Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Resilience Requires Maturity, Persistence & Board Engagement

Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.

Source: [Dark Reading]

Security is a Process, not a Tool

The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.

Source: [Dark Reading]

46% of SMBs and Enterprises Have Experienced a Ransomware Attack

A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.

Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.

Source: [Security Magazine] [IT Business]

Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries

In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.

Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.

Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.  

Source: [welivesecurity]

67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission

New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.

Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.

Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.

Sources: [Tech Radar] [the HR Director]

The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023

In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.  

This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.

Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups.  Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Forbes] [Infosecurity Magazine] [ITPro]

Financial Services Still Stubbornly Vulnerable to Cyber Disruption

A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.

According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.

Source: [FTAdviser]

World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks

The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.

Sources: [SC Media] [Bit Defender]

NCSC Warns UK Over Significant Threat to Critical Infrastructure

The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.

The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.

They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.

For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.

This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.

Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]

Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.

Sources: [Infosecurity Magazine] [Bleeping Computer]

Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks

A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).

Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.

Source: [TechRadar]

Phishing Emails Are More Believable Than Ever. Here's What to Do About It.

Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.

It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CSO Online]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• 29% of organisations cite data loss as top security breach result | Security Magazine

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)

• Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar

• Security Is a Process, Not a Tool (darkreading.com)

• 6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• Should cyber security overconfidence be on your threat radar? | TechRadar

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Every Business Owner Should Be Thinking About Improving Online Security | Inc.com

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)

• How to withstand the onslaught of cyber security threats - Help Net Security

• 8 ways to cope with cyber security budget cuts | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Law practices and government agencies experience the largest ransomware spikes - Digital Journal

• Orgs still losing logs, powerless to speedy ransomware • The Register

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• 29 new ransomware groups have emerged in 2023 | ITPro

• 46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine

• Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business

• Half of Ransomware Groups Operating in 2023 Are New - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• The Persistent Menace: Understanding And Combating Ransomware (forbes.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Ransomware tracker: The latest figures [November 2023] (therecord.media)

• Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)

• LockBit ransomware group assemble strike team to breach banks, law firms and governments. | by Kevin Beaumont | Nov, 2023 | DoublePulsar

• Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Uncovering the ransomware threat from global supply chains | ITPro

• Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Success eludes the International Counter Ransomware Initiative - Help Net Security

• New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)

• How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)

• Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK

• FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)

• ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• FBI pumping 'significant' resources into Scattered Spider • The Register

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

• It ain’t what you store, it’s the way you restore it. • The Register

Ransomware Victims

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• How a cyber attack crippled the world's largest bank for hours | Euronews

• ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)

• FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)

• Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)

• Major cyber attack on Australian ports suggests sabotage by a 'foreign state actor' (theconversation.com)

• Tri-City Medical Center cyber attack impacting patient care (10news.com)

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• LockBit leaks Boeing files after failed ransom negotiations • The Register

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• British Library’s Halloween cyber scare was ransomware | Computer Weekly

• Royal Mail ransomware recovery to cost at least $12 million • The Register

• 9 million patients had data stolen after US medical transcription firm hacked | TechCrunch

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)

• Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News

• Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)

• Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week

• Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)

• Stellantis production affected by cyber attack at auto supplier - The Columbian

Phishing & Email Based Attacks

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)

Artificial Intelligence

• UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)

• UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK

• AI disinformation campaigns pose major threat to 2024 elections - Help Net Security

• AI poses growing threat to next general election, warns UK cyber security agency | UK News | Sky News

• Microsoft blocks internal access to ChatGPT over security • The Register

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED

• CISA Has a New Road Map for Handling Weaponized AI | WIRED

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)

• How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker

• Top 5 Risks of Artificial Intelligence - IT Security Guru

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Malware

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Infostealers and the high value of stolen data - Help Net Security

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• Ducktail Malware Targets the Fashion Industry (darkreading.com)

Mobile

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com

• Apple and Google have made phones the key to your digital life. Here’s what to do if you lose it. - Vox

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• How to spot a fake data blocker that could hack your computer in seconds | ZDNET

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Denial of Service/DoS/DDOS

• Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online

• How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)

Internet of Things – IoT

• UK Privacy Regulator Issues Black Friday Smart Device Warning - Infosecurity Magazine (infosecurity-magazine.com)

• How to protect your organisation from IoT malware | TechTarget

• Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)

Data Breaches/Leaks

• Infostealers and the high value of stolen data - Help Net Security

• 29% of organisations cite data loss as top security breach result | Security Magazine

• McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)

• Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)

• Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)

• Fourth time unlucky: Okta hit by new cyber attack - Digital Journal

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• The real cost of healthcare cyber security breaches - Help Net Security

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)

• Samsung warns some customers their data may have been stolen by hackers | TechRadar

• Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)

• Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)

• Morgan Stanley fined over computers with personal data (cnbc.com)

• Samsung says hackers accessed customer data during year-long breach | TechCrunch

• A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED

• Electric Ireland Confirms Compromise of 8,000 Customers’ Personal and Financial Data - IT Security Guru

Organised Crime & Criminal Actors

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• 'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Ethereum hacked to steal millions from users across the world | TechRadar

• Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)

Insider Risk and Insider Threats

• Employees putting businesses at risk downloading apps and software without consent | theHRD (thehrdirector.com)

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Insurance

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• Cyber insurance predictions for 2024 - Help Net Security

• Cyber ‘Catastrophe Bonds’ Move Step Closer to Hitting Public Debt Markets | Tech News (hindustantimes.com)

• Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News

Supply Chain and Third Parties

• Uncovering the ransomware threat from global supply chains | ITPro

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)

Cloud/SaaS

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• Traditional cloud security isn't up to the task - Help Net Security

• Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security

Identity and Access Management

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

Encryption

• The new frontier in online security: Quantum-safe cryptography (techxplore.com)

• In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica

• TETRA encryption algorithms entering the public domain • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• 70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)

• Top Passwords Used By Business Executives | NordPass

• Google Workspace security flaws could see hackers easily snaffle your password | TechRadar

• Stop using weak passwords for streaming services - it's riskier than you think | ZDNET

• The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot

Social Media

• Meta and YouTube face criminal surveillance complaints • The Register

• How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)

Malvertising

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Adware activity doubles in Q3 (betanews.com)

Training, Education and Awareness

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Regulations, Fines and Legislation

• EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)

• MPs Dangerously Uninformed About Facial Recognition – Report - Infosecurity Magazine (infosecurity-magazine.com)

• Meta and YouTube face criminal surveillance complaints • The Register

• SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)

• Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Morgan Stanley fined over computers with personal data (cnbc.com)

• White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop

Models, Frameworks and Standards

• What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra

• Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security

Backup and Recovery

• Why backup matters more than ever - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Data Protection

• Web browsing data collected in more detail than previously known, report finds (ft.com)

• Online ad auction data harms national security – claim • The Register

Careers, Working in Cyber and Information Security

• The challenges and opportunities of working in cyber security | TechRadar

• How US SEC legal actions put CISOs at risk and what to do about it | CSO Online

• Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)

Law Enforcement Action and Take Downs

• Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity

Cyber Warfare and Cyber Espionage

• NCSC Annual Review on 'state-aligned actors' | Professional Security

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

Nation State Actors

China

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC/ransomware: China’s cyber security industry moves out of the shadows

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• The alarming cyber hack at ICBC (ft.com)

• China proposes auditors undergo cyber security checks if national security involved - CNA (channelnewsasia.com)

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Labour warns against watering down of UK’s takeover screening powers

Russia

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC pays ransom after US hack (finextra.com)

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert

• Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure (thehackernews.com)

• Russia will target other countries for web attacks, Ukraine cyber defence chief warns – The Irish Times

• Major hack by Russian gang steals social security numbers and health information from 1.3 million in Maine | Daily Mail Online

• EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)

Iran

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

North Korea

• Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)

• Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Cyber Criminals Exploit Gaza Crisis With Fake Charity - Infosecurity Magazine (infosecurity-magazine.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

Vulnerabilities

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• Juniper networking devices under attack - Help Net Security

• CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)

• WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)

• Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)

• Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)

• Adobe Releases Security Updates for Multiple Products | CISA

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week

• Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week

• Fortinet Releases Security Updates for FortiClient and FortiGate | CISA

• Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)

• New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)

• SAP Patches Critical Vulnerability in Business One Product - Security Week

• Critical flaw fixed in SAP Business One product (securityaffairs.com)

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• Citrix Releases Security Updates for Citrix Hypervisor | CISA

• Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)

• An email vulnerability let hackers steal data from governments around the world (engadget.com)

• Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)

• Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr

• Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)

Tools and Controls

• Building resilience to shield your digital transformation from cyber threats - Help Net Security

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Overview of Open Source Intelligence (OSINT) (eweek.com)

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Web Application Attacks | Types of Web Application Attacks | Mimecast

• Traditional cloud security isn't up to the task - Help Net Security

• Top 10 API Security Threats for Q3 2023 - Security Week

• National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• 82% of Attacks Show Cyber Criminals Targeting Telemetry Data - Infosecurity Magazine (infosecurity-magazine.com)

• The Importance of Continuous Security Monitoring for a Robust Cyber security Strategy (thehackernews.com)

• NCSC backs use of security.txt for cyber resilience | UKAuthority

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• Hackers are wiping out traces of data traffic to remove attack traces: Sophos - The Hindu BusinessLine

• Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security

• The new imperative in API security strategy - Help Net Security

• How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)

• Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)

• Threat Intel: To Share or Not to Share is Not the Question - Security Week

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN

• How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics

• Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs

• 8 ways to cope with cyber security budget cuts | TechTarget

• Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)

• Kubernetes adoption creates new cyber security challenges - Help Net Security

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• CISOs vs. developers: A battle over security priorities - Help Net Security

• Cyber insurance predictions for 2024 - Help Net Security

• Hundreds of websites cloned to run ads for Chinese gambling • The Register

• AI helps leaders optimize costs and mitigate risks - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Reports Published in the Last Week

• NCSC Annual Review 2023 - NCSC.GOV.UK

Other News

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• 97% of Consumers Predict Cyber attacks Will Get Worse – or at Best, Stay Consistent – in 2024: ThreatX Data Reveals | Business Wire

• 'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT

• 82% of Attacks Show Cyber Criminals Targeting Telemetry Data - Infosecurity Magazine (infosecurity-magazine.com)

• National security at risk from web browsing data collection, report finds (ft.com)

• CISOs vs. developers: A battle over security priorities - Help Net Security

• Collaborative strategies are key to enhanced ICS security - Help Net Security

• Web Application Attacks | Types of Web Application Attacks | Mimecast

• Hackers are wiping out traces of data traffic to remove attack traces: Sophos - The Hindu BusinessLine

• Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Boardroom Woes on Ransomware Intensify as Organisations Face an Average of 86 Ransomware-linked Events Annually

A recent report by Akamai Technologies has found that organisations experienced an average of 86 ransomware-linked events in the past 12 months (successful or not), double the number of annual attacks from 2 years ago.

The most common issues impacting organisations after a ransomware attack were network downtime (44%), data loss (42%) and brand/reputation damage (39%).

Ransomware attackers have increasingly employed tactics like double and triple extortion. These methods combine encryption, data exfiltration, and distributed denial of service (DDoS) attacks to extort money. While these strategies are not new, their prevalence has significantly increased in recent times.

With 81% of companies experiencing ransomware attacks in the previous 12 months this is increasingly something that company Boards are concerned about, not only the organisation’s ability to stop a ransomware attack in the first place, but also the organisation’s ability to recover when an attack happens.

Sources: [TechTarget] [PRNewsWire] [Security Magazine] [InsuranceJournal] [Financial Times]

Many SMBs Have No Real Way to Deal with Cyber Threats, Leaving Them Vulnerable

A recent report found that of nearly 6,000 small and medium-sized business (SMB) IT professionals surveyed across Europe, a third of those based in the UK have no cyber security in place to protect assets such as their own printers, with 16% suffering a printer breach alone in the past. Despite this, less than a quarter educated their employees about printer (23%) IT security. With hybrid working seen as a security concern for 38% of SMEs, and potentially leading to more remote use of these devices, surprisingly just 4 in 10 (41%) cover hybrid working as part of their current security training.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [TechRadar] [The Recycler]

Cyber Attacks Top Global Risk – 2023 Aon Survey

Aon’s Global Risk Management Survey identified cyber attacks and data breaches as the leading business risk worldwide, followed by business interruption. Aon warned that deficits in talent or specialised skills may exacerbate cyber risks in particular.

Supply chain disruptions were ranked as another area of concern, with risks associated with supply chain failure hitting a 14-year high in the survey. However, less than 40% of organisations have conducted supplier resilience assessments. which contributes to cyber risk when organisations hand data to suppliers without considering whether their suppliers keep that data safe.

Source: [Investing]

To Improve Cyber Defences, Practice for Disaster

If you aren’t already running incident simulations in your organisation, it’s time to start. Such simulations allow employees to understand their roles and responsibilities, as well as providing a great opportunity to educate. Cyber attacks are a matter of when, not if, and no-one wants to be improvising their security response in the event of a real cyber incident.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Dark Reading]

Meet Your New Cyber Security Auditor: Your Insurer

In the dynamic world of cyber security, cyber insurers are emerging as key players, reshaping the landscape with ever more stringent requirements. With ransomware attacks becoming more complex, cyber insurance premiums have surged by 50%, challenging Chief Information Security Officers (CISOs) to demonstrate their organisation's cyber defence capabilities. Insurers, using detailed risk assessments, are influencing cyber security strategies, compelling organisations to adapt and meet higher standards.

CISOs are now tasked with ensuring their security measures are comprehensive and transparent, as insurers scrutinise everything from multifactor authentication to Active Directory policies. Accurate self-assessment is critical, as any misrepresentation can lead to denied coverage or legal repercussions. In this competitive market, organisations must showcase their cyber maturity, particularly in high-risk industries, to secure coverage. The evolving cyber insurance landscape demands a clear understanding of risk factors and continuous improvement in cyber defence strategies, ultimately aiming to enhance overall protection against cyber threats.

Source: [Dark Reading]

Allen and Overy Suffer Ransomware Attack

Allen & Overy, the “magic circle” law firm, has suffered a cyber attack on its systems, making it the latest large corporation to fall victim to a ransomware hack. A&O confirmed the incident after the infamous ransomware gang LockBit posted on social media platform X, formerly Twitter, claiming to have breached the legal giant and threatening to publish data from the firm’s files on 28 November.

Earlier this year, the UK National Cyber Security Centre reported that law firms of all sizes were at risk from cyber attackers because of the sensitive client information they routinely handle. The importance of reputation to the business also made law firms attractive targets for extortion.

Sources: [Financial Times] [Law Gazette]

Shadow IT Remains a Top Threat, as Shown by Attack on Okta

Shadow IT refers to IT resources used by employees or end users that don’t have IT approval or oversight. This was the case in the recent Okta attack in which an Okta employee signed into their personal Google account on a company-owned device. It is believed that the employee’s personal Google account had been compromised, and unfortunately since the employee had configured it in a way to save credentials of Okta accounts, the attacker now also had these credentials. The result? 134 downstream customers impacted.  

Source: [Computer Weekly]

Ransomware, AI, and Social Engineering All Set to Be 2024's Biggest Security Threats

Ransomware attacks surged to record highs in 2023 and are expected to escalate further, especially with key 2024 elections approaching, ZeroFox Intelligence's 2024 Key Forecasts report indicates. This trend is driven by evolving cyber threats, including sophisticated social engineering and AI-generated synthetic media, aimed at spreading misinformation and targeting electoral processes.

ZeroFox also highlights a concerning shift towards physical damages from cyber attacks, with critical sectors like finance, energy, and healthcare being vulnerable due to outdated security infrastructures. These sectors are likely targets for nation-state and state-sponsored attacks amidst global geopolitical tensions. To counter these threats, the report suggests enhanced security measures, including encrypted cloud backups, vigilant network monitoring, and a zero-trust cyber security approach to safeguard against the evolving landscape of cyber threats.

Source: [TechRadar]

Cyber Governance: Growing Expectations for Information Security Oversight and Accountability

In today's interconnected digital economy, cyber security is a critical governance issue for businesses, necessitating effective oversight and strategic planning. The SEC's new rules, effective July 2023, require public companies to transparently disclose their cyber security strategies and report significant incidents, highlighting the increasing importance of cyber security in corporate governance. This regulatory development aims to improve transparency and accountability in managing cyber risks.

Corporations are responding by emphasising detailed cyber security disclosures, employee training programmes, and board-level expertise in information security. As the landscape of cyber threats evolves, timely and comprehensive reporting of breaches becomes more crucial, aligning with both regulatory requirements and stakeholder expectations for robust cyber security governance.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Harvard]

Generative AI Will Level Up Cyber Attacks, According to New Google Report

Google's Cloud Cyber Security Forecast 2024 report reveals a growing trend of using generative AI in cyber attacks. The technology, particularly large language models (LLMs), is enhancing phishing and social engineering tactics by producing content that appears more legitimate, making it difficult to spot errors typically associated with such attacks. This advancement allows attackers to mimic natural language effectively and create authentic-looking fake news, phone calls, and deepfake videos, potentially eroding public trust in online information.

On the flip side, the report highlights the potential of AI as a powerful tool for cyber defence. Cyber security professionals can leverage AI for rapid data synthesis, efficient threat detection, and swift response actions. As defenders direct AI development with specific security objectives, its capabilities are expected to significantly bolster cyber security measures in the near future.

Source: [ZDNET]

Public Wi-Fi Remains a Huge Risk, is Your Organisation Prepared?

New research found that half of UK participants believed they are most at risk of a cyber attack when using public Wi-Fi, which is Wi-Fi that anyone, including an attacker, can connect to. However, in contrast to concerns, the report found that 41% will use unsecured Wi-Fi if given the opportunity. Further, 53% of participants would enter or access sensitive information whilst connected to an unsecured public Wi-Fi network; this includes bring your own devices (BYOD) that have access to corporate data.

Source: [TechRadar]

88% of Security Leaders Think Their Organisation Is Falling Short in Addressing Cyber Security

A recent study by Foundry reveals a trend towards AI-driven security measures and increased reliance on cyber insurance among organisations. Key priorities for security leaders include preparedness for incidents, data protection, and enhancing IT and cloud data security. Despite this, 88% of security leaders feel their organisations are inadequate in addressing cyber security risks, mainly due to budget limitations, talent scarcity, and challenges in stakeholder communication.

To improve the situation, more top security executives are having regular engagements with the board of directors (85% this year compared to 82% in 2022), aiding in better cyber security initiatives. Security budgets are expected to remain stable or increase, with investments focused on authentication, data analytics, and cloud security, complemented by cyber insurance. AI's role is expanding in threat detection, malware identification, and automated responses, showcasing its growing importance in evolving security landscapes.

Source: [Foundry]

Governance, Risk and Compliance

• Exec security habits are shockingly bad compared to average workers | ITPro

• Boardroom woes on ransomware intensify (ft.com)

• To Improve Cyber Defences, Practice for Disaster (darkreading.com)

• Cyber attacks top global risks, talent retention surges in Aon 2023 survey By Investing.com

• Meet Your New Cyber security Auditor: Your Insurer (darkreading.com)

• 88% of Security Leaders think their Organisation is Falling Short Addressing Cyber security, but Regular Engagement with the Board is Improving the Situation • Foundry (foundryco.com)

• Use business technology? You’re on the cyber security frontline - Digital Journal

• Cyber Governance: Growing Expectations for Information Security Oversight and Accountability (harvard.edu)

• No, Okta, senior management, not an errant employee, caused you to get hacked | Ars Technica

• Securing data at the intersection of the CISO and CDO - Help Net Security

• UK warned cyber security teams buckling under complexity of threats (emergingrisks.co.uk)

• Enhancing security: The crucial role of incident response plans | Computer Weekly

• Most cyber security investments aren't used to their full advantage - Help Net Security

• Improving cyber resilience to prevent devastating cyber attacks | TechRadar

• Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point - SecurityWeek

• The roadblocks to preventive cyber security success - Help Net Security

• SolarWinds fires back at SEC over fraud charges | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Boardroom woes on ransomware intensify (ft.com)

• Organisations face an average of 86 ransomware attacks annually | Security Magazine

• Ransomware, Extortion Claims See ‘Worrying Resurgence,’ Says Allianz (insurancejournal.com)

• The 3 key stages of ransomware attacks and useful indicators of compromise - Help Net Security

• Ransomware, AI, and social engineering all set to be 2024's biggest security threats | TechRadar

• The ransomware warning sign we should all have on our radar | World Economic Forum (weforum.org)

• Ransomware Attacks Have Doubled Over the Past Two Years, According to Akamai Research (prnewswire.com)

• Critical Confluence flaw exploited in ransomware attacks (securityaffairs.com)

• FBI: Ransomware actors abuse third parties and legitimate system tools for initial access (securityaffairs.com)

• Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs (bleepingcomputer.com)

• Microsegmentation proves its worth in ransomware defence - Help Net Security

• GootBot Implant Heightens Risk of Post-Infection Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware Mastermind Uncovered After Oversharing on Dark Web (darkreading.com)

• Ransomware gang behind MOVEit attacks are targeting new zero-day, Microsoft says (therecord.media)

• Ransomware Readiness Assessments: One Size Doesn't Fit All (darkreading.com)

• TellYouThePass ransomware joins Apache ActiveMQ RCE attacks (bleepingcomputer.com)

• FBI: Ransomware gangs hack casinos via 3rd party gaming vendors (bleepingcomputer.com)

• Healthcare Struggles with Impact of Ransomware Attacks | MSSP Alert

• Iranian APT Targets Israeli Education, Tech Sectors With New Wipers - SecurityWeek

• Retail organisations attacked by ransomware increasingly unable to halt an attack in progress - Home of Direct Commerce

• Three-Quarters of Retail Ransomware Attacks End in Encryption - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Victims

• Allen & Overy data hit by hackers in ransomware attack (ft.com)

• ICBC hit by ransomware impacting global trades • The Register

• Mr. Cooper Posts Notice of Cyber attack, Indicating Possible Data Breach | Console and Associates, P.C. - JDSupra

• Cyber attack takes down one of the largest mortgage lenders in the US | TechRadar

• American Airlines Pilot Union Recovering After Ransomware Attack - SecurityWeek

• Marina Bay Sands Becomes Latest Hospitality Cyber Victim (darkreading.com)

• Scottish council's computer systems suffer cyber attack | The National

• Dolly.com pays ransom, attackers release data anyway (securityaffairs.com)

• Shimano hit by ransomware attack | Cyclingnews

• Info from 5.6 million patient visits among data stolen in ransomware attack on Ontario hospitals | CBC News

• Women sue plastic surgery after hack saw their naked photos posted online (bitdefender.com)

• TransForm says ransomware data breach affects 267,000 patients (bleepingcomputer.com)

Phishing & Email Based Attacks

• When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules (thehackernews.com)

Artificial Intelligence

• Ransomware, AI, and social engineering all set to be 2024's biggest security threats | TechRadar

• AI Professionalizes DDoS Attacks: This is Why Critical Infrastructures in NATO Countries are now at Risk – Financial News (financial-news.co.uk)

• Companies have good reasons to be concerned about generative AI - Help Net Security

• Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams (darkreading.com)

• Offensive and Defensive AI: Let's Chat(GPT) About It (thehackernews.com)

• Here's what to know about elections, cyber security and AI | World Economic Forum (weforum.org)

• Microsoft, Meta detail plans to fight election deception • The Register

• Watch out: Generative AI will level up cyber attacks, according to new Google report | ZDNET

• Data protection demands AI-specific security strategies - Help Net Security

• Exploring the global shift towards AI-specific legislation - Help Net Security

2FA/MFA

• Microsoft Authenticator is now blocking suspicious MFA phone notifications by default - Neowin

• Microsoft unhappy with MFA uptake, starts auto-deploying it • The Register

• Suspicious Microsoft Authenticator requests don't trigger notifications anymore - gHacks Tech News

• 23andMe data theft prompts DNA testing companies to switch on 2FA by default | TechCrunch

Malware

• Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks (darkreading.com)

• GootBot Implant Heightens Risk of Post-Infection Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• 48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems (thehackernews.com)

• New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers (thehackernews.com)

• StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices (thehackernews.com)

• This new macOS malware could leave you severely short-changed | TechRadar

• Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure (securityaffairs.com)

• Even Google Calendar isn't safe from hackers any more | TechRadar

• Hacked proxy service has already infected 10,000 systems worldwide with malware | TechRadar

• Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant (darkreading.com)

• Beware of BlueNoroff: Mac users targeted with new malware variant - 9to5Mac

• How to Outsmart Malware Attacks That Can Fool Antivirus Protection (darkreading.com)

• Malicious Python packages spread BlazeStealer malware | SC Media (scmagazine.com)

• Hackers have found an insidious way to attack you with malware — don’t fall for this | Tom's Guide (tomsguide.com)

Mobile

• Google Play Store Introduces 'Independent Security Review' Badge for Apps (thehackernews.com)

• Apple 'Find My' network can be abused to steal keylogged passwords (bleepingcomputer.com)

• Samsung monthly updates: November 2023 security patch fixes 65 security flaws - SamMobile

• 37 Vulnerabilities Patched in Android With November 2023 Security Updates - SecurityWeek

• Android 14’s storage disaster gets patched, but your data might be gone | Ars Technica

• SIM Box Fraud to Drive 700% Surge in Roaming Scams - Infosecurity Magazine (infosecurity-magazine.com)

• New SecuriDropper Malware Bypasses Android 13 Restrictions, Disguised as Legitimate Applications (techrepublic.com)

Denial of Service/DoS/DDOS

• AI Professionalizes DDoS Attacks: This is Why Critical Infrastructures in NATO Countries are now at Risk – Financial News (financial-news.co.uk)

• OpenAI confirms DDoS attacks behind ongoing ChatGPT outages (bleepingcomputer.com)

• Suspected DDoS attack impacts AP news site | SC Media (scmagazine.com)

• Cloudflare website downed by DDoS attack claimed by Anonymous Sudan (bleepingcomputer.com)

• OpenAI Battles Service Disruption Linked to Russian Hackers - Decrypt

• DDoS attack leads to significant disruption in ChatGPT services (securityaffairs.com)

• Russian state-owned Sberbank hit by 1 million RPS DDoS attack (bleepingcomputer.com)

Internet of Things – IoT

• SIM Box Fraud to Drive 700% Surge in Roaming Scams - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

• 2023 Microsoft Data Breach Statistics: A Comprehensive Overview (techreport.com)

• No, Okta, senior management, not an errant employee, caused you to get hacked | Ars Technica

• Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop - SecurityWeek

• Shadow IT use at Okta behind series of damaging breaches | Computer Weekly

• Okta breach affected 134 customers, company admits • The Register

• Another top casino has been hit with a massive data breach | TechRadar

• Marina Bay Sands Discloses Data Breach Impacting 665k Customers - SecurityWeek

• Hilb fears email crooks stole 81K people's financial data • The Register

• 23andMe data theft prompts DNA testing companies to switch on 2FA by default | TechCrunch

Organised Crime & Criminal Actors

• Dutch hacker jailed for extortion, selling stolen data on RaidForums (bleepingcomputer.com)

• How cyber criminals adapt and thrive amidst changing consumer trends - Help Net Security

• Ransomware Mastermind Uncovered After Oversharing on Dark Web (darkreading.com)

• Operation Monopoly: Dubai Police bust cyberfraud, arrest 43 | Crime – Gulf News

• Unraveling cyber crime network's underground operations (crime-research.org)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• The 10 Biggest Crypto Hacks and Scams of 2023 (makeuseof.com)

• Monero Project admits thieves stole $437k in mystery breach • The Register

Insurance

• Meet Your New Cyber security Auditor: Your Insurer (darkreading.com)

• Many SMEs are being left with a gap in coverage for cyber insurance: Cowbell's Cooksley  - Reinsurance News

• Hiscox cyber threat ranking reveals UK's most vulnerable industries (reward-strategy.com)

Supply Chain and Third Parties

• FBI: Ransomware gangs hack casinos via 3rd party gaming vendors (bleepingcomputer.com)

Cloud/SaaS

• The perils of over-reliance on single cloud providers - Help Net Security

• Secure Cloud Infrastructure from New Cyber Threats (trendmicro.com)

• Hackers exploit Looney Tunables Linux bug, steal cloud creds (bleepingcomputer.com)

• What We Can Learn from Major Cloud Cyber attacks (darkreading.com)

Encryption

• UK NCSC issues new guidance on post-quantum cryptography migration | CSO Online

• Outdated cryptographic protocols put vast amounts of network traffic at risk - Help Net Security

• Tech groups fear new powers will allow UK to block encryption (ft.com)

Linux and Open Source

• Hackers exploit Looney Tunables Linux bug, steal cloud creds (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• How global password practices are changing - Help Net Security

• Apple 'Find My' network can be abused to steal keylogged passwords (bleepingcomputer.com)

• LEGO urges fans to change passwords after cyber attack - Dexerto

• Global breached accounts down 76% in Q3, study finds (techinformed.com)

Malvertising

• New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers (thehackernews.com)

Training, Education and Awareness

• When Good Security Awareness Programs Go Wrong (darkreading.com)

• Hacking Security Awareness Training: How to Easily Improve Your Security Culture (govinfosecurity.com)

Regulations, Fines and Legislation

• EU Tries To Slip In New Powers To Intercept Encrypted Web Traffic Without Anyone Noticing | Techdirt

• Telecom vendors sound alarm over EU Cyber Resilience Act - Telecoms.com

• What is NIS2, and how can you best prepare for the new cyber security requirements in the EU? (talosintelligence.com)

• Europe is trading security for digital sovereignty | CyberScoop

• Steps to Follow to Comply With the SEC Cyber security Disclosure Rule (darkreading.com)

• Vendors caution on risks of EU cyber security law - Mobile World Live

• Tech groups fear new powers will allow UK to block encryption (ft.com)

• King’s Speech 'missed opportunity' to update cyber laws | Professional Security

• Vulnerabilities in Embedded Systems and The Evolving Cyber security Regulations Landscape (thefastmode.com)

• UK wants prior notice from Big Tech of security rollouts • The Register

• Exploring the global shift towards AI-specific legislation - Help Net Security

• SolarWinds fires back at SEC over fraud charges | TechTarget

• SolarWinds: SEC lacks 'competence' to regulate cyber security • The Register

• Trinidad & Tobago’s state telecommunications provider is hacked, raising questions about data protection laws · Global Voices

Models, Frameworks and Standards

• MITRE partners with Microsoft to address generative AI security risks - Help Net Security

• The plan for the inevitable cyber attack: Get the gist of NIST | Computer Weekly

• NIST releases revised cyber requirements for controlled unclassified information - Nextgov/FCW

• What is NIS2, and how can you best prepare for the new cyber security requirements in the EU? (talosintelligence.com)

Data Protection

• Trinidad & Tobago’s state telecommunications provider is hacked, raising questions about data protection laws · Global Voices

Careers, Working in Cyber and Information Security

• UK warned cyber security teams buckling under complexity of threats (emergingrisks.co.uk)

• Cyber security pros are putting everyone at risk by working too much | TechRadar

• 90 Percent of Cyber security Professionals Work on Vacation and Deal with Frequent Interruptions to Daily Life | Business Wire

• A third of cyber security pros report crumbling work-life balance | ITPro

• CISOs Beware: SEC's SolarWinds Action Shows They're Scapegoating Us (darkreading.com)

Law Enforcement Action and Take Downs

• Dutch hacker jailed for extortion, selling stolen data on RaidForums (bleepingcomputer.com)

• Operation Monopoly: Dubai Police bust cyberfraud, arrest 43 | Crime – Gulf News

Misinformation, Disinformation and Propaganda

• Here's what to know about elections, cyber security and AI | World Economic Forum (weforum.org)

• Microsoft, Meta detail plans to fight election deception • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Five attack vectors that businesses should focus on in the wake of the Israel-Hamas war | SC Media (scmagazine.com)

• Wartime muddies waters for 'hacktivist' threat (synack.com)

• Israeli SMBs Warned to Cut External Comms to Reduce Risks (inforisktoday.com)

• As war continues, Israeli government wants more cyber control | Ctech (calcalistech.com)

• The new ‘Geneva code’ for hackers on the cyber battlefield | The Strategist (aspistrategist.org.au)

Nation State Actors

Russia

• Russian APT Sandworm Disrupted Power in Ukraine Using OT Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• Sandworm Cyber attackers Down Ukrainian Power Grid During Missile Strikes (darkreading.com)

• Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs (bleepingcomputer.com)

• Ransomware gang behind MOVEit attacks are targeting new zero-day, Microsoft says (therecord.media)

• OpenAI Battles Service Disruption Linked to Russian Hackers - Decrypt

• US Treasury Sanctions Russian Money Launderer in Cyber crime Crackdown (thehackernews.com)

• Russian state-owned Sberbank hit by 1 million RPS DDoS attack (bleepingcomputer.com)

Iran

• Inside Iran's cyber war against Israel as it tries to sow dissent and gain military intelligence (inews.co.uk)

• Israel’s cyber defence chief tells CNN he is concerned Iran could increase severity of its cyber attacks | CNN Politics

• Wartime muddies waters for 'hacktivist' threat (synack.com)

• Iranian APT Targets Israeli Education, Tech Sectors With New Wipers - SecurityWeek

• Imperial Kitten APT Claws at Israeli Industry with Multiyear Spy Effort (darkreading.com)

North Korea

• Beware of BlueNoroff: Mac users targeted with new malware variant - 9to5Mac

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Wartime muddies waters for 'hacktivist' threat (synack.com)

• Five attack vectors that businesses should focus on in the wake of the Israel-Hamas war | SC Media (scmagazine.com)

• Israeli SMBs Warned to Cut External Comms to Reduce Risks (inforisktoday.com)

• Five attack vectors that businesses should focus on in the wake of the Israel-Hamas war | SC Media (scmagazine.com)

• As war continues, Israeli government wants more cyber control | Ctech (calcalistech.com)

• Worldwide Hacktivists Take Sides Over Gaza, With Little to Show for It (darkreading.com)

Vulnerability Management

• CVSS 4.0 Offers Significantly More Patching Context (darkreading.com)

Vulnerabilities

• New Microsoft Exchange zero-days allow RCE, data theft attacks (bleepingcomputer.com)

• Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable (darkreading.com)

• Critical Confluence flaw exploited in ransomware attacks (securityaffairs.com)

• Cloudflare, Google and AWS Disclose HTTP/2 Zero-Day Vulnerability (infoq.com)

• Microsoft 365 apps have a lot of new security vulnerabilities - here's what we know | TechRadar

• Critical Vulnerabilities Expose Veeam ONE Software to Code Execution - SecurityWeek

• Microsoft is killing off three Windows services because of security concerns (betanews.com)

• 37 Vulnerabilities Patched in Android With November 2023 Security Updates - SecurityWeek

• TellYouThePass ransomware joins Apache ActiveMQ RCE attacks (bleepingcomputer.com)

• Android 14’s storage disaster gets patched, but your data might be gone | Ars Technica

Tools and Controls

• To Improve Cyber Defences, Practice for Disaster (darkreading.com)

• Meet Your New Cyber security Auditor: Your Insurer (darkreading.com)

• Start with Passwords When Incorporating the 5 Pillars of Zero Trust | EdTech Magazine

• How global password practices are changing - Help Net Security

• Is Cyber security A Line Or A Circle? The Shape Of Incident Response (forbes.com)

• The roadblocks to preventive cyber security success - Help Net Security

• Microsegmentation proves its worth in ransomware defence - Help Net Security

• Microsoft Authenticator is now blocking suspicious MFA phone notifications by default - Neowin

• Microsoft unhappy with MFA uptake, starts auto-deploying it • The Register

• Suspicious Microsoft Authenticator requests don't trigger notifications anymore - gHacks Tech News

• 23andMe data theft prompts DNA testing companies to switch on 2FA by default | TechCrunch

• Offensive and Defensive AI: Let's Chat(GPT) About It (thehackernews.com)

• Enhancing security: The crucial role of incident response plans | Computer Weekly

• Most cyber security investments aren't used to their full advantage - Help Net Security

• Improving cyber resilience to prevent devastating cyber attacks | TechRadar

• Data protection demands AI-specific security strategies - Help Net Security

• Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point - SecurityWeek

• 7 free cyber threat maps showing attack intensity and frequency - Help Net Security

• What is threat detection and response (TDR)? (techtarget.com)

Reports Published in the Last Week

• Hiscox cyber threat ranking reveals UK's most vulnerable industries (reward-strategy.com)

Other News

• Is OT the ‘soft underbelly’ of your company? - Utility Week

• US calls for unity against cyber-threats to finance (globalcapital.com)

• US Urges Critical Infrastructure Firms to Get “Shields Ready” - Infosecurity Magazine (infosecurity-magazine.com)

• Royal Mail jeopardizes users with open redirect flaw (securityaffairs.com)

• Trinidad & Tobago’s state telecommunications provider is hacked, raising questions about data protection laws · Global Voices

• Cyber attacks 'constantly happening' - warning from intelligence expert (securitybrief.co.nz)

• Startling Cyber security Statistics for 2023 You Need to Know (techreport.com)S

• Study: Companies aren't keeping up with cybersecurity needs (iapp.org)

• How to avoid cyber security nightmares (networkingplus.co.uk)

• The Million-Dollar Cyber Security Question (forbes.com)

• Forecasting the future without falling for the hype | TechRadar

• Elevate Your School’s Security Posture as 2024 Approaches | EdTech Magazine

• Optus loses court bid to keep report into cause of cyber-attack secret (yahoo.com)

• The Dirty 'Big' Secret Of Cybersecurity (forbes.com)

• What are Kerberoasting attacks? | ITPro

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable

The best defence against a ransomware attack is assuming it will happen before it does.  Research by Visa Inc found that ransomware continues to rapidly rise. One of the main factors is the use of AI services to mass produce highly personalised and plausible emails. The second is the proliferation of highly professional do-it-yourself ransomware kits, which frequently come with 24/7 tech support. These two factors drastically lower the skill level required for cyber criminals to successfully pull off an attack.

Another new ransomware trend is “dual ransomware attacks”. This is where criminals carry out two or more attacks in close proximity of each other, ranging between 48 hours to a maximum of 10 days. With an 80% chance of re-attack, small and medium sized businesses in hard-hit industries including healthcare and manufacturing are primary targets; organisations must be extra vigilant as the holidays approach because this is when cyber criminals are most likely to attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Venture Beat] [SC Media] [Help Net Security] [Infosecurity Magazine] [Help Net Security] [Tech Crunch]

Are You and Your Clients Soft Targets?

Cyber attacks are not a matter of "if" but "when," and the question you need to ask yourself is, ‘Are you a soft target?’. A soft target is a network or organisation that is relatively unprotected or vulnerable to cyber attacks.

You may feel confident in your ability to recover from an attack, but if you've never thoroughly tested your backup and recovery procedures, and when the time comes you find that it does not work, the result will leave you more likely to pay a ransom in an encryption based ransomware scenario. Reliance on legacy antivirus, which often fails to detect modern threats, can also render your network a soft target. Additionally, the absence of a rigorous vulnerability scanning and patching process leaves vulnerabilities undiscovered, and attackers are quick to exploit them. If you rely solely on prevention measures like firewalls and endpoint protection platforms, you are making yourself an appealing soft target for cyber criminals.

No organisation is entirely immune to cyber attacks. The key to defending you and your client's information effectively is to anticipate attacks, understand your security posture, recognise potential adversaries, and recover correctly in the event of an attack.

Source: [MSSP Alert]

Cyber Attacks Cause Revenue Losses in 42% of Small Businesses

Small businesses may be discouraged from investing in preventive cyber security measures due to the expense involved and the mistaken belief that only larger companies are the target of cyber crimes. However, according to a recent report nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information. The report found that employee and customer data continue to be the most impacted categories of information in data breaches with 42% of small businesses losing revenue due to a cyber event.

The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses, with malware, phishing and botnets being the most common threats. Daily malware activity has doubled year over year, and peaks in holiday seasons.

Sources: [Help Net Security] [Security Magazine] [Help Net Security] [JDSupra]

Executives May be The Biggest Risk to Your Business as One in Five Share Work Passwords Outside the Company

According to a recent report, nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do. The research reported one in five sharing their work password with someone outside the company, 77% using easy-to-remember passwords including birth dates, and a third admitting to accessing unauthorised files and data with nearly two-thirds having the ability to edit those files/data.

Additionally, the C-suite was found to be more than three times as likely than regular users to share work devices with unauthorised users. An essential approach to reducing the risks is a tailored training programme that enables all users, including the C-suite, to understand the objective of security controls and the risks caused by bypassing them. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.

Sources: [Infosecurity Magazine] [Tech Radar] [Security Magazine] [Help Net Security]

Organisations Can Only Stop 57 Percent of Cyber Attacks

According to a report from Tenable, over the last two years, the average organisation's cyber security program was prepared to preventatively defend against, or block, just 57 percent of the cyber attacks it encountered. The report found that 58% of respondents focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. This is put down largely to a struggle to obtain an accurate picture of their attack surface. When it came to risks, 75% viewed cloud infrastructure as the greatest source of exposure risk in their organisation.

Source: [Beta News]

Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT

Generative AI has revolutionised many aspects of life, offering new opportunities that have also greatly benefited malicious actors. A report has found that since the launch of ChatGPT, phishing attacks have increased by 1,265%. A separate report found that many businesses remain unprepared for the impact of AI, with just 16% of respondents satisfied in their organisation’s understanding of these AI tools.

Sources: [Decrypt] [Infosecurity Magazine] [Emerging Risks]

Business Email Compromise is Most Common Entry Point for Cyber Attack

According to cyber insurance provider Hiscox, almost half of UK businesses have experienced a cyber attack in the last year, an increase of 9% from the previous year. Business email compromise was recorded as the most common point of entry, mentioned by 35% of companies who suffered an attack.

The report found that 20% of attacked organisations received a ransomware demand, slightly up from 19% the previous year. The proportion paying the ransom fell from 66% to 63%, but the median ransom rose 13%.

Sources: [Hiscox] [Digital Journal]

US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures

The US Securities and Exchange Commission (SEC) announced plans to charge a Chief Information Security Officer (CISO) with fraud for their role in allegedly lying to investors, overstating cyber security practices, and understating or failing to disclose known risks. A key piece of evidence presented by the SEC involved a presentation that was shared with the CISO, detailing a lack of security in the CISO employer’s setup. The presentation highlighted how exploitation could lead to major reputational and financial loss.

The case represents a larger shift in the dynamics and corporate reporting of security issues and within this, lies the professionalism of the CISO role. It is likely that this incident could become the start of something larger.

Sources: [The Record] [Security Week ] [Forbes]

Companies Scramble to Integrate Immediate Recovery into Ransomware Plans

A survey found that 66% of companies are reevaluating their data protection and cyber resilience strategies. Despite this, 35% are not prioritising recovery and only half (56.6%) focused on both recovery and prevention.

Whilst it is important to prevent attacks, nothing is 100% secure and organisations need to ensure that their ransomware plans include recovery as a part of this. If, or when, you experience an attack, you will not want to improvise your recovery.

Source: [Help Net Security]

Your End-Users are Reusing Passwords: That’s a Big Problem

Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until it turns up in the form of hackers using compromised credentials as an initial access vector. A recent survey revealed that 53% of people admit to reusing passwords, making it easier for attackers to gain access to multiple applications with a single compromised password.

While it is difficult for organisations to maintain visibility over who is reusing passwords, especially if employees are reusing passwords outside of the organisation, there are still ways to combat this. Implementing tools that can check for compromised passwords, using multi-factor authentication and ensuring all employees carry out cyber security and awareness training are a few methods to help combat password re-use.

Source: [Bleeping Computer]

Cyber Workforce Demand is Outpacing Supply

A study by ISC2 stated that we would need to double the cyber workforce to adequately protect organisations and their critical assets. The study found that the gap between the demand and supply grew 12.6%. For organisations, this can mean a struggle in hiring cyber expertise.

To address the challenge of attracting and retaining quality senior security professionals, Black Arrow offers a fractional CISO service that gives flexible access to a whole team of specialists with wide expertise, experience and backgrounds in technology, governance and transformation, for less than the cost of hiring one individual.

Source: [Cyber Scoop]

What the Boardroom Is Missing: CISOs

According to a new study only 12% of S&P 500 companies have board directors with relevant cyber credentials, highlighting a major gap in expertise needed to keep organisations secure. As most organisations shift to digital and cloud-first strategies, businesses of all shapes and sizes must protect their assets. Unfortunately, there's a considerable gap between security leaders and the board directors responsible for managing businesses. A recent Harvard Business Review survey revealed just 47% regularly interact with their company's Chief Information Security Officer (CISO). That's a severe knowledge gap for a company's security and business leaders.

Introducing CISOs to the boardroom is not just about compliance, it's also about ensuring transparency and accountability. CISOs are already building security programs from the ground up. They provide business compliance, hire the right people, and find the right technology to supplement their team's efforts. Security posture is critical to an enterprise's future success, and having a CISO on the board that speaks the language can help a board understand if their business is making suitable security investments.

Source: [Dark Reading]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek

• SolarWinds Is A Game Changer - You Cannot Sugarcoat Cyber security (forbes.com)

• Part of an executive team? You might be the biggest security risk to your business | TechRadar

• One in five executives have shared work passwords outside the company | Security Magazine

• Half of Execs Request Security Bypass Over Past Year - Infosecurity Magazine (infosecurity-magazine.com)

• Organisations can only stop 57 percent of cyber attacks (betanews.com)

• Cyber attacks cause revenue losses in 42% of small businesses - Help Net Security

• Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger

• Only 1 in 5 Business Leaders 'Extremely Prepared' to Manage Cyber security Threats at Workplace: Survey Report, Business News - AsiaOne

• 'Are we adversary aligned?' is the new 'Are we secure?' (betanews.com)

• Cyber security habits and behaviours executives need to be aware of - Help Net Security

• The hidden costs of data breaches for small businesses - Help Net Security

• Cyber workforce demand is outpacing supply, survey finds | CyberScoop

• How Do We Truly Make Security 'Everyone's Responsibility'? (darkreading.com)

• Why lack of training can put cyber security at risk [Q&A] (betanews.com)

• Cyber security Awareness Month Series: Cyber security is Important for Small Business Too. | Jackson Lewis P.C. - JDSupra

• Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)

• Are startups underestimating their cyber vulnerability? | Insurance Business America (insurancebusinessmag.com)

• The CISO’s toolkit must include political capital within the C-suite | CSO Online

• Do You Really Need a CISO? (securityintelligence.com)

• CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)

• What the Boardroom Is Missing: CISOs (darkreading.com)

• Is it time to merge your fraud and cyber teams? - Raconteur

• OODA Loop - Deciphering the CISO Accountability Landscape: A Comparative Analysis with the AML Officer's Evolution

• Why there’s no one-size-fits all solution to security maturity | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Never Sleeps - But It Strikes Whilst You Do - Infosecurity Magazine (infosecurity-magazine.com)

• Ransom Groups Threaten Physical Violence as Social Engineering Tactic (darkreading.com)

• Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security

• Surviving a ransomware attack begins by acknowledging it's inevitable | VentureBeat

• Mass exploitation of CitrixBleed vulnerability, including a ransomware group | by Kevin Beaumont | Oct, 2023 | DoublePulsar

• The dangers of dual ransomware attacks - Help Net Security

• Do government sanctions against ransomware groups work? | TechCrunch

• Why rookie hackers are capitalizing on ransomware | SC Media (scmagazine.com)

• Experts Reconsider Banning Ransom Payments as Ransomware Attacks Surge (pymnts.com)

• Why ransomware victims can’t stop paying off hackers | TechCrunch

• Key Learnings from “Big Game” Ransomware Campaigns - SecurityWeek

• New Hunters International ransomware possible rebrand of Hive (bleepingcomputer.com)

• SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)

• One of the most dangerous ransomware kits around might have just gotten a rebrand | TechRadar

• Forty Countries Agree Not to Pay Cyber crime Ransoms - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks set to break records in 2023 - Help Net Security

• Know When and How to Stop Ransomware Attacks (finextra.com)

• HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)

• Data Encrypted in 75% of Ransomware Attacks on Healthcare Organisation - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Victims

• Boeing Confirms Cyber Attack, System Compromise (darkreading.com)

• CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch

• Stanford University investigating security incident • The Register

• Clop group obtained access to the email addresses of about 632,000 US federal employees (securityaffairs.com)

• Massive ransomware attack hinders services in 70 German municipalities (therecord.media)

• Medical research exec hit in SIM-swap attack by Alphv gang • The Register

• Caesars Hackers Accessed Customer Data; Costs to Be Determined (bloomberglaw.com)

• Mortgage and loan giant Mr. Cooper blames cyber attack for ongoing outage | TechCrunch

• Ransomware attack shuts down Central Florida radiology imager sites (wmfe.org)

• British, Toronto Libraries Struggle After Cyber Incidents (darkreading.com)

• Ace Hardware says 1,202 devices were hit during cyber attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• Report Links ChatGPT to 1,265% Rise in Phishing Emails - Infosecurity Magazine (infosecurity-magazine.com)

• McAfee Celebrity Hot List 2023 - gHacks Tech News

• Phishing Scams, Bad Actors Bedevil Military Mass Tort Settlements (bloomberglaw.com)

Artificial Intelligence

• Email Phishing Attacks Up 1,265% Since ChatGPT Launched: SlashNext - Decrypt

• AI poses new cyber threats with many businesses unprepared (emergingrisks.co.uk)

• AI is making cyber attacks even smarter and more dangerous | TechRadar

• The People Hacker: AI a Game-Changer in Social Engineering Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Risk managers beware – generative AI spells serious concerns for security | Insurance Business America (insurancebusinessmag.com)

• 28 Countries Sign Bletchley Declaration on Responsible AI - Infosecurity Magazine (infosecurity-magazine.com)

• Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)

• UK AI Safety Summit is targeting evil sentience, but there are bigger problems to solve | Tom's Guide

• AI Safety Summit: OWASP Urges Governments to Agree on AI Standards - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprise AI applications are threatening security | TechRadar

• What Lurks in the Dark: Taking Aim at Shadow AI (darkreading.com)

• ChatGPT, Bard, lack effective defences against fraudsters, Which? warns | Computer Weekly

• Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger

• The future of AIs fighting AIs is already here - POLITICO

• AI promises incredible benefits, but also terrible risks. It’s not luddism to rein it in | Sonia Sodha | The Guardian

Malware

• Over a million Windows and Linux systems infected by this tricky new malware | TechRadar

• DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)

• Daily malware activity doubled year over year for small businesses | Security Magazine

• Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)

• Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)

• Windows PCs are being targeted with a nasty new malware - here's what you need to know | TechRadar

• Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware (thehackernews.com)

• These Seemingly Innocent Search Terms Could Lead Kids to Malware-Filled Websites (pcmag.com)

• Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks (darkreading.com)

• Arid Viper Camouflages Malware in Knockoff Dating App (darkreading.com)

• Scarred Manticore Targets Middle East With Advanced Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Ghostpulse Malware Targets Windows PCs With Fake App Installers (pcmag.com)

• Latest RAT attack surge bypasses Microsoft's XLL block • The Register

• Mozi malware botnet goes dark after mysterious use of kill-switch (bleepingcomputer.com)

• Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek

• Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection (thehackernews.com)

Mobile

• 16 more infected Android apps you need to delete ASAP (bgr.com)

• iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld

• Android 14’s user-profile data bug seems indistinguishable from ransomware | Ars Technica

• New banking scams delivered instantly via WhatsApp - F-Secure Blog

• Every day, half a million malware apps are created for scamming. Who’s behind them? - CNA (channelnewsasia.com)

• Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware | PCMag

• Google One data breach: Dark web report at your hand - gHacks Tech News

• SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register

• SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)

• Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)

Denial of Service/DoS/DDOS

• DDoS attacks are getting bigger and more powerful, and that's a really bad thing | TechRadar

• Why Does "Anonymous" Launch DDoS Cyber Attacks? (makeuseof.com)

Internet of Things – IoT

• IoT's convenience comes with cyber security challenges - Help Net Security

• RCE exploit for Wyze Cam v3 publicly released, patch now (bleepingcomputer.com)

Data Breaches/Leaks

• CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch

• Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)

• ServiceNow Data Exposure: A Wake-Up Call for Companies (thehackernews.com)

• LastPass breach linked to theft of $4.4 million in crypto (bleepingcomputer.com)

• Public exposure of data breaches is becoming inevitable – Help Net Security

• Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)

• Seiged Sec Breach Top Israeli Telecom, Leak Customers Data (dailydot.com)

Organised Crime & Criminal Actors

• ‘Prolific Puma’ Hacker Gives Cyber criminals Access to .us Domains (darkreading.com)

• Two Russians indicted for hacking JFK taxi dispatch system • The Register

• How cyber criminals adapt and thrive amidst changing consumer trends – Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto thief steals $4.4M in a day as toll rises from LastPass breach (cointelegraph.com)

• UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)

• Sam Bankman-Fried found guilty of defrauding FTX customers out of billions | Sam Bankman-Fried | The Guardian

Insider Risk and Insider Threats

• How human behaviour research informs security strategies - Help Net Security

Insurance

• The rise of the cyber security insurance market | CSO Online

• Cyber insurance: why it pays to be responsible | TechRadar

Supply Chain and Third Parties

• N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (thehackernews.com)

• North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)

• Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)

Cloud/SaaS

• Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cyber securitynews.com)

• Cryptojackers steal AWS credentials from GitHub in 5 minutes • The Register

• Microsoft is Getting Serious About Security. Again. - Thurrott.com

• Microsoft is overhauling its software security after major Azure cloud attacks - The Verge

Identity and Access Management

• Identity-based security threats are growing rapidly: report | CSO Online

Encryption

• UK Banks Warn Quantum Will Imperil Entire Payment System - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Your end-users are reusing passwords – that’s a big problem (bleepingcomputer.com)

• One in five executives have shared work passwords outside the company | Security Magazine

• Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cybersecuritynews.com)

• Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)

Social Media

• DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)

• Russian hacking tool floods social networks with bots, researchers say (therecord.media)

Malvertising

• Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)

Training, Education and Awareness

• Finding the right approach to security awareness - Help Net Security

• Why lack of training can put cyber security at risk [Q&A] (betanews.com)

Regulations, Fines and Legislation

• FTC orders non-bank financial firms to report breaches in 30 days (bleepingcomputer.com)

• SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek

• Why The SEC Cyber Security Disclosure Rules Will Improve Cybersecurity (forbes.com)

• The UK Online Safety Bill Becomes Law, What Does It Mean? | Hackaday

• Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)

• Setting the standard for cyber security across the EU | Business Post

Models, Frameworks and Standards

• Top 12 IT security frameworks and standards explained | TechTarget

• MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile  - SecurityWeek

Careers, Working in Cyber and Information Security

• UK cyber skills gap grows 29% despite record hiring (computing.co.uk)

• Cyber workforce demand is outpacing supply, survey finds | CyberScoop

• Cyber security workforce shortages: 67% report people deficits - Help Net Security

• CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)

• What the Boardroom Is Missing: CISOs (darkreading.com)

Law Enforcement Action and Take Downs

• Pirate IPTV network in Austria dismantled and $1.74 million seized (bleepingcomputer.com)

• SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register

• UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

• Cyber War: Power, Prestige, International Governance, and Strategy in the Age of Global Polycrisis

Geopolitical Threats/Activity

• Hacktivist Activity Related to Gaza Conflict Dwindles (darkreading.com)

• New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (bleepingcomputer.com)

• Scarred Manticore Targets Middle East With Advanced Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)

China

• Spies and Lies: China’s Cyber Espionage Is on an Unprecedented Level | Mind Matters

• Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop

Russia

• Boeing. ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia - The Messenger

• IT Army of Ukraine disrupted internet providers in territories occupied by Russia (securityaffairs.com)

• Russian hacking tool floods social networks with bots, researchers say (therecord.media)

• Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor - Infosecurity Magazine (infosecurity-magazine.com)

• FSB arrests Russian hackers working for Ukrainian cyber forces (bleepingcomputer.com)

• Russia to launch its own version of VirusTotal due to US snooping fears (therecord.media)

• A Ukrainian Company Shares Lessons in Wartime Resilience (darkreading.com)

• Two Russians indicted for hacking JFK taxi dispatch system • The Register

Iran

• Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)

• Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek

• In Cyber attacks, Iran Shows Signs of Improved Hacking Capabilities - The New York Times (nytimes.com)

• New Iranian state-sponsored hacking campaign uncovered - SiliconANGLE

• FBI Director Warns of Increased Iranian Attacks (darkreading.com)

• Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign (thehackernews.com)

• 'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet (darkreading.com)

North Korea

• North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)

• Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)

• North Korean Hackers Target macOS Crypto Engineers With Kandykorn - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)

• 20 Years Later, Is Patch Tuesday Enough? (darkreading.com)

• CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (scmagazine.com)

• Vulnerability management metrics: How to measure success - Help Net Security

• From Windows 9x to 11: Tracing Microsoft's security evolution - Help Net Security

• It's Cheap to Exploit Software — and That's a Major Security Problem (darkreading.com)

Vulnerabilities

• Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (bleepingcomputer.com)

• F5 fixes BIG-IP auth bypass allowing remote code execution attacks (bleepingcomputer.com)

• Mass exploitation of CitrixBleed vulnerability, including a ransomware group | by Kevin Beaumont | Oct, 2023 | DoublePulsar

• Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (bleepingcomputer.com)

• Cisco Patches 27 Vulnerabilities in Network Security Products - SecurityWeek

• Chrome 119 Patches 15 Vulnerabilities - SecurityWeek

• Atlassian warns users: patch critical Confluence flaw ASAP • The Register

• Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (thehackernews.com)

• Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (thehackernews.com)

• D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges (gbhackers.com)

• 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (bleepingcomputer.com)

• More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library (darkreading.com)

• No patches yet for Apple iLeakage side-channel attack | TechTarget

• HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)

• iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld

Tools and Controls

• Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security

• Vulnerability management metrics: How to measure success - Help Net Security

• 6 steps to accelerate cyber security incident response | SC Media (scmagazine.com)

• Ethical hackers are helping more and more business stay safe | TechRadar

• Getting Smart With Cyber security: AI Can Help the Good Guys, Too (darkreading.com)

• Massive cyber crime URL shortening service uncovered via DNS data (bleepingcomputer.com)

• The state of API security in 2023 | InfoWorld

• Is There a Silver Bullet in Threat Detection? | MSSP Alert

• Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger

• Defence in depth: Layering your security coverage (securityintelligence.com)

• Finding the right approach to security awareness - Help Net Security

• Is state intervention needed for cyber insurance? (ft.com)

• CISA Announces New Release of Logging Made Easy | CISA

• Security Advice For Virtualization: Protecting Information And Programs (informationsecuritybuzz.com)

• Mainframes are around to stay, it’s time to protect them - Help Net Security

• Responsible Cyber Operations: From Theory to Reality - Infosecurity Magazine (infosecurity-magazine.com)

Reports Published in the Last Week

Cyber Readiness Report 2023 UK - Hiscox

Other News

• Are You and Your Clients Soft Targets? | MSSP Alert

• Four Under-The-Radar Security Risks That Can Endanger Your Business (forbes.com)

• ING CISO says data sharing is key to financial cyber security (finextra.com)

• Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)

• F5 Labs Report Reveals Rise in Malicious Automation | The Fintech Times

• Microsoft Vows to Revamp Security Products After Repeated Hacks - Bloomberg

• Microsoft launches Secure Future Initiative to bolster security | TechTarget

• The 5 Cs of effective cyber defence: Beyond traditional technical skills | SC Media (scmagazine.com)

• 9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month (darkreading.com)

• How governments can keep data secure in a digital age - New Statesman

• Are startups underestimating their cyber vulnerability? | Insurance Business America (insurancebusinessmag.com)

• Preventing and preparing for law firm cyber security attacks is fundamental to success | Casetext - JDSupra

• Cyber security insights for secure manufacturing - Aerospace Manufacturing and Design

• Demystifying the top five OT security myths | Computer Weekly

• 20 scary cyber security facts and figures for a haunting Halloween (welivesecurity.com)

• Construction among industries most at risk from cyber attacks, insurer warns | News | Building

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.