Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 03 May 2024
Black Arrow Cyber Threat Intelligence Briefing 03 May 2024:
-Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities
-91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit
-BEC and Fund Transfer Fraud Top Insurance Claims
-Correlating Cyber Investments with Business Outcomes
-Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link
-MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer
-Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties
-Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats
-95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right
-Human Factor a Significant Risk for Small and Medium-Sized Businesses.
-Microsoft CEO Says it is Putting Security Above All Else in Major Refocus
-Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities
Attackers continue to aggressively target small and mid-size businesses using specific high-profile vulnerabilities dating back a decade or more, network telemetry shows. Findings have shown that this is due to these vulnerabilities featuring in a wide range of products. Due to their prevalence, they can often become missed by organisations conducting patch management and therefore leave the organisation open.
For this reason it is critical that all organisations, including smaller organisations, have internal as well as external vulnerability scanning. You might believe your systems are patched up to date but there is no way to confirm without scanning , or to know which patches might have been missed.
Sources: [Infosecurity Magazine]
91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit
Ransomware attacks saw a significant surge in 2023, following a dip in 2022. The number of victims increased by 66% from 2022 to 2023, with 91% of those affected paying at least one ransom. 58% of organisations have been targeted six times or more.
The Sophos State of Ransomware 2023 report highlighted ransom payments rose by 500%; nearly two-thirds exceeded $1m or more, with an average payment of $2m. Furthermore, 30% of the demands were for over $5m.
In the US, 18% of incidents led to litigation, with 123 lawsuits filed in 2023 and 355 over five years. Data breaches, affecting 283.3 million records, primarily triggered these lawsuits, especially in healthcare and finance sectors. The resolution rate is 59%, with the highest settlement at $8.7m. Regulatory fines added nearly $10m to the financial impact. These figures underscore the significant financial implications of ransomware attacks and the urgent need for robust cyber security measures.
Sources: [ZD Net] [Infosecurity Magazine] [Security Magazine] [PrNewsWire] [Infosecurity Magazine]
BEC and Fund Transfer Fraud Top Insurance Claims
Cyber Insurer Coalition's 2024 Cyber Claims Report highlights a significant trend in cyber security threats, identifying email-based fraud as the predominant cause of insurance claims in 2023, accounting for 53% of all claims. Business email compromise (BEC) and funds transfer fraud (FTF) topped the list, contributing to 28% of claims and increasing claim amounts by 24% to an average loss exceeding $278,000. In contrast, ransomware, while less frequent at 19% of claims, also saw a rise in both frequency and severity, with average losses climbing to over $263,000. The report also notes a 13% year-on-year surge in overall claims, with substantial losses tied to compromised network security devices and a notable vulnerability in organisations using exposed remote desktop protocols.
Source: [Infosecurity Magazine]
Correlating Cyber Investments with Business Outcomes
The US Securities and Exchange Commission (SEC) has implemented stringent new rules compelling organisations to report significant cyber incidents within four days and to annually disclose details concerning their cyber security risk management, strategy, and governance. These mandates are seen as giving “more teeth to the idea that cyber security is a business problem” and “bringing an element of cyber security to the boardroom” according to cyber security solutions provider SecurityGate. Highlighted in the "Cybersecurity Insights" podcast, experts argue for simplifying cyber security strategies, advocating sustained resource allocation over reactive measures, and emphasising the importance of training over expensive solutions. These steps are deemed crucial for enhancing organisational resilience and security in a landscape where cyber threats are increasingly sophisticated and pervasive.
Source: [InfoRisk Today]
Verizon: Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link
Verizon has released the findings of its 17th Annual Data Breach Investigations Report, which showed security incidents doubled year over year in 2023 to a record high 30,458 security events and 10,626 confirmed breaches. Some of the key takeaways from the 100-page report include zero-day attacks on unpatched systems and devices rising 180% in 2023, most breaches (68%) involving a non-malicious human element and the median time for users to fall for phishing emails falling just south of 60 seconds. In its first inclusion as a separate metric, supply chain attacks were found to contribute to 15% of all attacks.
Sources: [MSSP Alert] [Verizon]
MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer
Verisk’s Property Claim Services (PCS) has recently identified the MOVEit and Change Healthcare cyber attacks as significant Cyber Catastrophe Loss Events. These designations are part of PCS’s Global Cyber solution, which tracks cyber incidents and their potential impact on the insurance market. The designation indicates that each attack is anticipated to result in insurance industry losses exceeding USD 250 million.
The MOVEit attack, linked to the Russian-affiliated group Cl0p, compromised over 2,700 organisations globally, affecting up to 90 million individuals. The Change Healthcare attack, attributed to the ALPHV/Blackcat gang, notably disrupted UnitedHealth Group’s operations, with projected costs and lost revenue totalling up to USD 1.6 billion. These designations highlight the escalating scale and financial impact of cyber incidents on global markets.
Source: [Reinsurance News]
Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties
Nearly every organisation is part of a supply chain, where a significant amount of data is transferred. When data leaves your infrastructure, its security depends on the third party. The risks of a cyber incident increases as the supply chain increases.
Organisations need to mitigate the risks that their third party brings. This requires an understanding of the supply chain actors, and performing cyber security assessments of the most critical ones. The objective is to ensure that your organisation is satisfied with the third party’s security controls, or to work together to remediate any gaps.
Source: [Help Net Security]
Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats
In the era of hybrid work, remote desktop tools have become crucial yet vulnerable points within corporate networks, attracting significant cyber criminal attention. A study by Barracuda Networks underscores the challenges of securing these tools. Virtual Network Computing (VNC) is particularly susceptible; it is targeted in 98% of these types of attacks due to its use of multiple, sometimes unsecured ports. VNC attacks predominantly exploit weak password practices, notably through brute force methods. Conversely, Remote Desktop Protocol (RDP) accounts for about 1.6% of these attacks but is favoured for more extensive network breaches, often involving ransomware or crypto mining. The study highlights a pressing need for robust endpoint management and heightened security measures to mitigate these threats.
Source: [ITPro]
95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right
A recent report found that 95% of companies have altered their cyber security strategies in the last twelve months. This was driven by keeping pace with the shifting regulatory landscape (98%), the need to meet customer expectations for data protection and privacy (89%), and the rise of AI-driven threats and solutions (65%). Almost half (44%) of non-security executives do not understand the regulatory requirements their organisation must adhere to.
When it came to reporting, the study found that security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact. It is evident that there is a disconnect between security and non-security professionals when it comes to the business strategy.
Sources: [Business Wire] [Security Magazine]
Human Factor a Significant Risk for Small and Medium-Sized Businesses.
A survey of business and IT security in small and medium-sized businesses (SMBs) conducted by LastPass found that roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. The survey found that password management is critically important to cyber security, with nearly half (47%) reporting recent breaches due to compromised passwords.
Sources: [Beta News] [Business Wire]
Microsoft CEO Says it is Putting Security Above All Else in Major Refocus
Following a series of high-profile attacks in recent months and a report by the US Cyber Safety Review Board (CSRB), Microsoft’s CEO has revealed it will now focus its efforts on an increase in the commitment to security. Investigating a summer 2023 attack, Microsoft was deemed to have made a series of “avoidable errors”, including the failure to detect several compromises, the CSRB said.
Sources: [TechRadar]
Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams
A recent discussion on workplace errors highlights the significant repercussions of cyber breaches compared to typical office mistakes. In the UK, nearly a third of businesses face cyber attacks weekly, with each breach costing approximately £4,000. However, a concerning trend is that 41% of these breaches are not reported to internal leadership, often due to fears among staff about the consequences of admitting faults. A three-pronged approach has been suggested to foster a blame-free culture: providing tailored and evolving cyber training, establishing safe zones for admitting mistakes, and implementing robust recovery plans. This approach not only prepares employees to handle potential breaches more effectively but also encourages them to report incidents promptly, reducing the overall impact and aiding quicker recovery. Such strategies are essential for maintaining resilience against increasingly sophisticated cyber threats.
Source: [Minute Hack]
Governance, Risk and Compliance
Verizon 2024 Data Breach Investigations Report: 5 Takeaways | MSSP Alert
Verizon DBIR: Vulnerability exploitation in breaches up 180% | TechTarget
Verizon DBIR: Basic Security Gaffes Cause Breach Surge (darkreading.com)
95% of Organisations Revamped Their Cyber Security Strategies in the Last Year | Business Wire
95% of organisations adjusted cyber security strategies this past year | Security Magazine
1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)
Are Enterprises Overconfident About Cyber Security Readiness? (govinfosecurity.com)
How CISOs Can Contend with Increasing Scrutiny from Regulators (informationweek.com)
Correlating Cyber Investments with Business Outcomes (inforisktoday.com)
Ending The Culture of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack
97% of security leaders have increased SaaS security budgets - Help Net Security
The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online
Should Cyber Security Leadership Finally be Professionalized? - SecurityWeek
What needs to change to overcome nonchalant security approaches | TechRadar
Agile by Design: Cyber Security at the Heart of Transformation (noeticcyber.com)
Threats
Ransomware, Extortion and Destructive Attacks
Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)
91% of ransomware victims paid at least one ransom in the past year, survey finds | ZDNET
1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)
There was an 81% year-over-year increase in ransomware attacks | Security Magazine
Ransom recovery costs reach $2.73 million - Help Net Security
Cactus Ransomware Group Targets Qlik Sense Servers | Decipher (duo.com)
How AI and data protection intersect in today's threat era - SiliconANGLE
Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly
Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)
How Businesses Should Grapple With Ransomware Threats (eetimes.eu)
Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)
Ransomware Victims
Change Healthcare breached via Citrix portal with no MFA | TechTarget
Almost all US hospitals took financial hit from Change hack, AHA says | Reuters
Another major pharmacy chain shuts following possible cyber attack | TechRadar
Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)
Cyber attack to cost Western Isles Council half a million pounds (holyrood.com)
LockBit publishes confidential data stolen from Cannes hospital in France (therecord.media)
French hospital CHC-SV refuses to pay LockBit extortion demand (bleepingcomputer.com)
'Cybersecurity incident' closes London Drugs' pharmacies • The Register
Phishing & Email Based Attacks
AI-driven phishing attacks deceive even the most aware users - Help Net Security
US Post Office phishing sites get as much traffic as the real one (bleepingcomputer.com)
If you receive a Shein mystery box, do not open it | TechRadar
Why the automotive sector is a target for email-based cyber attacks - Help Net Security
BEC
BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering
FBI warns of fake verification schemes targeting dating app users (bleepingcomputer.com)
A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts | PCMag
Artificial Intelligence
AI-driven phishing attacks deceive even the most aware users - Help Net Security
AI is creating a new generation of cyber attacks - Help Net Security
Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)
Businesses turn to generative AI but many don't have policies on it (betanews.com)
How AI and data protection intersect in today's threat era - SiliconANGLE
Understanding emerging AI and data privacy regulations - Help Net Security
To understand the risks posed by AI, follow the money – O’Reilly (oreilly.com)
From Risk to Resilience: Managing Data Security in AI-Driven Enterprises | Inc.com
Cyber security experts face AI risks, deepfakes, burnout | Fortune
US Government Releases New AI Security Guidelines for Critical Infrastructure (thehackernews.com)
Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues - SecurityWeek
2FA/MFA
Malware
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)
New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security
Guarding the Gates: The Growing Abundance of Linux Malware - VMRay
Bogus npm Packages Used to Trick Software Developers into Installing Malware (thehackernews.com)
Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (thehackernews.com)
ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (thehackernews.com)
New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)
Mobile
Powerful 'Brokewell' Android Trojan Allows Attackers to Takeover Devices - SecurityWeek
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (thehackernews.com)
New Wpeeper Android malware hides behind hacked WordPress sites (bleepingcomputer.com)
Microsoft warns of "Dirty Stream" attack impacting Android apps (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)
A glaring Android TV security flaw might put your Gmail at risk | Android Central
Data Breaches/Leaks
PSNI data breach: Almost 5,000 officers and staff in legal action - BBC News
Kaiser Permanente data breach may have impacted 13.4 million patients (securityaffairs.com)
FBCS data breach impacted 2M individuals (securityaffairs.com)
States shares health debt data of 5,000 in an email | Guernsey Press
Qantas app exposed sensitive traveller details to random users (bleepingcomputer.com)
Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach (bleepingcomputer.com)
Australian pubgoers' personal info posted to leak site • The Register
Monash Health data breach exposes sexual assault and family violence claims (smh.com.au)
Panda Restaurant Group disclosed a data breach (securityaffairs.com)
Organised Crime & Criminal Actors
AI is creating a new generation of cyber attacks - Help Net Security
Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)
Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)
Insider Risk and Insider Threats
How insider threats can cause serious security breaches - Help Net Security
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)
Insurance
Cyber facility in capacity raise as risk severity grows (emergingrisks.co.uk)
Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)
Supply Chain and Third Parties
Cloud/SaaS
New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security
97% of security leaders have increased SaaS security budgets - Help Net Security
Encryption
UK's Investigatory Powers Bill approved to become law • The Register
Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Change Healthcare breached via Citrix portal with no MFA | TechTarget
Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)
NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)
New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)
How to use a YubiKey to log into Windows and macOS (xda-developers.com)
Social Media
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek
Facebook at 20: Contemplating the Cost of Privacy (darkreading.com)
Training, Education and Awareness
Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack
Everyone's an Expert: How to Empower Your Employees for Cyber Security Success (thehackernews.com)
Regulations, Fines and Legislation
UK's Investigatory Powers Bill approved to become law • The Register
UK rolls out new consumer safeguards for smart devices (betanews.com)
FCC fines major wireless carriers over illegal location data sharing - Help Net Security
Understanding emerging AI and data privacy regulations - Help Net Security
CISA's incident reporting requirements go too far, trade groups and lawmakers say | CyberScoop
Data Protection
Careers, Working in Cyber and Information Security
Cyber security experts face AI risks, deepfakes, burnout | Fortune
The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online
Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says | CyberScoop
Cyber Security Degrees, Are They Really Worth It? | HackerNoon
Beyond the Buzz: Rethinking Alcohol as a Cyber Security Bonding Ritual - SecurityWeek
Law Enforcement Action and Take Downs
Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)
Police shuts down 12 fraud call centres, arrests 21 suspects (bleepingcomputer.com)
Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)
CEO who sold fake Cisco devices to US military gets 6 years in prison (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)
Philippines Pummelled by Cyber Attacks & Misinformation Tied to China (darkreading.com)
Germany grapples with wave of spying threats from Russia and China - BBC News
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek
Think tank: Tech companies spread China's propaganda • The Register
China's attacks on critical infrastructure ‘tip of the iceberg' | SC Media (scmagazine.com)
Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek
Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)
Chinese government website security has big problems • The Register
Espionage breaches account for 25% in APAC, report reveals (securitybrief.co.nz)
Russia
Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)
Russian Hackers Target Industrial Systems in North America, Europe - SecurityWeek
Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say | CyberScoop
Germany grapples with wave of spying threats from Russia and China - BBC News
Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)
Germany Warns Of Consequences For Alleged Russian Cyber Attack (rferl.org)
Hackers Claim to Have Infiltrated Belarus’ Main Security Service - SecurityWeek
Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyber Attack (darkreading.com)
Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)
Two British men charged with helping Russian intelligence - BBC News
Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)
Iran
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
When is One Vulnerability Scanner Not Enough? (thehackernews.com)
Vulnerability exploitation nearly tripled in 2023 (telecoms.com)
Vulnerabilities
Cisco devices again targeted by state-linked threat campaign - TechCentral.ie
Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)
1,200+ Vulnerabilities Detected In Microsoft Products In 2023 (gbhackers.com)
Most attacks affecting SMBs target five older vulnerabilities | CSO Online
Severe Flaws Disclosed in Brocade SANnav SAN Management Software (thehackernews.com)
UnitedHealth hackers took advantage of Citrix vulnerability to break in, CEO says (yahoo.com)
Palo Alto Updates Remediation for Max-Critical Firewall Bug (darkreading.com)
WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot
Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (thehackernews.com)
Grafana Tool Vulnerability Let Attackers Inject SQL Queries (gbhackers.com)
Microsoft says April Windows updates break VPN connections (bleepingcomputer.com)
NTLM auth traffic spikes after Windows Server patch • The Register
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)
Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (thehackernews.com)
Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)
1,400 GitLab Servers Impacted by Exploited Vulnerability - SecurityWeek
Tools and Controls
Why remote desktop tools are facing an onslaught of cyber threats | ITPro
Correlating Cyber Investments With Business Outcomes (inforisktoday.com)
When is One Vulnerability Scanner Not Enough? (thehackernews.com)
Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar
Can automating security relieve CISO pressure? (techinformed.com)
10 Critical Endpoint Security Tips You Should Know (thehackernews.com)
Businesses turn to generative AI but many don't have policies on it (betanews.com)
Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack
Organisations Struggle with Zero Trust: Gartner | MSSP Alert
Tech Tip: Why Haven't You Set Up DMARC Yet? (darkreading.com)
97% of security leaders have increased SaaS security budgets - Help Net Security
DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)
How to Red Team GenAI: Challenges, Best Practices, and Learnings (darkreading.com)
Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek
Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)
Why LLMs are predicting the future of compliance and risk management | VentureBeat
Other News
Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar
A Season Of Health Breaches, A Season Of Changes (forbes.com)
Bank of England tells payment firms to step up disruption mitigation plans (yahoo.com)
NCSC updates warning over hacktivist threat to CNI | Computer Weekly
The EU's Strategy for a Cyber Secure Digital Single Market | UpGuard
To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware (darkreading.com)
During National Small Business Week, Take Steps to Secure Your Business | CISA
At Microsoft, years of security debt come crashing down | Cybersecurity Dive
Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 April 2024
Black Arrow Cyber Threat Intelligence Briefing 12 April 2024:
-UK Cyber Breaches Survey Finds Business Falling Short on Cyber, as Half Suffer Breach and Many Fail to Report
-The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realise
-UK Government Urged to Get on ‘Front Foot’ with Ransomware Instead of ‘Absorbing the Punches’
-74% of Employees Falling Victim to Phishing Attacks Hit with Disciplinary Actions; Egress Reveals
-Why Are Many Businesses Turning to Third-Party Security Partners?
-60% of SMBs and 74% of Businesses with up to 500 Employees are Concerned About Cyber Security as Attacks Rise
-Cyber Attacks Cost Financial Firms $12bn Says IMF
-LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call
-Most Cyber Criminal Threats are Concentrated in Just a Few Countries
-Why Incident Response is the Best Cyber Security ROI
-Ransomware Attacks are the Canaries in the Cyber Coal Mine
-Cyber Security is Crucial, but What is Risk and How do You Assess it?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Cyber Breaches Survey Finds Business Falling Short on Cyber, as Half Suffer Breach and Many Fail to Report
Half of UK businesses experienced a cyber breach last year, according to a survey by the UK Government. The figure could be much higher however, as the survey found only 34% report breaches externally.
It is said that a cyber incident is a matter of when, not if. Nonetheless, 78% of organisations lack a dedicated response plan outlining actions to be taken in the event of a cyber incident and only 11% review their immediate suppliers for risks. To improve cyber resilience, there needs to be a paradigm shift.
Sources: [Computer Weekly] [Computing] [Infosecurity Magazine] [Info Risk Today]
Cyber Attacks Cost Financial Firms $12bn Says IMF
A recent International Monetary Fund (IMF) report has highlighted significant financial losses in the financial services sector, totalling $12 billion over the last two decades due to cyber attacks, with losses accelerating post-pandemic. The number of incidents and the scale of extreme losses have sharply increased, prompting the IMF to urge enhanced cross-border cooperation to uphold the stability of the global financial system.
The report underscores the critical threat that cyber attacks pose to financial stability, particularly for banks in advanced economies which are more exposed to such risks. With major institutions like JP Morgan facing up to 45 billion cyber threats daily, the IMF emphasises the need for international collaboration to effectively manage and mitigate these risks.
Source: [Finextra]
The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realise
A critical security breach was narrowly avoided when a Microsoft developer detected suspicious activity in XZ Utils, an open-source library crucial to internet infrastructure. This discovery revealed that a new developer had implanted a sophisticated backdoor in the software, potentially giving unauthorised access to millions of servers worldwide. This incident has intensified scrutiny on the vulnerabilities of open-source software, which is largely maintained by unpaid or underfunded volunteers and serves as a backbone for the internet economy. The situation has prompted discussions among government officials and cyber security experts about enhancing the protection of open-source environments. This close call, described by some as a moment of "unreasonable luck," underscores the pressing need for sustainable support and rigorous security measures in the open-source community.
Source: [Inc.com]
UK Government Urged to Get on ‘Front Foot’ with Ransomware Instead of ‘Absorbing the Punches’
Amidst a rising tide of ransomware attacks affecting wide range of UK services, officials in Westminster are being pressured to enhance funding for operations aimed at disrupting ransomware gangs. The current strategy focuses on bolstering organisational cyber security and recovery preparedness, a stance under the second pillar of the UK's National Cyber Strategy known as resilience. However, this approach has not curbed the frequency of incidents, which have steadily increased over the past five years, impacting sectors including the NHS and local governments. In contrast to the proactive disruption efforts seen in the US, the UK has yet to allocate new funds for such measures, despite successful disruptions like the recent takedown of the LockBit gang by the US National Crime Agency, which underscored the potential benefits of increased resources for cyber crime disruption.
Source: [The Record Media]
74% of Employees Falling Victim to Phishing Attacks Hit with Disciplinary Actions
The Egress 'Email Threat Landscape 2024' report reveals a surge in phishing attacks, with 94% of companies falling victim to this type of crime in this past year alone, leading to increasingly complex cyber security challenges. According to the report, 96% of these companies suffered significant repercussions, including operational disruption and data breaches, with common attack vectors being malicious URLs, and malware or ransomware attachments.
The human cost is also notable, with 74 per cent of employees involved in attacks having faced disciplinary actions, dismissals, or voluntary departures, underscoring the severity of the issue and the heightened vigilance among companies in addressing the phishing threat. Financial losses primarily stem from customer churn, which accounts for nearly half of the total impact. Amidst rising attacks through compromised third-party accounts, Egress advocates for stronger monitoring and defence strategies to protect critical data and reduce organisational and individual hardships.
Source: [The Fintech Times]
Why Are Many Businesses Turning to Third-Party Security Partners?
In 2023, 71% of organisations reported being impacted by a cyber security skills shortage, leading many to scale back their cyber security initiatives amid escalating threats. To bridge the gap, businesses are increasingly turning to third-party security partnerships, reflecting a shift towards outsourcing crucial cyber security operations to handle complex challenges more efficiently. This approach is driven by the need to fill technical and resource gaps in the face of a severe workforce shortfall, with an estimated 600,000 unfilled security positions in the US alone. Moreover, these strategic partnerships allow organisations to leverage external expertise for scalable and effective security solutions, alleviating the burden of staying updated with the rapidly evolving threat landscape.
Source: [Help Net Security]
74% of Businesses with up to 500 Employees are Concerned About Cyber Security as Attacks Rise
According to a recent poll by the US Chamber of Commerce, 60% of small businesses expressed concerns about threats, with 58% concerned about a supply chain breakdown. The highest concern came from businesses with 20-500 employees (74%). Despite such concern, only 49% had trained staff on cyber security. When it came to the impact of a cyber event, 27% of respondents say they are one disaster or threat away from shutting down their business.
Sources: [Malwcv arebytes][Marketplace] [US Chamber]
LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call
LastPass recently reported a thwarted voice phishing attack targeting one of its employees using deepfake audio technology to impersonate CEO Karim Toubba. The attack, conducted via WhatsApp, was identified by the employee as suspicious due to the unusual communication channel and clear signs of social engineering, such as forced urgency. Despite the failure of this particular attempt, LastPass has shared the incident publicly to highlight the growing use of AI-generated deepfakes in executive impersonation schemes. This incident underscores a broader trend, as indicated by alerts from both the US Department of Health and Human Services and the FBI, pointing to an increase in sophisticated cyber attacks employing deepfake technology for fraud, social engineering, and potential influence operations.
Source: [Bleepingcomputer]
Most Cyber Criminal Threats are Concentrated in Just a Few Countries
Oxford researchers have developed the world's first cyber crime index to identify global hotspots of cyber criminal activity, ranking countries based on the prevalence and sophistication of cyber threats. The index reveals that a significant portion of cyber threats is concentrated in a few countries, with Russia and Ukraine positioned at the top, with the USA and the UK also ranking prominently. The results indicate that countries like China, Russia, Ukraine, the US, Romania, and Nigeria are among the top hubs for activities ranging from technical services to money laundering. This tool aims to refine the focus for cyber crime research and prevention efforts, although the study acknowledges the need for a broader and more representative sample of expert opinions to enhance the accuracy and applicability of the findings. The index underscores that while cyber crime may appear globally fluid, it has pronounced local concentrations.
Sources: [ThisisOxfordshire] [Phys Org]
Why Incident Response is the Best Cyber Security ROI
The Microsoft Incident Response Reference Guide predicts that most organisations will encounter one or more major security incidents where attackers gain administrative control over crucial IT systems and data. While complete prevention of cyber attacks may not be feasible, prompt and effective incident response is essential to mitigate damage and protect reputations. However, many organisations may not be adequately budgeting for incident response, and the recent UK Government report found that 78% of organisations do not have formalised incident response plans, risking prolonged recovery and increased costs. Cyber crime damages hit $23b in 2023, but the true costs of incidents includes non-financial damage such as reputational harm. If a cyber incident is a matter of when, not if, then a prepared incident response plan is the best cyber security ROI.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [CSO Online]
Ransomware Attacks are the Canaries in the Cyber Coal Mine
A recent report has found that ransomware attacks were up 110% compared to the prior month, stating that unreported attacks were up to 6 times higher. The report found that tactics are increasingly using data extortion, with 92% of attacks utilising this method.
Sources: [Silicon Republic] [The Hill]
Cyber Security is Crucial, but What is Risk and How do You Assess it?
Cyber security is an increasingly sophisticated game of cat and mouse, where the landscape is constantly shifting. Your cyber risk is the probability of negative impacts stemming from a cyber incident, but how do you assess risk?
One thing to understand is that there are a multitude of risks: risks from phishing, risks from insiders, risks from network attacks, risks of supply chain compromise, and of course, nation states. To understand risk, an organisation must first identify the information that it needs to protect, to avoid only learning of the information asset’s existence from a successful attacker. Once all assets are identified, then organisations should conduct risk assessments to identify threats and an evaluation the potential damage that can be done.
Sources: [Security Boulevard] [International Banker]
Governance, Risk and Compliance
Cyber attacks cost financial firms $12bn says IMF (finextra.com)
UK business falling short on cybersecurity warns government report (computing.co.uk)
60% of small businesses are concerned about cyber security threats | Malwarebytes
Cyber attacks on small businesses are on the rise - Marketplace
What is cyber security risk & how to assess - Security Boulevard
Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)
Why Cyber Security Is More Crucial Today Than Ever Before (internationalbanker.com)
Why are many businesses turning to third-party security partners? - Help Net Security
CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)
Why incident response is the best cyber security ROI | CSO Online
Privacy Versus Cyber – What is the Bigger Risk? | Jackson Lewis P.C. - JDSupra
Large businesses struggle to tackle cyber threats (betanews.com)
Resilience And Antifragility Are The Best Strategies For 2024 (forbes.com)
The state of secrets security: 7 action items for better managing risk - Security Boulevard
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online
Why cyberpsychology is such an important part of effective cyber security | CSO Online
Cyber Security in the Evolving Threat Landscape (securityaffairs.com)
How CISOs can make themselves ready to serve on the board | CSO Online
CISOs Need A Data-Driven Approach To Offensive Security (forbes.com)
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware surged 110pc last month, report claims (siliconrepublic.com)
Ransomware attacks are the canaries in the cyber coal mine | The Hill
Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch
Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware (darkreading.com)
Ransomware group maturity should influence ransom payment decision - Help Net Security
Proactive and Reactive Ransomware Protection Strategies - Security Boulevard
How can the energy sector bolster its resilience to ransomware attacks? - Help Net Security
CL0P's Ransomware Rampage - Security Measures for 2024 (thehackernews.com)
LockBit copycat DarkVault spurs rebranding rumour | SC Media (scmagazine.com)
Ransomware payouts hit all-time high, but that’s not the whole story (securityintelligence.com)
Ransomware Victims
Second ransomware gang says it’s extorting Change Healthcare • The Register
Targus says it is facing major cyber attack, global operations hit | TechRadar
Optics giant Hoya hit with $10 million ransomware demand (bleepingcomputer.com)
Panera Bread week-long IT outage caused by ransomware attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)
How malicious email campaigns continue to slip through the cracks - Help Net Security
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)
Cyber Criminals Invade Inboxes: What Small Businesses Can Do (pymnts.com)
Phishing Detection and Response: What You Need to Know - Security Boulevard
Other Social Engineering
Cyber Criminals Target Victims Using Social Engineering Techniques (ic3.gov)
Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)
LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)
Artificial Intelligence
China is using generative AI to carry out influence operations (securityaffairs.com)
What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru
AI risks under the auditor's lens more than ever - Help Net Security
Speed of AI development is outpacing risk assessment | Ars Technica
Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)
LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)
AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)
How Artificial Intelligence Is Fuelling Incel Communities (yahoo.com)
2FA/MFA
Malware
Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)
Sophisticated Latrodectus Malware Linked to 2017 Strain (inforisktoday.com)
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)
Bing ad posing as NordVPN aims to spread SecTopRAT malware | SC Media (scmagazine.com)
ScrubCrypt used to drop VenomRAT along with many malicious plugins (securityaffairs.com)
Unit 42: Malware-initiated scanning attacks on the rise | TechTarget
RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)
Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files (thehackernews.com)
Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)
Mobile
Denial of Service/DoS/DDOS
How Nation-State DDoS Attacks Impact Us All (darkreading.com)
DDoS Protection Needs Detective and Preventive Controls (darkreading.com)
French cities knocked offline by 'large-scale cyber attack' • The Register
Internet of Things – IoT
Amazon Removes a Feature From Fire TVs Over Security Concerns | Cord Cutters News
Over 90,000 LG Smart TVs may be exposed to remote attacks (bleepingcomputer.com)
EV Charging Stations Still Riddled With Cyber Security Vulnerabilities (darkreading.com)
UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO
Hotel check-in terminal leaks rafts of guests' room codes • The Register
Data Breaches/Leaks
Many of the world's biggest companies reported data breaches last year | TechRadar
US Data Breach Reports Surge 90% Annually in Q1 - Infosecurity Magazine (infosecurity-magazine.com)
37% of publicly shared files expose personal information - Help Net Security
Acuity confirms hackers stole non-sensitive govt data from GitHub repos (bleepingcomputer.com)
Home Depot confirms third-party data breach exposed employee info (bleepingcomputer.com)
AT&T now says data breach impacted 51 million customers (bleepingcomputer.com)
DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)
Taxi software vendor exposes personal details of nearly 300K • The Register
Employee credentials leaked in Microsoft security lapse (techmonitor.ai)
Organised Crime & Criminal Actors
Russia ranked biggest cyber crime threat to rest of the world | Tech News | Metro News
Oxford research uncovers world cyber crime hotspots | thisisoxfordshire
Cyber crooks poison GitHub search to fool developers | Computer Weekly
Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers deploy crypto drainers on thousands of WordPress sites (bleepingcomputer.com)
RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)
Insider Risk and Insider Threats
Microsoft employees exposed internal passwords in security lapse | TechCrunch
Insider Threats Surge Amid Growing Foreign Interference - Security Boulevard
Insurance
US insurers using drones to deny home insurance policies • The Register
Cyber Insurance: Sexy? No. Important? Critically yes. - Security Boulevard
Supply Chain and Third Parties
Why a near-miss cyber attack put US officials and the tech industry on edge - The Japan Times
DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)
Encryption
Linux and Open Source
The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realize | Inc.com
Supply chain attack sends shockwaves through open-source community | CyberScoop
German state ditches Microsoft for Linux and LibreOffice | ZDNET
Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch
Who’s the bigger cyber security risk – Microsoft or open source? (reason.com)
Passwords, Credential Stuffing & Brute Force Attacks
Reusing passwords: The hidden cost of convenience (bleepingcomputer.com)
Microsoft employees exposed internal passwords in security lapse | TechCrunch
CISA says Sisense hack impacts critical infrastructure orgs (bleepingcomputer.com)
Social Media
Regulations, Fines and Legislation
Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)
Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch
Spy Law Needs Fixing Now to Stop Overreach—Not a Backdoor Boost (bloomberglaw.com)
CISA: 300,000+ Small Entities Covered By Proposed Cyber Reporting Regs | MSSP Alert
CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)
Models, Frameworks and Standards
HIPAA Fundamentals for Providers | Tucker Arensberg, P.C. - JDSupra
Process and Control Today | NIS2 – cyber security directive from the EU. Get ready! (pandct.com)
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED
China is using generative AI to carry out influence operations (securityaffairs.com)
Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)
Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)
UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO
China flooding Britain with fake stamps in act of 'economic warfare' (telegraph.co.uk)
Russia
Germany to launch cyber military branch to combat Russian threats (therecord.media)
US says Russian hackers stole federal government emails during Microsoft cyber attack | TechCrunch
Macron: Russia will target Paris Olympics (insidethegames.biz)
Cyber attack on TV channel BabyTV: Toddlers suddenly exposed to Russian propaganda | NL Times
Cyber security in 2023: Estonia's year of advanced threats (e-estonia.com)
Oxford research uncovers world cyber crime hotspots | thisisoxfordshire
Most cyber criminal threats are concentrated in just a few countries, new index shows (phys.org)
Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Top Israeli spy chief exposes his true identity in online security lapse | Israel | The Guardian
Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)
Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (thehackernews.com)
Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)
Vulnerability Management
Zero-Day Attacks on the Rise: Google Reports 50% Increase in 2023 - Security Boulevard
How exposure management elevates cyber resilience - Help Net Security
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits - Security Week
Unit 42: Malware-initiated scanning attacks on the rise | TechTarget
Vulnerabilities
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (thehackernews.com)
Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products - Security Week
SAP's April 2024 Updates Patch High-Severity Vulnerabilities - Security Week
Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers - Security Week
Two new bugs can bypass detection and steal SharePoint data | SC Media (scmagazine.com)
New SharePoint flaws help hackers evade detection when stealing files (bleepingcomputer.com)
Hackers Claiming of Working Windows 0-Day LPE Exploit (cybersecuritynews.com)
Microsoft fixes five security vulnerabilities in Edge 123 - Neowin
Cisco Warns of Vulnerability in Discontinued Small Business Routers - Security Week
Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)
+16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 (securityaffairs.com)
Over 92,000 exposed D-Link NAS devices have a backdoor account (bleepingcomputer.com)
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits - Security Week
Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (thehackernews.com)
Intel and Lenovo servers impacted by 6-year-old BMC flaw (bleepingcomputer.com)
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)
Fortinet Patches Critical RCE Vulnerability in FortiClientLinux - Security Week
Researchers Resurrect Spectre v2 Attack Against Intel CPUs - Security Week
AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)
Severe Vulnerabilities Discovered in Software to Protect Internet Routing (prleap.com)
Tools and Controls
Seven ways to be sure you can restore from backup | Computer Weekly
Why incident response is the best cyber security ROI | CSO Online
Improving Dark Web Investigations with Threat Intelligence | Recorded Future
What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru
What is cyber security risk & how to assess - Security Boulevard
Your Guide to Threat Detection and Response - Security Boulevard
Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)
How exposure management elevates cyber resilience - Help Net Security
Phishing Detection and Response: What You Need to Know - Security Boulevard
The state of secrets security: 7 action items for better managing risk - Security Boulevard
How Red Team Exercises Increases Your Cyber Health | Trend Micro (US)
How Google’s 90-day TLS certificate validity proposal will affect enterprises - Help Net Security
Reports Published in the Last Week
Other News
Third of charities experienced a cyber breach last year, government reports (civilsociety.co.uk)
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (thehackernews.com)
OODA Loop - The Water Sector Is Being Threatened. That Should Worry Everyone
France Bracing for Cyber Attacks During Summer Olympics - The New York Times (nytimes.com)
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task | TechTarget
The Baltimore Bridge Collapse Is a Warning | Proceedings - April 2024 Vol. 150/4/1,454 (usni.org)
Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)
Financial sector cyber security at the helm of investor protection | Mint (livemint.com)
US Health Dept warns hospitals of hackers targeting IT help desks (bleepingcomputer.com)
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online
Software-Defined Vehicle Fleets Face a Twisty Road on Cyber Security (darkreading.com)
Independent Pharmacies Must Prioritize Cyber Security (drugtopics.com)
Devious 'man in the middle' hacks on the rise: How to stay safe | PCWorld
Top 10 Attacker Techniques: What do They Mean for MSSPs? | MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 20 October 2023
Black Arrow Cyber Threat Intelligence Briefing 20 October 2023:
-Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment
-Cyber Security Investments Show Mature Business Mindset
-SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High
-Phishing Attacks Reach Record Highs as Banks, Financial Services Remain Top Targets with HR Remaining the Most Effective Phishing Lure
-Cyber Attacks are a Matter of When not if, The Best Time to Deal With Them is Before They Happen
-Lloyd's Of London Warns Of Worst-Case-Scenario Cyber Attack
-20,000 Britons Approached By Chinese Agents On LinkedIn, Says MI5 Head
-Ransomware - All it Takes is One Employee Mistake, Criminals are Aiming at Third-Party Vendors
-39% of Individuals Use the Same Password for Multiple Accounts
-Why Fourth-Party Risk Management Is a Must-Have
-AI Adoption Surges But Security Awareness Lags Behind
-UK watchdog fines Equifax £11 million for role in cyber breach
-Why Boards Must Understand and Govern Cyber Security Risk
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment
A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.
Sources: [PR Newswire] [TechRadar]
Cyber Security Investments Show Mature Business Mindset
Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.
Source: [Insider Media] [Compare the Cloud]
SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High
Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.
SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).
Source: (IT Security Guru)
Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure
Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.
In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.
Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]
Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen
Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.
Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Euronews] [The Times] [AI-CIO]
Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack
In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.
The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.
Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]
20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head
An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.
A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.
Sources: [Computer Weekly] [Tech Monitor] [Guardian]
Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors
According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.
Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.
Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.
Sources: [Security Affairs] [Claims Journal]
39% of Individuals Use the Same Password for Multiple Accounts
According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.
Source: [Security Magazine]
Why Fourth-Party Risk Management Is a Must-Have
Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.
Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.
Source: [Tech Target]
AI Adoption Surges but Security Awareness Lags Behind
A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.
Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.
Source: [Infosecurity Magazine]
UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach
Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six weeks after their parent company discover the hack.
Source: [Reuters]
Why Boards Must Understand and Govern Cyber Security Risk
The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Forbes]
Governance, Risk and Compliance
Many cyber bosses just aren't confident in their company's defences | TechRadar
SMBs seek help as cyber threats reach an all-time high - Help Net Security
SMBs seek cyber training, support as attack risk surges | CIO Dive
The real impact of the cyber security poverty line on small organisations - Help Net Security
Cyber security investments show mature business mindset, says IT expert | Insider Media
Is Cyber security Finally Becoming a Business Enabler? - Compare the Cloud
The best time to deal with cyber attacks is before they happen (thetimes.co.uk)
Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)
Over 70% of firms hit by cyber attack in last 12 months (rte.ie)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
Getting ready for NIS2 with strong identity controls | ITPro
10 Ways Boards Are Setting Their Companies Up For Cyber security Failure (forbes.com)
NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)
AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)
Cyber attacks to cost $23 trillion in 2027: US official | ABS-CBN News
How Cyber security Provides the Green Light for Business Innovation (govinfosecurity.com)
Essential cyber hygiene: Making cyber defence cost effective - Help Net Security
The Need for a Cyber security-Centric Business Culture (darkreading.com)
The double-edged sword of heightened regulation for financial services - Help Net Security
Report: Cyber attacks No. 1 cause of downtime and data loss | Security Magazine
Will CISOs Become Personally Liable for Breach Response? (inforisktoday.com)
Keeping control in complex regulatory environments - Help Net Security
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
7 risk mitigation strategies to protect business operations | TechTarget
How to go from collecting risk data to actually reducing risk? - Help Net Security
SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra
Regulations are still necessary to compel adoption of cyber security measures | ZDNET
CISOs and board members are finding a common language - Help Net Security
IT Disaster Recovery Best Practices: Preparing For The Worst (informationsecuritybuzz.com)
When And How To Hire A vCISO For Your Company's Cyber security Program (forbes.com)
18 Factors And Metrics To Show The Value Of Cyber security Initiatives (forbes.com)
Improve your cyber threat understanding with geopolitical context | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats? (thehackernews.com)
Ransomware realities in 2023: one employee mistake can cost a company millions (securityaffairs.com)
Ransomware Criminals Aiming at Third-Party Vendors in Hunt for ‘Big Game’ (claimsjournal.com)
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure (darkreading.com)
Giant health insurer struck by ransomware didn't have antivirus protection (malwarebytes.com)
CISA shares vulnerabilities, misconfigs used by ransomware gangs (bleepingcomputer.com)
What Are the Legal Implications of Paying Ransomware Demands? | HackerNoon
63% of organisations restore data after a ransomware attack | Security Magazine
Black Basta ransomware is out and about, again. (thecyberwire.com)
Ukrainian activists hack Trigona ransomware gang, wipe servers (bleepingcomputer.com)
Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire
Scammers are targeting plastic surgery clinics with extortion scams | TechRadar
BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks (bleepingcomputer.com)
Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)
Ransomware Victims
Lockbit ransomware gang demanded an 80 million ransom to CDW (securityaffairs.com)
Alphv gang stole 5TB of data from Morrison Community Hospital (securityaffairs.com)
Kansas Supreme Court Probes Potential Ransomware Attack (govinfosecurity.com)
KwikTrip all but says IT outage was caused by a cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
More than 95 per cent of phishing attacks target the banking and finance sectors (bizhub.vn)
Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE
VIPRE finds 233.9 million malicious emails detected in Q3 2023 (securitybrief.co.nz)
Make sure that email from HR is legit - it could be another phishing scam | TechRadar
Human resources emails remain top phishing targets - SiliconANGLE
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)
Artificial Intelligence
AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge (thehackernews.com)
AI-generated cyber attacks pose new risk to key UK infrastructure, experts warn | The Independent
North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar
Generative AI is scaring CISOs – but adoption isn’t slowing down | CSO Online
Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online
2FA/MFA
Malware
Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE
DarkGate malware spreads through compromised Skype accounts (bleepingcomputer.com)
BLOODALCHEMY provides backdoor to ASEAN secrets • The Register
Discord still a hotbed of malware activity — Now APTs join the fun (bleepingcomputer.com)
Researchers warn of increased malware delivery via fake browser updates - Help Net Security
Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)
Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica
Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)
Beware - that Google Chrome update alert might actually just be malware | TechRadar
Mobile
SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls (thehackernews.com)
The top 9 mobile security threats and how you can avoid them | ZDNET
Hackers exploit security flaw to target iOS 17 iPhones with 'notification attack' | Macworld
Google Play Protect adds real-time scanning to fight Android malware (bleepingcomputer.com)
Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Inadequate IoT protection can be a costly mistake - Help Net Security
Israelis told to secure their home security cameras against hackers • Graham Cluley
Logistics Matters - Alert: How hackers use printers to gain access
Data Breaches/Leaks
UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters
Casio discloses data breach impacting customers in 149 countries (bleepingcomputer.com)
530K people's info stolen from cloud PC gaming's Shadow • The Register
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)
Hackers stole a million people's DNA. But what will they do with it? | Tech News | Metro News
23AndMe Hacker Leaks New Tranche of Stolen Data (darkreading.com)
Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)
Lost and Stolen Devices: A Gateway to Data Breaches and Leaks - SecurityWeek
Twitter glitch allows CIA informant channel to be hijacked - BBC News
Care provider under fire over response to cyber attack (thetimes.co.uk)
Organised Crime & Criminal Actors
Cyber attacks -- where they come from and the tactics they use (betanews.com)
Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online
Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)
Single Sign On and the Cyber crime Ecosystem (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Employees leaving businesses open to cyber attack – QBE research - CIR Magazine
Why disaffected employees are your greatest cyber security risk | Federal News Network
Ex-Navy IT head gets 5 years for selling people’s data on darkweb (bleepingcomputer.com)
Insurance
How MOVEit Is Likely to Shift Cyber Insurance Calculus (darkreading.com)
How Data Changes the Cyber Insurance Market Outlook (darkreading.com)
What to Look for in Cyber Insurance Coverage | Proofpoint US
Supply Chain and Third Parties
Identity and Access Management
Encryption
Linux and Open Source
Open To Attack: The Risks Of Open-Source Software Attacks (informationsecuritybuzz.com)
Can open source be saved from the EU's Cyber Resilience Act? • The Register
Report Finds Few Open Source Projects are Actively Maintained - Slashdot
Passwords, Credential Stuffing & Brute Force Attacks
IT Admins Are Just as Guilty For Weak Password Use- IT Security Guru
Over 40,000 admin portal accounts use 'admin' as a password (bleepingcomputer.com)
39% of individuals use the same password for multiple accounts | Security Magazine
Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)
Passkeys Are Cool, But They Aren't Enterprise-Ready (darkreading.com)
A worrying amount of corporate IDs still aren't properly protected | TechRadar
Social Media
Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)
Twitter glitch allows CIA informant channel to be hijacked - BBC News
Malvertising
Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)
Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica
Clever malvertising attack uses Punycode to look like KeePass's official website (malwarebytes.com)
Training, Education and Awareness
Regulations, Fines and Legislation
UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters
One year left for companies to implement NIS2 cyber security directive (wbj.pl)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)
Can open source be saved from the EU's Cyber Resilience Act? • The Register
Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky (darkreading.com)
The double-edged sword of heightened regulation for financial services - Help Net Security
Top US Cyber Agency Pushing Toward First Hack Reporting Rule (bloomberglaw.com)
Keeping control in complex regulatory environments - Help Net Security
UN cyber crime treaty: A menace in the making – EURACTIV.com
SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra
Models, Frameworks and Standards
One year left for companies to implement NIS2 cyber security directive (wbj.pl)
The future of cyber security regulation: what to look out for with NIS2 | TechRadar
NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)
NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)
Backup and Recovery
Principles for ransomware-resistant cloud backups - NCSC.GOV.UK
63% of organisations restore data after a ransomware attack | Security Magazine
Data Protection
Careers, Working in Cyber and Information Security
Over half of cyber security pros say they want to switch jobs (betanews.com)
Compelling Reasons Why You Should Study Cyber Security - Minutehack
Your guide to landing a job in cyber security (fastcompany.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats
Misc Nation State/Cyber Warfare
‘Only a matter of time’ before cyber attacks are viewed as acts of war: Ex-NSA chief
Five Eyes issues five tips on thwarting nation state threats | Computer Weekly
Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure (thehackernews.com)
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
The evolution of deception tactics from traditional to cyber warfare - Help Net Security
Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)
Government officials debate effectiveness of multilateral relations in cyber security | ZDNET
Defence leaders recognise need to adapt to win in ‘information battlespace’ | BAE Systems
Geopolitical Threats/Activity
How Cyber attacks Could Affect the Israel-Hamas War (govinfosecurity.com)
Israelis told to secure their home security cameras against hackers • Graham Cluley
Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)
Pro-Israeli Hacktivist Group Predatory Sparrow Reappears (darkreading.com)
AI-Powered Israeli 'Cyber Dome' Defence Operation Comes to Life (darkreading.com)
Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)
Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)
Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems (darkreading.com)
China
Mandia: China replaces Russia as top cyber threat | CyberScoop
FBI boss slams ‘unprecedented’ Chinese cyberespionage and IP theft | SC Media (scmagazine.com)
Five Eyes warn of growing threat of IP 'theft' by China's hackers (techmonitor.ai)
20,000 Britons approached by Chinese agents on LinkedIn, says MI5 head | MI5 | The Guardian
Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration (thehackernews.com)
BLOODALCHEMY provides backdoor to ASEAN secrets • The Register
TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)
Huawei wants to know why EU labelled it high security risk • The Register
Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw (thehackernews.com)
Russia
Mandia: China replaces Russia as top cyber threat | CyberScoop
Russia-based Wizard Spider is Top Threat Group: Netskope Report | MSSP Alert
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
Russian Sandworm hackers breached 11 Ukrainian telcos since May (bleepingcomputer.com)
Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)
Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)
Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)
Iran
Iranian hackers lurked in Middle Eastern govt network for 8 months (bleepingcomputer.com)
Hamas-linked app offers window into cyber infrastructure, possible links to Iran | CyberScoop
North Korea
Vulnerability Management
Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)
Microsoft Needs to Get Serious About Its Windows 10 Upgrade Problem (pcmag.com)
Vulnerabilities
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 - SecurityWeek
Cisco working on fix for critical IOS XE zero-day | TechTarget
Oracle Patches 185 Vulnerabilities With October 2023 CPU - SecurityWeek
Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms (thehackernews.com)
Juniper Networks Patches Over 30 Vulnerabilities in Junos OS - SecurityWeek
Hackers exploit critical flaw in WordPress Royal Elementor plugin (bleepingcomputer.com)
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software (thehackernews.com)
Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)
Tools and Controls
Well-informed employees act as 1st line of defence against cyber threats
SMBs seek cyber training, support as attack risk surges | CIO Dive
Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)
Essential cyber hygiene: Making cyber defence cost effective - Help Net Security
Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)
Improve your cyber threat understanding with geopolitical context | CSO Online
Why Zero Trust Is the Cloud Security Imperative (darkreading.com)
3 Essential Steps to Strengthen SaaS Security (darkreading.com)
Google Authenticator synchronization raises MFA concerns | TechTarget
Email Security Best Practices for Phishing Prevention (trendmicro.com)
What to Look for in Cyber Insurance Coverage | Proofpoint US
How to go from collecting risk data to actually reducing risk? - Help Net Security
Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)
OSINT isn't immediate ground truth--it's the result of analysis. (thecyberwire.com)
How Data Changes the Cyber Insurance Market Outlook (darkreading.com)
What is Structured Threat Information eXpression (STIX)? (techtarget.com)
Other News
SMBs Struggle to Keep Pace with Cyber Security Threats - IT Security Guru
Many SMBs really don't know exactly what security tools they need | TechRadar
Hackers Hit The IT Industry: 12 Companies Targeted In 2023 | CRN
What the Hollywood Writers Strike Resolution Means for Cyber security (darkreading.com)
Progress gets SEC subpoena over MOVEit breach – and more! • The Register
Cyber attacks on healthcare organisations affect patient care - Help Net Security
Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)
Thinking about the phrase 'cyber security' | Microscope (computerweekly.com)
Space industry group turns up volume on satellite vulnerabilities - SpaceNews
5 Tips for Improving Security in Public Sector (govinfosecurity.com)
Marketers Must Make Cyber security A Priority Every Day (forbes.com)
UK at risk of massive security breach from national HMRC IT meltdown | The Independent
UK warns nuclear power plant operator of cyber security failings (therecord.media)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 13 January 2023
Black Arrow Cyber Threat Briefing 13 January 2023:
-Quarter of UK SMBs Hit by Ransomware in 2022
-Global Cyber Attack Volume Surges 38% in 2022
-1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite the Majority of Employees Having Access to Critical Data
-AI-Generated Phishing Attacks Are Becoming More Convincing
-Customer and Employee Data the Top Prize for Hackers
-Royal Mail hit by Ransomware Attack, Causes ‘Severe Disruption’ to Services
-The Guardian Confirms Personal Information Compromised in Ransomware Attack
-Ransomware Gang Releases Info Stolen from 14 UK Schools, Including Passport Scans
-The Dark Web’s Criminal Minds See Internet of Things as Next Big Hacking Prize
-Corrupted File to Blame for Computer Glitch which Grounded Every US Flight
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Quarter of UK SMBs Hit by Ransomware in 2022
Over one in four (26%) British SMBs have been targeted by ransomware over the past year, with half (47%) of those compromised paying their extorters, according to new data from anti-virus provider Avast. The security vendor polled 1000 IT decision makers from UK SMBs back in October, to better understand the risk landscape over the previous 12 months.
More than two-thirds (68%) of respondents said they are more concerned about being attacked since the start of the war in Ukraine, fuelling concerns that have led to half (50%) investing in cyber-insurance. They’re wise to do so, considering that 41% of those hit by ransomware lost data, while 34% lost access to devices, according to Avast.
Given that SMBs comprise over 99% of private sector businesses in the country, it’s reassuring that cyber is now being viewed as a major business risk. Nearly half (48%) ranked it as one of the biggest threats they currently face, versus 66% who cited financial risk stemming from surging operational cost. More respondents cited cyber as a top threat than did physical security (35%) and supply chain disruption (33%).
Avast argued that SMBs are among the groups most vulnerable to cyber-threats as they often have very limited budget and resources, and many don’t have somebody on staff managing security holistically. As a result, not only are SMB’s lacking in their defence, but they’re also slower and less able to react to incidents.
https://www.infosecurity-magazine.com/news/quarter-of-uk-smbs-hit-ransomware/
Global Cyber Attack Volume Surges 38% in 2022
The number of cyber attacks recorded last year was nearly two-fifths (38%) greater than the total volume observed in 2021, according to Check Point.
The security vendor claimed the increase was largely due to a surge in attacks on healthcare organisations, which saw the largest year-on-year (YoY) increase (74%), and the activities of smaller, more agile hacking groups.
Overall, attacks reached an all-time high in Q4 with an average of 1168 weekly attacks per organisation. The average weekly figures for the year were highest for education sector organisations (2314), government and military (1661) and healthcare (1463).
Threat actors appear to have capitalised on gaps in security created by the shift to remote working. The ransomware ecosystem is continuing to evolve and grow with smaller, more agile criminal groups that form to evade law enforcement. Hackers are also now increasingly widening their aim to target business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits. These make for a rich source of sensitive data given that most organisations’ employees continue to work remotely.
It is predicted that AI tools like ChatGPT would help to fuel a continued surge in attacks in 2023 by making it quicker and easier for bad actors to generate malicious code and emails.
Recorded cyber-attacks on US organisations grew 57% YoY in 2022, while the figure was even higher in the UK (77%). This chimes with data from UK ISP Beaming, which found that 2022 was the busiest year on record for attacks. It recorded 687,489 attempts to breach UK businesses in 2022 – the equivalent of one attack every 46 seconds.
https://www.infosecurity-magazine.com/news/global-cyberattack-volume-surges/
1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite the Majority of Employees Having Access to Critical Data
New research from cyber security provider Hornetsecurity has found that 33% of companies are not providing any cyber security awareness training to users who work remotely.
The study also revealed nearly three-quarters (74%) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.
Despite the current lack of training and employees feeling ill-equipped, almost half (44%) of respondents said their organisation plans to increase the percentage of employees that work remotely. The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe.
Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk.
The independent survey, which quizzed 925 IT professionals from a range of business types and sizes globally, highlighted the security management challenges and employee cyber security risk when working remotely. The research revealed two core problems causing risk: employees having access to critical data, and not enough training being provided on how to manage cyber security or how to reduce the risk of a cyber-attack or breach.
AI-Generated Phishing Attacks Are Becoming More Convincing
It's time for you and your colleagues to become more sceptical about what you read.
That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harass, and spread fake news.
Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed. Amongst the use cases explored by the research were the use of GPT-3 models to create:
Phishing content – emails or messages designed to trick a user into opening a malicious attachment or visiting a malicious link
Social opposition – social media messages designed to troll and harass individuals or to cause brand damage
Social validation – social media messages designed to advertise or sell, or to legitimise a scam
Fake news – research into how well GPT-3 can generate convincing fake news articles of events that weren’t part of its training set
All of these could, of course, be useful to cyber criminals hell-bent on scamming the unwary or spreading unrest.
Customer and Employee Data the Top Prize for Hackers
The theft of customer and employee data accounts for almost half (45%) of all stolen data between July 2021 and June 2022, according to a new report from cyber security solution provider Imperva.
The data is part of a 12-month analysis by Imperva Threat Research on the trends and threats related to data security in its report “More Lessons Learned from Analysing 100 Data Breaches”.
Their analysis found that theft of credit card information and password details dropped by 64% compared to 2021. The decline in stolen credit card and password data pointing to the uptake of basic security tactics like multi-factor authentication (MFA). However, in the long term, PII data is the most valuable data to cyber-criminals. With enough stolen PII, they can engage in full-on identity theft which is hugely profitable and very difficult to prevent. Credit cards and passwords can be changed the second there is a breach, but when PII is stolen, it can be years before it is weaponised by hackers.
The research also revealed the root causes of data breaches, with social engineering (17%) and unsecured databases (15%) two of the biggest culprits. Misconfigured applications were only responsible for 2% of data breaches, but Imperva said that businesses should expect this figure to rise in the near future, particularly with cloud-managed infrastructure where configuring for security requires significant expertise.
It’s really concerning that a third (32%) of data breaches are down to unsecured databases and social engineering attacks, since they’re both straightforward to mitigate. A publicly open database dramatically increases the risk of a breach and, all too often, they are left like this not out of a failure of security practices but rather the total absence of any security posture at all.
https://www.infosecurity-magazine.com/news/customer-employee-data-hackers/
Royal Mail hit by Ransomware Attack, Causes ‘Severe Disruption’ to Services
Royal Mail experienced “severe service disruption” to its international export services following a ransomware attack, the company has announced. A statement said it was temporarily unable to despatch export items including letters and parcels to overseas destinations.
Royal Mail said: “We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue” and advising that “Some customers may experience delay or disruption to items already shipped for export.”
The attack was later attributed to LockBit, a prolific ransomware gang with close ties to Russia. Both the NCSC and the NCA were involved in responding to the incident.
https://www.independent.co.uk/business/royal-mail-cyber-attack-exports-b2260308.html
The Guardian Confirms Personal Information Compromised in Ransomware Attack
British news organisation The Guardian has confirmed that personal information was compromised in a ransomware attack in December 2022.
The company fell victim to the attack just days before Christmas, when it instructed staff to work from home, announcing network disruptions that mostly impacted the print newspaper.
Right from the start, the Guardian said it suspected ransomware to have been involved in the incident, and this week the company confirmed that this was indeed the case. In an email to staff on Wednesday, The Guardian Media Group’s chief executive and the Guardian’s editor-in-chief said that the sophisticated cyber attack was likely the result of phishing.
They also announced that the personal information of UK staff members was compromised in the attack, but said that reader data and the information of US and Australia staff was not impacted. “We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely,” the Guardian representatives said. While the attack forced the Guardian staff to work from home, online publishing has been unaffected, and production of daily newspapers has continued as well.
“We believe this was a criminal ransomware attack, and not the specific targeting of the Guardian as a media organisation,” the Guardian said.
The company continues to work on recovery and estimates that critical systems would be restored in the next two weeks. Staff, however, will continue to work from home until at least early February. “These attacks have become more frequent and sophisticated in the past three years, against organisations of all sizes, and kinds, in all countries,” the Guardian said.
https://www.securityweek.com/guardian-confirms-personal-information-compromised-ransomware-attack
Ransomware Gang Releases Info Stolen from 14 UK Schools, Including Passport Scans
Another month, another release of personal information stolen from a school system. This time, it's a group of 14 schools in the United Kingdom.
Once again, the perpetrator appears to be Vice Society, which is well known for targeting educational systems in the US. As the Cybersecurity and Infrastructure Security Agency (CISA) pointed out in a bulletin from Sept. 6, "K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers."
The UK hack may have turned up even more confidential information than the Los Angeles school system breach last year. As the BBC reported on Jan. 6, "One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions."
Some prominent school cyber attacks in the US include public school districts in Chicago, Baltimore, and Los Angeles. A new study from digital learning platform Clever claims that one in four schools experienced a cyber-incident over the past year, and according to a new report from security software vendor Emsisoft, at least 45 school districts and 44 higher learning institutions suffered ransomware attacks in 2022.
Schools are an attractive target as they are typically data-rich and resource-poor. Without proper resources in terms of dedicated staffing and the necessary tools and training to protect against cyber-attacks, schools can be a soft target. Many of the 14 schools hit by this latest leak are colleges and universities, but primary and secondary schools were also hit, according to the BBC's list.
The Dark Web’s Criminal Minds See Internet of Things as Next Big Hacking Prize
Cyber security experts say 2022 may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.
Criminal groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when they realise that it works to do damage or to get people to pay. Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.
For the past decade, manufacturers, software companies and consumers have been rushing to the promise of Internet of Things devices. Now there are an estimated 17 billion in the world, from printers to garage door openers, each one packed with software (some of it open-source software) that can be easily hacked.
What many experts are anticipating is the day enterprising criminals or hackers affiliated with a nation-state figure out an easy-to-replicate scheme using IoT devices at scale. A group of criminals, perhaps connected to a foreign government, could figure out how to take control of many things at once – like cars, or medical devices. There have already been large-scale attacks using IoT, in the form of IoT botnets. In that case, actors leveraging unpatched vulnerabilities in IoT devices used control of those devices to carry out denial of service attacks against many targets. Those vulnerabilities are found regularly in ubiquitous products that are rarely updated.
In other words, the possibility already exists. It’s only a question of when a criminal or a nation decides to act in a way that targets the physical world at a large scale. There are a handful of companies, new regulatory approaches, a growing focus on cars as a particularly important area, and a new movement within the software engineering world to do a better job of incorporating cyber security from the beginning.
Corrupted File to Blame for Computer Glitch which Grounded Every US Flight
A corrupted file has been blamed for a glitch on the Federal Aviation Administration's computer system which saw every flight grounded across the US.
All outbound flights were grounded until around 9am Eastern Time (2pm GMT) on Wednesday as the FAA worked to restore its Notice to Air Missions (NOTAM) system, which alerts pilots of potential hazards along a flight route.
On Wednesday 4,948 flights within, into or out of the US had been delayed, according to flight tracker FlightAware.com, while 868 had been cancelled. Most delays were concentrated along the East Coast. Normal air traffic operations resumed gradually across the US following the outage to the NOTAM system that provides safety information to flight crews.
A corrupted file affected both the primary and the backup systems, a senior government official told NBC News on Wednesday night, adding that officials continue to investigate. Whilst Government officials said there was no evidence of a cyber attack, it shows the real world impacts that an outage or corrupted file can cause.
Threats
Ransomware, Extortion and Destructive Attacks
Royal Mail unable to despatch items abroad after 'cyber incident' | UK News | Sky News
Lorenz ransomware gang plants backdoors to use months later (bleepingcomputer.com)
Quarter of UK SMBs Hit by Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Worldwide Ransomware Attacks Trend (informationsecuritybuzz.com)
LastPass Faces Class-Action Lawsuit Over Password Vault Breach (pcmag.com)
Rackspace: Ransomware actor accessed 27 customers' data | TechTarget
Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)
Risk & Repeat: Analysing the Rackspace ransomware attack | TechTarget
Guardian confirms it was hit by ransomware attack | The Guardian | The Guardian
Post-ransomware attack, The Guardian warns staff their personal data was accessed • Graham Cluley
The Guardian Confirms Personal Information Compromised in Ransomware Attack | SecurityWeek.Com
Royal Mail cyber attack linked to LockBit ransomware operation (bleepingcomputer.com)
Hive Ransomware leaked 550 GB stolen from Consulate Health Care - Security Affairs
Iowa’s largest school district cancels classes after cyber attack (bleepingcomputer.com)
Hackers leak sensitive files after attack on San Francisco transit police (nbcnews.com)
Vice Society ransomware claims attack on Australian firefighting service (bleepingcomputer.com)
Ransomware attack at Hope Sentamu Learning Trust in York | York Press
Phishing & Email Based Attacks
AI-generated phishing emails just got much more convincing • The Register
Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)
AI-generated phishing attacks are becoming more convincing | Tripwire
Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED
Phishing campaign targets government institution in Moldova - Security Affairs
Malware
Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)
Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED
ChatGPT Used to Develop New Malicious Tools - Infosecurity Magazine (infosecurity-magazine.com)
Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly
Many of 13 New Mac Malware Families Discovered in 2022 Linked to China | SecurityWeek.Com
Dridex Malware Now Attacking macOS Systems with Novel Infection Method (thehackernews.com)
Over 1,300 fake AnyDesk sites push Vidar info-stealing malware (bleepingcomputer.com)
Attackers abuse business-critical cloud apps to deliver malware - Help Net Security
New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors (thehackernews.com)
6 PyPI Packages Detour Firewall Using Cloudflare Tunnels (informationsecuritybuzz.com)
Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL (bleepingcomputer.com)
Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls (bleepingcomputer.com)
Gootkit Loader Actively Targets Australian Healthcare Industry (trendmicro.com)
Android TV box on Amazon came pre-installed with malware (bleepingcomputer.com)
VLC media player is being hiajcked to send out malware | TechRadar
RAT malware campaign tries to evade detection using polyglot files (bleepingcomputer.com)
Italian Users Warned of Malware Attack Targeting Sensitive Information (thehackernews.com)
Hackers push fake Pokemon NFT game to take over Windows devices (bleepingcomputer.com)
How to protect yourself from bot-driven account fraud - Help Net Security
Mobile
Android spyware strikes again targeting financial institutions and your money | Fox News
Messenger billed as better than Signal is riddled with vulnerabilities | Ars Technica
StrongPity hackers target Android users via trojanized Telegram app (bleepingcomputer.com)
Threema claims encryption flaws never had a real-world impact (bleepingcomputer.com)
Latest Firmware Flaws in Qualcomm Snapdragon Need Attention (darkreading.com)
Threat actors claim access to Telegram servers through insiders - Security Affairs
$20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)
Denial of Service/DoS/DDOS
The most significant DDoS attacks in the past year - Help Net Security
Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)
Internet of Things – IoT
The dark web's criminal minds see IoT as the next big hacking prize (cnbc.com)
Android TV box on Amazon came pre-installed with malware (bleepingcomputer.com)
Hackers can trick Wi-Fi devices into draining their own batteries | New Scientist
Data Breaches/Leaks
Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED
14 UK schools hit by cyber attack and documents leaked - BBC News
Air France and KLM notify customers of account hacks (bleepingcomputer.com)
Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans (darkreading.com)
Twitter's mushrooming data breach crisis could prove costly | CSO Online
Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (thehackernews.com)
CircleCI – code-building service suffers total credential compromise – Naked Security (sophos.com)
Aflac's Japan says US partner leaked cancer customer info • The Register
Data leak exposes information of 10,000 French social security beneficiaries | CSO Online
Chick-fil-A investigates reports of hacked customer accounts (bleepingcomputer.com)
Organised Crime & Criminal Actors
JP Morgan must face suit over $272m cybertheft • The Register
Cyber criminals are already using ChatGPT to own you | SC Media (scmagazine.com)
Russian Cyber Crew Targets Ukraine Financial Sector Via Infected USB Drives - MSSP Alert
2022 Was the Biggest Year Yet for Crypto, if You're a Crook (gizmodo.com)
Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
2022 Was the Biggest Year Yet for Crypto, if You're a Crook (gizmodo.com)
European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)
European cops shut down fake crypto call centres • The Register
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL (thehackernews.com)
Fraud, Scams & Financial Crime
European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)
Nationwide warns ‘checking is important’ as thousands targeted in online scam | Personal Finance |
How to protect yourself from bot-driven account fraud - Help Net Security
Insurance
Insurance Co. Beazley Launches $45M 'Cyber Catastrophe Bond' (gizmodo.com)
Insurer Beazley launches first catastrophe bond for cyber threats | Financial Times (ft.com)
4 Cyber Insurance Requirement Predictions for 2023 (trendmicro.com)
Dark Web
Threat actors claim access to Telegram servers through insiders - Security Affairs
$20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)
Pakistan tells government agencies to avoid the dark web • The Register
Software Supply Chain
Cloud/SaaS
Attackers abuse business-critical cloud apps to deliver malware - Help Net Security
Top SaaS Cyber security Threats in 2023: Are You Ready? (thehackernews.com)
Why Do User Permissions Matter for SaaS Security? (thehackernews.com)
Attack Surface Management
Why the atomized network is growing, and how to protect it - Help Net Security
Web 3.0 Shifts Attack Surface and Highlights Need for Continuous Security (darkreading.com)
Identity and Access Management
Encryption
RSA crypto cracked? Or perhaps not! – Naked Security (sophos.com)
What is Triple DES and why is it being disallowed? | TechTarget
Passwords, Credential Stuffing & Brute Force Attacks
A fifth of passwords used by federal agency cracked in security audit | Ars Technica
Why FIDO and passwordless authentication is the future - Help Net Security
'Copyright Infringement' Lure Used for Facebook Credential Harvesting (darkreading.com)
Why it might be time to consider using FIDO-based authentication devices | CSO Online
Social Media
Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED
Twitter's mushrooming data breach crisis could prove costly | CSO Online
Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (thehackernews.com)
If governments are banning TikTok, why is it still on your corporate devices? | CSO Online
'Copyright Infringement' Lure Used for Facebook Credential Harvesting (darkreading.com)
Training, Education and Awareness
Regulations, Fines and Legislation
Governance, Risk and Compliance
US cyber security director: The tech ecosystem has ‘become really unsafe’ (yahoo.com)
Global Cyber-Attack Volume Surges 38% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Global Risks Report: Understand the risk landscape in 2023 and beyond - Help Net Security
Why Analysing Past Incidents Helps Teams More Than Usual Security Metrics (darkreading.com)
Cyber security spending and economic headwinds in 2023 | CSO Online
Practical Risk Management - Beyond Certification (informationsecuritybuzz.com)
Vulnerable software, low incident reporting raises risks | TechTarget
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
European cops shut down fake crypto call centres • The Register
European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
AI-generated phishing emails just got much more convincing • The Register
ChatGPT: The infosec assistant that is jack of all trades, master of none - Help Net Security
Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)
VALL-E AI can mimic a person’s voice from a 3-second snippet • The Register
ChatGPT Artificial Intelligence: An Upcoming Cyber security Threat? (darkreading.com)
Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware (hackread.com)
Cyber criminals are already using ChatGPT to own you | SC Media (scmagazine.com)
Trojan Puzzle attack trains AI assistants into suggesting malicious code (bleepingcomputer.com)
ChatGPT Used to Develop New Malicious Tools - Infosecurity Magazine (infosecurity-magazine.com)
DHS, CISA plan AI-based cyber security analytics sandbox • The Register
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED
Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly
Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters
Russian cyber attacks on Ukraine halved with help from Amazon and Microsoft (telegraph.co.uk)
New Dark Pink APT group targets govt and military with custom malware (bleepingcomputer.com)
Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)
Phishing campaign targets government institution in Moldova - Security Affairs
Russian and Belarusian men charged with spying for Russian GRU - Security Affairs
Nation State Actors
Nation State Actors – Russia
Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED
Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly
Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters
Russian cyber attacks on Ukraine halved with help from Amazon and Microsoft (telegraph.co.uk)
How Elon Musk’s Starlink has changed warfare | The Economist
Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)
Phishing campaign targets government institution in Moldova - Security Affairs
Russian and Belarusian men charged with spying for Russian GRU - Security Affairs
Musk's Starlink Satellite's Role In Ukraine War Inspires Taiwan To Thwart Potential China Attack
Nation State Actors – China
Many of 13 New Mac Malware Families Discovered in 2022 Linked to China | SecurityWeek.Com
If governments are banning TikTok, why is it still on your corporate devices? | CSO Online
Musk's Starlink Satellite's Role In Ukraine War Inspires Taiwan To Thwart Potential China Attack
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
Patch Where it Hurts: Effective Vulnerability Management in 2023 (thehackernews.com)
70% of apps contain at least one security flaw after 5 years in production - Help Net Security
Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)
Does a hybrid model for vulnerability management make sense? • Graham Cluley
Vulnerabilities
Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day | SecurityWeek.Com
Microsoft plugs actively exploited zero-day hole (CVE-2023-21674) - Help Net Security
The Roadmap to Secure Access Service Edge (SASE) - MSSP Alert
Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica
Cyber criminals bypass Windows security with driver-vulnerability exploit | CSO Online
Attackers target govt networks exploiting Fortinet SSL-VPN CVE-2022-42475 - Security Affairs
Adobe Plugs Security Holes in Acrobat, Reader Software | SecurityWeek.Com
Zoom Patches High Risk Flaws on Windows, MacOS Platforms | SecurityWeek.Com
Cisco warns of auth bypass bug with public exploit in EoL routers (bleepingcomputer.com)
Swiss Threema messaging app found to have vulnerabilities • The Register
Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica
Critical bug in Cisco Small Business Routers will receive no patch - Security Affairs
Severe Vulnerabilities Allow Hacking of Asus Gaming Router | SecurityWeek.Com
JsonWebToken Security Bug Opens Servers to RCE (darkreading.com)
Latest Firmware Flaws in Qualcomm Snapdragon Need Attention (darkreading.com)
Tools and Controls
How to prevent and detect lateral movement attacks | TechTarget
Data Loss Prevention Capability Guide (informationsecuritybuzz.com)
4 key shifts in the breach and attack simulation (BAS) market - Help Net Security
How to prioritize effectively with threat modeling • The Register
XDR and the Age-old Problem of Alert Fatigue | SecurityWeek.Com
Why FIDO and passwordless authentication is the future - Help Net Security
Why it might be time to consider using FIDO-based authentication devices | CSO Online
DHS, CISA plan AI-based cyber security analytics sandbox • The Register
ChatGPT: The infosec assistant that is jack of all trades, master of none - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 May 2021
Black Arrow Cyber Threat Briefing 21 May 2021: Ransomware Attacks Are Spiking. Is Your Company Prepared?; Ban Ransom Payments To Hackers, Urges Ex-GCHQ Boss; How Penetration Testing Can Promote A False Sense Of Security; Ransomware’s New Swindle - Triple Extortion; ‘It’s A Battle, It’s Warfare’ - Experts Seek To Defeat Ransomware Attackers; 5 Reasons Why Enterprises Need Cyber Security Awareness And Training; 10 Emerging Cyber Security Trends To Watch In 2021
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
5 Reasons Why Enterprises Need Cyber Security Awareness And Training
Research shows that most cyber attacks rely on exploiting the human factor with the help of creative and innovative phishing techniques and other attack vectors. Almost 90% of all data breaches are caused due to human error. Therefore, even if an organisation has a robust cyber security infrastructure in place, the absence of cyber security awareness among employees can leave a huge gap in its cyber security framework. This gap can be easily exploited by cyber criminals to launch various types of cyber attacks. Hence, cyber security awareness and training are very much needed for any enterprise to secure it against cyber attacks.
Ban Ransom Payments To Hackers, Urges Ex-GCHQ Boss
Britain’s former cyber security chief has called for a ban on ransomware payments after the Irish health service became the latest to be hit by a major attack from international criminals. Ciaran Martin, the founding chief executive of GCHQ’s National Cyber Security Centre (NCSC), said that making payments illegal would help to break the lucrative global hacking business model. Martin said that businesses were helping to fund the organised criminals who locked and stole their data. “At the moment you can pay to make it quietly go away. There’s no legal obligations involved,” he said. “There’s no obligation to report to anybody, there’s no traceability of payment of crypto currency. We have allowed this to spiral in an invisible way.”
Ransomware’s New Swindle: Triple Extortion
Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial breach to grab even more cash for their crimes. Check Point’s latest ransomware report found that over the past year, ransomware payments have spiked by 171 percent, averaging about $310,000 — and that globally, the number of attacks has surged by 102 percent.
https://threatpost.com/ransomwares-swindle-triple-extortion/166149/
‘It’s A Battle, It’s Warfare’: Experts Seek To Defeat Ransomware Attackers
Cyber security experts like to joke that the hackers who have turned ransomware attacks into a multibillion-dollar industry are often more professional than even their biggest victims. Ransomware attacks — when cyber attackers lock up their target’s computer systems or data until a ransom is paid — returned to the spotlight this week after attacks hit one of the biggest petroleum pipelines in the US, Toshiba’s European business, and Ireland’s health service. While governments have pledged to tackle the problem, experts said the criminal gangs have become more enterprising and continue to have the upper hand. For businesses, they said, there is more pain to come. “This is probably the biggest conundrum in security because companies have to decide how far they participate in this cat-and-mouse game,” said Myrna Soto, former chief strategy and trust officer at Forcepoint and current board member of gas and electricity group Consumers Energy. “It’s a battle, it’s warfare, to be honest.”
https://www.ft.com/content/b48a2d70-4a8c-4407-83a2-59cd055068f8
Colonial Pipeline Boss Confirms $4.4M Ransom Payment
Its boss told the Wall Street Journal he authorised the payment on 7 May because of uncertainty over how long the shutdown would continue. "I know that's a highly controversial decision," Joseph Blount said in his first interview since the hack. The 5,500-mile (8,900-km) pipeline carries 2.5 million barrels a day. According to the firm, it carries 45% of the East Coast's supply of diesel, petrol and jet fuel. Chief executive Mr Blount told the newspaper that the firm decided to pay the ransom after discussions with experts who had previously dealt with DarkSide, the criminal organisation behind the attack.
https://www.bbc.co.uk/news/business-57178503
10 Emerging Cyber Security Trends To Watch In 2021
A flurry of new threats, technologies and business models have emerged in the cyber security space as the world shifted to a remote work model in response to the COVID-19 pandemic. The lack of a network perimeter in this new world accelerated the adoption of SASE (secure access service edge), zero trust and XDR (extended detection and response) to ensure remote users and their data are protected. Adversaries have taken advantage of the complexity introduced by newly remote workforces to falsely impersonate legitimate users through credential theft and have upped the ante by targeting customers in the victim’s supply chain. The ability to monetize ransomware attacks by threatening to publicly leak victim data has made it more lucrative, while employers continue to fend off insiders with an agenda.
https://www.crn.com/news/security/10-emerging-cybersecurity-trends-to-watch-in-2021
How Penetration Testing Can Promote A False Sense Of Security
Rob Gurzeev is concerned about blind spots—past and present. In his DarkReading article Defending the Castle: How World History Can Teach Cyber security a Lesson, Gurzeev mentioned, "Military battles bring direct lessons and, I find, often serve as a reminder that attack surface blind spots have been an Achilles' heel for defenders for a long time." "Cyber security attackers follow this same principle today," wrote Gurzeev. "Companies typically have a sizable number of IT assets within their external attack surface they neither monitor nor defend and probably do not know about in the first place."
https://www.techrepublic.com/article/how-penetration-testing-can-promote-a-false-sense-of-security/
Ransomware Attacks Are Only Getting Worse, Darkside Group "Quits," But That May Just Be A Strategy
Earlier this month, a hacker group named DarkSide launched a ransomware attack against the business network of the Colonial Pipeline, forcing the company to shut down the 5,500-mile main pipeline and leading to fuel shortages in 17 states and Washington DC last week. According to a Bloomberg report, Colonial paid 75 Bitcoin (around $5 million on the day of the transaction) in ransom to the Eastern European hackers, but officially the company has maintained a different narrative of not having any intention of paying the extortion fee in crypto currency, as the DarkSide group had demanded. However, the Georgia-based company is said to have made the payment within hours of the attack, possibly using a cyber insurance policy to cover it.
https://www.techspot.com/news/89689-ransomware-attacks-only-getting-worse-darkside-group-quits.html
Learning From Cyber Attacks Could Be The Key To Stopping Them
Organisations should use major cyber incidents as a way to think through the core of their security strategies in order to prevent or recover better from similar attacks. "A significant cyber incident is really an opportunity; because it's an opportunity to focus on the core issues that led to these cyber incidents," said Anne Neuberger, deputy national security advisor for cyber and emerging technology at the White House, speaking at the UK National Cyber Security Centre's (NCSC) CYBERUK 21 virtual conference. Neuberger said that whether it's something like the SolarWinds sophisticated supply chain attack or the Colonial Pipeline ransomware incident, "we know that vulnerabilities across software and hardware can bring on larger concerns", but that looking at the core issues can help everyone improve their security.
https://www.zdnet.com/article/learning-from-cyber-attacks-could-be-the-key-to-stopping-them/
Microsoft Remote Desktop Protocol (RDP) Allegedly Has An Alarming Active Vulnerability
The Remote Desktop Protocol (RDP) is an incredibly useful feature used by likely millions of people every day. Considering it is free and preinstalled from Microsoft, it beats out most other Windows-based remote desktop software with ease. This, however, does not give it a free pass from having flaws; however, as a security researcher has discovered his password in cleartext within the RDP service’s memory. Researcher Jonas Lykkegård of the Secret Club, a group of hackers, seems to stumble across interesting things from time to time. He recently posted to Twitter about finding a password in cleartext in memory after using the RDP service. It seems he could not believe what he had found, as he tested it again and produced the same results using a new local account.
Amazon’s Ring Is The Largest Civilian Surveillance Network The US Has Ever Seen
In a 2020 letter to management, Max Eliaser, an Amazon software engineer, said Ring is “simply not compatible with a free society”. We should take his claim seriously. Ring video doorbells, Amazon’s signature home security product, pose a serious threat to a free and democratic society. Not only is Ring’s surveillance network spreading rapidly, it is extending the reach of law enforcement into private property and expanding the surveillance of everyday life. What’s more, once Ring users agree to release video content to law enforcement, there is no way to revoke access and few limitations on how that content can be used, stored, and with whom it can be shared.
Ransomware Attacks Are Spiking. Is Your Company Prepared?
With the migration to remote work over the last year, cyber attacks have increased exponentially. We saw more attacks of every kind, but the headline for 2020 was ransom attacks, which were up 150% over the previous year. The amount paid by victims of these attacks increased more than 300% in 2020. Already 2021 has seen a dramatic increase in this activity, with high-profile ransom attacks against critical infrastructure, private companies, and municipalities grabbing headlines on a daily basis. The amount of ransom demanded also has significantly increased this year, with some demands reaching tens of millions of dollars. And the attacks have become more sophisticated, with threat actors seizing sensitive company data and holding it hostage for payment.
https://hbr.org/2021/05/ransomware-attacks-are-spiking-is-your-company-prepared
Threats
Ransomware
Insurer AXA Hit By Ransomware After Dropping Support For Ransom Payments
One Of The US’s Largest Insurance Companies Reportedly Paid $40 Million To Ransomware Hackers
Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data
Phishing
Other Social Engineering
Malware
Mobile
IoT
Four New Video Doorbells And Home Security Cameras Are Vulnerable To Hacking
EufyCam Users Should Turn Off Their Security Cams Immediately
Vulnerabilities
QNAP Warns Of eCh0raix Ransomware Attacks, Roon Server Zero-Day
Cross-Browser Tracking Vulnerability Tracks You Via Installed Apps
Cryptocurrency
Supply Chain
Nation State Actors
Denial of Service
Cloud
Governance, Risk and Compliance
Reports Published in the Last Week
Other News
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 04 December 2020
Black Arrow Cyber Threat Briefing 4 December 2020: Covid vaccine supply chain targeted by hackers; Criminals Favour Ransomware and BEC; Bank Employee Sells Personal Data of 200,000 Clients; 2020 Pandemic changing short- and long-term approaches to risk; Cyber risks take the fun out of connected toys; Remote Workers Admit Lack of Security Training
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.
Top Cyber Headlines of the Week
Covid vaccine supply chain targeted by hackers, say security experts
Cyber attackers have targeted the cold supply chain needed to deliver Covid-19 vaccines, according to a report detailing a sophisticated operation likely backed by a nation state.
The hackers appeared to be trying to disrupt or steal information about the vital processes to keep vaccines cold as they travel from factories to hospitals and doctors’ offices.
https://www.ft.com/content/9c303207-8f4a-42b7-b0e4-cf421f036b2f
Criminals to Favour Ransomware and BEC Over Breaches in 2021
The era of the mega-breach may be coming to an end as cyber-criminals eschew consumers’ personal data and focus on phishing and ransomware.
Cyber-criminals are relying less on stolen personal information and more on “poor consumer behaviors” such as password reuse to monetize attacks.
https://www.infosecurity-magazine.com/news/criminals-favor-ransomware-bec/
Bank Employee Sells Personal Data of 200,000 Clients
South Africa–based financial services group Absa has stated that one of its employees sold the personal information of 200,000 clients to third parties.
The group confirmed on Wednesday that the illegal activity had occurred and that 2% of Absa's retail customer base had been impacted.
The employee allegedly responsible for it was a credit analyst who had access to the group's risk-modeling processes.
Data exposed as a result of the security incident included clients' ID numbers, addresses, contact details, and descriptions of vehicles that they had purchased on finance.
https://www.infosecurity-magazine.com/news/bank-employee-sells-personal-data/
LastPass review: Still the leading password manager, despite security history
"'Don't put all your eggs in one basket' is all wrong. I tell you 'put all your eggs in one basket, and then watch that basket,'" said industrialist Andrew Carnegie in 1885. When it comes to privacy tools, he's usually dead wrong. In the case of password managers, however, Carnegie is usually more dead than wrong. To wit, I have been using LastPass so long I don't know when I started using LastPass and, for now, I've got no reason to change that.
The most significant security innovations of 2020
Who gets access? That is the question that drives every security measure and innovation that’s landed on PopSci’s annual compendium since we launched the category in 2008. Every year, that question gets bigger and bigger. In 2020, the world quaked under a global pandemic that took 1.4 million lives, the US saw a rebirth in its civil rights movement, and a spate of record-breaking wildfires forced entire regions to evacuate. And those are just the new scares. A buildup of angst against ad trackers and app snooping led to major changes in hardware and software alike. It was a year full of lessons, nuances, and mini revolutions, and we strive to match that with our choices.
https://www.popsci.com/story/technology/most-important-security-innovations-2020/
2020 security priorities: Pandemic changing short- and long-term approaches to risk
Security planning and budgeting is always an adventure. You can assess current risk and project the most likely threats, but the only real constant in cybersecurity risk is its unpredictability. Layer a global pandemic on top of that and CISOs suddenly have the nearly impossible task of deciding where to request and allocate resources in 2021.
Show how the COVID pandemic has changed what security focuses on now and what will drive security priorities and spending in 2021. Based on a survey of 522 security professionals from the US, Asia/Pacific and Europe, the study reveals how the pandemic has changed the way organizations assess risk and respond to threats—permanently.
Cyber risks take the fun out of connected toys
As Christmas approaches, internet-enabled smart toys are likely to feature heavily under festive trees. While some dolls of decades past were only capable of speaking pre-recorded phrases, modern equivalents boast speech recognition and can search for answers online in real time.
Other connected gadgets include drones or cars such as Nintendo’s Mario Kart Live Home Circuit, where players race each other in a virtual world modelled after their home surroundings.
But for all the fun that such items can bring, there is a risk — poorly-secured Internet of Things toys can be turned into convenient tools for hackers.
https://www.ft.com/content/c653e977-435f-4553-8401-9fa9b0faf632
Remote Workers Admit Lack of Security Training
A third of remote working employees have not received security training in the last six months.
400 remote workers in the UK across multiple industries, while 83% have had access to security best practice training and 88% are familiar with IT security policies, 32% have received no security training in the last six months.
Also, 50% spend two or more hours a week on IT issues, and 42% felt they had to go around the security policies of their organization to do their job.
https://www.infosecurity-magazine.com/news/remote-workers-training/
Threats
Ransomware
Delaware County Pays $500,000 Ransom After Outages
A US county is in the process of paying half-a-million dollars to ransomware extorters who locked its local government network, according to reports.
Pennsylvania’s Delaware County revealed the attack last week, claiming in a notice that it had disrupted “portions of its computer network.
“We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems,” it said.
https://www.infosecurity-magazine.com/news/delaware-county-pays-500k-ransom/
MasterChef Producer Hit by Double Extortion Ransomware
A multibillion-dollar TV production company has become the latest big corporate name caught out by ransomware, it emerged late last week.
The firm owns over 120 production firms around the world, delivering TV shows ranging from MasterChef and Big Brother to Black Mirror and The Island with Bear Grylls.
In a short update last Thursday, it claimed to be managing a “cyber-incident” affecting the networks of Endemol Shine Group and Endemol Shine International, Dutch firms it acquired in a $2.2bn deal in July.
Although ransomware isn’t named in the notice, previous reports suggest the firm is being extorted.
https://www.infosecurity-magazine.com/news/masterchef-producer-double/
Sopra Steria to take multi-million euro hit on ransomware attack
The company revealed in October that it had been hit by hackers using a new version of Ryuk ransomware.
It now says that the fallout, with various systems out of action, is likely to have a gross negative impact on operating margin of between €40 million and €50 million.
The group's insurance coverage for cyber risks is EUR30 million, meaning that negative organic revenue growth for the year is now expected to be between 4.5% and five per cent (previously between two per cent and four per cent). Free cash flow is now expected to be between €50 million and €100 million (previously between €80 million and €120 million).
BEC
FBI: BEC Scams Are Using Email Auto-Forwarding
The agency notes in an alert made public this week that since the COVID-19 pandemic began, leading to an increasingly remote workforce, BEC scammers have been taking advantage of the auto-forwarding feature within compromised email inboxes to trick employees to send them money under the guise of legitimate payments to third parties.
This tactic works because most organizations do not sync their web-based email client forwarding features with their desktop client counterparts. This limits the ability of system administrators to detect any suspicious activities and enables the fraudsters to send malicious emails from the compromised accounts without being detected, the alert, sent to organizations in November and made public this week, notes.
https://www.bankinfosecurity.com/fbi-bec-scams-are-using-email-auto-forwarding-a-15498
Phishing
Phishing lures employees with fake 'back to work' internal memos
Scammers are trying to steal email credentials from employees by impersonating their organization's human resources (HR) department in phishing emails camouflaged as internal 'back to work' company memos.
These phishing messages have managed to land in thousands of targeted individuals' mailboxes after bypassing G Suite email defences according to stats provided by researchers at email security company Abnormal Security who spotted this phishing campaign.
There is a high probability that some of the targets will fall for the scammers' tricks given that during this year's COVID-19 pandemic most companies have regularly emailed their employees with updates regarding remote working policy changes.
Warning: Massive Zoom phishing targets Thanksgiving meetings
Everyone should be on the lookout for a massive ongoing phishing attack today, pretending to be an invite for a Zoom meeting. Hosted on numerous landing pages, BleepingComputer has learned that thousands of users' credentials have already been stolen by the attack.
With many in the USA hosting virtual Thanksgiving dinners and people in other countries conducting Zoom business meetings, as usual, today is a prime opportunity to perform a phishing attack using Zoom invite lures.
Malware
All-new Windows 10 malware is excellent at evading detection
Security researchers at Kaspersky have discovered a new malware strain developed by the hacker-for-hire group DeathStalker that has been designed to avoid detection on Windows PCs.
While the threat actor has been active since at least 2012, DeathStalker first drew Kaspersky's attention back in 2018 because of its distinctive attack characteristics which didn't resemble those employed by cybercriminals or state-sponsored hackers.
https://www.techradar.com/news/all-new-windows-10-malware-is-excellent-at-evading-detection
New TrickBot version can tamper with UEFI/BIOS firmware
The operators of the TrickBot malware botnet have added a new capability that can allow them to interact with an infected computer's BIOS or UEFI firmware.
The new capability was spotted inside part of a new TrickBot module, first seen in the wild at the end of October, security firms Advanced Intelligence and Eclypsium said in a joint report published today.
The new module has security researchers worried as its features would allow the TrickBot malware to establish more persistent footholds on infected systems, footholds that could allow the malware to survive OS reinstalls.
https://www.zdnet.com/article/new-trickbot-version-can-tamper-with-uefibios-firmware/
Russia-linked APT Turla used a new malware toolset named Crutch
Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country.
The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.
https://securityaffairs.co/wordpress/111813/apt/turla-crutch-malware-platform.html
MacBooks under attack by dangerous malware: What to do
a recent spate of malware attacks targeting macOS of late that installs backdoors to steal sensitive personal information. The security firm discovered that a new malware variant is being used online and backed by a rogue nation-state hacking group known as OceanLotus, which also operates under the name AKTP2 and is based in Vietnam.
The new malware was created by OceanLotus due to the “similarities in dynamic behavior and code” from previous malware connected to the Vietnamese-based hacking group.
https://www.laptopmag.com/news/macbooks-under-attack-by-dangerous-malware-what-to-do
Hackers Using Monero Mining Malware as Decoy, Warns Microsoft
The company’s intelligence team said a group called BISMUTH hit government targets in France and Vietnam with relatively conspicuous monero mining trojans this summer. Mining the crypto generated side cash for the group, but it also distracted victims from BISMUTH’s true campaign: credential theft.
Crypto-jacking “allowed BISMUTH to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re ‘commodity’ malware,” Microsoft concluded. It said the conspicuousness of monero mining fits BISMUTH’s “hide in plain sight” MO.
Microsoft recommended organizations stay vigilant against crypto-jacking as a possible decoy tactic.
https://www.coindesk.com/hackers-using-monero-mining-malware-as-decoy-warns-microsoft
Vulnerabilities
Zerologon is now detected by Microsoft Defender for Identity
There has been a huge focus on the recently patched CVE-2020-1472 Netlogon Elevation of Privilege vulnerability, widely known as ZeroLogon. While Microsoft strongly recommends that you deploy the latest security updates to your servers and devices, we also want to provide you with the best detection coverage possible for your domain controllers. Microsoft Defender for Identity along with other Microsoft 365 Defender solutions detect adversaries as they try to exploit this vulnerability against your domain controllers.
Privacy
'We've heard the feedback...' Microsoft 365 axes per-user productivity monitoring after privacy backlash
If you heard a strange noise coming from Redmond today, it was the sound of some rapid back-pedalling regarding the Productivity Score feature in its Microsoft 365 cloud platform.
Following outcry from subscribers and privacy campaigners, the Windows giant has now vowed to wind back the functionality so that it no longer produces scores for individual users, and instead just summarizes the output of a whole organization. It was feared the dashboard could have been used by bad bosses to measure the productivity of specific employees using daft metrics like the volume of emails or chat messages sent through Microsoft 365.
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.