Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 01 September 2023

Black Arrow Cyber Threat Intelligence Briefing 01 September 2023:

-66 Percent of Businesses Don't Understand Their Cyber Risks

-Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

-Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

-Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

-58% of Malicious Emails Contained Spoofed Content

-Cyber Attacks Remain a Top Concern for Organisations Across All Industries

-BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

-13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

-Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

-Kroll’s Breach Highlights SIM-Swapping Risk

-Reducing The Risk of AI, What Can You Do?

-Debunking Popular Cyber Security Myths

-3 Malware Loaders Responsible for 80% of Intrusions

-MOVEit Hack Shows Attackers Still Use Old Tricks

-Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

66 Percent of Businesses Don't Understand Their Cyber Risks

A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.

83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.

Source: [Beta News]

Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.

The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.

Sources [Data Breaches] [UKAuthority]

Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.

As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.

Sources [Dark Reading] [The Record] [Security Magazine]

Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.

There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.

Source: [Law.com]

58% of Malicious Emails Contained Spoofed Content

According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.

The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.

Source: [Security Magazine]

Cyber Attacks Remain a Top Concern for Organisations Across All Industries

Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.

With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.

Source: [Business Wire]

BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.

The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.

Source: [Infosecurity Magazine]

13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.

It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.

Source: [Security Magazine]

Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.

Source: [The Hacker News]

Kroll’s Breach Highlights SIM-Swapping Risk

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.

In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.

Source [Dark Reading]

Reducing The Risk of AI, What Can You Do?

Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.

Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.

Sources: [CSO Online] [UKTech News]

Debunking Popular Cyber Security Myths

At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?

When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.

So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.

Sources: [Forbes] [Trend Micro]

3 Malware Loaders Responsible for 80% of Intrusions

Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.

Sources: [The Register] [Infosecurity Magazine]

MOVEit Hack Shows Attackers Still Use Old Tricks

SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.

The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?

Source: [Dark Reading]

Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.

In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.

Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.

Source: [Ars Technica]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

AITM/MITM

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

BYOD

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Training, Education and Awareness

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

North Korea


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 28th July 2023

Black Arrow Cyber Threat Briefing 28 July 2023:

-Half of UK businesses Struggle to Fill Cyber Security Skills Gap as Companies Encounter Months-long Delays in Filling Critical Security Positions

-Deloitte Joins fellow Big Four MOVEit victims PWC, EY as MOVEit Victims Exceeds 500

-Why Cyber Security Should Be Part of Your ESG Strategy

-Lawyers Take Frontline Role in Business Response to Cyber Attacks

-Organisations Face Record $4.5M Per Data Breach Incident

-Cryptojacking Soars as Cyber Attacks Diversify

-Ransomware Attacks Skyrocket in 2023

-Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

-Protect Your Data Like Your Reputation Depends on It (Because it Does)

-Why CISOs Should Get Involved with Cyber Insurance Negotiation

-Companies Must Have Corporate Cyber Security Experts, SEC Says

-Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Half of UK Businesses Struggle to Fill Cyber Security Skills Gap

Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.

In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.

With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725

https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/

  • Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500

The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.

Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.

https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/

https://www.kroll.com/en/insights/publications/cyber/moveit-vulnerability-investigations-uncover-additional-exfiltration-method

https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/

  • Why Cyber Security Should Be Part of Your ESG Strategy

Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.

Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.

https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy

  • Lawyers Take Frontline Role in Business Response to Cyber Attacks

Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.

In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.

https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331

  • Organisations Face Record $4.5M Per Data Breach Incident

In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.

https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident

https://uk.newsroom.ibm.com/24-07-2023-IBM-Security-Report-Cost-of-a-Data-Breach-for-UK-Businesses-Averages-3-4m

  • Cryptojacking Soars as Cyber Attacks Diversify

According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.

Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.

https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/

  • Ransomware Attacks Skyrocket in 2023

Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.

The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.

https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/

  • Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.

Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.

https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/

https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt

https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/

  • Protect Your Data Like Your Reputation Depends on It (Because it Does)

Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.

It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.

https://informationsecuritybuzz.com/protect-your-data-like-your-reputation-depends-on-it-because-it-does/

  • Why CISOs Should Get Involved with Cyber Insurance Negotiation

Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.

Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.

https://www.darkreading.com/edge-articles/why-cisos-should-get-involved-with-cyber-insurance-negotiation

  • Companies Must Have Corporate Cyber Security Experts, SEC Says

A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.

The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.

The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.

https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says

https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/

https://krebsonsecurity.com/2023/07/few-fortune-100-firms-list-security-pros-in-their-executive-ranks/

  • Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.

With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.

https://www.bleepingcomputer.com/news/security/over-400-000-corporate-credentials-stolen-by-info-stealing-malware/

https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

BYOD

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Shadow IT

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Travel

Parental Controls and Child Safety

Regulations, Fines and Legislation

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

North Korea

Misc/Other/Unknown


Vulnerability Management

Vulnerabilities


Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 21 July 2023

Black Arrow Cyber Threat Briefing 21 July 2023:

-Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years

-MOVEit Body Count Closes in on 400 orgs, 20M+ Individuals

-IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer

-Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs

-Risk is Driving Medium-Sized Business Decisions

-Talent and Governance, Not Technology, are Key to Drive Change around Cyber Security

-Hybrid Work, Digital Transformation can Exploit Security Gaps

-Human Cyber-Risk Can Be Demonstrably Mitigated by Behaviour Changing Training

-AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks

-Pro-Russian Hacktivists Increase Focus on Western Targets

-Infosec Doesn't Know What AI Tools Orgs Are Using

-Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk

-Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years

The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.

A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.

https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/

https://www.itpro.com/security/ransomware/weekly-cyber-attacks-reach-two-year-high-amid-ransomware-resurgence

  • MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals

The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.

The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.

https://www.theregister.com/2023/07/20/moveit_victim_count/

  • IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer

28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.

Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.

https://www.bleepingcomputer.com/news/security/it-worker-jailed-for-impersonating-ransomware-gang-to-extort-employer/

  • Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs

In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.

A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.

https://www.forbes.com/sites/theyec/2023/07/14/stabilizing-the-cybersecurity-landscape-the-ciso-exodus-and-the-rise-of-vcisos/

  • Risk is Driving Medium-Sized Business Decisions

Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.

In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.

https://www.msspalert.com/cybersecurity-guests/risk-is-driving-small-and-medium-sized-businesses-smb-decisions/

  • Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security

For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.

However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.

This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.

https://technative.io/talent-and-governance-not-technology-are-key-to-drive-change-around-cyber-security/

  • Hybrid Work, Digital Transformation can Exploit Security Gaps

A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.

The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.

https://www.msspalert.com/cybersecurity-research/digital-transformation-hybrid-work-models-create-perfect-setting-for-cybercriminals-to-exploit-security-gaps-study-finds/

  • Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training

The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.

What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.

https://www.securityweek.com/human-cyber-risk-can-be-demonstrably-mitigated-by-behavior-changing-training-analysis/

  • AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks

A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.

https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/

https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html

  • Pro-Russian Hacktivists Increase Focus on Western Targets

‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.

The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.

https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/

  • Infosec Doesn't Know What AI Tools Organisations Are Using

With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.

Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.

https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using

  • Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk

In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.

https://www.cnbc.com/2023/07/18/google-restricting-internet-access-to-some-employees-for-security.html

https://www.theregister.com/2023/07/19/google_cuts_internet/

  • Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset

Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.

The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Identity and Access Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Digital Transformation

Travel

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

North Korea

Misc/Other/Unknown


Vulnerability Management

Vulnerabilities


Tools and Controls



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 28 April 2023

Black Arrow Cyber Threat Briefing 28 April 2023:

- Navigating The Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation Are Key

- Shadow IT, SaaS Pose Security Liability for Enterprises

- The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection

- Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks

- Over 70 billion Unprotected Files Available on Unsecured Web Servers

- Cyber Thieves Are Getting More Creative

- Modernising Vulnerability Management: The Move Toward Exposure Management

- Almost Three-quarters of Cyber Attacks Involve Ransomware

- Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts

- NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities

- Email Threat Report 2023: Key Takeaways

- 5 Most Dangerous New Attack Techniques

- Many Public Salesforce Sites are Leaking Private Data

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Navigating the Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation are Key

Cyber investments have become table stakes for businesses around the world. Cyber crime is increasing, with 91% of organisations reporting at least one cyber incident in the past year. Not only are they growing in numbers, but they are becoming more sophisticated and diverse, with new threats constantly emerging. According to the 2023 Deloitte Global Future of Cyber survey, business leaders are changing how they think of cyber, and it’s emerging as a larger strategic discussion tied to an organisation’s long-term success.

Cyber is about more than protecting information—risk management, incident response planning, threat intelligence and training can often be directly correlated to increasing trust within businesses.

Cyber security training is essential for employees to ensure the safety and security of a business. Employees are often the first line of defence against cyber-attacks and frequently the weakest link in an organisation's security posture. Cyber security training can help employees recognise and avoid common cyber threats, such as phishing attacks, malware, and social engineering. 89% of organisations cited as high-performing cyber organisations have implemented annual cyber awareness training among all employees. With increased digital dependency year over year—effective employee training can raise awareness, reduce risk, improve security posture, and support compliance.

https://www.forbes.com/sites/deloitte/2023/04/20/navigating-the-future-of-cyber-business-strategy-cybersecurity-training-and-digital-transformation-are-key/?sh=1ab15c2c29c1

  • Shadow IT, SaaS Pose Security Liability for Enterprises

There's no denying that software-as-a-service (SaaS) has entered its golden age. Software tools have now become essential to modern business operations and continuity. However, not enough organisations have implemented the proper procurement processes to ensure they're protecting themselves from potential data breaches and reputational harm.

A critical component contributing to concerns around SaaS management is the rising trend of shadow IT, which is when employees download and use software tools without notifying their internal IT teams. A recent study shows that 77% of IT professionals believe that shadow IT is becoming a major concern in 2023, with more than 65% saying their SaaS tools aren't being approved. Organisations are beginning to struggle with maintaining security as their SaaS usage continues to sprawl.

To combat shadow IT and the high risks that come along with it, organisations must gain greater visibility over their SaaS stacks and institute an effective procurement process when bringing on new software solutions.

https://www.darkreading.com/edge-articles/shadow-it-saas-pose-security-liability-for-enterprises

  • The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection

While indicators of compromise and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence needs have grown over the past few years, driven by things like digital transformation, cloud computing and remote working. In fact, these changes have led to a cyber threat intelligence (CTI) subcategory focused on digital risk protection (DRP). DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets”.

According to research provider ESG, the most important functions of DRP as part of a mature CTI programme are: vulnerability exploit intelligence, takedown services, leaked data monitoring, malicious mobile application monitoring, brand protection and attack surface management. It should be noted that a mature CTI programme can utilise service providers to help carry out threat intelligence, it doesn’t have to be spun up by the organisation from nothing. Regardless, an organisation employing these DRP functions as part of a CTI programme will be increasing its cyber resilience and reducing the chance of a cyber incident.

https://www.csoonline.com/article/3693754/the-strong-link-between-cyber-threat-intelligence-and-digital-risk-protection.html

  • Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks

Threat actors are getting more adept at exploiting common everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments according to a recent report. The report, conducted by UNIT 42 analysed the workload of 210,000 cloud accounts across 1,300 organisations.

The report’s findings echoed similarities from the previous year, finding almost all cloud users, roles, services and resources grant excessive permissions. Some of the other key findings include as many as 83% of organisations having hard-coded credentials in their source control management systems, 53% of cloud accounts allowing weak password usage and 44% allowing password reuse and 71% of high or critical vulnerabilities exposed were at least two years old.

https://www.csoonline.com/article/3693260/weak-credentials-unpatched-vulnerabilities-malicious-oss-packages-causing-cloud-security-risks.html

  • Over 70 Billion Unprotected Files Available on Unsecured Web Servers

A recent report found that more than 70 billion files, including intellectual property and financial information, are freely available and unprotected on unsecured web servers. Other key findings of the report included almost 1 in 10 of all detected internet-facing assets having an unpatched vulnerability, with the top 10 vulnerabilities found unpatched at least 12 million times each.

The report predicted that there will be a significant rise in information stealing malware; the report had found that 50% of emails associated with customers were plaintext and unencrypted. Additionally, there will be more incidents due to an increase in assets which are not known to IT, known as shadow IT.

Organisations should look to employ efficient patch management, have an up to date asset register, and use encryption to better increase their cyber defences.

https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/

  • Cyber Thieves Are Getting More Creative

Cyber criminals are constantly changing their tactics and finding new ways to steal money from organisations. An example of this can be seen where criminals are breaking into systems to learn who is authorised to send payments and what the procedures are. Eventually, this leads to the criminal instructing payment to their own account.

Unfortunately, it is only after such events that some organisations are taking actions, such as verifying payments through phone calls. Whilst it is important for organisations to learn from attacks, it is beneficial to take a pro-active approach and employ procedures such as call back procedures before an incident has occurred.

https://hbr.org/2023/04/cyber-thieves-are-getting-more-creative

  • Modernising Vulnerability Management: The Move Toward Exposure Management

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritisation, and understanding of attackers' motivations, opportunities and means. Vulnerabilities only represent a small part of the attack surface that attackers can leverage.

Exposures are broader and can encompass more than just vulnerabilities. Exposures can result from various factors, such as human error, improperly defined security controls, and poorly designed and unsecured architecture. Organisations should consider that an attacker doesn’t just look at one exposure; attackers will often use a combination of vulnerabilities, misconfigurations, permissions and other exposures to move across systems and reach valuable assets.

As such, organisations looking to improve their cyber resiliency should consider their vulnerability management system and assess both whether it is taking into account exposures and the context in relation to the organisation.

https://thehackernews.com/2023/04/modernizing-vulnerability-management.html

  • Two-thirds of Cyber Attacks Involve Ransomware

A report from Sophos focusing on recent incident response cases, found that 68.4% of incidents resulted from ransomware. This was followed by network breaches, accounting for 18.4%. Regarding threat actor access, the report found that unpatched vulnerabilities were the single most common access method, followed by compromised credentials.

https://www.computerweekly.com/news/365535467/Almost-three-quarters-of-cyber-attacks-involve-ransomware

  • Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts

A recent report found that the top challenges when implementing an effective cyber/IT risk management programme include an increase in the quantity (49%) and severity (49%) of cyber threats, a lack of funding (37%) and a lack of staffing/cyber risk talent (36%).

Cyber attacks have been increasing for several years now and resulting data breaches cost businesses an average of $4.35 million in 2022, according to the annual IBM ‘Cost of a Data Breach’ report. Given the financial and reputational consequences of cyber attacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.

When it came to reporting to the board, 30% of CIO and CISO respondents say they do not communicate risk around specific business initiatives to other company leaders, indicating they may not know how to share that information in a constructive way.

https://www.helpnetsecurity.com/2023/04/26/effective-it-risk-management/

  • NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities

According to the US National Security Agency (NSA), Russian hackers could be looking to attack logistics targets more broadly. The NSA have noted a significant amount of intelligence gathering into western countries, including the UK and the US.

Although there is no indication yet regarding attacks from Russia in connection with the logistics related to Ukraine, organisations should be aware and look to improve their cyber security practices to be best prepared.

https://cyberscoop.com/nsa-russian-ukraine-supply-chain-ransomware/

  • Email Threat Report 2023: Key Takeaways

According to a recent report, email phishing made up 24% of all spam types in 2022, a significant increase in proportion from 11% in 2021. The finance industry was the most targeted by far, accounting for 48% of phishing incidents. It is followed by the construction sector at 17%, overtaking 2021’s second-place industry, e-commerce. Both the finance and construction industries saw an increase in phishing since last year. Of all the emails analysed in 2022, an enormous 90% were spam emails.

With phishing as prevalent as ever, organisations should look to implement training for their staff to not only be able to spot phishing emails, but to be able to report these and aid in improving the cyber security culture of their organisation.

https://www.itsecurityguru.org/2023/04/27/email-threat-report-2023-key-takeaways/

  • 5 Most Dangerous New Attack Techniques

Experts from security training provider SANS Institute have revealed the 5 most dangerous new attack techniques: adversarial AI, ChatGPT-powered social engineering, third-party developer attacks (also known as software supply chain attacks), SEO, and paid advertising attacks.

The new techniques highlight the ever changing environment of the attack environment. SEO and paid advertising attacks are leveraging fundamental marketing strategies to gain initial access, heightening the importance for organisations to incorporate scalable user awareness training programmes, tailored to new threats.

https://www.csoonline.com/article/3694892/5-most-dangerous-new-attack-techniques.html  

  • Many Public Salesforce Sites are Leaking Private Data

A shocking number of organisations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

This included the US State of Vermont who had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance programme that exposed the applicant’s full name, social security number, address, phone number, email, and bank account number. Similar information was leaked by TCF Bank on their Salesforce Community Website.

It's not just Salesforce though; misconfigurations in general are responsible for a number of leaked documents and or exposures relating to an organisation.

https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Containers

Attack Surface Management

Shadow IT

Identity and Access Management

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Digital Transformation

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors




Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 03 March 2023

Black Arrow Cyber Briefing 03 March 2023:

-It’s Time to Evaluate Your Security Education Plan Amongst the Rise in Social Engineering Attacks

-Mobile Users are More Susceptible to Phishing Attacks

-Phishing as a Service Stimulates Cyber Crime

-Attacker Breakout Time Drops to Just 84 Minutes

-Attackers are Developing and Deploying Exploits Faster Than Ever

-Old Vulnerabilities are Haunting Organisations and Aiding Attackers

-Scams Drive Nearly $9bn Fraud Surge in 2022

-Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This

-Cyber Security in This Era of Polycrisis

-Russian Ransomware Projects Rebranded to Avoid Western Sanctions

-Ransomware Attacks Ravaged Big Names in February

-Firms Who Pay Ransom Subsidise New Attacks

-How the Ukraine War Opened a Fault Line in Cyber Crime

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • It’s Time to Evaluate Your Security Education Plan with the Rise in Social Engineering Attacks

Security provider Purplesec found 98% of attacks in 2022 involved an element of social engineering. Social engineering attacks can take many forms including phishing, smishing, vishing and quishing and it’s vital to educate your organisation on how to best prepare for these. Education plans should focusing on educating all levels of users, including those at the top. These plans should also be tested to allow organisations to assess where they are at and identify where they can improve.

https://www.darkreading.com/endpoint/as-social-engineering-attacks-skyrocket-evaluate-your-security-education-plan

  • Mobile Users are More Susceptible to Phishing Attacks

A report conducted by mobile security provider Lookout focused on the impact of mobile phishing. Some of the key findings from the report included that more than 50% of personal devices were exposed to a mobile phishing attack every quarter, the percentage of users falling for multiple mobile phishing links increasing and an increased targeting of highly regulated industries such as insurance, banking and financial services. It is likely that this has resulted from the increase in relaxed bring your own device (BYOD) policies.

https://www.msspalert.com/cybersecurity-research/mobile-users-more-susceptible-to-phishing-attacks-than-two-years-ago/

  • Phishing as a Service Stimulates Cyber Crime

Phishing attacks are at an all-time high and the usage of Phishing as a Service (PaaS) opens this attack technique to virtually anyone. The sale of “phishing kits” and usage of artificial intelligence has further increased the availability of this attack technique. In response, organisations should look to improve their email security, cloud security and education programs for employees.

https://www.trendmicro.com/en_us/ciso/23/c/phishing-as-a-service-phaas.html

  • Attacker Breakout Time Drops to Just 84 Minutes

The average time it takes for a threat actor to move laterally from a compromised host within an organisation dropped 14% between 2012 and 2022 down to 84 minutes, according to a report by security provider Crowdstrike. With the reduction in time it takes a threat actor to move across systems, organisations have even less time to enact their incident response plans and contain breaches effectively, putting further pressure on the incident response team. By responding quickly, organisations can minimise the cost and damage of a breach. The report from Crowdstrike found that organisations were facing increasing difficulty in detecting suspicious activity as attackers are choosing to use valid organisation credentials rather than malware, to gain access to an organisation’s systems.

https://www.infosecurity-magazine.com/news/attacker-breakout-time-drops-just/

  • Attackers are Developing and Deploying Exploits Faster Than Ever

A report from security provider Rapid7 found that over 56% of vulnerabilities were exploited within seven days of public disclosure. Worryingly, the median time for exploitation in 2022 was just one day. The finding from the report highlights the need for organisations to not only conduct threat intelligence to be aware of vulnerabilities but to also look to employ patches where possible in a timely manner.

https://www.helpnetsecurity.com/2023/03/03/attackers-developing-deploying-exploits/

  • Old Vulnerabilities are Haunting Organisations and Aiding Attackers

Known vulnerabilities, vulnerabilities for which patches have already been made available, are one of the primary attack vectors for threat actors. Vulnerability management vendor Tenable found that the top exploited vulnerabilities were originally disclosed as far back as 2017 and organisations that had not applied these patches were at increased risks of attack.

https://www.helpnetsecurity.com/2023/03/03/known-exploitable-vulnerabilities/

  • Scams Drive Nearly $9bn Fraud Surge in 2022

Americans lost $8.8 billion to fraud last year, with imposter scams responsible for $2.8 billion of that amount, according to the Federal Trade Commission (FTC). Losses to business imposters were particularly damaging, climbing to $660 million from the previous year. Interestingly, the FTC found that younger people reported losing money to fraud the most often.

https://www.infosecurity-magazine.com/news/investment-scams-drive-9bn-in/

  • Economic Pressure are Increasing Cyber Security Risks and a Recession Would Only Further This

The World Economic Forum’s recent report found that 93% of cyber security leaders and 86% of business leaders think it is moderately or very likely that global geopolitical instability will lead to a catastrophic cyber event in the next two years. Reinforcing this, a report from (ISC)² found that 80% of business executives believe a weakening economy will increase cyber threats and a recession will only amplify this.

https://www.csoonline.com/article/3689008/economic-pressures-are-increasing-cybersecurity-risks-a-recession-would-amp-them-up-more.html

  • Cyber Security in this Era of Polycrisis

A year since Russia invaded Ukraine, the geopolitical context is increasingly tense and volatile. The world faces several major crises in what has been coined a 'polycrisis,' a cluster of global shocks with compounding effects. This, along with increasing geopolitical tensions causes a rise in risk from cyber attacks. In fact, the European Union Agency for Cyber Security (ENISA) recently issued an alert regarding actors conducting malicious cyber activities against businesses and governments in the European Union and findings from Google show a 300% increase in state-sponsored cyber attacks targeting users in NATO countries.

https://www.weforum.org/agenda/2023/02/cybersecurity-in-an-era-of-polycrisis/

  • Russian Ransomware Projects Rebranded to Avoid Western Sanctions

Research provider TRM labs found that some major Russian-linked ransomware crime gangs have rebranded their activities in 2022 to avoid sanctions. To strengthen their anonymity, two major ransomware crime gangs LockBit and Conti restructured their activities. Conti is reported to have restructured into three smaller groups named Black Besta, BlackByte, Karakurt. LockBit on the other hand launched LockBit 3.0, which is focused on monetary gain. Additionally, the report found that Russian-speaking darknet markets had amassed over $130 million in sales.

https://cryptopotato.com/russian-ransomware-projects-rebranded-to-avoid-western-sanctions-report/

  • Ransomware Attacks Ravaged Big Names in February

Despite the apparent slight drop in ransomware activity last month, several high profile targets of various industries were hit; this ranges from the likes of the US Marshal Service, retailer WH Smith, satellite provider Dish and many more. These attacks reinforce the concept that any organisation can be a victim, regardless of industry.

https://www.techtarget.com/searchsecurity/news/365532056/Ransomware-attacks-ravaged-big-names-in-February

  • Firms Who Pay Ransoms Subsidise New Attacks

A report from security provider Trend Micro found that whilst only a relatively small number of ransomware victims pay their extorters, those that do pay are effectively funding 6-10 new attacks. The report also found that attackers are aware of which industries and countries pay ransoms more often, so organisations belonging to those industries and countries may find themselves an even more attractive target.

https://www.infosecurity-magazine.com/news/firms-pay-ransom-subsidise-10/

  • How the Ukraine War Opened a Fault Line in Cyber Crime

A report from threat intelligence provider Recorded Future has highlighted the impact that the Russian invasion of Ukraine has had on cyber. Recorded Future explain how a number of threat actor groups fled during the war and in addition to differing political views between groups, there has been a disruption to the cyber environment. In fact, Recorded Future found that Russian-language dark web marketplaces have taken a major hit and the prediction is that the epicentre of cyber crime may shift to English-speaking dark web forums, shops and marketplaces.

https://www.darkreading.com/analytics/ukraine-war-fault-line-cybercrime-forever


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Containers

Hybrid/Remote Working

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 February 2023

Black Arrow Cyber Threat Briefing 17 February 2023:

-High Risk Users May be Few, but the Threat They Pose is Huge

-The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

-Cyber Attacks Worldwide Increased to an All-Time Record Breaking High

-Most Organisations Make Cyber Security Decisions Without Insights

-Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

-Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

-Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

-EU Countries Told to Step up Defence Against State Hackers

-Cyber Criminals Exploit Fear and Urgency to Trick Consumers

-How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

-Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

-5 Biggest Risks of Using Third Party Managed Service Providers

-Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • High Risk Users May be Few, but the Threat They Pose is Huge

High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.

https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/

  • The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.

https://fortune.com/2023/02/15/cost-cybersecurity-insurance-soaring-state-backed-attacks-cover-shmulik-yehezkel/

  • Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows

According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.

https://www.msspalert.com/cybersecurity-research/cyberattacks-worldwide-increased-to-an-all-time-high-check-point-research-reveals/

  • Most Organisations Make Cyber Security Decisions Without Insights

A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.

https://www.msspalert.com/cybersecurity-research/mandiant-report-most-organizations-make-cybersecurity-decisions-without-insights/

  • Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities.  A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.

https://venturebeat.com/security/ransomware-attackers-finding-new-ways-to-weaponize-old-vulnerabilities/

  • Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.

https://www.msspalert.com/cybersecurity-research/are-c-suite-executives-fluent-in-it-security-speak-five-reasons-why-the-communication-gap-is-wider-than-you-think/

  • Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.

https://www.infosecurity-magazine.com/news/bec-groups-multilingual/

  • EU Countries Told to Step up Defence Against State Hackers

European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.

https://www.reuters.com/world/europe/eu-countries-told-step-up-defence-against-state-hackers-2023-02-14/

  • Cyber Criminals Exploit Fear and Urgency to Trick Consumers

Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.

https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/

  • How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.

https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/

  • Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.

https://www.computerweekly.com/news/365531158/Russian-spear-phishing-campaign-escalates-efforts-toward-critical-UK-US-and-European-targets

  • 5 Biggest Risks of Using Third Party Managed Service Providers

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.

https://www.csoonline.com/article/3687812/5-major-risks-third-party-services-may-bring-along-with-them.html#tk.rss_news

  • Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.

https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Attack Surface Management

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Backup and Recovery

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Read More