Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 18 November 2022
Black Arrow Cyber Threat Briefing 18 November 2022:
-Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War
-Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say
-Is Your Board Prepared for New Cyber Security Regulations?
-Unwanted Emails Steadily Creeping into Inboxes
-People Are Still Using the Dumbest Passwords Available
-Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident
-44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security
-MFA Fatigue Attacks Are Putting Your Organisation at Risk
-Cyber Security Training Boosts Risk Posture, Research Finds
-MI5 Chief: UK will have to tackle Russian Aggression ‘for Years to Come’
-Offboarding Processes Pose Security Risks as Job Turnover Increases: Report
-Do Companies Need Cyber Insurance?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Amid Legal Fallout, Cyber Insurers Redefine State-Sponsored Attacks as Act of War
As carriers rewrite their act-of-war exclusions following the NotPetya settlement between Mondelez and Zurich, organisations should read their cyber insurance policies carefully to see what is still covered.
The consequences from NotPetya, which the US government said was caused by a Russian cyber attack on Ukraine in 2017, continue to be felt as cyber insurers modify coverage exclusions, expanding the definition of an "act of war." Indeed, the 5-year-old cyber attack appears to be turning the cyber insurance market on its head.
Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with factories and production disrupted. It took days for the company's staff to regain control of its computer systems. The company filed a claim with its property and casualty insurer, Zurich American, for $100 million in losses. After initially approving a fraction of the claim — $10 million — Zurich declined to pay, stating the attack was an act of war and thus excluded from the coverage. Mondelez filed a lawsuit.
Late last month Mondelez and Zurich American reportedly agreed to the original $100 million claim, but that wasn't until after Merck won its $1.4 billion lawsuit against Ace American Insurance Company in January 2022 for its NotPetya-related losses. Merck's claims also were against its property and casualty policy, not a cyber insurance policy.
Back in 2017, cyber insurance policies were still nascent, and so many large corporations filed claims for damages related to NotPetya — the scourge that caused an estimated $10 billion in damage worldwide — against corporate property and casualty policies.
What's Changed? The significance of these settlements illustrates an ongoing maturation of the cyber insurance market, says Forrester Research.
Until 2020 and the COVID-19 pandemic, cyber insurance policies were sold in a fashion akin to traditional home or auto policies, with little concern for a company's cyber security profile, the tools it had in place to defend its networks and data, or its general cyber hygiene.
Once a large number of ransomware attacks occurred that built off of the lax cyber security many organisations demonstrated, insurance carriers began tightening the requirements for obtaining such policies.
Is Your Board Prepared For New Cyber Security Regulations?
Boards are now paying attention to the need to participate in cyber security oversight. Not only are the consequences sparking concern, but the new regulations are upping the ante and changing the game.
Boards have a particularly important role to ensure appropriate management of cyber risk as part of their fiduciary and oversight role. As cyber threats increase and companies worldwide bolster their cyber security budgets, the regulatory community, including the U.S. Securities and Exchange Commission (SEC), is advancing new requirements that companies will need to know about as they reinforce their cyber strategy.
Most organisations focus on cyber protection rather than cyber resilience, and that could be a mistake. Resiliency is more than just protection; it’s a plan for recovery and business continuation. Being resilient means that you’ve done as much as you can to protect and detect a cyber incident, and you have also done as much as you can to make sure you can continue to operate when an incident occurs. A company who invests only in protection is not managing the risk associated with getting up and running again in the event of a cyber incident.
Research indicates that most board members believe it is not a matter of if, but when, their company will experience a cyber event. The ultimate goal of a cyber-resilient organisation would be zero disruption from a cyber breach. That makes the focus on resilience more important.
In March 2022, the SEC issued a proposed rule titled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. In it, the SEC describes its intention to require public companies to disclose whether their boards have members with cyber security expertise: “Cyber security is already among the top priorities of many boards of directors and cyber security incidents and other risks are considered one of the largest threats to companies. Accordingly, investors may find disclosure of whether any board members have cyber security expertise to be important as they consider their investment in the registrant as well as their votes on the election of directors of the registrant.”
The SEC will soon require companies to disclose their cyber security governance capabilities, including the board’s oversight of cyber risk, a description of management’s role in assessing and managing cyber risks, the relevant expertise of such management, and management’s role in implementing the registrant’s cyber security policies, procedures, and strategies. Specifically, where pertinent to board oversight, registrants will be required to disclose:
whether the entire board, a specific board member, or a board committee is responsible for the oversight of cyber risks,
the processes by which the board is informed about cyber risks, and the frequency of its discussions on this topic,
whether and how the board or specified board committee considers cyber risks as part of its business strategy, risk management, and financial oversight.
https://hbr.org/2022/11/is-your-board-prepared-for-new-cybersecurity-regulations
Unwanted Emails Steadily Creeping into Inboxes
A research from cloud security provider Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyber attacks in 2022 – indicating the constant, growing threats to email security, and need for caution in digital workplace communications.
Phishing remains the most common style of email attack, representing 39.6% of detected threats. Threat actors used the following file types sent via email to deliver payloads: Archive files (Zip, 7z, etc.) sent via email make up 28% of threats, down slightly from last year’s 33.6%, with HTML files increasing from 15.3% to 21%, and DOC(X) from 4.8% to 12.7%.
This year’s cyber security report shows the steady creep of threats into inboxes around the world. The rise in unwanted emails, now found to be nearly 41%, is putting email users and businesses at significant risk.
HornetSecurity’s analysis identified both the enduring risk and changing landscape of ransomware attacks – highlighting the need for businesses and their employees to be more vigilant than ever.
New cyber security trends and techniques for organisations to watch out for were also tracked. Since Microsoft disabled macros settings in Office 365, there has been a significant increase in HTML smuggling attacks using embedded LNK or ZIP files to deliver malware. Microsoft 365 makes it easy to share documents, and end users often overlook the ramifications of how files are shared, as well as the security implications. Hornetsecurity found 25% of respondents were either unsure or assumed that Microsoft 365 was immune to ransomware threats.
For these attackers, every industry is a target. Companies must therefore ensure comprehensive security awareness training while implementing next-generation preventative measures to ward off threats.
https://www.helpnetsecurity.com/2022/11/14/email-security-threats/
People Are Still Using the Dumbest Passwords Available
If you were thinking that most people would have learned by now not to use “password” as the password for their sensitive systems, then you would be giving too much credit to the general scrolling public.
Cyber security researchers from Cybernews and password manager company NordPass both independently reported this week on data surrounding the most commonly-used passwords. Trying to discern the frequently used words, phrases, and numbers among the general public wouldn’t be simple if it weren’t for the troves of leaked passwords being sold on the dark web.
Cybernews said it based its data on a list of 56 million breached or leaked passwords in 2022 found via databases in darknet and clearnet hacker forums. Some of the most-used passwords were exactly what you expect, easy-to-remember junk passwords for company accounts, including “123456,” “root,” and “guest” all looking pretty in the top three.
NordPass, on the other hand, listed its top passwords by country and the supposed gender of the user. In their case, “password” sat in the number one spot for most-used password throughout the globe. Some countries had very specific passwords that were commonly used, such as “liverpool” being the number 4 most-used password in the UK despite it being 197 in the world. The number 2 most-used password for Brazil accounts is “Brasil” while in Germany, number 5 is “hallo.”
NordPass said the list of passwords was built by a team of independent researchers who compiled 3TB of data from listings on the dark web, including some data that was leaked in data breaches that occurred in 2022. The company noted that some data might be from late 2021, though the passwords were listed on the dark web in the new year.
https://gizmodo.com/passwords-hacker-best-passwords-cybersecurity-1849792818
Zero-Trust Initiatives Stall, as Cyber Attack Costs Rocket to $1M per Incident
Researchers find current data protection strategies are failing to get the job done, and IT leaders are concerned, while a lack of qualified IT security talent hampers cyber-defence initiatives.
Organisations are struggling with mounting data losses, increased downtime, and rising recovery costs due to cyber attacks — to the tune of $1.06 million in costs per incident. Meanwhile, IT security teams are stalled on getting defences up to speed.
That's according to the 2022 Dell Global Data Protection Index (GDPI) survey of 1,000 IT decision-makers across 15 countries and 14 industries, which found that organisations that experienced disruption have also suffered an average of 2TB data loss and 19 hours of downtime.
Most respondents (67%) said they lack confidence that their existing data protection measures are sufficient to cope with malware and ransomware threats. A full 63% said they are not very confident that all business-critical data can be reliably recovered in the event of a destructive cyber attack.
Their fears seem founded: Nearly half of respondents (48%) experienced a cyber attack in the past 12 months that prevented access to their data (a 23% increase from 2021) — and that's a trend that will likely continue.
The growth and increased distribution of data across edge, core data centre and multiple public cloud environments are making it exceedingly difficult for IT admins to protect their data.
On the protection front, most organisations are falling behind; for instance, 91% are aware of or planning to deploy a zero-trust architecture, but only 12% are fully deployed.
And it's not just advanced defence that's lacking: Keegan points out that 69% of respondents stated they simply cannot meet their backup windows to be prepared for a ransomware attack.
https://www.darkreading.com/endpoint/zero-trust-initiatives-stall-cyberattack-costs-1m-per-incident
44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security
Netwrix, a cyber security vendor, today announced additional findings for the financial and banking sector from its global 2022 Cloud Security Report.
Compared to other industries surveyed, financial institutions are much more concerned about users who have legitimate access to their cloud infrastructure. Indeed, 44% of respondents in this sector say their own IT staff poses the biggest risk to data security in the cloud and 47% worry about contractors and partners, compared to 30% and 36% respectively in other verticals surveyed.
Financial organisations experience accidental data leakage more often than companies in other verticals: 32% of them reported this type of security incident within the last 12 months, compared to the average of 25%. This is a good reason for them to be concerned about users who might unintentionally expose sensitive information. To address this threat, organisations need to implement a zero-standing privilege approach in which elevated access rights are granted only when they are needed and only for as long as needed. Cloud misconfigurations are another common reason for accidental data leakage. Therefore, security teams must continually monitor the integrity of their cloud configurations, ideally with a dedicated solution that automates the process.
All sectors say phishing is the most common type of attack they experience. However, 91% of financial institutions say they can spot phishing within minutes or hours, compared to 82% of respondents in other verticals.
Even though mature financial organisations detect phishing quickly, it is still crucial for them to keep educating their personnel on this threat because attacks are becoming more sophisticated. To increase the likelihood of a user clicking a malicious link, attackers are crafting custom spear phishing messages that are directed at the person responsible for a certain task in the organisation and that appear to come from an authority figure. Regular staff training, along with continuous activity monitoring, will help reduce the risk of infiltration.
MFA Fatigue Attacks Are Putting Your Organisation at Risk
The rapid advancement of technology in all industries has led to the threat of ever-increasing cyber attacks that target businesses, governments, and individuals alike. A common threat targeting businesses is MFA Fatigue attacks—a technique where a cyber criminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one.
MFA refers to multi-factor authentication, a layered end-user verification strategy to secure data and applications. For a user to log in, an MFA system needs them to submit various combinations of two or more credentials.
Using MFA Fatigue attacks, cyber criminals bombard their victims with repeated 2FA (two-factor authentication) push notifications to trick them into authenticating their login attempts, to increase their chances of gaining access to sensitive information. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them as legitimate authentication requests.
One major MFA Fatigue attack, also known as MFA bombing, targeted the ride-sharing giant Uber in September 2022. Uber attributed the attack to Lapsus$, a hacking group that started by compromising an external contractor’s credentials.
Cyber criminals increasingly use social engineering attacks to access their targets’ sensitive credentials. Social engineering is a manipulative technique used by hackers to exploit human error to gain private information.
MFA Fatigue is a technique that has gained popularity among hackers in recent years as part of their social engineering attacks. This is a simple yet effective technique with destructive consequences as the hackers are banking on their targets’ lack of training and understanding of attack vectors. Since many MFA users are unfamiliar with this style of attack, they would not understand that they are approving a fraudulent notification.
Cyber Security Training Boosts Risk Posture, Research Finds
Business executives worldwide see the economic advantages of continuing professional cyber security education and the steep downside from a workforce of under-trained individuals, Cybrary, a training platform provider, said in a new report.
The survey of 275 executives, directors and security professionals in North America and the UK who either procure or influence professional cyber security training, was conducted by consultancy Omdia. The results showed that the benefits of professional training boost an employee’s impact on the organisation, the overall risk posture of the organisation, and in the costs associated with finding and retaining highly skilled employees, the analyst said.
The study’s key findings include:
73% of respondents said their team’s cyber security performance was more efficient because of ongoing professional cyber security training.
62% of respondents said that training improved their organisation’s cyber security effectiveness (which encompasses decreases in the number of breach attempts and overall security events).
79% of respondents ranked professional cyber security training at the top or near the top of importance for the organisation’s ability to prevent and rapidly remediate breaches and ensuing consequences such as reputational damage.
70% of companies reported a relationship between an incident and training, and two-thirds of respondents reported increased investments in ongoing cyber security training after a security incident.
Large enterprises are the least likely to delay upskilling until after an incident, indicating that companies with larger cyber security teams firmly understand the importance of ongoing professional training.
67% of surveyed SMBs invested in cyber security training after a security incident, which served as a call to action.
53% invested in professional cyber security training due to a cyber security insurance audit.
48% of organisations said that cyber security training drives retention and decreases the likelihood that a cyber security professional will leave the organisation that trains them.
41% said that ongoing cyber security training has no significant impact on if a cyber security professional leaves.
Cybrary said the research shows the rewards that organisations enjoy by investing in training and upskilling their security professionals. The data “codifies the fiscal and reputational paybacks in proactively improving cyber security defences versus responding to attacks. It also codifies an often-underrecognised benefit of cyber security upskilling: helping the organisation retain invaluable security talent despite market and organisational uncertainty”.
MI5 Chief: UK Will Have to Tackle Russian Aggression ‘for Years to Come’
Britain will have to tackle Russian aggression for years to come, said the MI5’s chief on Wednesday, adding that his agency had blocked more than 100 attempts by the Kremlin to insert suspected spies into the UK since the Salisbury poisonings.
Ken McCallum, giving an annual threat update, said state-based threats were increasing and said the UK also faced a heightened direct threat from Iran, which had threatened “to kidnap or even kill” 10 people based in Britain in the past year.
The spy chief said Russia had suffered a “strategic blow” after 400 spies were expelled from around Europe following the start of the war in Ukraine, but he said the Kremlin was actively trying to rebuild its espionage network.
Britain had expelled 23 Russian spies posing as diplomats after the poisoning of Sergei and Yulia Skripal in Salisbury in 2018, yet since then “over 100 Russian diplomatic visa applications” had been rejected on national security grounds.
McCallum accused Russia of making “silly claims” about British activities without evidence, such as that UK was involved in attacking the Nord Stream gas pipelines. But the head of MI5 said “the serious point” was that “the UK must be ready for Russian aggression for years to come”.
Iran’s “aggressive intelligence services” were actively targeting Britain and had made “at least 10” attempts to “kidnap or even kill” British or UK-based individuals since January as the regime felt greater pressure than ever before.
Offboarding Processes Pose Security Risks as Job Turnover Increases: Report
Research from YouGov finds that poor offboarding practices across industries including healthcare and tech are putting companies at risk, including for loss of end-user devices and unauthorised SaaS application use.
Organisations across multiple industries are struggling to mitigate potential risks, including loss of end-user and storage devices as well as unauthorised use of SaaS applications, during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza.
Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people, more than 20% of Americans, had either lost or changed their job. Although these figures could initially be attributed to the so-called Great Resignation, this figure is likely to increase due to the numerous job cuts that are now being reported, including layoffs at major technology companies, as organisations look to reduce operational costs.
Although the circumstances of an employee’s departure can sometimes make the offboarding process more complex, ultimately offboarding should aim to prevent disruption and mitigate any potential risks.
However, in YouGov’s 2022 State of Corporate Offboarding Process Automation report, the research found that although implementing a secure offboarding processes is now seen as a business imperative for enterprises, 48% of the survey’s respondents expressed deficiencies in or lack of automated workflows across departments and IT tools to facilitate the secure offboarding of employees.
Supply Chains Need Shoring Up Against Cyber Attacks, C-Suite Executives Say
Nearly every organisation (98%) in a new survey of some 2,100 C-suite executives has been hit by a supply chain cyber attack in the last year, security provider BlueVoyant said in a newly released study.
The study gleaned data from interviews with chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief information security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organisations of more than 1,000 employees across business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defence industries.
While the number of companies experiencing digital supply chain attacks has stayed relatively static year-over-year, the attention paid by organisations to that attack vector has increased, BlueVoyant said. Still, the New York-based cyber defender said, there’s a lot of room for organisations to better monitor suppliers and “work with them to remediate issues to reduce their supply chain risks.”
Here are some macro highlights from the survey:
40% of respondents rely on the third-party vendor or supplier to ensure adequate security.
In 2021, 53% of companies said they audited or reported on supplier security more than twice per year. That number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.
Budgets for supply chain defence are increasing, with 84% of respondents saying their budget has increased in the past 12 months.
The top pain points reported are internal understanding across the enterprise that suppliers are part of their cyber security posture, meeting regulatory requirements, and working with suppliers to improve their security.
Do Companies Need Cyber Insurance?
Companies are increasingly seeking to transfer risk with cyber insurance. This trend has been influenced by a greater severity in cyber attacks and the resulting skyrocketing costs of incident response, business disruption and recovery.
Companies struggle to afford the high prices of cyber insurance, however. One market index reported the price of cyber insurance increased 79% in the second quarter of 2022. Without it, however, companies risk shouldering the full cost of any resulting harm. Furthermore, insurance companies that lack traditional decades of actuarial data must consider whether to provide cyber insurance to clients unable or unwilling to show their cyber security maturity through independent risk analysis.
This combination of circumstances leaves businesses vulnerable, financially drained and facing potential reputational damage. But does it have to be this way? And is cyber insurance truly necessary? For the majority of organisations, the answer is that cyber insurance is a worthwhile investment as part of their overall risk treatment plans. There are a number of activities, however, that should be undertaken to optimise the benefits and reduce the costs of cyber-risk insurance.
A rise in high-profile attacks, in tandem with increased regulation and compliance surrounding cyber security and privacy, has shifted the conversation around digital safety. No longer is cyber security an optional aspect of the business model with a fixed, stagnant cost. Businesses today have become too digitally dependent to ignore cyber security, with classified, internal information stored online; communication largely conducted via email or another platform; and the workforce transitioned to hybrid and remote work environments. Effective cyber security and privacy, as well as mitigating financial and operational risks, can be strategic enablers to modern digital business.
Cyber insurance is not a solution -- it's a piece of the puzzle. Regardless of industry or company size, all businesses should conduct an independent cyber audit prior to committing to cyber insurance. In doing so, organisations can determine the need for cyber insurance and better understand their organisations' risk posture and weak points.
Even if insurance is needed, the audit further adds value as it lets insurance companies support the company specific to its digital landscape and help it become more digitally strong. Additionally, the existence of an independent audit and risk review may indeed enable the insurance company to offer higher levels of coverage without the need for excessive premiums.
https://www.techtarget.com/searchsecurity/post/Do-companies-need-cyber-insurance
Threats
Ransomware and Extortion
Ransomware is a global problem that needs a global solution | TechCrunch
FBI: Hive ransomware extorted $100M from over 1,300 victims (bleepingcomputer.com)
The psychological fallout of a ransomware crisis - Help Net Security
New extortion scam threatens to damage sites’ reputation, leak data (bleepingcomputer.com)
Thales Denies Getting Hacked as Ransomware Gang Releases Gigabytes of Data | SecurityWeek.Com
Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com
Hive Ransomware Has Made $100m to Date - Infosecurity Magazine (infosecurity-magazine.com)
LockBit Remains Most Prolific Ransomware in Q3 - Infosecurity Magazine (infosecurity-magazine.com)
DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog
Transportation sector targeted by both ransomware and APTs - Help Net Security
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Ransomware on Healthcare Organisations cost Global Economy $92 bn - IT Security Guru
Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security
Australia to ‘stand up and punch back’ against cyber crims • The Register
LockBit ransomware activity nose-dived in October (techtarget.com)
How to deal with the trauma of the Medibank cyber breach | Andrea Szasz | The Guardian
Researchers secretly helped decrypt Zeppelin ransomware for 2 years (bleepingcomputer.com)
Vanuatu: Hackers strand Pacific island government for over a week - BBC News
Canadian Supermarket Chain Sobeys Hit by Ransomware Attack | SecurityWeek.Com
Two public schools in Michigan hit by a ransomware attack - Security Affairs
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Phishing & Email Based Attacks
Top enterprise email threats and how to counter them - Help Net Security
China-Based Sophisticated Phishing Campaign Uses 42,000 Domains - Information Security Buzz
Mass Email Extortion Campaign Claims Server Hack - Infosecurity Magazine (infosecurity-magazine.com)
Netflix Phishing Emails Surge 78% - Infosecurity Magazine (infosecurity-magazine.com)
Earth Preta Spear-Phishing Governments Worldwide (trendmicro.com)
Email Security Best Practices for Phishing Prevention (trendmicro.com)
Malware
Wipermania: Malware Remains a Potent Threat, 10 Years Since 'Shamoon' (darkreading.com)
QBot phishing abuses Windows Control Panel EXE to infect devices (bleepingcomputer.com)
Researchers Sound Alarm on Dangerous BatLoader Malware Dropper (darkreading.com)
Study: Almost 50% of macOS malware only comes from one app - Neowin
Notorious Emotet botnet returns after a few months off • The Register
Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)
Microsoft Warns of Cyber crime Group Delivering Royal Ransomware, Other Malware | SecurityWeek.Com
LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities (thehackernews.com)
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)
Google Wins Lawsuit Against Glupteba Botnet Operators | SecurityWeek.Com
Mobile
Internet of Things – IoT
Shocker: EV charging infrastructure is seriously insecure • The Register
Aiphone Intercom System Vulnerability Allows Hackers to Open Doors | SecurityWeek.Com
Data Breaches/Leaks
Police published sexual assault victims' names and addresses on its website (bitdefender.com)
Whoosh confirms data breach after hackers sell 7.2M user records (bleepingcomputer.com)
Organised Crime & Criminal Actors
Long-Standing Chinese Cyber crime Campaign Spoofs Over 400 Brands | SecurityWeek.Com
Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)
Australia's Hack-Back Plan Against Cyber attackers Raises Familiar Concerns (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)
'Three quarters' of retail Bitcoin investors are in the red • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Massive adware campaign spoofs top brands to trick users | TechRadar
Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Cyber Monday Will Be the Most Fraudulent Day of the Season, Says SEON (darkreading.com)
UK Shoppers Lost £15m+ to Scammers Last Winter - Infosecurity Magazine (infosecurity-magazine.com)
How scammers are now exploiting cashless parking (telegraph.co.uk)
Experts Advice On International Fraud Awareness Week - Information Security Buzz
Banks ban crypto to fight fraudsters | Money | The Sunday Times (thetimes.co.uk)
Impersonation Attacks
42,000 sites used to trap users in brand impersonation scheme (bleepingcomputer.com)
Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Denial of Service DoS/DDoS
2022 holiday DDoS protection guide - Microsoft Security Blog
Updated RapperBot malware targets game servers in DDoS attacks (bleepingcomputer.com)
Cloud/SaaS
Cloud data protection trends you need to be aware of - Help Net Security
Cyber security implications of using public cloud platforms - Help Net Security
Evolving Security for Government Multiclouds (darkreading.com)
Encryption
Why companies can no longer hide keys under the doormat - Help Net Security
Quantum Cryptography Apocalypse: A Timeline and Action Plan (darkreading.com)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Advertising giant warns clients to stay off Twitter (telegraph.co.uk)
Meta keeps booting small-business owners for being hacked on Facebook | Ars Technica
Guinness, Cadbury’s and Nissan told to avoid ‘toxic’ and ‘dangerous’ Twitter (telegraph.co.uk)
FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop
Instagram Impersonators Target Thousands, Slipping by Microsoft's Cyber security (darkreading.com)
Privacy, Surveillance and Mass Monitoring
Electronics repair technicians snoop on your data - Help Net Security
Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location (thehackernews.com)
Security firms hijack New York trees to monitor workers • The Register
Governance, Risk and Compliance
Careers, Working in Cyber and Information Security
Cyber security jobs: Five ways to help you build your career | ZDNET
Google cloud wants CISOs to do more about diversity • The Register
Amazon poaches top National Cyber Security Centre exec Levy | Business News | Sky News
Law Enforcement Action and Take Downs
Zeus Botnet Suspected Leader Arrested in Geneva - Infosecurity Magazine (infosecurity-magazine.com)
Police Celebrate Arrest of 59 Suspected Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Suspected Zeus cyber crime ring leader ‘Tank’ arrested by Swiss police (bleepingcomputer.com)
Police dismantle pirated TV streaming network with 500,000 users (bleepingcomputer.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Chinese hackers target government agencies and defence orgs (bleepingcomputer.com)
Russian hacktivists hit Ukrainian orgs with ransomware - but no ransom demands - Help Net Security
COP27 Delegates Given Burner Phones To Combat Spying - Information Security Buzz
Avast details Worok espionage group's compromise chain - Security Affairs
Biden set to approve expansive authorities for Pentagon to carry out cyber operations - CyberScoop
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Europe’s spyware scandal is a global wakeup call. (slate.com)
Koch-funded group sues US state over mobile 'spyware' • The Register
Nation State Actors
Nation State Actors – Russia
UK Banks Bolstering Defences As Russian Cyber Threat Rises - Information Security Buzz
EXCLUSIVE Russian software disguised as American finds its way into U.S. Army, CDC apps | Reuters
Pro-Russian hackers claim cyber attack on FBI website: Report | Fox News
Ukraine says Russian hacktivists use new Somnia ransomware (bleepingcomputer.com)
Nation State Actors – China
China playing ‘long game’ as it co-opts UK assets, warns MI5 chief | Financial Times (ft.com)
FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok - CyberScoop
Chinese Cyber espionage Group 'Billbug' Targets Certificate Authority | SecurityWeek.Com
Previously undetected Earth Longzhi APT is a subgroup of APT41 - Security Affairs
Rishi Sunak to hold surprise meeting with Chinese president at G20 | Financial Times (ft.com)
Chinese hackers use Google Drive to drop malware on govt networks (bleepingcomputer.com)
State-sponsored hackers in China compromise certificate authority | Ars Technica
Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide (thehackernews.com)
Reports of Chinese police stations in US worry FBI - BBC News
Nation State Actors – North Korea
Nation State Actors – Iran
US govt: Iranian hackers breached federal agency using Log4Shell exploit (bleepingcomputer.com)
CISA: Iranian APT actors compromised federal network (techtarget.com)
US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j | SecurityWeek.Com
Nation State Actors – Misc
Vulnerability Management
Vulnerabilities
Microsoft Office lets hackers execute arbitrary code, update now | TechRadar
Unpatched Zimbra Platforms Are Probably Compromised, CISA Says (darkreading.com)
Exploit released for actively abused ProxyNotShell Exchange bug (bleepingcomputer.com)
F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ (bleepingcomputer.com)
Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution | SecurityWeek.Com
Firefox 107 Patches High-Impact Vulnerabilities | SecurityWeek.Com
Windows Kerberos authentication breaks after November updates (bleepingcomputer.com)
Nasty SQL Injection Bug in Zendesk Endangers Sensitive Customer Data (darkreading.com)
Mastodon users vulnerable to password-stealing attacks | The Daily Swig (portswigger.net)
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices (thehackernews.com)
Tools and Controls
Reports Published in the Last Week
Other News
Cyber Resilience: The New Strategy to Cope With Increased Threats | SecurityWeek.Com
The 4 horsemen of the cyber security apocalypse | Security Magazine
The Top Five Cyber security Trends of 2023: KnowBe4 Makes Its Predictions - MSSP Alert
Build a mature approach for better cyber security vendor evaluation | CSO Online
Almost half of customers have left a vendor due to poor digital trust: Report | CSO Online
Global 2000 companies failing to adopt key domain security measures | CSO Online
Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert
Repair technicians caught snooping on customer data • The Register
Research: Most North American SMBs Outsource Cyber security Management to Third Parties - MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 November 2022
Black Arrow Cyber Threat Briefing 11 November 2022:
-Research Finds Organisations Lack Tools and Teams to Address Cyber Security Threats
-Some 98% of Global Firms Suffer Supply Chain Breach in 2021
-Only 30% of Cyber Insurance Holders Say Ransomware is Covered
-Companies Hit by Ransomware Often Targeted Again, Research Says
-Ransomware Remains Top Cyber Risk for Organisations Globally, Says Allianz
-How Geopolitical Turmoil Changed the Cyber Security Threat Landscape
-Swiss Re Wants Government Bail Out academias Cyber Crime Insurance Costs Spike
-Extortion Economics: Ransomware's New Business Model
-Confidence in Data Recovery Tools Low
-Russia’s Sway Over Criminal Ransomware Gangs Is Coming into Focus
-Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs
-Why a Clear Cyber Policy is Critical for Companies
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Research Finds Organisations Lack Tools and Teams to Address Cyber Security Threats
In research conducted in the summer of 2022 by BlackBerry, the findings describe the situation facing organisations regardless of size or vertical.
The survey of 405 senior IT, networking, and security decision-makers in the US, Canada, and the UK revealed 83% of organisations agreed building cyber security programs is expensive due to required tools, licenses, and personnel, and 80% agreed it’s challenging to fill specialised security roles. Most organisations (78%) have an incident management process, but about half (49%) agree they lack the teams and tools to be effective 24x7x365. Evolving security threats (53%) and the task of integrating new technology (53%) are cited as top challenges in maintaining security posture.
While it’s likely these findings surprise no one, they do reveal the challenges facing organisations who are caught between limited resources and increased risk. The urgency increases if we look at the critical infrastructure that keeps things running–like utilities, banks, transportation, key suppliers, industrial controls, and more.
Some 98% of Global Firms Suffer Supply Chain Breach in 2021
Just 2% of global organisations didn’t suffer a supply chain breach last year, with visibility into cyber risk getting harder as these ecosystems expand, according to BlueVoyant.
The security firm polled 2100 C-level execs with responsibility for supply chain and cyber risk management from companies with 1000+ employees to compile its study, The State of Supply Chain Defense: Annual Global Insights Report 2022.
It found the top challenges listed by respondents were:
Awareness internally that third-party suppliers are part of their cyber security posture
Meeting regulatory requirements and ensuring third-party cyber security compliance
Working with third-party suppliers to improve their posture.
Supply chains are growing: the number of firms with over 1000 suppliers increased from 38% in 2021’s report to 50%. Although 53% of organisations audited or reported on supplier security more than twice annually, 40% still rely on suppliers to ensure security levels are sufficient. That means they have no way of knowing if an issue arises with a supplier.
Worse, 42% admitted that if they do discover an issue in their supply chain and inform their supplier, they cannot verify that the issue was resolved. Just 3% monitor their supply chain daily, although the number of respondents using security ratings services to enhance visibility and reduce cyber risk increased from 36% last year to 39% in this year’s report.
With the escalating threat landscape and number of high-profile incidents being reported, firms should focus more strategically on addressing supply chain cyber security risk. In the current volatile economic climate, the last thing any business needs is any further disruption to their operations, any unexpected costs, or negative impact on their brand.
https://www.infosecurity-magazine.com/news/98-global-firms-supply-chain/
Only 30% of Cyber Insurance Holders Say Ransomware is Covered
Cyber insurance providers appear to be limiting policy coverage due to surging costs from claimants, according to a new study from Delinea.
The security vendor polled 300 US-based IT decision makers to compile its latest report, Cyber insurance: if you get it be ready to use it.
Although 93% were approved for specialised cyber insurance cover by their provider, just 30% said their policy covered “critical risks” including ransomware, ransom negotiations and payments. Around half (48%) said their policy covers data recovery, while just a third indicated it covers incident response, regulatory fines and third-party damages.
That may be because many organisations are regularly being breached and look to their providers for pay-outs, driving up costs for carriers. Some 80% of those surveyed said they’ve had to call on their insurance, and half of these have submitted claims multiple times, the study noted.
As a result, many insurers are demanding that prospective policyholders implement more comprehensive security controls before they’re allowed to sign up.
Half (51%) of respondents said that security awareness training was a requirement, while (47%) said the same about malware protection, AV software, multi-factor authentication (MFA) and data backups.
However, high-level checks may not be enough to protect insurers from surging losses, as they can’t guarantee customers are properly deploying security controls.
Cyber insurance providers need to start advancing beyond simple checklists for security controls. They must require their customers to validate that their security controls work as designed and expected. They need their customers to simulate their adversaries to ensure that when they are attacked, the attack will not result in a breach. In fact, we're already starting to see government regulations and guidance that includes adversary simulation as part of their proactive response to threats.
https://www.infosecurity-magazine.com/news/cyberinsurance-ransomware-cover/
Companies Hit by Ransomware Often Targeted Again, Research Says
It has been reported that more than a third of companies who paid a ransom to cyber criminals after being hit by a ransomware attack went on to be targeted for a second time, according to a new report.
The Hiscox Cyber Readiness Report found that 36% of companies that made the ransom payment were hit again, while 41% who paid failed to recover all of their data.
The head of the UK’s National Cyber Security Centre (NCSC), Lindy Cameron, said last year that ransomware attacks were the “most immediate danger” to the UK and urged companies to take more steps to protect themselves and their data.
The NCSC urges firms not to pay ransoms as it not only helps fund further crime but offers no guarantee that criminals will return the stolen or locked data. The Hiscox report appeared to back up the NCSC’s warnings, with 43% of the businesses who paid a ransom saying they still had to rebuild their systems while 29% said that despite making the payment their stolen data was still leaked. A further 26% said a ransomware attack had had a significant financial impact on their business.
Ransomware Remains Top Cyber Risk for Organisations Globally, Says Allianz
According to an Allianz Global Corporate & Specialty cyber report, ransomware remains a top cyber risk for organisations globally, while the threat of state-sponsored cyber attacks grows.
There were a record 623 million attacks in 2021, which was double that of 2020, says Allianz.
It also notes that despite the frequency reducing 23% globally during H1 of 2022, the year-to-date total still exceeds that of the full years of 2017, 2018 and 2019, while Europe saw attacks surge over this period. Allianz suggests that ransomware is forecast to cause $30bn in damages to organisations globally by 2023.
It adds that from an Allianz perspective, the value of ransomware claims the company was involved in together with other insurers, accounted for well over 50% of all cyber claims costs during 2020 and 2021.
The cyber risk landscape doesn’t allow for any resting on laurels. Ransomware and phishing scams are as active as ever and on top of that there is the prospect of a hybrid cyber war.
Most companies will not be able to evade a cyber threat. However, it is clear that organisations with good cyber maturity are better equipped to deal with incidents. Even when they are attacked, losses are typically less severe due to established identification and response mechanisms.
Many companies still need to strengthen their cyber controls, particularly around IT security trainings, better network segmentation for critical environments and cyber incident response plans and security governance.
Allianz observes that geopolitical tensions, such as the war in Ukraine, are a major factor reshaping the cyber threat landscape as the risks of espionage, sabotage, and destructive cyber-attacks against companies with ties to Russia and Ukraine increase, as well as allies and those in neighbouring countries.
How Geopolitical Turmoil Changed the Cyber Security Threat Landscape
ENISA, EU’s Agency for Cybersecurity, released its annual Threat Landscape report, covering the period from July 2021 up to July 2022.
With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks. The other threats to rank highest along ransomware are attacks against availability also called Distributed Denial of Service (DDoS) attacks.
However, the geopolitical situations particularly the Russian invasion of Ukraine have acted as a game changer over the reporting period for the global cyber domain. While we still observe an increase of the number of threats, we also see a wider range of vectors emerge such as zero-day exploits and AI-enabled disinformation and deepfakes. As a result, more malicious and widespread attacks emerge having more damaging impact.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “Today’s global context is inevitably driving major changes in the cyber security threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens.”
State sponsored, cyber crime, hacker-for-hire actors and hacktivists remain the prominent threat actors during the reporting period of July 2021 to July 2022.
ENISA sorted threats into 8 groups. Frequency and impact determine how prominent all of these threats still are.
Ransomware: 60% of affected organisations may have paid ransom demands
Malware: 66 disclosures of zero-day vulnerabilities observed in 2021
Social engineering: Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
Threats against data: Increasing in proportionally to the total of data produced
Disinformation – misinformation: Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020
Threats against availability:
Largest denial of service (DDoS) attack ever was launched in Europe in July 2022
Internet: destruction of infrastructure, outages and rerouting of internet traffic.
https://www.helpnetsecurity.com/2022/11/08/cybersecurity-threat-landscape-2022/
Swiss Re Wants Government Bail Out as Cyber Crime Insurance Costs Spike
As insurance companies struggle to stay afloat amid rising cyber claims, Swiss Re has recommended a public-private partnership insurance scheme with one option being a government-backed fund to help fill the coverage gap.
Global cyber insurance premiums hit $10 billion in 2021, according to Swiss Re's estimates. In a study published this week, the insurance giant forecasted 20 percent annual growth to 2025, with premiums rising to $23 billion over the next few years.
Meanwhile, annual cyber attack-related losses total about $945 billion globally, and about 90% of that risk remains uninsured, according to insurance researchers at the Geneva Association.
While Forrester estimates a typical data breach costs an average $2.4 million for investigation and recovery, only 55 percent of companies currently have cyber insurance policies. Additionally, less than 20 percent have coverage limits in excess of $600,000, which the analyst firm cites as the median ransomware demand in 2021.
https://www.theregister.com/2022/11/08/government_cyber_insurance/
Extortion Economics: Ransomware's New Business Model
Ransomware-as-a-service lowers the barriers to entry, hides attackers’ identities, and creates multitier, specialised roles in service of ill-gotten gains.
Did you know that more than 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cyber criminals have become emboldened by the underground ransomware economy.
And yet many threat actors work within a relatively small and interconnected ecosystem of players. This pool of cyber criminals has created specialised roles and consolidated the cyber crime economy, fuelling ransomware-as-a-service (RaaS) to become the dominant business model. In doing so, they've enabled a wider range of criminals to deploy ransomware regardless of their technical expertise and forced all of us to become cyber security defenders in the process.
Ransomware takes advantage of existing security compromises to gain access to internal networks. In the same way businesses hire gig workers to cut costs, cyber criminals have turned to renting or selling their ransomware tools for a portion of the profits rather than performing the attacks themselves.
This flourishing RaaS economy allows cyber criminals to purchase access to ransomware payloads and data leakage, as well as payment infrastructure. What we think of as ransomware gangs are actually RaaS programs like Conti or REvil, used by the many different actors who switch between RaaS programs and payloads.
RaaS lowers the barrier to entry and obfuscates the identity of the attackers behind the ransoming. Some programs can have 50 or more "affiliates," as they refer to their users, with varying tools, tradecraft, and objectives. Anyone with a laptop and credit card who is willing to search the Dark Web for penetration-testing tools or out-of-the-box malware can join this maximum efficiency economy.
https://www.darkreading.com/microsoft/extortion-economics-ransomware-s-new-business-model
Confidence in Data Recovery Tools Low
A recent IDC and Druva survey asked 505 respondents across 10 industries about their ransomware experiences and found that many organisations struggle to recover after an attack. In the survey, 85% of the respondents said their organisations had a ransomware recovery plan. The challenge seems to lie in effectively executing that plan.
"A majority of organisations suffered significant consequences from ransomware attacks including long recoveries and unrecoverable data despite paying a ransom," states the "You Think Ransomware Is Your Only Problem? Think Again" report.
Data resiliency is such an important element of cyber security that 96% of respondents considered it a top priority for their organisations, with a full 77% placing it in the top 3. What's striking about the survey results is that only 14% of respondents said they were "extremely confident" in their tools, even though 92% called their data resiliency tools "efficient" or "highly efficient."
When data is spread across hybrid, cloud, and edge environments, data resiliency becomes much more complicated. A plan might seem to cover everything, but then you realise that you lost your backup or can't find the latest restore point.
The ability to recover from an attack is vital, since the growth in ransomware makes it likely that your organisation will get hit. This is why agencies like NIST recommend preparing for when an attacker pierces your defences rather than trying to keep out every intruder. That mindset also shifts the priority to preparation and planning; you need to create a disaster recovery plan that includes policy on restore points and recovery tools — and you need to practice implementing that plan before disaster strikes.
The report lists three key performance indicators that reveal the success of an organisation's recovery from a cyber attack:
The ability to fully recover encrypted or deleted data without paying a ransom.
Zero data loss in the process of recovering the data.
Rapid recovery as defined by applicable service-level requirements.
When a recovery fails to meet these criteria, then the organisation may suffer financial loss, loss of reputation, permanently lost customers, and reduced employee productivity.
https://www.darkreading.com/tech-trends/confidence-in-data-recovery-tools-low
Russia’s Sway Over Criminal Ransomware Gangs Is Coming into Focus
Russia-based ransomware gangs are some of the most prolific and aggressive, in part thanks to an apparent safe harbour the Russian government extends to them. The Kremlin doesn't cooperate with international ransomware investigations and typically declines to prosecute cyber criminals operating in the country so long as they don't attack domestic targets. A long-standing question, though, is whether these financially motivated hackers ever receive directives from the Russian government and to what extent the gangs are connected to the Kremlin's offensive hacking. The answer is starting to become clearer.
New research presented at the Cyberwarcon security conference in Arlington, Virginia, this week looked at the frequency and targeting of ransomware attacks against organisations based in the United States, Canada, the United Kingdom, Germany, Italy, and France in the lead-up to these countries' national elections. The findings suggest a loose but visible alignment between Russian government priorities and activities and ransomware attacks leading up to elections in the six countries.
The project analysed a data set of over 4,000 ransomware attacks perpetrated against victims in 102 countries between May 2019 and May 2022. The analysis showed a statistically significant increase in ransomware attacks from Russia-based gangs against organisations in the six victim countries ahead of their national elections. These nations suffered the most total ransomware attacks per year in the data set, about three-quarters of all the attacks.
The data was used to compare the timing of attacks for groups believed to be based out of Russia and groups based everywhere else. They looked at the number of attacks on any given day, and what they found was an interesting relationship where for these Russia-based groups, there was an increase in the number of attacks starting four months before an election and moving three, two, one month in, up to the event.
The findings showed broadly that non-Russian ransomware gangs didn't have a statistically significant increase in attacks in the lead-up to elections. Whereas two months out from a national election, for example, the researchers found that organisations in the six top victim countries were at a 41 percent greater chance of having a ransomware attack from a Russia-based gang on a given day, compared to the baseline.
https://www.wired.com/story/russia-ransomware-gang-connections/
Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs
Twelve percent of all employees take sensitive intellectual property (IP) with them when they leave an organisation.
The data comes from workforce cyber intelligence and security company Dtex, which published a report about top insider risk trends for 2022. “Customer data, employee data, health records, sales contacts, and the list goes on,” reads the document. “More and more applications are providing new features that make data exfiltration easier. For example, many now provide the ability to maintain clipboard history and sync across multiple devices.”
Case in point, the report also suggests a 55% increase in unsanctioned application usage, including those making data exfiltration easier by allowing users to maintain clipboard history and sync IP across multiple devices. “Bring Your Own Applications (BYOA) or Shadow IT can be a source of intelligence for business innovation,” Dtex wrote. “Still, they pose a major risk if the security team has not tested these tools thoroughly.”
Further, the new data highlight a 20% increase in resignation letter research and creation from employees taking advantage of the tight labour market to switch positions for higher wages.
“In most cases, an individual planning to leave the business is not pleased with the company’s product, co-workers, work environment, or compensation,” reads the report. “Disgruntled employees are usually jaded by a business that has not shown any steps to alleviate concerns, even after communication attempts.”
Finally, the Dtex report says the industry has witnessed a 200% increase in unsanctioned third-party work on corporate devices from a high prevalence of employees engaged in side gigs.
https://www.infosecurity-magazine.com/news/12-of-employees-take-ip-when/
Why a Clear Cyber Policy is Critical for Companies
In October, Joe Sullivan, Uber’s former head of security, was convicted of covering up a 2016 data breach at the ride hailing giant by hiding details from US regulators and then paying off the hackers.
It was a trial followed nervously by cyber security professionals around the world — coming eight years after an incident that had compromised the personal information of more than 57mn people.
“Any news about another company dealing with a data security incident can strike a bit of fear across industries,” notes Mary Pothos, chief privacy officer at digital travel company Booking.com. She adds that incidents like these cause “many companies to pause, rethink or revisit their internal processes to make sure that they are operating effectively”.
These incidents, and threats, are growing at lightning speed, too. War in Ukraine is now being played out as much in cyber space as on the battlefield. The Covid pandemic has forced businesses to rethink where their employees work, and handle or access data. At the same time, the sheer number of web-connected devices is multiplying.
“We need to be people who can predict what is coming along the line, predict the future, almost” said Victor Shadare, head of cyber security at media company Condé Nast, at a recent FT event on cyber security.
Palo Alto Networks, a specialist security company, found that cyber extortion grew rapidly in 2021. Some 35 new ransomware gangs emerged, the average ransom demand increasing 144 per cent that year to $2.2mn, and the average payment rose by 78 per cent to $541,010.
Meanwhile, cyber security personnel have found themselves hemmed in by increasingly onerous regulations. These include threats of legal action if the right people are not informed about breaches, or if products come to market that are not safe enough. On September 15, for example, the European Commission presented a proposal for a new Cyber Resilience Act to protect consumers from products with inadequate security features.
“New domains of security have sprung up over the past years, so it’s not just an information technology problem any more, it’s really a full company risk issue,” says Kevin Tierney, vice-president of global cyber security at automotive group General Motors. He warns that automated and connected vehicles have thrown up additional threats to be addressed.
“You have to start out with the right governance structure and the right policies and procedures — that’s step one of really getting the company to understand what it needs to do,” he says. These include clear rules on how to disable access to tech equipment, on data protection and storage, on transferring and disposing of data, on using corporate networks, and on reporting any data breaches.
Security experts also tend to agree that there need to be robust systems of governance and accountability, to prevent the sort of trouble that befell Sullivan at Uber. Perhaps most crucially, staff across the organisation, from C-suite to assistants, need to know how to spot and manage a threat.
https://www.ft.com/content/0bb6df09-7d77-4605-aac3-89443ed65a18
Threats
Ransomware and Extortion
Medibank: Hackers release abortion data after stealing Australian medical records - BBC News
Medical data hacked from 10m Australians begins to appear on dark web | World news | The Guardian
How ransomware gangs and malware campaigns are changing - Help Net Security
Thales confirms hackers have released its data on the dark web | Reuters
Most SMBs Fear Ransomware Attack Amid Heightened Geopolitical Tensions - MSSP Alert
Australia to consider banning paying of ransoms to cyber criminals | Reuters
LockBit gang claims to have stolen data from Kearney & Company - Security Affairs
Azov Ransomware is a wiper, destroying data 666 bytes at a time (bleepingcomputer.com)
Ransomware Gang Offers to Sell Files Stolen From Continental for $50 Million | SecurityWeek.Com
Canadian food retail giant Sobeys hit by Black Basta ransomware (bleepingcomputer.com)
LockBit affiliate uses Amadey Bot malware to deploy ransomware (bleepingcomputer.com)
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs
US Health Dept warns of Venus ransomware targeting healthcare orgs (bleepingcomputer.com)
Ransomware attacks on hospitals take toll on patients (nbcnews.com)
Hackers post Hereford schoolchildren's data records on dark web | Hereford Times
CISA and Spain Partnership to Develop Tool to Help Countries Combat Ransomware - MSSP Alert
Phishing & Email Based Attacks
Phishing threats are increasingly convincing and evasive - Help Net Security
Robin Banks phishing-as-a-service platform continues to evolve - Security Affairs
Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com)
Massive Phishing Campaigns Target India Banks’ Clients (trendmicro.com)
BEC – Business Email Compromise
Malware
Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com)
Cloud9 Malware Offers a Paradise of Cyber attack Methods (darkreading.com)
More malware is being hidden in PNG images, so watch out | TechRadar
Attackers Using IPFS for Distributed, Bulletproof Malware Hosting | SecurityWeek.Com
Malicious extension lets attackers control Google Chrome remotely (bleepingcomputer.com)
New hacking group uses custom 'Symatic' Cobalt Strike loaders (bleepingcomputer.com)
New StrelaStealer malware steals your Outlook, Thunderbird accounts (bleepingcomputer.com)
Mobile
5 Common Smartphone Security Myths, Debunked (makeuseof.com)
Oh, look: More malware in the Google Play store • The Register
Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan - Security Affairs
Malicious droppers on Google Play deliver banking malware to victims - Help Net Security
Samsung phones are being targeted by some seriously shady zero-days | TechRadar
New BadBazaar Android malware linked to Chinese cyber spies (bleepingcomputer.com)
Worok hackers hide new malware in PNGs using steganography (bleepingcomputer.com)
Internet of Things – IoT
Organised Crime & Criminal Actors
An initial access broker claims to have hacked Deutsche Bank - Security Affairs
Cyber crime costs to hit $10.5tn by 2025 hears Saudi forum - Arabian Business
Cyber crime Group OPERA1ER Stole $11M From 16 African Businesses (darkreading.com)
Instagram star gets 11 years for $300m BEC conspiracy • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX says it is probing ‘abnormal transactions’ after potential hack | Financial Times
Kraken's CSO Claims To Have Identified The $600 Million FTX Hacker (coingape.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Fifth Of 18 To 34-year-olds Have Fallen Victim To Financial Scams – Information Security Buzz
Ukrainian Cyber Cops Bust $200m Fraud Ring - Infosecurity Magazine (infosecurity-magazine.com)
Retail Sector Prepares for Annual Holiday Cyber crime Onslaught (darkreading.com)
US seized 18 web domains used for recruiting money mules (bleepingcomputer.com)
Insurance
Rising cost of cyber attacks sends insurance policy charges soaring | Financial Times (ft.com)
Just 25% of businesses are insured against cyber attacks. Here's why (theconversation.com)
Re-Focusing Cyber Insurance with Security Validation (thehackernews.com)
Swiss Re: Cyber-Insurance Industry Must Reform - Infosecurity Magazine (infosecurity-magazine.com)
Dark Web
DoJ seizes $3.36B Bitcoin from Silk Road hacker - Security Affairs
Silk Road drugs market hacker pleads guilty, faces 20 years inside – Naked Security (sophos.com)
Supply Chain and Third Parties
Hybrid Working
Attack Surface Management
Identity and Access Management
API
Passwords, Credential Stuffing & Brute Force Attacks
Microsoft Password Hacking Increase – Information Security Buzz
False sense of safety undermines good password hygiene - Help Net Security
Password-hacking attacks are on the rise. Here's how to stop your accounts from being stolen | ZDNET
Social Media
Twitter blue check unavailable after impostor accounts erupt on platform | Twitter | The Guardian
Twitter chief information security officer Lea Kissner departs | TechCrunch
Privacy, Surveillance and Mass Monitoring
World Cup apps pose a data security and privacy nightmare • The Register
Surveillance 'Existential' Danger of Tech: Signal Boss | SecurityWeek.Com
Regulations, Fines and Legislation
Careers, Working in Cyber and Information Security
Three million empty seats: What can we do about the cyber skills shortage? (computerweekly.com)
Cyber security, cloud and coding: Why these three skills will lead demand in 2023 | ZDNET
Cyber security leaders want to quit. Here's what is pushing them to leave | ZDNET
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Red Cross seeks digital equivalent of its emblems • The Register
Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless | WIRED
EU calls for joint cyber defence in response to Russia • The Register
Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft | SecurityWeek.Com
What Ukraine’s cyber defence tactics can teach other nations | Financial Times (ft.com)
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs
APT29 abused Windows Credential Roaming in attacks - Security Affairs
Dutch MEP says illegal spyware ‘a grave threat to democracy’ | European Commission | The Guardian
Greece Is Banning Spyware After Predator Phone-Tapping Scandal (gizmodo.com)
British embassy security guard David Smith admits spying for Russia - BBC News
Nation State Actors
Nation State Actors – Russia
EU calls for joint cyber defence in response to Russia • The Register
Ukraine war: Russians kept in the dark by internet search - BBC News
Microsoft links Russia’s military to cyber attacks in Poland and Ukraine | Ars Technica
Putin ally Yevgeny Prigozhin admits interfering in US elections | Russia | The Guardian
Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine - Security Affairs
Nation State Actors – China
Nation State Actors – Misc
Vulnerability Management
Why CVE Management as a Primary Strategy Doesn't Work (darkreading.com)
Why it's time to review your Microsoft patch management options | CSO Online
Risk-Based Vulnerability Management: Understanding the RBVM Trend (darkreading.com)
How can CISOs catch up with the security demands of their ever-growing networks? - Help Net Security
Microsoft: Nation-state threats, zero-day attacks increasing (techtarget.com)
Types of vulnerability scanning and when to use each (techtarget.com)
Vulnerabilities
Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws (bleepingcomputer.com)
VMware fixes three critical auth bypass bugs in remote access tool (bleepingcomputer.com)
Citrix ADC and Citrix Gateway are affected by a critical auth bypass - Security Affairs
Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products | SecurityWeek.Com
Microsoft Patches MotW Zero-Day Exploited for Malware Delivery | SecurityWeek.Com
Apple out-of-band patches fix RCE bugs in iOS and macOS - Security Affairs
Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks (bleepingcomputer.com)
SAP Patches Critical Vulnerabilities in BusinessObjects, SAPUI5 | SecurityWeek.Com
Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica
Foxit Patches Several Code Execution Vulnerabilities in PDF Reader | SecurityWeek.Com
LiteSpeed Vulnerabilities Can Lead to Complete Web Server Takeover | SecurityWeek.Com
Reports Published in the Last Week
Other News
What Is Threat Hunting? A Definition for MSPs and Channel Partners - MSSP Alert
Cyber security: These are the new things to worry about in 2023 | ZDNET
What We Really Mean When We Talk About ‘Cyber security’ (darkreading.com)
Personal cyber security is now a company problem - Help Net Security
History of Computer Viruses & Malware | What Was Their Impact? (esecurityplanet.com)
5 Reasons to Consolidate Your Tech Stack (thehackernews.com)
Cookies for MFA Bypass Gain Traction Among Cyber attackers (darkreading.com)
Common lateral movement techniques and how to prevent them (techtarget.com)
Beyond the Pen Test: How to Protect Against Sophisticated Cyber criminals (darkreading.com)
5 ways to overcome multifactor authentication vulnerabilities (techtarget.com)
15,000 sites hacked for massive Google SEO poisoning campaign (bleepingcomputer.com)
Unencrypted Traffic Still Undermining Wi-Fi Security (darkreading.com)
Researchers Devise Wi-Peep Drone That Can 'See Through Walls' (gizmodo.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.