Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 03 November 2023
Black Arrow Cyber Threat Intelligence Briefing 03 November 2023:
-Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
-Are You and Your Clients Soft Targets?
-Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
-Executives May be The Biggest Risk to Your Business
-Organisations Can Only Stop 57 Percent of Cyber Attacks
-Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
-Business Email Compromise is Most Common Entry Point for Cyber Attack
-US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
-Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
-Your End-Users are Reusing Passwords, That’s a Big Problem
-Cyber Workforce Demand is Outpacing Supply
-What the Boardroom Is Missing: CISOs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
The best defence against a ransomware attack is assuming it will happen before it does. Research by Visa Inc found that ransomware continues to rapidly rise. One of the main factors is the use of AI services to mass produce highly personalised and plausible emails. The second is the proliferation of highly professional do-it-yourself ransomware kits, which frequently come with 24/7 tech support. These two factors drastically lower the skill level required for cyber criminals to successfully pull off an attack.
Another new ransomware trend is “dual ransomware attacks”. This is where criminals carry out two or more attacks in close proximity of each other, ranging between 48 hours to a maximum of 10 days. With an 80% chance of re-attack, small and medium sized businesses in hard-hit industries including healthcare and manufacturing are primary targets; organisations must be extra vigilant as the holidays approach because this is when cyber criminals are most likely to attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Venture Beat] [SC Media] [Help Net Security] [Infosecurity Magazine] [Help Net Security] [Tech Crunch]
Are You and Your Clients Soft Targets?
Cyber attacks are not a matter of "if" but "when," and the question you need to ask yourself is, ‘Are you a soft target?’. A soft target is a network or organisation that is relatively unprotected or vulnerable to cyber attacks.
You may feel confident in your ability to recover from an attack, but if you've never thoroughly tested your backup and recovery procedures, and when the time comes you find that it does not work, the result will leave you more likely to pay a ransom in an encryption based ransomware scenario. Reliance on legacy antivirus, which often fails to detect modern threats, can also render your network a soft target. Additionally, the absence of a rigorous vulnerability scanning and patching process leaves vulnerabilities undiscovered, and attackers are quick to exploit them. If you rely solely on prevention measures like firewalls and endpoint protection platforms, you are making yourself an appealing soft target for cyber criminals.
No organisation is entirely immune to cyber attacks. The key to defending you and your client's information effectively is to anticipate attacks, understand your security posture, recognise potential adversaries, and recover correctly in the event of an attack.
Source: [MSSP Alert]
Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
Small businesses may be discouraged from investing in preventive cyber security measures due to the expense involved and the mistaken belief that only larger companies are the target of cyber crimes. However, according to a recent report nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information. The report found that employee and customer data continue to be the most impacted categories of information in data breaches with 42% of small businesses losing revenue due to a cyber event.
The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses, with malware, phishing and botnets being the most common threats. Daily malware activity has doubled year over year, and peaks in holiday seasons.
Sources: [Help Net Security] [Security Magazine] [Help Net Security] [JDSupra]
Executives May be The Biggest Risk to Your Business as One in Five Share Work Passwords Outside the Company
According to a recent report, nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do. The research reported one in five sharing their work password with someone outside the company, 77% using easy-to-remember passwords including birth dates, and a third admitting to accessing unauthorised files and data with nearly two-thirds having the ability to edit those files/data.
Additionally, the C-suite was found to be more than three times as likely than regular users to share work devices with unauthorised users. An essential approach to reducing the risks is a tailored training programme that enables all users, including the C-suite, to understand the objective of security controls and the risks caused by bypassing them. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Sources: [Infosecurity Magazine] [Tech Radar] [Security Magazine] [Help Net Security]
Organisations Can Only Stop 57 Percent of Cyber Attacks
According to a report from Tenable, over the last two years, the average organisation's cyber security program was prepared to preventatively defend against, or block, just 57 percent of the cyber attacks it encountered. The report found that 58% of respondents focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. This is put down largely to a struggle to obtain an accurate picture of their attack surface. When it came to risks, 75% viewed cloud infrastructure as the greatest source of exposure risk in their organisation.
Source: [Beta News]
Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
Generative AI has revolutionised many aspects of life, offering new opportunities that have also greatly benefited malicious actors. A report has found that since the launch of ChatGPT, phishing attacks have increased by 1,265%. A separate report found that many businesses remain unprepared for the impact of AI, with just 16% of respondents satisfied in their organisation’s understanding of these AI tools.
Sources: [Decrypt] [Infosecurity Magazine] [Emerging Risks]
Business Email Compromise is Most Common Entry Point for Cyber Attack
According to cyber insurance provider Hiscox, almost half of UK businesses have experienced a cyber attack in the last year, an increase of 9% from the previous year. Business email compromise was recorded as the most common point of entry, mentioned by 35% of companies who suffered an attack.
The report found that 20% of attacked organisations received a ransomware demand, slightly up from 19% the previous year. The proportion paying the ransom fell from 66% to 63%, but the median ransom rose 13%.
Sources: [Hiscox] [Digital Journal]
US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
The US Securities and Exchange Commission (SEC) announced plans to charge a Chief Information Security Officer (CISO) with fraud for their role in allegedly lying to investors, overstating cyber security practices, and understating or failing to disclose known risks. A key piece of evidence presented by the SEC involved a presentation that was shared with the CISO, detailing a lack of security in the CISO employer’s setup. The presentation highlighted how exploitation could lead to major reputational and financial loss.
The case represents a larger shift in the dynamics and corporate reporting of security issues and within this, lies the professionalism of the CISO role. It is likely that this incident could become the start of something larger.
Sources: [The Record] [Security Week ] [Forbes]
Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
A survey found that 66% of companies are reevaluating their data protection and cyber resilience strategies. Despite this, 35% are not prioritising recovery and only half (56.6%) focused on both recovery and prevention.
Whilst it is important to prevent attacks, nothing is 100% secure and organisations need to ensure that their ransomware plans include recovery as a part of this. If, or when, you experience an attack, you will not want to improvise your recovery.
Source: [Help Net Security]
Your End-Users are Reusing Passwords: That’s a Big Problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until it turns up in the form of hackers using compromised credentials as an initial access vector. A recent survey revealed that 53% of people admit to reusing passwords, making it easier for attackers to gain access to multiple applications with a single compromised password.
While it is difficult for organisations to maintain visibility over who is reusing passwords, especially if employees are reusing passwords outside of the organisation, there are still ways to combat this. Implementing tools that can check for compromised passwords, using multi-factor authentication and ensuring all employees carry out cyber security and awareness training are a few methods to help combat password re-use.
Source: [Bleeping Computer]
Cyber Workforce Demand is Outpacing Supply
A study by ISC2 stated that we would need to double the cyber workforce to adequately protect organisations and their critical assets. The study found that the gap between the demand and supply grew 12.6%. For organisations, this can mean a struggle in hiring cyber expertise.
To address the challenge of attracting and retaining quality senior security professionals, Black Arrow offers a fractional CISO service that gives flexible access to a whole team of specialists with wide expertise, experience and backgrounds in technology, governance and transformation, for less than the cost of hiring one individual.
Source: [Cyber Scoop]
What the Boardroom Is Missing: CISOs
According to a new study only 12% of S&P 500 companies have board directors with relevant cyber credentials, highlighting a major gap in expertise needed to keep organisations secure. As most organisations shift to digital and cloud-first strategies, businesses of all shapes and sizes must protect their assets. Unfortunately, there's a considerable gap between security leaders and the board directors responsible for managing businesses. A recent Harvard Business Review survey revealed just 47% regularly interact with their company's Chief Information Security Officer (CISO). That's a severe knowledge gap for a company's security and business leaders.
Introducing CISOs to the boardroom is not just about compliance, it's also about ensuring transparency and accountability. CISOs are already building security programs from the ground up. They provide business compliance, hire the right people, and find the right technology to supplement their team's efforts. Security posture is critical to an enterprise's future success, and having a CISO on the board that speaks the language can help a board understand if their business is making suitable security investments.
Source: [Dark Reading]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
SolarWinds Is A Game Changer - You Cannot Sugarcoat Cyber security (forbes.com)
Part of an executive team? You might be the biggest security risk to your business | TechRadar
One in five executives have shared work passwords outside the company | Security Magazine
Organisations can only stop 57 percent of cyber attacks (betanews.com)
Cyber attacks cause revenue losses in 42% of small businesses - Help Net Security
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
'Are we adversary aligned?' is the new 'Are we secure?' (betanews.com)
Cyber security habits and behaviours executives need to be aware of - Help Net Security
The hidden costs of data breaches for small businesses - Help Net Security
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
How Do We Truly Make Security 'Everyone's Responsibility'? (darkreading.com)
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Why there’s no one-size-fits all solution to security maturity | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Ransom Groups Threaten Physical Violence as Social Engineering Tactic (darkreading.com)
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Surviving a ransomware attack begins by acknowledging it's inevitable | VentureBeat
Do government sanctions against ransomware groups work? | TechCrunch
Why rookie hackers are capitalizing on ransomware | SC Media (scmagazine.com)
Experts Reconsider Banning Ransom Payments as Ransomware Attacks Surge (pymnts.com)
Why ransomware victims can’t stop paying off hackers | TechCrunch
Key Learnings from “Big Game” Ransomware Campaigns - SecurityWeek
New Hunters International ransomware possible rebrand of Hive (bleepingcomputer.com)
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
One of the most dangerous ransomware kits around might have just gotten a rebrand | TechRadar
Ransomware attacks set to break records in 2023 - Help Net Security
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
Ransomware Victims
Boeing Confirms Cyber Attack, System Compromise (darkreading.com)
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Stanford University investigating security incident • The Register
Massive ransomware attack hinders services in 70 German municipalities (therecord.media)
Medical research exec hit in SIM-swap attack by Alphv gang • The Register
Caesars Hackers Accessed Customer Data; Costs to Be Determined (bloomberglaw.com)
Mortgage and loan giant Mr. Cooper blames cyber attack for ongoing outage | TechCrunch
Ransomware attack shuts down Central Florida radiology imager sites (wmfe.org)
British, Toronto Libraries Struggle After Cyber Incidents (darkreading.com)
Ace Hardware says 1,202 devices were hit during cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Artificial Intelligence
Email Phishing Attacks Up 1,265% Since ChatGPT Launched: SlashNext - Decrypt
AI poses new cyber threats with many businesses unprepared (emergingrisks.co.uk)
AI is making cyber attacks even smarter and more dangerous | TechRadar
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Enterprise AI applications are threatening security | TechRadar
What Lurks in the Dark: Taking Aim at Shadow AI (darkreading.com)
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns | Computer Weekly
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Malware
Over a million Windows and Linux systems infected by this tricky new malware | TechRadar
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Daily malware activity doubled year over year for small businesses | Security Magazine
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)
Windows PCs are being targeted with a nasty new malware - here's what you need to know | TechRadar
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware (thehackernews.com)
These Seemingly Innocent Search Terms Could Lead Kids to Malware-Filled Websites (pcmag.com)
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks (darkreading.com)
Arid Viper Camouflages Malware in Knockoff Dating App (darkreading.com)
Ghostpulse Malware Targets Windows PCs With Fake App Installers (pcmag.com)
Latest RAT attack surge bypasses Microsoft's XLL block • The Register
Mozi malware botnet goes dark after mysterious use of kill-switch (bleepingcomputer.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection (thehackernews.com)
Mobile
16 more infected Android apps you need to delete ASAP (bgr.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Android 14’s user-profile data bug seems indistinguishable from ransomware | Ars Technica
New banking scams delivered instantly via WhatsApp - F-Secure Blog
Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware | PCMag
Google One data breach: Dark web report at your hand - gHacks Tech News
SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
Denial of Service/DoS/DDOS
DDoS attacks are getting bigger and more powerful, and that's a really bad thing | TechRadar
Why Does "Anonymous" Launch DDoS Cyber Attacks? (makeuseof.com)
Internet of Things – IoT
IoT's convenience comes with cyber security challenges - Help Net Security
RCE exploit for Wyze Cam v3 publicly released, patch now (bleepingcomputer.com)
Data Breaches/Leaks
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
ServiceNow Data Exposure: A Wake-Up Call for Companies (thehackernews.com)
LastPass breach linked to theft of $4.4 million in crypto (bleepingcomputer.com)
Public exposure of data breaches is becoming inevitable – Help Net Security
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Seiged Sec Breach Top Israeli Telecom, Leak Customers Data (dailydot.com)
Organised Crime & Criminal Actors
‘Prolific Puma’ Hacker Gives Cyber criminals Access to .us Domains (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
How cyber criminals adapt and thrive amidst changing consumer trends – Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto thief steals $4.4M in a day as toll rises from LastPass breach (cointelegraph.com)
UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)
Insider Risk and Insider Threats
Insurance
Supply Chain and Third Parties
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (thehackernews.com)
North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
Cloud/SaaS
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cyber securitynews.com)
Cryptojackers steal AWS credentials from GitHub in 5 minutes • The Register
Microsoft is Getting Serious About Security. Again. - Thurrott.com
Microsoft is overhauling its software security after major Azure cloud attacks - The Verge
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your end-users are reusing passwords – that’s a big problem (bleepingcomputer.com)
One in five executives have shared work passwords outside the company | Security Magazine
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cybersecuritynews.com)
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Social Media
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
Malvertising
Training, Education and Awareness
Finding the right approach to security awareness - Help Net Security
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Regulations, Fines and Legislation
FTC orders non-bank financial firms to report breaches in 30 days (bleepingcomputer.com)
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
Why The SEC Cyber Security Disclosure Rules Will Improve Cybersecurity (forbes.com)
The UK Online Safety Bill Becomes Law, What Does It Mean? | Hackaday
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Setting the standard for cyber security across the EU | Business Post
Models, Frameworks and Standards
Top 12 IT security frameworks and standards explained | TechTarget
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile - SecurityWeek
Careers, Working in Cyber and Information Security
UK cyber skills gap grows 29% despite record hiring (computing.co.uk)
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
Cyber security workforce shortages: 67% report people deficits - Help Net Security
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
Geopolitical Threats/Activity
Hacktivist Activity Related to Gaza Conflict Dwindles (darkreading.com)
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (bleepingcomputer.com)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
China
Spies and Lies: China’s Cyber Espionage Is on an Unprecedented Level | Mind Matters
Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop
Russia
Boeing. ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia - The Messenger
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
FSB arrests Russian hackers working for Ukrainian cyber forces (bleepingcomputer.com)
Russia to launch its own version of VirusTotal due to US snooping fears (therecord.media)
A Ukrainian Company Shares Lessons in Wartime Resilience (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
Iran
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
New Iranian state-sponsored hacking campaign uncovered - SiliconANGLE
FBI Director Warns of Increased Iranian Attacks (darkreading.com)
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign (thehackernews.com)
'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet (darkreading.com)
North Korea
Vulnerability Management
Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)
CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (scmagazine.com)
Vulnerability management metrics: How to measure success - Help Net Security
From Windows 9x to 11: Tracing Microsoft's security evolution - Help Net Security
It's Cheap to Exploit Software — and That's a Major Security Problem (darkreading.com)
Vulnerabilities
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (bleepingcomputer.com)
F5 fixes BIG-IP auth bypass allowing remote code execution attacks (bleepingcomputer.com)
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (bleepingcomputer.com)
Cisco Patches 27 Vulnerabilities in Network Security Products - SecurityWeek
Atlassian warns users: patch critical Confluence flaw ASAP • The Register
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (thehackernews.com)
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (thehackernews.com)
D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges (gbhackers.com)
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (bleepingcomputer.com)
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library (darkreading.com)
No patches yet for Apple iLeakage side-channel attack | TechTarget
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Tools and Controls
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Vulnerability management metrics: How to measure success - Help Net Security
6 steps to accelerate cyber security incident response | SC Media (scmagazine.com)
Ethical hackers are helping more and more business stay safe | TechRadar
Getting Smart With Cyber security: AI Can Help the Good Guys, Too (darkreading.com)
Massive cyber crime URL shortening service uncovered via DNS data (bleepingcomputer.com)
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Defence in depth: Layering your security coverage (securityintelligence.com)
Finding the right approach to security awareness - Help Net Security
Mainframes are around to stay, it’s time to protect them - Help Net Security
Reports Published in the Last Week
Other News
Four Under-The-Radar Security Risks That Can Endanger Your Business (forbes.com)
ING CISO says data sharing is key to financial cyber security (finextra.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
F5 Labs Report Reveals Rise in Malicious Automation | The Fintech Times
Microsoft Vows to Revamp Security Products After Repeated Hacks - Bloomberg
Microsoft launches Secure Future Initiative to bolster security | TechTarget
The 5 Cs of effective cyber defence: Beyond traditional technical skills | SC Media (scmagazine.com)
9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month (darkreading.com)
How governments can keep data secure in a digital age - New Statesman
Cyber security insights for secure manufacturing - Aerospace Manufacturing and Design
Demystifying the top five OT security myths | Computer Weekly
20 scary cyber security facts and figures for a haunting Halloween (welivesecurity.com)
Construction among industries most at risk from cyber attacks, insurer warns | News | Building
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 07 April 2023
Black Arrow Cyber Threat Briefing 07 April 2023:
-15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities
-New Research Highlights Increased Security Risks Posed by Remote Working and BYOD
-Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks
-IT and Security Pros Pressured to Keep Quiet About Data Breaches
-Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard"
-Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks
-MSPs a Favoured Target of Supply Chain and Infrastructure Attacks
-Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats
-GCHQ Updates Security Guidance for Boards
-More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis
-For Cyber Crime Gangs, Professionnalisation Comes With “Corporate” Headaches
-UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups
-Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change
-Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities
Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalogue. The findings are particularly worrying because the examined vulnerabilities are known and highlighted in CISA's KEV catalogue as actively exploited by hackers, so any delays in their patching maintain a large attack surface, giving threat actors numerous potential targets.
Over half of those 7 million instances were vulnerable to one of the 137 CVEs concerning Microsoft Windows, making this component a top priority for defenders and an excellent target for attackers. Almost half of those are over five years old, so roughly 800,000 machines have not applied security updates for a significant period of time.
New Research Highlights Increased Security Risks Posed by Remote Working and BYOD
New research has highlighted the increased threats associated with remote work and bring your own device (BYOD) policies faced by organisations. The results of the survey show that with remote and hybrid working, personal and work tasks blur together and the boundaries between the two have become more porous. The data shows that 32% of remote and hybrid workers use apps or software not approved by IT and 92% of remote employees perform work tasks on their personal tablet or smartphone devices. These devices, apps and software, along with the corporate data being accessed, are not visible to IT, thereby dramatically increasing an organisation’s risk posture.
Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks
Cyber security is a growing concern among all businesses but lack of security expertise in SMBs is leaving smaller firms open to attack. Cyber threats are more real and prevalent than ever before and the risk to businesses includes not only exposure of customer data and a decrease in trust, but also losses in revenue.
54% of small businesses say they are more concerned about cyber security now than one year ago yet 38% of SMBs said they had zero employees dedicated to security as part of their role, and 42% had just one employee working on security. Even without a traditional security role, there should be someone responsible for making security decisions in every organisation.
A lack of time to focus on security and keeping up with changing threats are amongst the biggest challenges for businesses.
https://www.helpnetsecurity.com/2023/04/04/smbs-security-posture/
IT and Security Pros Pressured to Keep Quiet About Data Breaches
It is not possible to stop every bad thing from happening. Alarmingly, when something does go wrong IT/security professionals are being told to keep a breach confidential, even when they knew it should be reported. More than 42% of IT/security professionals reporting this happening to them, and a worrying 30% said they have kept a breach confidential.
At 71%, IT/security professionals in the US were the most likely to say they have been told to keep quiet followed by the UK at 44%.
52% of global organisations have experienced a data breach or data leak in the last 12 months. The US led at 75% (or 23% higher than average) followed by the UK at 51.4%.
Infosec professionals are increasingly worried about their company facing legal action due to a breach being handled incorrectly.
https://www.helpnetsecurity.com/2023/04/06/pressure-keeping-breaches-confidential/
Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard
Phishing attacks are up 5x year-on-year, researchers say. A report from Cofense analysed data received from 35 million people across the world, finding there has been a 569% increase in phishing attacks to 2022 and 478% increase to credential phishing. With the increased frequency, intensity and sophistication of these threats small and medium-sized businesses should be particularly wary of phishing and other forms of email-borne cyber attacks as their numbers have grown explosively over the last year, experts have warned. Organisations should keep eyes open for Business Email Compromise (BEC) attacks as this type continues to be one of the top crimes for the eighth year in a row.
https://www.techradar.com/news/phishing-emails-are-seeing-a-huge-rise-so-stay-on-your-guard
Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks
New studies have found that ransomware exploits are increasing, and a large percentage of victims are being hit multiple times. The NCC Group noted that there were 240 ransomware attacks in February 2023, a 45% increase from the record-high number of attacks in January. North America accounted for 47% of the global ransomware attacks, with Europe following (23%). Another report found that of all organisations hit by ransomware in the last 12 months, 28% were reported to be hit twice or more. Of the organisations breached, 69% reported phishing as the initial access vector.
https://www.techrepublic.com/article/nccgroup-ransomware-attacks-up-february/
MSPs a Favoured Target of Supply Chain and Infrastructure Attacks
With the backdrop of increasing cyber attacks on supply chains, Managed Service Providers (MSPs) are increasingly being favoured by attackers due to their pivotal role in the supply chain and access to the organisations they are serving.
When measured by sector, MSPs are the hardest hit by hackers in supply chain attacks.
ConnectWise’s cyber research unit analysed some 440,000 incidents that impacted MSPs and their clients and found that Lockbit led among the most prolific ransomware hijackers targeting MSPs, (42% of all ransomware attacks) followed by Cl0p at 11%. Whilst numerous other ransomware gangs also directly targeted MSPs in 2022.
Third party risk assessments should be carried out for all organisations in your supply chain and this is especially true of MSPs and external IT providers given the level of access they have into your systems and data.
Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats
Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening companies with publishing or selling allegedly stolen data unless they get paid. Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the messages. It is possible that victims are selected from publicly available sources, such as the initial attacker’s data leak site, social media, news reports, or company disclosures; in some cases a fake extortionist could learn about ransomware victims that have yet to disclose the cyber attack, making it more likely for victims to believe them.
GCHQ Updates Security Guidance for Boards
The UK’s leading cyber security agency GCHQ, has urged the country’s business leaders to “get to grips” with cyber risk after releasing an updated toolkit to help them do so. GCHQ’s National Cyber Security Centre (NCSC) said its updated Cyber Security Board Toolkit is designed to boost the confidence of senior execs when discussing security with key stakeholders from the organisation.
Given the potentially serious impact breaches can have on business operations and growth, the agency wants boards to treat cyber risk with the same urgency as other business risks in areas such as financial and legal.
https://www.infosecurity-magazine.com/news/gchq-updates-security-guidance/
More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis
A recent report found that 52% of organisations had suffered a data breach in the past two years, an increase from 49% in 2022. In addition, 62% of organisations reported that business critical applications suffered from unplanned downtime due to a cyber security incident on at least a monthly basis, an increase from 54% in 2022. Other key findings include downtime costing roughly 2.7% of annual revenue, 39% of organisations believing cyber security incidents directly harmed their competitive position and 31% noting that it had reduced shareholder revenue. As a result of the impact, 95% of organisations reported that they had planned to increase their security budget over the next 2 years.
For Cyber Crime Gangs, Professionalisation Comes With “Corporate” Headaches
Today’s largest cyber crime gangs are operating like large enterprises, with $50 million dollars in annual revenue and around 80% of operating expenses going towards wages. Researchers have found that small, medium and especially large cyber crime gangs are operating just like their legitimate counterparts, from their managerial structure to employee benefits. The research highlights a worrying level of sophistication within cyber crime gangs; we are no longer dealing with the lone attacker in a dark room, but in some cases an enterprise with clear objectives.
UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups
Britain’s newly created offensive hacking unit, the National Cyber Force (NCF), has said it is engaged daily in operations to disrupt terrorist groups and military opponents of the UK. Operational details remain unclear, however the NCF says it is engaged in techniques to “undermine the tradecraft” of Russian, Chinese and other state-sponsored hackers and in “technical disruption” against terrorist groups, for example to prevent the dissemination of online propaganda. This news comes after the recent leak of files for Moscow, which had tasked an IT company to develop cyber warfare tools aimed at taking down infrastructure networks and scouring the internet for vulnerabilities.
Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change
A man reportedly took his own life following a six-week-long conversation about the climate crisis with an artificial intelligence (AI) chatbot. Reports found that the chatbot had fed the mans worries about climate change, which had worsened his anxiety and later led to suicidal thoughts. The AI chatbot failed to dissuade the man from committing suicide and had in fact encouraged him to act on the thoughts and join the AI chatbot so “they could live together, as one person, in paradise”. This is despite the efforts made to limit these kind of events.
Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites
Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The vulnerability is in Elementor Pro, a premium plugin running on more than 12 million sites powered by WordPress. Despite the vulnerability being fixed, many have not installed the patch. Worryingly, this is a common theme in cyber; many organisations remain vulnerable due to them not having an efficient patching process and as a result, a number of the most exploited vulnerabilities have available patches.
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks up sharply in February (techrepublic.com)
Fake ransomware gang targets U.S. orgs with empty data leak threats (bleepingcomputer.com)
New Money Message ransomware demands million dollar ransoms (bleepingcomputer.com)
Rorschach – A New Sophisticated and Fast Ransomware - Check Point Research
ALPHV ransomware exploits Veritas Backup Exec bugs for initial access (bleepingcomputer.com)
LockBit leaks data stolen from South Korean National Tax Service-Security Affairs
UK outsourcing services provider Capita suffered a cyber incident-Security Affairs
March ransomware disclosures spike behind Clop attacks | TechTarget
Protect Your Company: Ransomware Prevention Made Easy (thehackernews.com)
Dish Faces Investor Lawsuit Over Ransomware Attack, Downgrades From Equity Analysts | Next TV
Phishing & Email Based Attacks
Scammers Are Using ChatGPT to Write Emails That Aren't Riddled With Typos (futurism.com)
Phishing emails are seeing a huge rise, so stay on your guard | TechRadar
YouTube warns of email scam from seemingly authentic account | Science & Tech News | Sky News
BEC – Business Email Compromise
2FA/MFA
Malware
WinRAR SFX archives can run PowerShell without being detected (bleepingcomputer.com)
Malware and machine learning: A match made in hell - Help Net Security
Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks (thehackernews.com)
Flood of malicious packages results in NPM registry DoS - Help Net Security
Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks (thehackernews.com)
Researcher Tricks ChatGPT into Building Undetectable Steganography Malware (darkreading.com)
Typhon info-stealing malware devs upgrade evasion capabilities (bleepingcomputer.com)
Tax preparation and e-file service eFile.com compromised to serve malware-Security Affairs
The hidden picture of malware attack trends - Help Net Security
Mobile
BYOD
New Research Highlights Increased Security Risks Posed by Remote Working and BYOD - IT Security Guru
Internet of Things – IoT
Hackers can open Nexx garage doors remotely, and there's no fix (bleepingcomputer.com)
HP to patch critical bug in LaserJet printers within 90 days (bleepingcomputer.com)
Data Breaches/Leaks
Splunk Details Increase in Data Breaches, Downtime Due to Cyber security Issues - MSSP Alert
Uber driver info stolen in yet another third-party breach • The Register
ChatGPT linked to alleged leak of confidential information at Samsung (interestingengineering.com)
Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach (darkreading.com)
Marketplace 600K Records Leaked By Database Snafu (informationsecuritybuzz.com)
Organised Crime & Criminal Actors
For Cyber Crime Gangs, Professionalization & ‘Corporate’ Headaches (darkreading.com)
Fight Mercenaries with these Cyber security Principles (trendmicro.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
DoJ Recovers $112M in Crypto Stolen With Romance Scams (darkreading.com)
Hackers steal crypto assets by defeating 2FA with rogue browser extension | CSO Online
Insider Risk and Insider Threats
Re-evaluating immature and ineffective insider risk management programs - Help Net Security
Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent
Fraud, Scams & Financial Crime
The staggering cost of identity fraud for financial services - Help Net Security
New dark web market STYX focuses on financial fraud services (bleepingcomputer.com)
What CISOs Can Do to Build Trust & Fight Fraud in the Metaverse (darkreading.com)
Feds seize $112m in currency tied to 'pig-butchering scams • The Register
Stop online counterfeiters dead in their tracks - Help Net Security
Deepfakes
Insurance
Dark Web
Supply Chain and Third Parties
MSPs a Favoured Target of Supply Chain and Infrastructure Attacks, ConnectWise Reports - MSSP Alert
APT group Winter Vivern exploits Zimbra webmail flaw to target government entities | CSO Online
Risk & Repeat: Inside the 3CX supply chain attack | TechTarget
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (bleepingcomputer.com)
Automation, Cyber security, Integration Top the List of Priorities for MSPs in 2023 - MSSP Alert
Capita: Cyber attack caused pre-weekend outage • The Register
Western Digital Hit By Network Security Breach - Infosecurity Magazine (infosecurity-magazine.com)
Cloud/SaaS
Google Drive does a surprise rollout of file limits, locking out some users | Ars Technica
Capita: Cyber attack caused pre-weekend outage • The Register
Shadow data slipping past security teams - Help Net Security
Think Before You Share the Link: SaaS in the Real World (thehackernews.com)
Western Digital Hit By Network Security Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hybrid/Remote Working
New Research Highlights Increased Security Risks Posed by Remote Working and BYOD - IT Security Guru
Unapproved Apps Used By 32% of Remote Workers - Infosecurity Magazine (infosecurity-magazine.com)
Shadow IT
Identity and Access Management
The high cost of insecure authentication methods - Help Net Security
3 Fronts in the Battle for Digital Identity (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Takedown of notorious hacker marketplace selling your identity to criminals | Europol (europa.eu)
Stolen credential warehouse Genesis Market seized by FBI • The Register
Social Media
TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian
TikTok bans explained: Everything you need to know (techtarget.com)
YouTube warns of email scam from seemingly authentic account | Science & Tech News | Sky News
Parental Controls and Child Safety
Regulations, Fines and Legislation
TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian
UK data regulator issues warning over generative AI data protection concerns | CSO Online
Governance, Risk and Compliance
42% of IT leaders told to maintain breach confidentiality | TechTarget
GCHQ Updates Security Guidance for Boards - Infosecurity Magazine (infosecurity-magazine.com)
Splunk Details Increase in Data Breaches, Downtime Due to Issues - MSSP Alert
5 strategies to manage risks in mergers and acquisitions | CSO Online
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Stolen credential warehouse Genesis Market seized by FBI • The Register
Spain's most dangerous and elusive hacker now in police custody (bleepingcomputer.com)
Genesis Market: Popular cyber crime website shut down by police - BBC News
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
Welcome to the era of viral AI generated 'news' images | CNN Business
Scammers Are Using ChatGPT to Write Emails That Aren't Riddled With Typos (futurism.com)
ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications - SecurityWeek
Malware and machine learning: A match made in hell - Help Net Security
ChatGPT linked to alleged leak of confidential information at Samsung (interestingengineering.com)
UK data regulator issues warning over generative AI data protection concerns | CSO Online
Researcher Tricks ChatGPT into Building Undetectable Steganography Malware (darkreading.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russian pro-war military blogger killed in blast at St Petersburg cafe | Russia | The Guardian
China opens national security probe into Micron products • The Register
Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar (darkreading.com)
Britain’s cyberwarfare chief reveals his identity | The Economist
Nation State Actors
APT group Winter Vivern exploits Zimbra webmail flaw to target government entities | CSO Online
Russian pro-war military blogger killed in blast at St Petersburg cafe | Russia | The Guardian
China opens national security probe into Micron products • The Register
Report: Chinese State-Sponsored Hacking Group Highly Active - SecurityWeek
Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar (darkreading.com)
The other Chinese apps taking the US and UK by storm - BBC News
Google TAG Alerts Of ARCHIPELAGO Cyber attacks Linked To North Korea (informationsecuritybuzz.com)
Vulnerability Management
15 million public-facing services vulnerable to CISA KEV flaws (bleepingcomputer.com)
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (bleepingcomputer.com)
Millions still exposed despite available fixes - Help Net Security
Microsoft to admins: Auto-review your Autopatch alerts • The Register
Vulnerabilities
Tools and Controls
How can organisations bridge the gap between DR and cyber security? - Help Net Security
Let’s pump the brakes on the rush to incorporate AI into cyber security | CSO Online
The high cost of insecure authentication methods - Help Net Security
How AI is transforming cyber security for better and worse - Help Net Security
3 Fronts in the Battle for Digital Identity (darkreading.com)
Reports Published in the Last Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links