Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 08 July 2022
Black Arrow Cyber Threat Briefing 08 July 2022:
-Businesses Urged Not To Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts
-People Are the Primary Attack Vector Around the World
-Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams
-54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)
-New Cyber Threat Emerges from the Inside, Research Report Finds
-Ransomware: Why it's still a big threat, and where the gangs are going next
-NCSC: Prepare for Protected Period of Heightened Cyber-Risk
-69% Of Employees Need to Deal With More Security Measures In A Hybrid Work Environment
-FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying
-As Cyber Criminals Recycle Ransomware, They're Getting Faster
-UK Military Investigates Hacks on Army Social Media Accounts
-APT Campaign Targeting SOHO Routers Highlights Risks to Remote Workers
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Businesses Urged Not to Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts
While there have been arguments made for criminalising the payment of ransoms, it poses a number of additional risks such as providing the criminals with an additional factor they could use to extort their victims.
Businesses are being urged not to pay cyber extortionists as authorities say they are seeing evidence of a rise in ransomware payments.
In a joint letter to the Law Society, the National Cyber Security Centre (NCSC) and the Information Commissioner's Office are warning solicitors who may have been advising their clients to pay.
It follows warnings earlier this year by cyber security experts from the UK, US, and Australia of a "growing wave of increasingly sophisticated ransomware attacks" which could have "devastating consequences".
The joint letter states that while ransomware payments are "not unusually unlawful" those who pay them "should be mindful of how relevant sanctions regimes (particularly those related to Russia)" when considering making the payment.
The US sanctioned in December 2019 any financial dealings with a Russian cyber crime group that was accused of working with Russian intelligence to steal classified government documents.
Despite the spillover from the Russian war in Ukraine - in one case knocking 5,800 wind turbines in Germany offline - the NCSC says it has not detected any increase in hostile activity targeting Britain during the conflict.
Businesses however had been warned that there is a heightened threat level when it comes to cyber attacks due to the conflict which is likely to be here "for the long-haul".
People Are the Primary Attack Vector Around the World
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber secure workforce and an engaged security culture.
People have become the primary attack vector for cyber-attackers around the world. Humans, rather than technology, represent the greatest risk to organisations and the professionals who oversee security awareness programs are the key to effectively managing that risk.
Awareness programs enable security teams to effectively manage their human risk by changing how people think about cyber security and help them exhibit secure behaviours, from the Board of Directors on down.
Effective and mature security awareness programs not only change their workforce’s behaviour and culture but also measure and demonstrate their value to leadership via a metrics framework. Organisations can no longer justify an annual training to tick the compliance box, and it remains critical for organisations to dedicate enough personnel, resources, and tools to manage their human risk effectively.
https://www.helpnetsecurity.com/2022/07/05/people-primary-attack-vector/
Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails.
Avoiding a costly social engineering attack often requires employees to spot suspicious emails before threat actors request sensitive information or access.
Cofense Intelligence published new research Thursday that showed most business email compromise (BEC) scams can be thwarted in their initial stages when the attackers are not asking for money or a transfer of funds. The cyber security vendor analysed hundreds of BEC emails sent to customers during March and April, and engaged with the threat actors in approximately half the cases.
The company found that only 36% of attackers looking to conduct fraud attacks opened with a cordial greeting and request for cash, gift cards or confidential payment information. Most BEC scams, Cofense found, attempt to slowly build up trust over the course of multiple email exchanges with the target and ingratiate them with common phrases like "sorry to bother you."
Once they realise they can get money out of you, they will do everything they can to drain you dry. For many of the scammers, this becomes a literal hustle, where they will quickly pivot to other cash-out methods. Just because something starts as a wire transfer doesn't mean they won't ask you to send cryptocurrency, gift cards, a cheque, or use your personal Venmo or PayPal to wire them money.
54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)
SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business Multi-Factor Authentication (MFA) Study released by the Cyber Readiness Institute (CRI).
Services that enforce MFA require users to present more than one piece of evidence whenever they log in to a business account (e.g., company email, payroll, human resources, etc.).
MFA has been in use for decades and is widely recommended by cyber security experts, yet 55% of SMBs surveyed are not “very aware” of MFA and its security benefits, and 54% do not use it for their business. Of the businesses that have not implemented MFA, 47% noted they either didn’t understand MFA or didn’t see its value. In addition, nearly 60% of small business and medium-sized owners have not discussed MFA with their employees.
Nearly all account compromise attacks can be stopped outright, just by using MFA. It’s a proven, effective way to thwart bad actors.
Of the companies that have implemented some form of MFA, many still seem to have done so haphazardly. Only 39% of those who offer MFA have a process for prioritising critical hardware, software, and data, with 49% merely “encouraging the use of MFA when it is available.”
https://www.helpnetsecurity.com/2022/07/08/smb-implement-mfa/
New Cyber Threat Emerges from the Inside, Research Report Finds
In its 2022 Insider Risk Intelligence & Research Report, DTEX Systems, a workforce cyber intelligence and security company, identifies a new cyber threat: the “Super Malicious Insider.”
Just what is a Super Malicious Insider and where does it come from? Well, it comes from inside your own organisation or someone who recently worked for you — a threat actor who may be truly of your own making.
“It was the year (2021) we all came to realise the Work-from-Anywhere (WFA) movement was here to stay,” DTEX reports. “For security and risk professionals, this hastened the end of corporate perimeter-centric security, and a requirement to protect hundreds of thousands of ‘remote offices’ outside of traditional corporate controls. To make matters worse, a measurable increase in employee attrition toward the end of 2021 created the perfect storm for insider threats.”
So, if your organisation didn’t observe a proportional increase in attempted or actual data loss, then you were likely not looking, DTEX asserts.
Critically your insiders know your vulnerabilities and can exploit them, for example, when an employee quits to join a competitor, it is often tempting to take proprietary information with them. This can include customer lists, product plans, financial data and other intellectual property.
The Super Malicious Insider is better able to hide their activities, obfuscate data and exfiltrate sensitive information without detection. Importantly, in numerous insider incidents reviewed in 2021, the Super Malicious Insider had made significant efforts to appear normal by not straying outside of their day-to-day routine, DTEX reports.
Here are some key statistics from the report:
Industrial espionage is at an all-time high. In 2021, 72% of respondents saw an increase in actionable insider threat incidents. IP or data theft led the list at 42% of incidents, followed by unauthorised or accidental disclosure (23%), sabotage (19%), fraud (%) and other (7%). In fact, 42% of all DTEX i3 investigations involved theft of IP or customer data.
The technology industry (38%), followed by pharma/life sciences (21%), accounted for the most IP theft incidents. In addition, technology (33%) had the most super malicious incidents, followed by critical infrastructure (24%) and government (11%).
Investigations that led to criminal prosecution occurred within someone’s home 75% of the time. More telling, 32% of malicious incident incidents included sophisticated insider techniques.
Ransomware: Why It's Still A Big Threat, And Where The Gangs Are Going Next
Ransomware attacks are still lucrative for cyber criminals because victims pay ransoms - and the threat is still evolving.
Ransomware has been a cyber security issue for a long time, but last year it went mainstream. Security threats like malware, ransomware and hacking gangs are always evolving.
Major ransomware attacks like those on Colonial Pipeline, the Irish Healthcare Executive and many others demonstrated how significant the problem had become as cyber attacks disrupted people's lives.
What was once a small cyber-criminal industry based around encrypting files on personal computers and demanding a ransom of a few hundred dollars for a decryption key had evolved into a massive ecosystem designed around holding critical services and infrastructure to ransom - and making extortion demands of millions of dollars.
No wonder Lindy Cameron, head of the UK's National Cyber Security Centre (NCSC), has described ransomware as "the biggest global cyber threat".
Ransomware is continually evolving, with new variants appearing, new ransomware groups emerging, and new techniques and tactics designed to make the most money from attacks.
And as the recent Conti ransomware leaks showed, the most successful ransomware gangs are organised as if they were any other group of software developers.
They are really acting like a business. Aside from the fact they're not legitimately registered, they really are. They're functioning like a real business and sometimes the number of people within these organisations is bigger than some startups. They have shown a lot of resilience and a lot of agility in adapting to what's new.
NCSC: Prepare for Protracted Period of Heightened Cyber Risk
The UK’s leading cyber security agency has urged organisations to follow best practices and take care of their infosecurity staff in order to weather an extended period of elevated cyber risk due to the ongoing war in Ukraine.
The National Cyber Security Centre (NCSC) guide, Maintaining A Sustainable Strengthened Cyber Security Posture, comes on the back of warnings that organisations must “prepare for the long haul” as the conflict enters its fifth month.
Alongside basic hygiene controls, the strengthening of cyber-resilience and revisiting of risk-based decisions made in the earlier acute phase of the war, organisations should pay special attention to their security staff, the NCSC said.
“Increased workloads for cyber security staff over an extended period can harm their wellbeing and lead to lower productivity, with a potential rise in unsafe behaviours or errors,” it said.
With this in mind, the guide highlighted several steps IT security managers should consider:
Empower staff to make decisions in order to improve agility and free-up leaders to focus on medium-term priorities
Spread workloads evenly across a wider pool of staff to reduce the risk of burnout and enable less experienced employees to benefit from development opportunities
Provide opportunities for staff to recharge through more frequent breaks and time away from the office, as well as work on less pressured tasks
Look after each other by watching for signs that colleagues are struggling and ensuring they always have the right resources to hand
Engage the entire workforce with the right internal communications processes, and support so that all staff are able to identify and report suspicious behaviour
https://www.infosecurity-magazine.com/news/ncsc-prepare-cyber-risk/
69% Of Employees Need to Deal with More Security Measures In A Hybrid Work Environment
Security firm Ivanti worked with global digital transformation experts and surveyed 10,000 office workers, IT professionals, and the C-Suite to evaluate the level of prioritisation and adoption of digital employee experience in organisations and how it shapes the daily working experiences for employees. The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe that the way they interact with technology directly impacts morale.
One of the biggest challenges facing IT leaders today is the need to enable a seamless end user experience while maintaining robust security. The challenge becomes more complex when there is pressure from the top to bypass security measures, with 49% of C-level executives reporting they have requested to bypass one or more security measures in the last year.
Maintaining a secure environment and focusing on the digital employee experience are two inseparable elements of any digital transformation. In the war for talent a key differentiator for organisations is providing an exceptional and secure digital experience. Ivanti, a cyber security software provider, says “We believe that organisations not prioritising how their employees experience technology is a contributing factor for the Great Resignation”.
https://www.helpnetsecurity.com/2022/07/04/security-measures-hybrid-work-environment/
FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying
The head of the FBI and the leader of Britain’s domestic intelligence agency have delivered an unprecedented joint address, raising fresh alarm about the Chinese government, warning business leaders that Beijing is determined to steal their technology for competitive gain.
In a speech at MI5’s London headquarters intended as a show of western solidarity, Christopher Wray, the FBI director, stood alongside the MI5 director general, Ken McCallum. Wray reaffirmed longstanding concerns about economic espionage and hacking operations by China, as well as the Chinese government’s efforts to stifle dissent abroad.
“We consistently see that it’s the Chinese government that poses the biggest long-term threat to our economic and national security, and by ‘our’, I mean both of our nations, along with our allies in Europe and elsewhere,” Wray said.
He told the audience the Chinese government was “set on stealing your technology, whatever it is that makes your industry tick, and using it to undercut your business and dominate your market”.
Ken McCallum said MI5 was running seven times as many investigations into China as it had been four years ago and planned to “grow as much again” to tackle the widespread attempts at inference which pervade “so many aspects of our national life”.
https://www.theguardian.com/world/2022/jul/06/fbi-mi5-china-spying-cyberattacks-business-economy
As Cyber Criminals Recycle Ransomware, They're Getting Faster
Like history, ransomware repeats itself. Researchers recently encountered a new variant of a ransomware campaign and observed that it has been improving itself by reusing code from publicly available sources.
Nokoyawa is a new ransomware for Windows that first appeared at the beginning of this year. The first samples found by researchers were gathered in February 2022 and contain significant coding similarities with other older ransomware strains, some going back to 2019.
These new variants had been improving themselves by reusing code from publicly available sources. The April 2022 samples include three new features that increase the number of files that Nokoyawa can encrypt. These features already existed in recent ransomware families, and their addition just indicates that Nokoyawa developers are trying to match pace with other operators in terms of technological capability.
https://www.securityweek.com/cybercriminals-recycle-ransomware-theyre-getting-faster
UK Military Investigates Hacks on Army Social Media Accounts
British military authorities are trying to find out who hacked the army’s social media accounts over the weekend, flooding them with cryptocurrency videos and posts related to collectible electronic art.
The investigation was launched after authorised content on the army’s YouTube account was replaced with a video feed promoting cryptocurrencies that included images of billionaire Elon Musk. The Army’s Twitter account retweeted a number of posts about non-fungible tokens, unique digital images that can be bought and sold but have no physical counterpart.
“Apologies for the temporary interruption to our feed,” the Army said in a tweet posted after the Twitter account was restored on Sunday. “We will conduct a full investigation and learn from this incident. Thanks for following us, and normal service will now resume.”
The Ministry of Defence said late Sunday that both breaches had been “resolved.”
While internet users were unable to access the Army’s YouTube site on Monday, a spokesperson said the site was down for standard maintenance. The Twitter feed was operating normally.
Although U.K. officials have previously raised concerns about state-sponsored Russian hacking, the military did not speculate on who was responsible for Sunday’s breaches.
“The Army takes information security extremely seriously, and until their investigation is complete it would be inappropriate to comment further,” the Ministry of Defence said.
https://www.securityweek.com/uk-military-investigates-hacks-army-social-media-accounts
Campaign Targeting SOHO Routers Highlights Risks to Remote Workers
A targeted attack campaign has been compromising small office/home office (SOHO) routers since late 2020, with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself.
"The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defence-in-depth protections by targeting the weakest points of the new network perimeter - devices that are routinely purchased by consumers but rarely monitored or patched - small office/home office (SOHO) routers," researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.
Threats
Ransomware
Lawyers Urged to Stop Advising Clients to Pay Ransomware Demands - Infosecurity Magazine
Ransomware in 2022: Evolving threats, slow progress (techtarget.com)
AstraLocker ransomware closes doors to pursue cryptojacking • The Register
Ransomware gangs are feeling the crypto winter's impact | TechSpot
LockBit explained: How it has become the most popular ransomware | CSO Online
Hive ransomware gang turns to Rust, more complex encryption • The Register
New RedAlert Ransomware targets Windows, Linux VMware ESXi servers (bleepingcomputer.com)
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)
North Korean ransomware dubbed Maui active since May 2021 • The Register
Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method (thehackernews.com)
Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)
New 'HavanaCrypt' Ransomware Distributed as Fake Google Software Update | SecurityWeek.Com
As New Clues Emerges, Experts Wonder: Is REvil Back? (thehackernews.com)
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)
New 0mega ransomware targets businesses in double-extortion attacks (bleepingcomputer.com)
Evolution of the LockBit Ransomware operation relies on new techniques - Security Affairs
AstraLocker ransomware shuts down and releases decryptors (bleepingcomputer.com)
QNAP warns of new Checkmate ransomware targeting NAS devices (bleepingcomputer.com)
Quantum ransomware attack affects 657 healthcare orgs (bleepingcomputer.com)
How Conti ransomware group crippled Costa Rica — then fell apart | Financial Times (ft.com)
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)
EternalBlue 5 years after WannaCry and NotPetya - SANS Internet Storm Center
Phishing & Email Based Attacks
Malware
Hackers Exploiting Follina Bug to Deploy Rozena Backdoor (thehackernews.com)
Dangerous new malware dances past more than 50 antivirus services | TechRadar
Raspberry Robin campaign leverages compromised QNAP devicesSecurity Affairs
Malware knocks IT services vendor SHI offline • The Register
Near-undetectable malware linked to Russia's Cozy Bear • The Register
New stealthy OrBit malware steals data from Linux devices (bleepingcomputer.com)
Hackers are using YouTube videos to trick people into installing malware | TechRadar
Mobile
This WhatsApp scam promises big, but just sends you into a spiral | ZDNet
Android malware subscribes you to premium services without you knowing - GSMArena.com news
Free smartphone stalkerware detection tool gets dedicated hub (bleepingcomputer.com)
Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)
Internet of Things – IoT
Data Breaches/Leaks
Marriott Data Breach Exposes PII, Credit Cards (darkreading.com)
Aon Hack Exposed Sensitive Information of 146,000 Customers - Infosecurity Magazine
Hackers Claim to Have Stolen Police Data in China’s Largest Cyber Security Breach - Bloomberg
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ransomware gangs are feeling the crypto winter's impact | TechSpot
AstraLocker ransomware closes doors to pursue cryptojacking • The Register
Hackers are using YouTube videos to trick people into installing malware | TechRadar
PennyWise crypto-stealing malware spreads through YouTube (cointelegraph.com)
US urges Japan to step up pressure on crypto miners with links to Russia | Financial Times (ft.com)
Large-scale cryptomining campaign is targeting the NPM repositorySecurity Affairs
ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru
Insider Risk and Insider Threats
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost
HackerOne incident raises concerns for insider threats (techtarget.com)
Fraud, Scams & Financial Crime
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru
What Do All of Those Cloud Cyber Security Acronyms Mean? (darkreading.com)
Identity and Access Management
Asset Management
Encryption
Encryption is high up on corporate priority lists - Help Net Security
Quantum-resistant encryption recommended for standardization • The Register
The threat of quantum computing to sensitive data - Help Net Security
Inside NIST's 4 Crypto Algorithms for a Post-Quantum World (darkreading.com)
End-to-end encryption’s central role in modern self-defence | Ars Technica
API
Open Source
Social Media
Digital Transformation
Travel
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
ICO Set to Scale Back Public Sector Fines - Infosecurity Magazine
ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)
Wegmans hit with $400,000 data-breach penalty (democratandchronicle.com)
Models, Frameworks and Standards
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware (thehackernews.com)
Pro-Kremlin hackers Killnet hit Latvia with biggest cyber attack in its history | World | The Times
TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (thehackernews.com)
NATO Announce Plans to Develop Cyber Rapid Response Capabilities - IT Security Guru
FBI and MI5 bosses: China cheats and steals at massive scale • The Register
Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop
In Switch, Trickbot Group Now Attacking Ukrainian Targets (darkreading.com)
Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)
Nation State Actors
Nation State Actors – Russia
Russian Info Ops Ramp Up Effort to Divide West on Ukraine - Infosecurity Magazine
Near-undetectable malware linked to Russia's Cozy Bear • The Register
Nation State Actors – China
China Censors What Could Be Biggest Data Hack in History (gizmodo.com)
Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop
China’s Cabinet Stresses Cyber Security After Data Leak - Bloomberg
Security warning after sale of stolen Chinese data - BBC News
Five accused of trying to silence China critics in US • The Register
50 Chinese students leave UK in three years after spy chiefs’ warning | Espionage | The Guardian
More UK calls for ban of CCTV makers Hikvision, Dahua • The Register
Nation State Actors – North Korea
Russian information operations focus on dividing Western coalition supporting Ukraine - CyberScoop
North Korean ransomware dubbed Maui active since May 2021 • The Register
Nation State Actors – Iran
Vulnerabilities
Cisco and Fortinet Release Security Patches for Multiple Products (thehackernews.com)
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE - Security Affairs
Django fixes SQL Injection vulnerability in new releases (bleepingcomputer.com)
Google fixes the fourth Chrome zero-day in 2022 - Security Affairs - Security Affairs
Tens of Jenkins plugins are affected by zero-day vulnerabilities - Security Affairs
OpenSSL fixes two “one-liner” crypto bugs – what you need to know – Naked Security (sophos.com)
Fortinet addressed multiple vulnerabilities in several products - Security Affairs
There’s a Nasty Security Hole in the Apache Webserver – The New Stack
Sector Specific
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
We currently provide tailored threat intelligence based on the following sectors, additional sectors by arrangement:
Automotive
Construction
Critical National Infrastructure (CNI)
Defence & Space
Education & Academia
Energy & Utilities
Estate Agencies
Financial Services
FinTech
Food & Agriculture
Gaming & Gambling
Government & Public Sector (including Law Enforcement)
Health/Medical/Pharma
Hotels & Hospitality
Insurance
Legal
Manufacturing
Maritime
Oil, Gas & Mining
OT, ICS, IIoT, SCADA & Cyber-Physical Systems
Retail & eCommerce
Small and Medium Sized Businesses (SMBs)
Startups
Telecoms
Third Sector & Charities
Transport & Aviation
Web3
Other News
These are the cyber security threats of tomorrow that you should be thinking about today | ZDNet
Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk (darkreading.com)
Microsoft rolls back plan to block macros by default • Graham Cluley
Attacker groups adopt new penetration testing tool Brute Ratel | CSO Online
Security tester says he broke into datacenter via toilets • The Register
SQL injection, XSS vulnerabilities continue to plague organisations | CSO Online
Imagination is key to effective data loss prevention - Help Net Security
The Age of Collaborative Security: What Tens of Thousands of Machines Witness (thehackernews.com)
Maintaining a sustainable strengthened cyber security posture - NCSC.GOV.UK
Zero Trust Bolsters Our National Defence Against Rising Cyber Threats (darkreading.com)
Security advisory accidentally exposes vulnerable systems (bleepingcomputer.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 01 July 2022
Black Arrow Cyber Threat Briefing 01 July 2022:
-Ransomware Is the Biggest Global Cyber Threat. And The Attacks Are Still Evolving
-Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion
-Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
-Three in Four Vulnerability Management Programs Ineffective, NopSec Research Finds
-EMEA Continues to Be a Hotspot for Malware Threats
-A New, Remarkably Sophisticated Malware Is Attacking Home and Small Office Routers
-What Are Shadow IDs, and How Are They Crucial in 2022?
-Zero-Days Aren't Going Away Anytime Soon & What Leaders Need to Know
-Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities
-Human Error Remains the Top Security Issue
-Carnival Cruises Torpedoed by US States, Agrees to Pay $6m After Wave of Cyber Attacks
-Uber Ex-Security Chief Accused of Hacking Coverup Must Face Fraud Charges, Judge Rules
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Is the Biggest Global Cyber Threat. And The Attacks Are Still Evolving
Ransomware is the biggest cyber security threat facing the world today, with the potential to significantly affect whole societies and economies – and the attacks are unrelenting, the head of the National Cyber Security Centre (NCSC) has warned.
"Even with a war raging in Ukraine – the biggest global cyber threat we still face is ransomware. That tells you something of the scale of the problem. Ransomware attacks strike hard and fast. They are evolving rapidly, they are all-pervasive, they're increasingly offered by gangs as a service, lowering the bar for entry into cyber crime," said Lindy Cameron, CEO of the NCSC in a speech at Tel Aviv Cyber Week.
She added that the NCSC has dealt with "nationally significant incidents" along with hundreds of general cyber incidents that "affect the UK more widely every year".
While she didn't detail any specific instances of responding to ransomware incidents, Cameron warned that "these complex attacks have the potential to affect our societies and economies significantly", and implied that if it weren't for the work of NCSC incident responders, alongside their counterparts in the industry and international counterparts, the attacks could have had a major impact.
Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion
Titaniam, Inc., the data security platform, announced the ‘State of Data Exfiltration & Extortion Report.’ The survey revealed that while over 70% of organisations have an existing set of prevention, detection, and backup solutions, nearly 40% of organisations have been hit with ransomware attacks in the last year, and more than 70% have experienced one in the previous five years, proving existing solutions to be woefully inadequate in managing the risks and impacts from these attacks.
Data exfiltration during ransomware attacks is up 106% relative to where it was five years ago. We are seeing the emergence of a new trend where cyber criminals are no longer limiting themselves to just encrypting entire systems—they are making sure to steal data ahead of the encryption so that they can have additional leverage on the victim. The survey found that 65% of those who have experienced a ransomware attack have also experienced data theft or exfiltration due to the incident. Of those victims, 60% say the hackers used the data theft to extort them further, known as double extortion. Most of them, i.e., 59% of victims, paid the hackers, implying that they were not helped by their backup or data security tools to prevent this fate.
Data is being exposed for theft and extortion in other ways too. Nearly half (47%) uncovered publicly exposed data in their systems in the last 24 months. It was found that respondents have a mix of data security & protection (78%), prevention & detection (75%), and backup and recovery (73%) in their cyber security stacks. Still, exposure and extortion numbers imply a missing puzzle piece regarding attacks.
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against companies spiked in Q1 2022 with patchable and preventable external vulnerabilities responsible for the bulk of attacks.
Eighty-two percent of attacks on organisations in Q1 2022 were caused by the external exposure of known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18 percent.
The numbers come from Tetra Defense and its quarterly report that sheds light on a notable uptick in cyber attacks against United States organisations between January and March 2022.
The report did not let employee security hygiene, or a lack thereof, off the hook. Tetra revealed that a lack of multi-factor authentication (MFA) mechanisms adopted by firms and compromised credentials are still major factors in attacks against organisations.
https://threatpost.com/lead-causes-of-q1-attacks/180096/
Three in Four Vulnerability Management Programs Ineffective
How at risk are organisations to unsecured vulnerabilities in their networks? NopSec, a threat and exposure management provider, gives us the answers in a new study of some 430 cyber security professionals.
Are security teams finding successful approaches to their vulnerability management, or are “open doors around their attack surface” leaving them susceptible to disaster in their organisation? The answer, as it turns out, is that some organisations are better at detection, response and remediation of their vulnerabilities.
Perhaps more importantly, others are not as locked down as they believe, according to the report. Keeping track of known vulnerabilities and responding quickly is one thing, but locating flaws they did not previously know existed is quite another.
Seventy percent of respondent say their vulnerability management program (VMP) is only somewhat effective or worse, blind spots and shadow IT remain top challenges, and vulnerabilities take too long to patch.
EMEA Continues to Be a Hotspot for Malware Threats
Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to the latest quarterly Internet Security Report from the WatchGuard Threat Lab. Researchers also found that the Emotet botnet came back in a big way, the infamous Log4Shell vulnerability tripled its attack efforts and malicious cryptomining activity increased.
Although findings from the Threat Lab’s Q4 2021 report showed ransomware attacks trending down year over year, that all changed in Q1 2022 with a massive explosion in ransomware detections. While Q4 2021 saw the downfall of the infamous REvil cybergang, WatchGuard analysis suggests that this opened the door for the LAPSUS$ extortion group to emerge, which along with many new ransomware variants such as BlackCat – the first known ransomware written in the Rust programming language – could be contributing factors to an ever-increasing ransomware and cyber-extortion threat landscape.
The report also shows that EMEA continues to be a hotspot for malware threats. Overall regional detections of basic and evasive malware show WatchGuard Fireboxes in EMEA were hit harder than those in North, Central and South America (AMER) at 57% and 22%, respectively, followed by Asia-Pacific (APAC) at 21%.
https://www.helpnetsecurity.com/2022/06/30/emea-malware-threats/
A New, Remarkably Sophisticated Malware Is Attacking Home and Small Office Routers
An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on June 28.
So far, researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.
The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive, and remain undetected, is the hallmark of a highly sophisticated threat actor.
"While compromising small office/home office (SOHO) routers as a vector to gain access to an adjacent LAN is not a novel technique, it has seldom been reported," Black Lotus Labs researchers wrote. "Similarly, reports of person-in-the-middle style attacks, such as DNS and HTTP hijacking, are even rarer and a mark of a complex and targeted operation. The use of these two techniques congruently demonstrated a high level of sophistication by a threat actor, indicating that this campaign was possibly performed by a state-sponsored organisation."
The campaign comprises at least four pieces of malware, three of them written from scratch by the threat actor. The first piece is the MIPS-based ZuoRAT, which closely resembles the Mirai internet-of-things malware that achieved record-breaking distributed denial-of-service attacks that crippled some Internet services for days. ZuoRAT often gets installed by exploiting unpatched vulnerabilities in SOHO devices.
https://www.wired.com/story/zuorat-trojan-malware-hacking-routers/
What Are Shadow IDs, and How Are They Crucial in 2022?
Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shadow IT. Not because they tried to obfuscate or hide anything, simply because it was a convenient tool that they preferred over any other sanctioned products (which JPMorgan certainly has quite a few of.)
Visibility into unknown and unsanctioned applications has been required by regulators and also recommended by the Center for Internet Security community for a long time. Yet it seems that new and better approaches are still in demand. Gartner has identified External Attack Surface Management, Digital Supply Chain Risk, and Identity Threat Detection as the top three trends to focus on in 2022, all of which are closely intertwined with Shadow IT.
"Shadow IDs," or in other words, unmanaged employee identities and accounts in third-party services, are often created using a simple email-and-password-based registration. Cloud access security broker (CASB) and corporate single-sign-on (SSO) solutions are limited to a few sanctioned applications, and are not widely adopted on most websites and services either. This means, that a large part of an organisation's external surface - as well as its user identities - may be completely invisible.
https://thehackernews.com/2022/06/what-are-shadow-ids-and-how-are-they.html
Zero-Days Aren't Going Away Anytime Soon, and What Leaders Need to Know
Few security exploits are the source of more sleepless nights for security professionals than zero-day attacks. Just recently, researchers discovered a new vulnerability enabling hackers to achieve remote code execution within Microsoft Office. Dubbing the evolving threat the Follina exploit, researchers say all versions of Office are at risk. And because the internal security teams have no time to prepare or patch their systems to defend against these software vulnerabilities, crafty threat actors can take advantage, taking their time after they've accessed an organisation's environment to observe and exfiltrate data while remaining completely unseen.
And though sophisticated threat actors and nations have exploited zero-days for nearly two decades, last year saw a historic rise in the number of vulnerabilities detected. Both Google and Mandiant tracked a record number of zero-days last year, with the caveat that more zero-days are being discovered because security companies are getting better at finding them — not necessarily because hackers are coming up with new vulnerabilities. Not all zero-days are created equal, though. Some require sophisticated and novel techniques, like the attack on SolarWinds, and others exploit simple vulnerabilities in commonly used programs like Windows. Thankfully, there's some basic cyber hygiene strategies that can keep your organisation sufficiently prepared to mitigate zero-day exploits.
Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities
Google Project Zero has observed a total of 18 exploited zero-day vulnerabilities in the first half of 2022, at least half of which exist because previous bugs were not properly addressed.
According to Google Project Zero researcher Maddie Stone, nine of the in-the-wild zero-days seen so far this year could have been prevented had organisations applied more comprehensive patching.
“On top of that, four of the 2022 zero-days are variants of 2021 in-the-wild zero-days. Just 12 months from the original in-the-wild zero-day being patched, attackers came back with a variant of the original bug,” Stone says.
The most recent of these issues is the Follina vulnerability in the Windows platform. Tracked as CVE-2022-30190, it is a variant of an MSHTML zero-day tracked as CVE-2021-40444.
CVE-2022-21882 is another Windows vulnerability that is a variant of an in-the-wild zero-day that was improperly resolved last year, namely CVE-2021-1732.
An iOS IOMobileFrameBuffer bug (CVE-2022-22587) and a type confusion flaw in Chrome’s V8 engine (CVE-2022-1096) are two other zero-days that are variants of exploited security flaws found last year – CVE-2021-30983 and CVE-2021-30551, respectively.
Other 2022 zero-days that are variants of improperly addressed security defects are CVE-2022-1364 (Chrome), CVE-2022-22620 (WebKit), CVE-2021-39793 (Google Pixel), CVE-2022-26134 (Atlassian Confluence), and CVE-2022-26925 (Windows flaw called PetitPotam).
https://www.securityweek.com/google-half-2022s-zero-days-are-variants-previous-vulnerabilities
Human Error Remains the Top Security Issue
Human error remains the most effective vector for conducting network infiltrations and data breaches.
The SANS Institute security centre issued its annual security awareness report Wednesday, which was based on data from 1,000 infosec professionals and found that employees and their lack of security training remain common points of failure for data breaches and network attacks. The report also tracked the maturity level of respondents' security awareness programs and their effectiveness in reducing human risk.
"This year's report once again identifies what we have seen over the past three years: that the most mature security awareness programs are those that have the most people dedicated to managing and supporting it," the cyber security training and education organisation said.
"These larger teams are more effective at working with the security team to identify, track, and prioritise their top human risks, and at engaging, motivating, and training their workforce to manage those risks."
The SANS Institute study ranked maturity by five levels, from lowest to highest: nonexistent, compliance-focused, promoting awareness and behaviour change, long-term sustainment and culture change, and metrics framework. The report found that while approximately 400 respondents said their programs promote awareness and behaviour change - the highest such response for any maturity level - the number represented a 10% decrease from the previous year's report.
Carnival Cruises Torpedoed by US States, Agrees to Pay $6m After Wave of Cyber Attacks
Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyber attacks.
A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based business revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.
It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.
Back in 2019, the security operations team spotted an internal email account sending spam to other addresses. It turned out miscreants had hijacked 124 employee Microsoft Office 365 email accounts, and were using them to send phishing emails to harvest more credentials. This, we're told, gave the intruders access to personal data on 180,000 Carnival employees and customers. It's likely the miscreants first broke in using phishing mails or brute-forcing passwords; either way, there was no multi-factor authentication.
Then in August 2020, the company said it was hit with the aforementioned ransomware, and copies of its files were siphoned. In January 2021, it was infected again with malware, and again sensitive information – specifically, customer passport numbers and dates of birth, and employee credit card numbers – were downloaded. And in March that year, a staffer's work email account was compromised again to send out a phishing email; more sensitive information was exposed.
https://www.theregister.com/2022/06/28/carnival-cybersecurity-fines/
Uber Ex-Security Chief Accused of Hacking Coverup Must Face Fraud Charges, Judge Rules
A federal judge on Tuesday said a former Uber Technologies Inc. security chief must face wire fraud charges over his alleged role in trying to cover up a 2016 hacking that exposed personal information of 57 million passengers and drivers.
The US Department of Justice had in December added the three charges against Joseph Sullivan to an earlier indictment, saying he arranged to pay money to two hackers in exchange for their silence, while trying to conceal the hacking from passengers, drivers and the US Federal Trade Commission.
Threats
Ransomware
Record-Breaking Year for Ransomware Attacks, WatchGuard Research Predicts - MSSP Alert
Cyber Security Experts Warn of Emerging Threat of "Black Basta" Ransomware (thehackernews.com)
AstraLocker 2.0 infects users directly from Word attachments (bleepingcomputer.com)
Black Basta Ransomware Gang Attacks 50 Companies, Cybereason Reports - MSSP Alert
How Dangerous Is BlackBasta Ransomware? (informationsecuritybuzz.com)
LockBit 3.0 Debuts With Ransomware Bug Bounty Program (darkreading.com)
Son of Conti: Ransomware tries its hand at politics - The Record by Recorded Future
Kaseya Ransomware - Cyber Leader’s Thoughts & Learnings One Year Later (informationsecuritybuzz.com)
Are Protection Payments the Future of Ransomware? (tripwire.com)
Conti vs. LockBit: A Comparative Analysis of Ransomware Groups (trendmicro.com)
This new malware is at the heart of the ransomware ecosystem | ZDNet
Macmillan Publishing shuts down systems after likely ransomware attack (bleepingcomputer.com)
Walmart denies being hit by Yanluowang ransomware attack (bleepingcomputer.com)
Fake copyright infringement emails install LockBit ransomware (bleepingcomputer.com)
Cisco Talos techniques uncover ransomware sites on dark web (techtarget.com)
RansomHouse gang claims to have some stolen AMD data • The Register
'Prolific' NetWalker extortionist pleads guilty • The Register
Phishing & Email Based Attacks
Google Warns About Hacker-for-Hire Services Trying to Phish Users (pcmag.com)
Clever phishing method bypasses MFA using Microsoft WebView2 apps (bleepingcomputer.com)
Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)
How phishing attacks are becoming more sophisticated - Help Net Security
How Evilnum Cyber Attacks Target Microsoft Office Files - MSSP Alert
New Matanbuchus Campaign drops Cobalt Strike beacons - Security Affairs
Kaspersky Reveals Phishing Emails That Employees Find Most Confusing (darkreading.com)
Ukraine arrests cyber crime gang operating over 400 phishing sites (bleepingcomputer.com)
Malware
Microsoft finds Raspberry Robin worm in hundreds of Windows networks (bleepingcomputer.com)
Microsoft Exchange servers worldwide backdoored with new malware (bleepingcomputer.com)
Microsoft warning: This malware that targets Linux just got a big update | ZDNet
ZuoRAT Hijacks SOHO Routers From Cisco, Netgear (darkreading.com)
XFiles info-stealing malware adds support for Follina delivery (bleepingcomputer.com)
Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)
PyPi python packages caught sending stolen AWS keys to unsecured sites (bleepingcomputer.com)
Mobile
Android Spyware 'Revive' Upgraded to Banking Trojan - Infosecurity Magazine
Phone Hackers: 9 Ways To Tell If You Have Fallen Victim (informationsecuritybuzz.com)
Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru
Internet of Things – IoT
Data Breaches/Leaks
Leaky Access Tokens Exposed Amazon Photos of Users | Threatpost
California gun dashboards expose 10 years of personal data • The Register
Organised Crime & Criminal Actors
Russia-China cyber criminal collaboration could “destabilize” international order | CSO Online
Canadian admits to hacking spree with Russian cyber-gang - BBC News
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Pentagon finds concerning vulnerabilities on blockchain | TechRepublic
Hackers steal $100m from another breached crypto bridge | TechRadar
Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine
Dozens of cryptography libraries vulnerable to private key theft | The Daily Swig (portswigger.net)
Missing Cryptoqueen: FBI adds Ruja Ignatova to top ten most wanted - BBC News
Singapore warns of ‘brutal, unrelentingly hard’ crypto regs • The Register
Insider Risk and Insider Threats
Rogue HackerOne employee steals bug reports to sell on the side (bleepingcomputer.com)
Japanese worker loses city's personal data in USB fail • The Register
How you handle independent contractors may determine your insider threat risk | CSO Online
Fraud, Scams & Financial Crime
Threat actors increasingly use third parties to run their scams - Help Net Security
Santander Warns of 87% Surge in UK Crypto Scams - Infosecurity Magazine
Evolving online habits have paved the way for fraud. What can we do about it? - Help Net Security
Insurance
Software Supply Chain
It's a Race to Secure the Software Supply Chain — Have You Already Stumbled? (darkreading.com)
Over a Decade in Software Security: What Have We learned? - IT Security Guru
Denial of Service DoS/DDoS
Attack Surface Management
Shadow IT
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
RansomHouse Hackers Claim to Breach AMD With Bad Passwords (gizmodo.com)
Breaking Down the Zola Hack and Why Password Reuse is so Dangerous (bleepingcomputer.com)
Raccoon Stealer is back with a new version to steal your passwords (bleepingcomputer.com)
Social Media
Verified Twitter accounts hacked to send fake suspension notices (bleepingcomputer.com)
Facebook Business Pages Targeted via Chatbot in Data-Harvesting Campaign (darkreading.com)
New YTStealer malware steals accounts from YouTube Creators (bleepingcomputer.com)
Facebook 2FA phish arrives just 28 minutes after scam domain created – Naked Security (sophos.com)
Training, Education and Awareness
Privacy
‘Supercookies’ Have Privacy Experts Sounding the Alarm | WIRED
UK should immediately ban use of live facial recognition, warns report | Financial Times (ft.com)
Snoopers’ Charter Ruled Partially Unlawful - Infosecurity Magazine
We must stop sleepwalking towards a surveillance state | Financial Times (ft.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Manx government department fined over data breach - BBC News
Clearview fine: The unacceptable face of modern surveillance - Help Net Security
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
NATO to create cyber rapid response force, increase cyber defence aid to Ukraine - CyberScoop
Evilnum hackers return in new operation targeting migration orgs (bleepingcomputer.com)
Commercial cyber products must be used responsibly, says NCSC CEO (computerweekly.com)
G7 to tackle cyber threats and disinformation from Russia: communique | Reuters
Google Warns of New Spyware Targeting iOS and Android Users - IT Security Guru
China lured graduate jobseekers into digital espionage | Ars Technica
Nation State Actors
Nation State Actors – Russia
Ukraine targeted by almost 800 cyber attacks since the war started (bleepingcomputer.com)
Russian Hacker Group Says Cyber Attacks Continue On Lithuania (informationsecuritybuzz.com)
Russian hacktivists take down Norway govt sites in DDoS attacks (bleepingcomputer.com)
Russia's Killnet hacker group says it attacked Lithuania | Reuters
Nation State Actors – China
Chinese Hackers Target Building Management Systems | SecurityWeek.Com
China lured graduate jobseekers into digital espionage | Ars Technica
Nation State Actors – North Korea
Vulnerability Management
Why more zero-day vulnerabilities are being found in the wild | CSO Online
Cyber Attacks via Unpatched Systems Cost Orgs More Than Phishing (darkreading.com)
Microsoft's quiet mishandling of vulnerabilities is becoming a public mess - OnMSFT.com
Vulnerabilities
MITRE shares this year's list of most dangerous software bugs (bleepingcomputer.com)
How and why threat actors target Microsoft Active Directory | CSO Online
Atlassian Confluence Exploits Peak at 100K Daily (darkreading.com)
Patch Now: Linux Container-Escape Flaw in Azure Service Fabric (darkreading.com)
Zoho ManageEngine ADAudit Plus bug gets public RCE exploit (bleepingcomputer.com)
OpenSSL 3.0.5 awaits release to fix potential security flaw • The Register
CISA: Adopt Modern Auth now for Exchange Online • The Register
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild (thehackernews.com)
CISA orders agencies to patch Windows LSA bug exploited in the wild (bleepingcomputer.com)
Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware (trendmicro.com)
Jenkins discloses dozens of zero-day bugs in multiple plugins (bleepingcomputer.com)
New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers (thehackernews.com)
Sector Specific
Critical National Infrastructure (CNI)
Financial Services Sector
FinTech
A Fintech Horror Story: How One Company Prioritizes Cyber Security (darkreading.com)
Security and compliance concerns limit ‘open finance’ expansion, say executives (scmagazine.com)
Telecoms
OT, ICS, IIoT, SCADA and Cyber-Physical Systems
APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor (thehackernews.com)
Cyber-Physical Security: Benchmarking to Advance Your Journey | SecurityWeek.Com
Critical Security Flaws Identified in CODESYS ICS Automation Software (thehackernews.com)
Microsoft Exchange bug abused to hack building automation systems (bleepingcomputer.com)
5 Cyber Security Tips for Smart Buildings - IT Security Guru
Chinese Hackers Target Building Management Systems | SecurityWeek.Com
OT security: Helping under-resourced critical infrastructure organisations - Help Net Security
Energy & Utilities
Oil, Gas and Mining
Food and Agriculture
Education and Academia
Web3
Reports Published in the Last Week
Q1 2022 Incident Response Insights from Tetra Defense | Arctic Wolf
Defending Ukraine: Early Lessons from the Cyber War - Microsoft On the Issues
Other News
Cyber Attacks Gain Steam in Early '22: Tetra Defense Report - MSSP Alert
FBI warns crooks are using deepfake videos in job interviews • The Register
Destructive firmware attacks pose a significant threat to businesses - Help Net Security
48% of security practitioners seeing 3x increase in alerts per day - Help Net Security
Adversarial machine learning explained: How attackers disrupt AI and ML systems | CSO Online
82% Cyber Breaches In Verizon’s Report Preventable, Says MyCena (informationsecuritybuzz.com)
SolarWinds hack explained: Everything you need to know (techtarget.com)
Properly securing APIs is becoming increasingly urgent - Help Net Security
97% Of UK Business Leaders Expect Quantum Computing to Disrupt Their Sectors - Infosecurity Magazine
LGBTQ+ folks warned of dating app extortion scams • The Register
What is Zero Trust and why would you want it? • The Register
Tencent admits to poisoned QR code attack on QQ accounts • The Register
Exploring the insecurity of readily available Wi-Fi networks - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.