Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 29 March 2024
Black Arrow Cyber Threat Intelligence Briefing 29 March 2024:
-Only 3% of Organisations Globally are Fully Prepared for Cyber Threats
-China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security
-Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers
-Hackers Hit High-Risk Individuals’ Personal Accounts
-Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?
-High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime
-Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account
-Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach
-IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time
-Only 5% of Boards Have Cyber Security Expertise
-Google’s New AI Search Results Promotes Sites Pushing Malware and Scams
-Report Calls Out Cyber Risks to Financial Sector Fuelled by AI
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Only 3% of Organisations Globally are Fully Prepared for Cyber Threats
A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.
Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.
Sources: [PR Newswire] [SiliconANGLE]
China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security
The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”
Sources: [Sky News] [GovInfoSecurity] [The Guardian]
Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers
A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.
Source: [Business Wire] [Computer Weekly]
Hackers Hit High-Risk Individuals’ Personal Accounts
Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.
A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.
Source: [Gov Info Security]
Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?
Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.
The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.
Source: [Eurasia Review]
High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime
High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.
As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.
Source: [Financial Times]
Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account
Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.
Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.
Source: [The Hacker News]
Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach
Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.
Source: [Dark Reading]
IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time
A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.
Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.
With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.
Source: [Beta News] [The Fast Mode]
Only 5% of Boards Have Cyber Security Expertise
There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.
Source: [Infosecurity Magazine]
Google’s New AI Search Results Promotes Sites Pushing Malware and Scams
Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.
Source: [Bleeping Computer]
Report Calls Out Cyber Risks to Financial Sector Fuelled by AI
A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.
Source: [CyberScoop]
Governance, Risk and Compliance
Hackers Hit High-Risk Individuals' Personal Accounts (govinfosecurity.com)
Only 5% of Boards Have Cyber Security Expertise - Infosecurity Magazine (infosecurity-magazine.com)
Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)
How threat intelligence data maximizes business operations - Help Net Security
IT leaders struggle to keep up with emerging threats (betanews.com)
More than half of organisations fall victim to cyber attacks (betanews.com)
Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)
Shareholders win when businesses do better at cyber | Computer Weekly
Getting Security Remediation on the Boardroom Agenda (darkreading.com)
New Cyber Threats to Challenge Financial Services Sector in 2024 (darkreading.com)
The cyber security skills shortage: A CISO perspective | CSO Online
Cyber security essentials during M&A surge - Help Net Security
Companies told cyber security has to be cross business concern (emergingrisks.co.uk)
It's Time to Stop Measuring Security in Absolutes (darkreading.com)
True Cost of a Cyber Security Breach for Your Business - Converge
35 cyber security statistics to lose sleep over in 2024 (techtarget.com)
3 Challenges CISOs Face in 2024 as Cyber Threats Explode | Corporate Counsel (law.com)
Cyber security plans should centre on resilience | MIT Sloan
Debunking compliance myths in the digital era - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware: lessons all companies can learn from the British Library attack - Exponential-e Blog
78% of organisations plan to increase ransomware protection | Security Magazine
Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)
Building Resiliency in the Face of Ransomware - Security Boulevard
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth (yahoo.com)
Healthcare Under Ransomware Attacks - Part 1: BlackCat/AlphV - VMRay
Healthcare Under Ransomware Attacks - Part 2: LockBit - VMRay
Healthcare Under Ransomware Attacks - Part 3: Rhysida - VMRay
Ransomware Victims
Hackers threaten to publish huge cache of NHS Scotland data - BBC News
Alleged sale of Communication Workers Union’s users data (marcoramilli.com)
Scullion LAW becomes victim of cyber attack | Scottish Legal News
Panera Bread experiencing nationwide IT outage since Saturday (bleepingcomputer.com)
Clorox audit flagged systemic flaws in cyber security at manufacturing plants (detroitnews.com)
Big Issue working with NCSC, NCA and Met Police to investigate cyber incident - IT Security Guru
Western Isles council tax bills delayed due to cyber attack - BBC News
Vietnam Securities Broker Suffered Cyber Attack That Suspended Trading (darkreading.com)
Phishing & Email Based Attacks
'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide (darkreading.com)
New StrelaStealer Phishing Attacks Hit Over 100 Organisations in EU. and US (thehackernews.com)
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)
US organisations targeted with emails delivering NetSupport RAT - Help Net Security
Scammers steal millions from FTX, BlockFi claimants - Help Net Security
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)
Russia's Cozy Bear tries to phish Germans with party invites • The Register
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)
Artificial Intelligence
Treasury report calls out cyber risks to financial sector fuelled by AI | CyberScoop
Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)
Four generative AI cyber risks that keep CISOs up at night — and how to combat them - SiliconANGLE
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Artificial intelligence now the biggest cyber threat - study (emergingrisks.co.uk)
Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)
Scammers exploit tax season anxiety with AI tools - Help Net Security
Experts Warn of Cyber Risk Due to Rapid AI Tool Evolution (govinfosecurity.com)
Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks - IT Security Guru
Beware of rogue chatbot hacking incidents (securityintelligence.com)
The Unique AI Cyber Security Challenges in the Financial Sector | Decipher (duo.com)
AI weaponisation becomes a hot topic on underground forums - Help Net Security
AI bots hallucinate software packages and devs download them • The Register
Threat Report: Examining the Use of AI in Attack Techniques (darkreading.com)
Hackers exploit Ray framework flaw to breach servers, hijack resources (bleepingcomputer.com)AWS CISO: Pay Attention to How AI Uses Your Data (darkreading.com)
2FA/MFA
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)
Apple customers are being targeted by "MFA Bombing" password reset attack (xda-developers.com)
Malware
New StrelaStealer Phishing Attacks Hit Over 100 Organisations in E.U. and US. (thehackernews.com)
Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)
39,000 Websites Infected in 'Sign1' Malware Campaign - SecurityWeek
ConnectWise ScreenConnect attacks deliver malware | SC Media (scmagazine.com)
US organisations targeted with emails delivering NetSupport RAT - Help Net Security
Python devs are being targeted by this massive infostealing malware campaign | TechRadar
TheMoon bot infected 40,000 devices in January and February (securityaffairs.com)
Viruses are the most popular type of malware - and Apple devices are most at risk | TechRadar
New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)
SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire
DarkGate Malware Campaign Exploits Patched Microsoft Flaw - Security Boulevard
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)
AI bots hallucinate software packages and devs download them • The Register
Mobile
In-app browsers still a privacy, security, and choice issue • The Register
Thousands of phones and routers swept into proxy service, unbeknownst to users | Ars Technica
Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security | SC Media (scmagazine.com)
Internet of Things – IoT
Hackers Reveal Method to Bypass Hotel Keycard Locks in Seconds • iPhone in Canada Blog
Pump the brakes: National security concerns surround connected cars - Nextgov/FCW
Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)
Data Breaches/Leaks
AT&T won’t say how its customers’ data spilled online | TechCrunch
SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)
Scammers steal millions from FTX, BlockFi claimants - Help Net Security
Insider Risk and Insider Threats
Insurance
Supply Chain and Third Parties
Cloud/SaaS
Key Lesson from Microsoft's Password Spray Hack: Secure Every Account (thehackernews.com)
Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)
Cloud Account Hijacking: How it Works and How to Prevent It (techtarget.com)
67% of businesses sync on-premises passwords to cloud environments | Security Magazine
Identity and Access Management
Tackling DORA Compliance With a Focus on PAM - IT Security Guru
Organisations Grapple With Identity Pain Points | Decipher (duo.com)
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Apple users targeted by annoying 'Reset Password' attack | Mashable
67% of businesses sync on-premises passwords to cloud environments | Security Magazine
Social Media
Malvertising
Training, Education and Awareness
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Cyber security training costs surge as firms battle skills gaps | ITPro
Regulations, Fines and Legislation
Cyber security shake-up: How to prepare for EU's NIS2 and DORA (siliconrepublic.com)
techUK Raise Internet Snooping Concerns Over UK IP Act Amendments - ISPreview UK
Cyber security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)
Models, Frameworks and Standards
Backup and Recovery
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
US and UK accuse China of cyber operations targeting domestic politics | CyberScoop
UK ‘turning up to a gunfight with a wooden spoon’ over China cyber-attacks (scotsman.com)
China hack on MPs worse than Government admitted, with at least 30 targeted (inews.co.uk)
New Zealand follows UK in accusing China of hacking its parliament | The Independent
Finland confirms APT31 hackers behind 2021 parliament breach (bleepingcomputer.com)
China linked to UK cyber-attacks on voter data, Dowden to say - BBC News
Dowden guarantees UK elections will be safe from Chinese cyber attacks | Evening Standard
After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com
SNP MP claims Scottish universities 'overdependent' on Chinese money | The National
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)
Fake reporters and death threats: China spy tactics from Hong Kong dissidents (inews.co.uk)
Is Cyber Warfare Heating Up? Biden Administration, UK Take Aim At Chinese Hackers | IBTimes
What to make of China’s massive cyber-espionage campaign (economist.com)
Pump the brakes: National security concerns surround connected cars - Nextgov/FCW
UK says Chinese cyber attacks ‘part of large-scale espionage campaign’ (thenextweb.com)
Why cyber indictments and sanctions matter | The Strategist (aspistrategist.org.au)
Chinese hackers target family members to surveil hard targets | CyberScoop
Russia
Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)
Russia's Cozy Bear tries to phish Germans with party invites • The Register
Iran
North Korea
Vulnerability Management
Spyware vendors behind 75% of zero-days targeting Google | TechTarget
On the Increase: Zero-Days Being Exploited in the Wild (databreachtoday.co.uk)
NVD slowdown leaves thousands of vulns without analysis data • The Register
Can Compensating Controls Be the Answer in a Sea of Vulnerabilities? - Security Boulevard
Vulnerabilities
Patch Now: Critical Fortinet RCE Bug Under Active Attack (darkreading.com)
SQL injection vulnerability in Fortinet software under attack | TechTarget
GitHub Developers Hit in Complex Supply Chain Cyber Attack (darkreading.com)
MacOS 14.4.1 makes it once again safe to update your Mac | ZDNET
Apple Security Bug Opens iPhone, iPad to RCE (darkreading.com)
Apple finally reveals the serious security issues it patched in iOS 17.4.1 - PhoneArena
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (bleepingcomputer.com)
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)
Double trouble for DNSSEC though the devil is in the details • The Register
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)
Tools and Controls
How threat intelligence data maximises business operations - Help Net Security
IT leaders struggle to keep up with emerging threats (betanews.com)
78% of organisations plan to increase ransomware protection | Security Magazine
Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)
Why Endpoint Security Tools Are Still Such a Challenge (inforisktoday.com)
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Cyber security training costs surge as firms battle skills gaps | ITPro
Organisations Grapple with Identity Pain Points | Decipher (duo.com)
Enterprise cyber security's lateral movement 'blind spot' [Q&A] (betanews.com)
Cyber security plans should center on resilience | MIT Sloan
Cyber Security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)
Reports Published in the Last Week
Other News
Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)
Security experts raise questions about UK cyber funding in wake of Electoral Commission hack | ITPro
8 cyber security predictions shaping the future of cyber defence - Help Net Security
Active adversary dwell time: The good (and bad) news | SC Media (scmagazine.com)
Cyber Threat to US Power Grids Escalating as Election Approaches (yahoo.com)
Are We Ignoring the Cyber Security Risks of Undersea Internet Cables? | HackerNoon
How to Prevent Your Company from Being Hacked in 2024 - DevX
Pentagon Looks to Finalise Cyber Security Rules for Defence Industrial Base - ClearanceJobs
US and Japan plan biggest upgrade to security pact in over 60 years
Finland to host NATO tech centers, revamp cyber security strategy (defensenews.com)
French cyber defence chief warns Paris Olympics a 'target' (techxplore.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18th August 2023
Black Arrow Cyber Threat Intelligence Briefing 18 August 2023:
-Ransomware Group Targeting MSPs Worldwide in New Campaign
-As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
-Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
-Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
-Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
-LinkedIn Suffers Significant Wave of Account Hacks
-High Net-Worth Families are at Risk of Cyber Crime
-Cyber Attack Rule Raises Insurance Risks for Corporate Officers
-PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
-The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
-Why Are Phones a Cyber Security Weak Spot?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Group Targeting MSPs Worldwide in New Campaign
Russia-based cyber attackers called Play are evolving, with the ransomware group now using remote monitoring and management (RMM) tools at outsourced IT providers or managed service providers (MSPs) to gain access and hit downstream customers. A significant number of eventual targets are medium sized business. The group is also utilising intermittent encryption, where files are only partly encrypted, to avoid detection.
The attacks highlight the need for organisations to be aware of where they are in the supply chain and how they can be targeted through their supplier. It is not enough for an organisation to focus on its own security in isolation; organisations also need to have a way of effectively assessing their supply chain risk which includes their MSP.
Source [Dark Reading]
As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
Ransomware attacks continue to increase, with 1500 victims confirmed this year. It is likely this figure will continue to rise. In parallel, criminals are evolving and with that comes a rise in triple extortion; attackers are not just encrypting and exfiltrating an organisation’s data, but also using this data to blackmail employees and target third parties, hitting the supply chain.
Unfortunately for SMBs, they do not have the resources to keep up with such attacks, making them the most vulnerable. A report found that organisations that had 51 to 200 employees were the most targeted, followed by organisations with 11 to 50 employees. When it came to the types of organisations, the Financial Services sector placed first.
This should not mean SMBs should just accept this and wait to be attacked; on the contrary, their increased vulnerability means that SMBs need to effectively prioritise and allocate resources, and if necessary getting in specialist external help, to ensure their protections are the best that resources allow.
Sources [WWD] [InfoSecurity Magazine] [CRN]
Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
Cloudflare's 2023 Phishing Threats Report recorded a 17% spike in business email compromise (BEC) related financial losses between December 2021 and 2022, noting that threat actors are increasingly leaning on this attack method to target organisations. Additionally, across 2022 nearly three-quarters (71%) of respondents to the study said they experienced an attempted or successful BEC attack. The Cloudflare report found that the financial impact of BEC led to organisations suffering losses in excess of $2.7 billion, whereas ransomware caused losses of $34.3 million during the same period.
Source [ITPro]
Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
According to a report, phishing attacks were found to be the initial attack vector for nine in ten cyber attacks. The report found that the focus of a cyber criminal tended to be two objectives: achieving authenticity and getting victims to click. Worryingly, 89% of unwanted messages were found to have bypassed authentication checks, leaving people and procedures as the last line of defence in an organisation.
A separate study found that having the following traits made a user more susceptible to phishing: extroverted, agreeable, people-pleasing, quick to trust, fearful or respectful of authority, and poor self-control.
With employees playing such an important role in preventing phishing, organisations need to ensure that employees are aware of what to look for in a phishing email with regular training to account for evolving tactics. This training should be carried out by experts with experience of conducting phishing simulations, accompanied with the ability to educate users on how they can protect themselves from falling victim.
Sources [Tech Radar] [Makeuseof]
Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
In a recent survey, Gartner found that generative AI models such as ChatGPT were the second greatest emerging risk, with concerns around data privacy. This has led to organisations looking to ban such AI, with a separate report by Blackberry finding that ChatGPT faced banning from 75% of organisations.
Banning AI in the organisation is a short-term solution. The benefits of AI are clear and its usefulness in an organisation is significant, with reports finding 75% of IT leaders in favour. Organisations should instead look at how they can govern the usage of AI in their organisation, to reduce the risk of AI-related incidents and improve the effectiveness of work.
Sources [Security Magazine] [Analytics Insight] [IT Security Guru] [Decrypt]
LinkedIn Suffers Significant Wave of Account Hacks
LinkedIn users are reporting losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. LinkedIn is no stranger to being a target of cyber criminals; last year, the platform was deemed the most abused brand in phishing attempts likely due to its recognisability and widespread use in the corporate world. This extended as far as threat actors using fake LinkedIn profiles.
With the number of accounts being compromised, users need to be vigilant in their use of LinkedIn and be on the lookout for suspicious messages. Black Arrow recommends that users ensure they are using strong and unique passwords, combined with multi-factor authentication (MFA) to protect themselves.
Source [Dark Reading]
High Net-Worth Families are at Risk of Cyber Crime
A report found that high net-worth families have prioritised cyber security with a notable 77% of respondents stating they had a cyber security plan; however, 55% said their plan “could be better”.
A cyber security plan is not optional anymore. High net-worth families are at increased risk, with criminals cottoning on to the amount of information that is out there and the financial gain that can be made if that information is used effectively. Social media is just one of the things increasing the risk of cyber crime; unbeknownst to some families, their social media may be providing criminals a treasure trove of insight into a family’s wealth, real-time location and habits. Such information can be used by a cyber criminal to employ attacks.
Source [Campdenfb]
Cyber Attack Rule Raises Insurance Risks for Corporate Officers
The US Securities and Exchange Commission (SEC) recently issued rules that formally outlined directors’ responsibilities in cyber security governance for the first time, laying the groundwork for potential enforcement actions. The recently issued rules bring potential regulatory probes and shareholder legal class action alleging senior executives failed to supervise their businesses’ cyber security practices.
Although the practice is not yet universal, a growing number of director and officer (D&O) policies are being drafted with cyber related exclusions. Meanwhile, most cyber insurance policies exempt SEC enforcement actions and investor claims, but some cover allegations against a company’s executives over their cyber security roles.
Whilst this is only in the US at the moment, other developed nations are likely to follow suit.
Source [Bloomberg Law]
PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
The Police Service of Northern Ireland (PSNI) and the UK Electoral Commission both suffered cyber incidents on the same day. Whilst both incidents were different in how they happened, the result was the same: sensitive information had been leaked. In the case of the PSNI, the data was leaked through a response to a freedom of information (FOI) request, in which an Excel sheet was accidentally included by the PSNI. The Electoral Commission incident resulted from a cyber attack.
The incidents are a wake-up call for organisations. If you have not already done so, you need to put things in place to help protect your data from ending up online. The PSNI incident in particular highlights the need to ensure that data does not leave the organisation by accident.
Source [The Guardian]
The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
Cyber security has become an inescapable concern for organisations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is paramount that companies remain vigilant and prepared.
A key way to be prepared is through a tabletop exercise that simulates a hypothetical cyber security incident and helps organisations to practice and evaluate their response. One example scenario can be responding to a ransomware attack blocking access to the organisation's computers for a ransom. These exercises serve as a practical, engaging, and low-risk way for teams to identify vulnerabilities in current plans, improve coordination, and evaluate the decision-making process during a crisis and this is something that we do with our clients on a regular basis.
Source [JDSupra]
Why Are Phones a Cyber Security Weak Spot?
Mobile phones are more interconnected than ever, with their usage extending to the workplace. Despite this, they often enter the corporate environment with a lack of protection and oversight. When laptops are in the corporate environment they are often secured through methods such as encryption and often the organisation has a clear oversight of the applications and activity on the laptop. Mobile phones on the other hand, are often left unmonitored, despite the fact they can and often do carry sensitive information.
Mobile phones also carry additional risks; for a start, they are easier to lose, due to their size difference and the fact they are often out more. In addition, they may have more entry points. Internet of things (IoT) devices, such as smart appliances, are often controlled by phones, making them another entry point for an attacker.
Source [Tech Shout]
Governance, Risk and Compliance
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority - IT Security Guru
Cyber threat risks reach three-year high – Avast (securitybrief.co.nz)
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Why Finance Leaders In Midsize Businesses Are Stepping Up Cyber security Efforts (forbes.com)
Why are ultra-high-net-worth families at increased risk of cyber crime? | Campden FB
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
4 reasons to understand technology risks when buying a business (businessplus.ie)
Boards Don't Want Security Promises — They Want Action (darkreading.com)
Cyber attacks and data protection worries loom large | Natasha Doris | CDR Article (cdr-news.com)
How threats to mid-sized businesses impact us all - Help Net Security
7 Reasons People Don't Understand What You Tell Them (darkreading.com)
6 Cyber Threat Areas for Companies and Organisations to Prioritize (forbes.com)
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reported ransomware attacks doubled in key sectors (securitybrief.co.nz)
'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign (darkreading.com)
As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ | CRN
Triple Extortion Ransomware and the Cyber Crime Supply Chain (bleepingcomputer.com)
Companies are finding it harder to detect ransomware | TechRadar
Top 3 Ransomware Attack Vectors And How To Avoid Them (techtarget.com)
Knight ransomware distributed in fake Tripadvisor complaint emails (bleepingcomputer.com)
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Why Hospitals Are Being Increasingly Targeted by Cyber Attacks | Chicago News | WTTW
'Bulletproof' Lolekhosted ransomware hacker indicted (cnbc.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Monti ransomware targets VMware ESXi servers with new Linux locker (bleepingcomputer.com)
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands - SecurityWeek
Sophos: ‘Royal’ Is Trying to Make Itself the King of Ransomware (darkreading.com)
Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom (bleepingcomputer.com)
3 strategies that can help stop ransomware before it becomes a crisis | CSO Online
Latitude Financial takes profit hit from major cyber attack | The West Australian
Ransomware down 57%, Secureworks warns against complacency (securitybrief.co.nz)
Ransomware Diaries: Volume 3 – LockBit’s Secrets (databreaches.net)
HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware | WIRED
Ransomware Renaissance 2023: The Definitive Guide to Stay Safer (securityintelligence.com)
How to Create a Ransomware Incident Response Plan (techtarget.com)
Ransomware Victims
Several hospitals still counting the cost of widespread ransomware attack (malwarebytes.com)
Has leading UK jeweller been hit by BianLian ransomware gang? (techmonitor.ai)
Cyber attack on Bay area vendor cripples real estate industry (therealdeal.com)
Colorado warns 4 million of data stolen in IBM MOVEit breach (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
LockBit claims seven new victims in ransomware spree (techmonitor.ai)
Cyber attack strikes Prince George's County schools, district says - The Washington Post
Clorox Operations Disrupted By Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)
Inside Housing - News - Hackney to procure new IT system after cyber attack
Largest switching and terminal railroad in US investigating ransomware data theft (therecord.media)
Honor Among Cyber Criminals? Why a Canadian Firm Paid Ransom (inforisktoday.com)
Alberta dental benefits administrator hit by cyber attack | Edmonton Sun
Phishing & Email Based Attacks
Phishing remains most dominant, fastest growing internet crime (securitybrief.co.nz)
If You Have These 6 Personality Traits, You're More Vulnerable to Phishing Scams (makeuseof.com)
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reports show 62% jump in phishing attacks last year - The Hindu BusinessLine
Phishing Operators Make Ready Use of Abandoned Websites for Bait (darkreading.com)
3 Major Email Security Standards Prove Too Porous for the Task (darkreading.com)
Cyber Security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
As Phishing Gets Even Sneakier, Browser Security Needs to Step Up (darkreading.com)
Email security vendor leaves 2M domains open to phishing hacks, study finds (axios.com)
Cyber Criminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (thehackernews.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malicious QR code hacking campaign is targeting Microsoft credentials - SiliconANGLE
Phishing campaign steals accounts for Zimbra email servers worlwide (bleepingcomputer.com)
30% of phishing threats involve newly registered domains - Help Net Security
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Gone Phishing: An Analysis of a Targeted User Attack (huntress.com)
BEC – Business Email Compromise
Artificial Intelligence
Generative AI a Top Emerging Risk for Organisations: Gartner Survey - Decrypt
ChatGPT Faces Ban from 75% of Organisations: Blackberry Report (analyticsinsight.net)
AI Is Coming For Your Data: 6 Steps To Ensure Cyber Resilience (forbes.com)
New study by AMD finds nearly half of organisations are not ready for AI - IT Security Guru
Over 74% of organisations see a rise in AI use by cyber criminals | Security Magazine
Navigating generative AI risks and regulatory challenges - Help Net Security
Cyber security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Top 10 AI Security Risks According to OWASP (trendmicro.com)
AI 'evil twins' may already be manipulating human nature | SC Media (scmagazine.com)
Cyber security practitioners' generative AI dilemma (iapp.org)
People Coaxed AI Into Giving Wrong Math Answers, System Prone to Flaws (businessinsider.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)
2FA/MFA
How to prevent multifactor authentication fatigue attacks - SiliconANGLE
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Malware
Potent Trojans Targeting MacOS Users - Infosecurity Magazine (infosecurity-magazine.com)
Approximately 2000 Citrix NetScaler servers were backdoored in massive campaign-Security Affairs
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass | WIRED
Macs are getting compromised to act as proxy exit nodes - Help Net Security
Malware Dwell Time: Everything You Need to Know (makeuseof.com)
Gootloader SEO watering hole malware targets law firms | SC Media (scmagazine.com)
Raccoon Stealer malware returns with new stealthier version (bleepingcomputer.com)
Beware! Subscription malware arms hackers with tools to steal your private data | Laptop Mag
New Financial Malware 'JanelaRAT' Targets Latin American Users (thehackernews.com)
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (thehackernews.com)
North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)
Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (att.com)
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Users of cyber crime forums often fall victim to info-stealers, researchers find (therecord.media)
Turns out AI probably isn't very good at writing malware • The Register
Malware Turning Windows Machines Into Proxies (databreachtoday.co.uk)
Mobile
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
Does Turning Your Android Phone Off Protect You From Malware? (makeuseof.com)
3 Mobile or Client-Side Security Myths Debunked (darkreading.com)
Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (ic3.gov)
Threat actors use beta apps to bypass mobile app store security (bleepingcomputer.com)
FBI warns of money-stealing fake beta-release mobile apps • The Register
Three reasons why your smartphone needs security protection (securitybrief.co.nz)
Unsupported Compression Methods Enable Android Malware to Bypass Detection (zimperium.com)
This $70 device can spoof an Apple device and trick you into sharing your password | TechCrunch
Botnets
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Mirai Common Attack Methods Remain Consistent, Effective (darkreading.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Runaway Charger: The Major Threat Of Hacking EV Stations (slashgear.com)
Ford says cars with WiFi vulnerability still safe to drive (bleepingcomputer.com)
Data Breaches/Leaks
Electoral Commission had unpatched vulnerability on server • The Register
UK Police Data Breach Exposes Victim Information - Infosecurity Magazine (infosecurity-magazine.com)
UK govt contractor MPD FM leaks employee passport data-Security Affairs
Cumbria Police accidentally publish officers' names and salaries online (bitdefender.com)
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The most notable data breaches of 2023… So far | IT Reseller Magazine (itrportal.com)
Discord.io confirms breach after hacker steals data of 760K users (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
Man arrested in Northern Ireland police data leak • The Register
teiss - News - PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company
Here’s what you need to do after your personal data is breached (telegraph.co.uk)
Organised Crime & Criminal Actors
Meet the Most (In)Famous Hacking Groups Active Today (makeuseof.com)
Cyber security researchers become target of criminal hackers | Financial Times (ft.com)
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Who Are Script Kiddies? Are They a Threat to Your Security? (makeuseof.com)
Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)
File sharing site Anonfiles shuts down due to overwhelming abuse (bleepingcomputer.com)
How Innovation Accelerators Are at Work on the Dark Side (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
Web3 projects suffered from forty-two exploits within a week (coinpaper.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
UK gov keeps repeating its voter registration website is NOT a scam (bleepingcomputer.com)
“Grab hold and give it a wiggle” – ATM card skimming is still a thing – Naked Security (sophos.com)
Latin Americans Fall Prey to More Online Scams, Cyber Attacks (insurancejournal.com)
The road ahead for ecommerce fraud prevention - Help Net Security
A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight | WIRED
Insurance
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The cyber security insurance market is estimated at USD 14.4 (globenewswire.com)
Dark Web
Supply Chain and Third Parties
Building Cyber security into the supply chain is essential as threats mount (att.com)
Why the public sector still loves Capita (even though it got hacked) - Tech Monitor
Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (thehackernews.com)
PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks (darkreading.com)
Software Supply Chain
Cloud/SaaS
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Adapting to the Cloud Era of Cyber security: How CISO’s Priorities Are Evolving | Network Computing
Datacentre management vulnerabilities leave public clouds at risk | Computer Weekly
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
Containers
Encryption
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
WhatsApp is right to be angry about the UK’s encryption mess | The Spectator
Google adds post-quantum encryption key protection to Chrome • The Register
API
The Evolution of API: From Commerce to Cloud-Security Affairs
How financial services cyber regulations are hotting up for API security (betanews.com)
Open Source
Why a Software Bill of Materials Is Business-Critical - The Futurum Group
Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
6 best practices to defend against corporate account takeover attacks | CSO Online
What's the State of Credential theft in 2023? (thehackernews.com)
Building a secure future without traditional passwords - Help Net Security
Are browser-stored passwords secure? | Kaspersky official blog
Passwordless is more than a buzzword among cyber security pros - Help Net Security
More hardcoded credentials than ever, and sloppy coding is to blame | SC Media (scmagazine.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Social Media
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
LinkedIn accounts hacked in widespread hijacking campaign (bleepingcomputer.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malvertising
Adblock 360 Adware Extension: 3 Ways to Remove for Good - MSPoweruser
Malvertisers up their game against researchers (malwarebytes.com)
Training, Education and Awareness
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Navigating generative AI risks and regulatory challenges - Help Net Security
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
Breaking Down the New SEC Cyber security Rules | Epiq - JDSupra
Confusion Surrounds SEC's New Cyber security Material Rule (darkreading.com)
How financial services cyber regulations are hotting up for API security (betanews.com)
A closer look at the new TSA oil and gas pipeline regulations - Help Net Security
Models, Frameworks and Standards
Center for Internet Security announces secretive Microsoft partnership | StateScoop
What's New in the NIST Cyber security Framework 2.0 (darkreading.com)
Data Protection
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Careers, Working in Cyber and Information Security
650,000 cyber jobs are now vacant: How to tackle the risk (securityintelligence.com)
Effectively upskilling cyber security professionals to help close the skills gap | CSO Online
How to overcome the challenges of today's cyber security talent shortage - SiliconANGLE
Army struggling to hire cyber staff as attacks on Britain ramp up (telegraph.co.uk)
Vietnam admits massive shortage of infosec pros • The Register
Heavy workloads driving IT professionals to resign - Help Net Security
ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (prnewswire.com)
Law Enforcement Action and Take Downs
Polish police arrest five in swoop on Cyber Crime site - TVN24
Lapsus$ Report: Law Enforcement Battles Cyber Threats (beincrypto.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Sextortion suspects on trial after one victim dies • The Register
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Raccoon Stealer malware back with updated version following administrator arrest (therecord.media)
Man arrested in Northern Ireland police data leak • The Register
Privacy, Surveillance and Mass Monitoring
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries-Security Affairs
Russian spy agencies targeting Starlink with custom malware, Ukraine warns (telegraph.co.uk)
Russian-African Security Gathering Exposes Kremlin's Reduced Influence (darkreading.com)
Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps • Graham Cluley
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Suspected spies for Russia held in major UK security investigation - BBC News
Russia turning to sleeper cells and unofficial agents | Espionage | The Guardian
China
Top US cyber official warns of infrastructure attack risk if China tensions rise (nbcnews.com)
New Zealand says it is aware of China-linked intelligence activity in country | Reuters
China teases imminent exposé of seismic US spying scheme • The Register
Chinese Espionage Group Active Across Eastern Europe (inforisktoday.com)
15,000 cyber attacks detected per second in Taiwan: Software provider - Focus Taiwan
US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack | TechCrunch
Iran
German Intelligence Warns of Surge in Iranian Espionage (govinfosecurity.com)
Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks (thehackernews.com)
Iran and the Rise of Cyber Enabled Influence Operations (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Vulnerabilities
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks (thehackernews.com)
Patched Citrix NetScaler Devices Still Contain Backdoors (govinfosecurity.com)
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping (thehackernews.com)
Magento shopping cart attack targets critical vulnerability • The Register
New Python URL Parsing Flaw Enables Command Injection Attacks (thehackernews.com)
Data centers at risk due to flaws in power management software | CyberScoop
Bugs in transportation app Moovit gave hackers free rides | TechCrunch
Google Chrome 116: more Telemetry and 26 security patches - gHacks Tech News
Google Fixes 26 Bugs Amid Fake Update Warning - Infosecurity Magazine (infosecurity-magazine.com)
AMD has fixed its latest security flaw - but at the cost of massive slowdowns | TechRadar
Proxyjacking trend continues as attackers abuse years-old GitLab vulnerability | ITPro
Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica
Tools and Controls
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
AI-powered fraud detection: Strengthening security in fintech | The Financial Express
MaginotDNS attacks exploit weak checks for DNS cache poisoning (bleepingcomputer.com)
Evaluate the risks and benefits of AI in cyber security | TechTarget
How to Choose a Managed Detection and Response (MDR) Solution (darkreading.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Building a secure future without traditional passwords - Help Net Security
Passwordless is more than a buzzword among cyber security pros - Help Net Security
SEC cyber security rules shape the future of incident management - Help Net Security
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
Endpoint Management Statistics, Trends And Facts 2023 - Abdalslam
Why You Need Continuous Network Monitoring? (thehackernews.com)
CISA releases cyber defence plan for remote monitoring and management software - SiliconANGLE
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Other News
Healthcare incurs highest data breach costs – for the 13th year in a row | Healthcare IT News
Here's Why You Should Never Accept Unsolicited Tech by Post (makeuseof.com)
Government highlights cyber threat to health and social care | UKAuthority
Why is the Education Sector a Target for Cyber Attacks? | UpGuard
Cyber security in the Entertainment Industry: Risks and Solutions | UpGuard
What would an OT cyber attack really cost your organisation? | CSO Online
Education has had most cyber attacks, survey finds | Education Business (educationbusinessuk.net)
Cyber attacks Are On The Up: What Are The Risks & Remedies For Aviation? (simpleflying.com)
Bank of Ireland ATM Glitch Hands Out 'Free' Money (gizmodo.com)
Exclusive: 300 independent retailers affected by cyber attack | News | Retail Week (retail-week.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 August 2023
Black Arrow Cyber Threat Intelligence Briefing 11 August 2023:
-75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
-How an Eight-Character Password Could be Cracked in Just a Few Minutes
-Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
-How Executives’ Personal Devices Threaten Business Security
-77% of Financial Firms Saw an Increase in Cyber Attack Frequency
-Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
-Managing Human Cyber Risks Matters Now More Than Ever
-Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
-UK Shaken by Major Data Breaches
-Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
-Mac Users are Facing More Dangerous Security Threats Than Ever Before
-Cyber Attack to Cost Outsourcing Firm Capita up to £25m
-Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.
Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.
Source: [Dark Reading]
How an Eight-Character Password Could be Cracked in Just a Few Minutes
Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.
Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.
Source: [Techrepublic]
Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.
In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.
The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.
Source: [Dark Reading]
How Executives’ Personal Devices Threaten Business Security
Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.
A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.
Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.
Sources: [Help Net Security] [Security Affairs]
77% of Financial Firms Saw an Increase in Cyber Attack Frequency
According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).
Source: [SecurityMagazine]
Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.
Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.
Source: [Forbes]
Managing Human Cyber Risks Matters Now More Than Ever
As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.
A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.
Source: [Help Net Security]
Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.
The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.
Sources: [Help Net Security] [Security Affairs]
UK Shaken by Major Data Breaches
Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.
Sources: [Telegraph] [Tech Crunch]
Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.
Sources: [ITPro] [Infosecurity Magazine]
Mac Users are Facing More Dangerous Security Threats Than Ever Before
Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.
In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.
Source: [Techradar]
Cyber Attack to Cost Outsourcing Firm Capita up to £25m
Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.
The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.
Source: [Guardian]
Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.
Source: [Financial Express]
Governance, Risk and Compliance
Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)
Managing human cyber risks matters now more than ever - Help Net Security
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian
9 common risk management failures and how to avoid them | TechTarget
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
What happens if cyber insurance becomes unviable? - Raconteur
NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro
Cyber Security Must Focus on the Goals of Criminals (informationweek.com)
Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)
Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)
Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network
It's Time for Cyber security to Talk About Climate Change (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert
Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online
Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro
Data exfiltration is now the go-to cyber extortion strategy - Help Net Security
Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)
Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)
Recent ransomware attacks share curiously similar tactics - Help Net Security
Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)
Navigating the gray zone of ransomware payment practices - Help Net Security
Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)
Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
Best practices for reporting ransomware attacks | TechTarget
Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)
Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com
Ransomware Victims
Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)
Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)
Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)
Phishing & Email Based Attacks
Hackers are targeting top executives to steal their work logins | TechRadar
Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security
9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar
RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online
Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)
How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
White House offers prize money for hacker-thwarting AI (techxplore.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)
In the age of ChatGPT, Macs are under malware assault | Digital Trends
AI can now steal your passwords with almost 100% accuracy | Digital Trends
Microsoft AI Red Team building future of safer AI | Microsoft Security Blog
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
AI hacking gets White House backing; some already go rogue (9to5mac.com)
OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
2FA/MFA
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News
Malware
In the age of ChatGPT, Macs are under malware assault | Digital Trends
Mac users are facing more dangerous security threats than ever before | TechRadar
Threat intelligence's key role in mitigating malware threats - Help Net Security
This PowerPoint could help hackers empty your bank account | Digital Trends
Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)
Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)
CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)
Mobile
Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)
Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International
Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)
How executives' personal devices threaten business security - Help Net Security
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week
Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)
Botnets
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)
How to accelerate and access DDoS protection services using GRE - Help Net Security
Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica
Internet of Things – IoT
Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED
Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)
The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)
Data Breaches/Leaks
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)
UK Electoral Commission hacked by 'hostile actors' | Reuters
PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)
Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Organised Crime & Criminal Actors
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)
Cyber security Must Focus on the Goals of Criminals (informationweek.com)
How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
BlackBerry Discloses Major Crypto-Based Malware - The Tech Report
FBI warns of phishing scams and social media account hijackers (cointelegraph.com)
Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)
Insider Risk and Insider Threats
Managing human cyber risks matters now more than ever - Help Net Security
US Navy sailors charged with stealing secret info for China • The Register
Get consent before you monitor your staff, UK MPs suggest • The Register
Fraud, Scams & Financial Crime
Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly
Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Impersonation Attacks
Insurance
What happens if cyber insurance becomes unviable? - Raconteur
Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
Dark Web
Dark web activity targeting the financial sector - Help Net Security
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
Supply Chain and Third Parties
Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)
37% of third-party applications have high-risk permissions - Help Net Security
Software Supply Chain
Unravelling the importance of software supply chain security - Help Net Security
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
37% of third-party applications have high-risk permissions - Help Net Security
Cloud/SaaS
Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Managing and Securing Distributed Cloud Environments - Security Week
Microsoft 365 guests + Power Apps = security nightmare • The Register
Containers
Identity and Access Management
CrowdStrike observes massive spike in identity-based attacks | TechTarget
Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)
Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)
91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Encryption
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)
Open Source
Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Kemba Walden: We need to secure open source software | TechTarget
Passwords, Credential Stuffing & Brute Force Attacks
How an 8-character password could be cracked in just a few minutes (techrepublic.com)
AI can now steal your passwords with almost 100% accuracy | Digital Trends
US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)
Biometrics
Social Media
Malvertising
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News
Training, Education and Awareness
Managing human cyber risks matters now more than ever - Help Net Security
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Travel
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro
The Problem With Cyber security (and AI Security) Regulation (darkreading.com)
CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week
The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)
America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Models, Frameworks and Standards
NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST
Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru
5 steps to ensure HIPAA compliance on mobile devices | TechTarget
Data Protection
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Careers, Working in Cyber and Information Security
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)
Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security
Law Enforcement Action and Take Downs
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
Privacy, Surveillance and Mass Monitoring
Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update
China drafts rules for using facial recognition data - Japan Today
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
SpaceX's private control of satellite internet concerns military leaders | Space
Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR
Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop
Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)
Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop
US, Ukraine cyber leaders talk resilience, collaboration | TechTarget
Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
China
China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)
Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)
UK security must not be sacrificed to net zero (telegraph.co.uk)
Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia
China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget
Why the China cyber threat demands an airtight public-private response (federaltimes.com)
China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW
China drafts rules for using facial recognition data - Japan Today
US Navy sailors charged with stealing secret info for China • The Register
RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)
US Navy sailors charged with stealing secret info for China • The Register
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Iran
North Korea
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
Misc/Other/Unknown
Vulnerability Management
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week
Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online
Microsoft hits back at Tenable’s criticism of its infosec • The Register
The Four Pillars of Vulnerability Management - GovInfoSecurity
Has Microsoft cut security corners once too often? | Computerworld
Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)
The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)
Vulnerabilities
Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs
Microsoft, Intel lead this month's security fix emissions • The Register
Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)
Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register
Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)
New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)
Google Chrome will get weekly security updates - gHacks Tech News
Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week
Adobe Releases Security Updates for Multiple Products | CISA
New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week
Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)
Tools and Controls
Managing human cyber risks matters now more than ever - Help Net Security
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)
MDR: Empowering Organisations with Enhanced Security (thehackernews.com)
9 common risk management failures and how to avoid them | TechTarget
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)
Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)
Managing and Securing Distributed Cloud Environments - Security Week
How to handle API sprawl and the security threat it poses - Help Net Security
Threat intelligence's key role in mitigating malware threats - Help Net Security
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)
Other News
UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)
Budget constraints threaten cybersecurity in government bodies - Help Net Security
Threat of cyber attacks to national security compared to that of chemical weapons | ITPro
Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News
Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore
Cyber Security Threats From Online Gaming – Analysis – Eurasia Review
Cyber attack cost Interserve more than £11m | News | Building
Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23 July 2021
Black Arrow Cyber Threat Briefing 23 July 2021: 40% Fell Victim To A Phishing Attack In The Past Month; Traditional Ransomware Defences Are Failing Businesses; The Number Of Employees Going Around IT Security May Surprise You; 740 Ransomware Victims Named On Data Leak Sites In Q2 2021; A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats; Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack; UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack; Even after Emotet takedown, Office docs deliver 43% of all malware downloads now; Gun owners' fears after firearms dealer data breach
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
40% Fell Victim To A Phishing Attack In The Past Month
The global shift to remote work has exacerbated the onslaught, sophistication, and impact of phishing attacks, according to Ivanti. Nearly three-quarters (74%) of respondents said their organisations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month.
Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85% said those attempts are getting more sophisticated. In fact, 73% of respondents said that their IT staff had been targeted by phishing attempts, and 47% of those attempts were successful.
Smishing and vishing scams are the latest variants to gain traction and target mobile users. According to recent research by Aberdeen, attackers have a higher success rate on mobile endpoints than on servers – a pattern that is trending dramatically worse. Meanwhile, the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M.
https://www.helpnetsecurity.com/2021/07/23/risk-phishing-attacks/
Traditional Ransomware Defences Are Failing Businesses
Traditional cyber security strategies are failing to protect organisations from ransomware attacks, new research suggests. Based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defences set up at the time of the attack. However, attack methods have grown too sophisticated for traditional security measures to keep up. Many attacks (24 percent) still start with a successful phishing attempt, while almost a third (31 percent) see attacker enter the network through public cloud.
https://www.itproportal.com/news/traditional-ransomware-defenses-are-failing-businesses/
Cyber Security Risk: The Number Of Employees Going Around IT Security May Surprise You
Last month, a report was published highlighting challenges associated with enabling IT freedoms while ensuring tight security procedures. The findings detail a complex balancing act between IT teams and network users. Calibrating this equilibrium is particularly challenging in the age of remote work as employees log on and virtually collaborate via a host of digital solutions. Overall, the survey found that virtually all employees (93%) "are working around IT restrictions," and a mere 7% said they were "satisfied with their corporate IT restrictions." Interestingly, this information about IT workarounds does not match security leaders' and IT expectations.
740 ransomware victims named on data leak sites in Q2 2021: report
More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cyber security firm Digital Shadows.
Out of the almost 2,600 victims listed on ransomware data leak sites, 740 of them were named in Q2 2021, representing a 47% increase compared to Q1.
https://www.zdnet.com/article/740-ransomware-victims-named-on-data-leak-sites-in-q2-2021-report/
A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats
For decades, the cyber security industry has followed a defense-in-depth strategy, which allowed organisations to designate the battlefield against bad actors at their edge firewall. Nowadays, cyber criminals have become as creative as ever. New cyber threats are emerging every day, and with the constantly increasing rate of Ransomware, Phishing, etc. We’re forced to take a more dynamic approach when tackling these cyber threats on a day to day basis. Recent statistics demonstrate the scale of the cyber security issues faced by companies. In 2020, malware attacks increased by 358% and ransomware increased by 435%, and the average cost of recovering from a ransomware attack has doubled in the last 12 months, reaching almost $2 million in 2021.
https://www.helpnetsecurity.com/2021/07/13/dynamic-approach-cybersecurity-threats/
Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack
Campbell Conroy & O'Neil, P.C., a law firm handling hundreds of cases for the world's leading companies, has announced a large data breach that resulted from a ransomware attack in February. In a statement, the law firm said it noticed unusual activity on its network on February 27. The firm later realized it was being hit with a ransomware attack and contacted the FBI as well as cyber security companies for help.
UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack
The Government was hinting yet again at covertly using Britain’s own offensive cyber capabilities – hitting back at cyber attacks with cyber attacks of our own. This approach goes all the way back to 2013, when then defence secretary told the Conservative Party conference that the UK would “build a dedicated capability to counter-attack in cyber space and, if necessary, to strike in cyber space”.
Even after Emotet takedown, Office docs deliver 43% of all malware downloads now
Malware delivered over the cloud increased by 68% in Q2, according to data from cyber security firm Netskope.
The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter.
The report noted that cloud storage apps account for more than 66% of cloud malware delivery.
"In Q2 2021, 43% of all malware downloads were malicious Office docs, compared to just 20% at the beginning of 2020. This increase comes even after the Emotet takedown, indicating that other groups observed the success of the Emotet crew and have adopted similar techniques," the report said.
Gun Owners' Fears After Firearms Dealer Data Breach
Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a "security breach".
Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner's Office.
Police, including the National Crime Agency, are investigating.
One affected gun owner said he was afraid the breach could lead to his family being targeted by criminals.
Gun ownership is tightly controlled in the UK, making guns difficult to acquire, and potentially valuable on the black market.
The individual, who did not wish to be named, told the BBC the breach "seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger".
Threats
Ransomware
BEC
Phishing
Malware
Leaked NSO Group Data Hints At Widespread Pegasus Spyware Infections
This New Malware Hides Itself Among Windows Defender Exclusions To Evade Detection
MacBook Users Beware! Hackers Are Buying $49 Malware To Wreak Havoc On MacOS
New MosaicLoader Malware Targets Software Pirates Via Online Ads
CISA Warns Of Stealthy Malware Found On Hacked Pulse Secure Devices
This Password-Stealing Windows Malware Is Distributed Via Ads In Search Results
Mobile
Vulnerabilities
Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability
16-Year-Old Security Bug Affects Millions Of HP, Samsung, Xerox Printers
Fortinet Fixes Bug Letting Unauthenticated Hackers Run Code As Root
Windows 10 Vulnerability Lets Anyone Get Administrator Privileges
Researchers Discover Security Flaws In Telegram Encryption Protocol
Microsoft Shares Workaround For Windows 10 SeriousSAM Vulnerability
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
Data Breaches
Organised Crime & Criminal Actors
Supply Chain
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
UK And Allies Hold Chinese State Responsible For Pervasive Pattern Of Hacking
Chinese Hacking Group APT31 Uses Mesh Of Home Routers To Disguise Attacks
France Warns Of APT31 Cyber Spies Targeting French Organisations
APT Hackers Distributed Android Trojan Via Syrian E-Government Portal
Cloud
Privacy
Other News
Application Security Tools Ineffective Against New And Growing Threats
Pegasus: What Is The Israeli Spyware And How Can You Tell If It’s On Your Phone?
DHS Releases New Mandatory Cyber Security Rules For Pipelines After Colonial Ransomware Attack
1 in 5 companies fail PCI compliance assessments of their infrastructure
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.