 targeted telecoms: Lumen (fiercetelecom.com)

• The Tor network hit by wave of DDoS attacks for at least 7 months-Security Affairs

Internet of Things – IoT

• Digital burglaries: The threat from your smart home devices | Fox News

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Data Breaches

• MP’s laptop and iPad stolen from pub in 'worrying' security breach | Metro News

• Reddit was hit with a phishing attack. How it responded is a lesson for everyone | ZDNET

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

• 4 misconceptions about data exfiltration | VentureBeat

• Highmark data breach affecting about 300,000 members exposed personal information to hackers – WPXI

• Gulp! Pepsi hack sees personal information stolen by data-stealing malware (bitdefender.com)

• Nearly 50 million Americans impacted by health data breaches in 2022 (chiefhealthcareexecutive.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

• After apparent hack, data from Australian tech giant Atlassian dumped online | CyberScoop

• Atlassian: Leaked Data Stolen via Third-Party App (darkreading.com)

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

• Scandinavian Airlines says cyber attack caused passenger data leak (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Cyber crime as a Service: A Subscription-based Model in The Wrong Hands | Splunk

• A Hacker’s Mind — how the elites exploit the system | Financial Times (ft.com)

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

• Russian hacker convicted of $90 million hack-to-trade charges (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (thehackernews.com)

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• 451 PyPI packages install Chrome extensions to steal crypto (bleepingcomputer.com)

• DeFi exploits and access control hacks cost crypto investors billions in 2022: Report (cointelegraph.com)

• Using the blockchain to prevent data breaches | VentureBeat

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Quarter of Crypto Tokens in 2022 Linked to Pump-and-Dump - Infosecurity Magazine (infosecurity-magazine.com)

Insider Risk and Insider Threats

• A former Credit Suisse employee leaked employees' historic bonus data (efinancialcareers.com)

Fraud, Scams & Financial Crime

• Russian IT biz owner made $90M from stolen financial info • The Register

• Refund and Invoice Scams Surge in Q4 - Infosecurity Magazine (infosecurity-magazine.com)

• MoneyGram Fraud Victims Get $115m in Compensation - Infosecurity Magazine (infosecurity-magazine.com)

• 'Pig butchering' scams on the rise, luring victims with promises of relationships and riches | CyberScoop

• Cyber security Experts Warn Against Valentine's Day Romance Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Romance scam targets security researcher, hilarity ensues • The Register

• 10 signs that scammers have you in their sights | WeLiveSecurity

• Hackers Leverage PayPal to Send Malicious Invoices - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US, UK slap sanctions on Russians linked to Conti and more • The Register

Insurance

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

Dark Web

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

Supply Chain and Third Parties

• How to manage third-party cyber security risks that are too costly to ignore | TechCrunch

• 5 biggest risks of using third-party services providers | CSO Online

Cloud/SaaS

• Reimagining zero trust for modern SaaS - Help Net Security

• Cloud security: Where do CSP and client responsibilities begin and end? | VentureBeat

• Application and cloud security is a shared responsibility - Help Net Security

Attack Surface Management

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLine

Open Source

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Configuration Issues in SaltStack IT Tool Put Enterprises at Risk (darkreading.com)

• Solving open-source security — from Alpha to Omega | SC Media (scmagazine.com)

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Eek! You Can Steal Passwords From This Password Manager Using the Notepad App | PCMag

• Eurostar forces 'password resets' — then fails and locks users out (bleepingcomputer.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

Social Media

• Metaverse Adds New Dimensions to Web 3.0 Cyber security | TechRepublic

• Hard drugs actively sold on Twitter in plain sight. Twitter says it doesn’t breach its safety policies • Graham Cluley

• Elon Musk Seems to Think His Own Employees Are Shadowbanning Him (gizmodo.com)

• Venmo Phishing Abusing LinkedIn "slink"

Malvertising

• AdSense fraud campaign relies on 10,890 sites that were infected since September 2022-Security Affairs

Training, Education and Awareness

• High-risk users may be few, but the threat they pose is huge - Help Net Security

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Regulations, Fines and Legislation

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• The Online Safety Bill: An attack on encryption (element.io)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

Governance, Risk and Compliance

• Security buyers lack insight into threats, attackers, report finds | Computer Weekly

• Cyber attacks Worldwide Increased to an All-Time High, Check Point Research Reveals - MSSP Alert

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

• Are C-Suite Executives Fluent in IT Security Speak? Five Reasons Why the Communication Gap is Wider Than You Think - MSSP Alert

• Actionable intelligence is the key to better security outcomes - Help Net Security

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLineT

• Majority of Firms Make Cyber security Decisions Without Attacker Insight - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security and Compliance Can Break Down Silos to Save Money and Meet Increased Regulations - MSSP Alert

• Build Cyber Resiliency With These Security Threat-Mitigation Considerations (darkreading.com)

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• Evolving cyber attacks, alert fatigue creating DFIR burnout, regulatory risk | CSO Online

• Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

• Storage security for compliance and cyberwar in 2023 • The Register

Backup and Recovery

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

Careers, Working in Cyber and Information Security

• Get hired in cyber security: Expert tips for job seekers - Help Net Security

• 3 Ways CISOs Can Lead Effectively and Avoid Burnout (darkreading.com)

• Cyber security Jobs Remain Secure Despite Recession Fears (darkreading.com)

Law Enforcement Action and Take Downs

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• The FBI’s most controversial surveillance tool is under threat | Ars Technica

Artificial Intelligence

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• Cyber criminals Bypass ChatGPT Restrictions to Generate Malicious Content - Check Point Software

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• A.I. in the military could be a game changer in warfare | Fortune US issues declaration on responsible use of AI in the military | Reuters

Misinformation, Disinformation and Propaganda

• Revealed: the hacking and disinformation team meddling in elections | Technology | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | Cyber scoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• US shoots down ‘high-altitude object’ above Alaska | Financial Times (ft.com)

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - security Week

• SpaceX curbed Ukraine's use of Starlink terminals - Militarnyi

• US shoots down ‘octagonal’ flying object near military sites in Michigan | US news | The Guardian

• Six companies join US entity list after Chinese spy balloon • The Register

• How Alan Turing still casts his genius in the age of cyberwar | Metro News

• US warns its citizens in Russia to get out immediately over security fears | Euronews

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• ‘Significant’ debris from China spy balloon retrieved, says US military | US national security | The Guardian

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• Albanian gangs set up hundreds of spy cameras to keep ahead of police | Financial Times (ft.com)

• A.I. in the military could be a game changer in warfare | Fortune

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• The Lessons From Cyberwar, Cyber-in-War and Ukraine  - security Week

• Storage security for compliance and cyberwar in 2023 • The Register

Nation State Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | CyberScoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - Security Week

• MagicWeb Mystery Highlights Nobelium Attacker's Sophistication (darkreading.com)

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• North Korean Hackers Are Attacking US Hospitals | WIRED

• Six companies join US entity list after Chinese spy balloon • The Register

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Group-IB Blocks Attack By Chinese Tonto Team Hackers - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese ship accused of using ‘military-grade laser’ against Philippine vessel | Philippines | The Guardian

• Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad (thehackernews.com)

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• UK Policing Riddled with Chinese CCTV Cameras - Infosecurity Magazine (infosecurity-magazine.com)

• A new operating system has been released in Russia! (gizchina.com)

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries (thehackernews.com)

• SideWinder APT Attacks Regional Targets in New Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

Vulnerabilities

• Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs – Naked Security (sophos.com)

• Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps - Security Week

• Adobe Plugs Critical Security Holes in Illustrator, After Effects Software - Security Week

• Apple releases new fix for iPhone zero-day exploited by hackers | TechCrunch

• Intel issues patches for SGX vulnerabilities • The Register

• Firefox Updates Patch 10 High-Severity Vulnerabilities - Security Week

• Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software (thehackernews.com)

• CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws (thehackernews.com)

• Microsoft says Intel driver bug crashes apps on Windows PCs (bleepingcomputer.com)

• Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug – Naked Security (sophos.com)

• Splunk Enterprise Updates Patch High-Severity Vulnerabilities - Security Week

• Dozens of Vulnerabilities Patched in Intel Products - Security Week

• High-severity DLP flaw impacts Trellix for Windows | SC Media (scmagazine.com)

• Critical Vulnerability Patched in Cisco Security Products - Security Week

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

Tools and Controls

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

• SOAR vs. SIEM: What's the difference? | TechTarget

• PAM is failing - IT Security Guru

• Combining identity and security strategies to mitigate risks - Help Net Security

• Defending against attacks on Azure AD: Goodbye firewall, hello identity protection | CSO Online

• Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps (thehackernews.com)

• Attack surface management (ASM) is not limited to the surface - Help Net Security

• How to filter Security log events for signs of trouble | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

 UK, US, Australia Issue Joint Advisory: Ransomware on the Loose, Critical National Infrastructure Affected

Firms shelled out $5bn in Bitcoin in 6 months

Ransomware attacks are proliferating as criminals turn to gangs providing turnkey post-compromise services, Britain's National Cyber Security Centre (NCSC) has warned.

In a joint UK-US-Australia advisory issued this week, the three countries said they had "observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally."

The warning comes hot on the heels of several high-profile attacks against oil distribution companies and also businesses that operate ports in the West – though today's note insists there was a move by criminals away from "big game hunting" against US targets.

Among the main threats facing Western organisations were the use of "cybercriminal services-for-hire". These, as detailed in the advisory, include "independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals."

https://www.theregister.com/2022/02/09/uk_us_au_ransomware_warning/

Ransomware Groups and APT Actors Laser-Focused on Financial Services

Trellix released a report, examining cybercriminal behaviour and activity related to cyber threats in the third quarter (Q3) of 2021. Among its findings, the research reports that despite a community reckoning to ban ransomware activity from online forums, hacker groups used alternate personas to continue to proliferate the use of ransomware against an increasing spectrum of sectors – hitting the financial, utilities and retail sectors most often, accounting for nearly 60% of ransomware detections.

“While we ended 2021 focused on a resurgent pandemic and the revelations around the Log4j vulnerability, our third-quarter deep dive into cyber threat activity found notable new tools and tactics among ransomware groups and advanced global threat actors,” said Trellix.

https://www.helpnetsecurity.com/2022/02/07/cyber-threats-q3-2021/

Why the C-Suite Should Focus on Understanding Cyber Security and Investing Appropriately

Trend Micro has published a research revealing that persistently low IT/C-suite engagement may imperil investments and expose organisations to increased cyber risk. Over 90% of the IT and business decision makers surveyed expressed particular concern about ransomware attacks.

Despite widespread concern over spiralling threats, the study found that only 57% of responding IT teams discuss cyber risks with the C-suite at least weekly.

Vulnerabilities used to go months or even years before being exploited after their discovery.

“Now it can be hours, or even sooner. More executives than ever understand that they have a responsibility to be informed, but they often feel overwhelmed by how rapidly the cyber security landscape evolves. IT leaders need to communicate with their board in such a way that they can understand where the organisation’s risk is and how they can best manage it.”

https://www.helpnetsecurity.com/2022/02/10/c-suite-engagement/

Almost $1.3bn Paid to Ransomware Actors Since 2020

Cryptocurrency experts have identified $602m of ransomware payments made in 2021, but warned the real figure will likely surpass the $692m paid to cybercrime groups in 2020.

The findings come from the Ransomware Crypto Crime Report produced by blockchain investigations and analytics company Chainalysis. It reveals some fascinating insight into current industry trends.

Average payment size has soared over recent years, from $25,000 in 2019 to $88,000 a year later and $118,000 in 2021. That’s due in part to a surge in targeted attacks on major organisations, known as “big-game hunting,” which can net threat actors tens of millions in a single compromise.

“This big-game hunting strategy is enabled in part by ransomware attackers’ usage of tools provided by third-party providers to make their attacks more effective,” the report explained. “Usage of these services by ransomware operators spiked to its highest ever levels in 2021.”

https://www.infosecurity-magazine.com/news/almost-13bn-paid-to-ransomware/

Cyber Crooks Frame Targets by Planting Fabricated Digital Evidence

The ‘ModifiedElephant’ threat actors are technically unimpressive, but they’ve evaded detection for a decade, hacking human rights advocates’ systems with dusty old keyloggers and off-the-shelf RATs.

Threat actors are hijacking the devices of India’s human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn.

The actor, dubbed ModifiedElephant, has been at it for at least 10 years, and it’s still active. It’s been shafting targets since 2012, if not sooner, going after hundreds of groups and individuals – some repeatedly – according to SentinelLabs researchers.

The operators aren’t what you’d call technical prodigies, but that doesn’t matter. Threat researchers at SentinelOne, said that the advanced persistent threat (APT) group – which may be tied to the commercial surveillance industry – has been muddling along just fine using rudimentary hacking tools such as commercially available remote-access trojans (RATs)

https://threatpost.com/cybercrooks-frame-targets-plant-incriminating-evidence/178384/

Highly Evasive Adaptive Threats (HEAT) Bypassing Traditional Security Defences

Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defences.

HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, that in many cases leads to ransomware attacks.

In an analysis of almost 500,000 malicious domains, the research team discovered that 69% of these websites used HEAT tactics to deliver malware. These attacks allow bad actors to deliver malicious content to the endpoint by adapting to the targeted environment. Since July 2021, there was a 224% increase in HEAT attacks.

“With the abrupt move to remote working in 2020, every organisation had to pivot to a work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them,” said Menlo Security.

https://www.helpnetsecurity.com/2022/02/08/cyberthreats-bypass-security-defences/

LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong

However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.

Law enforcement, C-suite executives and the cyber security community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs, plus this weekend’s hit on the Swissport airport ground-logistics company, shows the scourge is far from over.

It’s more expensive and riskier than ever to launch ransomware attacks, and ransomware groups have responded by mounting fewer attacks with higher ransomware demands, Coveware has reported, finding that the average ransomware payment in the fourth quarter of last year climbed by 130 percent to reach $322,168. Likewise, Coveware found a 63 percent jump in the median ransom payment, up to $117,116.

“Average and median ransom payments increased dramatically during Q4, but we believe this change was driven by a subtle tactical shift by ransomware-as-a-service (RaaS) operations that reflected the increasing costs and risks previously described,” Coveware analysts said. “The tactical shift involves a deliberate attempt to extort companies that are large enough to pay a ‘big game’ ransom amount but small enough to keep attack operating costs and resulting media and law enforcement attention low.”

https://threatpost.com/lockbit-blackcat-swissport-ransomware-activity/178261/

2021 Was The Most Prolific Year On Record For Data Breaches

Spirion released a guide which provides a detailed look at sensitive data breaches in 2021 derived from analysis conducted against the Identity Theft Resource Center (ITRC) database of publicly reported data breaches in the United States.

The guide is based on the analysis of more than 1,500 data incidents that occurred in the United States during 2021 that specifically involved sensitive data, including personally identifiable information (PII). The report identifies the top sensitive data breaches by the number of individuals impacted, number of records compromised, threat actor, exposure vector, and types of sensitive data exposed by industry sector.

2021 was the most prolific year on record for data breaches, surpassing 2017’s all-time high. Last year a total of 1,862 data compromises were reported by US organisations—a 68 percent increase over 2020. ITRC data revealed that 83% of the year’s incidents exposed 889 million sensitive data records that impacted more than 150 million individuals.

https://www.helpnetsecurity.com/2022/02/09/2021-sensitive-data-breaches/

$1.3 Billion Lost to Romance Scams in the Past Five Years

Romance scams are reaching record-highs, regulators warn.

Netflix's new documentary, The Tinder Swindler, is a wild ride.

The show examines how an alleged fraudster impacted the lives of multiple women, matching with them on Tinder and treating them to expensive dates to gain their trust -- and eventually asking for huge sums of money.

While you may watch the show and wonder how someone -- no matter their gender -- could allow themselves to be swindled out of their savings, romance scams are common, breaking hearts and wiping bank balances around the world every day. 

We've moved on from the days of "lonely hearts" columns to dating apps, and they're popular channels to conduct fraud.

Fake profiles, stolen photos and videos, and sob stories from fraudsters (their car has broken down, they can't afford to meet a match, or, in The Tinder Swindler's case, their "enemies" are after them) are all weapons designed to secure interest and sympathy.

https://www.zdnet.com/article/1-3-billion-lost-to-romance-scams-in-the-past-five-years-ftc/

Cyber Security Compliance Still Not A Priority For Many

IBM survey suggests that cyber security still isn't a priority for many companies

The most consistent data point in the IBM i Marketplace Survey Results over recent years has been the ever-present cyber security threat. This year is no exception. The study shows that 62% of organisations consider cyber security a number one concern as they plan their IT infrastructure. 22% cite regulations and compliance in their top five. While companies that prioritise security seem to be implementing multiple solutions, it’s still alarming that nearly half of them do not plan to implement them.

The complexity of cyber security often leaves industry leaders confused and overwhelmed, unable to produce the sound, proactive stance that is so essential.

Cyber security standards can be confusing, but they are necessary. Tighter security can be encouraged with an understanding of cyber security guidelines

For many organisations, cyber security standards are just too complex to wrap their hands around, but that doesn’t mean it’s not necessary. Understanding how cyber security guidelines affect companies’ legal standing can help encourage tighter security.

https://www.itsecurityguru.org/2022/02/07/cybersecurity-compliance-still-not-a-priority-for-many/

The World is Falling Victim to the Growing Trickbot Attacks in 2022

The malware goons are back again. The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defence to slip past antimalware products.

TrickBot, which started out as a banking trojan, has evolved into a multi-purpose crimeware-as-a-service (CaaS) that’s employed by a variety of actors to deliver additional payloads such as ransomware. Over 100 variations of TrickBot have been identified to date, one of which is a “Trickboot” module that can modify the UEFI firmware of a compromised device. In the fall of 2020, Microsoft along with a handful of U.S. government agencies and private security companies teamed up to tackle the TrickBot botnet, taking down much of its infrastructure across the world in a bid to stymie its operations. But TrickBot has proven to be impervious to takedown attempts, what with the operators quickly adjusting their techniques to propagate multi-stage malware through phishing and malspam attacks, not to mention expanding their distribution channels by partnering with other affiliates like Shathak (aka TA551) to increase scale and drive profits.

Russian-based criminals behind the notorious malware known as Trickbot appear to be working overtime to upgrade the threat’s capabilities. Researchers announced last week the discovery of new malware components that enable monitoring and intelligence gathering on victims. The research findings include the detection of a VNC module that uses a custom communications protocol to obfuscate any data being transmitted between the command-and-control (C2) servers and the victims, making the attacks harder to find. The module is in active development and is being updated by criminals at a rapid pace.

https://www.analyticsinsight.net/the-world-is-falling-victim-to-the-growing-trickbot-attacks-in-2022/

“We Absolutely Do Not Care About You”: Sugar Ransomware Targets Individuals

Ransomware tends to target organisations. Corporations not only house a trove of valuable data they can’t function without, but they are also expected to cough up a considerable amount of ransom money in exchange for their encrypted files. And while corporations struggle to keep up with attacks, ransomware groups have left the average consumer relatively untouched—until now.

Sugar ransomware, a new strain recently discovered by the Walmart Security Team, is a ransomware-as-a-service (RaaS) that targets single computers and (likely) small businesses, too. Sugar, also known to many as Encoded01, has been in operation since November 2021.

https://blog.malwarebytes.com/ransomware/2022/02/we-absolutely-do-not-care-about-you-sugar-ransomware-targets-individuals/

Threats

Ransomware

• NCSC Joins US and Australian Partners to Reveal Latest Ransomware Trends - NCSC.GOV.UK

• Russian Ransomware Attacks Increased During 2021, Joint Review Finds | Cybercrime | The Guardian

• You've Still Not Patched It? Hackers Are Using These Old Software Flaws To Deliver Ransomware | ZDNet

• FBI: Watch Out For LockBit 2.0 Ransomware, Here's How To Reduce The Risk To Your Network | ZDNet

• Law Enforcement Action Push Ransomware Gangs To Surgical Attacks (bleepingcomputer.com)

• Europe's Biggest Car Dealer Hit With Ransomware Attack | ZDNet

• Swissport Ransomware Incident Delayed Flights - Infosecurity Magazine

• How a Texas Hack Changed the Ransomware Business Forever - The Record by Recorded Future

• Puma Hit By Data Breach After Kronos Ransomware Attack (bleepingcomputer.com)

• Vodafone Portugal Hit By A Massive Cyber Attack - Security Affairs

• Fortune 500 Service Provider Says Ransomware Attack Led To Leak Of More Than 500k SSNs | ZDNet

Phishing

• Hackers Using Fake Job Offers in Latest Catfishing Scheme - ClearanceJobs

• Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks (darkreading.com)

• ICO Hit by 2650% Rise in Email Attacks - Infosecurity Magazine

Other Social Engineering

• Roaming Mantis SMSishing Campaign Now Targets Europe - Security Affairs

• FBI: SIM Swapping Attacks Have Surged Five-Fold - Infosecurity Magazine

Malware

• Qbot Needs Only 30 Minutes To Steal Your Credentials, Emails (bleepingcomputer.com)

• Linux Malware Attacks Are On The Rise, And Businesses Aren't Ready For It | ZDNet

• This Password-Stealing Malware Posed As A Windows 11 Download | ZDNet

• Several Malware Families Using Pay-Per-Install Service to Expand Their Targets (thehackernews.com)

• Qbot, Lokibot Malware Switch Back To Windows Regsvr32 Delivery (bleepingcomputer.com)

• Data Highlights Growing Threat From Intelligent Bots Operated at Scale by Cybercriminals | SecurityWeek.Com

Mobile

• Medusa Malware Joins Flubot's Android Distribution Network | Threatpost

• Critical Android 12 Bug Fixed In February Security Patches • The Register

Data Breaches/Leaks

• Croatian Phone Carrier Data Breach Impacts 200,000 Clients (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Government Continues Crackdown On Cyber Criminals - CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking

• More Than $400 Million Drained From Hacked Blockchain Bridges In Little More Than A Week • Graham Cluley

• Wife of Couple Accused of $4.5 billion Bitcoin Swindle Gave Cyber Security Advice (theblockcrypto.com)

Insider Risk and Insider Threats

• Chinese Telecom Hytera Charged For Allegedly Recruiting Motorola Employees To Steal Trade Secrets | ZDNet

Fraud, Scams & Financial Crime

• Midlifers Bled Dry By Scam That Takes Two Months To Spot (telegraph.co.uk)

Supply Chain

• The Most Common Cyber Gaps Threatening Supply Chain Security - Help Net Security

DoS/DDoS

• DDoS Attacks Hit All-time High - Infosecurity Magazine

Nation State Actors

• Russian APT Steps Up Malicious Cyber Activity in Ukraine (darkreading.com)

• Iran Malware in HPE Server Stuns Cyber Security Experts - Bloomberg

• Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign (thehackernews.com)

Cloud

• Organisations And The Cloud: How They Use It And How They Secure It - Help Net Security

Privacy

• Meta Threatens to Shut Down Facebook and Instagram in Europe | The Independent

• Facebook Exposes 'God Mode' Token Miscreants Could Use • The Register

Spyware, Espionage & Cyber Warfare

• MoleRats APT Flaunts New Trojan in Latest Cyber Espionage Campaign | Threatpost

Vulnerabilities

• Microsoft, Oracle, Apache and Apple vulnerabilities added to CISA catalog | ZDNet

• CISA Says 'HiveNightmare' Windows Vulnerability Exploited in Attacks | SecurityWeek.Com

• Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans (bleepingcomputer.com)

• Microsoft and Other Major Software Firms Release February 2022 Patch Updates (thehackernews.com)

• Apple Patches New Zero-Day Exploited To Hack iPhones, iPads, Macs (bleepingcomputer.com)

• CISA Urges Orgs To Patch Actively Exploited Windows SeriousSAM Bug (bleepingcomputer.com)

• CISA Warns Admins To Patch Maximum Severity SAP Vulnerability (bleepingcomputer.com)

• Adobe Patches 13 Vulnerabilities in Illustrator | SecurityWeek.Com

• PHP Everywhere RCE Flaws Threaten Thousands of WordPress Sites (bleepingcomputer.com)

Sector Specific

Financial Services Sector

• Ransomware Groups and APT Actors Laser-Focused On Financial Services - Help Net Security

Defence

• Defence Contractors Need to Check Their Six (darkreading.com)

Health/Medical/Pharma Sector

• FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors (thehackernews.com)

Retail/eCommerce

• Wave of MageCart Attacks Target Hundreds Of Outdated Magento Sites (bleepingcomputer.com)

• Threat Actors Compromised +500 Magento-Based E-Stores With E-Skimmers - Security Affairs

Transport and Aviation

• Swissport Ransomware Incident Delayed Flights - Infosecurity Magazine

Education and Academia

• FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors (thehackernews.com)

Other News

• A "light" February 2022 Patch Tuesday That Should Not Be Ignored - Help Net Security

• Organisations Still Struggling To Use APIs Effectively - Help Net Security

• Threat Hunting: Your Best Defence Against Unknown Threats - MSSP Alert

• UK Foreign and Commonwealth Office Suffered Serious Cyber Attack Earlier This Year | Reuters

• European Police Flag 500+ Pieces of “Terrorist” Content - Infosecurity Magazine

• A Quarter of New Online Accounts Are Fake – Report - Infosecurity Magazine

• Microsoft To Make Enabling 'Untrusted' Office Macros Tougher In The Name Of Security | ZDNet

• Cyber Terrorism Is a Growing Threat & Governments Must Take Action (darkreading.com)

• Hackers Have Begun Adapting To Wider Use Of Multi-Factor Authentication | TechRepublic

• The Race To Save The Internet From Quantum Hackers (nature.com)

• Disaster Recovery Is Critical For Business Continuity - Help Net Security

• CISOs Are Burned Out And Falling Behind | CSO Online

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.