Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Companies Adopt Board-Level Cyber Security Committees

In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.

Source: [Decipher]

Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High

A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.

Sources: [Dark Reading] [SC Magazine] [Reinsurance News]

Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year

Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.

Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]

More Than 46 Million Potential Cyber Attacks Logged Every Day

New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.

Sources: [Evening Standard] [Proactive] [The Independent]

Fighting Cyber Attacks Requires Top-Down Approach

Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.

Source: [Chief Investment Officer]

Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023

The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.

Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [Security Magazine] [MSSP Alert] [TechRadar]

98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending

Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.

Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]

48% of Organisations Predict Cyber Attack Recovery Could Take Weeks

A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Security Magazine]

Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour

The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.

We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.

Source: [Dark Reading]

How Cyber Security Has Evolved in The Past 20 Years

Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.

The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.

Source: [Forbes]

Rising Global Tensions Could Portend Destructive Hacks

Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.

Source: [Info Risk Today]

Governance, Risk and Compliance

• Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• How to establish a great security awareness culture (att.com)

• More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)

• Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)

• SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

• Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)

• AI-related security fears drive 2024 IT spending - Help Net Security

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Threats

Ransomware, Extortion and Destructive Attacks

• SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)

• Ransomware attacks surge, highlighting need for detection, response tools: Allianz - Reinsurance News

• 2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report (darkreading.com)

• Ransomware is threatening more businesses than ever before | TechRadar

• Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)

• Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

• Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)

• Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Five things organisations don’t consider before a ransomware attack | TechRadar

• Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR

• Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)

• BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)

• Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg

• Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)

• Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News

• Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Should Ransom Payments Be Made Illegal | Intel471

• ThreatLabz state of ransomware report | ITPro | ITPro

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Ransomware Victims

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News

• Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week

• US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)

• Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)

• American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)

• Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)

• Volex dented by cyber attack costs but full-year results are on track | AIM:VLX (proactiveinvestors.co.uk)

• Cyber crims leak patient pics in low blow bid to win ransom • The Register

Phishing & Email Based Attacks

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• Over 200 million malicious emails were detected in Q3 2023 | Security Magazine

• Watch out - that QR code could just be a phishing scam | TechRadar

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Email security threats are more dangerous than ever - here's what you need to know | TechRadar

• What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert

• The US released popular phishing techniques | Inquirer Technology

• Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE

• Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru

Other Social Engineering; Smishing, Vishing, etc

• Social engineering: Hacking minds over bytes (att.com)

Artificial Intelligence

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• New Survey From Abnormal Security Reveals 98% Of Security Leaders Worry About the Risks of Generative AI | Business Wire

• AI-related security fears drive 2024 IT spending - Help Net Security

• Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly

• AI-Based Cyber Attacks Target HR Teams (thehrworld.co.uk)

• Governments, firms should spend more on AI safety, top researchers say | Reuters

• Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• AI risk must be treated as seriously as climate crisis, says Google DeepMind chief | Technology | The Guardian

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)

• Businesses ignorant to gen AI security threats suggests research (ship-technology.com)

• Inside the battle to contain – and capitalise on – artificial intelligence | World news | The Guardian

• AI to Create Demand for Digital Trust Professionals, ISACA Survey Find - Infosecurity Magazine (infosecurity-magazine.com)

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Britain’s Big AI Summit Is a Doom-Obsessed Mess | WIRED

• Oops! When tech innovations create new security threats | CSO Online

• UK officials use AI to decide on issues from benefits to marriage licences | Artificial intelligence (AI) | The Guardian

2FA/MFA

• Okta support system breach highlights need for strong MFA policies | CSO Online

Malware

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• Hackers are using an incredibly sneaky trick to hide malware | Digital Trends

• Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)

• Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)

• Dangerous new malware can crack encrypted USB drives | TechRadar

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• 'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

Mobile

• Android trojan spotted in the wild can record audio and phone calls | ZDNET

• Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)

• iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation (thehackernews.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• A huge amount of financial apps contain security flaws - and this is the best scoring industry | TechRadar

• Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News

• Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)

• Android adware apps on Google Play amass two million installs (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

• Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)

Internet of Things – IoT

• How an explosion of 'smart' devices is threatening US households -- and national security (nypost.com)

• UK government finalises IoT cyber security requirements - Lexology

Data Breaches/Leaks

• Okta says hackers breached its support system and viewed customer files | Ars Technica

• Okta support system breach highlights need for strong MFA policies | CSO Online

• 1Password suffers cyber security incident after latest Okta breach - Tech Monitor

• Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)

• Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)

• City of Philadelphia discloses data breach after five months (bleepingcomputer.com)

• 500k Irish National Police records exposed by third party • The Register

• The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)

Organised Crime & Criminal Actors

• More than 500 potential cyber attacks logged every second, BT says | The Independent

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insider Risk and Insider Threats

• Forget the outside hacker, the bigger threat is inside • The Register

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

Fraud, Scams & Financial Crime

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Online scammers target desperate loan seekers using online fraud | TechRadar

• Christmas scams to watch out for this festive season (nationalworld.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Deepfakes

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insurance

• Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)

• Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra

• Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)

Dark Web

• A Look at Key Dark Web Statistics (2023 Data Update) (techreport.com)

Supply Chain and Third Parties

• 500k Irish National Police records exposed by third party • The Register

Software Supply Chain

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

Cloud/SaaS

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)

• Passwords - not all they are cracked up to be | TechRadar

• 'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)

• 10 Bad Password Habits You Need to Break (howtogeek.com)

Social Media

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• Threat actor is selling access to Facebook and Instagram's Police Portal (securityaffairs.com)

Malvertising

• Malvertisers Using Google Ads to Target Users Searching for Popular Software (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

Regulations, Fines and Legislation

• Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• UK government finalises IoT cyber security requirements - Lexology

• Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199 | Baker Donelson - JDSupra

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Models, Frameworks and Standards

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• CMMC 2.0: What You Need to Know - ClearanceJobs

Backup and Recovery

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

Law Enforcement Action and Take Downs

• Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)

• Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• ‘I’m looking for fewer ways to be traceable, not more’ | Financial Times

• Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)

• ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)

Misinformation, Disinformation and Propaganda

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

• ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)

• International Criminal Court attack was targeted and sophisticated (securityaffairs.com)

• Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)

• It's Time to Establish the NATO of Cyber Security (darkreading.com)

• War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360

• International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

Geopolitical Threats/Activity

• Cyber attacks in the Israel-Hamas war (cloudflare.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

China

• MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)

• Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live

• Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)

Russia

• Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg

• Ukraine's IT army is a world first: here's why it is an important part of the war (theconversation.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International

• Pro-Russia group behind today’s mass cyber attack against Czech institutions - Prague, Czech Republic (expats.cz)

• Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)

• Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)

• Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert

• France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Inside Ukraine's Cyber Army (globelynews.com)

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Ex-NSA techie admits to selling state secrets to Russia • The Register

Iran

• Iran APT Targets the Mediterranean With Watering-Hole Attacks (darkreading.com)

North Korea

• US seizes sites that funnel money from North Korean IT workers for illicit activities | SC Media (scmagazine.com)

• Freelance Market Flooded With North Korean IT Actors (darkreading.com)

Vulnerability Management

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

Vulnerabilities

• Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)

• Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly

• Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)

• CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• Cisco hackers likely taking steps to avoid identification | Computer Weekly

• F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week

• Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)

• Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week

• The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Apple Ships Major iOS, macOS Security Updates - Security Week

• Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica

• ServiceNow quietly fixes 8-year-old data exposure flaw • The Register

Tools and Controls

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Cyber attack response plans need to be in place to avoid chaos - FreightWaves

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• What is Network Segmentation? Virtual & Physical Segmentation | UpGuard

• AI-related security fears drive 2024 IT spending - Help Net Security

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)

• Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

• Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)

• Cyber security concerns grow among physical security professionals | Security Magazine

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Other News

• MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online

• UK Parliament Opens Inquiry into Cyber-Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• Strategies to overcome cyber security misconceptions - Help Net Security

• UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online

• 5 important cyber security takeaways for law firms - Lawyers Weekly

• How Cyber Security Has Evolved In The Past 20 Years (forbes.com)

• HMRC annual report triggers cyber red alert | AccountingWEB

• Oops! When tech innovations create new security threats | CSO Online

• Spooky Cyber Statistics And Trends You Need To Know (forbes.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

• Proactively preventing your company from becoming the next cyber attack headline (betanews.com)

• Cyber security trends 2023 | Allianz Commercial

• Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon

• Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review

• OT cyber attacks proliferating despite growing cyber security spend - Help Net Security

• Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)

• What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)

• Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Boards Need Better Conversations About Cyber Security

In a survey by Harvard Business Review, 65% of directors believed their organisations were at risk of a cyber attack within the next 12 months, and almost half believed they were unprepared to cope with such an attack. Boards that struggle with their role in providing oversight for cyber security create a security problem for their organisations. By not focusing on resilience, boards fail their companies and their stakeholders.

Regarding board interactions with CISOs, just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This is worrying, as this leaves little time for leaders to have a meaningful dialogue about cyber security.

As a result, boards need to discuss their organisations’ cyber security-induced risks and evaluate plans to manage those risks frequently; the CISO should be involved in this. With the right conversations about keeping the organisation resilient, they can take the next step to provide adequate cyber security oversight. To bring more cyber security into the board room, board members may need to gain expertise, whether through frequent training or development programmes.

https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity

• Uber’s Ex-Security Chief Sentenced for Security Breach

Earlier this week, Uber’s former head of cyber security, Joseph Sullivan, faced several years of prison time for covering up a massive security breach at the ride-hailing company seven years ago. When it actually came to sentencing he managed to avoid jail but received three years of probation and 200 hours of community service, despite pleas from the prosecution to throw him in jail.

The case highlights the seriousness of covering up a security breach, as at one point the ex-security chief was looking at 24-30 months of jail time. With increasing regulations and focus on cyber security, it is unlikely that this is a one-off incident.

https://gizmodo.com/uber-security-joe-sullivan-sentenced-prison-data-breach-1850403347

• Global Cyber Attacks Rise by 7% in Q1 2023

Weekly cyber attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1,248 attacks per week according to Check Point’s latest research. The report highlights a number of sophisticated campaigns including using ChatGPT for code generation to help less-skilled threat actors effortlessly launch cyber attacks.

The Check Point report also shows that 1 in 31 organisations worldwide experienced a ransomware attack weekly over the first quarter of 2023. To defend against such threats, the security researchers recommended a series of cyber safety tips, such as keeping computers and servers up-to-date, conducting regular cyber awareness training and utilising better threat prevention tools, among others.

https://www.infosecurity-magazine.com/news/global-cyber-attacks-rise-7-q1-2023/

• Three-Quarters of Firms Predict a Breach in the Coming Year

Most global organisations anticipate suffering a data breach or cyber attack in the next 12 months. Trend Micro’s six-monthly Cyber Risk Index (CRI) was compiled from interviews with 3,729 global organisations.

While results of the index score move in a positive direction showing organisations are taking steps to improve cyber preparedness, most responding organisations are pessimistic about the year ahead.

Respondents pointed to both negligent insiders and mobile users, and a lack of trained staff, as a key cause of concern going forward. Alongside cloud infrastructure and virtual computing environments, these comprised the top five infrastructure risks.

https://www.infosecurity-magazine.com/news/threequarters-firms-predict-breach/

• The Costly Threat That Many Businesses Fail to Address

Insider attacks such as fraud, sabotage, and data theft plague 71% of businesses, according to a recent report. The report found companies that allow excessive data access are much more likely to suffer insider attacks. However, only 57% of companies limit data appropriately while 31% allow employees access to more data than necessary and 12% allow employees access to all company data.

Alarmingly, of the companies that have experienced insider attacks, one in three (34%) report that the attack involved an employee with privileged access. Data theft was the most common type of insider attack, reported by 38% of businesses.

Insider attacks can damage businesses’ reputations, finances, and competitiveness, and therefore companies should take a proactive approach in preventing these incidents.

https://www.helpnetsecurity.com/2023/05/02/insider-attacks-damage/

• European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes

Recent research revealed that European IT and security leaders may be dangerously over-confident in their ability to avoid cyber attacks and mitigate the risk of serious data compromise. The findings reveal that most organisations have suffered a serious cyber attack in the last two years, with over half of respondents saying their company suffered an attack 1 to 3 times in this time period. Worryingly, 20% of respondents claim to have been attacked 4 to 6 times. Only 18% managed to avoid an attack altogether.

Worryingly, three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. Although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.

Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%). Alarmingly, health-related data is classified as a special category data by GDPR, meaning it requires more protection.

https://www.itsecurityguru.org/2023/05/03/european-data-at-risk-with-tick-box-gdpr-compliance-and-high-cyberattack-volumes

• Understanding Cyber Threat Intelligence for Business Security

Cyber threat intelligence is not a solution itself, but a crucial component of any mature security programme, enabling organisations to gain insights into the motives, targets and behaviours of threat actors. As such, it is crucial for businesses looking to protect themselves from the ever-evolving cyber threat landscape.

Some of the benefits of effective cyber threat intelligence to a business include early threat detection, improved response, regulation compliance, competitive advantage and cost savings. It is important to highlight that an organisation does not need to come up with their own cyber threat intelligence initiative, it can instead be purchased as a service.

https://www.forbes.com/sites/forbestechcouncil/2023/05/04/understanding-cyber-threat-intelligence-for-business-security

• Hackers Are Finding Ways to Evade Latest Cyber Security Tools

As hacking has gotten more destructive and pervasive, new defensive tools continue to be developed. One such tool is called endpoint detection and response (EDR) software, it’s designed to spot early signs of malicious activity on laptops, servers and other devices known as “endpoints” on a computer network — and block them before intruders can steal data or lock the machines.

Experts however, claim hackers have developed workarounds for some forms of the technology, allowing them to slip past products that have become the gold standard for protecting critical systems. Security software is not enough on its own, it is just one of the layers of defence that organisations should employ as part of their cyber resilience; there is no silver bullet.

https://finance.yahoo.com/news/hackers-finding-ways-evade-latest-131600565.html

• Study Shows a 27% Spike in Publicly Known Ransomware Victims

A report released this week highlights a 27% increase in publicly known ransomware victims in the first quarter of the year. Some of the report’s key findings include the fact that manufacturing, technology, education, banking, finance, and healthcare organisations are the largest to be exposed to ransomware.

The report identified an increase in the use of “double extortion” as an attack model. This method is where ransomware groups not only encrypt files but also exfiltrate data. The top five most active ransomware threat actors are LockBit, Clop, AlphV, Royal and BianLian.

https://www.msspalert.com/cybersecurity-news/guidepoint-study-shows-a-27-spike-in-public-ransomware-victims/

• Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves

A recent report found while the number of ransomware incidents that firms responded to dipped in early 2022, it came roaring back toward the end of the year and into early 2023. With this came higher ransom demands and, eventually, payments. The largest ransom demand last year was more than $90 million, with the largest payment exceeding $8 million. Both were larger than in 2021 (more than $60 million and $5.5 million respectively).

Ransomware groups are upping their attacks all the time and you don’t want to be an easy target.

https://www.theregister.com/2023/05/02/data_breach_costs_rise/

• Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers

In a significant ruling this week a court in the US found that pharmaceutical company Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection from 2017. The ruling will also undoubtedly affect the language used in underwriting policies, especially when it comes to risks such as ransomware and cyber warfare.

https://www.theregister.com/2023/05/03/merck_14bn_insurance_payout_upheld/

• 4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus

The technology industry has long been building walls around structured data and communications—with little consideration of how employees use that information. Outlined below are four 4 ways leaders can better protect raw data.

• Recognise that priorities have evolved.

• Understand that security burdens have changed.

• Understand why, despite best efforts, criminals are still successful.

• Evaluate the ways in which you are protecting your most vulnerable data.

https://www.forbes.com/sites/forbesbusinessdevelopmentcouncil/2023/05/02/4-ways-leaders-should-reevaluate-their-cybersecuritys-focus/

Threats

Ransomware, Extortion and Destructive Attacks

• Data loss costs go up, and not just from ransom shakedowns • The Register

• Pension watchdog probes Capita data hack (thetimes.co.uk)

• To Fight Ransomware, Move Beyond Detection to Real-Time Response, Fortinet Study Says - MSSP Alert

• Using Threat Intelligence to Get Smarter About Ransomware – Security Week

• Merck's $1.4B NotPetya insurance payout upheld by court • The Register

• GuidePoint Study Shows a 27% Spike in Public Ransomware Victims - MSSP Alert

• Rapture, a Ransomware Family With Similarities to Paradise (trendmicro.com)

• The Tragic Fallout From a School District’s Ransomware Breach | WIRED

• Hackers leak images to taunt Western Digital's cyber attack response (bleepingcomputer.com)

• ‘Big game hunting’ hackers ALPHV claim major breach of law firm HWL Ebsworth (afr.com)

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

• BlackCat group releases screenshots of stolen Western Digital data | CSO Online

• Ransomware Attack Affects Dallas Police, Court Websites – Security Week

• Studies show ransomware has already caused patient deaths | TechTarget

• Cold storage giant Americold outage caused by network breach (bleepingcomputer.com)

• Brightline Hack Exposes Data of Over 780,000 Child Mental Health Patients - Infosecurity Magazine (infosecurity-magazine.com)

• Payment software giant AvidXchange suffers its second ransomware attack of 2023 | TechCrunch

• Ransomware Attack Disrupts IT Network at Hardenhuish School - Infosecurity Magazine (infosecurity-magazine.com)

• City of Dallas hit by Royal ransomware attack impacting IT services (bleepingcomputer.com)

• Ransomware gang hijacks university alert system to issue threats (bleepingcomputer.com)

• Cyber attack cost conveyancing giant £7m - but the insurers paid up | News | Law Gazette

• Bitmarck Halts Operations Due to Cyber security Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Teiss - News - Lockbit 3.0 targets Fullerton India, demands a £2.3 million ransom

Phishing & Email Based Attacks

• Malicious HTML Attachment Volumes Surge - Infosecurity Magazine (infosecurity-magazine.com)

• A Comprehensive Look At Email-Based Threats In 2023 (informationsecuritybuzz.com)

• How to Spot a ChatGPT Phishing Website (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Crooks show they don't need ChatGPT to scam victims • The Register

Malware

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)

• Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram – Naked Security (sophos.com)

• Security experts are using malware's own code to protect potential victims | TechSpot

• New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks (thehackernews.com)

• How to Detect and Remove a Keylogger From Your Computer (howtogeek.com)

• Hackers start using double DLL sideloading to evade detection (bleepingcomputer.com)

• Anatomy of a Malicious Package Attack (darkreading.com)

Mobile

• Android Apps Fail to Protect User Data During Device Transfer - Infosecurity Magazine (infosecurity-magazine.com)

• Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register

• Google fought a mountain of malware in 2022 | Android Central

• Google Bans Thousands of Play Store Developer Accounts to Block Malware (darkreading.com)

• Digital Intruders – Top Ways Hackers Can Breach Your Smartphone’s Security (freecodecamp.org)

• Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)

Botnets

• Cyber criminals use proxies to legitimise fraudulent requests - Help Net Security

• Bot Attacks Are Easy to Launch, Human Security Reports - MSSP Alert

Denial of Service/DoS/DDOS

• What’s the Difference Between a DOS and DDoS Attack? (howtogeek.com)

Internet of Things – IoT

• Top 5 IoT Security Risks In 2023 - The Cyber Express

• Hackers exploit 5-year-old unpatched flaw in TBK DVR devices (bleepingcomputer.com)

• CISA warns of Mirai botnet exploiting TP-Link routers • The Register

• Drone goggles maker claims firmware sabotaged to ‘brick’ devices (bleepingcomputer.com)

Data Breaches/Leaks

• Three-Quarters of Firms Predict Breach in Coming Year - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attack sparks fears that criminals could target UK gun owners for firearms | Cyber crime | The Guardian

• UK Gun Owners May Be Targeted After Rifle Association Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Kodi Forum Data Breach - Lessons Learned, Actions Taken | News | Kodi

• T-Mobile suffered the second data breach in 2023 - Security Affairs

• Sensitive data is being leaked from servers running Salesforce software | Ars Technica

• ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)

• Sensitive files about Royal Navy submarine reportedly found in pub toilet | Royal Navy | The Guardian

• Millions of patients’ data confirmed stolen after Fortra mass-hack | TechCrunch

• TikTok security breach allowed attackers to leak personal information (ynetnews.com)

Organised Crime & Criminal Actors

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market-Security Affairs

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Man Gets Four Years for Stealing Bitcoin Seized by Feds - Infosecurity Magazine (infosecurity-magazine.com)

• Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram – Naked Security (sophos.com)

• Crooks broke into AT&T email accounts to empty their crypto wallets - Security Affairs

• Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)

• Hackers stole $93M from crypto projects in April (cryptoslate.com)

Insider Risk and Insider Threats

• The costly threat that many businesses fail to address - Help Net Security

• The hidden security risks in tech layoffs and how to mitigate them | CSO Online

Fraud, Scams & Financial Crime

• Hackers swap stealth for realistic checkout forms to steal credit cards (bleepingcomputer.com)

• Advanced Fee Fraud Surges by Over 600% - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals use proxies to legitimize fraudulent requests - Help Net Security

• UK to ban all cold calls selling financial products - BBC News

• Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)

• UK intelligence agencies to step up anti-fraud efforts | Financial Times (ft.com)

• National Crime Agency urged to crush rogue US candy stores (thetimes.co.uk)

• Clampdown on cold calls and mass texting technology announced in UK | Scams | The Guardian

AML/CFT/Sanctions

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

Dark Web

• Why the Things You Don't Know about the Dark Web May Be Your Biggest Cyber security Threat (thehackernews.com)

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market - Security Affairs

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week

Supply Chain and Third Parties

• How to keep calm and carry on in a supply chain attack • The Register

• Pension watchdog probes Capita data hack (thetimes.co.uk)

• SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED

• DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED

• Aviva says it thinks customer data secure after Capita cyber attack (proactiveinvestors.co.uk)

Cloud/SaaS

• Using just-in-time access to reduce cloud security risk - Help Net Security

• Cloud security threats are growing faster than ever | TechRadar

Hybrid/Remote Working

• Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)

• White House seeks information on tools used for automated employee surveillance | Computerworld

Attack Surface Management

• Reigning in ‘Out-of-Control’ Devices – Security Week

Encryption

• The UK’s online safety bill will not keep us safe | Financial Times (ft.com)

API

• Report shows 92% of orgs experienced an API security incident last year | VentureBeat

• Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)

• OpenAI Threatens Popular GitHub Project With Lawsuit Over API Use | Tom's Hardware (tomshardware.com)

• 5 API security best practices you must implement - Help Net Security

• Enterprise Strategy Group Research Reveals 75% of Organisations Change or Update APIs on a Daily or Weekly Basis (darkreading.com)

• Top API vulnerabilities organisations can't afford to ignore - Help Net Security

Open Source

• Unpaid open source maintainers struggle with increased security demands - Help Net Security

• Anatomy of a Malicious Package Attack (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• Your passwords could be cracked using thermal cameras powered by AI | TechRadar

• Your Google Account is getting rid of its password (androidpolice.com)

• PSA. Don’t share your password in your app’s release notes • Graham Cluley

Social Media

• TikTok security breach allowed attackers to leak personal information (ynetnews.com)

• Twitter outage logs you out and won’t let you back in (bleepingcomputer.com)

• Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register

• Strike 3: FTC says Meta still failing to protect privacy • The Register

Malvertising

• Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)

• LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads (thehackernews.com)

Regulations, Fines and Legislation

• European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru

• UK readers may lose access to Wikipedia amid online safety bill requirements | UK news | The Guardian

• White House unveils AI rules to address safety and privacy | Computerworld

Governance, Risk and Compliance

• Hackers Are Finding Ways to Evade Latest Cyber security Tools (yahoo.com)

• Global Cyber Attacks Rise by 7% in Q1 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• There’s No Silver Bullet for Cyber security (hbr.org)

• European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru

• Data loss costs go up, and not just from ransom shakedowns • The Register

• Boards Are Having the Wrong Conversations About Cyber security (hbr.org)

• Three-Quarters of Firms Predict Breach in Coming Year - Infosecurity Magazine (infosecurity-magazine.com)

• Uber Ex-Security Chief Joe Sullivan to Be Sentenced for Breach (gizmodo.com)

• Trends and Insights from the New Global Threat Intelligence Report - MSSP Alert

• Why Your Detection-First Security Approach Isn't Working (thehackernews.com)

• How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)

• Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)

• Reducing Your Attack Surface: A Practical Approach To Vulnerability Remediation And Management (forbes.com)

• What the Cyber security Industry Can Learn From the SVB Crisis (darkreading.com)

• 4 Ways Leaders Should Reevaluate Their Cyber security's Focus (forbes.com)

• Optimising Cyber Security Costs In A Recession (informationsecuritybuzz.com)

• Malicious content lurks all over the web - Help Net Security

• Microsoft Digital Defence Report: Key Cyber crime Trends (darkreading.com)

• Closing up holes: Infoseccers on being less reactive • The Register

• Organisations brace for cyber attacks despite improved preparedness - Help Net Security

• Global Cyber Risk Lowers to Moderate Level in 2H' 2022 (trendmicro.com)

• Japan’s ‘myth of security’ raises cyber attack risk | Financial Times (ft.com)

Secure Disposal

• Your decommissioned routers could be a security disaster | Network World

Careers, Working in Cyber and Information Security

• The importance of being certified • The Register

• UK Cyber Security Council launches certification mapping tool - Help Net Security

• DHS’ cyber talent management system slowly gaining traction | Federal News Network

• The warning signs for security analyst burnout and ways to prevent - Help Net Security

• Google Launches Cyber security Career Certificate Program (darkreading.com)

Law Enforcement Action and Take Downs

• SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market - Security Affairs

• FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)

• US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Open Banking: A Perfect Storm for Security and Privacy? - SecurityWeek

• Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)

• Apple and Google Team Up to Stop Unwanted Tracking by AirTags, Other Devices - CNET

• White House seeks information on tools used for automated employee surveillance | Computerworld

• Strike 3: FTC says Meta still failing to protect privacy • The Register

Artificial Intelligence

• 5 ways threat actors can use ChatGPT to enhance attacks | CSO Online

• Workers are secretly using ChatGPT, AI, with big risks for companies (cnbc.com)

• AI will do 'real damage', warns Microsoft chief (telegraph.co.uk)

• Microsoft’s chief economist says A.I. can be dangerous | Fortune

• It's time to harden AI and ML for cyber security | TechTarget

• Stop using generative-AI tools, Samsung orders staff | Digital Trends

• ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)

• How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)

• PrivateGPT Tackles Sensitive Info in ChatGPT Prompts (darkreading.com)

• Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register

• How AI is reshaping the cyber security landscape - Help Net Security

• White House unveils AI rules to address safety and privacy | Computerworld

• How to Spot a ChatGPT Phishing Website (darkreading.com)

Misinformation, Disinformation and Propaganda

• Is misinformation the newest malware? | CSO Online

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (bleepingcomputer.com)

• Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services - SecurityWeek

• Cat and mouse game: Russian satellite appears to chase US military satellite in space (firstpost.com)

• Russian APT Nomadic Octopus hacked Tajikistani carrier - Security Affairs

• Russia’s APT28 targets Ukraine with bogus Windows updates • The Register

• Russian spy network smuggles sensitive EU tech despite sanctions | Financial Times (ft.com)

• Finnish newspaper hides Ukraine news reports for Russians in online game | Censorship | The Guardian

• Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)

Nation State Actors

• APT groups muddying the waters for MSPs | WeLiveSecurity

• China’s Hackers Vastly Outnumber US. Cyber Agents by 50 to 1, FBI Director Testifies - MSSP Alert

• Chinese APT Uses New 'Stack Rumbling' Technique to Disable Security Software - SecurityWeek

• China 'Innovated' Its Cyber attack Tradecraft, Mandia Says (darkreading.com)

• 'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware (darkreading.com)

• APT41 Subgroup Plows Through Asia-Pacific, Utilizing Layered Stealth Tactics (darkreading.com)

• APT41’s PowerShell Backdoor Download Files From Windows (cyber securitynews.com)

• US Chamber of Commerce warns of major increase in risks for businesses in China | CNN Business

• China’s ‘men in black’ step up scrutiny of foreign corporate sleuths | Financial Times (ft.com)

• Microsoft says Iranian hackers combine influence ops with hacking for maximum impact | CyberScoop

• BouldSpy Android Spyware: Iranian Government's Alleged Tool for Spying on Minority Groups (thehackernews.com)

• Attack on Security Titans: Earth Longzhi Returns With New Tricks (trendmicro.com)

• North Korean APT Gets Around Macro-Blocking With LNK Switch-Up (darkreading.com)

• ‘We have survived!’: China’s Huawei goes local in response to US sanctions | Financial Times (ft.com)

• Apple is a Chinese company | Financial Times (ft.com)

• Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)

• China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register

• Kimsuky hackers use new recon tool to find security gaps (bleepingcomputer.com)

Vulnerability Management

• Reducing Your Attack Surface: A Practical Approach To Vulnerability Remediation And Management (forbes.com)

Vulnerabilities

• WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin (searchenginejournal.com)

• Cisco discloses a bug in Prime Collaboration Deployment solution - Security Affairs

• Cisco Warns of Critical Vulnerability in EoL Phone Adapters - SecurityWeek

• Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register

• Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now (thehackernews.com)

• Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software (thehackernews.com)

• AMD TPM Exploit: faulTPM Attack Defeats BitLocker and TPM-Based Security (Updated) (msn.com)

• Chrome 113 Released With 15 Security Patches - SecurityWeek

• Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation - SecurityWeek

• Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)

• Apple Releases First-Ever Security Updates for Beats, AirPods Headphones - SecurityWeek

• Some of the top AMD chips are suffering a serious security flaw | TechRadar

Tools and Controls

• How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)

• 86 percent of developers knowingly deploy vulnerable code (betanews.com)

• The hidden security risks in tech layoffs and how to mitigate them | CSO Online

• Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)

• Reigning in ‘Out-of-Control’ Devices – Security Week

• ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)

• The pros and cons of VPNs for enterprises | TechTarget

• It's time to harden AI and ML for cyber security | TechTarget

• Using just-in-time access to reduce cloud security risk - Help Net Security

• Using multiple solutions adds complexity to your zero trust strategy - Help Net Security

• Your decommissioned routers could be a security disaster | Network World

• Wanted Dead or Alive: Real-Time Protection Against Lateral Movement (thehackernews.com)

• 5 API security best practices you must implement - Help Net Security

• 3 questions CISOs expect you to answer during a security pitch | TechCrunch

• Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)

• 4 Principles for Creating a New Blueprint for Secure Software Development (darkreading.com)

• How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)

• AppSec Making Progress or Spinning Its Wheels? (darkreading.com)

• Windows admins can now sign up for ‘known issue’ email alerts (bleepingcomputer.com)

• Top API vulnerabilities organisations can't afford to ignore - Help Net Security

• How AI is reshaping the cyber security landscape - Help Net Security

• Getting cyber-resilience right in a zero-trust world starts at the endpoint | VentureBeat

• Practical Protection: Limiting the Damage from Local Admin Accounts (practical365.com)

• To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)

• Using Threat Intelligence to Get Smarter About Ransomware – Security Week

• New Generative AI Tools Aim to Improve Security (darkreading.com)

Other News

• Firmware Looms as the Next Frontier for Cyber security (darkreading.com)

• Open Banking: A Perfect Storm for Security and Privacy? – Security Week

• Malicious content lurks all over the web - Help Net Security

• How Public-Private Information Sharing Can Level the Cyber security Playing Field (darkreading.com)

• Eric Idle tells RSAC to look in the bright side of life • The Register

• Your decommissioned routers could be a security disaster | Network World

• FBI Focuses on Cyber security With $90M Budget Request (darkreading.com)

• Google will remove secure website indicators in Chrome 117 (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.