Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 17 May 2024
Black Arrow Cyber Threat Intelligence Briefing 17 May 2024:
-Social Engineering is the Biggest Cyber Threat as Study Finds Most Workers Have Clicked on a Suspicious Email Link
-Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor
-ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before
-Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks
-Why Cyber Insurance isn’t a Substitute for Cyber Risk Management
-China Presents Defining Challenge to Global Cyber Security, Says GCHQ
-Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign
-Global Financial Stability at Risk Due to Cyber Threats, IMF warns
-Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls
-Santander Data Breach via Third-Party Provider Impacted Customers and Employees
-40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs
-Digital Resilience – a Step Up from Cyber Security
-UK Lags Europe on Exploited Vulnerability Remediation
-Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Social Engineering is the Biggest Cyber Threat, as Study Finds Most Workers Have Clicked on a Suspicious Email Link
According to a recent report, half of office workers have clicked on a link or attachment within a suspicious email sent to their work address within the last 12 months, and of those that interacted with the email, half of them claimed to be confident in their ability to identify phishing emails.
With 68% of breaches involving the human element, your organisation must be cognisant of its employees. Hackers know that no matter what your tech stack is, you will always have employees and where there is an employee, there is a way into your organisation. It is far cheaper to exploit an employee who already has the access you require, than to develop a new exploit. It only takes one human to make a mistake by granting access to an attacker.
When it came to training, only 41% of respondents said their employer had provided formal cyber security awareness training and 79% said their previous training is not sufficient to keep pace with modern cyber threats.
Source: [HackerNoon] [BusinessPlus]
Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor
A recent report commissioned by BT reveals that 86% of UK business leaders suffer from 'tech-related stress,' particularly concerning AI and cyber security, a phenomenon they have termed as 'Bytmares.' The report found that 59% of business leaders worry about the rapid and relentless pace of tech advancement, and whether appropriate controls are in place to protect it.
According to a different survey, 74% of business leaders view cyber security incidents as the main disruptive threat to their organisations either currently or over the next twelve months. This was followed by cloud computing, internet of things and artificial intelligence.
These findings highlight the critical importance of robust cyber security measures in today’s interconnected world. As organisations increasingly rely on digital infrastructure, safeguarding sensitive data and systems becomes paramount. Cyber threats can disrupt operations, compromise customer trust, and result in financial losses. Remember, cyber security is not just an IT concern; it is a strategic imperative for every organisation.
Sources: [Beta News] [Telecoms] [Verdict]
ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before
A recent update from the UK’s Information Commissioner’s Office (ICO) has revealed that ransomware attacks in the UK have surpassed all previous years, up 52% from the previous year. The report found that finance, retail and education sectors are suffering the most incidents.
The leading causes of breaches include phishing, brute force attacks, errors and supply chain attacks. The ICO noted that many organisations still neglect basic cyber security measures and has called for enhanced efforts to combat the escalating threat, emphasising the importance of foundational controls.
Sources: [Tech Monitor] [Government Business] [The Record Media] [Tech Monitor]
Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks
The latest Verizon Business Data Breach Investigations Report (DBIR) highlights that employee error is the leading cause of cyber security incidents in the EMEA region, accounting for 49% of cases. The top reasons for these incidents are “miscellaneous errors, system intrusion, and social engineering,” making up 87% of all breaches. Hackers primarily target personal information (64%), internal data (33%), and login credentials (20%). Despite zero-day vulnerabilities being a significant threat, with exploitation rising to 14% of breaches, the report emphasises the critical need for ongoing employee training and awareness to mitigate these risks.
Source: [TechRadar]
Why Cyber Insurance isn’t a Substitute for Cyber Risk Management
While cyber insurance can be beneficial in mitigating financial loss from cyber attacks, it is not a substitute for comprehensive cyber risk management. Many firms with cyber insurance have still fallen victim to attacks, highlighting that cyber insurance primarily transfers residual risk. Effective cyber risk management includes conducting proper risk assessments and implementing robust cyber security controls. Cyber insurance cannot resolve issues like business disruption, breach of client confidentiality, and compliance with legal obligations; this stresses the need for proactive measures and independent assurance to protect against cyber threats.
Source: [ Law Society of Scotland]
China Presents Defining Challenge to Global Cyber Security, Says GCHQ
A recent speech by the new director of the UK’s GCHQ highlighted China's growing cyber threat, describing it as an "epoch-defining challenge." She warned that China's destabilising actions undermine global internet security. The current head of the UKs’ NCSC echoed these concerns, pointing to the Chinese state-sponsored hacking group Volt Typhoon which has infiltrated critical sectors like energy and transportation. The National Cyber Director at the White House added that China’s cyber capabilities pose a significant threat to global infrastructure, particularly in crisis scenarios, as Chinese hackers increasingly use sophisticated techniques to pre-position within networks.
Source: [Infosecurity Magazine]
Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign
Since April, millions of phishing emails have been sent through a botnet known as “Phorpiex” to conduct a large-scale LockBit Black ransomware campaign. In a warning from New Jersey’s Cybersecurity and Communications Integration Cell, it was explained that the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The emails are sent from 1,500 unique IP addresses worldwide.
Sources: [Bleeping Computer]
Global Financial Stability at Risk Due to Cyber Threats, IMF warns
A new International Monetary Fund (IMF) report highlights the severe threat cyber attacks pose to global financial stability, revealing that nearly 20% of reported cyber incidents in the past two decades targeted the financial sector, causing $12 billion in direct losses. Since 2020, these attacks have led to an estimated $2.5 billion in direct losses. The report underscores that cyber incidents threaten financial institutions' operational resilience, potentially leading to funding challenges and reputational damage. The IMF calls for bolstered cyber security measures, including stress testing, information-sharing arrangements, and enhanced national cyber security strategies to mitigate these growing risks.
Source: [World Economic Forum]
Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls
An ongoing social engineering campaign that is bombarding enterprises with spam calls and emails has been uncovered. The campaign involves a threat actor overwhelming a user’s email with junk, followed by a call offering to assist in removing the junk. From here, the threat actor aims to convince the victim to download remote monitoring and management software such as AnyDesk or Microsoft’s built in Quick Assist feature to allow the attacker remote access to the victim’s machine.
Source: [The Hacker News]
Santander Data Breach via Third-Party Provider Impacted Customers and Employees
A recent disclosure by the Spanish bank Santander revealed a data breach at a third-party provider affecting customers in Chile, Spain, and Uruguay. Unauthorised access to a database hosted by the provider compromised information on all current and some former employees, but did not include transactional data, online banking details, or passwords. Santander said they swiftly implemented measures to contain the incident, blocking access to the compromised database and enhancing fraud prevention controls. The bank assured that its operations and systems remain unaffected, allowing customers to continue transacting securely. The number of impacted individuals remains unspecified.
There is a continued trend in third party providers being used as the soft underbelly to attack larger and better defended organisations, requiring all organisations to consider the security controls of their third parties.
Source: [securityaffairs.com]
40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs
Recent research has revealed that 40% of cyber teams have not reported a cyber attack due to the fear of losing their job. Unfortunately, this leaves businesses at risk of being non-compliant, without even knowing so. When it came to challenges faced by organisations, it was found that nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyber attacks and 32% did not have the resources to hire new staff. This is not to say however, they are unable to outsource some of their cyber function to cyber specialists. This lack of allocated resources prevents the organisation from being confident that any incidents have been appropriately remediated.
Source: [Business Wire]
Digital Resilience – a Step Up from Cyber Security
In an increasingly digital world, many organisations are unaware of how truly reliant they are on digital technology, and the accompanying risks. As we move toward an even more digitally dependent future, the need for digital resilience is more critical than ever. Digital resilience refers to the ability to maintain, change, or recover technology-dependent operations. Organisations should begin with an internal audit to assess their digital resilience, involving all departments and ensuring senior management oversight, as board involvement is essential for effective cyber security programmes.
Digital resilience goes beyond cyber security to encompass change management, business resilience, and operational risk. Implementing digital resilience strategies requires continuous adaptation, cross-functional collaboration, and embedding resilience thinking throughout the organisation. Businesses must integrate digital resilience into their strategic planning to ensure ongoing competitiveness and adaptability in an ever-evolving digital landscape.
Sources: [CSO Online] [CSO Online]
UK Lags Europe on Exploited Vulnerability Remediation
A new report by Bitsight reveals that UK organisations lag behind their European counterparts in remediating software flaws listed in the US ‘Known Exploited Vulnerability’ (KEV) catalogue. UK organisations take an average of 225 days to address KEVs, compared to 220 days for European entities and just 21 days for German organisations. Non-KEV vulnerabilities are patched at an even slower rate, with UK entities taking over two years (736 days) to patch. Globally, the average time to resolve KEVs is around six months (180 days). Despite fewer KEVs detected in UK environments (30% versus 43% in Europe), the slow remediation poses significant risks, emphasising the need for faster and more proactive cyber security measures, specifically robust vulnerability scanning and patching.
Source: [Infosecurity Magazine]
Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments
A recent discussion at the British Insurance Brokers' Association (BIBA) conference highlighted the increasing importance of cyber security for businesses, driven by the surge in cyber attacks and the use of AI by criminal gangs. Zurich Resilience Solutions UK noted that businesses face greater scrutiny from underwriters over their cyber exposures.
BIBA, together with the Association of British Insurers (ABI), and the International Underwriting Association (IUA), have united with the UK’s National Cyber Security Centre (NCSC) in a joint effort to tackle ransom payments. As a result of their collaboration, they have published new best practice guidance, which aims to reduce the number of payments being made by UK victims as well as the disruption businesses face.
Source: [Emerging Risks] [NCSC] [Infosecurity Magazine]
Governance, Risk and Compliance
Business leaders consider cyber security main disruptor – Q1 2024 survey - Verdict
The Growing Cyber Security Disconnect Leaves Enterprises Exposed (forbes.com)
Cyber threats demand more focus – Zurich (emergingrisks.co.uk)
Digital resilience – a step up from cyber security | CSO Online
UK business leaders are stressing out over pace of technological change (telecoms.com)
Cyber attacks threaten global financial stability, IMF warns | World Economic Forum (weforum.org)
BISO: Enhancing cyber security in modern enterprises - SiliconANGLE
Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)
Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)
Maximizing cyber security ROI: A strategic approach | TechRadar
Many CISOs don't feel they get the right respect from their board | TechRadar
Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)
Are you meeting your cyber insurance requirements? - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)
UK hit by more ransomware and cyber attacks last year than ever before (therecord.media)
The ups and downs (and ups again) of the ransomware risk - Digital Journal
Hackers Target Children of Corporate Executives in Ransomware Attacks (businessinsider.com)
CISA: Black Basta ransomware breached over 500 orgs worldwide (bleepingcomputer.com)
Cyber attacks leave significant financial impact on hacked organisations (kwch.com)
As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)
UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)
The UK may not have a choice on a ransomware payment ban | Computer Weekly
64% Jump in Ransomware Claims on Remote Access Tools, Report Shows (claimsjournal.com)
Organisations struggle to defend against ransomware - Help Net Security
Ransomware statistics that reveal alarming rate of cyber extortion - Help Net Security
Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET
Ransomware negotiator weighs in on the payment debate • The Register
OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta
INC ransomware source code selling on hacking forums for $300,000 (bleepingcomputer.com)
Ransomware Defence Strategies: Never Trust a Criminal (inforisktoday.com)
Ransomware Victims
More than 470 legal actions against HSE over cyber attack (rte.ie)
Christie's Just Postponed the Rare Watches Auction Due to Cyber Attack (robbreport.com)
Singing River Health System: Data of 895,000 stolen in ransomware attack (bleepingcomputer.com)
Repeat Offenders: Black Basta’s Latest Healthcare Cyber Attack (informationweek.com)
E-prescription provider MediSecure impacted by a ransomware attack (securityaffairs.com)
Phishing & Email Based Attacks
Most Workers Have Clicked on a Suspicious Email Link (businessplus.ie)
Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)
Stay In The Loop On Emerging And Evolving Email Threat Trends (informationsecuritybuzz.com)
Collaboration tools are now at the frontline in the battle against phishing (securitybrief.co.nz)
5 Common Phishing Vectors and Examples - 2024 (cybersecuritynews.com)
BEC
Other Social Engineering
Low-tech tactics still top the IT security risk chart | CSO Online
Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls (thehackernews.com)
What is vishing and quishing, and how do you protect yourself? | PCWorld
Beware of fake calls, ward off cyber criminals: Govt - The Statesman
OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta
Artificial Intelligence
UK agency releases tools to test AI model safety | TechCrunch
Security industry struggles to consolidate against AI threats - SiliconANGLE
Cyber Security Races to Unmask New Wave of AI Deepfakes (darkreading.com)
Only one-third of firms deploy safeguards against generative AI threats, report finds | CIO Dive
CISOs Reconsider Their Roles in Response to GenAI Integration - Security Boulevard
AI's rapid growth puts pressure on CISOs to adapt to new security risks - Help Net Security
AI-driven attacks seen as chief cloud security threat | TechTarget
The Cyber Security Survival Guide For Generative AI (forbes.com)
2FA/MFA
Malware
Malware was almost 50% of threat detections in Q1 2024 | Security Magazine
North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (thehackernews.com)
Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)
Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)
Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)
Mobile
Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials (thehackernews.com)
Google Issues Critical Update For Millions Of Pixel Users (forbes.com)
Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week
Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com)
Apple warns of increased iPhone security risks – Computerworld
Unwanted Tracking Alerts Rolling Out to iOS, Android - Security Week
Apple blocked $7 billion in fraudulent App Store purchases in 4 years (bleepingcomputer.com)
Android boosting security with Theft Detection Lock, factory reset protection (9to5google.com)
Data Privacy: All the Ways Your Cellphone Carrier Tracks You and How to Stop It
Your Android phone could have stalkerware — here’s how to remove it | TechCrunch
Internet of Things – IoT
Attack makes autonomous vehicle tech ignore road signs • The Register
Millions of IoT Devices at Risk From Integrated Modem (darkreading.com)
Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)
IoT Vulnerabilities and BotNet Infections: A Risk for Executives - Security Boulevard
Data Breaches/Leaks
Over 5.3 billion data records exposed in April 2024 | Computer Weekly
MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian
Data breaches are getting worse - and many are coming from a familiar source | TechRadar
Notorious threat actor IntelBroker claims the hack of the Europol (securityaffairs.com)
Hacker claims another breach into Dell systems | SC Media (scmagazine.com)
Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)
Hacker claims to have stolen Dell customer data, twice. Here's how to protect yourself | ZDNET
Santander Data Breach Impacts Customers, Employees - Security Week
The legal sector's data breach conundrum: insights from ICO's latest report - Solicitors Journal
JPMorgan Fixes Security Flaw, Affects 450K Retirement Plans | Entrepreneur
Europol confirms incident after data break-in claims • The Register
Largest non-bank lender in Australia warns of a data breach (bleepingcomputer.com)
Guernsey data breaches: More than 1,000 people affected - BBC News
Up to 120,000 affected by data breach at City of Helsinki (helsinkitimes.fi)
Camden Council cyber attack warning after NRS Healthcare cyber attack | Ham & High (hamhigh.co.uk)
Lessons learned from high-profile data breaches | TechTarget
Zscaler Confirms Only Isolated Test Server Was Hacked - Security Week
Nissan North America data breach impacts over 53,000 employees (bleepingcomputer.com)
Organised Crime & Criminal Actors
FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)
Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)
FBI working towards nabbing Scattered Spider hackers, official says | Reuters
Low-tech tactics still top the IT security risk chart | CSO Online
Top 5 Most Dangerous Cyber Threats in 2024 (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)
Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)
US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News
Insider Risk and Insider Threats
Low-tech tactics still top the IT security risk chart | CSO Online
Data breaches are getting worse - and many are coming from a familiar source | TechRadar
The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)
CISOs call to ditch the 'stigma of blame' in cyber security (computing.co.uk)
Insurance
NCSC guide to help businesses facing ransomware demands (biba.org.uk)
UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)
Lloyd’s provides tighter guidance on cyber war wordings | Insurance Insider
Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)
Are you meeting your cyber insurance requirements? - Help Net Security
Supply Chain and Third Parties
Cloud/SaaS
How to create a cloud security policy, step by step | TechTarget
AI-driven attacks seen as chief cloud security threat | TechTarget
Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)
Secrecy Concerns Mount Over Spy Powers Targeting US Data Centres | WIRED
Encryption
Linux and Open Source
Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)
Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)
Establishing a security baseline for open source projects - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Training, Education and Awareness
Regulations, Fines and Legislation
Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)
Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online
Nigeria Halts Cyber Security Tax After Public Outrage (darkreading.com)
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
The cyber security skills shortage: A CISO perspective | CSO Online
Why cyber security staff burn out, and what to do about it (computing.co.uk)
Law Enforcement Action and Take Downs
As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)
FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)
Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET
Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)
Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)
US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Cyber threat landscape permanently altered by Chinese operations, US officials say (therecord.media)
Tracking the Progression of Earth Hundun's Cyber espionage Campaign in 2024 | Trend Micro (US)
Can't blame all Chinese cyber attacks on the government - Asia Times
How the West has struggled to keep up with China’s spy threat - BBC News
Stifling Beijing in cyber space big focus for UK operatives • The Register
China focuses on non-military ways to take Taiwan, reports warn - Washington Times
It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)
Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)
Chinese Crime Ring Uses Franchise Model to Grow Fake Online Shops (businessinsider.com)
Three men charged with aiding Hong Kong intelligence service, says Met | UK news | The Guardian
Russia
File Not Found: Russia Is Hacking Evidence of Its War Crimes - War on the Rocks
NATO Draws a Cyber Red Line in Tensions With Russia - Security Week
Pro-Russia hackers targeted Kosovo government websites (securityaffairs.com)
UK 'increasingly concerned' about Russian intelligence links to hacktivists (therecord.media)
To the Moon and back(doors): Lunar landing in diplomatic missions (welivesecurity.com)
New backdoors on a European government's network appear to be Russian (therecord.media)
'Russian' hackers deface potentially hundreds of local British news sites (therecord.media)
Investigation: How Russia's Warplanes Get Their 'Brain Power' From The West, Despite Sanctions
The Three Seas Initiative: A Vanguard in Digitization and Cyber Security | Warsaw Institute
Iran
North Korea
Vulnerability Management
Not Just MOVEit: 2023 Was a Banner Year for Zero-Days (inforisktoday.com)
(Cyber) Risk = Probability of Occurrence x Damage (thehackernews.com)
Critical vulnerabilities take 4.5 months on average to remediate - Help Net Security
The Fall of the National Vulnerability Database (darkreading.com)
Backlogs at National Vulnerability Database prompt action from NIST and CISA | CSO Online
Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security
Heartbleed: When Is It Good to Name a Vulnerability? (darkreading.com)
Vulnerabilities
Google Chrome emergency update fixes 6th zero-day exploited in 2024 (bleepingcomputer.com)
Google patches third exploited Chrome zero-day in a week (bleepingcomputer.com)
Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com)
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days (thehackernews.com)
Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)
Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security
D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day (darkreading.com)
New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (thehackernews.com)
Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities - Security Week
Google Issues Critical Update For Millions Of Pixel Users (forbes.com)
Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week
CISA and FBI Issue Alert on Path Traversal Vulnerabilities - Security Boulevard
VMware Patches Severe Security Flaws in Workstation and Fusion Products (thehackernews.com)
Firefox 126: Telemetry, privacy feature, and security fixes - gHacks Tech News
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Security Week
Adobe Patches Critical Flaws in Reader, Acrobat - Security Week
Cisco Releases Security Updates for Multiple Products | CISA
Microsoft shares temp fix for Outlook encrypted email reply issues (bleepingcomputer.com)
Tools and Controls
Digital resilience – a step up from cyber security | CSO Online
How To Implement Threat Modeling To Protect Your Business - Minutehack
How to create a cloud security policy, step by step | TechTarget
Hackers use DNS tunneling for network scanning, tracking victims (bleepingcomputer.com)
AWS CISO: In AI gold rush, folks forget application security • The Register
Maximizing cyber security ROI: A strategic approach | TechRadar
The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)
Addressing the Cyber Security Vendor Ecosystem Disconnect (darkreading.com)
How to Think About Foundation Models for Cyber Security | Andreessen Horowitz (a16z.com)
Other News
Microsoft president summoned to House over security blunders • The Register
National Cyber Security Centre: Tech market not working - The Business Magazine
Critical infrastructure security needs everyone's help • The Register
Your Hospital Is Under Cyber Attack. Now What? (newsweek.com)
BT, TalkTalk, Virgin Media and Vodafone on UK Router Security and Upgrades - ISPreview UK
Hackers use DNS tunnelling for network scanning, tracking victims (bleepingcomputer.com)
NCSC CTO: Broken market must be fixed to usher in new tech • The Register
Public Sector IT is Broken: Turning the System Back On - IT Security Guru
The Cyber Security Implications Of Gen Z’s Tech-Savvy Lifestyle (forbes.com)
Classes cancelled as 'sinister' school cyber attacks rise - BBC News
Irony abounds as UK NCSC’s simple door codes revealed • The Register
Candidates to get cyber security support amid general election interference fears (nation.cymru)
Too many ICS assets are exposed to the public internet - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 January 2024
Black Arrow Cyber Threat Intelligence Briefing 19 January 2024:
-World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
-Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
-Researcher Uncovers One of The Biggest Password Dumps in Recent History
-Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
-75% of Organisations Hit by Ransomware in 2023
-The Dangers of Quadruple Blow Ransomware Attacks
-Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
-It’s a New Year and a Good Time for a Cyber Security Checkup
-Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
-Cyber Threats Top Global Business Risk Concern for 2024
-Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
-With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
-Digital Resilience – a Step Up from Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.
The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.
Sources: [ITPro] [The Debrief]
Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.
However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.
Sources: [ITPro] [Law Society] [Security Brief] [Financial Times] [Infosecurity Magazine]
Researcher Uncovers One of The Biggest Password Dumps in Recent History
Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.
Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.
Source: [Ars Technica]
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.
Source: [Infosecurity Magazine]
75% of Organisations Hit by Ransomware in 2023
A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.
Source: [Infosecurity Magazine]
The Dangers of Quadruple Blow Ransomware Attacks
With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.
This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.
Source: [TechRadar]
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.
Source: [Infosecurity Magazine]
It’s a New Year and a Good Time for a Cyber Security Checkup
2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.
Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.
Source: [JDSupra]
Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.
In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.
Source: [The Hacker News]
Cyber Threats Top Global Business Risk Concern for 2024
Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.
Source: [Insurance Journal]
Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company. When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.
Source: [Quartz]
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.
Source: [Dark Reading]
Digital Resilience: a Step Up from Cyber Security
In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [CSO Online] [Financial Times]
Governance, Risk and Compliance
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Improving Supply Chain Security, Resiliency (informationweek.com)
Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
How to Recover After Failing a Cyber Security Audit - Security Boulevard
Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Security considerations during layoffs: Advice from an MSSP - Help Net Security
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
How to improve cyber resilience across your workforce (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)
3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)
Ransomware causes mental, physical trauma to security pros • The Register
The dangers of quadruple blow ransomware attacks | TechRadar
Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security
TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)
Ransomware negotiation: When cyber security meets crisis management - Help Net Security
Ransomware Victims
Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
British Library to share learning from cyber attack - Museums Association
British Library starts restoring services online after hack - BBC News
British cosmetics firm Lush confirms cyber attack (therecord.media)
Delay to Manx Care dental services after cyber attack - BBC News
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)
A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar
Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)
Phishing & Email Based Attacks
Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar
US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard
Artificial Intelligence
AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)
How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)
Adversaries exploit trends, target popular GenAI apps - Help Net Security
The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
2FA/MFA
Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Malware
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)
Data-theft malware exploits Windows Defender SmartScreen • The Register
MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
5 malware mistakes most people make while traveling and trying to charge (nypost.com)
Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)
Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar
JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard
$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Modernising print security for today’s working world | TechRadar
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Data Breaches/Leaks
Insufficient cyber security caused PSNI data breach (iapp.org)
Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Organised Crime & Criminal Actors
Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard
Illegal online casinos spread crypto-crime across Asia • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)
Illegal online casinos spread crypto-crime across Asia • The Register
Insider Risk and Insider Threats
Insurance
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)
Supply Chain and Third Parties
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
Improving Supply Chain Security, Resiliency (informationweek.com)
Cloud/SaaS
Insurance website's buggy API leaked Office 365 password • The Register
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
3 ways to combat rising OAuth SaaS attacks - Help Net Security
FBI: Beware of cloud-credential thieves building botnets • The Register
Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Researcher uncovers one of the biggest password dumps in recent history | Ars Technica
Insurance website's buggy API leaked Office 365 password • The Register
FBI: Beware of cloud-credential thieves building botnets • The Register
Social Media
Malvertising
Training, Education and Awareness
The right strategy for effective cyber security awareness - Help Net Security
Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard
How to improve cyber resilience across your workforce (ft.com)
Regulations, Fines and Legislation
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
IT consultant in Germany fined for exposing shoddy security • The Register
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK
Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard
Home improvement marketers dial up trouble from regulator • The Register
Models, Frameworks and Standards
10 cyber security frameworks you need to know about - Help Net Security
NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST
Backup and Recovery
Data Protection
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
Careers, Working in Cyber and Information Security
Ransomware causes mental, physical trauma to security pros • The Register
Protecting the protectors: combating stress in the cyber security industry | The Independent
Best practices to mitigate alert fatigue - Help Net Security
Universities not delivering the right skills for cyber security (betanews.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
Nation State Actors
China
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)
Russia
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)
Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)
Russia finds way around sanctions on battlefield tech: report – POLITICO
Moscow imports a third of battlefield tech from western companies (ft.com)
Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
CISA: Critical SharePoint vuln is under active exploitation • The Register
Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)
Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)
VMware Urges Customers to Patch Critical Aria Automation Vulnerability - SecurityWeek
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)
Two more Citrix NetScaler bugs exploited in the wild • The Register
Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Windows 10 security update requires some major changes - experts only need apply | TechRadar
GitLab Patches Critical Password Reset Vulnerability - SecurityWeek
Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek
Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)
New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)
Tools and Controls
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
Key elements for a successful cyber risk management strategy - Help Net Security
Preventing insider access from leaking to malicious actors - Help Net Security
Over 90 percent of organisations set to increase data protection spending (betanews.com)
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
Best practices to mitigate alert fatigue - Help Net Security
Modernising print security for today’s working world | TechRadar
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
Digital nomads amplify identity fraud risks - Help Net Security
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
The right strategy for effective cyber security awareness - Help Net Security
SOC-as-a-Service: The Five Must-Have Features - Security Boulevard
Other News
What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)
How news organisations became a prime target for cyber attacks (pressgazette.co.uk)
UK doubles spending on overseas cyber security projects (ft.com)
Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 November 2023
Black Arrow Cyber Threat Intelligence Briefing 10 November 2023:
-Boardroom Woes on Ransomware Intensify as Organisations Face an Average of 86 Ransomware-linked Events Annually
-Many SMBs Have No Real Way to Deal with Cyber Threats, Leaving Them Vulnerable
-Cyber Attacks Top Global Risk – 2023 Aon Survey
-To Improve Cyber Defences, Practice for Disaster
-Meet Your New Cyber Security Auditor: Your Insurer
-Allen and Overy Suffer Ransomware Attack
-Shadow IT Remains a Top Threat, as Shown by Attack on Okta
-Ransomware, AI, and Social Engineering All Set to Be 2024's Biggest Security Threats
-Cyber Governance: Growing Expectations for Information Security Oversight and Accountability
-Generative AI Will Level Up Cyber Attacks, According to New Google Report
-Public Wi-Fi Remains a Huge Risk, is Your Organisation Prepared?
-88% of Security Leaders Think Their Organisation Is Falling Short Addressing Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Boardroom Woes on Ransomware Intensify as Organisations Face an Average of 86 Ransomware-linked Events Annually
A recent report by Akamai Technologies has found that organisations experienced an average of 86 ransomware-linked events in the past 12 months (successful or not), double the number of annual attacks from 2 years ago.
The most common issues impacting organisations after a ransomware attack were network downtime (44%), data loss (42%) and brand/reputation damage (39%).
Ransomware attackers have increasingly employed tactics like double and triple extortion. These methods combine encryption, data exfiltration, and distributed denial of service (DDoS) attacks to extort money. While these strategies are not new, their prevalence has significantly increased in recent times.
With 81% of companies experiencing ransomware attacks in the previous 12 months this is increasingly something that company Boards are concerned about, not only the organisation’s ability to stop a ransomware attack in the first place, but also the organisation’s ability to recover when an attack happens.
Sources: [TechTarget] [PRNewsWire] [Security Magazine] [InsuranceJournal] [Financial Times]
Many SMBs Have No Real Way to Deal with Cyber Threats, Leaving Them Vulnerable
A recent report found that of nearly 6,000 small and medium-sized business (SMB) IT professionals surveyed across Europe, a third of those based in the UK have no cyber security in place to protect assets such as their own printers, with 16% suffering a printer breach alone in the past. Despite this, less than a quarter educated their employees about printer (23%) IT security. With hybrid working seen as a security concern for 38% of SMEs, and potentially leading to more remote use of these devices, surprisingly just 4 in 10 (41%) cover hybrid working as part of their current security training.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [TechRadar] [The Recycler]
Cyber Attacks Top Global Risk – 2023 Aon Survey
Aon’s Global Risk Management Survey identified cyber attacks and data breaches as the leading business risk worldwide, followed by business interruption. Aon warned that deficits in talent or specialised skills may exacerbate cyber risks in particular.
Supply chain disruptions were ranked as another area of concern, with risks associated with supply chain failure hitting a 14-year high in the survey. However, less than 40% of organisations have conducted supplier resilience assessments. which contributes to cyber risk when organisations hand data to suppliers without considering whether their suppliers keep that data safe.
Source: [Investing]
To Improve Cyber Defences, Practice for Disaster
If you aren’t already running incident simulations in your organisation, it’s time to start. Such simulations allow employees to understand their roles and responsibilities, as well as providing a great opportunity to educate. Cyber attacks are a matter of when, not if, and no-one wants to be improvising their security response in the event of a real cyber incident.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Dark Reading]
Meet Your New Cyber Security Auditor: Your Insurer
In the dynamic world of cyber security, cyber insurers are emerging as key players, reshaping the landscape with ever more stringent requirements. With ransomware attacks becoming more complex, cyber insurance premiums have surged by 50%, challenging Chief Information Security Officers (CISOs) to demonstrate their organisation's cyber defence capabilities. Insurers, using detailed risk assessments, are influencing cyber security strategies, compelling organisations to adapt and meet higher standards.
CISOs are now tasked with ensuring their security measures are comprehensive and transparent, as insurers scrutinise everything from multifactor authentication to Active Directory policies. Accurate self-assessment is critical, as any misrepresentation can lead to denied coverage or legal repercussions. In this competitive market, organisations must showcase their cyber maturity, particularly in high-risk industries, to secure coverage. The evolving cyber insurance landscape demands a clear understanding of risk factors and continuous improvement in cyber defence strategies, ultimately aiming to enhance overall protection against cyber threats.
Source: [Dark Reading]
Allen and Overy Suffer Ransomware Attack
Allen & Overy, the “magic circle” law firm, has suffered a cyber attack on its systems, making it the latest large corporation to fall victim to a ransomware hack. A&O confirmed the incident after the infamous ransomware gang LockBit posted on social media platform X, formerly Twitter, claiming to have breached the legal giant and threatening to publish data from the firm’s files on 28 November.
Earlier this year, the UK National Cyber Security Centre reported that law firms of all sizes were at risk from cyber attackers because of the sensitive client information they routinely handle. The importance of reputation to the business also made law firms attractive targets for extortion.
Sources: [Financial Times] [Law Gazette]
Shadow IT Remains a Top Threat, as Shown by Attack on Okta
Shadow IT refers to IT resources used by employees or end users that don’t have IT approval or oversight. This was the case in the recent Okta attack in which an Okta employee signed into their personal Google account on a company-owned device. It is believed that the employee’s personal Google account had been compromised, and unfortunately since the employee had configured it in a way to save credentials of Okta accounts, the attacker now also had these credentials. The result? 134 downstream customers impacted.
Source: [Computer Weekly]
Ransomware, AI, and Social Engineering All Set to Be 2024's Biggest Security Threats
Ransomware attacks surged to record highs in 2023 and are expected to escalate further, especially with key 2024 elections approaching, ZeroFox Intelligence's 2024 Key Forecasts report indicates. This trend is driven by evolving cyber threats, including sophisticated social engineering and AI-generated synthetic media, aimed at spreading misinformation and targeting electoral processes.
ZeroFox also highlights a concerning shift towards physical damages from cyber attacks, with critical sectors like finance, energy, and healthcare being vulnerable due to outdated security infrastructures. These sectors are likely targets for nation-state and state-sponsored attacks amidst global geopolitical tensions. To counter these threats, the report suggests enhanced security measures, including encrypted cloud backups, vigilant network monitoring, and a zero-trust cyber security approach to safeguard against the evolving landscape of cyber threats.
Source: [TechRadar]
Cyber Governance: Growing Expectations for Information Security Oversight and Accountability
In today's interconnected digital economy, cyber security is a critical governance issue for businesses, necessitating effective oversight and strategic planning. The SEC's new rules, effective July 2023, require public companies to transparently disclose their cyber security strategies and report significant incidents, highlighting the increasing importance of cyber security in corporate governance. This regulatory development aims to improve transparency and accountability in managing cyber risks.
Corporations are responding by emphasising detailed cyber security disclosures, employee training programmes, and board-level expertise in information security. As the landscape of cyber threats evolves, timely and comprehensive reporting of breaches becomes more crucial, aligning with both regulatory requirements and stakeholder expectations for robust cyber security governance.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Harvard]
Generative AI Will Level Up Cyber Attacks, According to New Google Report
Google's Cloud Cyber Security Forecast 2024 report reveals a growing trend of using generative AI in cyber attacks. The technology, particularly large language models (LLMs), is enhancing phishing and social engineering tactics by producing content that appears more legitimate, making it difficult to spot errors typically associated with such attacks. This advancement allows attackers to mimic natural language effectively and create authentic-looking fake news, phone calls, and deepfake videos, potentially eroding public trust in online information.
On the flip side, the report highlights the potential of AI as a powerful tool for cyber defence. Cyber security professionals can leverage AI for rapid data synthesis, efficient threat detection, and swift response actions. As defenders direct AI development with specific security objectives, its capabilities are expected to significantly bolster cyber security measures in the near future.
Source: [ZDNET]
Public Wi-Fi Remains a Huge Risk, is Your Organisation Prepared?
New research found that half of UK participants believed they are most at risk of a cyber attack when using public Wi-Fi, which is Wi-Fi that anyone, including an attacker, can connect to. However, in contrast to concerns, the report found that 41% will use unsecured Wi-Fi if given the opportunity. Further, 53% of participants would enter or access sensitive information whilst connected to an unsecured public Wi-Fi network; this includes bring your own devices (BYOD) that have access to corporate data.
Source: [TechRadar]
88% of Security Leaders Think Their Organisation Is Falling Short in Addressing Cyber Security
A recent study by Foundry reveals a trend towards AI-driven security measures and increased reliance on cyber insurance among organisations. Key priorities for security leaders include preparedness for incidents, data protection, and enhancing IT and cloud data security. Despite this, 88% of security leaders feel their organisations are inadequate in addressing cyber security risks, mainly due to budget limitations, talent scarcity, and challenges in stakeholder communication.
To improve the situation, more top security executives are having regular engagements with the board of directors (85% this year compared to 82% in 2022), aiding in better cyber security initiatives. Security budgets are expected to remain stable or increase, with investments focused on authentication, data analytics, and cloud security, complemented by cyber insurance. AI's role is expanding in threat detection, malware identification, and automated responses, showcasing its growing importance in evolving security landscapes.
Source: [Foundry]
Governance, Risk and Compliance
Exec security habits are shockingly bad compared to average workers | ITPro
To Improve Cyber Defences, Practice for Disaster (darkreading.com)
Cyber attacks top global risks, talent retention surges in Aon 2023 survey By Investing.com
Meet Your New Cyber security Auditor: Your Insurer (darkreading.com)
Use business technology? You’re on the cyber security frontline - Digital Journal
No, Okta, senior management, not an errant employee, caused you to get hacked | Ars Technica
Securing data at the intersection of the CISO and CDO - Help Net Security
UK warned cyber security teams buckling under complexity of threats (emergingrisks.co.uk)
Enhancing security: The crucial role of incident response plans | Computer Weekly
Most cyber security investments aren't used to their full advantage - Help Net Security
Improving cyber resilience to prevent devastating cyber attacks | TechRadar
The roadblocks to preventive cyber security success - Help Net Security
SolarWinds fires back at SEC over fraud charges | TechTarget
Threats
Ransomware, Extortion and Destructive Attacks
Organisations face an average of 86 ransomware attacks annually | Security Magazine
Ransomware, Extortion Claims See ‘Worrying Resurgence,’ Says Allianz (insurancejournal.com)
The 3 key stages of ransomware attacks and useful indicators of compromise - Help Net Security
Ransomware, AI, and social engineering all set to be 2024's biggest security threats | TechRadar
The ransomware warning sign we should all have on our radar | World Economic Forum (weforum.org)
Critical Confluence flaw exploited in ransomware attacks (securityaffairs.com)
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs (bleepingcomputer.com)
Microsegmentation proves its worth in ransomware defence - Help Net Security
Ransomware Mastermind Uncovered After Oversharing on Dark Web (darkreading.com)
Ransomware gang behind MOVEit attacks are targeting new zero-day, Microsoft says (therecord.media)
Ransomware Readiness Assessments: One Size Doesn't Fit All (darkreading.com)
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks (bleepingcomputer.com)
FBI: Ransomware gangs hack casinos via 3rd party gaming vendors (bleepingcomputer.com)
Healthcare Struggles with Impact of Ransomware Attacks | MSSP Alert
Iranian APT Targets Israeli Education, Tech Sectors With New Wipers - SecurityWeek
Ransomware Victims
Allen & Overy data hit by hackers in ransomware attack (ft.com)
ICBC hit by ransomware impacting global trades • The Register
Cyber attack takes down one of the largest mortgage lenders in the US | TechRadar
American Airlines Pilot Union Recovering After Ransomware Attack - SecurityWeek
Marina Bay Sands Becomes Latest Hospitality Cyber Victim (darkreading.com)
Scottish council's computer systems suffer cyber attack | The National
Dolly.com pays ransom, attackers release data anyway (securityaffairs.com)
Women sue plastic surgery after hack saw their naked photos posted online (bitdefender.com)
TransForm says ransomware data breach affects 267,000 patients (bleepingcomputer.com)
Phishing & Email Based Attacks
Artificial Intelligence
Ransomware, AI, and social engineering all set to be 2024's biggest security threats | TechRadar
Companies have good reasons to be concerned about generative AI - Help Net Security
Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams (darkreading.com)
Offensive and Defensive AI: Let's Chat(GPT) About It (thehackernews.com)
Here's what to know about elections, cyber security and AI | World Economic Forum (weforum.org)
Microsoft, Meta detail plans to fight election deception • The Register
Watch out: Generative AI will level up cyber attacks, according to new Google report | ZDNET
Data protection demands AI-specific security strategies - Help Net Security
Exploring the global shift towards AI-specific legislation - Help Net Security
2FA/MFA
Microsoft Authenticator is now blocking suspicious MFA phone notifications by default - Neowin
Microsoft unhappy with MFA uptake, starts auto-deploying it • The Register
Suspicious Microsoft Authenticator requests don't trigger notifications anymore - gHacks Tech News
23andMe data theft prompts DNA testing companies to switch on 2FA by default | TechCrunch
Malware
Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks (darkreading.com)
48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems (thehackernews.com)
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices (thehackernews.com)
This new macOS malware could leave you severely short-changed | TechRadar
Even Google Calendar isn't safe from hackers any more | TechRadar
Hacked proxy service has already infected 10,000 systems worldwide with malware | TechRadar
Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant (darkreading.com)
Beware of BlueNoroff: Mac users targeted with new malware variant - 9to5Mac
How to Outsmart Malware Attacks That Can Fool Antivirus Protection (darkreading.com)
Malicious Python packages spread BlazeStealer malware | SC Media (scmagazine.com)
Mobile
Google Play Store Introduces 'Independent Security Review' Badge for Apps (thehackernews.com)
Apple 'Find My' network can be abused to steal keylogged passwords (bleepingcomputer.com)
Samsung monthly updates: November 2023 security patch fixes 65 security flaws - SamMobile
37 Vulnerabilities Patched in Android With November 2023 Security Updates - SecurityWeek
Android 14’s storage disaster gets patched, but your data might be gone | Ars Technica
Denial of Service/DoS/DDOS
OpenAI confirms DDoS attacks behind ongoing ChatGPT outages (bleepingcomputer.com)
Suspected DDoS attack impacts AP news site | SC Media (scmagazine.com)
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan (bleepingcomputer.com)
OpenAI Battles Service Disruption Linked to Russian Hackers - Decrypt
DDoS attack leads to significant disruption in ChatGPT services (securityaffairs.com)
Russian state-owned Sberbank hit by 1 million RPS DDoS attack (bleepingcomputer.com)
Internet of Things – IoT
Data Breaches/Leaks
2023 Microsoft Data Breach Statistics: A Comprehensive Overview (techreport.com)
No, Okta, senior management, not an errant employee, caused you to get hacked | Ars Technica
Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop - SecurityWeek
Shadow IT use at Okta behind series of damaging breaches | Computer Weekly
Okta breach affected 134 customers, company admits • The Register
Another top casino has been hit with a massive data breach | TechRadar
Marina Bay Sands Discloses Data Breach Impacting 665k Customers - SecurityWeek
Hilb fears email crooks stole 81K people's financial data • The Register
23andMe data theft prompts DNA testing companies to switch on 2FA by default | TechCrunch
Organised Crime & Criminal Actors
Dutch hacker jailed for extortion, selling stolen data on RaidForums (bleepingcomputer.com)
How cyber criminals adapt and thrive amidst changing consumer trends - Help Net Security
Ransomware Mastermind Uncovered After Oversharing on Dark Web (darkreading.com)
Operation Monopoly: Dubai Police bust cyberfraud, arrest 43 | Crime – Gulf News
Unraveling cyber crime network's underground operations (crime-research.org)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
The 10 Biggest Crypto Hacks and Scams of 2023 (makeuseof.com)
Monero Project admits thieves stole $437k in mystery breach • The Register
Insurance
Meet Your New Cyber security Auditor: Your Insurer (darkreading.com)
Hiscox cyber threat ranking reveals UK's most vulnerable industries (reward-strategy.com)
Supply Chain and Third Parties
Cloud/SaaS
The perils of over-reliance on single cloud providers - Help Net Security
Secure Cloud Infrastructure from New Cyber Threats (trendmicro.com)
Hackers exploit Looney Tunables Linux bug, steal cloud creds (bleepingcomputer.com)
What We Can Learn from Major Cloud Cyber attacks (darkreading.com)
Encryption
UK NCSC issues new guidance on post-quantum cryptography migration | CSO Online
Outdated cryptographic protocols put vast amounts of network traffic at risk - Help Net Security
Tech groups fear new powers will allow UK to block encryption (ft.com)
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
How global password practices are changing - Help Net Security
Apple 'Find My' network can be abused to steal keylogged passwords (bleepingcomputer.com)
LEGO urges fans to change passwords after cyber attack - Dexerto
Global breached accounts down 76% in Q3, study finds (techinformed.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
EU Tries To Slip In New Powers To Intercept Encrypted Web Traffic Without Anyone Noticing | Techdirt
Telecom vendors sound alarm over EU Cyber Resilience Act - Telecoms.com
Europe is trading security for digital sovereignty | CyberScoop
Steps to Follow to Comply With the SEC Cyber security Disclosure Rule (darkreading.com)
Vendors caution on risks of EU cyber security law - Mobile World Live
Tech groups fear new powers will allow UK to block encryption (ft.com)
King’s Speech 'missed opportunity' to update cyber laws | Professional Security
UK wants prior notice from Big Tech of security rollouts • The Register
Exploring the global shift towards AI-specific legislation - Help Net Security
SolarWinds fires back at SEC over fraud charges | TechTarget
SolarWinds: SEC lacks 'competence' to regulate cyber security • The Register
Models, Frameworks and Standards
MITRE partners with Microsoft to address generative AI security risks - Help Net Security
The plan for the inevitable cyber attack: Get the gist of NIST | Computer Weekly
NIST releases revised cyber requirements for controlled unclassified information - Nextgov/FCW
Data Protection
Careers, Working in Cyber and Information Security
UK warned cyber security teams buckling under complexity of threats (emergingrisks.co.uk)
Cyber security pros are putting everyone at risk by working too much | TechRadar
A third of cyber security pros report crumbling work-life balance | ITPro
CISOs Beware: SEC's SolarWinds Action Shows They're Scapegoating Us (darkreading.com)
Law Enforcement Action and Take Downs
Dutch hacker jailed for extortion, selling stolen data on RaidForums (bleepingcomputer.com)
Operation Monopoly: Dubai Police bust cyberfraud, arrest 43 | Crime – Gulf News
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Israeli SMBs Warned to Cut External Comms to Reduce Risks (inforisktoday.com)
As war continues, Israeli government wants more cyber control | Ctech (calcalistech.com)
The new ‘Geneva code’ for hackers on the cyber battlefield | The Strategist (aspistrategist.org.au)
Nation State Actors
Russia
Sandworm Cyber attackers Down Ukrainian Power Grid During Missile Strikes (darkreading.com)
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs (bleepingcomputer.com)
Ransomware gang behind MOVEit attacks are targeting new zero-day, Microsoft says (therecord.media)
OpenAI Battles Service Disruption Linked to Russian Hackers - Decrypt
US Treasury Sanctions Russian Money Launderer in Cyber crime Crackdown (thehackernews.com)
Russian state-owned Sberbank hit by 1 million RPS DDoS attack (bleepingcomputer.com)
Iran
Iranian APT Targets Israeli Education, Tech Sectors With New Wipers - SecurityWeek
Imperial Kitten APT Claws at Israeli Industry with Multiyear Spy Effort (darkreading.com)
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
New Microsoft Exchange zero-days allow RCE, data theft attacks (bleepingcomputer.com)
Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable (darkreading.com)
Critical Confluence flaw exploited in ransomware attacks (securityaffairs.com)
Cloudflare, Google and AWS Disclose HTTP/2 Zero-Day Vulnerability (infoq.com)
Microsoft 365 apps have a lot of new security vulnerabilities - here's what we know | TechRadar
Critical Vulnerabilities Expose Veeam ONE Software to Code Execution - SecurityWeek
Microsoft is killing off three Windows services because of security concerns (betanews.com)
37 Vulnerabilities Patched in Android With November 2023 Security Updates - SecurityWeek
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks (bleepingcomputer.com)
Android 14’s storage disaster gets patched, but your data might be gone | Ars Technica
Tools and Controls
To Improve Cyber Defences, Practice for Disaster (darkreading.com)
Meet Your New Cyber security Auditor: Your Insurer (darkreading.com)
Start with Passwords When Incorporating the 5 Pillars of Zero Trust | EdTech Magazine
How global password practices are changing - Help Net Security
Is Cyber security A Line Or A Circle? The Shape Of Incident Response (forbes.com)
The roadblocks to preventive cyber security success - Help Net Security
Microsegmentation proves its worth in ransomware defence - Help Net Security
Microsoft Authenticator is now blocking suspicious MFA phone notifications by default - Neowin
Microsoft unhappy with MFA uptake, starts auto-deploying it • The Register
Suspicious Microsoft Authenticator requests don't trigger notifications anymore - gHacks Tech News
23andMe data theft prompts DNA testing companies to switch on 2FA by default | TechCrunch
Offensive and Defensive AI: Let's Chat(GPT) About It (thehackernews.com)
Enhancing security: The crucial role of incident response plans | Computer Weekly
Most cyber security investments aren't used to their full advantage - Help Net Security
Improving cyber resilience to prevent devastating cyber attacks | TechRadar
Data protection demands AI-specific security strategies - Help Net Security
7 free cyber threat maps showing attack intensity and frequency - Help Net Security
What is threat detection and response (TDR)? (techtarget.com)
Reports Published in the Last Week
Other News
US calls for unity against cyber-threats to finance (globalcapital.com)
Royal Mail jeopardizes users with open redirect flaw (securityaffairs.com)
Cyber attacks 'constantly happening' - warning from intelligence expert (securitybrief.co.nz)
Startling Cyber security Statistics for 2023 You Need to Know (techreport.com)S
Study: Companies aren't keeping up with cybersecurity needs (iapp.org)
How to avoid cyber security nightmares (networkingplus.co.uk)
Forecasting the future without falling for the hype | TechRadar
Elevate Your School’s Security Posture as 2024 Approaches | EdTech Magazine
Optus loses court bid to keep report into cause of cyber-attack secret (yahoo.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 November 2023
Black Arrow Cyber Threat Intelligence Briefing 03 November 2023:
-Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
-Are You and Your Clients Soft Targets?
-Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
-Executives May be The Biggest Risk to Your Business
-Organisations Can Only Stop 57 Percent of Cyber Attacks
-Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
-Business Email Compromise is Most Common Entry Point for Cyber Attack
-US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
-Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
-Your End-Users are Reusing Passwords, That’s a Big Problem
-Cyber Workforce Demand is Outpacing Supply
-What the Boardroom Is Missing: CISOs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
The best defence against a ransomware attack is assuming it will happen before it does. Research by Visa Inc found that ransomware continues to rapidly rise. One of the main factors is the use of AI services to mass produce highly personalised and plausible emails. The second is the proliferation of highly professional do-it-yourself ransomware kits, which frequently come with 24/7 tech support. These two factors drastically lower the skill level required for cyber criminals to successfully pull off an attack.
Another new ransomware trend is “dual ransomware attacks”. This is where criminals carry out two or more attacks in close proximity of each other, ranging between 48 hours to a maximum of 10 days. With an 80% chance of re-attack, small and medium sized businesses in hard-hit industries including healthcare and manufacturing are primary targets; organisations must be extra vigilant as the holidays approach because this is when cyber criminals are most likely to attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Venture Beat] [SC Media] [Help Net Security] [Infosecurity Magazine] [Help Net Security] [Tech Crunch]
Are You and Your Clients Soft Targets?
Cyber attacks are not a matter of "if" but "when," and the question you need to ask yourself is, ‘Are you a soft target?’. A soft target is a network or organisation that is relatively unprotected or vulnerable to cyber attacks.
You may feel confident in your ability to recover from an attack, but if you've never thoroughly tested your backup and recovery procedures, and when the time comes you find that it does not work, the result will leave you more likely to pay a ransom in an encryption based ransomware scenario. Reliance on legacy antivirus, which often fails to detect modern threats, can also render your network a soft target. Additionally, the absence of a rigorous vulnerability scanning and patching process leaves vulnerabilities undiscovered, and attackers are quick to exploit them. If you rely solely on prevention measures like firewalls and endpoint protection platforms, you are making yourself an appealing soft target for cyber criminals.
No organisation is entirely immune to cyber attacks. The key to defending you and your client's information effectively is to anticipate attacks, understand your security posture, recognise potential adversaries, and recover correctly in the event of an attack.
Source: [MSSP Alert]
Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
Small businesses may be discouraged from investing in preventive cyber security measures due to the expense involved and the mistaken belief that only larger companies are the target of cyber crimes. However, according to a recent report nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information. The report found that employee and customer data continue to be the most impacted categories of information in data breaches with 42% of small businesses losing revenue due to a cyber event.
The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses, with malware, phishing and botnets being the most common threats. Daily malware activity has doubled year over year, and peaks in holiday seasons.
Sources: [Help Net Security] [Security Magazine] [Help Net Security] [JDSupra]
Executives May be The Biggest Risk to Your Business as One in Five Share Work Passwords Outside the Company
According to a recent report, nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do. The research reported one in five sharing their work password with someone outside the company, 77% using easy-to-remember passwords including birth dates, and a third admitting to accessing unauthorised files and data with nearly two-thirds having the ability to edit those files/data.
Additionally, the C-suite was found to be more than three times as likely than regular users to share work devices with unauthorised users. An essential approach to reducing the risks is a tailored training programme that enables all users, including the C-suite, to understand the objective of security controls and the risks caused by bypassing them. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Sources: [Infosecurity Magazine] [Tech Radar] [Security Magazine] [Help Net Security]
Organisations Can Only Stop 57 Percent of Cyber Attacks
According to a report from Tenable, over the last two years, the average organisation's cyber security program was prepared to preventatively defend against, or block, just 57 percent of the cyber attacks it encountered. The report found that 58% of respondents focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. This is put down largely to a struggle to obtain an accurate picture of their attack surface. When it came to risks, 75% viewed cloud infrastructure as the greatest source of exposure risk in their organisation.
Source: [Beta News]
Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
Generative AI has revolutionised many aspects of life, offering new opportunities that have also greatly benefited malicious actors. A report has found that since the launch of ChatGPT, phishing attacks have increased by 1,265%. A separate report found that many businesses remain unprepared for the impact of AI, with just 16% of respondents satisfied in their organisation’s understanding of these AI tools.
Sources: [Decrypt] [Infosecurity Magazine] [Emerging Risks]
Business Email Compromise is Most Common Entry Point for Cyber Attack
According to cyber insurance provider Hiscox, almost half of UK businesses have experienced a cyber attack in the last year, an increase of 9% from the previous year. Business email compromise was recorded as the most common point of entry, mentioned by 35% of companies who suffered an attack.
The report found that 20% of attacked organisations received a ransomware demand, slightly up from 19% the previous year. The proportion paying the ransom fell from 66% to 63%, but the median ransom rose 13%.
Sources: [Hiscox] [Digital Journal]
US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
The US Securities and Exchange Commission (SEC) announced plans to charge a Chief Information Security Officer (CISO) with fraud for their role in allegedly lying to investors, overstating cyber security practices, and understating or failing to disclose known risks. A key piece of evidence presented by the SEC involved a presentation that was shared with the CISO, detailing a lack of security in the CISO employer’s setup. The presentation highlighted how exploitation could lead to major reputational and financial loss.
The case represents a larger shift in the dynamics and corporate reporting of security issues and within this, lies the professionalism of the CISO role. It is likely that this incident could become the start of something larger.
Sources: [The Record] [Security Week ] [Forbes]
Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
A survey found that 66% of companies are reevaluating their data protection and cyber resilience strategies. Despite this, 35% are not prioritising recovery and only half (56.6%) focused on both recovery and prevention.
Whilst it is important to prevent attacks, nothing is 100% secure and organisations need to ensure that their ransomware plans include recovery as a part of this. If, or when, you experience an attack, you will not want to improvise your recovery.
Source: [Help Net Security]
Your End-Users are Reusing Passwords: That’s a Big Problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until it turns up in the form of hackers using compromised credentials as an initial access vector. A recent survey revealed that 53% of people admit to reusing passwords, making it easier for attackers to gain access to multiple applications with a single compromised password.
While it is difficult for organisations to maintain visibility over who is reusing passwords, especially if employees are reusing passwords outside of the organisation, there are still ways to combat this. Implementing tools that can check for compromised passwords, using multi-factor authentication and ensuring all employees carry out cyber security and awareness training are a few methods to help combat password re-use.
Source: [Bleeping Computer]
Cyber Workforce Demand is Outpacing Supply
A study by ISC2 stated that we would need to double the cyber workforce to adequately protect organisations and their critical assets. The study found that the gap between the demand and supply grew 12.6%. For organisations, this can mean a struggle in hiring cyber expertise.
To address the challenge of attracting and retaining quality senior security professionals, Black Arrow offers a fractional CISO service that gives flexible access to a whole team of specialists with wide expertise, experience and backgrounds in technology, governance and transformation, for less than the cost of hiring one individual.
Source: [Cyber Scoop]
What the Boardroom Is Missing: CISOs
According to a new study only 12% of S&P 500 companies have board directors with relevant cyber credentials, highlighting a major gap in expertise needed to keep organisations secure. As most organisations shift to digital and cloud-first strategies, businesses of all shapes and sizes must protect their assets. Unfortunately, there's a considerable gap between security leaders and the board directors responsible for managing businesses. A recent Harvard Business Review survey revealed just 47% regularly interact with their company's Chief Information Security Officer (CISO). That's a severe knowledge gap for a company's security and business leaders.
Introducing CISOs to the boardroom is not just about compliance, it's also about ensuring transparency and accountability. CISOs are already building security programs from the ground up. They provide business compliance, hire the right people, and find the right technology to supplement their team's efforts. Security posture is critical to an enterprise's future success, and having a CISO on the board that speaks the language can help a board understand if their business is making suitable security investments.
Source: [Dark Reading]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
SolarWinds Is A Game Changer - You Cannot Sugarcoat Cyber security (forbes.com)
Part of an executive team? You might be the biggest security risk to your business | TechRadar
One in five executives have shared work passwords outside the company | Security Magazine
Organisations can only stop 57 percent of cyber attacks (betanews.com)
Cyber attacks cause revenue losses in 42% of small businesses - Help Net Security
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
'Are we adversary aligned?' is the new 'Are we secure?' (betanews.com)
Cyber security habits and behaviours executives need to be aware of - Help Net Security
The hidden costs of data breaches for small businesses - Help Net Security
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
How Do We Truly Make Security 'Everyone's Responsibility'? (darkreading.com)
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Why there’s no one-size-fits all solution to security maturity | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Ransom Groups Threaten Physical Violence as Social Engineering Tactic (darkreading.com)
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Surviving a ransomware attack begins by acknowledging it's inevitable | VentureBeat
Do government sanctions against ransomware groups work? | TechCrunch
Why rookie hackers are capitalizing on ransomware | SC Media (scmagazine.com)
Experts Reconsider Banning Ransom Payments as Ransomware Attacks Surge (pymnts.com)
Why ransomware victims can’t stop paying off hackers | TechCrunch
Key Learnings from “Big Game” Ransomware Campaigns - SecurityWeek
New Hunters International ransomware possible rebrand of Hive (bleepingcomputer.com)
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
One of the most dangerous ransomware kits around might have just gotten a rebrand | TechRadar
Ransomware attacks set to break records in 2023 - Help Net Security
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
Ransomware Victims
Boeing Confirms Cyber Attack, System Compromise (darkreading.com)
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Stanford University investigating security incident • The Register
Massive ransomware attack hinders services in 70 German municipalities (therecord.media)
Medical research exec hit in SIM-swap attack by Alphv gang • The Register
Caesars Hackers Accessed Customer Data; Costs to Be Determined (bloomberglaw.com)
Mortgage and loan giant Mr. Cooper blames cyber attack for ongoing outage | TechCrunch
Ransomware attack shuts down Central Florida radiology imager sites (wmfe.org)
British, Toronto Libraries Struggle After Cyber Incidents (darkreading.com)
Ace Hardware says 1,202 devices were hit during cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Artificial Intelligence
Email Phishing Attacks Up 1,265% Since ChatGPT Launched: SlashNext - Decrypt
AI poses new cyber threats with many businesses unprepared (emergingrisks.co.uk)
AI is making cyber attacks even smarter and more dangerous | TechRadar
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Enterprise AI applications are threatening security | TechRadar
What Lurks in the Dark: Taking Aim at Shadow AI (darkreading.com)
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns | Computer Weekly
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Malware
Over a million Windows and Linux systems infected by this tricky new malware | TechRadar
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Daily malware activity doubled year over year for small businesses | Security Magazine
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)
Windows PCs are being targeted with a nasty new malware - here's what you need to know | TechRadar
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware (thehackernews.com)
These Seemingly Innocent Search Terms Could Lead Kids to Malware-Filled Websites (pcmag.com)
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks (darkreading.com)
Arid Viper Camouflages Malware in Knockoff Dating App (darkreading.com)
Ghostpulse Malware Targets Windows PCs With Fake App Installers (pcmag.com)
Latest RAT attack surge bypasses Microsoft's XLL block • The Register
Mozi malware botnet goes dark after mysterious use of kill-switch (bleepingcomputer.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection (thehackernews.com)
Mobile
16 more infected Android apps you need to delete ASAP (bgr.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Android 14’s user-profile data bug seems indistinguishable from ransomware | Ars Technica
New banking scams delivered instantly via WhatsApp - F-Secure Blog
Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware | PCMag
Google One data breach: Dark web report at your hand - gHacks Tech News
SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
Denial of Service/DoS/DDOS
DDoS attacks are getting bigger and more powerful, and that's a really bad thing | TechRadar
Why Does "Anonymous" Launch DDoS Cyber Attacks? (makeuseof.com)
Internet of Things – IoT
IoT's convenience comes with cyber security challenges - Help Net Security
RCE exploit for Wyze Cam v3 publicly released, patch now (bleepingcomputer.com)
Data Breaches/Leaks
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
ServiceNow Data Exposure: A Wake-Up Call for Companies (thehackernews.com)
LastPass breach linked to theft of $4.4 million in crypto (bleepingcomputer.com)
Public exposure of data breaches is becoming inevitable – Help Net Security
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Seiged Sec Breach Top Israeli Telecom, Leak Customers Data (dailydot.com)
Organised Crime & Criminal Actors
‘Prolific Puma’ Hacker Gives Cyber criminals Access to .us Domains (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
How cyber criminals adapt and thrive amidst changing consumer trends – Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto thief steals $4.4M in a day as toll rises from LastPass breach (cointelegraph.com)
UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)
Insider Risk and Insider Threats
Insurance
Supply Chain and Third Parties
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (thehackernews.com)
North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
Cloud/SaaS
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cyber securitynews.com)
Cryptojackers steal AWS credentials from GitHub in 5 minutes • The Register
Microsoft is Getting Serious About Security. Again. - Thurrott.com
Microsoft is overhauling its software security after major Azure cloud attacks - The Verge
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your end-users are reusing passwords – that’s a big problem (bleepingcomputer.com)
One in five executives have shared work passwords outside the company | Security Magazine
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cybersecuritynews.com)
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Social Media
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
Malvertising
Training, Education and Awareness
Finding the right approach to security awareness - Help Net Security
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Regulations, Fines and Legislation
FTC orders non-bank financial firms to report breaches in 30 days (bleepingcomputer.com)
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
Why The SEC Cyber Security Disclosure Rules Will Improve Cybersecurity (forbes.com)
The UK Online Safety Bill Becomes Law, What Does It Mean? | Hackaday
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Setting the standard for cyber security across the EU | Business Post
Models, Frameworks and Standards
Top 12 IT security frameworks and standards explained | TechTarget
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile - SecurityWeek
Careers, Working in Cyber and Information Security
UK cyber skills gap grows 29% despite record hiring (computing.co.uk)
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
Cyber security workforce shortages: 67% report people deficits - Help Net Security
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
Geopolitical Threats/Activity
Hacktivist Activity Related to Gaza Conflict Dwindles (darkreading.com)
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (bleepingcomputer.com)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
China
Spies and Lies: China’s Cyber Espionage Is on an Unprecedented Level | Mind Matters
Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop
Russia
Boeing. ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia - The Messenger
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
FSB arrests Russian hackers working for Ukrainian cyber forces (bleepingcomputer.com)
Russia to launch its own version of VirusTotal due to US snooping fears (therecord.media)
A Ukrainian Company Shares Lessons in Wartime Resilience (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
Iran
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
New Iranian state-sponsored hacking campaign uncovered - SiliconANGLE
FBI Director Warns of Increased Iranian Attacks (darkreading.com)
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign (thehackernews.com)
'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet (darkreading.com)
North Korea
Vulnerability Management
Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)
CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (scmagazine.com)
Vulnerability management metrics: How to measure success - Help Net Security
From Windows 9x to 11: Tracing Microsoft's security evolution - Help Net Security
It's Cheap to Exploit Software — and That's a Major Security Problem (darkreading.com)
Vulnerabilities
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (bleepingcomputer.com)
F5 fixes BIG-IP auth bypass allowing remote code execution attacks (bleepingcomputer.com)
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (bleepingcomputer.com)
Cisco Patches 27 Vulnerabilities in Network Security Products - SecurityWeek
Atlassian warns users: patch critical Confluence flaw ASAP • The Register
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (thehackernews.com)
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (thehackernews.com)
D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges (gbhackers.com)
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (bleepingcomputer.com)
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library (darkreading.com)
No patches yet for Apple iLeakage side-channel attack | TechTarget
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Tools and Controls
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Vulnerability management metrics: How to measure success - Help Net Security
6 steps to accelerate cyber security incident response | SC Media (scmagazine.com)
Ethical hackers are helping more and more business stay safe | TechRadar
Getting Smart With Cyber security: AI Can Help the Good Guys, Too (darkreading.com)
Massive cyber crime URL shortening service uncovered via DNS data (bleepingcomputer.com)
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Defence in depth: Layering your security coverage (securityintelligence.com)
Finding the right approach to security awareness - Help Net Security
Mainframes are around to stay, it’s time to protect them - Help Net Security
Reports Published in the Last Week
Other News
Four Under-The-Radar Security Risks That Can Endanger Your Business (forbes.com)
ING CISO says data sharing is key to financial cyber security (finextra.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
F5 Labs Report Reveals Rise in Malicious Automation | The Fintech Times
Microsoft Vows to Revamp Security Products After Repeated Hacks - Bloomberg
Microsoft launches Secure Future Initiative to bolster security | TechTarget
The 5 Cs of effective cyber defence: Beyond traditional technical skills | SC Media (scmagazine.com)
9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month (darkreading.com)
How governments can keep data secure in a digital age - New Statesman
Cyber security insights for secure manufacturing - Aerospace Manufacturing and Design
Demystifying the top five OT security myths | Computer Weekly
20 scary cyber security facts and figures for a haunting Halloween (welivesecurity.com)
Construction among industries most at risk from cyber attacks, insurer warns | News | Building
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 27 October 2023
Black Arrow Cyber Threat Intelligence Briefing 27 October 2023:
-More Companies Adopt Board-Level Cyber Security Committees
-Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High
-Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year
-More Than 46 Million Potential Cyber Attacks Logged Every Day
-Fighting Cyber Attacks Requires Top-Down Approach
-Email Security Threats are More Dangerous This Year as Over 200 Million Malicious Emails Detected in Q3 2023
-98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending
-48% of Organisations Predict Cyber Attack Recovery Could Take Weeks
-Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour
-How Cyber Security Has Evolved in The Past 20 Years
-Rising Global Tensions Could Portend Destructive Hacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
More Companies Adopt Board-Level Cyber Security Committees
In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.
Source: [Decipher]
Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High
A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.
Sources: [Dark Reading] [SC Magazine] [Reinsurance News]
Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year
Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.
Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]
More Than 46 Million Potential Cyber Attacks Logged Every Day
New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.
Sources: [Evening Standard] [Proactive] [The Independent]
Fighting Cyber Attacks Requires Top-Down Approach
Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.
Source: [Chief Investment Officer]
Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023
The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.
Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [Security Magazine] [MSSP Alert] [TechRadar]
98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending
Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.
Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]
48% of Organisations Predict Cyber Attack Recovery Could Take Weeks
A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Security Magazine]
Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour
The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.
We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.
Source: [Dark Reading]
How Cyber Security Has Evolved in The Past 20 Years
Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.
The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.
Source: [Forbes]
Rising Global Tensions Could Portend Destructive Hacks
Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.
Source: [Info Risk Today]
Governance, Risk and Compliance
Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
How to establish a great security awareness culture (att.com)
More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)
Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)
SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)
48% of organisations predict cyber attack recovery to take weeks | Security Magazine
Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra
Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)
Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)
AI-related security fears drive 2024 IT spending - Help Net Security
Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)
The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week
Threats
Ransomware, Extortion and Destructive Attacks
SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)
Ransomware is threatening more businesses than ever before | TechRadar
Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)
Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)
The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)
Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)
Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist
Five things organisations don’t consider before a ransomware attack | TechRadar
Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot
MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)
Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR
Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)
BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)
Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg
Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)
Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News
Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)
Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Ransomware Victims
MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)
Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News
Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week
US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)
Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)
American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)
Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)
Cyber crims leak patient pics in low blow bid to win ransom • The Register
Phishing & Email Based Attacks
Over 200 million malicious emails were detected in Q3 2023 | Security Magazine
Watch out - that QR code could just be a phishing scam | TechRadar
Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian
New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates
Email security threats are more dangerous than ever - here's what you need to know | TechRadar
What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert
The US released popular phishing techniques | Inquirer Technology
Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE
Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
AI-related security fears drive 2024 IT spending - Help Net Security
Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly
Governments, firms should spend more on AI safety, top researchers say | Reuters
Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)
Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine
Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)
Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)
Businesses ignorant to gen AI security threats suggests research (ship-technology.com)
Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra
Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound
Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security
Oops! When tech innovations create new security threats | CSO Online
2FA/MFA
Malware
Hackers are using an incredibly sneaky trick to hide malware | Digital Trends
Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)
Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)
Dangerous new malware can crack encrypted USB drives | TechRadar
'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)
The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog
Mobile
Android trojan spotted in the wild can record audio and phone calls | ZDNET
Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)
iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)
Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News
Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)
Android adware apps on Google Play amass two million installs (bleepingcomputer.com)
Denial of Service/DoS/DDOS
This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)
Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)
Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Okta says hackers breached its support system and viewed customer files | Ars Technica
Okta support system breach highlights need for strong MFA policies | CSO Online
1Password suffers cyber security incident after latest Okta breach - Tech Monitor
Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)
Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)
City of Philadelphia discloses data breach after five months (bleepingcomputer.com)
500k Irish National Police records exposed by third party • The Register
The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)
iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)
DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)
Organised Crime & Criminal Actors
More than 500 potential cyber attacks logged every second, BT says | The Independent
Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)
Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Insider Risk and Insider Threats
Forget the outside hacker, the bigger threat is inside • The Register
Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)
How to establish a great security awareness culture (att.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
Fraud, Scams & Financial Crime
New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates
Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian
Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)
Online scammers target desperate loan seekers using online fraud | TechRadar
Christmas scams to watch out for this festive season (nationalworld.com)
Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Deepfakes
Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra
70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)
Insurance
Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)
Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra
Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Passwords, Credential Stuffing & Brute Force Attacks
Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)
'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)
Social Media
Malvertising
Training, Education and Awareness
Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)
This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)
How to establish a great security awareness culture (att.com)
How Cyber Security Training Lowers Risk Among Employees (forbes.com)
The Need for a Cyber Security-Centric Business Culture (darkreading.com)
Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)
From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)
Regulations, Fines and Legislation
Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament
Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine
UK government finalises IoT cyber security requirements - Lexology
Models, Frameworks and Standards
Backup and Recovery
Law Enforcement Action and Take Downs
Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)
Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)
Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)
Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
‘I’m looking for fewer ways to be traceable, not more’ | Financial Times
Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)
ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)
International Criminal Court attack was targeted and sophisticated (securityaffairs.com)
Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)
It's Time to Establish the NATO of Cyber Security (darkreading.com)
War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360
International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)
Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly
Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)
Geopolitical Threats/Activity
Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)
Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop
Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)
China
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)
Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live
Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)
Russia
Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg
European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)
Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International
Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)
Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)
Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica
Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert
France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)
Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly
Ex-NSA techie admits to selling state secrets to Russia • The Register
Iran
North Korea
Vulnerability Management
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)
Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)
Security Patch Management Strengthens Ransomware Defence (trendmicro.com)
Vulnerabilities
Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)
Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly
Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)
CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs
Cisco hackers likely taking steps to avoid identification | Computer Weekly
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)
European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)
VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week
Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)
Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week
The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)
Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica
Apple Ships Major iOS, macOS Security Updates - Security Week
Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica
ServiceNow quietly fixes 8-year-old data exposure flaw • The Register
Tools and Controls
48% of organisations predict cyber attack recovery to take weeks | Security Magazine
Cyber attack response plans need to be in place to avoid chaos - FreightWaves
NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online
What is Network Segmentation? Virtual & Physical Segmentation | UpGuard
AI-related security fears drive 2024 IT spending - Help Net Security
Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)
Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)
Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)
Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)
Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)
Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)
Cyber security concerns grow among physical security professionals | Security Magazine
The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week
Other News
MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online
Strategies to overcome cyber security misconceptions - Help Net Security
UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online
5 important cyber security takeaways for law firms - Lawyers Weekly
How Cyber Security Has Evolved In The Past 20 Years (forbes.com)
Oops! When tech innovations create new security threats | CSO Online
Spooky Cyber Statistics And Trends You Need To Know (forbes.com)
The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog
Proactively preventing your company from becoming the next cyber attack headline (betanews.com)
Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon
Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review
OT cyber attacks proliferating despite growing cyber security spend - Help Net Security
Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)
What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)
Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week
Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 6 October 2023
Black Arrow Cyber Threat Intelligence Briefing 06 October 2023:
-Many Cyber Attacks Begin by Breaking Human Trust
-BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data
-SME Cyber Security Knowledge Gap Widens
-UK Security Budgets Under Strain as Cyber Incidents Soar
-Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount
-FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours
-Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business
-Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported
-Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums
-Evolving Conversations: Cyber Security as a Business Risk
-Threats in Cloud Top the List of Executive Cyber Concerns
-Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Many Cyber Attacks Begin by Breaking Human Trust
One of the most visible cyber attacks in recent months has reminded us that we all play a role in security, and people remain a favourite route for attackers. In the recent attack on MGM Resorts, an employee unwittingly helped the attacker to access the organisation’s systems and information. The attack highlights the power of social engineering as an attack vector, and that any size of business can fall victim.
One of the ways organisations can help to protect themselves is to provide social engineering training to employees. This builds resilience by helping employees to understand, recognise and avoid becoming a victim, recognising that cyber security involves more than just technology.
Despite some improvements in awareness programs, organisations face hurdles including budget constraints, limited training time and understaffing. Training should be continuous and target major risk areas such as phishing, vishing and password management, while fostering a proactive security culture.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes ensure employee engagement and build a cyber security culture to protect the organisation.
Sources: [GovTech] [Bloomberg] [Security Week]
BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data
Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices. Many organisations welcome a bring your own device (BYOD) policy, yet are not managing these devices effectively.
Without appropriate management of BYOD devices, organisations are allowing a number of unknown devices onto the corporate scene; these devices can be unpatched, unregulated and can lack adequate security measures, without the organisation even being aware.
Source: [The Register]
SME Cyber Security Knowledge Gap Widens
Recent findings underscore a growing concern: a significant cyber security knowledge gap among small and medium size enterprises (SMEs). The report found that 22% of employees are concerned their actions could contribute to a cyber attack or data breach. Alarmingly, more than three-quarters of senior executives are unable to identify cyber threats or distinguish phishing emails from legitimate ones.
Despite the clear risks, three out of four SMEs do not provide any form of cyber security training to their staff. This reveals a concerning disconnect: while the majority of business owners do not perceive their staff as potential cyber security risks, many employees themselves acknowledge that they could inadvertently cause such issues.
Adding to the concern, 60% of SMEs have no plans to increase their security budget in the coming year. Two-thirds of these businesses do not view cyber security as a priority. In fact, only one in five SMEs are even considering investing in cyber insurance. This widening knowledge gap in SME cyber security is indeed troubling and calls for immediate attention.
Sources: [Insurance Journal] [Dealer Support] [IT Security Guru]
UK Security Budgets Under Strain as Cyber Incidents Soar
A recent report found that UK businesses have suffered a 25% increase in cyber incidents in the last year, against a backdrop of budgetary constraints on implementing cyber security strategies. The report found that, despite spending more than £40,000 a year on cyber security protection, more than a quarter of organisations think their cyber security budget is inadequate to fully protect them from growing threats. This is as UK businesses have experienced, on average, 30 cyber incidents over the last 12 months, a 25% increase compared to last year.
The report identified that a lack of key skills remains one of the main concerns in tackling rising cyber threats. So much so that 30% of cyber staff admit to currently facing burnout. This pressure also means that less than half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56%) and malware (55%).
Sources: [Silicon] [Verdict] [CSO Online]
Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount
A recent EY survey of cyber security leaders reported that just 1 in 5 found their organisation’s approach to cyber defences to effective and just 36% are satisfied with the levels of best practices by teams outside the IT department. The report also found that despite higher levels of spending, the organisation’s cyber security detection and response appeared slow; 76% of respondents took six months or longer to detect and respond to an incident.
Source: [EY]
FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours
The FBI has flagged dual ransomware attacks, where attackers will attack a company twice within a few hours, as an emerging trend. This comes as an increasing number of ransomware actors are deploying their ransomware within 24 hours of initial access, and in 10% of cases, within just a few hours. Comparing this to last year, where the median time was four and a half days, organisations have significantly less time to enact their response, if they have one.
Sources: [Tech Monitor] [The Cord] [Information Security] [Beta News] [Cision] [The Record] [Malware Bytes]
Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business
A new report from Ivanti into hidden threats finds that one in three employees believe their actions do not impact their organisation's security. The research shows that Millennial and Gen Z office workers are more likely to have unsafe cyber security habits when compared to Gen X and older (those above 40 years of age). The report also finds that men and leaders are more comfortable contacting a security employee with a question or concern, with leaders at an organisation the most likely to reach out with a question at 72%.
The report also highlighted that phishing scams were found to be greatly underreported by those aged 40 and under, with 23% saying that they did not report the last phishing attempt they received, the most the most likely reason for this being “I didn’t think it was important”. In contrast, of the older demographic only 12% failed to report. Cyber security has only recently become the leading concern among C-suites and executives; however, security leaders need to enable all employees to play defence against threat actors and proactively build an open and welcoming security culture.
Sources: [Techradar] [Beta News] [HelpNet Security]
Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported
Over half (52%) of cyber security professionals are experiencing an increase in cyber attacks compared to a year ago, according to new research. Further findings revealed that only 40% of organisations conducted a cyber risk assessment annually. By conducting risk assessments, organisations are able to identify their vulnerabilities and address them, before an attacker gets the chance to exploit them.
Further, in a recent survey conducted by ISACA, which collated insights from over 2,000 security leaders globally, a significant 62% of respondents say that organisations are under-reporting cyber crime incidents. The report also revealed 59% indicate their cyber security teams are undermanned, and the challenge of retaining skilled cyber security professionals remains, with 56% experiencing retention issues.
Sources: [MSSP Alert] [Security Brief] [InfoSecurity Magazine ]
Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums
According to a recent survey, budgets for cyber security have grown 70% in the last five years and whilst these have risen, so have cyber insurance premiums (50%), due to the increase in ransomware attacks.
Insurance firms have not been able to sustain losses they were incurring without passing on these costs to their customers. At the same time, obtaining cyber insurance is getting exponentially harder, with more and more stringent controls and measures being mandated by insurance companies before underwriting to minimise their exposure.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Global Reinsurance]
Evolving Conversations: Cyber Security as a Business Risk
According to a report, only 53% of board members report having regular interactions with their cyber security experts, leaving nearly half without a strong and distinct Chief Information Security Officer (CISO) perspective in the decision making process.
By including CISOs or virtual CISOS (vCISOS) in board processes, the board can better understand the cyber implications of decisions, after all, you wouldn’t make a board-level financial decision without involving the CFO.
Source: [HelpNet Security]
Threats in Cloud Top the List of Executive Cyber Concerns
A recent report published by PwC has found that cloud-related threats are the top concern for organisations that have adopted the technology. These security concerns intensify for organisations with multiple clouds or hybrid infrastructures, with the report finding more than half of respondents citing cloud security as their most pressing concern.
The report highlighted that despite the focus on cloud security, nearly every organisation had risk management lapses. Nearly a third of respondents had yet to address disaster recovery and backup with their cloud service provider, and more than two in five pointed to in-house cloud skills gaps as a lingering risk factor.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [CIO Dive]
Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection
Recent research shows that hackers are increasingly using sophisticated tactics to get their phishing emails past companies’ cyber security defences. One key finding of the report is the percentage of phishing emails that use obfuscation techniques to avoid detection jumped by 24.4% in 2023. More than half of malicious emails, or 55.2%, now use such tactics. The report found that the most widely used obfuscation technique is HTML smuggling. This is the practice of hiding malicious raw code in a seemingly legitimate HTML page; the code only turns into malware after clearing the cyber security filtering.
The use of chatbots or large language models have lowered the barrier for entry to cyber crime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone. The reports found that tools designed to detect AI-generated phishing emails work unreliability or don’t work at all in 71.4% of cases.
Source: [Silicon Angle]
Governance, Risk and Compliance
Cyber security: Still No. 1 on Every CIO's Agenda (govtech.com)
Poor cyber security habits are common among younger employees - Help Net Security
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
People Still Matter in Cyber security Management (darkreading.com)
UK businesses face tightening cyber security budgets as incidents spike | CSO Online
Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive
Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot (darkreading.com)
Evolving conversations: Cyber security as a business risk - Help Net Security
Cyber security preparedness pays big dividends for businesses - Help Net Security
Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)
Gartner: Spending On Cyber security Services Is Outpacing Expectations In 2023 | CRN
Cyber leaders’ confidence in their organisation’s defences plummets, but costs mount | EY - Global
CISO's compass: Mastering tech, inspiring teams, and confronting risk - Help Net Security
Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024 (darkreading.com)
High-business-impact outages are incredibly expensive - Help Net Security
78% of organisations under-report cyber attacks: ISACA (securitybrief.co.nz)
Moody’s cyber survey reveals growing budgets and improved governance - Reinsurance News
How To Talk To Your Board And C-suite About Cyber Preparedness | Scoop News
Threats
Ransomware, Extortion and Destructive Attacks
Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance
Ransomware is deployed faster as cyber criminals seek to avoid detection (betanews.com)
Microsoft: Human-operated ransomware attacks tripled over past year (therecord.media)
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Dual ransomware attacks: FBI warns of twin threat to businesses (techmonitor.ai)
Ransomware gangs destroying data, using multiple strains during attacks: FBI (therecord.media)
Why the public sector is an easy target for ransomware | TechCrunch
Banks beware: Why one ransomware victim decided to pay up | American Banker
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)
Feds hopelessly behind the times on ransomware trends • The Register
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
Ransomware reinfections on the rise from improper remediation (malwarebytes.com)
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (bleepingcomputer.com)
Ransomware gangs now exploiting critical TeamCity RCE flaw (bleepingcomputer.com)
Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV (securityaffairs.com)
Ransomware disrupts hospitality, healthcare in September | TechTarget
Ransomware Attacks: Bad for Hospitals, Deadly for Patients - Tradeoffs
Lorenz ransomware embroiled in its own two-year data leak • The Register
Ransomware Victims
LockBit crime spree includes FDF and UK law firm (techmonitor.ai)
Motel One discloses data breach following ransomware attack (bleepingcomputer.com)
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
MGM Resorts Refused to Pay Ransom in Cyber attack on Casinos - WSJ
Ransomware attack on Johnson Controls may have exposed sensitive DHS data (securityaffairs.com)
South African insurance clients hit in massive global cyber attack (mybroadband.co.za)
Sony sent data breach notifications to about 6,800 individuals (securityaffairs.com)
Phishing & Email Based Attacks
Report: Over half of phishing emails now use obfuscation tactics to avoid detection - SiliconANGLE
Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)
Will generative AI really supercharge phishing attacks? - Tech Monitor
Other Social Engineering; Smishing, Vishing, etc
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
MGM Cyber attack Shows How Hackers Deploy Social Engineering - Bloomberg
Casino Hackers Use Low-Tech Tricks to Exploit Corporate Targets (bloomberglaw.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
USPS Anchors Snowballing Smishing Campaigns (darkreading.com)
Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
Bing Chat's ads unleash malware mayhem: Users lured into dangerous websites - OnMSFT.com
Protecting against FraudGPT, ChatGPT's evil twin - Help Net Security
The top AI cyber crime threats and solutions | Inquirer Technology
Kaspersky Issues Crimeware Report, Uncovers “WormGPT” | MSSP Alert
The big debate: is AI a blessing or curse for cyber security? - Raconteur
Global internet freedoms fell again last year as the threat of AI looms (therecord.media)
LLMs lower the barrier for entry into cyber crime - Help Net Security
Will generative AI really supercharge phishing attacks? - Tech Monitor
Are we doomed to make the same security mistakes with AI? (securityintelligence.com)
AI facial recognition: Campaigners and MPs call for ban - BBC News
Malware
Hackers are spreading malware through Indeed job messages | Digital Trends
Cyber criminals Using New ASMCrypt Malware Loader Flying Under the Radar (thehackernews.com)
There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar
North Korea's Lazarus Group upgrades its main malware • The Register
Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE
Hundreds of malicious Python packages found stealing sensitive data (bleepingcomputer.com)
Mobile
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Android's October 2023 Security Updates Patch Two Exploited Vulnerabilities - Security Week
Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security
Are executives adequately guarding their gadgets? - Help Net Security
Botnets
Denial of Service/DoS/DDOS
Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)
Cloudflare DDoS protections ironically bypassed using Cloudflare (bleepingcomputer.com)
Royal Family's official website targeted in cyber attack | UK News | Sky News
Global events fuel DDoS attack campaigns - Help Net Security
BYOD
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Are executives adequately guarding their gadgets? - Help Net Security
Internet of Things – IoT
Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security
Eyes everywhere: How to safely navigate the IoT video revolution - Help Net Security
FDA cyber mandates for medical devices goes into effect | CyberScoop
Data Breaches/Leaks
European Telecommunications Standards Institute Discloses Data Breach - Security Week
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
SiegedSec Hacktivists Claim to Have Stolen 3,000 NATO Files in Second Attack | MSSP Alert
Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)
Sony confirms data breach impacting thousands in the US (bleepingcomputer.com)
DNA testing service 23andMe investigating theft of user data | CyberScoop
Organised Crime & Criminal Actors
Odds Are 1 in 4 Americans Will Fall Victim to Online Crime (prnewswire.com)
People Still Matter in Cyber security Management (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)
There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar
The crypto market bears the scars of FTX's collapse | Reuters
Insider Risk and Insider Threats
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
Tech-savvy young workers might be the biggest cyber liability to your business | TechRadar
Younger employees more likely to have unsafe cyber security habits (betanews.com)
Addressing the People Problem in Cyber security - Security Week
Fraud, Scams & Financial Crime
Online fraud can cost you more than money - Help Net Security
The crypto market bears the scars of FTX's collapse | Reuters
How to deal with your brand's doppelgangers | Kaspersky official blog
Visa Program Combats Friendly Fraud Losses For Small Businesses Globally (darkreading.com)
Impersonation Attacks
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)
AML/CFT/Sanctions
Insurance
Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance
Insurance Companies Have a Lot to Lose in Cyber attacks (darkreading.com)
Supply Chain and Third Parties
Software Supply Chain
Software firms under cyber attack | Microscope (computerweekly.com)
Upstream Supply Chain Attacks Triple in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)
Cloud/SaaS
Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)
AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing (bleepingcomputer.com)
Hybrid/Remote Working
Encryption
API
The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
AI facial recognition: Campaigners and MPs call for ban - BBC News
The rise and fall of Clearview.AI and the evolution of facial recognition - SiliconANGLE
Social Media
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger
Malvertising
Training, Education and Awareness
Addressing the People Problem in Cyber security - Security Week
How to Improve Cyber security Awareness and Training (trendmicro.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Cyber experts urge EU to rethink vulnerability disclosure plans | Computer Weekly
Companies are already feeling the pressure from upcoming US SEC cyber rules | CSO Online
Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)
Models, Frameworks and Standards
Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)
What is Compliance as a Service (CaaS)? - Definition from WhatIs.com (techtarget.com)
Careers, Working in Cyber and Information Security
UK government plans 2,500 new tech recruits by 2025 with focus on cyber security | CSO Online
Up to 500,000 staff required to field off growing cyber security threat to Europe | Business Post
Blue teams on the edge: cyber pros seem to hate their jobs | Cybernews
Soft skills continue to challenge the cyber security sector - Help Net Security
Law Enforcement Action and Take Downs
Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE
UK student found guilty of 3D printing 'kamikaze' drone • The Register
Privacy, Surveillance and Mass Monitoring
Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro
AI facial recognition: Campaigners and MPs call for ban - BBC News
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Misc Nation State, Cyber Warfare and Cyber Espionage
Espionage fuels global cyber attacks - Microsoft On the Issues
Microsoft: Nation-state cyber espionage on rise in 2023 | Computer Weekly
The sixth domain: The role of the private sector in warfare - Atlantic Council
How this unassuming cable became the world’s most powerful weapon (telegraph.co.uk)
Russia
Russian Cyber Attacks in 2023: Shifting Patterns, Goals, and Capacities
Russian Hacktivism Takes a Toll on Organisations in Ukraine, EU, US (darkreading.com)
Russia-Ukraine war: Cyber space is the latest frontline | Semafor
Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)
Ukrainian Man Calls Russian Tech Support to Help With Captured Tank: Report (businessinsider.com)
China
Iran
North Korea
North Korea's Lazarus Group upgrades its main malware • The Register
Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
North Korea goes phishing in South’s shipyards • The Register
Vulnerability Management
Vulnerabilities
CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs | CISA
Exploit released for Microsoft SharePoint Server auth bypass flaw (bleepingcomputer.com)
Microsoft Edge, Teams get fixes for zero-days in open-source libraries (bleepingcomputer.com)
A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day | Ars Technica
Apple fixed the 17th zero-day flaw exploited in attacks (securityaffairs.com)
Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day - Security Week
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software (darkreading.com)
Mass exploitation attempts against WS_FTP have begun • The Register
Millions of Exim mail servers exposed to zero-day RCE attacks (bleepingcomputer.com)
Critical zero-days in Exim revealed, only 3 have been fixed - Help Net Security
Patch Confusion for Critical Exim Bug Puts Email Servers at Risk--Again (darkreading.com)
Microsoft won’t say if its products were exploited by spyware zero-days | TechCrunch
Companies Address Impact of Exploited Libwebp Vulnerability - Security Week
Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) - Help Net Security
Arm warns of Mali GPU flaws likely exploited in targeted attacks (bleepingcomputer.com)
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers (bleepingcomputer.com)
Atlassian patches critical Confluence zero-day exploited in attacks (bleepingcomputer.com)
Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits | Ars Technica
Tools and Controls
Does your security program suffer from piecemeal detection and response? (securityintelligence.com)
The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)
5 common browser attacks and how to prevent them | TechTarget
Rationalizing Your Hybrid Cloud Security Tools (securityintelligence.com)
Protecting your IT infrastructure with Security Configuration Assessment (SCA) (thehackernews.com)
The big debate: is AI a blessing or curse for cyber security? - Raconteur
Is your threat protection giving you a false sense of cyber security? | The Independent
Quash EDR/XDR Exploits With These Countermeasures (darkreading.com)
How to Improve Cyber security Awareness and Training (trendmicro.com)
Reports Published in the Last Week
Other News
Cyber attacks on UK pension funds on the rise – study | Pensions & Investments (pionline.com)
The trust deficit in CNI: How to address a growing concern | Computer Weekly
10 Emerging Cyber security Threats And Hacker Tactics In 2023 | CRN
Lyca Mobile UK Confirm Cyber Attack Responsible for Disruption - ISPreview UK
Global internet freedoms fell again last year as the threat of AI looms (therecord.media)
How Private Equity Firms Can Protect ‘Treasure Trove’ from Digital Threats (ai-cio.com)
10 Routine Security Gaffes the Feds Are Begging You to Fix (darkreading.com)
NSA: Here Are the Dumbest Cyber security Mistakes We See at Large Organisations (pcmag.com)
Edinburgh Trams websites targeted by 'potential cyber attack' - Edinburgh Live
Making Sense of Today's Payment Cyber security Landscape (darkreading.com)
GAO tears into State Department's cyber security management • The Register
First pan-European cyber analysis centre opens (airportsinternational.com)
Mobile customers unable to make or receive calls after firm hit by cyber attack - Mirror Online
Malicious HDMI Cables Steals Photos, Videos, and Location Data (gbhackers.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 18th August 2023
Black Arrow Cyber Threat Intelligence Briefing 18 August 2023:
-Ransomware Group Targeting MSPs Worldwide in New Campaign
-As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
-Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
-Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
-Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
-LinkedIn Suffers Significant Wave of Account Hacks
-High Net-Worth Families are at Risk of Cyber Crime
-Cyber Attack Rule Raises Insurance Risks for Corporate Officers
-PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
-The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
-Why Are Phones a Cyber Security Weak Spot?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Group Targeting MSPs Worldwide in New Campaign
Russia-based cyber attackers called Play are evolving, with the ransomware group now using remote monitoring and management (RMM) tools at outsourced IT providers or managed service providers (MSPs) to gain access and hit downstream customers. A significant number of eventual targets are medium sized business. The group is also utilising intermittent encryption, where files are only partly encrypted, to avoid detection.
The attacks highlight the need for organisations to be aware of where they are in the supply chain and how they can be targeted through their supplier. It is not enough for an organisation to focus on its own security in isolation; organisations also need to have a way of effectively assessing their supply chain risk which includes their MSP.
Source [Dark Reading]
As Ransomware Surges, A lack of Resources Makes SMBs Most Vulnerable
Ransomware attacks continue to increase, with 1500 victims confirmed this year. It is likely this figure will continue to rise. In parallel, criminals are evolving and with that comes a rise in triple extortion; attackers are not just encrypting and exfiltrating an organisation’s data, but also using this data to blackmail employees and target third parties, hitting the supply chain.
Unfortunately for SMBs, they do not have the resources to keep up with such attacks, making them the most vulnerable. A report found that organisations that had 51 to 200 employees were the most targeted, followed by organisations with 11 to 50 employees. When it came to the types of organisations, the Financial Services sector placed first.
This should not mean SMBs should just accept this and wait to be attacked; on the contrary, their increased vulnerability means that SMBs need to effectively prioritise and allocate resources, and if necessary getting in specialist external help, to ensure their protections are the best that resources allow.
Sources [WWD] [InfoSecurity Magazine] [CRN]
Business Email Compromise Attack Costs Far Exceeding Ransomware Losses
Cloudflare's 2023 Phishing Threats Report recorded a 17% spike in business email compromise (BEC) related financial losses between December 2021 and 2022, noting that threat actors are increasingly leaning on this attack method to target organisations. Additionally, across 2022 nearly three-quarters (71%) of respondents to the study said they experienced an attempted or successful BEC attack. The Cloudflare report found that the financial impact of BEC led to organisations suffering losses in excess of $2.7 billion, whereas ransomware caused losses of $34.3 million during the same period.
Source [ITPro]
Email Phishing Remains the Main Entry for Cyber Criminals; People with Six Personality Traits are More Susceptible
According to a report, phishing attacks were found to be the initial attack vector for nine in ten cyber attacks. The report found that the focus of a cyber criminal tended to be two objectives: achieving authenticity and getting victims to click. Worryingly, 89% of unwanted messages were found to have bypassed authentication checks, leaving people and procedures as the last line of defence in an organisation.
A separate study found that having the following traits made a user more susceptible to phishing: extroverted, agreeable, people-pleasing, quick to trust, fearful or respectful of authority, and poor self-control.
With employees playing such an important role in preventing phishing, organisations need to ensure that employees are aware of what to look for in a phishing email with regular training to account for evolving tactics. This training should be carried out by experts with experience of conducting phishing simulations, accompanied with the ability to educate users on how they can protect themselves from falling victim.
Sources [Tech Radar] [Makeuseof]
Gartner Study Finds Generative AI to be a Top Emerging Risk for Organisations
In a recent survey, Gartner found that generative AI models such as ChatGPT were the second greatest emerging risk, with concerns around data privacy. This has led to organisations looking to ban such AI, with a separate report by Blackberry finding that ChatGPT faced banning from 75% of organisations.
Banning AI in the organisation is a short-term solution. The benefits of AI are clear and its usefulness in an organisation is significant, with reports finding 75% of IT leaders in favour. Organisations should instead look at how they can govern the usage of AI in their organisation, to reduce the risk of AI-related incidents and improve the effectiveness of work.
Sources [Security Magazine] [Analytics Insight] [IT Security Guru] [Decrypt]
LinkedIn Suffers Significant Wave of Account Hacks
LinkedIn users are reporting losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion. LinkedIn is no stranger to being a target of cyber criminals; last year, the platform was deemed the most abused brand in phishing attempts likely due to its recognisability and widespread use in the corporate world. This extended as far as threat actors using fake LinkedIn profiles.
With the number of accounts being compromised, users need to be vigilant in their use of LinkedIn and be on the lookout for suspicious messages. Black Arrow recommends that users ensure they are using strong and unique passwords, combined with multi-factor authentication (MFA) to protect themselves.
Source [Dark Reading]
High Net-Worth Families are at Risk of Cyber Crime
A report found that high net-worth families have prioritised cyber security with a notable 77% of respondents stating they had a cyber security plan; however, 55% said their plan “could be better”.
A cyber security plan is not optional anymore. High net-worth families are at increased risk, with criminals cottoning on to the amount of information that is out there and the financial gain that can be made if that information is used effectively. Social media is just one of the things increasing the risk of cyber crime; unbeknownst to some families, their social media may be providing criminals a treasure trove of insight into a family’s wealth, real-time location and habits. Such information can be used by a cyber criminal to employ attacks.
Source [Campdenfb]
Cyber Attack Rule Raises Insurance Risks for Corporate Officers
The US Securities and Exchange Commission (SEC) recently issued rules that formally outlined directors’ responsibilities in cyber security governance for the first time, laying the groundwork for potential enforcement actions. The recently issued rules bring potential regulatory probes and shareholder legal class action alleging senior executives failed to supervise their businesses’ cyber security practices.
Although the practice is not yet universal, a growing number of director and officer (D&O) policies are being drafted with cyber related exclusions. Meanwhile, most cyber insurance policies exempt SEC enforcement actions and investor claims, but some cover allegations against a company’s executives over their cyber security roles.
Whilst this is only in the US at the moment, other developed nations are likely to follow suit.
Source [Bloomberg Law]
PSNI and UK Voter Breaches Show Data Security Should be Taken More Seriously
The Police Service of Northern Ireland (PSNI) and the UK Electoral Commission both suffered cyber incidents on the same day. Whilst both incidents were different in how they happened, the result was the same: sensitive information had been leaked. In the case of the PSNI, the data was leaked through a response to a freedom of information (FOI) request, in which an Excel sheet was accidentally included by the PSNI. The Electoral Commission incident resulted from a cyber attack.
The incidents are a wake-up call for organisations. If you have not already done so, you need to put things in place to help protect your data from ending up online. The PSNI incident in particular highlights the need to ensure that data does not leave the organisation by accident.
Source [The Guardian]
The Imperative of Cyber Preparedness: The Power of Tabletop Exercises
Cyber security has become an inescapable concern for organisations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is paramount that companies remain vigilant and prepared.
A key way to be prepared is through a tabletop exercise that simulates a hypothetical cyber security incident and helps organisations to practice and evaluate their response. One example scenario can be responding to a ransomware attack blocking access to the organisation's computers for a ransom. These exercises serve as a practical, engaging, and low-risk way for teams to identify vulnerabilities in current plans, improve coordination, and evaluate the decision-making process during a crisis and this is something that we do with our clients on a regular basis.
Source [JDSupra]
Why Are Phones a Cyber Security Weak Spot?
Mobile phones are more interconnected than ever, with their usage extending to the workplace. Despite this, they often enter the corporate environment with a lack of protection and oversight. When laptops are in the corporate environment they are often secured through methods such as encryption and often the organisation has a clear oversight of the applications and activity on the laptop. Mobile phones on the other hand, are often left unmonitored, despite the fact they can and often do carry sensitive information.
Mobile phones also carry additional risks; for a start, they are easier to lose, due to their size difference and the fact they are often out more. In addition, they may have more entry points. Internet of things (IoT) devices, such as smart appliances, are often controlled by phones, making them another entry point for an attacker.
Source [Tech Shout]
Governance, Risk and Compliance
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority - IT Security Guru
Cyber threat risks reach three-year high – Avast (securitybrief.co.nz)
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Why Finance Leaders In Midsize Businesses Are Stepping Up Cyber security Efforts (forbes.com)
Why are ultra-high-net-worth families at increased risk of cyber crime? | Campden FB
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
4 reasons to understand technology risks when buying a business (businessplus.ie)
Boards Don't Want Security Promises — They Want Action (darkreading.com)
Cyber attacks and data protection worries loom large | Natasha Doris | CDR Article (cdr-news.com)
How threats to mid-sized businesses impact us all - Help Net Security
7 Reasons People Don't Understand What You Tell Them (darkreading.com)
6 Cyber Threat Areas for Companies and Organisations to Prioritize (forbes.com)
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Threats
Ransomware, Extortion and Destructive Attacks
Lack of Resources Makes SMBs Most Vulnerable to Ransomware Attacks – WWD
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reported ransomware attacks doubled in key sectors (securitybrief.co.nz)
'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign (darkreading.com)
As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ | CRN
Triple Extortion Ransomware and the Cyber Crime Supply Chain (bleepingcomputer.com)
Companies are finding it harder to detect ransomware | TechRadar
Top 3 Ransomware Attack Vectors And How To Avoid Them (techtarget.com)
Knight ransomware distributed in fake Tripadvisor complaint emails (bleepingcomputer.com)
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Why Hospitals Are Being Increasingly Targeted by Cyber Attacks | Chicago News | WTTW
'Bulletproof' Lolekhosted ransomware hacker indicted (cnbc.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Monti ransomware targets VMware ESXi servers with new Linux locker (bleepingcomputer.com)
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands - SecurityWeek
Sophos: ‘Royal’ Is Trying to Make Itself the King of Ransomware (darkreading.com)
Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom (bleepingcomputer.com)
3 strategies that can help stop ransomware before it becomes a crisis | CSO Online
Latitude Financial takes profit hit from major cyber attack | The West Australian
Ransomware down 57%, Secureworks warns against complacency (securitybrief.co.nz)
Ransomware Diaries: Volume 3 – LockBit’s Secrets (databreaches.net)
HHS Launches 'Digiheals' Project to Better Protect US Hospitals From Ransomware | WIRED
Ransomware Renaissance 2023: The Definitive Guide to Stay Safer (securityintelligence.com)
How to Create a Ransomware Incident Response Plan (techtarget.com)
Ransomware Victims
Several hospitals still counting the cost of widespread ransomware attack (malwarebytes.com)
Has leading UK jeweller been hit by BianLian ransomware gang? (techmonitor.ai)
Cyber attack on Bay area vendor cripples real estate industry (therealdeal.com)
Colorado warns 4 million of data stolen in IBM MOVEit breach (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
LockBit claims seven new victims in ransomware spree (techmonitor.ai)
Cyber attack strikes Prince George's County schools, district says - The Washington Post
Clorox Operations Disrupted By Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)
Inside Housing - News - Hackney to procure new IT system after cyber attack
Largest switching and terminal railroad in US investigating ransomware data theft (therecord.media)
Honor Among Cyber Criminals? Why a Canadian Firm Paid Ransom (inforisktoday.com)
Alberta dental benefits administrator hit by cyber attack | Edmonton Sun
Phishing & Email Based Attacks
Phishing remains most dominant, fastest growing internet crime (securitybrief.co.nz)
If You Have These 6 Personality Traits, You're More Vulnerable to Phishing Scams (makeuseof.com)
Business email compromise attack costs far exceeding ransomware losses | ITPro
Reports show 62% jump in phishing attacks last year - The Hindu BusinessLine
Phishing Operators Make Ready Use of Abandoned Websites for Bait (darkreading.com)
3 Major Email Security Standards Prove Too Porous for the Task (darkreading.com)
Cyber Security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
As Phishing Gets Even Sneakier, Browser Security Needs to Step Up (darkreading.com)
Email security vendor leaves 2M domains open to phishing hacks, study finds (axios.com)
Cyber Criminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn (thehackernews.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malicious QR code hacking campaign is targeting Microsoft credentials - SiliconANGLE
Phishing campaign steals accounts for Zimbra email servers worlwide (bleepingcomputer.com)
30% of phishing threats involve newly registered domains - Help Net Security
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Gone Phishing: An Analysis of a Targeted User Attack (huntress.com)
BEC – Business Email Compromise
Artificial Intelligence
Generative AI a Top Emerging Risk for Organisations: Gartner Survey - Decrypt
ChatGPT Faces Ban from 75% of Organisations: Blackberry Report (analyticsinsight.net)
AI Is Coming For Your Data: 6 Steps To Ensure Cyber Resilience (forbes.com)
New study by AMD finds nearly half of organisations are not ready for AI - IT Security Guru
Over 74% of organisations see a rise in AI use by cyber criminals | Security Magazine
Navigating generative AI risks and regulatory challenges - Help Net Security
Cyber security Experts: AI Could Be Phishing Schemes’ Ultimate Weapon — Or Worse - The Messenger
Top 10 AI Security Risks According to OWASP (trendmicro.com)
AI 'evil twins' may already be manipulating human nature | SC Media (scmagazine.com)
Cyber security practitioners' generative AI dilemma (iapp.org)
People Coaxed AI Into Giving Wrong Math Answers, System Prone to Flaws (businessinsider.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Fake Out: Disinformation Campaigns Get Generative AI Boost (inforisktoday.com)
2FA/MFA
How to prevent multifactor authentication fatigue attacks - SiliconANGLE
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Malware
Potent Trojans Targeting MacOS Users - Infosecurity Magazine (infosecurity-magazine.com)
Approximately 2000 Citrix NetScaler servers were backdoored in massive campaign-Security Affairs
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass | WIRED
Macs are getting compromised to act as proxy exit nodes - Help Net Security
Malware Dwell Time: Everything You Need to Know (makeuseof.com)
Gootloader SEO watering hole malware targets law firms | SC Media (scmagazine.com)
Raccoon Stealer malware returns with new stealthier version (bleepingcomputer.com)
Beware! Subscription malware arms hackers with tools to steal your private data | Laptop Mag
New Financial Malware 'JanelaRAT' Targets Latin American Users (thehackernews.com)
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report (thehackernews.com)
North Korean Hackers Suspected in New Wave of Malicious npm Packages (thehackernews.com)
Stories from the SOC - Unveiling the stealthy tactics of Aukill malware (att.com)
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Users of cyber crime forums often fall victim to info-stealers, researchers find (therecord.media)
Turns out AI probably isn't very good at writing malware • The Register
Malware Turning Windows Machines Into Proxies (databreachtoday.co.uk)
Mobile
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
Does Turning Your Android Phone Off Protect You From Malware? (makeuseof.com)
3 Mobile or Client-Side Security Myths Debunked (darkreading.com)
Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (ic3.gov)
Threat actors use beta apps to bypass mobile app store security (bleepingcomputer.com)
FBI warns of money-stealing fake beta-release mobile apps • The Register
Three reasons why your smartphone needs security protection (securitybrief.co.nz)
Unsupported Compression Methods Enable Android Malware to Bypass Detection (zimperium.com)
This $70 device can spoof an Apple device and trick you into sharing your password | TechCrunch
Botnets
Massive 400,000 proxy botnet built with stealthy malware infections (bleepingcomputer.com)
Mirai Common Attack Methods Remain Consistent, Effective (darkreading.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Runaway Charger: The Major Threat Of Hacking EV Stations (slashgear.com)
Ford says cars with WiFi vulnerability still safe to drive (bleepingcomputer.com)
Data Breaches/Leaks
Electoral Commission had unpatched vulnerability on server • The Register
UK Police Data Breach Exposes Victim Information - Infosecurity Magazine (infosecurity-magazine.com)
UK govt contractor MPD FM leaks employee passport data-Security Affairs
Cumbria Police accidentally publish officers' names and salaries online (bitdefender.com)
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The most notable data breaches of 2023… So far | IT Reseller Magazine (itrportal.com)
Discord.io confirms breach after hacker steals data of 760K users (bleepingcomputer.com)
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM | TechCrunch
Man arrested in Northern Ireland police data leak • The Register
teiss - News - PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company
Here’s what you need to do after your personal data is breached (telegraph.co.uk)
Organised Crime & Criminal Actors
Meet the Most (In)Famous Hacking Groups Active Today (makeuseof.com)
Cyber security researchers become target of criminal hackers | Financial Times (ft.com)
Lapsus$ hackers took SIM-swapping attacks to the next level (bleepingcomputer.com)
How & Why Cyber Criminals Fabricate Data Leaks (darkreading.com)
Who Are Script Kiddies? Are They a Threat to Your Security? (makeuseof.com)
Researchers Harvest, Analyse 100K Cyber Crime Forum Credentials (darkreading.com)
File sharing site Anonfiles shuts down due to overwhelming abuse (bleepingcomputer.com)
How Innovation Accelerators Are at Work on the Dark Side (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
Web3 projects suffered from forty-two exploits within a week (coinpaper.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Former FTX CEO Sam Bankman-Fried sent to jail • The Register
UK gov keeps repeating its voter registration website is NOT a scam (bleepingcomputer.com)
“Grab hold and give it a wiggle” – ATM card skimming is still a thing – Naked Security (sophos.com)
Latin Americans Fall Prey to More Online Scams, Cyber Attacks (insurancejournal.com)
The road ahead for ecommerce fraud prevention - Help Net Security
A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight | WIRED
Insurance
Cyber Attack Rule Raises Insurance Risks for Corporate Officers (bloomberglaw.com)
Insurance Data Breach Victims File Class-Action Suit Against Law Firm (darkreading.com)
The cyber security insurance market is estimated at USD 14.4 (globenewswire.com)
Dark Web
Supply Chain and Third Parties
Building Cyber security into the supply chain is essential as threats mount (att.com)
Why the public sector still loves Capita (even though it got hacked) - Tech Monitor
Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks (thehackernews.com)
PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks (darkreading.com)
Software Supply Chain
Cloud/SaaS
'DoubleDrive' attack turns Microsoft OneDrive into ransomware | SC Media (scmagazine.com)
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Adapting to the Cloud Era of Cyber security: How CISO’s Priorities Are Evolving | Network Computing
Datacentre management vulnerabilities leave public clouds at risk | Computer Weekly
Spear Phishing vs Phishing: How to Tell the Difference (techrepublic.com)
Containers
Encryption
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
WhatsApp is right to be angry about the UK’s encryption mess | The Spectator
Google adds post-quantum encryption key protection to Chrome • The Register
API
The Evolution of API: From Commerce to Cloud-Security Affairs
How financial services cyber regulations are hotting up for API security (betanews.com)
Open Source
Why a Software Bill of Materials Is Business-Critical - The Futurum Group
Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
6 best practices to defend against corporate account takeover attacks | CSO Online
What's the State of Credential theft in 2023? (thehackernews.com)
Building a secure future without traditional passwords - Help Net Security
Are browser-stored passwords secure? | Kaspersky official blog
Passwordless is more than a buzzword among cyber security pros - Help Net Security
More hardcoded credentials than ever, and sloppy coding is to blame | SC Media (scmagazine.com)
AI Can Decipher Passwords by Listening to Keystrokes Over Zoom: Study (businessinsider.com)
Social Media
LinkedIn hack: You need to check your LinkedIn account - gHacks Tech News
LinkedIn accounts hacked in widespread hijacking campaign (bleepingcomputer.com)
'Gold mine' phishing scams rob Main Street on social media like Meta (cnbc.com)
Malvertising
Adblock 360 Adware Extension: 3 Ways to Remove for Good - MSPoweruser
Malvertisers up their game against researchers (malwarebytes.com)
Training, Education and Awareness
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Navigating generative AI risks and regulatory challenges - Help Net Security
UK Government Slammed For Encryption Mistruths - Infosecurity Magazine (infosecurity-magazine.com)
ICO reprimands law firm over data breach that saw money stolen - Legal Futures
Breaking Down the New SEC Cyber security Rules | Epiq - JDSupra
Confusion Surrounds SEC's New Cyber security Material Rule (darkreading.com)
How financial services cyber regulations are hotting up for API security (betanews.com)
A closer look at the new TSA oil and gas pipeline regulations - Help Net Security
Models, Frameworks and Standards
Center for Internet Security announces secretive Microsoft partnership | StateScoop
What's New in the NIST Cyber security Framework 2.0 (darkreading.com)
Data Protection
Researchers find sensitive personal data in over 30% of cloud assets | SC Media (scmagazine.com)
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Careers, Working in Cyber and Information Security
650,000 cyber jobs are now vacant: How to tackle the risk (securityintelligence.com)
Effectively upskilling cyber security professionals to help close the skills gap | CSO Online
How to overcome the challenges of today's cyber security talent shortage - SiliconANGLE
Army struggling to hire cyber staff as attacks on Britain ramp up (telegraph.co.uk)
Vietnam admits massive shortage of infosec pros • The Register
Heavy workloads driving IT professionals to resign - Help Net Security
ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (prnewswire.com)
Law Enforcement Action and Take Downs
Polish police arrest five in swoop on Cyber Crime site - TVN24
Lapsus$ Report: Law Enforcement Battles Cyber Threats (beincrypto.com)
LOLEKHosted admin arrested for aiding Netwalker ransomware gang (bleepingcomputer.com)
Sextortion suspects on trial after one victim dies • The Register
Crimeware server used by NetWalker ransomware seized and shut down – Naked Security (sophos.com)
Raccoon Stealer malware back with updated version following administrator arrest (therecord.media)
Man arrested in Northern Ireland police data leak • The Register
Privacy, Surveillance and Mass Monitoring
Amazon AWS distances itself from Moq amid data collection controversy (bleepingcomputer.com)
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries-Security Affairs
Russian spy agencies targeting Starlink with custom malware, Ukraine warns (telegraph.co.uk)
Russian-African Security Gathering Exposes Kremlin's Reduced Influence (darkreading.com)
Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps • Graham Cluley
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks (thehackernews.com)
Suspected spies for Russia held in major UK security investigation - BBC News
Russia turning to sleeper cells and unofficial agents | Espionage | The Guardian
China
Top US cyber official warns of infrastructure attack risk if China tensions rise (nbcnews.com)
New Zealand says it is aware of China-linked intelligence activity in country | Reuters
China teases imminent exposé of seismic US spying scheme • The Register
Chinese Espionage Group Active Across Eastern Europe (inforisktoday.com)
15,000 cyber attacks detected per second in Taiwan: Software provider - Focus Taiwan
US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack | TechCrunch
Iran
German Intelligence Warns of Surge in Iranian Espionage (govinfosecurity.com)
Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks (thehackernews.com)
Iran and the Rise of Cyber Enabled Influence Operations (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Vulnerabilities
Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign (bleepingcomputer.com)
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks (thehackernews.com)
Patched Citrix NetScaler Devices Still Contain Backdoors (govinfosecurity.com)
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping (thehackernews.com)
Magento shopping cart attack targets critical vulnerability • The Register
New Python URL Parsing Flaw Enables Command Injection Attacks (thehackernews.com)
Data centers at risk due to flaws in power management software | CyberScoop
Bugs in transportation app Moovit gave hackers free rides | TechCrunch
Google Chrome 116: more Telemetry and 26 security patches - gHacks Tech News
Google Fixes 26 Bugs Amid Fake Update Warning - Infosecurity Magazine (infosecurity-magazine.com)
AMD has fixed its latest security flaw - but at the cost of massive slowdowns | TechRadar
Proxyjacking trend continues as attackers abuse years-old GitLab vulnerability | ITPro
Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica
Tools and Controls
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure (darkreading.com)
AI-powered fraud detection: Strengthening security in fintech | The Financial Express
MaginotDNS attacks exploit weak checks for DNS cache poisoning (bleepingcomputer.com)
Evaluate the risks and benefits of AI in cyber security | TechTarget
How to Choose a Managed Detection and Response (MDR) Solution (darkreading.com)
How to Prevent Phishing Attacks with Multi-Factor Authentication (techrepublic.com)
Building a secure future without traditional passwords - Help Net Security
Passwordless is more than a buzzword among cyber security pros - Help Net Security
SEC cyber security rules shape the future of incident management - Help Net Security
Traditional vs. Enterprise Risk Management: How Do They Differ? (techtarget.com)
Endpoint Management Statistics, Trends And Facts 2023 - Abdalslam
Why You Need Continuous Network Monitoring? (thehackernews.com)
CISA releases cyber defence plan for remote monitoring and management software - SiliconANGLE
How poor cyber security policies disrupt business continuity - IT Security Guru
Cyber Prevention, Training Attract More Spend Than Remediation, Recovery, Execs Say - | MSSP Alert
Other News
Healthcare incurs highest data breach costs – for the 13th year in a row | Healthcare IT News
Here's Why You Should Never Accept Unsolicited Tech by Post (makeuseof.com)
Government highlights cyber threat to health and social care | UKAuthority
Why is the Education Sector a Target for Cyber Attacks? | UpGuard
Cyber security in the Entertainment Industry: Risks and Solutions | UpGuard
What would an OT cyber attack really cost your organisation? | CSO Online
Education has had most cyber attacks, survey finds | Education Business (educationbusinessuk.net)
Cyber attacks Are On The Up: What Are The Risks & Remedies For Aviation? (simpleflying.com)
Bank of Ireland ATM Glitch Hands Out 'Free' Money (gizmodo.com)
Exclusive: 300 independent retailers affected by cyber attack | News | Retail Week (retail-week.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 4th August 2023
Black Arrow Cyber Threat Intelligence Briefing 04 August 2023:
-Top 12 Exploited Vulnerabilities List Highlights Troubling Reality: Many Organisations Still Are Not Patching
-67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
-Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
-The Generative AI War Between Companies and Hackers is Starting
-Spend to Save: The CFO’s Guide to Cyber Security Investment
-Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
-How the Talent Shortage Impacts Cyber Security Leadership
-Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
-Cyber Insurance and the Ransomware Challenge
-Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
-66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
-Startups Should Move Fast and Remember Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching
A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.
This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.
Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]
67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.
A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.
The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Source: [Security Intelligence]
Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.
Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.
Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]
The Generative AI War Between Companies and Hackers is Starting
To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.
A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.
Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.
Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]
Spend to Save: The CFO’s Guide to Cyber Security Investment
As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.
The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.
It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.
Source: [Security Intelligence]
Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.
There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.
Source [CSO Online]
How the Talent Shortage Impacts Cyber Security Leadership
The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.
Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.
The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.
Source: [Security Intelligence]
Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.
Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.
Source: [Security Brief]
Cyber Insurance and the Ransomware Challenge
The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.
While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.
Sources: [RUSI] [Dark Reading]
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.
"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."
Source: [TheHackerNews]
66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.
In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.
Source: [ITSecurityWire]
UK legal Sector at Risk, National Cyber Security Centre Warns
Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.
The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.
Sources: [Todays Conveyancer] [Infosecurity Magazine]
Startups Should Move Fast and Remember Cyber Security
The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.
The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.
Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]
Governance, Risk and Compliance
Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
CISOs Need Backing to Take Charge of Security (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Threats
Ransomware, Extortion and Destructive Attacks
67% of data breaches start with a single click - Help Net Security
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
The race against time in ransomware attacks - Help Net Security
As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)
Ransomware gang increases attacks on insecure MSSQL servers | CSO Online
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber criminals pivot away from ransomware encryption | Computer Weekly
Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Ransomware Victims
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)
Scottish university UWS targeted by cyber attackers - BBC News
Tempur Sealy isolated tech system to contain cyber burglary • The Register
US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)
Phishing & Email Based Attacks
67% of data breaches start with a single click - Help Net Security
Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
UK calls artificial intelligence a “chronic risk” to its national security | CSO Online
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)
Intersection of generative AI, cyber security and digital trust | TechTarget
Hackers are using AI to create vicious malware, says FBI | Digital Trends
The generative A.I. war between companies and hackers is starting (cnbc.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
OWASP Top 10 for LLM applications is out! - Security Affairs
Think tank wants monitoring of China's AI-enabled products • The Register
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica
Organisations want stronger AI regulation amid growing concerns - Help Net Security
Malware
Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)
Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)
Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)
New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security
MacOS malware discovered on Russian dark web forum | Security Magazine
Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)
Mobile
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)
New smartphone vulnerability could allow hackers to track user location (techxplore.com)
Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
Botnets
Denial of Service/DoS/DDOS
Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)
Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)
Russian hackers crash Italian bank websites, cyber agency says | Reuters
"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Cyber security breaches exposed 146 million records - ITSecurityWire
Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)
Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)
Organised Crime & Criminal Actors
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
How Hackers Trick You With Basic Sales Techniques (makeuseof.com)
Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register
Insider Risk and Insider Threats
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
US military battling cyber threats from within and without • The Register
Deepfakes
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
AML/CFT/Sanctions
Insurance
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Dark Web
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Supply Chain and Third Parties
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Software Supply Chain
Cloud/SaaS
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek
Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop
Identity and Access Management
Encryption
Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)
SCARF cipher sets new standards in protecting sensitive data - Help Net Security
Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post
Open Source
Open-source security challenges and complexities - Help Net Security
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
Social media giants on notice over foreign cyber threat (themandarin.com.au)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Travel
Regulations, Fines and Legislation
Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)
CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch
What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget
Organizations want stronger AI regulation amid growing concerns - Help Net Security
Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)
Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra
Models, Frameworks and Standards
OWASP Top 10 for LLM applications is out! - Security Affairs
Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru
What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget
Careers, Working in Cyber and Information Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek
Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru
White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)
Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW
Law Enforcement Action and Take Downs
Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update
FBI: Without Section 702, we can't ID cyber criminals • The Register
Privacy, Surveillance and Mass Monitoring
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica
Tor’s shadowy reputation will only end if we all use it | Engadget
After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)
Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)
Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent
Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times
Russian hackers crash Italian bank websites, cyber agency says | Reuters
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
China
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica
US senator victim-blames Microsoft for Chinese hack • The Register
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)
US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)
Think tank wants monitoring of China's AI-enabled products • The Register
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
US military battling cyber threats from within and without • The Register
Iran
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Relying on CVSS alone is risky for vulnerability management - Help Net Security
40% of Log4j Downloads Still Vulnerable (securityintelligence.com)
What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)
Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)
Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica
Vulnerabilities
Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek
Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)
New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek
Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK
US fears attacks will continue against Ivanti MDM installs • The Register
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)
Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)
Firefox 116: improved upload performance and security fixes - gHacks Tech News
Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop
Tools and Controls
Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek
Data stolen from millions via missing web app access checks • The Register
Keeping the cloud secure with a mindset shift - Help Net Security
Strengthening security in a multi-SaaS cloud environment | TechCrunch
5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)
AI has a place in cyber, but needs effective evaluation | Computer Weekly
Top 5 benefits of SASE to enhance network security | TechTarget
MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert
What is Data Security Posture Management (DSPM)? (thehackernews.com)
Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)
What is an ISMS (Information Security Management System)? | UpGuard
VPNs remain a risky gamble for remote access - Help Net Security
Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Reports Published in the Last Week
Other News
UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)
Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)
How local governments can combat cyber crime - Help Net Security
Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)
Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)
Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek
80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28th July 2023
Black Arrow Cyber Threat Briefing 28 July 2023:
-Half of UK businesses Struggle to Fill Cyber Security Skills Gap as Companies Encounter Months-long Delays in Filling Critical Security Positions
-Deloitte Joins fellow Big Four MOVEit victims PWC, EY as MOVEit Victims Exceeds 500
-Why Cyber Security Should Be Part of Your ESG Strategy
-Lawyers Take Frontline Role in Business Response to Cyber Attacks
-Organisations Face Record $4.5M Per Data Breach Incident
-Cryptojacking Soars as Cyber Attacks Diversify
-Ransomware Attacks Skyrocket in 2023
-Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk
-Protect Your Data Like Your Reputation Depends on It (Because it Does)
-Why CISOs Should Get Involved with Cyber Insurance Negotiation
-Companies Must Have Corporate Cyber Security Experts, SEC Says
-Over 400,000 Corporate Credentials Stolen by Info-stealing Malware
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Half of UK Businesses Struggle to Fill Cyber Security Skills Gap
Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.
In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.
With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725
https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/
Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500
The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.
Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.
https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/
https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/
Why Cyber Security Should Be Part of Your ESG Strategy
Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.
Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.
https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy
Lawyers Take Frontline Role in Business Response to Cyber Attacks
Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.
In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.
https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331
Organisations Face Record $4.5M Per Data Breach Incident
In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.
https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident
Cryptojacking Soars as Cyber Attacks Diversify
According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.
Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.
https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/
Ransomware Attacks Skyrocket in 2023
Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.
The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.
https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/
Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk
Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.
Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.
https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/
https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt
https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/
Protect Your Data Like Your Reputation Depends on It (Because it Does)
Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.
It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.
Why CISOs Should Get Involved with Cyber Insurance Negotiation
Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.
Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.
Companies Must Have Corporate Cyber Security Experts, SEC Says
A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.
The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.
The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.
Over 400,000 Corporate Credentials Stolen by Info-stealing Malware
Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.
With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.
https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023
Governance, Risk and Compliance
Data Breaches Cost Businesses $4.5M on Average (darkreading.com)
Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)
SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)
Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)
Companies encounter months-long delays in filling critical security positions - Help Net Security
Enterprises should layer-up security to avoid legal repercussions - Help Net Security
Explaining risk maturity models and how they work | TechTarget
Why cyber security should be part of your ESG strategy | Computer Weekly
The old “trust but verify” adage should be the motto for every CISO | CSO Online
Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security
Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security
The critical cyber security backup plan too many companies are ignoring (cnbc.com)
Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)
Why Computer Security Advice Is More Confusing Than It Should Be (darkreading.com)
Why whistleblowers in cyber security are important and need support | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Clop now leaks data stolen in MOVEit attacks on clearweb sites (bleepingcomputer.com)
MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method (kroll.com)
Clop Could Make $100m from MOVEit Campaign - Infosecurity Magazine (infosecurity-magazine.com)
The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)
Millions of people's healthcare files accessed by Clop gang • The Register
Ransomware Attacks Skyrocket in Q2 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Local Governments Targeted for Ransomware – How to Prevent Falling Victim (thehackernews.com)
New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)
Dozens of Organisations Targeted by Akira Ransomware - SecurityWeek
The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop
Risk & Repeat: Are data extortion attacks ransomware? | TechTarget
ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)
Ransomware: Sophos says most universities pay | Times Higher Education (THE)
Ransomware Victims
PwC has data leaked on the clear web - Cyber Security Connect
Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews
DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek
Millions of people's healthcare files accessed by Clop gang • The Register
Tampa General Hospital Says Patient Information Stolen in Ransomware Attack - SecurityWeek
Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (therecord.media)
Phishing & Email Based Attacks
Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Stolen Microsoft key may have opened up more than inboxes • The Register
The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)
How to avoid LinkedIn phishing attacks in the enterprise | TechTarget
BEC – Business Email Compromise
Artificial Intelligence
Blocking access to ChatGPT is a short term solution to mitigate risk - Help Net Security
UN Security Council to hold first talks on AI risks | Reuters
Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security
ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation (darkreading.com)
Lots of sensitive data is still being posted to ChatGPT | TechRadar
Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)
Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop
The Good, the Bad and the Ugly of Generative AI - SecurityWeek
OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop
Intel's deepfake detector tested on real and fake videos - BBC News
How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)
Malware
Over 400,000 corporate credentials stolen by info-stealing malware (bleepingcomputer.com)
Infostealer incidents more than doubled in Q1 2023 | SC Media (scmagazine.com)
The Alarming Rise of Infostealers: How to Detect this Silent Threat (thehackernews.com)
Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks (thehackernews.com)
Rust-based malware used to hack both Windows and Linux servers - Neowin
Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)
FIN8 is rewriting its backdoor malware to avoid detection | SC Media (scmagazine.com)
New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)
New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software (thehackernews.com)
Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security
Mobile
Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert
Spyhide stalkerware is spying on tens of thousands of phones | TechCrunch
Botnets
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek
Denial of Service/DoS/DDOS
Critical UK Infrastructures in the crosshairs of DDoS attacks (link11.com)
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)
BYOD
Internet of Things – IoT
Peloton Bugs Expose Enterprise Networks to IoT Attacks (darkreading.com)
Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)
Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats - SecurityWeek
Data Breaches/Leaks
Capita breach class action nears 1,000 sign-ups • The Register
VirusTotal: We're sorry for mistake that exposed 5,000 users • The Register
Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews
NATO investigating apparent breach of unclassified information sharing platform | CyberScoop
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
Nice Suzuki, sport: shame dealer left your data up for grabs - Security Affairs
Johns Hopkins hit with class action lawsuit connected to data breach - CBS Baltimore (cbsnews.com)
Organised Crime & Criminal Actors
The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptojacking soars as cyber attacks increase, diversify - Help Net Security
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)
New Realst macOS malware steals your cryptocurrency wallets (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)
Consumers demand more from businesses when it comes to security - Help Net Security
CISOs gear up to combat the rising threat of B2B fraud - Help Net Security
MPs launch inquiry into prosecution of Norton Motorcycles pension fraud | Crime | The Guardian
Insurance
Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)
Brave New World of Cyber Insurance Meets Old-World Contract Principles | New Jersey Law Journal
Dark Web
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)
Supply Chain and Third Parties
Capita breach class action nears 1,000 sign-ups • The Register
DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)
The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek
Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)
Strengthening the weakest links in the digital supply chain - Help Net Security
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
Supply Chain Attack Hits NHS Ambulance Trusts - Infosecurity Magazine (infosecurity-magazine.com)
Software Supply Chain
Cloud/SaaS
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps (darkreading.com)
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)
Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)
Shadow IT
Encryption
Hacking police radios: 30-year-old crypto flaws in the spotlight – Naked Security (sophos.com)
Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (vice.com)
API
Open Source
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)
Rust-based malware used to hack both Windows and Linux servers - Neowin
Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)
New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)
Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
How to avoid LinkedIn phishing attacks in the enterprise | TechTarget
Stanford researchers find Mastodon has a massive child abuse material problem - The Verge
Training, Education and Awareness
Travel
Parental Controls and Child Safety
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
Stanford researchers find Mastodon has a massive child abuse material problem - The Verge
Regulations, Fines and Legislation
SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)
Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop
Data Protection
More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)
Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)
Careers, Working in Cyber and Information Security
Companies encounter months-long delays in filling critical security positions - Help Net Security
Bridging the cyber security skills gap through cyber range training - Help Net Security
Overcoming the cyber security talent shortage with upskilling initiatives - Help Net Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
Companies Need to Prove They Can Be Trusted with Technology (hbr.org)
Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)
Russian court jails cyber security executive for 14 years in treason case | Reuters
Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian
69% of Russian gamers are pirating after Ukraine invasion pushback | Ars Technica
China
Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Stolen Microsoft key may have opened up more than inboxes • The Register
Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)
The Chinese groups accused of hacking the US and others | Reuters
Industrial Organisations in Eastern Europe Targeted by Chinese Cyber spies - SecurityWeek
Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert
China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)
China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)
US Senator Wyden Accuses Microsoft of ‘Cyber security Negligence’ - SecurityWeek
North Korea
North Korean Cyber spies Target GitHub Developers (darkreading.com)
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
GitHub warns of Lazarus hackers targeting devs with malicious projects (bleepingcomputer.com)
Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)
Misc/Other/Unknown
Vulnerability Management
Google: 41 zero-day vulnerabilities exploited in 2022 | TechTarget
CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem (darkreading.com)
Want to live dangerously? Try running Windows XP in 2023 • The Register
A step-by-step guide for patching software vulnerabilities - Help Net Security
Vulnerabilities
Over 20,000 Citrix Appliances Vulnerable to New Exploit - SecurityWeek
A flaw in OpenSSH forwarded ssh-agent allows remote code execution-Security Affairs
Apple fixes new zero-day used in attacks against iPhones, Macs (bleepingcomputer.com)
Ivanti patches MobileIron zero-day bug exploited in attacks (bleepingcomputer.com)
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica
Apache OpenMeetings Wide Open to Account Takeover, Code Execution (darkreading.com)
Super Admin elevation bug puts 900,000 MikroTik devices at risk (bleepingcomputer.com)
Norwegian government IT systems hacked using zero-day flaw (bleepingcomputer.com)
VMware fixes bug exposing CF API admin credentials in audit logs (bleepingcomputer.com)
Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required (thehackernews.com)
Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)
Atlassian RCE Bugs Plague Confluence, Bamboo (darkreading.com)
Zenbleed attack leaks sensitive data from AMD Zen2 processors (bleepingcomputer.com)
Microsoft shares fix for some Outlook hyperlinks not opening (bleepingcomputer.com)
China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)
Study reveals silent Python package security fixes • The Register
Windows 10 KB5028244 update released with 19 fixes, improved security (bleepingcomputer.com)
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek
Zimbra patches zero-day vulnerability exploited in XSS attacks (bleepingcomputer.com)
WordPress Ninja Forms plugin flaw lets hackers steal submitted data (bleepingcomputer.com)
Two flaws in Linux Ubuntu affect 40% of Ubuntu users - Security Affairs
Tools and Controls
Why cyber security should be part of your ESG strategy | Computer Weekly
Lawyers take frontline role in business response to cyber attacks | Financial Times (ft.com)
Explaining risk maturity models and how they work | TechTarget
Microsoft enhances Windows 11 Phishing Protection with new features (bleepingcomputer.com)
Shadow Coding Is An Intoxicating Shortcut—And A Security Landmine (forbes.com)
Zero trust rated as highly effective by businesses worldwide - Help Net Security
50% of Zero Trust Programs Risk Failure According to PlainID Survey (darkreading.com)
Google Chrome to offer 'Link Previews' when hovering over links (bleepingcomputer.com)
Why are computer security guidelines so confusing? - Help Net Security
Threat Intelligence Is Growing — Here's How SOCs Can Keep Up (darkreading.com)
Designing a Security Strategy for Defending Multicloud Architectures (darkreading.com)
Converging networking and security with SASE - Help Net Security
Artificial Intelligence Continues To Revolutionize Cyber security (forbes.com)
Key factors for effective security automation - Help Net Security
Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)
CISOs consider zero trust a hot security ticket - Help Net Security
How a Cyber Security Platform Addresses the 3 “S” (trendmicro.com)
Reports Published in the Last Week
Other News
Maritime Cyber attack Database Launched by Dutch University - SecurityWeek
Google’s new security pilot program will ban employee Internet access | Ars Technica
macOS Under Attack: Examining the Growing Threat and User Perspectives (thehackernews.com)
Why whistleblowers in cyber security are important and need support | CSO Online
World's most internetty firm tries life off the net • The Register
Exam board cyber attack investigation: Teenager arrested (schoolsweek.co.uk)
Companies Need to Prove They Can Be Trusted with Technology (hbr.org)
Heart monitor manufacturer hit by cyber attack, takes systems offline (bitdefender.com)
Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 14 July 2023
Black Arrow Cyber Threat Briefing 14 July 2023:
-Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves
-Helping Boards Understand Cyber Risks
-Enterprise Risk Management Should Inform Cyber Risk Strategies
-Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention
-20% of Malware Attacks Bypass Antivirus Protection
-Ransomware Payments and Extortion Spiked Compared to 2022
-AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers
-Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available
-Scam Page Volumes Surge 304% Annually
-Financial Industry Faces Soaring Ransomware Threat
-The Need for Risk-Based Vulnerability Management to Combat Threats
-Government Agencies Breached in Microsoft 365 Email Attacks
-Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China
-Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves
The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.
Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.
Helping Boards Understand Cyber Risks
A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.
It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.
Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.
https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/
Enterprise Risk Management Should Inform Cyber Risk Strategies
While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.
Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.
Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention
Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.
This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.
The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.
https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/
20% of Malware Attacks Bypass Antivirus Protection
In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.
The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).
Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.
https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/
Ransomware Payments and Extortion Spiked Compared to 2022
A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.
It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.
https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/
AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers
Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.
The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.
Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available
Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.
An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.
https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/
Scam Page Volumes Surge 304% Annually
Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.
It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.
https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/
Financial Industry Faces Soaring Ransomware Threat
The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.
https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/
The Need for Risk-Based Vulnerability Management to Combat Threats
Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.
By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.
Government Agencies Breached in Microsoft 365 Email Attacks
Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.
Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.
Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China
Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.
Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years
Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.
https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/
Governance, Risk and Compliance
CISO perspective on why boards don't fully grasp cyber attack risks - Help Net Security
Top Takeaways From Table Talks With Fortune 100 CISOs (darkreading.com)
AI, trust, and data security are key issues for finance firms and their customers | ZDNET
Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves (darkreading.com)
Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)
Enterprise risk management should inform cyber-risk strategies | TechTarget
Threats
Ransomware, Extortion and Destructive Attacks
Cl0p Hackers Hit Three of the Biggest US Law Firms in Large Ransomware Attack - MSSP Alert
UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach | TechCrunch
Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day | SC Media (scmagazine.com)
Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch
Cyber Extortion Cases Surge 39% Annually - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware payments on record-breaking trajectory for 2023 (bleepingcomputer.com)
Beware of Big Head Ransomware: Spreading Through Fake Windows Updates (thehackernews.com)
Deutsche Bank confirms provider breach exposed customer data (bleepingcomputer.com)
BigHead and RedEnergy ransomware, more MOVEIt problems (cisoseries.com)
Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs
Same code, different ransomware? Leaks kick-start myriad of new variants - Help Net Security
Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley
BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days (thehackernews.com)
Ransomware Victims
Capita admits hackers also stole staff’s personal details (thetimes.co.uk)
Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch
Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)
Barts NHS hack leaves folks on tenterhooks over extortion • The Register
Scottish university cyber attack under investigation | The National
Phishing & Email Based Attacks
New Phishing Attack Spoofs Microsoft 365 Authentication System (hackread.com)
Number of email-based phishing attacks surges 464% - Help Net Security
Chinese hackers compromised emails of US Government agencies- -Security Affairs
Microsoft: Government agencies breached in email attacks | TechTarget
RomCom hackers target NATO Summit attendees in phishing attacks (bleepingcomputer.com)Facebook and Microsoft remain prime targets for spoofing - Help Net Security
Top 10 Email Security Best Practices in 2023 (gbhackers.com)
Other Social Engineering; Smishing, Vishing, etc
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)
Evil QR - A new QR Jacking Attack to Take Over User Accounts (cybersecuritynews.com)
How hackers are now targeting your voice and how to protect yourself | Fox News
Artificial Intelligence
How the EU AI Act Will Affect Businesses, Cyber Security (darkreading.com)
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)
ChatGPT and Cyber Security : 5 Cyber Security Risks of ChatGPT (gbhackers.com)
WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)
How to Safely Architect AI in Your Cyber Security Programs (darkreading.com)
ChatGPT users drop for the first time as people turn to uncensored chatbots | Ars Technica
Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop
Civil society, labor and rights groups express concerns about AI at White House meeting | CyberScoop
2FA/MFA
Malware
20% of malware attacks bypass antivirus protection - Help Net Security
Malware delivery to Microsoft Teams users made easy - Help Net Security
WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)
Truebot Malware Variants Abound, According to CISA Advisory (darkreading.com)
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)
USB drive malware attacks spiking again in first half of 2023 (bleepingcomputer.com)
Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)
Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign (darkreading.com)
Over 100 malicious signed Windows drivers blocked by Microsoft - NotebookCheck.net News
New 'ShadowVault' macOS malware steals passwords, crypto, credit card data | Macworld
BlackLotus UEFI Bootkit Source Code Leaked on GitHub - SecurityWeek
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)
AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)
Serious Security: Rowhammer returns to gaslight your computer – Naked Security (sophos.com)
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)
Mobile
Crooks Evolve Antidetect Tooling for Mobile OS-Based Fraud-Security Affairs
The FCC aims to stop SIM swappers with new rules - The Verge
Google Play will enforce business checks to curb malware submissions (bleepingcomputer.com)
Clever Letscall vishing malware targets Android phones | SC Media (scmagazine.com)
Denial of Service/DoS/DDOS
Industry responses and strategies for navigating the tides of DDoS attacks - Help Net Security
Archive Of Our Own Down: AO3 DDoS Attack Explained - Dataconomy
Internet of Things – IoT
Data Breaches/Leaks
So you gave personal info to a company caught in a data breach. Now what? | CBC News
HCA confirms breach after hacker steals data of 11 million patients (bleepingcomputer.com)
US on Track For Record Number of Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Twitter User Exposes Nickelodeon Data Leak - Infosecurity Magazine (infosecurity-magazine.com)
Capita attackers reportedly stole data from pension fund • The Register
Twenty Manx public authorities reprimanded for data breach - BBC News
Bangladesh government website leaked data of millions of citizens-Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cyber security professional accused of stealing $9M in crypto | TechCrunch
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)
Insider Risk and Insider Threats
How To Protect Your Business From The Security Risks Freelancers Pose (forbes.com)
Former employee charged for attacking water treatment plant (bleepingcomputer.com)
Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley
Fraud, Scams & Financial Crime
E-commerce Fraud Surges By Over 50% Annually - Infosecurity Magazine (infosecurity-magazine.com)
Scam Page Volumes Surge 304% Annually - Infosecurity Magazine (infosecurity-magazine.com)
The FCC aims to stop SIM swappers with new rules - The Verge
Insurance
Dark Web
Supply Chain and Third Parties
Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)
Capita attackers reportedly stole data from pension fund • The Register
MOVEit: Testing the Limits of Supply Chain Security - SecurityWeek
Cloud/SaaS
Only 45% of cloud data is currently encrypted - Help Net Security
Microsoft alleges China behind attack on Exchange Online • The Register
For stronger public cloud data security, use defence in depth | TechTarget
Silentbob Campaign: Cloud-Native Environments Under Attack (thehackernews.com)
Global Retailers Must Keep an Eye on Their SaaS Stack (thehackernews.com)
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)
Decentralized storage emerging as solution to cloud-based attacks | Cybernews
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)
less than half of SMBs use Privileged Access Management- IT Security Guru
Encryption
API
Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)
API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek
Open Source
Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)
The EU’s Product Liability Directive could kill open source | TechRadar
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)
AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek
Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? (darkreading.com)
Travel
Regulations, Fines and Legislation
How the EU AI Act Will Affect Businesses, Cyber security (darkreading.com)
A Cyber Security Wish List Ahead of NATO Summit - SecurityWeek
The EU’s Product Liability Directive could kill open source | TechRadar
Microsoft and AWS caution Ofcom against referring UK cloud market over to CMA | Computer Weekly
Models, Frameworks and Standards
How to map security gaps to the Mitre ATT&CK framework | TechTarget
Get started: Threat modeling with the Mitre ATT&CK framework | TechTarget
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog
Russia-based actor exploited unpatched Office zero day | TechTarget
SolarWinds Attackers Dangle BMWs to Spy on Diplomats (darkreading.com)
Russian state hackers lure Western diplomats with BMW car ads (bleepingcomputer.com)
Killnet Tries Building Russian Hacktivist Clout With Media Stunts (darkreading.com)
Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs
Killer ‘tracked Russian sub commander using Strava jogging app’ (thetimes.co.uk)
Inside the murky world accelerating Russia’s economic meltdown (telegraph.co.uk)
Cyber attacks Against Ukrainians Adjoin NATO Summit in Lithuania - MSSP Alert
Russian Hackers Find Sneaky Way to Infiltrate Embassy Networks in Kyiv (kyivpost.com)
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)
China
Chinese hackers compromised emails of US Government agencies-Security Affairs
UK has ‘no strategy’ to tackle China threat as spies target Britain, report warns | The Independent
Cabinet tensions emerge over labelling China a threat to UK national security (inews.co.uk)
Iran
North Korea
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)
Creating a Patch Management Playbook: 6 Key Questions (darkreading.com)
Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)
Vulnerabilities
MOVEit Transfer customers warned to patch new critical flaw (bleepingcomputer.com)
After Zero-Day Attacks, MOVEit Turns to Security Service Packs - SecurityWeek
Microsoft Warns of Office Zero-Day Attacks, No Patch Available - SecurityWeek
Juniper Networks Patches High-Severity Vulnerabilities in Junos OS - SecurityWeek
Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)
SonicWall warns admins to patch critical auth bypass bugs immediately (bleepingcomputer.com)
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (bleepingcomputer.com)
Russia-based actor exploited unpatched Office zero day | TechTarget
Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems (thehackernews.com)
Raising concerns over Google Authenticator’s new features | TechRadar
Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)
VMware warns of exploit available for critical vRealize RCE bug (bleepingcomputer.com)
Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion - SecurityWeek
Zimbra urges customers to manually fix actively exploited zero-day-Security Affairs
Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek
New StackRot Linux kernel flaw allows privilege escalation (bleepingcomputer.com)
Exploit Code Published for Remote Root Flaw in VMware Logging Software - SecurityWeek
API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek
Experts released PoC exploit for Ubiquiti EdgeRouter flaw-Security Affairs
Critical RCE found in popular Ghostscript open-source PDF library (bleepingcomputer.com)
Citrix fixed a critical flaw in Secure Access Client for Ubuntu-Security Affairs
OT/ICS Vulnerabilities
Tools and Controls
The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)
less than half of SMBs use Privileged Access Management- IT Security Guru
Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)
Enterprise risk management should inform cyber-risk strategies | TechTarget
Infrastructure upgrades alone won't guarantee strong security - Help Net Security
What is a Network Intrusion Protection System (NIPS)? | Definition from TechTarget
Overcoming user resistance to passwordless authentication - Help Net Security
Zero Trust Keeps Digital Attacks From Entering the Real World (darkreading.com)
3 Strategies For Simplifying And Strengthening Your Data Security (forbes.com)
The history, evolution and current state of SIEM | TechTarget
Attack Surface Management: Identify and protect the unknown - Help Net Security
How to Put Generative AI to Work in Your Security Operations Center (darkreading.com)
Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)
Platform Approach to Cyber Security: The New Paradigm (trendmicro.com)
Intrusion Detection & Prevention Systems Guide (trendmicro.com)
Decentralized storage emerging as solution to cloud-based attacks | Cybernews
Wi-Fi AP placement best practices and security policies | TechTarget
For stronger public cloud data security, use defence in depth | TechTarget
Other News
White House Urged to Quickly Nominate National Cyber Director (darkreading.com)
The rise of cyber threats in a digital dystopia | Mint #AskBetterQuestions (livemint.com)
Building the right collective defence against cyber attacks for critical infrastructure | CyberScoop
Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security
White House publishes National Cyber Security Strategy Implementation Plan - Help Net Security
Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 26 May 2023
Black Arrow Cyber Threat Briefing 26 May 2023:
-50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy
-Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim
-SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups
-IT Employee Piggybacked on Cyber Attack for Personal Gain
-Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More
-Microsoft Reports Jump in Business Email Compromise (BEC) Activity
-Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions
-Advanced Phishing Attacks Surge 356% in 2022
-Today’s Cyber Defence Challenges: Complexity and a False Sense of Security
-Almost All Ransomware Attacks Target Backups, Says Veeam
-NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure
-Half of all Companies were Impacted by Spearphishing in 2022
-Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy
Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).
Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.
https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/
Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim
Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.
The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.
Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.
https://www.itweb.co.za/content/mYZRX79g8gRqOgA8
SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups
Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.
Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.
SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.
IT Employee Piggybacked on Cyber Attack for Personal Gain
A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.
The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.
“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.
While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.
https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/
Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More
Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.
Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.
Microsoft Reports Jump in Business Email Compromise (BEC) Activity
Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.
Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.
Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.
Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions
The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.
Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.
Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.
Advanced Phishing Attacks Surge 356% in 2022
A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.
The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.
Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.
https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/
Today’s Cyber Defence Challenges: Complexity and a False Sense of Security
Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.
To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.
Almost All Ransomware Attacks Target Backups
Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.
According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.
Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.
With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.
NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure
The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.
The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.
https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/
Half of All Companies were Impacted by Spearphishing in 2022
Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.
The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.
The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.
https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/
Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.
There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.
https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool
Governance, Risk and Compliance
Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek
The Rising Threat of Secrets Sprawl and the Need for Action (thehackernews.com)
Mass resignations, layoffs seen as major threat to corporate cyber security - The Korea Times
Improving Cyber security Requires Building Better Public-Private Cooperation (darkreading.com)
5 Cyber security Woes That Threaten Digital Growth (analyticsinsight.net)
Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)
What Security Professionals Need to Know About Aggregate Cyber Risk (darkreading.com)
Where to Focus Your Company’s Limited Cyber security Budget (hbr.org)
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online
CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (darkreading.com)
Today’s Cyber Defence Challenges: Complexity and a False Sense of Security - SecurityWeek
The biggest threats are always those we fail to predict - Big Think
How continuous security monitoring is changing the compliance game - Help Net Security
Defining CISOs, CTOs, and CIOs' Roles in Cyber security (analyticsinsight.net)
Threats
Ransomware, Extortion and Destructive Attacks
3 Common Initial Attack Vectors Account for Most Ransomware Campaigns (darkreading.com)
12 vulnerabilities newly associated with ransomware - Help Net Security
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Ransomware threats are growing, and targeting Microsoft devices more and more | TechRadar
Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (bleepingcomputer.com)
FIN7 gang returned and was spotted delivering Clop ransomware - Security Affairs
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking (darkreading.com)
Cyble — New Ransomware Wave Engulfs over 200 Corporate Victims
Updated 'StopRansomware Guide' warns of shifting tactics | TechTarget
The Week in Ransomware - May 19th 2023 - A Shifting Landscape (bleepingcomputer.com)
US saw 45% fewer ransomware victims posted on the dark web | Security Magazine
Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert
Ransomware tales: The MitM attack that really had a Man in the Middle – Naked Security (sophos.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (thehackernews.com)
Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (thehackernews.com)
Ransomware Victims
Food Distributor Sysco Says Cyber Attack Exposed 126,000 Individuals - SecurityWeek
Suzuki motorcycle plant shut down by cyber attack (bitdefender.com)
Iowa hospital discloses breach following Royal ransomware leak | TechTarget
Arms maker Rheinmetall confirms BlackBasta ransomware attack (bleepingcomputer.com)
Dish Network says February ransomware attack impacted +300K - Security Affairs
Philly Inquirer disputes Cuba ransomware gang's leak claims • The Register
Dorchester school IT system held to ransom in cyber attack - BBC News
BlackByte lists city of Augusta after cyber 'incident' • The Register
Phishing & Email Based Attacks
Advanced Phishing Attacks Surge 356% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
50% of companies had spearphishing puncture wounds in 2022 (techrepublic.com)
Microsoft 365 phishing attacks use encrypted RPMSG messages (bleepingcomputer.com)
Threat actors exploit new channels for advanced phishing attacks - Help Net Security
Malicious links and misaddressed emails slip past security controls - Help Net Security
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
BEC – Business Email Compromise
Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog
Microsoft reports jump in business email compromise activity | CSO Online
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
Employees are banned from using ChatGPT at these companies | Fortune
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs
6 ChatGPT risks for legal and compliance leaders - Help Net Security
5 Ways Hackers Will Use ChatGPT For Cyber attacks (informationsecuritybuzz.com)
Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security
Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop
AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)
The Security Hole at the Heart of ChatGPT and Bing | WIRED UK
2FA/MFA
Malware
New PowerExchange malware backdoors Microsoft Exchange servers (bleepingcomputer.com)
Hackers Use Weaponised DOCX File to Deploy Stealthy Malware (gbhackers.com)
Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware (thehackernews.com)
Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware (thehackernews.com)
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)
Threat actors leverage kernel drivers in new attacks | TechTarget
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs
Malicious links and misaddressed emails slip past security controls - Help Net Security
Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica
New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)
Legion Malware Upgraded to Target SSH Servers and AWS Credentials (thehackernews.com)
AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)
Mobile
Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)
Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)
New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)
Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)
Botnets
How smart bots are infecting and exploiting the internet - Help Net Security
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai
Denial of Service/DoS/DDOS
Internet of Things – IoT
Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
Data Breaches/Leaks
Capita under fire after ‘confidential’ files published online (thetimes.co.uk)
Luxottica confirms 2021 data breach after info of 70M leaks online (bleepingcomputer.com)
Hackers steal the SSN of nearly 6 million people (pandasecurity.com)
Food Distributor Sysco Says Cyber attack Exposed 126,000 Individuals - SecurityWeek
Organised Crime & Criminal Actors
IT employee piggybacked on cyber attack for personal gain - Help Net Security
Child hackers: How are kids becoming sophisticated cyber criminals? | Euronews
UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)
The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum
FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Cyber criminals masquerading as MFA vendors - Help Net Security
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)
FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)
Insider Risk and Insider Threats
How to prevent against the 5 main types of insider threats - IT Security Guru
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Get-rich-quick schemes, pyramids and ponzis: five signs you're being scammed (theconversation.com)
Scammers Using ChatGPT "Fleeceware" Apps to Cash In on AI Hype, Sophos Report - MSSP Alert
Online scams target bargain-hunting holiday travelers - Help Net Security
Ads for lucrative jobs in Asia may be tech slavery scams • The Register
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
79-year-old woman tricks German scammers into getting arrested (iamexpat.de)
Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Supply Chain and Third Parties
Capita under fire after ‘confidential’ files published online (thetimes.co.uk)
UK councils caught in Capita unsecured AWS bucket data leak • The Register
New Cyber Security Training Packages Launched to Manage Supply Chain Risk - NCSC
Software Supply Chain
GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains (thehackernews.com)
Cloud/SaaS
UK councils caught in Capita unsecured AWS bucket data leak • The Register
CISO-level tips for securing corporate data in the cloud - Help Net Security
Google Cloud Bug Allows Server Takeover From CloudSQL Service (darkreading.com)
Attack Surface Management
Identity and Access Management
7 access management challenges during M&A - Help Net Security
Think security first when switching from traditional Active Directory to Azure AD | CSO Online
Encryption
API
API bug in OAuth dev tool opened websites, apps to account hijacking | SC Media (scmagazine.com)
The fragmented nature of API security ownership - Help Net Security
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Inactive accounts pose significant account takeover security risks | CSO Online
What’s a Double-Blind Password Strategy and When Should It Be Used (bleepingcomputer.com)
Netflix's Password-Sharing Ban Offers Security Upsides (darkreading.com)
Biometrics
Social Media
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)
Pentagon explosion hoax goes viral after verified Twitter accounts push (bleepingcomputer.com)
Training, Education and Awareness
Travel
Online scams target bargain-hunting holiday travelers - Help Net Security
Four ways your devices can be hacked in hotels and how to stay safe | This is Money
Tips to Protect Against Holiday and Airline Scams - IT Security Guru
Parental Controls and Child Safety
Regulations, Fines and Legislation
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)
Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop
Models, Frameworks and Standards
NIST Launches Cyber security Initiative for Small Businesses (securityintelligence.com)
New security model launched to eliminate 95% of cyber breaches - IT Security Guru
Backup and Recovery
Almost all ransomware attacks target backups, says Veeam | Computer Weekly
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)
79-year-old woman tricks German scammers into getting arrested (iamexpat.de)
Privacy, Surveillance and Mass Monitoring
UK police to 'embed' facial recog but oversight is at risk • The Register
Abuse of government spying powers: What's to worry about? • The Register
Reflections on Ten Years Past The Snowden Revelations (ietf.org)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)
Russia's War in Ukraine Shows Cyber attacks Can Be War Crimes (darkreading.com)
The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED
Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (thehackernews.com)
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)
Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (thehackernews.com)
Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop
New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)
United Nations official and others in Armenia hacked by NSO Group spyware | Hacking | The Guardian
Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)
Nation State Actors
APT attacks: Exploring Advanced Persistent Threats and their evasive techniques (malwarebytes.com)
SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups | CSO Online
The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)
Five Eyes and Microsoft accuse China US infrastructure raids • The Register
Iranian hackers use new Moneybird ransomware to attack Israeli orgs (bleepingcomputer.com)
Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop
GCHQ warns of fresh threat from Chinese state-sponsored hackers | Hacking | The Guardian
New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)
Five Eyes agencies detail how Chinese hackers breached US infrastructure - Help Net Security
Lazarus Group Striking Vulnerable Windows IIS Web Servers (darkreading.com)
'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns (darkreading.com)
Vulnerability Management
12 vulnerabilities newly associated with ransomware - Help Net Security
Fresh perspectives needed to manage growing vulnerabilities - Help Net Security
Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert
How to check for new exploits in real time? VulnCheck has an answer | CSO Online
Vulnerabilities
12 vulnerabilities newly associated with ransomware - Help Net Security
Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)
Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws (informationsecuritybuzz.com)
Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)
Microsoft: Windows issue causes file copying, saving failures (bleepingcomputer.com)
GitLab 'strongly recommends' patching max severity flaw ASAP (bleepingcomputer.com)
83C0000B: The error code that means a software update bricked your HP printer (bitdefender.com)
CISA adds iPhone bugs to Known Exploited Vulnerabilities catalog - Security Affairs
Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security
Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)
Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)
Tools and Controls
Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek
Malicious links and misaddressed emails slip past security controls - Help Net Security
Making The Most Of A Penetration Test: The Organisational Perspective (forbes.com)
Against the Clock: Cyber Incident Response Plan (trendmicro.com)
Investigating Risks Through Threat Hunting Capability Guide (informationsecuritybuzz.com)
Almost all ransomware attacks target backups, says Veeam | Computer Weekly
How continuous security monitoring is changing the compliance game - Help Net Security
Blacklist untrustworthy apps that peek behind your firewall - Help Net Security
How generative AI is reshaping the identity verification landscape - Help Net Security
The fragmented nature of API security ownership - Help Net Security
Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans (darkreading.com)
Cutting Through the Noise: What is Zero Trust Security? - SecurityWeek
CISO-level tips for securing corporate data in the cloud - Help Net Security
6 ways generative AI chatbots and LLMs can enhance cyber security | CSO Online
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Attributes of a mature cyber-threat intelligence program | CSO Online
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 March 2023
Black Arrow Cyber Threat Briefing 24 March 2023:
-Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans
-Controlling Third-Party Data Risk Should Be a Top Cyber Security Priority
-IT Security Spending to Reach Nearly $300 Billion by 2026
-2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks
-Board Cyber Shortage: Don’t Get Caught Swimming Naked
-Should Your Organisation Be Worried About Insider Threats?
-UK Ransomware Incident Volumes Surge 17% in 2022
-Financial Industry Hit by Rising Ransomware Attacks and BEC
-55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management
-Security Researchers Spot $36m BEC Attack
-New Victims Come Forward After Mass Ransomware Attack
-Ransomware Gangs’ Harassment of Victims is Increasing
-Wartime Hacktivism is Spilling Over Into the Financial Services Industry
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans
A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.
Controlling Third-Party Data Risk Should be a Top Cyber Security Priority
Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.
IT Security Spending to Reach Nearly $300 Billion by 2026
Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.
https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/
2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks
In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.
https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html
Board Cyber Shortage: Don’t Get Caught Swimming Naked
The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors.
Should your Organisation be Worried about Insider Threats?
Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.
https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/
UK Ransomware Incident Volumes Surge 17% in 2022
According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.
https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/
Financial Industry Hit by Rising Ransomware Attacks and BEC
According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.
55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management
According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.
Security Researchers Spot $36m BEC Attack
Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.
https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/
New Victims Come Forward After Mass Ransomware Attack
Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.
https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/
Ransomware Gangs’ Harassment of Victims is Increasing
Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.
https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/
Wartime Hacktivism is Spilling Over into the Financial Services Industry
The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.
Threats
Ransomware, Extortion and Destructive Attacks
LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)
UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg
BianLian ransomware crew swaps encryption for extortion • The Register
New victims come forward after mass-ransomware attack | TechCrunch
Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)
LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)
Free decryptor released for Conti-based ransomware following data leak | Tripwire
New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek
Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert
US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs
Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online
Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)
Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO
Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)
Prevent Ransomware with Cyber security Monitoring (trendmicro.com)
Ferrari in a spin as crims steal customer data • The Register
Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)
City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)
Phishing & Email Based Attacks
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)
ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)
RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)
Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch
Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)
Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)
Mobile
Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)
The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack
Android apps are spying on you — with no easy way to stop them | Digital Trends
Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar
How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)
Botnets
Denial of Service/DoS/DDOS
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)
Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Internet of Things – IoT
Eufy security cam 'stored unique ID' of everyone filmed • The Register
Google sounds alarm on Samsung modem bugs in Android devices • The Register
EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Data Breaches/Leaks
Complacency of staff to blame for data breaches (thesundaily.my)
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)
Data breaches cost businesses nearly $6M on average: Mastercard | CTV News
Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)
NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs
Lowe’s Market chain leaves client data up for grabs- Security Affairs
Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)
South Korea fines McDonalds for data leak from raw SMB share • The Register
A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt
General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)
Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)
Insider Risk and Insider Threats
Should Your Organisation Be Worried About Insider Threats? - IT Security Guru
Top 5 Insider Threats to Look Out For in 2023- Security Affairs
Preventing Insider Threats in Your Active Directory (thehackernews.com)
Fraud, Scams & Financial Crime
Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security
‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian
The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack
Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)
Deepfakes
Insurance
SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET
Cyber insurance carriers expanding role in incident response | TechTarget
Supply Chain and Third Parties
Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)
Companies vulnerable to cyber-attack via suppliers - research | RNZ News
Why you should treat ChatGPT like any other vendor service - Help Net Security
MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)
Software Supply Chain
Cloud/SaaS
How access management helps protect identities in the cloud | VentureBeat
Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)
The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch
Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)
The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley
New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)
4 Tips for Better AWS Cloud Workload Security (trendmicro.com)
Hybrid/Remote Working
Identity and Access Management
How access management helps protect identities in the cloud | VentureBeat
The impact of AI on the future of ID verification - Help Net Security
Preventing Insider Threats in Your Active Directory (thehackernews.com)
CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)
API
Open Source
New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
BBC presses staff to uninstall TikTok from corporate kit • The Register
TikTok cannot be considered a private company: report • The Register
Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop
Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)
Training, Education and Awareness
Regulations, Fines and Legislation
Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)
EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com
India’s infosec reporting rules observed by just 15 orgs • The Register
Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)
Governance, Risk and Compliance
How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)
How to best allocate IT and cyber security budgets in 2023 - Help Net Security
IT security spending to reach nearly $300 billion by 2026 - Help Net Security
Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)
How Your Cyber security Strategy Enables Better Business (trendmicro.com)
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
How Can CISOs Connect With the Board of Directors? (darkreading.com)
Achieving The Five Levels Of Information Security Governance (forbes.com)
Enhance security while lowering IT overhead in times of recession - Help Net Security
Why organisations shouldn't fold to cyber criminal requests - Help Net Security
Models, Frameworks and Standards
Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)
MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)
Backup and Recovery
Data backup, security alerts, and encryption viewed as top security features - Help Net Security
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)
New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Eufy security cam 'stored unique ID' of everyone filmed • The Register
Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch
How to protect online privacy in the age of pixel trackers - Help Net Security
Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)
French govt clears AI facial scans for Paris Olympics • The Register
Artificial Intelligence
EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews
ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg
ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)
Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security
We need to create guardrails for AI | Financial Times (ft.com)
GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)
Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom
The impact of AI on the future of ID verification - Help Net Security
7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online
Why you should treat ChatGPT like any other vendor service - Help Net Security
Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch
French govt clears AI facial scans for Paris Olympics • The Register
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek
Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Purported Chinese warships interfering with passenger planes • The Register
Putin to staffers: throw out your iPhones over security • The Register
Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert
Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)
BBC presses staff to uninstall TikTok from corporate kit • The Register
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)
Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
Unknown actors target orgs in Russia-occupied Ukraine • The Register
Xi, Putin, declare intent to rule the world of AI, infosec • The Register
North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)
Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop
Nation State Actors
New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek
Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek
Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)
Purported Chinese warships interfering with passenger planes • The Register
TikTok cannot be considered a private company: report • The Register
Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop
BBC presses staff to uninstall TikTok from corporate kit • The Register
Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch
Putin to staffers: throw out your iPhones over security • The Register
Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert
New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)
Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop
Unknown actors target orgs in Russia-occupied Ukraine • The Register
Xi, Putin, declare intent to rule the world of AI, infosec • The Register
The pressing threat of Chinese-made drones flying above US critical infrastructure | CyberScoop
Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop
Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online
Vulnerability Management
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant
10 Vulnerabilities Types to Focus On This Year (darkreading.com)
Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)
Vulnerabilities
Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)
CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)
Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)
Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs
Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)
Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs
WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)
Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)
Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News
Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)
Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar
Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)
ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)
Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)
If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica
Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)
Tools and Controls
Data backup, security alerts, and encryption viewed as top security features - Help Net Security
Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert
55 zero-day flaws exploited last year show the importance of security risk management | CSO Online
Complacency of staff to blame for data breaches (thesundaily.my)
How access management helps protect identities in the cloud | VentureBeat
Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware
The Ethics of Network and Security Monitoring (darkreading.com)
Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica
How network perimeters secure enterprise networks | TechTarget
Top 5 security risks for enterprise storage, backup devices - Help Net Security
Other News
Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News
Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica
What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)
Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)
Top ways attackers are targeting your endpoints - Help Net Security
What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)
Techno-nationalism explained: What you need to know (techtarget.com)
How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru
Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 February 2023
Black Arrow Cyber Briefing 24 February 2023:
-Employees Bypass Cyber Security Guidance to Achieve Business Objectives
-Three Quarters of Businesses Braced for Serious Email Attack this Year
-The Cost of Living Crisis is Triggering a Wave of Workplace Crime
-Fighting Ransomware with Cyber Security Audits
-Record Levels of Fraud Impacting 90% of Payment Compliance Teams
-CISOs Struggle with Stress and Limited Resources
-Cyber Threats and Regulations Mount for Financial Industry
-HardBit Ransomware Wants Insurance Details to Set the Perfect Price
-Social Engineering is Becoming Increasingly Sophisticated
-A Fifth of Brits Have Fallen Victim to Online Scammers
-Cyber Attacks Hit Data Centres to Steal Information From Companies
-Phishing Fears Ramp Up on Email, Collaboration Platforms
-The War in Ukraine has Shaken up the Cyber Criminal Eco-system
-Police Bust €41m Email Scam Gang
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Employees Bypass Cyber Security Guidance to Achieve Business Objectives
Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.
https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/
Three Quarters of Businesses Braced for Serious Email Attack this Year
According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.
The Cost of Living Crisis is Triggering a Wave of Workplace Crime
Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000. Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.
Fighting Ransomware with Cyber Security Audits
With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.
https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html
Record Levels of Fraud Impacting 90% of Payment Compliance Teams
New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.
CISOs Struggle with Stress and Limited Resources
A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.
https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/
Cyber Threats and Regulations Mount for Financial Industry
Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.
https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry
HardBit Ransomware Wants Insurance Details to Set the Perfect Price
Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.
Social Engineering is Becoming Increasingly Sophisticated
The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.
https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html
A Fifth of Brits Have Fallen Victim to Online Scammers
Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.
https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/
Cyber Attacks Hit Data Centres to Steal Information from Companies
Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.
Phishing Fears Ramp Up on Email, Collaboration Platforms
Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.
The War in Ukraine has Shaken up the Cyber Criminal Eco-System
One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.
Police Bust €41m Email Scam Gang
A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.
https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/
Threats
Ransomware, Extortion and Destructive Attacks
HardBit ransomware wants insurance details to set the perfect price (bleepingcomputer.com)
An Overview of the Global Impact of Ransomware Attacks (bleepingcomputer.com)
Fight Ransomware with a Cyber security Audit (trendmicro.com)
Time to Deploy Ransomware Drops 94% - Infosecurity Magazine (infosecurity-magazine.com)
Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)
A Deep Dive into the Evolution of Ransomware Part 1 (trendmicro.com)
A Deep Dive into the Evolution of Ransomware Part 2 (trendmicro.com)
Guardian staff forced to work out of former brewery after ransomware attack (telegraph.co.uk)
Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers (trendmicro.com)
Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)
GoAnywhere zero-day opened door to Clop ransomware (malwarebytes.com)
Derivatives market still hit by fallout from Ion Markets cyber attack | Financial Times (ft.com)
Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)
IBM: Ransomware defenders showing signs of improvement | TechTarget
ESXiArgs Ransomware Has Spread to 500 New Targets in Europe. Will there be More? - MSSP Alert
Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED
Food giant Dole hit by ransomware, halts North American production temporarily (bitdefender.com)
Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)
Trellix Report: LockBit 3.0 Ransomware "Most Aggressive" with Demands - MSSP Alert
Israel's Top Tech University Targeted by DarkBit Ransomware (darkreading.com)
Lockbit gang hit Portuguese municipal water utility Aguas do Porto-Security Affairs
Student Medical Records Exposed After LAUSD Breach (darkreading.com)
Phishing & Email Based Attacks
Three-quarters of businesses braced for ‘serious’ email attack this year | CSO Online
Phishing Fears Ramp Up on Email, Collaboration Platforms (darkreading.com)
Big rise in 'email thread hijacking' by cyber criminals (rte.ie)
Smishing, vishing and whaling: How phishing scams are evolving | The Star
Microsoft Outlook flooded with spam due to broken email filters (bleepingcomputer.com)
Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek
BEC – Business Email Compromise
Google Translate Helps BEC Groups Scam Companies in Any Language (darkreading.com)
Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering; Smishing, Vishing, etc
Social engineering, deception becomes increasingly sophisticated-Security Affairs
Smishing, vishing and whaling: How phishing scams are evolving | The Star
Coinbase cyber attack targeted employees with fake SMS alert (bleepingcomputer.com)
2FA/MFA
Malware
Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)
Researchers unearth Windows backdoor that’s unusually stealthy | Ars Technica
Researchers warn of 'Havoc' command and control tool • The Register
New WhiskerSpy malware delivered via trojanized codec installer (bleepingcomputer.com)
Frebniis malware abuses Microsoft IIS feature to create a backdoor-Security Affairs
New Stealc malware emerges with a wide set of stealing capabilities (bleepingcomputer.com)
Experts Warn of RambleOn Android Malware Targeting South Korean Journalists (thehackernews.com)
Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)
Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (darkreading.com)
Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (darkreading.com)
Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)
Russian national accused of developing, selling malware appears in US. court | CyberScoop
Defenders on high alert as backdoor attacks become more common - Help Net Security
Mobile
Five easy steps to keep your smartphone safe from hackers | ZDNET
Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities - SecurityWeek
Accidental WhatsApp account takeovers? It's a thing • The Register
Google will boost Android security through firmware hardening (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Sensitive US military emails exposed by unsecured Azure server • The Register
DNA testing firm inks settlement after forgotten DB break-in • The Register
Activision did not notify employees of data breach for months | TechCrunch
GoDaddy blasted for breach response | SC Media (scmagazine.com)
TELUS investigating leak of stolen source code, employee data (bleepingcomputer.com)
Organised Crime & Criminal Actors
The war in Ukraine has shaken up the cyber criminal ecosystem, Google says | ZDNET
Russian cyber crime alliances upended by Ukraine invasion • The Register
Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Norwegian police recover $5.9m crypto stolen by North Korea • The Register
Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek
Coinbase breached by social engineers, employee data stolen – Naked Security (sophos.com)
‘Nevada Group’ hackers target thousands of computer networks | Financial Times (ft.com)
Pirated Final Cut Pro infects your Mac with cryptomining malware (bleepingcomputer.com)
SBF faces four additional charges in FTX collapse case • The Register
Insider Risk and Insider Threats
Employees bypass cyber security guidance to achieve business objectives - Help Net Security
Insider Threats Don't Mean Insiders Are Threatening (darkreading.com)
Insider threats must be top-of-mind for organisations facing layoffs - Help Net Security
Fraud, Scams & Financial Crime
The cost of living crisis is triggering a wave of workplace crime - here's how | UK News | Sky News
FTC: Americans lost $8.8 billion to fraud in 2022 after 30% surge (bleepingcomputer.com)
Europol busts ‘CEO fraud’ gang that stole €38M in a few days (bleepingcomputer.com)
Criminals are flooding the internet with fake advice scams and adware, so watch out | TechRadar
City Fund Managers Jailed for £8m Fraud - Infosecurity Magazine (infosecurity-magazine.com)
Scammers Mimic ChatGPT to Steal Business Credentials (darkreading.com)
SBF faces four additional charges in FTX collapse case • The Register
Insurance
Supply Chain and Third Parties
Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)
3 Steps to Automate Your Third-Party Risk Management Program (thehackernews.com)
Software Supply Chain
Cloud/SaaS
Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat
Four steps SMBs can take to close SaaS security gaps - Help Net Security
Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? (darkreading.com)
Four Reasons Why Web Security is as Important as Endpoint Security for MSSP Clients - MSSP Alert
Containers
Encryption
Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)
7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media (darkreading.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
Malvertising
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Employees bypass cyber security guidance to achieve business objectives - Help Net Security
The financial system is alarmingly vulnerable to cyber attack | Financial Times (ft.com)
Cyber threats, Regulations Mount for Financial Industry (darkreading.com)
Fight Ransomware with a Cyber security Audit (trendmicro.com)
Evolving Threat Landscape Leading to Cyber security Pro “Burnout,” Study Says - MSSP Alert
Benchmarking your cyber security budget in 2023 | VentureBeat
7 reasons to avoid investing in cyber insurance | CSO Online
5 top threats from 2022 most likely to strike in 2023 | CSO Online
Cyber arms race, economic headwinds among top macro cyber security risks for 2023 | CSO Online
Malicious actors push the limits of attack vectors - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
CISOs struggle with stress and limited resources - Help Net Security
Complexity, volume of cyber attacks lead to burnout in security teams - Help Net Security
Law Enforcement Action and Take Downs
Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)
Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek
Russian national accused of developing, selling malware appears in US. court | CyberScoop
Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
MLOps Security AI power analysis breaks post-quantum security algorithm ... (eenewseurope.com)
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek
Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs
Russian cybercrime alliances upended by Ukraine invasion • The Register
Musk restricts Starlink for Ukraine, cites World War III | Fortune
America Loves Spying by Balloon, Just Like China (gizmodo.com)
How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek
Russia blames 'hackers' for fake missile strike alerts • The Register
Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
British Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)
Nation State Actors
ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs
The war in Ukraine has shaken up the cybercriminal ecosystem, Google says | ZDNET
Russian cybercrime alliances upended by Ukraine invasion • The Register
Norwegian police recover $5.9m crypto stolen by North Korea • The Register
America Loves Spying by Balloon, Just Like China (gizmodo.com)
EU Organisations Warned of Chinese APT Attacks - SecurityWeek
How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek
Earth Zhulong Familiar Patterns Target Southeast Asian Firms (trendmicro.com)
Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack (trendmicro.com)
Putin Speech Broadcast Temporarily Stopped By DDoS Attack (informationsecuritybuzz.com)
Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED
Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (thehackernews.com)
Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)
Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop
Vulnerability Management
CVSS system criticized for failure to address real-world impact | The Daily Swig (portswigger.net)
Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)
At least one open source vulnerability found in 84% of code bases: Report | CSO Online
Vulnerabilities
US Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog (thehackernews.com)
SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities - SecurityWeek
A New Kind of Bug Spells Trouble for iOS and macOS Security | WIRED
VMware Patches Critical Vulnerability in Carbon Black App Control Product (thehackernews.com)
PoC exploit code for critical Fortinet FortiNAC bug released online-Security Affairs
Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks - SecurityWeek
Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (bleepingcomputer.com)
Exploitation attempts observed against Fortinet FortiNAC flaw | TechTarget
Researchers find hidden vulnerabilities in hundreds of Docker containers - Help Net Security
Tools and Controls
Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)
Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat
10 Best Network Security Solutions & Providers - 2023 (cybersecuritynews.com)
Why privileged access management should be critical to your security strategy | VentureBeat
The battle for data security now falls on developers; here’s how they can win | VentureBeat
Zero trust, XDR prominent in Gartner’s Hype Cycle for Endpoint Security | VentureBeat
Advantages of the AWS Security Maturity Model (trendmicro.com)
Other News
Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)
NSA shares guidance on how to secure your home network (bleepingcomputer.com)
Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)
Malicious actors push the limits of attack vectors - Help Net Security
Researchers Hijack Popular NPM Package with Millions of Downloads (thehackernews.com)
Justice Department Debuts 'Disruptive Technology Strike Force' (gizmodo.com)
How to Detect New Threats via Suspicious Activities (thehackernews.com)
At least one open source vulnerability found in 84% of code bases: Report | CSO Online
Microsoft urges Exchange admins to remove some antivirus exclusions (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 10 February 2023
Black Arrow Cyber Threat Briefing 10 February 2023:
-Companies Banned from Paying Hackers After Attacks on Royal Mail and Guardian
-Fraud Set to Be Upgraded as a Threat to National Security
-98% of Attacks are Not Reported by Employees to their Employers
-UK Second Most Targeted Nation Behind America for Ransomware
-Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks
-An Email Attack Can End Up Costing You Over $1 Million
-Cyber Crime Shows No Signs of Slowing Down
-Surge of Swatting Attacks Targets Corporate Executive and Board Members
-Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom
-Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn
-Crypto Investors Lost Nearly $4 Billion to Hackers in 2022
-PayPal and Twitter Abused in Turkey Relief Donation Scams
-Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian
British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.
UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.
Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.
The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.
Fraud Set to Be Upgraded as a Threat to National Security
Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.
It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.
It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.
https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/
98% of Attacks are Not Reported by Employees to their Employers
Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.
UK Second Most Targeted Nation Behind America for Ransomware
Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.
Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks
This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.
An Email Attack Can End Up Costing You Over $1 Million
According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.
https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/
Cyber Crime Shows No Signs of Slowing Down
Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.
https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down
Surge of Swatting Attacks Targets Corporate Executive and Board Members
Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.
Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom
Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.
https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead
Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn
A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.
https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks
Crypto Investors Lost Nearly $4 Billion to Hackers in 2022
Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.
PayPal and Twitter Abused in Turkey Relief Donation Scams
Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.
Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers
For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.
Threats
Ransomware, Extortion and Destructive Attacks
UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online
US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek
UK second most targeted nation behind America for Ransomware - IT Security Guru
Hackers who breached ION say ransom paid; company declines comment | Reuters
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (bleepingcomputer.com)
Royal Ransomware adds support for encrypting Linux, VMware ESXi systems-security affairs
Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualisation Risks (darkreading.com)
Lessons Learned on Ransomware Prevention from the Rackspace Attack (bleepingcomputer.com)
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek
Ransomware Revolution: 4 Types of Cyber Risks in 2023 (trendmicro.com)
Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget
Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)
Nevada Ransomware has released upgraded locker - Help Net Security
Italy, France and Singapore Warn of a Spike in ESXI Ransomware-security affairs
Massive ransomware attack targets VMware ESXi servers worldwide | CSO Online
LockBit ransomware gang claims Royal Mail cyber ttack (bleepingcomputer.com)
Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)
New Linux variant of Clop Ransomware uses a flawed encryption-security affairs
After Hive takedown, could the LockBit ransomware crew be the next to fall? | CyberScoop
Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack (gizmodo.com)
Largest Canadian bookstore Indigo shuts down site after cyber ttack (bleepingcomputer.com)
Hackers hit Vesuvius, UK engineering company shuts down affected systems • Graham Cluley
MKS Instruments falls victim to ransomware attack | CSO Online
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | CyberScoop
Phishing & Email Based Attacks
Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)
Employees Fail to Report 98% of Email Cyber Hacks To Security Teams, Study Finds - MSSP Alert
An email attack can end up costing you over $1 million - Help Net Security
What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)
How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)
Cyber criminals exploit volatile job market for targeted email attacks - Help Net Security
'Phishing-as-a-service' kits drive uptick in theft: One business owner's story (cnbc.com)
Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)
NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)
BEC – Business Email Compromise
Malware
Hacker develops new 'Screenshotter' malware to find high-value targets (bleepingcomputer.com)
Threat group targets over 1,000 companies with screenshotting and infostealing malware | CSO Online
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek
Android mobile devices from top vendors in China have pre-installed malware-security affairs
Hackers backdoor Windows devices in Sliver and BYOVD attacks (bleepingcomputer.com)
GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (thehackernews.com)
Novel Banking Trojan 'PixPirate' Targets Brazil - Infosecurity Magazine (infosecurity-magazine.com)
New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)
Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (thehackernews.com)
Mobile
Android mobile devices from top vendors in China have pre-installed malware-security affairs
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek
Android phones from Chinese vendors share private data • The Register
'Money Lover' Finance App Exposes User Data (darkreading.com)
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
Android 14 to block malware from abusing sensitive permissions (bleepingcomputer.com)
UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)
Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek
Denial of Service/DoS/DDOS
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
Tor and I2P networks hit by wave of ongoing DDoS attacks (bleepingcomputer.com)
Experts published a list of proxy IPs used by the group Killnet-security affairs
Internet of Things – IoT
Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)
Security manufacturer’s smart cameras went dark for two hours (mybroadband.co.za)
Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek
NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)
Data Breaches/Leaks
Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)
Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (bleepingcomputer.com)
20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder - SecurityWeek
Over 12% of analysed online stores expose private data, backups (bleepingcomputer.com)
'Money Lover' Finance App Exposes User Data (darkreading.com)
Reddit Suffers Security Breach Exposing Internal Documents and Source Code (thehackernews.com)
Organised Crime & Criminal Actors
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)
Minister: Cyber crimes Now 20% of Spain’s Registered Offenses - SecurityWeek
Finland’s Most-Wanted Hacker Nabbed in France – Krebs on Security
Australian Man Sentenced for Scam Related to Optus Hack - SecurityWeek
Bungling Optus scammer was no criminal mastermind • Graham Cluley
Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto investors lost nearly $4 billion to hackers in 2022 (cnbc.com)
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)
Avraham Eisenberg in court accused of crypto exchange crash • The Register
Crypto Drainers Are Ready to Ransack Investor Wallets (darkreading.com)
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
FTX Being Advised by Cyber security Firm Sygnia on Hack Inquiry, CEO Ray Says (coindesk.com)
Scammers steal $4 million in crypto during in-person meeting • The Register
Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs (trendmicro.com)
Insider Risk and Insider Threats
Another RAC staffer nabbed for sharing road accident data • The Register
Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (bitdefender.com)
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Fraud, Scams & Financial Crime
PayPal and Twitter abused in Turkey relief donation scams (bleepingcomputer.com)
Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)
Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
As V-Day nears: Romance scams cost victims $1.3B last year • The Register
What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)
Father killed himself after falling victim to romance scam | News | The Times
'Brushing' scams send people free items, but could be a warning sign about a data breach - ABC News
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
Banks leave doors open for scammers with flaws in online security | This is Money
Trio Arrested in COVID PPE Fraud Probe - Infosecurity Magazine (infosecurity-magazine.com)
Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs
Impersonation Attacks
What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)
HTML smuggling campaigns impersonate well-known brands to deliver malware | CSO Online
AML/CFT/Sanctions
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online
US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek
Insurance
Tackling the New Cyber Insurance Requirements: Can Your Organisation Comply? (thehackernews.com)
How to Optimise Your Cyber Insurance Coverage (darkreading.com)
Dark Web
BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow (informationsecuritybuzz.com)
Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Supply Chain and Third Parties
Have we learnt nothing from SolarWinds supply chain attacks? • The Register
Vulnerability Provided Access to Toyota Supplier Management Network - SecurityWeek
Software Supply Chain
Cloud/SaaS
Cloud Apps Still Demand Way More Privileges Than They Use (darkreading.com)
Amazon S3 to apply security best practices for all new buckets - Help Net Security
Why Some Cloud Services Vulnerabilities Are So Hard to Fix (darkreading.com)
Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)
7 Critical Cloud Threats Facing the Enterprise in 2023 (darkreading.com)
Hybrid/Remote Working
Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)
Predictions For Securing Today's Hybrid Workforce (darkreading.com)
Identity and Access Management
Encryption
It Isn't Time to Worry About Quantum Computing Just Yet (darkreading.com)
UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)
API
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis? (darkreading.com)
Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs
Malvertising
Training, Education and Awareness
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Infosec Launches New Office Comedy Themed Security Awareness Training Series (darkreading.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)
While governments pass privacy laws, companies struggle to change - Help Net Security
Prioritising Cyber security Regulation Harmonisation (darkreading.com)
Governance, Risk and Compliance
Quarter of CFOs Have Suffered $1m+ Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)
Trends that impact on organisations' 2023 security priorities - Help Net Security
With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)
Optimising Cyber security Investments in a Constrained Spending Environment (darkreading.com)
Surge of swatting attacks targets corporate executives and board members | CSO Online
Lessons From the Cold War: How Quality Trumps Quantity in Cyber security (darkreading.com)
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Models, Frameworks and Standards
Data Protection
Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)
While governments pass privacy laws, companies struggle to change - Help Net Security
Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)
Law Enforcement Action and Take Downs
European Police Arrest 42 After Cracking Covert App - SecurityWeek
Eurocops shut down Exclu encrypted messaging app • The Register
Finnish psychotherapy extortion suspect arrested in France – Naked Security (sophos.com)
Privacy, Surveillance and Mass Monitoring
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
Steps To Planning And Implementation Of Data Privacy (informationsecuritybuzz.com)
ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica
Artificial Intelligence
Adversaries Using OpenAI’s ChatGPT Chatbot for Cyber Attacks? Here are Some Clues - MSSP Alert
Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)
IT Leaders Reveal Cyber Fears Around ChatGPT - Infosecurity Magazine (infosecurity-magazine.com)
How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)
ChatGPT's potential to aid attackers puts IT pros on high alert - Help Net Security
Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica
ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica
Jailbreak Trick Breaks ChatGPT Content Safeguards (darkreading.com)
Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)
Google's Bard AI bot mistake wipes $100bn off shares - BBC News
$120bn wiped off Google after Bard AI chatbot gives wrong answer (telegraph.co.uk)
Why ChatGPT Isn't a Death Sentence for Cyber Defenders (darkreading.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Pro-Russian hacktivist group Killnet could just be getting started (axios.com)
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
Android mobile devices from top vendors in China have pre-installed malware-security affairs
China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
What is hybrid warfare? Inside the centre dealing with modern threats - BBC News
DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)
Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)
The impact of Russia's Ukraine invasion on digital threats - Help Net Security
Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)
Spies, Hackers, Informants: How China Snoops on the US - SecurityWeek
US teases new China tech sanctions to deflate balloon-makers • The Register
Nation State Actors
Pro-Russian hacktivist group Killnet could just be getting started (axios.com)
With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
Android mobile devices from top vendors in China have pre-installed malware-security affairs
China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)
Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op - SecurityWeek
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
Android phones from Chinese vendors share private data • The Register
DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)
SNP MP Stewart McDonald's emails hacked by Russian group - BBC News
Australia to remove Chinese surveillance cameras amid security fears - BBC News
Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
UN Experts: North Korean Hackers Stole Record Virtual Assets - SecurityWeek
Mysterious Russian satellites are now breaking apart in low-Earth orbit | Ars Technica
The impact of Russia's Ukraine invasion on digital threats - Help Net Security
Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)
Experts published a list of proxy IPs used by the group Killnet-security affairs
NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)
US teases new China tech sanctions to deflate balloon-makers • The Register
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | Cyber scoop
Vulnerability Management
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition | CSO Online
Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)
Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget
How to fix the top 5 cyber security vulnerabilities | TechTarget
20 Powerful Vulnerability Scanning Tools In 2023 (informationsecuritybuzz.com)
Vulnerabilities
High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)
GoAnywhere MFT Users Warned of Zero-Day Exploit - SecurityWeek
Serious security hole plugged in infosec tool binwalk | The Daily Swig (portswigger.net)
Cisco fixed command injection bug in IOx Application Hosting Environment-security affairs
Vulnerability In F5 BIG-IP May Cause DoS And Code Execution (informationsecuritybuzz.com)
GoAnywhere MFT zero-day flaw actively exploited-security affairs
Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release-security affairs
Critical vulnerability patched in Jira Service Management Server and Data Center | CSO Online
Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (thehackernews.com)
Exploit released for actively exploited GoAnywhere MFT zero-day (bleepingcomputer.com)
Patch Released for Actively Exploited GoAnywhere MFT Zero-Day - SecurityWeek
Unpatched Security Flaws Disclosed in Multiple Document Management Systems (thehackernews.com)
SonicWall warns web content filtering is broken on Windows 11 22H2 (bleepingcomputer.com)
OpenSSL Fixes Multiple New Security Flaws with Latest Update (thehackernews.com)
Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek
Tools and Controls
Other News
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
How to Think Like a Hacker and Stay Ahead of Threats (thehackernews.com)
Surge of swatting a attacks targets corporate executives and board members | CSO Online
Bermuda: Major Internet And Power Outage Strikes (informationsecuritybuzz.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23 December 2022
Black Arrow Cyber Threat Briefing 23 December 2022:
-LastPass Users: Your Info and Password Vault Data are Now in Hackers’ Hands
-Ransomware Attacks Increased 41% In November
-The Risk of Escalation from Cyber Attacks Has Never Been Greater
-FBI Recommends Ad Blockers as Cyber Criminals Impersonate Brands in Search Engine Ads
-North Korea-Linked Hackers Stole $626 Million in Virtual Assets in 2022
-UK Security Agency Wants Fresh Approach to Combat Phishing
-GodFather Android malware targets 400 banks, crypto exchanges
-Companies Overwhelmed by Available Tech Solutions
-Nine in 10 Third-party Contractors, Freelancers Use Personal, Unmanaged Devices Likely to be Infected
-UK Privacy Regulator Names and Shames Breached Firms
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
LastPass Admits Attackers have an Encrypted Copy of Customers’ Password Vaults
Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contain the passwords to their accounts.
In a December 22nd update to its advice about the incident, LastPass brings customers up to date by explaining that in the August 2022 attack “some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.” Those creds allowed the attacker to copy information “that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”
The update reveals that the attacker also copied “customer vault” data, the file LastPass uses to let customers record their passwords. That file “is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.” The passwords are encrypted with “256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password”.
LastPass’ advice is that even though attackers have that file, customers who use its default settings have nothing to do as a result of this update as “it would take millions of years to guess your master password using generally-available password-cracking technology.” One of those default settings is not to re-use the master password that is required to log into LastPass. The outfit suggests you make it a complex credential and use that password for just one thing: accessing LastPass.
LastPass therefore offered the following advice to individual and business users: If your master password does not make use of the defaults above, then it would significantly reduce the number of attempts needed to guess it correctly. In this case, as an extra security measure, you should consider minimising risk by changing passwords of websites you have stored.
LastPass’s update concludes with news it decommissioned the systems breached in August 2022 and has built new infrastructure that adds extra protections.
https://www.theregister.com/2022/12/23/lastpass_attack_update/
Ransomware Attacks Increased 41% In November
Ransomware attacks rose 41% last month as groups shifted among the top spots and increasingly leveraged DDoS attacks, according to new research from NCC Group.
A common thread of NCC Group's November Threat Pulse was a "month full of surprises," particularly related to unexpected shifts in threat actor behaviour. The Cuba ransomware gang resurged with its highest number of attacks recorded by NCC Group. Royal replaced LockBit 3.0 as the most active strain, a first since September of last year.
These factors and more contributed to the significant jump in November attacks, which rose from 188 in October to 265.
"For 2022, this increase represents the most reported incidents in one month since that of April, when there were 289 incidents, and is also the largest month-on-month increase since June-July's marginally larger increase of 47%," NCC Group wrote in the report.
Operators behind Royal ransomware, a strain that emerged earlier this year that operates without affiliates and utilises intermittent encryption to evade detection, surpassed LockBit 3.0 for the number one spot, accounting for 16% of hack and leak incidents last month.
The Risk of Escalation from Cyber Attacks Has Never Been Greater
In 2022, an American dressed in his pyjamas took down North Korea’s Internet from his living room. Fortunately, there was no reprisal against the United States. But Kim Jong Un and his generals must have weighed retaliation and asked themselves whether the so-called independent hacker was a front for a planned and official American attack.
In 2023, the world might not get so lucky. There will almost certainly be a major cyber attack. It could shut down Taiwan’s airports and trains, paralyse British military computers, or swing a US election. This is terrifying, because each time this happens, there is a small risk that the aggrieved side will respond aggressively, maybe at the wrong party, and (worst of all) even if it carries the risk of nuclear escalation.
This is because cyber weapons are different from conventional ones. They are cheaper to design and wield. That means great powers, middle powers, and pariah states can all develop and use them.
More important, missiles come with a return address, but virtual attacks do not. Suppose in 2023, in the coldest weeks of winter, a virus shuts down American or European oil pipelines. It has all the markings of a Russian attack, but intelligence experts warn it could be a Chinese assault in disguise. Others see hints of the Iranian Revolutionary Guard. No one knows for sure. Presidents Biden and Macron have to decide whether to retaliate at all, and if so, against whom … Russia? China? Iran? It's a gamble, and they could get unlucky.
Neither country wants to start a conventional war with one another, let alone a nuclear one. Conflict is so ruinous that most enemies prefer to loathe one another in peace. During the Cold War, the prospect of mutual destruction was a huge deterrent to any great power war. There were almost no circumstances in which it made sense to initiate an attack. But cyber warfare changes that conventional strategic calculus. The attribution problem introduces an immense amount of uncertainty, complicating the decision our leaders have to make.
FBI Recommends Ad Blockers as Cyber Criminals Impersonate Brands in Search Engine Ads
The Federal Bureau of Investigation (FBI) this week raised the alarm on cyber criminals impersonating brands in advertisements that appear in search engine results. The agency has advised consumers to use ad blockers to protect themselves from such threats.
The attackers register domains similar to those of legitimate businesses or services, and use those domains to purchase ads from search engine advertisement services, the FBI says in an alert. These nefarious ads are displayed at the top of the web page when the user searches for that business or service, and the user might mistake them for an actual search result.
Links included in these ads take users to pages that are identical to the official web pages of the impersonated businesses, the FBI explains. If the user searches for an application, they are taken to a fake web page that uses the real name of the program the user searches for, and which contains a link to download software that is, in fact, malware.
“These advertisements have also been used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms,” the FBI notes. Seemingly legitimate exchange platforms, the malicious sites prompt users to provide their login and financial information, which the cyber criminals then use to steal the victim’s funds.
“While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link,” the FBI says.
Businesses are advised to use domain protection services to be notified of domain spoofing, and to educate users about spoofed websites and on how to find legitimate downloads for the company’s software.
Users are advised to check URLs to make sure they access authentic websites, to type a business’ URL into the browser instead of searching for that business, and to use ad blockers when performing internet searches. Ad blockers can have a negative impact on the revenues of online businesses and advertisers, but they can be good for online security, and even the NSA and CIA are reportedly using them.
North Korea-Linked Hackers Stole $626 Million in Virtual Assets in 2022
South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five years.
According to the spy agency, more than half the crypto assets (about 800 billion won ($626 million)) have been stolen this year alone, reported the Associated Press. The Government of Pyongyang focuses on crypto hacking to fund its military program following harsh UN sanctions.
“South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cyber crimes since UN economic sanctions were toughened in 2017 in response to its nuclear and missile tests.” reported the AP agency. North Korea cannot export its products due to the UN sanctions imposed in 2016 and 1017, and the impact on its economy is dramatic.
The NIS added that more than 100 billion won ($78 million) of the total stolen funds came from South Korea. Cyber security and intelligence experts believe that attacks aimed at the cryptocurrency industry will continue to increase next year. National Intelligence Service experts believe that North Korea-linked APT groups will focus on the theft of South Korean technologies and confidential information on South Korean foreign policy and national security.
Data published by the National Intelligence Service agency confirms a report published by South Korean media outlet Chosun early this year that revealed North Korean threat actors have stolen around $1.7 billion (2 trillion won) worth of cryptocurrency from multiple exchanges during the past five years.
https://securityaffairs.co/wordpress/139909/intelligence/north-korea-cryptocurrency-theft.html
UK Security Agency Wants Fresh Approach to Combat Phishing
The UK National Cyber Security Centre (NCSC) has called for a defence-in-depth approach to help mitigate the impact of phishing, combining technical controls with a strong reporting culture.
Writing in the agency’s blog, technical director and principal architect, “Dave C,” argued that many of the well-established tenets of anti-phishing advice simply don’t work. For example, advising users not to click on links in unsolicited emails is not helpful when many need to do exactly that as part of their job.
This is often combined with a culture where users are afraid to report that they’ve accidentally clicked, which can delay incident response, he said. It’s not the user’s responsibility to spot a phish – rather, it’s their organisation’s responsibility to protect them from such threats, Dave C argued.
As such, they should build layered technical defences, consisting of email scanning and DMARC/SPF policies to prevent phishing emails from arriving into inboxes. Then, organisations should consider the following to prevent code from executing:
Allow-listing for executables
Registry settings changes to ensure dangerous scripting or file types are opened in Notepad and not executed
Disabling the mounting of .iso files on user endpoints
Making sure macro settings are locked down
Enabling attack surface reduction rules
Ensuring third-party software is up to date
Keeping up to date about current threats
Additionally, organisations should take steps such as DNS filtering to block suspicious connections and endpoint detection and response (EDR) to monitor for suspicious behaviour, the NCSC advised.
https://www.infosecurity-magazine.com/news/uk-security-agency-combat-phishing/
GodFather Android malware targets 400 banks, crypto exchanges
An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.
The malware generates login screens overlaid on top of the banking and crypto exchange apps' login forms when victims attempt to log into the site, tricking the user into entering their credentials on well-crafted HTML phishing pages.
The Godfather trojan was discovered by Group-IB analysts, who believe it is the successor of Anubis, a once widely-used banking trojan that gradually fell out of use due to its inability to bypass newer Android defences. ThreatFabric first discovered Godfather in March 2021, but it has undergone massive code upgrades and improvements since then.
Also, Cyble published a report yesterday highlighting a rise in the activity of Godfather, pushing an app that mimics a popular music tool in Turkey, downloaded 10 million times via Google Play. Group-IB has found a limited distribution of the malware in apps on the Google Play Store; however, the main distribution channels haven't been discovered, so the initial infection method is largely unknown.
Almost half of all apps targeted by Godfather, 215, are banking apps, and most of them are in the United States (49), Turkey (31), Spain (30), Canada (22), France (20), Germany (19), and the UK (17).
Apart from banking apps, Godfather targets 110 cryptocurrency exchange platforms and 94 cryptocurrency wallet apps.
Companies Overwhelmed by Available Tech Solutions
92% of executives reported challenges in acquiring new tech solutions, highlighting the complexities that go into the decision-making process, according to GlobalDots.
Moreover, some 34% of respondents said the overwhelming amount of options was a challenge when deciding on the right solutions, and 33% admitted the time needed to conduct research was another challenge in deciding.
Organisations of all varieties rely on technology more than ever before. The constant adoption of innovation is no longer a luxury but rather a necessity to stay on par in today’s fast-paced and competitive digital landscape. In this environment, IT and security leaders are coming under increased pressure to show ROIs from their investment in technology while balancing operational excellence with business innovation. Due to current market realities, IT teams are short-staffed and suffering from a lack of time and expertise, making navigating these challenges even more difficult.
The report investigated how organisations went about finding support for their purchasing decisions. Conferences, exhibitions, and online events served as companies’ top source of information for making purchasing decisions, at 52%. Third-party solutions, such as value-added resellers and consultancies, came in second place at 48%.
54% are already using third parties to purchase, implement, or support their solutions, highlighting the value that dedicated experts with in-depth knowledge of every solution across a wide range of IT fields provide.
We are living in an age of abundance when it comes to tech solutions for organisations, and this makes researching and purchasing the right solutions for your organisation extremely challenging.
https://www.helpnetsecurity.com/2022/12/20/tech-purchasing-decisions/
Nine in 10 Third-party Contractors, Freelancers Use Personal, Unmanaged Devices Likely to be Infected
Talon Cyber Security surveyed 258 third-party providers to better understand the state of third-party working conditions, including work models, types of devices and security technologies used, potentially risky actions taken, and how security and IT tools impact productivity.
Looking at recent high-profile breaches, third parties have consistently been at the epicenter, so they took a step back with their research to better understand the potential root causes. The findings paint a picture of a third-party work landscape where individuals are consistently working from personal, unmanaged devices, conducting risky activities, and having their productivity impacted by legacy security and IT solutions.
Here’s what Talon discovered:
Most third parties (89%) work from personal, unmanaged devices, where organisations lack visibility and cannot enforce the enterprise’s security posture on. Talon pointed to a Microsoft data point that estimated users are 71% more likely to be infected on an unmanaged device.
With third parties working from personal devices, they tend to carry out personal, potentially risky tasks. Respondents note that at least on occasion, they have used their devices to:
Browse the internet for personal needs (76%)
Indulge in online shopping (71%)
Check personal email (75%)
Save weak passwords in the web browser (61%)
Play games (53%)
Allow family members to browse (36%)
Share passwords with co-workers (24%)
Legacy apps such as Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) solutions are prominent, with 45% of respondents using such technologies while working for organisations.
UK Privacy Regulator Names and Shames Breached Firms
The UK Information Commissioner’s Office (ICO) has taken the unusual step of publishing details of personal data breaches, complaints and civil investigations on its website, according to legal experts.
The data, available from Q4 2021 onwards, includes the organisation’s name and sector, the relevant legislation and the type of issues involved, the date of completion and the outcome.
Given the significance of this development, it’s surprising that the ICO has (1) chosen to release it with limited fanfare, and (2) buried the data sets on its website. Indeed, it seems to have flown almost entirely under the radar.
Understanding whether their breach or complaint will be publicised by European regulators is one of – if not the – main concern that organisations have when working through an incident, and the answer has usually been no. That is particularly the understanding or assumption where the breach or complaint is closed without regulatory enforcement. Now, at least in the UK, the era of relative anonymity looks to be over.
Despite the lack of fanfare around the announcement, this naming and shaming approach could make the ICO one of the more aggressive privacy regulators in Europe. In the future, claimant firms in class action lawsuits may adopt “US-style practices” of scanning the ICO database to find evidence of repeat offending or possible new cases.
The news comes even as data reveals the value of ICO fines issued in the past year tripled from the previous 12 months. In the year ending October 31 2022, the regulator issued fines worth £15.2m, up from £4.8m the previous year. The sharp increase in the value of fines shows the ICO’s increasing willingness selectively to crack down on businesses – particularly those that the ICO perceives has not taken adequate measures to protect customer and employee data.
https://www.infosecurity-magazine.com/news/uk-privacy-regulator-names-and/
Threats
Ransomware, Extortion and Destructive Attacks
20 companies affected by major ransomware attacks in 2021 | TechTarget
NCC Group: Ransomware attacks increased 41% in November | TechTarget
Adversarial risk in the age of ransomware - Help Net Security
FIN7 hackers create auto-attack platform to breach Exchange servers (bleepingcomputer.com)
Ransomware Uses New Exploit to Bypass ProxyNotShell Mitigations | SecurityWeek.Com
British newspaper The Guardian says it’s been hit by ransomware | TechCrunch
Play ransomware actors bypass ProxyNotShell mitigations | TechTarget
FIN7 Cyber crime Syndicate Emerges as Major Player in Ransomware Landscape (thehackernews.com)
Vice Society ransomware gang is using a custom locker - Security Affairs
NIO suffers user data breach, hacker demands $2.25 million worth of bitcoin - CnEVPost
German industrial giant ThyssenKrupp targeted in a cyber attack - Security Affairs
Paying Ransom: Why Manufacturers Shell Out to Cyber criminals (darkreading.com)
France Seeks to Protect Hospitals After Series of Cyber attacks | SecurityWeek.Com
Fire and rescue service in Victoria, Australia, confirms cyber attack - Security Affairs
Play Ransomware Gang Lay Claims For Cyber Attack On H-Hotels (informationsecuritybuzz.com)
Evolving threats and broadening responses to Ransomware in the UAE - Security Boulevard
Phishing & Email Based Attacks
Five Best Practices for Consumers to Beat Phishing Campaigns This Holiday Season - CPO Magazine
Hackers continue to exploit hijacked MailChimp accounts in cyber crime campaigns (bitdefender.com)
Holiday Spam, Phishing Campaigns Challenge Retailers (darkreading.com)
Email hijackers scam food out of businesses, not just money • The Register
Telling users to ‘avoid clicking bad links’ still isn’t working - NCSC.GOV.UK
“Suspicious login” scammers up their game – take care at Christmas – Naked Security (sophos.com)
Simple Steps to Avoid Phishing Attacks During This Festive season | Tripwire
BEC – Business Email Compromise
Telling users to ‘avoid clicking bad links’ still isn’t working - NCSC.GOV.UK
What happens once scammers receive funds from their victims - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Why Security Teams Shouldn't Snooze on MFA Fatigue (darkreading.com)
Comcast Xfinity accounts hacked in widespread 2FA bypass attacks (bleepingcomputer.com)
Malware
Malicious ‘SentinelOne’ PyPI package steals data from developers (bleepingcomputer.com)
Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It (thehackernews.com)
Ukraine's DELTA military system users targeted by info-stealing malware (bleepingcomputer.com)
Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages (darkreading.com)
Trojanized Windows 10 installers compromised the Ukrainian government | SC Media (scmagazine.com)
Raspberry Robin Worm Targets Telcos & Governments (darkreading.com)
Raspberry Robin worm drops fake malware to confuse researchers (bleepingcomputer.com)
Number of command-and-control servers spiked in 2022: report - The Record by Recorded Future
Mobile
GodFather Android malware targets 400 banks, crypto exchanges (bleepingcomputer.com)
Godfather makes banking apps an offer they can’t refuse • The Register
T-Mobile hacker gets 10 years for $25 million phone unlock scheme (bleepingcomputer.com)
Botnets
Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It (thehackernews.com)
Zerobot malware now spreads by exploiting Apache vulnerabilities (bleepingcomputer.com)
Flaws within IoT devices exploited by the Zerobot botnet (izoologic.com)
Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)
Denial of Service/DoS/DDOS
DDoS Attacks are Slowly Growing in the Technology Era (analyticsinsight.net)
Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)
BYOD
Internet of Things – IoT
Millions of IP cameras around the world are unprotected | TechRadar
Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal (darkreading.com)
Throw away all your Eufy cameras right now | Android Central
Read what Anker’s customer support is telling worried Eufy camera owners - The Verge
Amazon Ring Cameras Used in Nationwide ‘Swatting’ Spree, US Says - Bloomberg
Connected homes are expanding, so is attack volume - Help Net Security
Security Risks, Serious Vulnerabilities Rampant Among XIoT Devices in the Workplace - CPO Magazine
Data Breaches/Leaks
LastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica
Okta's source code stolen after GitHub repositories hacked (bleepingcomputer.com)
McGraw Hill's S3 buckets exposed 100,000 students' grades • The Register
NIO suffers user data breach, hacker demands $2.25 million worth of bitcoin - CnEVPost
Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days - Security Affairs
Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale (bleepingcomputer.com)
Leading sports betting firm BetMGM discloses data breach (bleepingcomputer.com)
Organised Crime & Criminal Actors
'Russian hackers' help two New York men game JFK taxi system - CyberScoop
What happens once scammers receive funds from their victims - Help Net Security
[FIN7] Fin7 Unveiled: A deep dive into notorious cyber crime gang - PRODAFT
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX's alleged run-of-the-mill frauds depended entirely on crypto (yahoo.com)
GodFather Android malware targets 400 banks, crypto exchanges (bleepingcomputer.com)
Two associates of Sam Bankman-Fried plead guilty to fraud charges in FTX fall | FTX | The Guardian
North Korea-linked hackers stole $626M in virtual assets in 2022 - Security Affairs
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
FTX's alleged run-of-the-mill frauds depended entirely on crypto (yahoo.com)
“Suspicious login” scammers up their game – take care at Christmas – Naked Security (sophos.com)
Fraudulent ‘popunder’ Google Ad campaign generated millions of dollars • The Register
Over 67,000 DraftKings Betting Accounts Hit by Hackers (gizmodo.com)
What happens once scammers receive funds from their victims - Help Net Security
T-Mobile hacker gets 10 years for $25 million phone unlock scheme (bleepingcomputer.com)
Google Ad fraud campaign used adult content to make millions (bleepingcomputer.com)
Two associates of Sam Bankman-Fried plead guilty to fraud charges in FTX fall | FTX | The Guardian
Inside The Next-Level Fraud Ring Scamming Billions Off Holiday Retailers (darkreading.com)
Supply Chain and Third Parties
Cloud/SaaS
McGraw Hill's S3 buckets exposed 100,000 students' grades • The Register
AWS simplifies Simple Storage Service to prevent data leaks • The Register
New Brand of Security Threats Surface in the Cloud (darkreading.com)
Google WordPress Plug-in Bug Allows AWS Metadata Theft (darkreading.com)
Security on a Shoestring? Cloud, Consolidation Best Bets for Businesses (darkreading.com)
Hybrid/Remote Working
Attack Surface Management
Encryption
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass admits attackers copied password vaults • The Register
LastPass users: Your info and password vault data are now in hackers’ hands | Ars Technica
Social Media
Malvertising
Fraudulent ‘popunder’ Google Ad campaign generated millions of dollars • The Register
Don't click too quick! FBI warns of malicious search engine ads | Tripwire
Google Ad fraud campaign used adult content to make millions (bleepingcomputer.com)
Parental Controls and Child Safety
Buggy parental-control apps could allow device takeover • The Register
Children And The Dangers Of The Virtual World (informationsecuritybuzz.com)
Regulations, Fines and Legislation
TSB fined nearly $60m for platform migration disaster • The Register
FCC proposes record-breaking $300 million fine against robocaller (bleepingcomputer.com)
France Fines Microsoft 60 Million Euros Over Advertising Cookies | SecurityWeek.Com
The long, long reach of the UK’s national security laws | Financial Times
Governance, Risk and Compliance
Make sure your company is prepared for the holiday hacking season - Help Net Security
The benefit of adopting a hacker mindset for building security strategies - Help Net Security
Careers, Working in Cyber and Information Security
CISO roles continue to expand beyond technical expertise - Help Net Security
UK secret services wants ‘corkscrew thinkers’ for new cyber force | News | The Times
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
France Fines Microsoft 60 Million Euros Over Advertising Cookies | SecurityWeek.Com
What is surveillance capitalism? - Definition from WhatIs.com (techtarget.com)
Google Maps: Important reason you should blur your house on Street View (ladbible.com)
Blur Your House ASAP if It's on Google Maps. Here's Why - CNET
Artificial Intelligence
Threat Modeling in the Age of OpenAI's Chatbot (darkreading.com)
This is how OpenAI's ChatGPT can be used to launch cyber attacks (techmonitor.ai)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
State level cyber attacks – Why and how (ukdefencejournal.org.uk)
The risk of escalation from cyber attacks has never been greater | Ars Technica
Ukraine's DELTA military system users targeted by info-stealing malware (bleepingcomputer.com)
Trojanized Windows 10 installers compromised the Ukrainian government | SC Media (scmagazine.com)
NATO-Member Oil Refinery Targeted in Russian APT Blitz Against Ukraine (darkreading.com)
Russian APT Gamaredon Changes Tactics in Attacks Targeting Ukraine | SecurityWeek.Com
Kremlin-linked hackers tried to spy on oil firm in NATO country, researchers say | CNN Politics
‘Our weapons are computers’: Ukrainian coders aim to gain battlefield edge | Ukraine | The Guardian
The long, long reach of the UK’s national security laws | Financial Times
UK secret services wants ‘corkscrew thinkers’ for new cyber force | News | The Times
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
Apple accused of censoring apps in Hong Kong and Russia • The Register
The long, long reach of the UK’s national security laws | Financial Times
Nation State Actors – North Korea
Vulnerability Management
Open source vulnerabilities add to security debt - Help Net Security
Top 5 Vulnerabilities Routinely Exploited by Threat Actors in 2022 (socradar.io)
Over 50 New CVE Numbering Authorities Announced in 2022 | SecurityWeek.Com
A Guide to Efficient Patch Management with Action1 (thehackernews.com)
Digging into the numbers one year after Log4Shell | SC Media (scmagazine.com)
Vulnerabilities
Critical Windows code-execution vulnerability went undetected until now | Ars Technica
FoxIt Patches Code Execution Flaws in PDF Tools | SecurityWeek.Com
Old vulnerabilities in Cisco products actively exploited in the wild - Security Affairs
OWASSRF: CrowdStrike Identifies New Method for Bypassing ProxyNotShell Mitigations
Microsoft reports macOS Gatekeeper has an 'Achilles' heel • The Register
Microsoft will turn off Exchange Online basic auth in January (bleepingcomputer.com)
Cisco’s Talos security bods predict new wave of Excel Hell • The Register
Microsoft pushes emergency fix for Windows Server Hyper-V VM issues (bleepingcomputer.com)
Ransomware Uses New Exploit to Bypass ProxyNotShell Mitigations | SecurityWeek.Com
Zerobot malware now spreads by exploiting Apache vulnerabilities (bleepingcomputer.com)
Two New Security Flaws Reported in Ghost CMS Blogging Software (thehackernews.com)
Critical Security Flaw Reported in Passwordstate Enterprise Password Manager (thehackernews.com)
This critical Windows security flaw could be as serious as WannaCry, experts claim | TechRadar
Google WordPress Plug-in Bug Allows AWS Metadata Theft (darkreading.com)
Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems (thehackernews.com)
Tools and Controls
Companies overwhelmed by available tech solutions - Help Net Security
Is Enterprise VPN on Life Support or Ripe for Reinvention? | SecurityWeek.Com
Reports Published in the Last Week
Other News
The Growing Risk Of Malicious QR Codes (informationsecuritybuzz.com)
NASA infosec again falls short of required standard • The Register
US Joint Cyber Force Elevated to Newest Subordinate Unified Command - MSSP Alert
The Rise of the Rookie Hacker - A New Trend to Reckon With (thehackernews.com)
What enumeration attacks are and how to prevent them | TechTarget
US consumers seriously concerned over their personal data | CSO Online
The FBI is worried about wave of crime against small businesses (cnbc.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 November 2022
Black Arrow Cyber Threat Briefing 25 November 2022:
-Hackers Hit One Third of Organisations Worldwide Multiple Times
-Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks
-90% of Organisations have Microsoft 365 Security Gaps
-Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
-The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
-34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware
-“Password” Continues to Be the Most Common Password in 2022
-Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers
-European Parliament Declares Russia to be a State Sponsor of Terrorism – then Gets Attacked
-The Changing Nature of Nation-State Cyber Warfare
-Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Hackers Hit One Third of Organisations Worldwide Multiple Times
Hackers have stolen customer records multiple times from nearly a third of organisations worldwide in the past 12 months, security provider Trend Micro said in its newly released, twice-yearly Cyber Risk Index (CRI) report.
The report features interviews with some 4,100 organisations across North America, Europe, Latin/South America and Asia-Pacific. Respondents stressed that customer records are at increased risk as organisations struggle to profile and defend an expanding attack surface.
Overall, respondents rated the following as the top cyber threats in 1H 2022:
Business Email Compromise (BEC)
Clickjacking
Fileless attacks
Ransomware
Login attacks (Credential Theft)
Here are some key findings from the study:
The CRI calculates the gap between organisational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.
This is a slight increase in risk from the second half of 2021, when it was -0.04. Organisations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison.
The number of global organisations experiencing a “successful” cyber-attack increased from 84% to 90% over the same period.
The number now expected to be compromised over the coming year has also increased from 76% to 85%.
From the business perspective, the biggest concern is the misalignment between CISOs and business executives, Trend Micro said. The answers given by respondents to the question: “My organisation’s IT security objectives are aligned with business objectives,” only made a score of 4.79 out of 10.0
By addressing the shortage of cyber security professionals and improving security processes and technology, organisations will significantly reduce their vulnerability to attacks.
You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organisations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform.
Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks
Companies pay an average of $1,197 per employee yearly to address successful cyber incidents against email services, cloud collaboration apps or services and browsers.
Security researchers at Perception Point shared the findings with Infosecurity before publishing them in a new white paper this month.
According to the new data, the above figures exclude compliance fines, ransomware mitigation costs and losses from non-operational processes, all of which can cause further spending.
The survey, conducted in conjunction with Osterman Research in June, considers the responses of 250 security and IT decision-makers at various enterprises and reveals additional discoveries regarding today’s enterprise threat landscape.
These findings demonstrate the urgent need for organisations to find the most accurate and efficient cyber security solutions which provide the necessary protection with streamlined processes and managed services.
Among the findings is that malicious incidents against new cloud-based apps and services occur at 60% of the frequency with which they take place on email-based services.
Additionally, some attacks, like those involving malware installed on an endpoint, happen on cloud collaboration apps at a much higher rate (87%) when compared to email-based services.
The Perception Point report also shows that a successful email-based cyber incident takes security staff an average of 86 hours to address.
In light of these figures, the security company added that one security professional with no additional support can only handle 23 email incidents annually, representing a direct cost of $6452 per incident alone.
Conversely, incidents detected on cloud collaboration apps or services take, on average, 71 hours to resolve. In these cases, one professional can handle just 28 incidents yearly at an average cost of $5305 per incident.
https://www.infosecurity-magazine.com/news/firms-dollar1197-per-employee/
90% of Organisations have Microsoft 365 Security Gaps
A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organisations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance?
Research from the study reveals that many common security procedures are not being followed 100% of the time. This leaves gaping holes in most organisations’ security defences. While most companies have strong documented security policies, the research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources:
90% of companies had gaps across all four key areas studied – multi-factor authentication (MFA), email security, password policies, and failed logins
87% of companies have MFA disabled for some or all their admins (which are the most critical accounts to protect, due to their higher access levels)
Only 17% of companies had strong password requirements that were being consistently followed.
Overall, nearly every organisation is leaving the door open for cyber security threats due to weak credentials, particularly for administrator accounts.
In addition to security challenges, the study identified key areas for improvement in managing Microsoft 365 licences as well, such as:
The average company had 21.6% of their licenses unassigned or “sitting on the shelf.” Another 10.2% of licenses were inactive, for an average of 31.9% unused licenses.
17% of companies had over 10,000 licenses unassigned or inactive. These cases represent big opportunities to optimise licence spend with better tools.
Overall, the study reveals that reporting challenges make security and licence management incredibly difficult, leading to unnecessary risks and costs.
https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/
Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
A callback phishing extortion campaign by Luna Moth (aka Silent Ransom Group) has targeted businesses in multiple sectors, including legal and retail.
The findings come from Palo Alto Network’s security team Unit 42, which described the campaign in a new advisory.
“This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope,” reads the technical write-up. At the same time, Unit 42 said that this type of social engineering attack leaves very few artifacts because it relies on legitimate technology tools to carry out attacks. In fact, callback phishing, also known as telephone-oriented attack delivery (TOAD), is a social engineering method that requires a threat actor to interact with the victim to accomplish their goals.
“This attack style is more resource intensive but less complex than script-based attacks, and it tends to have a much higher success rate,” reads the advisory. According to Unit 42, threat actors associated with the Conti group have extensively used this attack style in BazarCall campaigns. “Early iterations of this attack focused on tricking the victim into downloading the BazarLoader malware using documents with malicious macros,” explained the researchers.
As for the new campaign, which Sygnia security researchers first unveiled in July, it removes the malware portion of the attack. “In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data [...] As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” Unit 42 wrote.
The researchers also said that they expect callback phishing attacks to increase in popularity because of low per-target cost, low risk of detection and fast monetisation factors.
https://www.infosecurity-magazine.com/news/luna-moth-phishing-target-multiple/
The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber-attacks not only can affect customers’ data, but they can impact service delivery.
In one of the recent incidents, the UK’s discount retailer The Works has been forced to temporarily shut down some of its stores after a ransomware attack. While the tech team quickly shut down the company’s computers after being alerted to the security breach by the firewall system, the attack caused disruption to deliveries and store functionality including till operations.
A cyber security incident can greatly affect a business due to the consequences associated with cyber-attacks like potential lawsuits, hefty fines and damage payments, insurance rate hikes, criminal investigations and bad publicity. For example, shares of Okta, a major provider of authentication services, fell 9% after the company revealed it was a victim of a major supply chain incident via an attack on a third-party contractor’s laptop, which affected some of its customers.
Another glaring example is a 2021 cyber-attack launched by the Russian-speaking ransomware gang called DarkSide against the operator of one of the US’ largest fuel pipelines Colonial Pipeline, which crippled fuel delivery across the Southeastern United States impacting lives of millions due to supply shortages. Colonial paid the DarkSide hackers a $4.4 million ransom soon after the incident. The attackers also stole nearly 100GB of data from Colonial Pipeline and threatened to leak it if the ransom wasn’t paid. It’s also worth noting that the company is now facing a nearly $1 million penalty for failure “to plan and prepare for a manual restart and shutdown operation, which contributed to the national impacts after the cyber-attack.”
Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).
Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.
For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.
34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware
As many as 34 Russian-speaking gangs, distributing information-stealing malware under the stealer-as-a-service model, stole no fewer than 50 million passwords in the first seven months of 2022.
"The underground market value of stolen logs and compromised card details is estimated around $5.8 million" Singapore-headquartered Group-IB said in a report shared with The Hacker News.
Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.
A majority of the victims were located in the US, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, over 890,000 devices in 111 countries were infected during the time frame.
Group-IB said the members of several scam groups who are propagating the information stealers previously participated in the Classiscam operation. These groups, which are active on Telegram and have around 200 members on average, are hierarchical, consisting of administrators and workers (or traffers), the latter of whom are responsible for driving unsuspecting users to info-stealers like RedLine and Raccoon. This is achieved by setting up bait websites that impersonate well-known companies and luring victims into downloading malicious files. Links to such websites are, in turn, embedded into YouTube video reviews for popular games and lotteries on social media, or shared directly with non-fungible token (NFT) artists.
https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html
“Password” Continues to Be the Most Common Password in 2022
You would think the time spent working from home in the last two years or so helped netizens across the planet figure out how to master the world of WWW in a more efficient manner.
But new research from NordPass shows that despite so many people relying on an Internet connection for their daily activities, few actually care about the security of their data when they go online.
As a result, “password” continues to be the number one password out there, with the aforementioned company claiming that this particular keyword was detected close to 5 million times in a 3TB database. It takes less than one second to crack this password, the company says.
“123456” is currently the second most-used password worldwide, followed by its longer sibling known as “123456789” because, you know, hackers don’t know how to count to 10.
“There’s more than one way to get swindled on Tinder: using “tinder” as your password is more risky than swiping right on a billionaire. In total, this password was used 36,384 times” NordPass says. “The glitziest film industry event of the year – the Oscars ceremony – inspired many to use not-so-glitzy passwords: the password “Oscars” was used 62,983 times.”
Of course, it’s no surprise that Internet users out there turn to movies to get inspiration for their passwords, so unfortunately, “batman” is currently one of the most used keywords supposed to secure Internet accounts.
“Films and shows like Batman, Euphoria, and Encanto were among the most popular releases in 2021/2022. All are also popular passwords: “batman” was used 2,562,776 times, “euphoria” 53,993, and “encanto” 10,808 times,” the company says.
The most common password in the United States is “guest,” while in the United Kingdom, quite a lot of people go for “liverpool” (despite hackers needing just 1 second to crack it).
Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers
A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. The same security vulnerability appears to have been exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.
It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression. HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle. A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.
At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but said nothing about anyone exploiting it. Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts.
https://9to5mac.com/2022/11/25/massive-twitter-data-breach/
European Parliament Declares Russia to be a State Sponsor of Terrorism – Then Gets Attacked
On Wednesday, the European Parliament adopted a resolution on the latest developments in Russia’s brutal war of aggression against Ukraine. MEPs highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes. In light of this, they recognise Russia as a state sponsor of terrorism and as a state that “uses means of terrorism”.
As the EU currently cannot officially designate states as sponsors of terrorism, the European Parliament calls on the EU and its member states to put in place the proper legal framework and consider adding Russia to such a list. This would trigger a number of significant restrictive measures against Moscow and have profound restrictive implications for EU relations with Russia.
In the meantime, MEPs call on the Council to include the Russian paramilitary organisation ‘the Wagner Group’, the 141st Special Motorized Regiment, also known as the “Kadyrovites”, and other Russian-funded armed groups, militias and proxies, on the EU’s terrorist list.
Almost immediately after the vote the European Parliament suffered a sustained denial of service attack that shut down email services and disrupted internet access for more than an hour. A pro-Russian group called KILLNET then claimed responsibility in a Telegram post.
The Changing Nature of Nation-State Cyber Warfare
Military conflict is ever shifting from beyond the battlefield and into cyber space. Ever more sophisticated and ruthless groups of nation-state actors and their proxies continue to target critical systems and infrastructure for political and ideological leverage. These criminals’ far-reaching objectives include intelligence gathering, financial gain, destabilising other nations, hindering communications, and the theft of intellectual property.
The risks to individuals and society are clear. Due to its importance to daily life and the economy, the UK’s critical national infrastructure (CNI) is a natural target for malicious nation-state cyber-attacks. We only need look at the Colonial Pipeline ransomware attack in the US – at the hands of the Russia-affiliated DarkSide group – to appreciate the potential for one criminal act to escalate and cause large-scale societal impact: panic and disruption. Even though the pipeline was shut down for less than a week, the havoc caused by suspending fuel supplies gave CNI operators everywhere a worrying taste of things to come.
Closer to home, the recent cyber attack on South Staffordshire Water highlights the need for all utilities providers to take proactive measures and precautions to better secure essential human sustenance supplies. With the risk of coordinated attacks by criminals backed by nation states rising, the potential for human casualties if attacks against CNI go unchecked is becoming starkly clear.
The Russia-Ukraine war has heightened awareness of the cyber threats posed by all nation-state adversaries. Unsurprisingly, challenges and conflicts in the physical world tend to bleed through into the cyber domain. And with relations between Western nations and Russia, China, Iran, and North Korea more fraught than ever, UK organisations can expect to see further increases in cyber threats at the hands of hostile nation-state actors.
https://informationsecuritybuzz.com/the-changing-nature-of-nation-state-cyber-warfare/
Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question
Cyber crime continues to be a persistent and pressing issue for all sized businesses, particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyber attack shut their doors within six months.
Despite the continuing rise in risk, many small businesses remain vulnerable to cyber attacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.
Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyber attack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.
With the constant – and ever-increasing – threat of potential cyber attacks and the need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.
But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK government’s Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy in place.
Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. While all-sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, the time involved in finding a provider, and a lack of understanding of the importance of a cyber insurance policy.
Threats
Ransomware and Extortion
Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)
Fake subscription invoices lead to corporate data theft and extortion - Help Net Security
Ransomware gang targets Belgian municipality, hits police instead (bleepingcomputer.com)
New ransomware encrypts files, then steals your Discord account (bleepingcomputer.com)
Donut extortion group also targets victims with ransomware (bleepingcomputer.com)
Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (thehackernews.com)
Ransomware attacks: Making cyber ransom payments unlawful would help boards (afr.com)
An aggressive Black Basta Ransomware campaign targets US-based companies - Security Affairs
Luna Moth ransomware group invests in call centres to target individual victims - SiliconANGLE
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)
Cybereason warns of fast-moving Black Basta campaign (techtarget.com)
Enterprise healthcare providers warned of Lorenz ransomware threat | SC Media (scmagazine.com)
Montreal-area city hit by ransomware: Report | IT World Canada News
Phishing & Email Based Attacks
Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks (darkreading.com)
World Cup phishing emails spike in Middle Eastern countries • The Register
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs
SocGholish finds success through novel email techniques | SC Media (scmagazine.com)
BEC – Business Email Compromise
Malware
Cyber criminals are increasingly using info-stealing malware to target victims | CSO Online
A security firm hacked malware operators, locking them out of their own C&C servers | TechSpot
Emotet is back and delivers payloads like IcedID and Bumblebee - Security Affairs
All You Need to Know About Emotet in 2022 (thehackernews.com)
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
Multi-Purpose Botnet and Infostealer 'Aurora' Rising to Fame | SecurityWeek.Com
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Aurora infostealer malware increasingly adopted by cybergangs (bleepingcomputer.com)
This new malware is able to bypass all of Microsoft's security warnings | TechRadar
Backdoored Chrome extension installed by 200,000 Roblox players (bleepingcomputer.com)
Mobile
'Patch Lag' Leaves Millions of Android Devices Vulnerable (darkreading.com)
Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws (thehackernews.com)
Your iPhone may be collecting more personal data than you think | Digital Trends
Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity
WhatsApp data leak: 500 million user records for sale | Cybernews
Internet of Things – IoT
Data Breaches/Leaks
WhatsApp data leak: 500 million user records for sale - Security Affairs
California County Says Personal Information Compromised in Data Breach | SecurityWeek.Com
Organised Crime & Criminal Actors
Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)
How social media scammers buy time to steal your 2FA codes – Naked Security (sophos.com)
DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads | Cyware Alerts - Hacker News
Hackers are locking out Mars Stealer operators from their own servers | TechCrunch
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz
Two Estonians arrested for running $575M crypto Ponzi scheme (bleepingcomputer.com)
Cyber crooks to ditch BTC as regulation and tracking improves: Kaspersky (cointelegraph.com)
Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Bahamas SEC Or Hacker? Stolen Funds From FTX Keep On Moving (bitcoinist.com)
Fraud, Scams & Financial Crime
'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)
Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Beware - Black Friday online shopping scams are here now | TechRadar
Online retailers should prepare for a holiday season spike in bot-operated attacks | CSO Online
Pig butchering domains seized and slaughtered by the Feds • The Register
Insurance
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
Hybrid/Remote Working
Identity and Access Management
Encryption
API
5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs
Three security design principles for public REST APIs - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)
Guess the most common password. Hint: We just told you • The Register
World Cup Players Among Most Breached Passwords - IT Security Guru
Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Hackers steal $300,000 in DraftKings credential stuffing attack (bleepingcomputer.com)
Social Media
Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts (bleepingcomputer.com)
Cyber security Pros Put Mastodon Flaws Under the Microscope (darkreading.com)
Musk to abused Twitter users: Your tormentors will return • The Register
Facebook sued for collecting personal data to sell adverts | News | The Times
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz
How US cyber incident reporting law could finally fix the information sharing problem - CyberScoop
Law Enforcement Action and Take Downs
Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire
'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
iPhones are not as privacy-focused as Apple claims, researchers point out - India Today
Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine shows how space is now central to warfare | Financial Times (ft.com)
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)
EU Parliament Putin things back together after cyber attack • The Register
Opinion | Democracies flirting with spyware like Pegasus raises dangers - The Washington Post
Scotland's broadband builder linked to Israeli spyware | HeraldScotland
Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organisations (thehackernews.com)
Nation State Actors
Nation State Actors – Russia
Russian Tech Giant Wants Out of the Country As Ukraine War Rages on (insider.com)
Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors – China
Vulnerability Management
Vulnerabilities
73 Percent of Retail Applications Contain Security Flaws, but Only a Quarter Are Fixed (yahoo.com)
Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs
AWS fixes 'confused deputy' vulnerability in AppSync • The Register
How to hack an unpatched Exchange server with rogue PowerShell code – Naked Security (sophos.com)
Google pushes emergency Chrome update to fix 8th zero-day in 2022 (bleepingcomputer.com)
Upgrade to Apache Commons Text 1.10 to Avoid New Exploit (infoq.com)
Security experts are laying Mastodon's flaws bare | TechRadar
Devices from Dell, HP, and Lenovo used outdated OpenSSL versions - Security Affairs
PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability | SecurityWeek.Com
5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs
Reports Published in the Last Week
Other News
Know thy enemy: thinking like a hacker can boost cyber security strategy | CSO Online
Security Culture Matters when IT is Decentralized (trendmicro.com)
Legacy IT system modernization largely driven by security concerns - Help Net Security
Been Doing It The Same Way For Years? Think Again. (thehackernews.com)
Docker Hub repositories hide over 1,650 malicious containers (bleepingcomputer.com)
How Tech Companies Can Slow Down Spike in Breaches (darkreading.com)
Inventor of the Web Sir Tim Berners-Lee wants to save your data from Big Tech with Web3.0 | Euronews
Deloitte reveals 10 strategic cyber security predictions for 2023 | VentureBeat
The Biden administration has racked up a host of cyber security accomplishments | CSO Online
US Navy Forced to Pay Software Company for Licensing Breach (gizmodo.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28 October 2022
Black Arrow Cyber Threat Briefing 28 October 2022:
-‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million
-Ransomware Threat Shifts from US to EMEA and APAC
-Phishing Attacks Increase by Over 31% In Third Quarter
-UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis
-HR Departments Play a Key Role in Cyber Security
-The Long-Term Psychological Effects of Ransomware Attacks
-7 Hidden Social Media Cyber Risks for Enterprises
-54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
-Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before it’s Too Late
-Enterprise Ransomware Preparedness Improving but Still Lacking
-Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data
-How The "pizza123" Password Could Take Down an Organisation
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million
The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.
The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.
The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.
The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.
John Edwards, UK Information Commissioner, said:
“The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.
“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.
“Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”
Ransomware Threat Shifts from US to EMEA and APAC
The volume of ransomware detections in Q3 2022 was the lowest in two years, but certain geographical regions have become bigger targets as attacks on US organisations wane, according to SonicWall. The security vendor used its own threat detection network, including over one million security sensors in more than 200 countries, to reveal the current landscape.
The good news is that global malware volumes have remained flat for the past three quarters, amounting to a total of over four billion detections in the year to date. Of these, ransomware is also trending down after a record-breaking 2021. Even so, SonicWall detected 338 million compromise attempts in the first three quarters of the year.
Year-to-date ransomware attempts in 2022 have already exceeded the full-year totals from four of the past five years, the vendor claimed. While attacks on US organisations dipped by 51% year-on-year during the period, they increased significantly in the UK (20%), EMEA (38%) and APAC (56%).
The cyber-warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.
https://www.infosecurity-magazine.com/news/ransomware-threat-shifts-from-us/
Phishing Attacks Increase by Over 31% In Third Quarter
Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.
Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.
According to the report, email is the preferred attack vector for phishing and malware, as it gives hackers a direct channel to users, the weakest link in an organisation’s attack surface. The report analyses phishing and malware data captured by Vade, which does business internationally.
As attacks become more sophisticated, Vade said, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.
While the activity of threat actors fluctuates, Vade’s research found that impersonating trusted and established brands remains the most popular strategy for hackers. In the third quarter of 2022, Facebook was the most impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft.
The financial services sector remains the most impersonated industry, representing 32% of phishing emails detected by Vade, followed by cloud at 25%, social media at 22%, and internet/telco at 13%.
As phishing attacks increase, the techniques used by threat actors continue to evolve. While phishing campaigns were traditionally large scale and random, more recent campaigns seen by Vade suggest that hackers have pivoted to using more targeted campaigns.
UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis
Brits have been warned to “stay alert for fraud” as more people are out to make extra cash as the cost of living rises across the country.
UK Finance said that more than half (56%) of people admitted that they are likely to look for opportunities to make extra money in the coming months, which could leave some people more susceptible to fraud.
According to the trade association’s Take Five To Stop Fraud campaign, one in six, or 16%, of people said the rising cost of living means they are more likely to respond to an unprompted approach from someone offering an investment opportunity or a loan.
Young people were more likely to be at risk, the data suggested, which surveyed 2,000 people across the UK. More than a third (34%) of 18 to 34-year-olds said they are more likely to respond to an unprompted approach from someone, with three in 10 (30%) also more likely to provide their personal or financial details to secure the arrangement.
Overall, three in five people (60%) said they are concerned about falling victim to financial fraud or a scam. It comes as recent figures from UK Finance showed that £609.8m was lost due to fraud and scams in the first half of this year.
https://uk.news.yahoo.com/uk-watch-for-fraud-extra-cash-cost-of-living-crisis-230154352.html
HR Departments Play a Key Role in Cyber Security
A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the centre of how an organisation is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.
Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cyber security posture.
Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from bring-your-own-device (BYOD) and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.
Beyond malicious threats, even routine HR processes can introduce risk to the organisation when they're not adequately aligned with the IT processes in an organisation. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.
To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organisation, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.
https://www.darkreading.com/vulnerabilities-threats/hr-departments-play-a-key-role-in-cybersecurity
The Long-Term Psychological Effects of Ransomware Attacks
Northwave has conducted scientific research into the psychological effects of a ransomware crisis on both organisations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn in disarray long after the crisis itself has passed.
The research reveals how the psychological impact of ransomware attacks can persist on people in affected organisations for a very long time. It shows that crisis team members may develop serious symptoms far later. Top management and HR need to take measures against this, in fact right from the very beginning of the crisis. They are the ones bearing responsibility for the well-being of their staff.
They also discovered how teams have fallen apart some time after the crisis, with members leaving or staying home on sick-leave. The study reveals that effects can linger throughout the organisation. All in all the investigation shows that this invisible impact of a cyber crisis is an issue for the general business management, and certainly also for HR.
Northwave regards the response to a cyber attack as occurring in three phases. First comes the actual crisis situation, which evolves into an incident phase after about a week. A plan of action is then in place, and recovery measures are launched. The fire has been largely extinguished after a month or so, with the first (basic) functionalities available again.
Full recovery can take one to two years. Each phase has its specific effects on the minds and bodies of those involved, and by extension, on the organisation or parts of it. “On average a company is down for three weeks following a malware attack,” notes Van der Beijl. “But it surprised us that the impact persists for so long afterwards. Psychological issues are still surfacing a year after the actual crisis.”
One of every seven employees involved in the attack, either directly or indirectly, exhibits severe enough symptoms several months later, at a level considered to be above the clinical threshold at which professional trauma treatment help is needed. One in five employees say they would actually have needed more professional help subsequently in coming to terms with the attack. One in three liked to have more knowledge and concrete tools to deal with the psychological effects of the attack.
A ransomware attack has enduring psychological effects on the way employees view the world. Two-thirds of employees, including those not actually involved in the attack, now believe the world is less safe. As one IT manager pointed out, “I’ve become far more suspicious. The outside world is a dangerous place.”
https://www.helpnetsecurity.com/2022/10/25/psychological-effects-ransomware/
7 Hidden Social Media Cyber Risks for Enterprises
Whether they use it to amplify the brand, recruit new employees, advertise new products, or even sell directly to consumers, corporate brands love social media.
According to recent figures, brand advertising on social media is up by 53% in the last year, and that's not accounting for further investments that brands are making in developing and distributing content. They're pushing viral videos, funny memes, podcasts, written material, and more to increase engagement with their customers.
And brands are doing it across not only the old reliable social networks like Facebook and Twitter, but also emerging platforms like TikTok. In fact, according to another recent study, in 2022 marketers are expanding their horizons, with their increased content investments focused on areas like live streaming, long-form and short-form video content, virtual reality and augmented reality content, experimental content, and live audio chat rooms. The top platforms they're focused on most for increasing spending are now TikTok, Instagram, YouTube, and LinkedIn.
With the broadening of these social-media marketing strategies comes more risk. Whether an organisation uses social media to amplify its brand, or its executives and employees leverage social channels to bolster their professional and personal brands, these marketing platforms are a breeding ground for a wide range of cyber attacks and scams, including in the areas of artificial intelligence, deepfakes, and biometrics.
Cyber criminals, fraudsters, spies, and activists work around the clock to take advantage of emerging attack surfaces that arise from enterprise use of social media. The article below presents just a few avenues that organisations may overlook when they double-down on their social media investments.
https://www.darkreading.com/application-security/7-hidden-social-media-cyber-risks-enterprises
54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cyber security technology provider, Encore.
An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.
Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in. The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.
The immediate financial cost of a cyber-attack remains the number one concern for businesses, but security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers.
41% of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.
Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Encore believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.
Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before It’s Too Late
According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. Proofpoint's 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over it can take an extended period of time to restore data.
One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.
The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.
Enterprise Ransomware Preparedness Improving but Still Lacking
The majority of organisations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, "The Long Road Ahead to Ransomware Preparedness" by Enterprise Strategy Group, a division of TechTarget.
Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.
The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organisations plan to invest more in ransomware preparedness over the next 12 to 18 months.
With preparedness investments expected to grow, the survey asked how organisations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:
network security (43%)
backup infrastructure security (40%)
endpoint security (39%)
email security (36%)
data encryption (36%)
Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.
Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data
New details have emerged on the severity of the Australian Medibank hack, which has now affected all users. Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the Australian household names that have fallen victim to a data breach.
If it seems like barely a week goes by without news of another incident like this, you would be right. Cyber crime is on the rise – seven major Australian businesses were affected by data breaches in the past month alone.
But why now? And who is responsible for this latest wave of cyber attacks?
In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.
Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem. This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.
Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand. Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.
Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.
How The "pizza123" Password Could Take Down an Organisation
Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers, who described the attack in their own article on FastCompany.com before the publication took the site down.
The breach, the bitter taste of pizza123, and the plight of malicious push notifications, demand caution when selecting and managing passwords.
The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.
After decades of investment in sculpting the organisation's brand image, a business can watch its reputation flounder in the face of an obscene push notification. The sentiment of millions of faithful customers can turn sour in an instant. By the time organisations block the messages and make public apologies, the harm is done.
Customers can swap to a competitor, or even sue for the offence when they have entrusted a publisher to provide safe content. Regulatory bodies can fine organisations. The company can spend time and money defending itself in court and restoring its image. But malicious push notifications can do a lot worse than offend customers—criminal hackers can load messages with malware and infect consumer devices, leading to privacy violations and consumer financial fraud.
People often build passwords using the first word that comes to mind and a brief series of numbers. Pizza123 is a perfect example of an easy-to-guess password. Employees will create passwords already appearing on breached password lists. Criminal hackers use brute force attacks to confirm working passwords from the same lists.
Nearly two-thirds of employees reuse their passwords. The more they reuse them across business and personal accounts, the more likely criminal hackers will breach them and test them on the organisation. Hackers know to try the same passwords on different companies they hack because of password reuse.
Robust password management enables fine-grained password policies and policy customisation. With a custom password policy, organisations can increase complexity requirements, like length and previous-password change minimums. A custom password policy with increased complexity requirements will block 95% of weak and breached passwords.
Password length is a particularly critical component of strong passwords. Ninety-three percent of the passwords used in brute force attacks include eight or more characters. A custom password policy can require a minimum password length, decreasing password entropy.
Threats
Ransomware and Extortion
SonicWall: Ransomware down this year, but there’s a catch • The Register
Health insurer Medibank's infosec diagnosis is getting worse • The Register
Microsoft links Raspberry Robin worm to Clop ransomware attacks (bleepingcomputer.com)
How to detect Windows worm that now distributes ransomware • The Register
Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn (darkreading.com)
BlackByte ransomware affiliate also steals victims' data • The Register
Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs
OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)
CISA warns of ransomware attacks on healthcare providers (techtarget.com)
Ransom Cartel - REvil Rebrand? (informationsecuritybuzz.com)
Addressing Ransomware in Hospitals & Medical Devices (trendmicro.com)
Australian Clinical Labs says patient data stolen in ransomware attack (bleepingcomputer.com)
Vice Society Hackers Confess To Education Sector Ransomware Attacks (informationsecuritybuzz.com)
Why Ransomware in Education on the Rise and What That Means for 2023 (thehackernews.com)
Largest EU copper producer Aurubis suffers cyber attack, IT outage (bleepingcomputer.com)
Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (thehackernews.com)
Ransomware Gangs Ramp Up Industrial Attacks in US (darkreading.com)
Phishing & Email Based Attacks
Other Social Engineering; Smishing, Vishing, etc
Social engineering attacks anybody could fall victim to - Help Net Security
Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks | SecurityWeek.Com
Malware
Threat Groups Repurpose Banking Trojans into Backdoors (darkreading.com)
Types of cloud malware and how to defend against them (techtarget.com)
Chrome extensions with 1 million installs hijack targets’ browsers (bleepingcomputer.com)
Hackers use Microsoft IIS web server logs to control malware (bleepingcomputer.com)
Mobile
Internet of Things – IoT
IoT Fingerprinting Helps Authenticate and Secure All Those Devices (darkreading.com)
IoT security strategy from enterprises using connected devices | Network World
Your CCTV devices can be hacked and weaponized - Help Net Security
Data Breaches/Leaks
Thomson Reuters leaked at least 3TB of sensitive data | Cybernews
See Tickets discloses 2.5 years-long credit card theft breach (bleepingcomputer.com)
Twilio discloses another hack from June, blames voice phishing (bleepingcomputer.com)
Organised Crime & Criminal Actors
Ukrainian charged for operating Raccoon Stealer malware service (bleepingcomputer.com)
Interpol says metaverse opens up new world of cyber crime | Reuters
From Bounty to Exploit Observations About Cyber criminal Contests (trendmicro.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Purpleurchin: Cryptocurrency miners scour GitHub, Heroku • The Register
Cryptomining campaign abused free GitHub account trials (techtarget.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection (darkreading.com)
LinkedIn Releases New Security Features To Combat Fraud (informationsecuritybuzz.com)
Beware Of SCAMS As Cost Of Living Bites Finances, Expert Comments (informationsecuritybuzz.com)
Insurance
Health insurer Medibank's infosec diagnosis is getting worse • The Register
Cyber Insurance Market 2022: FAQs & Updates with iBynd (trendmicro.com)
Dark Web
Notorious ‘BestBuy’ hacker arraigned for running dark web market (bleepingcomputer.com)
Student arrested for running one of Germany’s largest dark web markets (bleepingcomputer.com)
British hacker arraigned for running The Real Deal dark web marketplace - Security Affairs
Software Supply Chain
How the Software Supply Chain Security is Threatened by Hackers (thehackernews.com)
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)
Consumer behaviours are the root of open source risk - Help Net Security
Denial of Service DoS/DDoS
Key observations on DDoS attacks in H1 2022 - Help Net Security
Meet the Windows servers that have been fuelling massive DDoSes for months | Ars Technica
Cloud/SaaS
Everything you Need to Know about Cloud Hacking and its Methodologies (analyticsinsight.net)
Top Cloud Security Challenges & How to Beat Them (trendmicro.com)
Atlassian Vulnerabilities Highlight Criticality of Cloud Services (darkreading.com)
Threat Actors Target AWS EC2 Workloads to Steal Credentials (trendmicro.com)
Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)
4 Reasons Open Source Matters for Cloud Security (darkreading.com)
Cloud Providers Throw Their Weight Behind Confidential Computing (darkreading.com)
Hybrid Working
Balancing remote work privacy vs. productivity monitoring (techtarget.com)
Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)
Attack Surface Management
Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)
Asset risk management: Getting the basics right - Help Net Security
Encryption
New Critical Vuln In Component That Allow Encryption Across Internet - (informationsecuritybuzz.com)
API
Open Source
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)
4 Reasons Open Source Matters for Cloud Security (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why it's time to expire mandatory password expiration policies (techtarget.com)
Feds say Ukrainian man running malware service amassed 50M unique credentials | Ars Technica
Biometrics
Social Media
LinkedIn Phishing Spoof Bypasses Google Workspace Security (darkreading.com)
LinkedIn's new security features combat fake profiles, threat actors (bleepingcomputer.com)
Cyber security event cancelled after scammers disrupt LinkedIn live chat (bitdefender.com)
Expert Opinion: What Does Musk's Takeover Mean For Cyber security? (informationsecuritybuzz.com)
Cyber attackers Target Instagram Users With Threats of Copyright Infringement (darkreading.com)
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Data Protection
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine: Russian cyber attacks aimless and opportunistic (techtarget.com)
Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (thehackernews.com)
Slovak, Polish Parliaments Hit by Cyber attacks | SecurityWeek.Com
Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs
Ukraine Warns of Cuba Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors
Nation State Actors – Russia
Russia says Starlink satellites could become military target • The Register
Calls for inquiry mount after reports that Truss’s phone was hacked | Financial Times
OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)
Nation State Actors – China
Chinese Connected Cyber Crew Unleashes Disinformation Campaign Ahead of US Elections - MSSP Alert
Federal bans don't stop US states from buying Chinese kit • The Register
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerabilities
OpenSSL to fix the second critical flaw ever - Security Affairs
Urgent: Google Issues Emergency Patch for Chrome Zero-Day (darkreading.com)
ConnectWise fixes RCE bug exposing thousands of servers to attacks (bleepingcomputer.com)
Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! – Naked Security (sophos.com)
Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit (darkreading.com)
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (thehackernews.com)
Cisco warns admins to patch AnyConnect flaws exploited in attacks (bleepingcomputer.com)
Exploit released for critical VMware RCE vulnerability, patch now (bleepingcomputer.com)
Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities | SecurityWeek.Com
Incoming OpenSSL critical fix: Organisations, users, get ready! - Help Net Security
Cisco Users Informed of Vulnerabilities in Identity Services Engine | SecurityWeek.Com
VMware fixes critical RCE in VMware Cloud Foundation - Security Affairs
VMware Patches Critical Vulnerability in End-of-Life Product | SecurityWeek.Com
Multiple vulnerabilities affect the Juniper Junos OS - Security Affairs
Other News
Cyber Security Risks & Stats This Spooky Season (darkreading.com)
Cyber Certification Skills Are For Life, Not Just For Linkedin (informationsecuritybuzz.com)
Implementing Defence in Depth to Prevent and Mitigate Cyber Attacks (thehackernews.com)
Cyber security’s importance and impact reaches all levels of the tech workforce - Help Net Security
Stress Is Driving Cyber Security Professionals to Rethink Roles (darkreading.com)
Equifax's Lessons Are Still Relevant, 5 Years Later (darkreading.com)
Why dark data is a growing danger for corporations - Help Net Security
Know the dangers you're facing: 4 notable TTPs used by cyber criminals worldwide - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 16 September 2022
Black Arrow Cyber Threat Briefing 16 September 2022
-CFOs’ Overconfidence in Cyber Security Can Cost Millions
-Cyber Security Outflanks Inflation, Talent, Logistics in Business Worries
-Attackers Can Compromise Most Cloud Data in Just 3 Steps
-Cyber Insurance Premiums Soar 80% As Claims Surge
-One In 10 Employees Leaks Sensitive Company Data Every 6 Months
-Business Application Compromise & the Evolving Art of Social Engineering
-SMBs Are Hardest-Hit By Ransomware
-65% Say Legacy Backup Solutions Aren’t Up To Ransomware Challenges
-Four-Fifths of Firms Hit by Critical Cloud Security Incident
-Homeworkers Putting Home and Business Cyber Safety at Risk
-Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen
-IHG hack: 'Vindictive' couple deleted hotel chain data for fun
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
CFOs’ Overconfidence in Cyber Security Can Cost Millions
Kroll announced its report entitled ‘Cyber Risk and CFOs: Over-Confidence is Costly’ which found chief financial officers (CFOs) to be woefully in the dark regarding cyber security, despite confidence in their company’s ability to respond to an incident.
The report, conducted by StudioID of Industry Dive, exposed three key themes among the 180 senior finance executives surveyed worldwide:
Ignorance is bliss. Eighty-seven percent of CFOs are either very or extremely confident in their organisation’s cyber attack response. This is at odds with the level of visibility CFOs have into cyber risk issues, given only four out of 10 surveyed have regular briefings with their cyber teams.
Wide-ranging damages. 71% of the represented organisations suffered more than $5 million in financial losses stemming from cyber incidents in the previous 18 months, and 61% had suffered at least three significant cyber incidents in that time. Eighty-two percent of the executives in the survey said their companies suffered a loss of 5% or more in their valuations following their largest cyber security incident in the previous 18 months.
Increasing investment in cyber security. Forty-five percent of respondents plan to increase the percentage of their overall IT budget dedicated to information security by at least 10%.
According to Kroll: “We often see that CFOs are not aware enough of the financial risk presented by cyber threats until they face an incident. At that point, it’s clear that they need to be involved not only in the recovery, including permitting access to emergency funds and procuring third-party suppliers, but also in the strategy and investment around cyber both pre- and post-incident.”
“Ultimately, cyber attacks represent a financial risk to the business, and incidents can have a significant impact on value. It is, therefore, critical that this is included in wider business risk considerations. A CFO and CISO should work side-by-side, helping the business navigate the operational and financial risk of cyber.”
https://www.helpnetsecurity.com/2022/09/14/cfos-cybersecurity-confidence/
Cyber Security Outflanks Inflation, Talent, Logistics in Business Worries
Nearly six in 10 IT leaders in a new study view cyber security as their top business concern, ranking it higher than inflation, retaining talent and supply chain/logistics management.
Less than half of respondents (43%) believe their critical data and assets are protected from cyber threats despite increased cyber security investments by their organisations, greater board visibility and increased collaboration between the security team and the C-suite, Rackspace said in its new survey of 1,420 IT professionals worldwide.
The multi-cloud technology services specialist said that a “large majority” of the survey respondents report being either unprepared or only “somewhat prepared” to respond to major threats, such as identifying and mitigating threats and areas of concern (62%), recovering from cyber attacks (61%) or preventing lapses and breaches (63%).
Cloud native security is where organisations are most likely to rely on an outside partner, such as a managed security service provider, for expertise.
Here are more of the survey’s findings:
The top three cyber security challenges their organisation is facing: migrating and operating apps (45%); shortage of workers with cyber security skills (39%); lack of visibility of vulnerabilities across all infrastructure (38%).
70% of survey respondents report that their cyber security budgets have increased over the past three years.
The leading recipients of new investment are cloud native security (59%); data security (50%), consultative security services (44%); and application security (41%).
Investments align closely with the areas where organisations perceive their greatest concentration of threats, led by network security (58%), closely followed by web application attacks (53%) and cloud architecture attacks (50%).
70% of respondents said there has been an increase in board visibility for cyber security over the past five years, while 69% cite better collaboration between the security team and members of the C-suite.
Only 13% of respondents said there were significant communications gaps between the security team and C-suite, while 69% of IT executives view their counterparts in the C-suite as advocates for their concerns.
The authors stated “We are seeing a major shift in how organisations are allocating resources to address cyber threats, even as budgets increase. The cloud brings with it a new array of security challenges that require new expertise, and often reliance on external partners who can help implement cloud native security tools, automate security, provide cloud native application protection, offer container security solutions and other capabilities”.
Attackers Can Compromise Most Cloud Data in Just 3 Steps
An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.
Companies and their cloud providers often leave vulnerabilities open in their system and services, gifting attackers with an easy path to gain access to critical data.
According to an Orca Security analysis of data collected from major cloud services, attackers only need on average three steps to gain access to sensitive data, the so-called "crown jewels," starting most often — in 78% of cases — with the exploitation of a known vulnerability.
While much of the security discussion has focused on the misconfigurations of cloud resources by companies, cloud providers have often been slow to plug vulnerabilities.
The key is to fix the root causes, which is the initial vector, and to increase the number of steps that they attacker needs to take. Proper security controls can make sure that even if there is an initial attack vector, you are still not able to reach the crown jewels.
The report analysed data from Orca's security research team using data from a "billions of cloud assets on AWS, Azure, and Google Cloud," which the company's customers regularly scan. The data included cloud workload and configuration data, environment data, and information on assets collected in the first half of 2022.
https://www.darkreading.com/cloud/cyberattackers-compromise-most-cloud-data-3-steps
Cyber Insurance Premiums Soar 80% As Claims Surge
Cyber insurance premiums have soared in the past year as claims surged in response to a rise in damaging attacks by hackers.
The cost of taking out cyber cover had doubled on average every year for the past three years, said global insurance broker Marsh. Honan Group, another broker, pointed to an 80 per cent rise in premiums in the past 12 months, following a 20 per cent increase in the cost of cover in each of the previous two years.
Brokers are calling cyber “the new D&O”, referring to sharp rises in directors and officers insurance premiums since 2018. Brokers were hopeful premiums would ease, but have warned insurers would continue to demand companies prove they had strong security systems and policies in place before agreeing to sell them insurance.
There’ll be a number of insurance companies that won’t even look at a business that doesn’t have a bunch of security measures in place. They’ll just turn around and say, ‘we’re not going to insure you’. The chief reason for the price rises is the increase in the number and size of claims relating to ransomware, where criminals use malicious software to block access to an organisation’s computer system until a sum of money is paid. In addition, some insurers left the market, while remaining players attempted to recoup the cost of under-priced contracts written in previous years.
The rise in the premiums is mainly due to ransomware and cyber attacks across the board have risen sharply over the past few years.
One In 10 Employees Leaks Sensitive Company Data Every 6 Months
Departing employees are most likely to leak sensitive information to competitors, criminals or the media in exchange for cash.
Insider threats are an ongoing menace that enterprise security teams need to handle. It's a global problem but especially acute in the US, with 47 million Americans quitting their jobs in 2021. The threat of ex-employees taking sensitive information to competitors, selling it to criminals in exchange for cash, and leaking files to media is making data exfiltration a growing concern.
About 1.4 million people who handle sensitive information in their organisation globally were tracked over the period from January to June 30 this year by cyber security firm Cyberhaven to find out when, how and who is involved in data exfiltration.
On average, 2.5% of employees exfiltrate sensitive information in a month, but over a six-month period, nearly one in 10, or 9.4% of employees, do so, Cyberhaven noted in its report. Data exfiltration incidents occur when data is transferred outside the organisation in unapproved ways.
Among employees that exfiltrated data, the top 1% most prolific “super stealers” were responsible for 7.7% of incidents, and the top 10% were responsible for 34.9% of incidents.
North America accounted for the highest number of incidents at 44%, followed by the Asia Pacific region at 27%. Europe, the Middle East, and Africa accounted for 24% of incidents while 5% of incidents were recorded in South America.
Business Application Compromise and the Evolving Art of Social Engineering
Social engineering is hardly a new concept, even in the world of cyber security. Phishing scams alone have been around for nearly 30 years, with attackers consistently finding new ways to entice victims into clicking a link, downloading a file, or providing sensitive information.
Business email compromise (BEC) attacks iterated on this concept by having the attacker gain access to a legitimate email account and impersonate its owner. Attackers reason that victims won't question an email that comes from a trusted source — and all too often, they're right.
But email isn't the only effective means cyber criminals use to engage in social engineering attacks. Modern businesses rely on a range of digital applications, from cloud services and VPNs to communications tools and financial services. What's more, these applications are interconnected, so an attacker who can compromise one can compromise others, too. Organisations can't afford to focus exclusively on phishing and BEC attacks — not when business application compromise (BAC) is on the rise.
SMBs Are Hardest-Hit By Ransomware
Coalition announced the mid-year update to its 2022 Cyber Claims Report detailing the evolution of cyber trends, revealing that small businesses have become bigger targets, overall incidents are down, and ransomware attacks are declining as demands go unpaid.
During the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, which is 58% higher than levels during the first half of 2021.
“Across industries, we continue to see high-profile attacks targeting organisations with weak or exposed infrastructure — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors,” said Coalition’s Head of Claims.
“Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that Active Insurance is accessible.”
The good news: both Coalition and the broader insurance industry observed a decrease in ransomware attack frequency and the amount of ransom demanded between the second half of 2021 and the first half of 2022. Ransomware demands decreased from $1.37M in H2 2021 to $896,000 in H1 2022.
“Organisations are increasingly aware of the threat ransomware poses. They have started to implement controls such as offline data backups that allow them to refuse to pay the ransom and restore operations through other means,” said Coalition’s Head of Incident Response. “As ransomware is on the decline, attackers are turning to reliable methods. Phishing, for example, has skyrocketed – and only continues to grow.”
https://www.helpnetsecurity.com/2022/09/15/small-businesses-ransomware-targets/
65% Say Legacy Backup Solutions Aren’t Up To Ransomware Challenges
HYCU researchers are reporting 65% of respondents lack full confidence in their legacy backup solutions (HYCU is a multi-cloud backup-as-a-service provider).
According to the report, 65% of surveyed enterprise organisations are increasing spending on detection, prevention and recovery, and respondents are beginning to understand that air-gapped or immutable backups are the only ways to ensure that the backups themselves don’t fall prey to encryption worms when ransomware hits.
Key findings include:
52% of ransomware victims suffered data loss
63% of victims suffered an operational disruption
Just 41% air gap their backups
Just 47% routinely test their backups
Only 35% of respondents believe their current backup and recovery tools are sufficient.
Four-Fifths of Firms Hit by Critical Cloud Security Incident
Some 80% of organisations suffered a “severe” cloud security incident over the past year, while a quarter worry they’ve suffered a cloud data breach and aren’t aware of it, according to new research from Snyk.
The developer security specialist polled 400 cloud engineering and security practitioners from organisations of various sizes and sectors, to compile its State of Cloud Security Report.
Among the incidents flagged by respondents over the past 12 months were breaches, leaks, intrusions, crypto-mining, compliance violations, failed audits and system downtime in the cloud.
Startups (89%) and public sector organisations (88%) were the most likely to have suffered such an incident over the period.
The bad news is that 58% of respondents predict they will suffer another severe incident in the cloud over the coming year. Over three-quarters (77%) of those questioned cited poor training and collaboration as a major challenge in this regard.
“Many cloud security failures result from a lack of effective cross-team collaboration and team training. When different teams use different tools or policy frameworks, reconciling work across those teams and ensuring consistent enforcement can be challenging,” the report argued.
https://www.infosecurity-magazine.com/news/fourfifths-firms-critical-cloud/
Homeworkers Putting Home and Business Cyber Safety at Risk
BlackBerry published a European research report exposing the cyber security risk created by cost-conscious homeworkers who prioritise security behind price, usability and ease of set up in their purchase of domestic smart devices.
32% of European home workers who own a smart device surveyed said security was a top three factor when choosing a smart device, compared to 50% who prioritised price. 28% of businesses aren’t putting adequate security provisions in place to extend cyber protection as far as homes. This heightens the risk of cyber attacks for businesses and their employees, as hybrid and home working become the norm.
The survey of 4,000 home workers in the UK, France, Germany, and the Netherlands revealed that 28% of people say that their employer has not done or communicated anything about protecting their home network or smart devices, or they don’t know if they are protected.
Furthermore, 75% of Europeans say their employers have taken no steps to secure the home internet connection or provide software protection for home devices. This failure to extend network security to home devices increases risk of the vulnerabilities created by hybrid and home working being successfully exploited. These are particularly sobering findings for small and mid-sized businesses who face upwards of eleven cyber attacks per device, per day, according to the research.
Through even the most innocent of devices, bad actors can access home networks with connections to company devices – or company data on consumer devices – and seize the opportunity to steal data and intellectual property worth millions. It’s likely businesses will bear the brunt of cyber attacks caused by unsecured home devices, with knock-on effects to employees themselves.
https://www.helpnetsecurity.com/2022/09/12/homeworkers-smart-devices-security/
Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen
Uber suffered a cyber attack Thursday afternoon with an allegedly 18-year-old hacker downloading HackerOne vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.
The screenshots shared by the hacker and seen by BleepingComputer show what appears to be full access to many critical Uber IT systems, including the company's security software and Windows domain.
Other systems accessed by the hacker include the company's Amazon Web Services console, VMware vSphere/ESXi virtual machines, and the Google Workspace admin dashboard for managing the Uber email accounts.
The threat actor also breached the Uber Slack server, which he used to post messages to employees stating that the company was hacked. However, screenshots from Uber's slack indicate that these announcements were first met with memes and jokes as employees had not realised an actual cyber attack was taking place.
Uber has since confirmed the attack, tweeting that they are in touch with law enforcement and will post additional information as it becomes available. "We are currently responding to a cyber security incident. We are in touch with law enforcement and will post additional updates here as they become available," tweeted the Uber Communications account.
The New York Times, which first reported on the breach, said they spoke to the threat actor, who said they breached Uber after performing a social engineering attack on an employee and stealing their password. The threat actor then gained access to the company's internal systems using the stolen credentials.
IHG Hack: 'Vindictive' Couple Deleted Hotel Chain Data for Fun
Hackers have told the BBC they carried out a destructive cyber-attack against Holiday Inn owner Intercontinental Hotels Group (IHG) "for fun".
Describing themselves as a couple from Vietnam, they say they first tried a ransomware attack, then deleted large amounts of data when they were foiled. They accessed the FTSE 100 firm's databases thanks to an easily found and weak password, Qwerty1234. An expert says the case highlights the vindictive side of criminal hackers.
UK-based IHG operates 6,000 hotels around the world, including the Holiday Inn, Crowne Plaza and Regent brands. On Monday last week, customers reported widespread problems with booking and check-in. For 24 hours IHG responded to complaints on social media by saying that the company was "undergoing system maintenance".
Then on the Tuesday afternoon it told investors that it had been hacked.
Threats
Ransomware and Extortion
How prepared are organisations to tackle ransomware attacks? - Help Net Security
Lorenz ransomware breaches corporate network via phone systems (bleepingcomputer.com)
3 Iranian nationals are accused of ransomware attacks on US victims (cnbc.com)
Emotet botnet now pushes Quantum and BlackCat ransomware (bleepingcomputer.com)
Cisco confirms Yanluowang ransomware leaked stolen company data (bleepingcomputer.com)
DEV-0270 Hacker Group Uses Windows BitLocker Feature to Encrypt Systems (gbhackers.com)
New York ambulance service discloses data breach after ransomware attack (bleepingcomputer.com)
The ransomware problem won't get better until we change one thing | ZDNET
Iranian Hackers Used Victims’ Printers to Issue Ransom Demands, DOJ Says (vice.com)
Transparency, disclosure key to fighting ransomware (techtarget.com)
Cisco Data Breach Attributed to Lapsus$ Ransomware Group (darkreading.com)
Ransomware Group Leaks Files Stolen From Cisco | SecurityWeek.Com
Phishing & Email Based Attacks
Revolut hit by ‘phishing’ cyber attack | Business | The Times
Phishing page embeds keylogger to steal passwords as you type (bleepingcomputer.com)
Hackers now use ‘sock puppets’ for more realistic phishing attacks (bleepingcomputer.com)
Phishers take aim at Facebook page owners - Help Net Security
Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials (darkreading.com)
Death of Queen Elizabeth II exploited to steal Microsoft credentials (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
Hackers Are Using WeTransfer Links To Spread Malware (informationsecuritybuzz.com)
New malware bundle self-spreads through YouTube gaming videos (bleepingcomputer.com)
Linux variant of the SideWalk backdoor discovered - Help Net Security
Malware on Pirated Content Sites a Major WFH Risk for Enterprises (darkreading.com)
How to spot and avoid scams and malware in search results - The Washington Post
Gay hookup site typosquatted to push dodgy Chrome extensions, scams (bleepingcomputer.com)
Mobile
Google Patches Critical Vulnerabilities in Pixel Phones | SecurityWeek.Com
Apple patches iPhone and macOS flaws under active attack • The Register
Internet of Things – IoT
Securing your IoT devices against cyber attacks in 5 steps (bleepingcomputer.com)
EU Wants to Toughen Cyber Security Rules for Smart Devices | SecurityWeek.Com
Data Breaches/Leaks
Uber hacked, internal systems breached and vulnerability reports stolen (bleepingcomputer.com)
LastPass says hackers had internal access for four days (bleepingcomputer.com)
Hacker sells stolen Starbucks data of 219,000 Singapore customers (bleepingcomputer.com)
U-Haul discloses data breach exposing customer driver licenses (bleepingcomputer.com)
Organised Crime & Criminal Actors
Chinese-linked cyber crims nab $529 million from India • The Register
Cyber Crime Forum Admins Steal from Site Users - Infosecurity Magazine (infosecurity-magazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Police arrest man for laundering tens of millions in stolen crypto (bleepingcomputer.com)
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies (thehackernews.com)
Fake cryptocurrency giveaway sites have tripled this year (bleepingcomputer.com)
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities (trendmicro.com)
DOJ drops report on cryptocurrency crime efforts (techtarget.com)
76% Of Financial Institutions Plan On Using Crypto In The Next 3 Years (informationsecuritybuzz.com)
How Can You Tell if a Cryptocurrency is Legitimate? Read Our Guide To Find Out - IT Security Guru
Insider Risk and Insider Threats
5 Ways to Mitigate Your New Insider Threats in the Great Resignation (thehackernews.com)
Ex-Broadcom engineer asks for no prison in trade secret case • The Register
Fraud, Scams & Financial Crime
Microsoft Edge’s News Feed ads abused for tech support scams (bleepingcomputer.com)
Cops Raid Suspected Fraudster Penthouses - Infosecurity Magazine (infosecurity-magazine.com)
How to spot and avoid scams and malware in search results - The Washington Post
Tax fraud ring leader jailed for selling children’s stolen identities (bleepingcomputer.com)
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
Hackers breach software vendor for Magento supply-chain attacks (bleepingcomputer.com)
WordPress sites backdoored after FishPig supply chain attack • The Register
Denial of Service DoS/DDoS
Cloud/SaaS
5 ways to improve your cloud security posture (techtarget.com)
Excess privilege in the cloud is a universal security problem, IBM says | CSO Online
Organisations lack visibility into unauthorised public cloud data access - Help Net Security
One-third of enterprises don’t encrypt sensitive data in the cloud | CSO Online
Attack Surface Management
Cyber attack trends vs. growing IT complexity - Help Net Security
Outdated infrastructure remains a problem against sophisticated cyber attacks - Help Net Security
Shadow IT
Encryption
API
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies (thehackernews.com)
API security—and even visibility—isn’t getting handled by enterprises | CSO Online
Bad bots are coming at APIs! How to beat the API bot attacks? - Help Net Security
Open Source
When It Comes to Security, Don’t Overlook Your Linux Systems | SecurityWeek.Com
40% of pros scaled back back open source use over security • The Register
You never walk alone: The SideWalk backdoor gets a Linux variant | WeLiveSecurity
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Thwarting attackers in their favourite new playground: Social media - Help Net Security
Cyber attackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign (darkreading.com)
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
Nation State Actors – Russia
Montenegro Wrestles With Massive Cyber Attack, Russia Blamed | SecurityWeek.Com
Russia’s cyber future connected at the waist to Soviet military industrial complex | CSO Online
Nation State Actors – North Korea
Nation State Actors – Iran
Iranian cyber spies use multi-persona impersonation in phishing threads | CSO Online
Albania says Iranian hackers hit the country with another cyber attack - CyberScoop
US, UK, Canada and Australia Link Iranian Government Agency to Ransomware Attacks | SecurityWeek.Com
Iranian Hackers Used Victims’ Printers to Issue Ransom Demands, DOJ Says (vice.com)
Vulnerability Management
Vulnerabilities
Adobe Patches 63 Security Flaws in Patch Tuesday Bundle | SecurityWeek.Com
CISA orders agencies to patch vulnerability used in Stuxnet attacks (bleepingcomputer.com)
Chrome 105 Update Patches High-Severity Vulnerabilities | SecurityWeek.Com
Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs (bleepingcomputer.com)
Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs (darkreading.com)
Apple fixed the eighth actively exploited zero-day this year - Security Affairs
Cisco Patches High-Severity Vulnerability in SD-WAN vManage | SecurityWeek.Com
Over 280,000 WordPress sites may have been hijacked by zero-day hiding in popular plugin | TechRadar
High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices (thehackernews.com)
CISA added 2 more security flaws to its Known Exploited Vulnerabilities Catalog - Security Affairs
ManageEngine Password Management Vulnerability and Patch: Details for MSPs, MSSPs - MSSP Alert
Reports Published in the Last Week
Other News
MSPs and cyber security: The time for turning a blind eye is over - Help Net Security
Organisations should fear misconfigurations more than vulnerabilities - Help Net Security
Companies need data privacy plan before joining metaverse (techtarget.com)
Lens reflections may betray your secrets in Zoom video calls • The Register
US Government Wants Security Guarantees From Software Vendors | SecurityWeek.Com
The Cyber Security Head Game | Psychology Today South Africa
Cyber Security Report: Average Data Breach in US Costs $9.4 Million - MSSP Alert
5 Best Practices for Building Your Data Loss Prevention Strategy (darkreading.com)
Hands-on cyber attacks jump 50%, CrowdStrike reports | CSO Online
Penetration Testing Report: Security Misconfiguration Is "Top Vulnerability" - MSSP Alert
Twitter whistleblower: Lack of access, data controls invite exploitation | SC Media (scmagazine.com)
Cost of Living Crisis Impact on Online Activity - IT Security Guru
Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber (darkreading.com)
Zoom outage left users unable to sign in or join meetings (bleepingcomputer.com)
Five ways your data may be at risk — and what to do about it (bleepingcomputer.com)
Twitter's ex-security boss Zatko disses biz as dysfunctional • The Register
Don't Let Your Home Wi-Fi Get Hacked. Here's What to Do - CNET
How serious are organisations about their data sovereignty strategies? - Help Net Security
Undermining Microsoft Teams Security By Mining Tokens (informationsecuritybuzz.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 September 2022
Black Arrow Cyber Threat Briefing 02 September 2022
-79% Of Companies Only Invest in Cyber Security After Hacking Incidents
-Nearly Half of Breaches During First Half of 2022 Involved Stolen Credentials
-Outdated Infrastructure Not Up to Today’s Ransomware Challenges
-Ghost Data Increases Enterprise Business Risk
-Detected Cyber Threats Surge 52% in 1H 2022
-An Interview with Initial Access Broker Wazawaka: ‘There Is No Such Money Anywhere as There is in Ransomware’
-Cyber Crime Underground More Dangerous Than Organisations Realize
-New Ransomware Group BianLian Activity Exploding
-Can Your Passwords Withstand Threat Actors’ Dirty Tricks?
-Ransomware Gangs’ Favourite Targets
-Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
-Organisations Are Spending Billions on Malware Defence That’s Easy to Bypass
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
79% Of Companies Only Invest in Cyber Security After Hacking Incidents
The British cyber security company Tanium published a survey on investments in digital protection in UK companies with alarming results: 79% of them only approve investments in cyber security after suffering a data breach; 92% experienced a data attack or breach, of which 74% occurred in 2021. Leadership reticence is also high, with 63% of leaders convinced cyber security is only a concern after an attack.
The complexity of the situation has grown with the digital transformation of work. If it streamlines many processes, it can also open up serious security gaps. A sensitive point is the “home office”: companies need effective solutions to eliminate gaps that may appear between employees’ computers (often shared devices) and the company’s internal network.
Putting in solutions is just the beginning of a necessary strategy and investment effort in virtual protection. Complex scams based on phishing, reverse engineering, and backdoor-type malicious programs (“planted” discreetly on a device and sometimes inactive for months) often combine real-world and virtual-world fraud.
The escalation of corporate data hijacking appears in this scenario. The most notorious case at a global level of such an incident, with a million-dollar ransom demand, was launched in 2021 on Colonial Pipeline. This US company paid $40 million to regain control over strategic data after fuel supplies through its pipelines to several states were threatened for days.
Nearly Half of Breaches During First Half of 2022 Involved Stolen Credentials
According to a new report by Acronis, a Switzerland-based cyber security company, nearly half of breaches during the first six months of 2022 involved stolen credentials.
The goal of stealing credentials is to launch ransomware attacks. According to the report, these “continue to be the number one threat to large and medium-sized businesses, including government organisations.”
Attackers usually use phishing techniques to extract these credentials. In the first half of the year, over 600 malicious email campaigns made their way across the internet, of which 58% were phishing attempts and 28% featured malware.
Acronis also added that “as reliance on the cloud increases, attackers have homed in on different entryways to cloud-based networks.”
Additionally, cyber criminals now also target unpatched or software vulnerabilities to extract data, with a recent increase on Linux operating systems and managed service providers (MSPs) and their network of SMB customers.
The third vector spotted by Acronis was “non-traditional entry avenues” such as cryptocurrencies and decentralised finance (DeFi) systems.
Outdated Infrastructure Not Up to Today’s Ransomware Challenges
A global research commissioned by Cohesity reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyber attacks plaguing enterprises globally.
Challenges pertaining to outdated infrastructure could easily be compounded by the fact that many IT and security teams don’t seem to have a plan in place to mobilise if and when a cyber attack occurs. Nearly 60% of respondents expressed some level of concern that their IT and security teams would be able to mobilise efficiently to respond to the attack.
These are just some of the findings from an April 2022 survey, conducted by Censuswide, of more than 2,000 IT and SecOps professionals (split nearly 50/50 between the two groups) in the United States, the United Kingdom, Australia and New Zealand. All respondents play a role in the decision-making process for IT or security within their organisations.
IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset – their data.
Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyber attacks.
https://www.helpnetsecurity.com/2022/08/30/outdated-infrastructure-manage-data/
Ghost Data Increases Enterprise Business Risk
IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organisation's cloud attack surface.
Cloud sprawl is a big issue for organisations, with business teams spinning up cloud systems and services on their own, often without IT oversight. That leads to cloud data sprawl as data is scattered across different environments. If IT doesn’t know about the cloud systems and services, then IT is also not managing the data being collected, processed, and stored there.
We all know about shadow IT, the systems and network devices in the organisation’s environment that IT is not managing. Similarly, shadow data refers to unmanaged data store copies and snapshots or log data that are not part of IT’s backup and recovery strategy. Researchers at Cyera estimate that 60% of the data security posture issues that are present in cloud accounts stem from unsecured sensitive data.
Then there is the problem of ghost data. When data gets deleted from cloud systems, it isn’t fully gone. Copies linger in backups or snapshots of data stores. Ghost data refers to those copies left behind after the original has been deleted, and Cyera’s recent analysis show that enterprises have quite a lot of it.
After scanning the three major cloud providers (Amazon Web Services, Azure, and Google Cloud), Cyera researchers found that over 30% of scanned customer cloud data stores are ghost data and more than 58% contain sensitive, or very sensitive, data. For example, researchers found unsecured database snapshots in non-production environments that contained sensitive customer data where the original database had been destroyed. Researchers also uncovered sensitive personal and authentication data in plain text where the production data and application were no longer in use.
Ghost data usually has no business value - the data was deleted for a reason - and having it around unnecessarily increases business risk. Attackers don’t care if they get their hands on the original sensitive information or the copy because to them, all data has value, regardless of the form it takes.
https://www.darkreading.com/edge-threat-monitor/ghost-data-increases-enterprise-business-risk
Detected Cyber Threats Surge 52% in 1H 2022
A leading cyber security vendor blocked 63 billion threats in the first half of 2022 alone, over 50% more than the same period a year ago.
The findings come from the Trend Micro 2022 Midyear Cybersecurity Report and illustrate the scale of the challenge facing network defenders.
Trend Micro highlighted the persistent threat posed by ransomware-as-a-service (RaaS) groups as one that will continue to cause major challenges for organisations in the years to come.
It said detections of prolific groups such as LockBit and Conti increased by 500% year-on-year in 1H 2022. Such groups will continue to adapt their tactics, techniques and procedures (TTPs) in the race for profits.
The report warned of a surge in threats targeting Linux systems, for example. It said detections of attacks on Linux servers and embedded systems grew 75% year-on-year in the first half of 2022. Both SMBs and larger organisations are now a target, it claimed.
Many RaaS groups exploit vulnerabilities as a primary attack vector. Their job is getting easier as the number of published common vulnerabilities and exposures (CVEs) continues to grow strongly.
Trend Micro’s Zero Day Initiative published advisories on 944 vulnerabilities in the first half of 2021, a 23% year-on-year increase. The number of critical bug advisories it published soared by 400% over the same period.
https://www.infosecurity-magazine.com/news/detected-cyberthreats-surge-52-in/
An Interview with Initial Access Broker Wazawaka: ‘There Is No Such Money Anywhere as There is in Ransomware’
Last April, a ransomware group threatened to expose police informants and other sensitive information if the Washington, D.C. Metropolitan Police Department did not pay a demand.
The brazen attack was the work of a gang known as Babuk, which in early 2021 gained a reputation for posting stolen databases on its website from victims that refused to pay a ransom. Just days after it tried to extort the Metropolitan Police Department, Babuk announced it was closing its ransomware affiliate program, and would focus on data theft and extortion instead.
Earlier this year, cyber security journalist Brian Krebs uncovered details about one man behind the operation named Mikhail Matveev, who was also connected to a number of other groups and identities, including the handle ‘Wazawaka.’ According to Krebs, Matveev had become more unhinged than usual, “publishing bizarre selfie videos” and creating a Twitter account to share exploit code.
Matveev talked to Recorded Future about his interaction with other hackers, details about ransomware attacks he’s been involved in, and how he settled on the name Babuk.
Click the link below for the full interview but the long and short is ransomware has created a criminal ecosystem the likes of which the world has never seen.
Cyber Crime Underground More Dangerous Than Organisations Realise
Kela, a cyber threat intelligence specialist, found in a new study of some 400 security pros in the US that organisations are more at risk from the “cyber crime underground” than they realise.
The Israel-based company surveyed security team members responsible for gathering cyber crime threat intelligence daily to better understand if they’re proactively scanning the dark web and other cyber crime sources, what tools they’re using and the gaps they see in their cyber crime threat intelligence approach. Nearly 60% of the respondents do not believe their current cyber crime prevention is effective, the results showed.
Here are the study’s key findings:
69% are concerned about threats from the cyber crime underground.
54% wouldn’t be surprised to find their organisation’s data on the cyber crime underground.
Only 38% believe that they’re very likely to detect it if it was released.
48% have no documented cyber crime threat intelligence policy in place.
Only 41% believe their current security program is very effective.
49% are not satisfied with the visibility they have of the cyber crime underground.
Of the 51% who were satisfied with their visibility into the cyber crime underground, 39% were still unable to prevent an attack.
Additional training and proficiency in cyber crime intelligence investigations is the most needed capability.
New Ransomware Group BianLian Activity Exploding
A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since.
The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cyber security firm Redacted, published on September 1, 2022. The majority of the victim organisations have been based in Australia, North America and the UK.
The research team has given no attribution yet but believes the threat actor “represents a group of individuals who are very skilled in network penetration but are relatively new to the extortion/ransomware business.”
BianLian uses a custom toolkit, including homemade encryptors and encryption backdoors. Both, as well as the command-and-control (C&C) software the hackers use, are written in Go, an increasingly popular programming language among ransomware threat actors.
Troublingly, the Redacted team of researchers has found evidence that BianLian is likely now trying to up their game.
https://www.infosecurity-magazine.com/news/new-ransomware-group-bianlian/
Can Your Passwords Withstand Threat Actors’ Dirty Tricks?
Password security hinges on the answer to that seemingly simple question. Unfortunately, you can’t know the answer until you’ve engaged a ruthless penetration tester to find out if your environment can stand up to the frighteningly good password cracking skills of today’s most nefarious hackers.
The whole purpose of hiring skilled penetration testers (“pentesters”) is to find out if your environment is truly impenetrable — and if it’s not, exactly how you should shore up your defences. Good pentesters and red teamers spend their time trying to simulate and emulate the real bad actors. After all, what’s the point of pressure-testing your IT infrastructure if you don’t use the same pressure that you’ll face in the real world?
You should “train like you fight.” Without sparring, how can you expect to jump into a boxing ring and go a few rounds with a skilled boxer? That’s the entire point of goal-based penetration testing and red/purple team engagements that simulate real-world threat actors.
Password cracking will continue to evolve – and so should your penetration testing tactics and plans. By the time you get to your fourth or fifth round with a quality pentesting consultancy, your risk mitigation will have dramatically improved — which means you’ll be able to move on to the next stage of security maturity.
https://www.helpnetsecurity.com/2022/08/30/stand-up-to-password-cracking/
Ransomware Gangs’ Favourite Targets
Barracuda released its fourth-annual threat research report which looks at ransomware attack patterns that occurred between August 2021 and July 2022.
For the 106 highly publicised attacks our researchers analysed, the dominant targets are still five key industries: education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and financial (6%). The number of ransomware attacks increased year-over-year across each of these five industry verticals, and attacks against other industries more than doubled compared to last year’s report.
While attacks on municipalities increased only slightly, the analysis over the past 12 months showed that ransomware attacks on educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled. Many choose not to disclose when they get hit.
This year, researchers dug in deeper on these highly publicised attacks to see which other industries are starting to be targeted. Service providers were hit the most, and ransomware attacks on automobile, hospitality, media, retail, software, and technology organisations all increased as well.
Most ransomware attacks don’t make headlines, though. Many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses.
As ransomware and other cyber threats continue to evolve, the need for adequate security solutions has never been greater. Many cyber criminals target small businesses in an attempt to gain access to larger organisations. As a result, it is essential for security providers to create products that are easy to use and implement, regardless of a company’s size.
Additionally, sophisticated security technologies should be available as services, so that businesses of all sizes can protect themselves against these ever-changing threats. By making security solutions more accessible and user-friendly, the entire industry can help to better defend against ransomware and other cyber attacks.
https://www.helpnetsecurity.com/2022/08/31/ransomware-attack-patterns/
Tentacles of ‘0ktapus’ Threat Group Victimise 130 Firms
Over 130 companies were tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organisations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.
The primary goal of the threat actors was to obtain Okta identity credentials and multi-factor authentication (MFA) codes from users of the targeted organisations. These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organisation.
114 US-based firms were impacted, with additional victims of sprinkled across 68 additional countries. The full scope of the attack is still unknown but the 0ktapus campaign has been incredibly effective, and the full scale of it may not be known for some time.
The 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’ phone numbers.
While unsure exactly how threat actors obtained a list of phone numbers used in MFA-related attacks, one theory researchers posit is that 0ktapus attackers began their campaign targeting telecommunications companies.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Organisations Are Spending Billions on Malware Defence That’s Easy to Bypass
Last year, organisations spent $2 billion on products that provide Endpoint Detection and Response, a relatively new type of security protection for detecting and blocking malware targeting network-connected devices. EDRs, as they're commonly called, represent a newer approach to malware detection. Static analysis, one of two more traditional methods, searches for suspicious signs in the DNA of a file itself. Dynamic analysis, the other more established method, runs untrusted code inside a secured "sandbox" to analyse what it does to confirm it's safe before allowing it to have full system access.
EDRs—which are forecasted to generate revenue of $18 billion by 2031 and are sold by dozens of security companies—take an entirely different approach. Rather than analyse the structure or execution of the code ahead of time, EDRs monitor the code's behaviour as it runs inside a machine or network. In theory, it can shut down a ransomware attack in progress by detecting that a process executed on hundreds of machines in the past 15 minutes is encrypting files en masse. Unlike static and dynamic analyses, EDR is akin to a security guard that uses machine learning to keep tabs in real time on the activities inside a machine or network.
Despite the buzz surrounding EDRs, new research suggests that the protection they provide isn't all that hard for skilled malware developers to circumvent. In fact, the researchers behind the study estimate EDR evasion adds only one additional week of development time to the typical infection of a large organisational network. That's because two fairly basic bypass techniques, particularly when combined, appear to work on most EDRs available in the industry.
Threats
Ransomware
Ransomware Research: 10 Key Findings, Five Ways to Defend Against Hijackers - MSSP Alert
LockBit ransomware gang gets aggressive with triple-extortion tactic (bleepingcomputer.com)
New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim (thehackernews.com)
Chile and Montenegro Floored by Ransomware - Infosecurity Magazine (infosecurity-magazine.com)
Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks (thehackernews.com)
Ragnar Locker Brags About TAP Air Portugal Breach (darkreading.com)
Police ‘negotiating with hackers’ who hit Paris hospital computer system | World | The Times
Advanced cyber-attack: NHS doctors' paperwork piles up - BBC News
Another Ransomware For Linux Likely In Development - Security Affairs
Montenegro hit by ransomware attack, hackers demand $10 million (bleepingcomputer.com)
Should ransomware payments be banned? A few considerations - Help Net Security
Researchers Spot Snowballing BianLian Ransomware Gang Activity (darkreading.com)
Ragnar Locker continues trend of ransomware targeting energy sector | CSO Online
BlackCat ransomware claims attack on Italian energy agency (bleepingcomputer.com)
Italian Oil Major Becomes Victim Of Ransomware Attack | OilPrice.com
Damart clothing store hit by Hive ransomware, $2 million demanded (bleepingcomputer.com)
Gloucester Council planning site still disrupted from cyber attack - BBC News
BEC – Business Email Compromise
Malware
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users | McAfee Blog
A study on malicious plugins in WordPress Marketplaces - Security Affairs
BumbleBee a New Modular Backdoor Evolved From BookWorm (trendmicro.com)
Malicious Chrome Extensions Plague 1.4M Users (darkreading.com)
Mobile
Mobile banking apps put 300,000 digital fingerprints at risk • The Register
Researcher unveils smart lock hack for fingerprint theft (techtarget.com)
Internet of Things – IoT
Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams (darkreading.com)
Singapore clocks higher ransomware attacks, warns of IoT risks | ZDNET
ieGeek Vulnerabilities still prevalent in 2022 - Amazon Ft. IG20 (realinfosec.net)
Data Breaches/Leaks
Okta Says Customer Data Compromised in Twilio Hack | SecurityWeek.Com
Neopets says hackers had access to its systems for 18 months (bleepingcomputer.com)
Akasa Air Suffers Data Leak on First Day of Operation- IT Security Guru
Samsung says hackers obtained some customer data in newly disclosed breach | Engadget
Millions of student loan accounts exposed in data breach | TechRadar
Russian streaming platform confirms data breach affecting 7.5M users (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FBI: Crooks stole $1b+ in cryptocurrency already this year • The Register
Ukraine takes down cyber crime group hitting crypto fraud victims (bleepingcomputer.com)
FBI: Crooks are using these DeFi flaws to steal your money | ZDNET
Windows malware delays coinminer install by a month to evade detection (bleepingcomputer.com)
Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack (darkreading.com)
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Insurance
Cyber insurance has been around for 25 years. It’s still a bit of a mess. (slate.com)
Travelers, Policyholder Agree to Void Current Cyber Policy (insurancejournal.com)
Cyber Frauds Skyrocket: Can Cyber Insurance Protect You in Real World? Experts Explain (news18.com)
Google Cloud, Microsoft and AWS dive into cyber insurance - Protocol
Cyber Insurance Price Hike Hits Local Governments Hard (insurancejournal.com)
Insurers must rethink handling of cyber attacks on states | Financial Times (ft.com)
Cyber insurance on rise as attacks surge | Mint (livemint.com)
Dark Web
German man charged for trying to hire fake contract killer on darkweb | Euronews
NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor (darkreading.com)
Supply Chain and Third Parties
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
1 in 3 organisations don't know if their public cloud data was exfiltrated - Help Net Security
Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation (darkreading.com)
Encryption
CISA: Prepare now for quantum computers, not when hackers use them (bleepingcomputer.com)
Homomorphic encryption: a holy grail for privacy, explained (fastcompany.com)
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass source code breach – do we still recommend password managers? – Naked Security (sophos.com)
Social Media
Social media is ruining our lives and the public are finally waking up (telegraph.co.uk)
Thousands lured with blue badges in Instagram phishing attack (bleepingcomputer.com)
Training, Education and Awareness
Privacy
Trident Royal Navy staff reveal sensitive data on fitness app | News | The Times
Cops wanted to keep mass surveillance app secret; privacy advocates refused | Ars Technica
US telcos admit to storing, handing over location data • The Register
Facebook moves to settle Cambridge Analytica lawsuit | TechCrunch
Homomorphic encryption: a holy grail for privacy, explained (fastcompany.com)
Nobody’s special to the WFH software spies | Comment | The Times
Travel
Parental Controls and Child Safety
Scammers Targeting Thousands Of Children As Young As Six, Figures Show (informationsecuritybuzz.com)
Over a Third of Parents Do Not Know What Online Accounts Their Children Use - IT Security Guru
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Why Russia's cyber war in Ukraine hasn't played out as predicted (newatlas.com)
Ukraine's army of hackers failed to thwart Russia and quickly gave up | New Scientist
Moscow gridlock as hackers send dozens of taxis to Hotel Ukraine (telegraph.co.uk)
Finland To Offer Businesses Cybersec Vouchers In Wake Of Nato-related (informationsecuritybuzz.com)
China-linked APT40 used ScanBox Framework in a long-running espionage campaign - Security Affairs
Montenegro says Russian cyber attacks threaten key state functions (bleepingcomputer.com)
Google says it cut off Russian disinformation sites from its vast ad display network - CyberScoop
Ex-spies banned from arms exports for UAE hack-for-hire work • The Register
Nation State Actors
Nation State Actors – Russia
FBI deploys cyber team to Montenegro following massive cyber attack | The Hill
Montenegro Sent Back to Analog by Unprecedented Cyber Attacks | Balkan Insight
Nation State Actors – China
Chinese Hackers Target Energy Firms in South China Sea | SecurityWeek.Com
China-linked APT40 targets wind turbines, Aust. government • The Register
Nation State Actors – Misc
Vulnerabilities
Apple Quietly Releases Another Patch for Zero-Day RCE Bug (darkreading.com)
Google Chrome emergency update fixes new zero-day used in attacks (bleepingcomputer.com)
URGENT! Apple slips out zero-day update for older iPhones and iPads – Naked Security (sophos.com)
WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites | SecurityWeek.Com
Critical hole in Atlassian Bitbucket needs patching now • The Register
Reports Published in the Last Week
Other News
Former Cyber criminal: These Are the Biggest Threats on the Internet (businessinsider.com)
Stuxnet explained: The first known cyber weapon | CSO Online
Infra Used in Cisco Hack Also Targeted Workforce Management Solution (thehackernews.com)
Okta Impersonation Technique Could be Utilized by Attackers | SecurityWeek.Com
Remote Work Cyber Security: 12 Risks and How to Prevent Them (techtarget.com)
Does your cyber crime prevention program work? - Help Net Security
Does Blockchain really offer Better Digital Security? - IT Security Guru
IT and Employees Don’t Always See Eye to Eye on Cyber Security - IT Security Guru
New Cyber Security Regulations Are Coming. Here’s How to Prepare. (hbr.org)
Cyber security budget breakdown and best practices (techtarget.com)
How Just-in-Time privilege elevation prevents data breaches and lateral movement - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 June 2022
Black Arrow Cyber Threat Briefing 24 June 2022:
-The NCSC Sets Out the UK’s Cyber Threat Landscape
-We're Now Truly in The Era of Ransomware as Pure Extortion Without the Encryption
-5 Social Engineering Assumptions That Are Wrong
-Gartner: Regulation, Human Costs Will Create Stormy Cyber Security Weather Ahead
-Ransomware Attacks - This Is the Data That Cyber Criminals Really Want to Steal
-Cloud Email Threats Soar 101% in a Year
-80% of Firms Suffered Identity-Related Breaches in Last 12 Months
-After Being Breached Once, Many Companies Are Likely to Be Hit Again
-Do You Have Ransomware Insurance? Look at the Fine Print
-The Price of Stolen Info: Everything on Sale On The Dark Web
-How Companies Are Prioritizing Infosec and Compliance
-Businesses Risk ‘Catastrophic Financial Loss’ from Cyber Attacks, US Watchdog Warns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
The NCSC Sets Out the UK’s Cyber Threat Landscape
The current state of the UK’s cyber threat landscape was outlined by the National Cyber Security Centre (NCSC), during a keynote address on the final day of Infosecurity Europe 2022.
They described the cyber threats posed by nation-states, particularly Russia and China. Russia remains “one of the world’s most prolific cyber actors and dedicates significant resources to conducting cyber operations across the globe.” The NCSC and international partner organisations have attributed a number of high-profile attacks related to the conflict to Russian state actors, including the Viasat incident on the eve of the invasion of Ukraine on February 24. Therefore, the NCSC recommends that organisations prepare for a dynamic situation that is liable to change rapidly.
The NCSC emphasised that a more significant long-term threat comes from China, citing GCHQ director Jeremy Fleming’s assertion that “Russia is affecting the weather, but China is shaping the climate.” She described the nation’s “highly sophisticated” activities in cyberspace, born out of its “increasing ambitions to project its influence beyond its borders.” This includes a keen interest in the UK’s commercial secrets.
In addition to nation-state attacks, the NCSC noted that cyber crime is continuing to rise, with ransomware a continuing concern. Attacks are expected to grow in scale, with threat actors likely to increasingly target managed service providers (MSPs) to gain access to a wider range of targets. More generally, cyber capabilities will become more commoditised over the next few years, meaning they are increasingly available to a larger group of would-be attackers who are willing to pay.
https://www.infosecurity-magazine.com/news/ncsc-uk-cyber-threat-landscape/
We're Now Truly in The Era of Ransomware as Pure Extortion Without the Encryption
Increasingly cyber crime rings tracked as ransomware operators are turning toward primarily data theft and extortion – and skipping the encryption step altogether. Rather than scramble files and demand payment for the decryption keys, and all the faff in between in facilitating that, simply exfiltrating the data and demanding a fee to not leak it all is just as effective. This shift has been ongoing for many months, and is now virtually unavoidable.
The FBI and CISA this month warned about a lesser-known extortion gang called Karakurt, which demands ransoms as high as $13 million. Karakurt doesn't target any specific sectors or industries, and the gang's victims haven't had any of their documents encrypted and held to ransom. Instead, the crooks claim to have stolen data, with screenshots or copies of exfiltrated files as proof, and they threaten to sell it or leak it publicly if they don't receive a payment.
Some of these thieves offer discounted ransoms to corporations to encourage them to pay sooner, with the demanded payment getting larger the longer it takes to cough up the cash (or Bitcoin, as the case may be).
Additionally, some crime groups offer sliding-scale payment systems. So you pay for what you get, and depending on the amount of ransom paid you get a control panel, you get customer support, you get all of the tools you need."
https://www.theregister.com/2022/06/25/ransomware_gangs_extortion_feature/
5 Social Engineering Assumptions That Are Wrong
Social engineering is involved in the vast majority of cyber attacks, but a new report from Proofpoint has revealed five common social engineering assumptions that are not only wrong but are repeatedly subverted by malicious actors in their attacks.
Threat actors don’t have conversations with targets.
Legitimate services are safe from social engineering abuse.
Attackers only use computers, not telephones.
Replying to existing email conversations is safe.
Fraudsters only use business-related content as lures.
Commenting on the report’s findings, Sherrod DeGrippo, Proofpoint’s Vice-President Threat Research and Detection, stated that the vendor has attempted to debunk faulty assumptions made by organisations and security teams so they can better protect employees against cyber crime. “Despite defenders’ best efforts, cyber criminals continue to defraud, extort and ransom companies for billions of dollars annually. Security-focused decision makers have prioritised bolstering defences around physical and cloud-based infrastructure, which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviours and interests.”
Indeed, cyber criminals will go to creative and occasionally unusual lengths to carry out social engineering campaigns, making it more difficult for users to avoid falling victim to them.
Gartner: Regulation, Human Costs Will Create Stormy Cyber Security Weather Ahead
Security teams should prepare for what researchers say will be a challenging environment through 2023, with increased pressure from government regulators, partners, and threat actors.
Gartner kicked off its Security & Risk Management Summit with the release of its analysts' assessments of the work ahead, which Richard Addiscott, the company's senior director analyst, discussed during his opening keynote address.
“We can’t fall into old habits and try to treat everything the same as we did in the past,” Addiscott said. “Most security and risk leaders now recognise that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program, and our architecture.”
Topping Gartner's list of eight predictions is a rise in the government regulation of consumer privacy rights and ransomware response, a widespread shift by enterprises to unify security platforms, more zero trust, and, troublingly, the prediction that by 2025 threat actors will likely have figured out how to "weaponise operational technology environments successfully to cause human casualties”, the cyber security report said.
Ransomware Attacks - This Is the Data That Cyber Criminals Really Want to Steal
There are certain types of data that criminals target the most, according to an analysis of attacks.
Data theft and extortion has become a common – and unfortunately effective – part of ransomware attacks, where in addition to encrypting data and demanding a ransom payment for the decryption key, gangs steal information and threaten to publish it if a payment isn't received.
These so-called double extortion attacks have become an effective tool in the arsenal of ransomware gangs, who leverage them to force victims to pay up, even in cases where data could be restored from offline backups, because the threat of sensitive information being published is too great.
Any stolen data is potentially useful to ransomware gangs, but according to analysis by researchers at cyber security company Rapid7, of 161 disclosed ransomware incidents where data was published, some data is seen as more valuable than others.
According to the report, financial services is the sector that is most likely to have customer data exposed, with 82% of incidents involving ransomware gangs accessing and making threats to release this data. Stealing and publishing sensitive customer information would undermine consumer trust in financial services organisations: while being hacked in the first place would be damaging enough, some business leaders might view paying a ransom to avoid further damage caused by data leaks to be worth it.
The second most-leaked type of file in ransomware attacks against financial services firms, featuring in 59% of disclosures from victims, is employee personally identifiable information (PII) and data related to human resources.
Cloud Email Threats Soar 101% in a Year
The number of email-borne cyber-threats blocked by Trend Micro surged by triple digits last year, highlighting the continued risk from conventional attack vectors.
The vendor stopped over 33.6 million such threats reaching customers via cloud-based email in 2021, a 101% increase. This included 16.5 million phishing emails, a 138% year-on-year increase, of which 6.5 million were credential phishing attempts.
Trend Micro also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware.
The news comes as Proofpoint warned in a new report of the continued dangers posed by social engineering, and the mistaken assumptions many users make.
Many users don’t realise that threat actors may spend considerable time and effort building a rapport over email with their victims, especially if they’re trying to conduct a business email compromise (BEC) attack, it said.
https://www.infosecurity-magazine.com/news/cloud-email-threats-soar-101-in-a/
80% of Firms Suffered Identity-Related Breaches in Last 12 Months
Rapidly growing employee identities, third-party partners, and machine nodes have companies scrambling to secure credential information, software secrets, and cloud identities, according to researchers.
In a survey of IT and identity professionals from Dimensional Research, almost every organisation — 98% — experienced rapid growth in the number of identities that have to be managed, with that growth driven by expanding cloud usage, more third-party partners, and machine identities. Furthermore, businesses are also seeing an increase in breaches because of this, with 84% of firms suffering an identity-related breach in the past 12 months, compared with 79% in a previous study covering two years.
The number and complexity of identities organisations are having to manage and secure is increasing. Whenever there is an increase in identities, there is a corresponding heightened risk of identity-related breaches due to them not being properly managed and secured, and with the attack surfaces also growing exponentially, these breaches can occur on multiple fronts.
For the most part, organisations focus on employee identities, which 70% consider to be the most likely to be breached and 58% believe to have the greatest impact, according to the 2022 "Trends in Securing Digital Identities" report based on the survey. Yet third-party partners and business customers are significant sources of risk as well, with 35% and 25% of respondents considering those to be a major source of breaches, respectively.
https://www.darkreading.com/operations/identity-related-breaches-last-12-months
After Being Breached Once, Many Companies Are Likely to Be Hit Again
Cymulate announced the results of a survey, revealing that two-thirds of companies who have been hit by cyber crime in the past year have been hit more than once, with almost 10% experiencing 10 or so more attacks a year.
Research taken from 858 security professionals surveyed across North America, EMEA, APAC and LATAM across a wide range of industries including technology, banking, finance and government, also highlighted larger companies hit by cyber crime are experiencing shorter disruption time and damage to business with 40% reported low damage compared with medium-size businesses (less than 2,500 employees) which had longer recovery times and more business affecting damage.
Other highlights
40% of respondents admitted to being breached over the past 12 months.
After being breached once, statistics showed they were more likely to be hit again than not (66%).
Malware (55%), and more specifically ransomware (40%) and DDoS (32%) were the main forms of cyber attacks experienced by those surveyed.
Attacks primarily occurred via end-user phishing (56%), via third parties connected to the enterprise (37%) or direct attacks on enterprise networks (34%).
22% of companies publicly disclosed cyber attacks in the worst-case breaches, with 35% needing to hire security consultants, 12% dismissing their current security professionals and 12% hiring public relations consultants to deal with the repercussions to their reputations. Top three best practices for cyber attack prevention, mitigation and remediation include multi-factor authentication (67%), proactive corporate phishing and awareness campaigns (53%), and well-planned and practiced incident response plans (44%). Least privilege also ranked highly, at 43%.
29% of attacks come from insider threats – intentionally or unintentionally.
Leadership and cyber security teams who meet regularly to discuss risk reduction are more cyber security-ready – those who met 15 times a year incurred zero breaches whereas those who suffered six or more breaches met under nine times on average.
https://www.helpnetsecurity.com/2022/06/21/companies-hit-by-cybercrime/
Do You Have Ransomware Insurance? Look at the Fine Print
Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance.
In recent years, ransomware insurance has grown as a product field because organisations are trying to buy protection against the catastrophic effects of a successful ransomware attack. Why try to buy insurance? Well, a single, successful attack can just about wipe out a large organisation, or lead to crippling costs – NotPetya alone led to a total of $10bn in damages.
Ransomware attacks are notoriously difficult to protect against completely. Like any other potentially catastrophic event, insurers stepped in to offer an insurance product. In exchange for a premium, insurers promise to cover many of the damages resulting from a ransomware attack.
Depending on the policy, a ransomware policy could cover loss of income if the attack disrupts operations, or loss of valuable data, if data is erased due to the ransomware event. A policy may also cover you for extortion – in others, it will refund the ransom demanded by the criminal.
The exact payout and terms will of course be defined in the policy document, also called the "fine print." Critically, fine print also contains exclusions, in other words circumstances under which the policy won't pay out. And therein lies the problem.
https://thehackernews.com/2022/06/do-you-have-ransomware-insurance-look.html
The Price of Stolen Info: Everything on Sale on The Dark Web
What is the price for personal information, including credit cards and bank accounts, on the dark web?
Privacy Affairs researchers concluded that criminals using the dark web need only spend $1,115 for a complete set of a person’s account details, enabling them to create fake IDs and forge private documents, such as passports and driver’s licenses.
Access to other information is becoming even cheaper. The Dark Web Price Index 2022 – based on data scanning dark web marketplaces, forums, and websites, revealed:
Credit card details and associated information cost between $17-$120
Online banking login information costs $45
Hacked Facebook accounts cost $45
Cloned VISA with PIN cost $20
Stolen PayPal account details, with minimum $1000 balances, cost $20.
In December 2021, about 4.5 million credit cards went up for sale on the dark web, the study found. The average price ranged from $1-$20.
Scammers can buy full credit card details, including CVV number, card number, associated dates, and even the email, physical address and phone number. This enables them to penetrate the credit card processing chain, overriding any security countermeasures.
https://www.helpnetsecurity.com/2022/06/22/stolen-info-sale-dark-web/
How Companies Are Prioritising Infosec and Compliance
New research conducted by Enterprise Management Associates (EMA), examines the impact of the compliance budget on security strategy and priorities. It describes areas for which companies prioritise information security and compliance, which leaders control information security spending, how compliance has shifted the overall security strategy of the organisation, and the solutions and tools on which organisations are focusing their technology spending.
The findings cover three critical areas of an organisation’s security and compliance posture: information security and IT audit and compliance, data security and data privacy, and security and compliance spending.
One key takeaway is that merging security and compliance priorities addresses regulatory control gaps while improving the organisation’s security posture. Respondents revealed insights on how they handle compliance, who is responsible for compliance and security responsibilities, and what compliance-related security challenges organisations face.
Additional findings:
Companies found the need to shift their information security strategy to address compliance priorities (93%).
Information security and IT compliance priorities are generally aligned (89%).
Existing security tools have to address data privacy considerations going forward (76%).
Managing an organisation’s multiple IT environments and the controls that govern those environments is the greatest challenge in the IT audit and compliance space (39%).
https://www.helpnetsecurity.com/2022/06/24/companies-infosec-compliance-priorities/
Businesses Risk ‘Catastrophic Financial Loss’ from Cyber Attacks, US Watchdog Warns
A US Government watchdog has warned that private insurance companies are increasingly backing out of covering damages from major cyber attacks — leaving businesses facing “catastrophic financial loss” unless another insurance model can be found.
The growing challenge of covering cyber risk is outlined in a new report from the Government Accountability Office (GAO), which calls for a government assessment of whether a federal cyber insurance option is needed.
The report draws on threat assessments from the National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Justice, to quantify the risk of cyber attacks on critical infrastructure, identifying vulnerable technologies that might be attacked and a range of threat actors capable of exploiting them.
Citing an annual threat assessment released by the ODNI, the report finds that hacking groups linked to Russia, China, Iran, and North Korea pose the greatest threat to US infrastructure — along with certain non-state actors like organised cyber criminal gangs.
Given the wide and increasingly skilled range of actors willing to target US entities, the number of cyber incidents is rising at an alarming rate.
Threats
Ransomware
Attackers exploited a Mitel VOIP zero-day to compromise a network Security Affairs
Chinese hackers use ransomware as decoy for cyber espionage (bleepingcomputer.com)
If you don't store valuable data, ransomware is impotent • The Register
Ransomware-as-a-Service: Learn to Enhance Cyber security Approaches (analyticsinsight.net)
Mitigate Ransomware in a Remote-First World (thehackernews.com)
Delivery Firm Yodel Scrambling to Restore Operations Following Cyber attack | SecurityWeek.Com
Black Basta Ransomware Becomes Major Threat in Two Months | SecurityWeek.Com
These hackers are spreading ransomware as a distraction - to hide their cyber spying | ZDNet
Conti ransomware hacking spree breaches over 40 orgs in a month (bleepingcomputer.com)
Conti effectively created an extortion-oriented IT company, says Group-IB - Help Net Security
Conti ransomware finally shuts down data leak, negotiation sites (bleepingcomputer.com)
Conti ransomware group's pulse stops, but did it fake its own death? | Malwarebytes Labs
Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks (darkreading.com)
Cyber attack: Gloucester council services still not back to normal - BBC News
Phishing & Email Based Attacks
Your email is a major source of security risks and it's getting worse | ZDNet
New Phishing Attack Infects Devices with Cobalt Strike- IT Security Guru
Voicemail phishing emails steal Microsoft credentials • The Register
The Risk of Multichannel Phishing Is on the Horizon (darkreading.com)
Cops arrests nine suspected of stealing millions via email • The Register
Cyber criminals Use Azure Front Door in Phishing Attacks - Security Affairs
Microsoft Exchange servers hacked by new ToddyCat APT gang (bleepingcomputer.com)
Cyber attackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign (darkreading.com)
Other Social Engineering
Proofpoint: Social engineering attacks slipping past users (techtarget.com)
Inside a large-scale phishing campaign targeting millions of Facebook users - Help Net Security
Malware
RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer (thehackernews.com)
Organisations Battling Phishing Malware, Viruses the Most (darkreading.com)
This Linux botnet has found a novel way of spreading to new devices | ZDNet
New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts (thehackernews.com)
NSA warns against silly mistake in the fight against Windows malware | TechRadar
Mobile
This Android malware is so dangerous, even Google is worried | TechRadar
Google is notifying Android users targeted by Hermit government-grade spyware | TechCrunch
This phone-wiping Android banking trojan is getting nastier | ZDNet
BRATA Android Malware Group Now Classified As Advanced Persistent Threat - Infosecurity Magazine
Spurred by Roe overturn, senators seek FTC probe of iOS and Android tracking | Ars Technica
Internet of Things – IoT
Data Breaches/Leaks
US Bank Data Breach Impacts Over 1.5 Million Customers - Infosecurity Magazine
CafePress fined $500,000 for breach affecting 23 million users (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers steal $100 million from California cryptocurrency firm - CNN
DARPA study finds blockchain not as decentralised as assumed • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Supply Chain and Third Parties
Cloud/SaaS
Microsoft 365 Users in US Face Raging Spate of Attacks (darkreading.com)
Getting a Better Handle on Identity Management in the Cloud (darkreading.com)
Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service (thehackernews.com)
Identity and Access Management
Risky behaviour reduced when executives put focus on identity security - Help Net Security
Access management issues may create security holes (techtarget.com)
IAM Research: Inadequate Programs Leave Organisations Open to Cyber Attacks - MSSP Alert
Why 84% Of US Firms Hit With Identity-Related Breaches In 2021 – Information Security Buzz
Open Source
Open-source software risks persist, according to new reports | CSO Online
Less Than Half of Organisations Have Open Source Security Policy - Infosecurity Magazine
Blind trust in open source security is hurting us: Report | ZDNet
Training, Education and Awareness
Privacy
Privacy-focused Brave Search grew by 5,000% in a year (bleepingcomputer.com)
Supreme Court's Roe v. Wade reversal sparks calls for strengthening privacy - CyberScoop
Regulations, Fines and Legislation
Do Privacy and Data Protection Regulations Create as Many Problems as They Solve? | SecurityWeek.Com
Law Enforcement Action and Take Downs
Phishing gang behind millions in losses dismantled by police (bleepingcomputer.com)
Euro Police Target Crime Groups Grooming Ukrainian Refugees Online - Infosecurity Magazine
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies | SecurityWeek.Com
Italian spyware firm is hacking into iOS and Android devices, Google says | Computerworld
NSO claims 'more than 5' EU states used its Pegasus spyware • The Register
#InfosecurityEurope2022: Geopolitical Tensions a “Danger” to Cyber security - Infosecurity Magazine
Examples of Cyber Warfare #TrendTalksBizSec (trendmicro.com)
Ukraine deploys a DDoS protection service to survive the cyberwar | VentureBeat
Lithuania warns of rise in DDoS attacks against government sites (bleepingcomputer.com)
Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign (darkreading.com)
Ukrainian cyber security officials disclose two new hacking campaigns - IT Security Guru
Scalper bots out of control in Israel, selling state appointments (bleepingcomputer.com)
Research questions potentially dangerous implications of Ukraine's IT Army - CyberScoop
Lithuania under cyber-attack after ban on Russian railway goodsSecurity Affairs
Nation State Actors
Nation State Actors – Russia
Russia Steps Up Cyber-Espionage Against Ukraine Allies - Infosecurity Magazine
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug | Threatpost
Russian APT28 hacker accused of the NATO think tank hack in Germany - Security Affairs
Russia fines Google for spreading ‘unreliable’ info defaming its army (bleepingcomputer.com)
Nation State Actors – China
Chinese APT 'Bronze Starlight' Uses Ransomware to Disguise Cyberespionage | SecurityWeek.Com
Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor - Security Affairs
Chinese hackers target script kiddies with info-stealer trojan (bleepingcomputer.com)
Nation State Actors – Iran
Nation State Actors – Misc APT
Vulnerability Management
Vulnerabilities
Cisco warns of security holes in its security appliances • The Register
Google Patches 14 Vulnerabilities With Release of Chrome 103 | SecurityWeek.Com
Cisco will not address critical RCE in end-of-life Small Business RV routers - Security Affairs
Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild - Security Affairs
Oracle spent 6 months to fix 'Mega' flaws in the Fusion Middleware - Security Affairs
Researchers criticize Oracle's vulnerability disclosure process (techtarget.com)
Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks (thehackernews.com)
Sector Specific
Financial Services Sector
Flagstar Bank discloses data breach impacting 1.5 million customers (bleepingcomputer.com)
7 Cyber security Best Practices for Financial Services Firms - MSSP Alert
Why Financial Institutions Must Double Down on Open Source Investments (darkreading.com)
SMBs – Small and Medium Businesses
How tool sprawl is becoming a common issue for SMEs - Help Net Security
Middle market companies under attack: Threats coming from all directions - Help Net Security
#InfosecurityEurope2022: How Should SMEs Defend Against Cyber-Risks? - Infosecurity Magazine
Legal
Health/Medical/Pharma Sector
Retail/eCommerce
Magecart attacks are still around. And they are becoming more stealthy | ZDNet
Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign- IT Security Guru
Manufacturing
CNI, OT, ICS, IIoT and SCADA
Reports Published in the Last Week
Other News
Threat Intelligence Services Are Universally Valued by IT Staff (darkreading.com)
Security pros increasingly plan to adopt MDR services in the next 12 months - Help Net Security
Board members and the C-suite need secure communication tools - Help Net Security
Adobe Acrobat may block antivirus tools from monitoring PDF files (bleepingcomputer.com)
7 Ways to Avoid Worst-Case Cyber Scenarios (darkreading.com)
3 threats dirty data poses to the enterprise (techtarget.com)
Data recovery depends on how good your backup strategy is - Help Net Security
Unsecured APIs Could Be Costing Firms $75bn Per Year - Infosecurity Magazine
The Rise, Fall, and Rebirth of the Presumption of Compromise (darkreading.com)
#InfosecurityEurope2022: Are You Prepared For The Next Big Crisis? - Infosecurity Magazine
Ongoing PowerShell security threats prompt a call to action (techtarget.com)
Despite known security issues, VPN usage continues to thrive - Help Net Security
Space-based assets aren’t immune to cyber attacks | CSO Online
Cyber security expert on how $13K of fuel was stolen from station (wtvr.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.